Dear community,
We got some news about Cipher Panel. Today we are going to expose everything we found about this group of h4xors
What/Who is Cipher?
Cipher is a group of French kids that released a paid service with a cheat/virus that can be injected or loaded remotely into vulnerable servers. attacking servers in exchange of money
What Cipher can do?
Cipher is able to access all of your server data, including server sided resources, database, server.cfg and Convars (rcon_password,steam_apikey,database password).
How their backdoor works?
It's pretty simple. They add their payload into cracked or leaked resources and wait for victims OR they abuses vulnerable resources such as vrp_basic_menu,esx_kashacters,runcode
Does ChocoHax protect me from this?
ChocoHax will include a dedicated scanner for vulnerable resources or backdoors on your server, you will be alerted if something is wrong on your server.
Our investigation:
We found Cipher backdoor in many many resources
You can be infected by downloading or purchasing resources from unauthorized resellers or leak discords.
To make their backdoor persistent they also inject a new backdoor in a different resource (as backup)
We found the vulnerability in a cracked and edited version of doors (We are not going to post the source code, credits to ModFreakz for the original resource) and in various default resources (chat,sessionmanager,rconlog,etc.)
Their backdoor looks like this : Pastebin > Backdoor
Explaination: The code above is going to call a native PerformHttpRequest on the url: https://cipher-panel.me/_i/r.php?to=0
Cipher Panel GET Request Link
Token (UserID of the cheater that infected your server)
The code above will Load the content of the GET Request Pastebin > Beautified
We deobfuscated the stuff we needed to understand what the backdoor does...
As you can see this file will send your server data, including IP,RCON_PASSWORD,STEAM_APIKEY
Checking for your server type using started resources
and... Accessing your database without any problem.
I hope FiveM and the big ones will take actions after our investigations and helps us to make this game better.
We got some news about Cipher Panel. Today we are going to expose everything we found about this group of h4xors
What/Who is Cipher?
Cipher is a group of French kids that released a paid service with a cheat/virus that can be injected or loaded remotely into vulnerable servers. attacking servers in exchange of money
What Cipher can do?
Cipher is able to access all of your server data, including server sided resources, database, server.cfg and Convars (rcon_password,steam_apikey,database password).
How their backdoor works?
It's pretty simple. They add their payload into cracked or leaked resources and wait for victims OR they abuses vulnerable resources such as vrp_basic_menu,esx_kashacters,runcode
Does ChocoHax protect me from this?
ChocoHax will include a dedicated scanner for vulnerable resources or backdoors on your server, you will be alerted if something is wrong on your server.
Our investigation:
We found Cipher backdoor in many many resources
You can be infected by downloading or purchasing resources from unauthorized resellers or leak discords.
To make their backdoor persistent they also inject a new backdoor in a different resource (as backup)
We found the vulnerability in a cracked and edited version of doors (We are not going to post the source code, credits to ModFreakz for the original resource) and in various default resources (chat,sessionmanager,rconlog,etc.)
Their backdoor looks like this : Pastebin > Backdoor
Explaination: The code above is going to call a native PerformHttpRequest on the url: https://cipher-panel.me/_i/r.php?to=0
Cipher Panel GET Request Link
Token (UserID of the cheater that infected your server)
The code above will Load the content of the GET Request Pastebin > Beautified
We deobfuscated the stuff we needed to understand what the backdoor does...
As you can see this file will send your server data, including IP,RCON_PASSWORD,STEAM_APIKEY
Checking for your server type using started resources
and... Accessing your database without any problem.
I hope FiveM and the big ones will take actions after our investigations and helps us to make this game better.