Jump to content

Fusion v1.1a


CDaeda

Recommended Posts

  • Replies 666
  • Created
  • Last Reply

Top Posters In This Topic

Re: Fusion v1.1a

 

I don't have all the tools on the PC I am on to do a proper analysis, but there are definitely references in the dll for establishing an encrypted internet connection. The dll does not trigger its own entry in the firewall log because it is coming through terminal.exe which is the MetaTrader client.

Link to comment
Share on other sites

Re: Fusion v1.1a

 

Ho need. HiRider has no web authentication in the mql4 code. For the DLL to have authentication and call the developer's server on its own the firewall has to permit it hence you'd get a message to let it through. No such event occurs. It is protected by hiding its logic inside the DLL only.

 

Cheers

 

Are you sure?

what about this code in the hirider?

 

else PrintLNL(li_12, "Authentication failed - error(" + ai_0 + ")", gi_112);

if (ai_0 & 512 > 0) PrintLNL(li_12, "Attention: Upgrade available", gi_112);

if (ai_0 & 1024 > 0) PrintLNL(li_12, "Error: Upgrade required", gi_112);

if (ai_0 & 1 > 0) PrintLNL(li_12, "Error: WinINet initialisation failed", gi_112);

if (ai_0 & 2 > 0) PrintLNL(li_12, "Error: WinINet connection failed", gi_112);

if (ai_0 & 4 > 0) PrintLNL(li_12, "Error: Invalid account number", gi_112);

if (ai_0 & 8 > 0) PrintLNL(li_12, "Error: Invalid account status", gi_112);

if (ai_0 & 16 > 0) PrintLNL(li_12, "Error: Dll and Expert versions mismatch", gi_112);

if (ai_0 & 128 > 0) PrintLNL(li_12, "Error: Unable to retrieve authentication code", gi_112);

if (ai_0 & 256 > 0) PrintLNL(li_12, "Error: Server response failure", gi_112);

if (ai_0 & 2048 > 0) PrintLNL(li_12, "Error: Invalid authorisation details", gi_112);

if (ai_0 & 4096 > 0) PrintLNL(li_12, "Error: Authorisation declined", gi_112);

Link to comment
Share on other sites

Re: Fusion v1.1a

 

if this works like megadroid first version, it was sending a http request to megadroid server to activate. The dll checked if some specific number was present in the Http response.

 

I dealt with this the hard way installing a http server on my pc, changing the host name of megadroid to my localhost and putting the right information in the response.php page hosted on my PC.

 

Maybe this can be done too... I have to launch a packet capture software to see if this can be done.

 

This is the string it's sending to validate: http://www.forex-robot-world-cup.com/access/frwc.php?file=HiRIDER:1.03&base=91166239&acct=6993110&type=1&code=1234554321

 

(Where 1234554321 is the receipt #).

Link to comment
Share on other sites

Re: Fusion v1.1a

 

Look what i have in the network packets :

 

http://www.forex-robot-world-cup.com/access/frwc.php?file=HiRIDER:1.03&base=56350012&acct=1460133&type=1&code=1234567

 

Response :

 

39617681|HiRIDER Disabled|HiRIDER is disabled because the receipt number is incorrect

 

Now, all we need is a valid header. Maybe we can run some test with the number which is showing in the first row and we should be ok

 

I have to install a webserver on my server to see

Link to comment
Share on other sites

Re: Fusion v1.1a

 

Please update this thread as soon as you could find a solution to use the Forex World Cup EAs package and successfully authenticate. I am anxious to try if I can have the same performance of the 2010 Campionship. Thanks to all the MT4 developers and crackers in this board.

Link to comment
Share on other sites

Re: Fusion v1.1a

 

It seems to me that all we need is for someone with a valid receipt number to post the authentication message they get when they visit:

 

http://www.forex-robot-world-cup.com/access/frwc.php?file=HiRIDER:1.03&base=91166239&acct=6993110&type=1&code=XXX

 

Where XXX = a valid receipt number.

 

Then we can rig up a fake reply to trick the dll.

Link to comment
Share on other sites

Re: Fusion v1.1a

 

the thing is, did you check fusion?

 

robots included in fusion:

 

hirider, lmd, supervolcano, neg correlation usdchf - all great but...

 

 

 

 

wait for it.....

 

 

 

Straasha System??????????????

 

 

-16.54% finished 16th.

 

 

look at its curve i know that type of stuff i programmed some of those myself its an account-blowup-er.

 

 

There is NO WAY IN HELL this and the other account blowers on the other places have been backtested ffs! 10 years backtest? did you see the children involved in organising this? if you backtest any of those systems you will see they are phail!!!

 

 

Did you see what Straasha said about that?

 

http://forum.mql4.com/26598/page2

When mind lingers in one place efficiency is lost
Link to comment
Share on other sites

Re: Fusion v1.1a

 

I can't really get at the dll. If you can modify the Url it's accessing then, if you send 0 for the account number and the receipt number, and make an EA that keeps calling the Authenticate and GetStatus methods, while your webserver decrements from some value of the return... you may be able to just find a valid return ID with brute force.

 

Otherwise we need to help someone who has the real version get a copy of the header for us, if they're willing.

 

Sad that this thing didn't turn up some time in the past when I had more spare money.

Link to comment
Share on other sites

Re: Fusion v1.1a

 

It seems to me that all we need is for someone with a valid receipt number to post the authentication message they get when they visit:

 

http://www.forex-robot-world-cup.com/access/frwc.php?file=HiRIDER:1.03&base=91166239&acct=6993110&type=1&code=XXX

 

Where XXX = a valid receipt number.

 

Then we can rig up a fake reply to trick the dll.

See my posts above. Yes i'm just missing a valid response. In fact, if someone has a valid response code that should be enough for us. No need for avalid receipt number.

Link to comment
Share on other sites

Re: Fusion v1.1a

 

Look what i have in the network packets :

 

Response :

 

39617681|HiRIDER Disabled|HiRIDER is disabled because the receipt number is incorrect

 

 

Is the response number (39617681 here) always the same or it changes by every response?

No, it changes when we modify the code. It's never the same.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.




×
×
  • Create New...