Jump to content

Welcome to AppCake Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Photo
Release

Rasticrac & RemoteRasticrac v3.3.6 (+ v3.3.8 alpha) for iOS 10 and below

Rasticrac Rastignac RemoteRasticra

  • You cannot start a new topic
  • Please log in to reply
929 replies to this topic

#101
iRastignac

iRastignac

    iRastignac

  • Developers
  • 201 posts
    • Time Online: 14d 10h 15m 33s
  • Twitter:https://twitter.com/iRastignac
  • iDevices Owned:iPod Touch 4, iPhone 3GS, iPhone 4S, iHave a PC

iRastignac prompt to me - as I can add Russian language?
It is enough to translate this part (...) or still something?

Yes, that's the main part to translate. There are a few points to watch (translated strings shouldn't be "too longer" than english ones; special/exotic characters need a special work (escape codes); etc).
I think I need to rework all the texts first (many texts in the script are now not in this strings' list and so are not translated) (some of these strings may not even used anymore in the script) (I must really rework that somedays).
Thanks.
  • MONGOLO likes this

#102
iRastignac

iRastignac

    iRastignac

  • Developers
  • 201 posts
    • Time Online: 14d 10h 15m 33s
  • Twitter:https://twitter.com/iRastignac
  • iDevices Owned:iPod Touch 4, iPhone 3GS, iPhone 4S, iHave a PC
Yeah, slow slow weeks. Time flies. Real life sucks all energy.

Still no real 64bits hardware for real tests. I may have some workarounds to try, though.
I have to clean code (better texts/translations support) too.
No rendez-vous for v316 yet.
Thanks.
  • hotsjf, kOtyara, MONGOLO and 1 other like this

#103
iRastignac

iRastignac

    iRastignac

  • Developers
  • 201 posts
    • Time Online: 14d 10h 15m 33s
  • Twitter:https://twitter.com/iRastignac
  • iDevices Owned:iPod Touch 4, iPhone 3GS, iPhone 4S, iHave a PC
Some people asked me: "why do you put and hide these 'mp' and 'Executor' viruses inside IPAs done with Rasticrac?".
Answer: that's not from Rasticrac; I really don't know what they are. Sorry, I can't help.

PS: ask "Yi Wang" and "Wang Xin" about these 'viruses'...

Edited by iRastignac, 09 June 2014 - 01:45 AM.

  • MONGOLO likes this

#104
hotsjf

hotsjf

    7 years in scene

  • Admin
  • 7,697 posts
    • Time Online: 195d 1h 30m 49s
  • Twitter:@iphonecake_com
  • LocationUSA
  • iDevices Owned:iPod Classic, iPod Touch 4, iPhone 3GS, iPhone 4, iPhone 5S, iPhone 6+, iPad 1, iPad 3, iPad 4, iPad Air 2, Apple Watch, MacBook Air, MacBook Pro, iMac
  • Most used iOS:iOS 6, iOS 7, iOS 8

Some people asked me: "why do you put and hide these 'mp' and 'Executor' viruses inside IPAs done with Rasticrac?".
Answer: that's not from Rasticrac; I really don't know what they are. Sorry, I can't help.

PS: ask "Yi Wang" and "Wang Xin" about these 'viruses'...

 

there are new virus?



#105
cakes

cakes

    Caker

  • IC Trusted User
  • 84 posts
    • Time Online: 1d 7h 28m 4s
  • iDevices Owned:iPhone 4, iPhone 4S, iPhone 5, iPad Mini with Retina, iHave a PC
  • Donations:US iTunes Codes :)

Some people asked me: "why do you put and hide these 'mp' and 'Executor' viruses inside IPAs done with Rasticrac?".
Answer: that's not from Rasticrac; I really don't know what they are. Sorry, I can't help.

PS: ask "Yi Wang" and "Wang Xin" about these 'viruses'...

 

which app for example ??



#106
iRastignac

iRastignac

    iRastignac

  • Developers
  • 201 posts
    • Time Online: 14d 10h 15m 33s
  • Twitter:https://twitter.com/iRastignac
  • iDevices Owned:iPod Touch 4, iPhone 3GS, iPhone 4S, iHave a PC
I've been told these ones:
- "Lost Light [Disney] (v1.0.3)" cracked by Locophone-ICPDA.
- "Star Trek Trexels [YesGnome LLC] (v1.3.2)" cracked by teiron_25pp.com.
- Many others. (I'll look for them). Some are Rasticracked, some are Clutched. All tools are targeted.
- EDIT: also "Quest of Dungeons [David Amador] (v1.0.0)" (unknown cracker).

