This project was made for knowledge purpouse only, it contains a loader that maps a driver, and injects a dll into a target process
It contais a loader that run's keyauth's api, as soon as you log-in, the loader automaticaly downloads a target where the dll of the cheat is injected via manual map (there's a communication between the loader and the target via json).
The process begins with the Init method, which sets up the loader's environment. This method initializes various components, clears unnecessary files, and prepares the target application. It takes an address parameter, which is cast to an API pointer used throughout the loader. It also logs progress at various stages for debugging purposes.
This step clears any existing applications that might interfere with the loader's operations. It iterates through files in the current directory and removes any executable files with specific characteristics to ensure a clean environment.
Ensures the required driver is running. If the driver is not running, it attempts to start it by:
- Killing any conflicting processes.
- Downloading the driver file from the API.
- Mapping the driver into memory and verifying its status.
- If any step fails, it logs an error and stops the loader.
Creates the target executable by downloading the file using the provided TargetID. It saves the downloaded bytes to a file with a unique name generated by combining a base name with a random word.
The loader ensures that the memory of the target hasn't been changed, and it's authentic. It is made by checking the process memory, and converting it to a SHA1 string, that's compared with the authentic one, in the server.
Verifies the hash of the target executable to ensure it matches the expected authentic hash. If the hash is invalid, it bans the user through the API and logs the error, terminating the loader.
The communication is based on JSON files, tha contains necessary information for the loader and writes it to the communication folder, the communication folder is randomly generated everytime you open the loader. This JSON includes details such as the random folder name, loader process ID, user credentials, and the response ID.
The loader waits for a response from the target. Once the response detected comes, it verifies the safety of the session by checking certain conditions and ensuring the build file is correctly downloaded.
After verifying the session, the loader proceeds to inject the bytes of the build file into the target process. It logs the success or failure of the injection and cleans up any remaining data.
The Idle method runs in an infinite loop, continuously monitoring the state of the target process and the environment. It performs the following checks:
- Ensures the target process is running and has the correct process ID.
- Verifies the hash of the target executable to detect any unauthorized changes.
- Monitors for any unauthorized processes running on the system.
- Checks if a debugger is present and bans the user if detected.
- If any condition fails, the loader logs an error, bans the user if necessary, and terminates the session.