The 'strange' points are:
- There are two executables added in the IPA: 'mp' and 'Executor'.
- The real 'Info.plist' is renamed as 'Info'.
- The hacked 'Info.plist' points to 'Executor' as the main IPA executable.

I don't know at all what that thing is. Perhaps it's not dangerous (a 'cheat/hack' for the game?). Perhaps it's a password stealing beast (or worst?). Google didn't help.

Thanks.

Edited by iRastignac, 09 June 2014 - 09:52 AM.

  • MONGOLO and Animoacido like this

#107
hotsjf

hotsjf

    7 years in scene

  • Admin
  • 7,697 posts
    • Time Online: 195d 1h 30m 49s
  • Twitter:@iphonecake_com
  • LocationUSA
  • iDevices Owned:iPod Classic, iPod Touch 4, iPhone 3GS, iPhone 4, iPhone 5S, iPhone 6+, iPad 1, iPad 3, iPad 4, iPad Air 2, Apple Watch, MacBook Air, MacBook Pro, iMac
  • Most used iOS:iOS 6, iOS 7, iOS 8

I've been told these ones:
- "Lost Light [Disney] (v1.0.3)" cracked by Locophone-ICPDA.
- "Star Trek Trexels [YesGnome LLC] (v1.3.2)" cracked by teiron_25pp.com.
- Many others. (I'll look for them). Some are Rasticracked, some are Clutched. All tools are targeted.
- EDIT: also "Quest of Dungeons [David Amador] (v1.0.0)" (unknown cracker).

The 'strange' points are:
- There are two executables added in the IPA: 'mp' and 'Executor'.
- The real 'Info.plist' is renamed as 'Info'.
- The hacked 'Info.plist' points to 'Executor' as the main IPA executable.

I don't know at all what that thing is. Perhaps it's not dangerous (a 'cheat/hack' for the game?). Perhaps it's a password stealing beast (or worst?). Google didn't help.

Thanks.

 

I downloaded two of those you listed from IC, none of them contains the files you named: mp or Executor

 

maybe those infected IPAs are modified and posted again?


  • Locophone likes this

#108
SinfulWidow

SinfulWidow

    OLD Bitch

  • Banned
  • 62,952 posts
  • iDevices Owned:iPhone 5S, iPhone 6, iPad Air, iHave a PC

I downloaded two of those you listed from IC, none of them contains the files you named: mp or Executor

 

maybe those infected IPAs are modified and posted again?

I could not fiund anything as well.

 

Up to know only found 2 apps that Rasticrac cant crack but Clutch could not as well



#109
NinjaLikesCheez

NinjaLikesCheez

    Caker

  • Developers
  • 89 posts
    • Time Online: 1d 6h 19m 5s
  • Twitter:NinjaLikesCheez
  • Location/usr/bin/Clutch

Post these binaries?


  • MONGOLO likes this

#110
yumitsu

yumitsu

    Pro Caker

  • IC Trusted User
  • 146 posts
    • Time Online: 1d 20h 27m 58s
  • iDevices Owned:iPhone 5, MacBook Pro

Post these binaries?

+
Post 'em
  • MONGOLO likes this

#111
iRastignac

iRastignac

    iRastignac

  • Developers
  • 201 posts
    • Time Online: 14d 10h 15m 33s
  • Twitter:https://twitter.com/iRastignac
  • iDevices Owned:iPod Touch 4, iPhone 3GS, iPhone 4S, iHave a PC

Some people asked me: "why do you put and hide these 'mp' and 'Executor' viruses inside IPAs done with Rasticrac?".
Answer: that's not from Rasticrac; I really don't know what they are. Sorry, I can't help.
PS: ask "Yi Wang" and "Wang Xin" about these 'viruses'...

Here are two samples of the "perhaps-viruses-or-not". Please, dont't play with them; they seem dangerous. Don't spread them. If you can analyze them, do. If you can't, avoid them.
They seem to be "added after" (ie: created IPA was clean, and then someone added these strange files into the clean IPA on purpose, then uploaded the modified IPA).

Attached Files


Edited by iRastignac, 14 June 2014 - 10:29 AM.

  • MONGOLO and yumitsu like this

#112
T0XicGreif3r

T0XicGreif3r

    Banned

  • Banned
  • 558 posts
  • iDevices Owned:iPod Touch 4, iPhone 3GS, iPhone 5S, MacBook Pro, iHave a PC
If it's only on Rasticrac, it may be someone has found some SSH vuln, kind of like Heartbleed. Then, they may have figured out if cracked apps were especially vulnerable and inserted the viruses. That was off the top of my head, so if it sounds dumb, don't judge me lol. I will analyze the files to seek any bike vulns.

#113
iRastignac

iRastignac

    iRastignac

  • Developers
  • 201 posts
    • Time Online: 14d 10h 15m 33s
  • Twitter:https://twitter.com/iRastignac
  • iDevices Owned:iPod Touch 4, iPhone 3GS, iPhone 4S, iHave a PC

If it's only on Rasticrac

One guy found a clutched IPA with these viruses too. It's not Rasticrac only.
Bad guys download IPAs, put viruses in them, and then upload them on the Net.
Every app can be a target.
  • MONGOLO likes this

#114
hotsjf

hotsjf

    7 years in scene

  • Admin
  • 7,697 posts
    • Time Online: 195d 1h 30m 49s
  • Twitter:@iphonecake_com
  • LocationUSA
  • iDevices Owned:iPod Classic, iPod Touch 4, iPhone 3GS, iPhone 4, iPhone 5S, iPhone 6+, iPad 1, iPad 3, iPad 4, iPad Air 2, Apple Watch, MacBook Air, MacBook Pro, iMac
  • Most used iOS:iOS 6, iOS 7, iOS 8

if anyone find such apps uploaded to IC, please let me know.

 

this is really harm to the iOS jailbreak scene


  • MONGOLO likes this

#115
yumitsu

yumitsu

    Pro Caker

  • IC Trusted User
  • 146 posts
    • Time Online: 1d 20h 27m 58s
  • iDevices Owned:iPhone 5, MacBook Pro

Here are two samples of the "perhaps-viruses-or-not". Please, dont't play with them; they seem dangerous. Don't spread them. If you can analyze them, do. If you can't, avoid them.
They seem to be "added after" (ie: created IPA was clean, and then someone added these strange files into the clean IPA on purpose, then uploaded the modified IPA).

 

Thanks, I will check this "viruses" soon.



#116
T0XicGreif3r

T0XicGreif3r

    Banned

  • Banned
  • 558 posts
  • iDevices Owned:iPod Touch 4, iPhone 3GS, iPhone 5S, MacBook Pro, iHave a PC
I think we should release this to the public and get more help in this. This could turn out like Unflod Baby Panda, and I don't want that happening.

#117
T0XicGreif3r

T0XicGreif3r

    Banned

  • Banned
  • 558 posts
  • iDevices Owned:iPod Touch 4, iPhone 3GS, iPhone 5S, MacBook Pro, iHave a PC
Apparently the registered dev behind it is "Yi Wang".

#118
T0XicGreif3r

T0XicGreif3r

    Banned

  • Banned
  • 558 posts
  • iDevices Owned:iPod Touch 4, iPhone 3GS, iPhone 5S, MacBook Pro, iHave a PC
And "com.your.executor" keeps showing up. So far, after looking through it thoroughly, I am 95% sure this is a dangerous malware.

#119
T0XicGreif3r

T0XicGreif3r

    Banned

  • Banned
  • 558 posts
  • iDevices Owned:iPod Touch 4, iPhone 3GS, iPhone 5S, MacBook Pro, iHave a PC
https://www.sektione...baby-panda.html That site shows the ip's used in Unflod Baby Panda if you scroll down. The picture attached is of no.ext in the new "virus". You would notice the same ip's as Unflod are featured in mp.ext. This seems to be Unflod in a different form. :( I need more confirmation, but this looks dangerous.
  • MONGOLO likes this

#120
T0XicGreif3r

T0XicGreif3r

    Banned

  • Banned
  • 558 posts
  • iDevices Owned:iPod Touch 4, iPhone 3GS, iPhone 5S, MacBook Pro, iHave a PC
http://i58.tinypic.com/nbp2xe.jpg





Also tagged with one or more of these keywords: Release, Rasticrac, Rastignac, RemoteRasticra