Navigation

Navigation section

Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

Sign up now!

Resolved Got hacked after runemate crashed

semih279

semih279

Molkereimeister
Joined
Mar 5, 2019
Messages
3
Today the Runemate homepage and the client had an ERROR and i got hacked +200m
How is that possible?

Got runemate Server hacked or how`?

Please help
 
savior

savior

Java Warlord
Joined
Nov 17, 2014
Messages
4,906
semih279 said:
hahaha its never a coincidence thats a joke right?
Click to expand...
I mean you can believe what you want...
if it makes you feel better to believe that runemate got hacked, instead of accepting that you were uncautious and got hacked on your own, then so be it
 
feel free to debug any sorts of connections going from the client to the runemate server. you'll find that the only time it's transferring your accounts login information (IF you enter them into the client) are encrypted. they're encrypted with your runemate login credentials (maybe amongst other things, idk). Technically arbiter could use the rm credentials you're sending to the server by logging into the client to decrypt your players credentials.

Let's ignore that this is already extremely unlikely, but okay, it is a minor security flaw.

Now arbiter has hundreds of thousands of player account credentials. What's he gonna do then, just pick random ones? or go after a specific runemate user? there isn't even a guarantee those credentials are valid.

Runemate sends very few information such as gp in inventory, any rings of duelings equipped, or a part of your quest list, in order to build navigation paths using runemate's web. this data isnt even mapped to a distinct player you've added to your client, just to your runemate user.

Lets assume he'd go by the accounts with the most wealth currently in the inventory by using the data of a completely different service (it's getting more and more ridiculous as you can see). Now if arbiter logged into these accounts, you would see a lot of users complaining about locked accounts due to suspicious account use, namely differences in IPs, jagex does that pretty easily.

Now i've seen some ban reports, and i've seen some "hacked" reports, but i've never seen a single "account locked" report on the forums.

Please do not feel offended, i really just want to make things clear.
TLDR: even if (and thats a big fucking if) the recent downtime involved a huge database leak, there are encryptions in place that prevent anyone from reading your account information.
 
M

masteryeetvader

Joined
Aug 31, 2019
Messages
11
Encryption's are good but do we have any guarantees that nobody on Runemate staff is abusing the client with these daily updates? Don't they gather some info?
How would we know if there's a keylogger & screen share as well, I've ran an aimbot once that could debug my whole PC and know what tasks other programs are even doing which wasn't cool when I found out talking to the support team.
I'm cautious but if I ever get hacked I'll know it's Runemate, I don't even need an anti virus to know if I got a virus on my PC.
 
Last edited:
driftson

driftson

Shooting up KFC's
Joined
May 27, 2016
Messages
205
MasterYeetVader said:
Encryption's are good but do we have any guarantees that nobody on Runemate staff is abusing the client with these daily updates? Don't they gather some info?
How would we know if there's a keylogger & screen share as well, I've ran an aimbot once that could debug my whole PC and know what tasks other programs are even doing which wasn't cool when I found out talking to the support team.
I'm cautious but if I ever get hacked I'll know it's Runemate, I don't even need an anti virus to know if I got a virus on my PC.
Click to expand...
yEa
 
Last edited:
swatarinaess

swatarinaess

Bot Consultant
Joined
Nov 17, 2014
Messages
304
MasterYeetVader said:
Encryption's are good but do we have any guarantees that nobody on Runemate staff is abusing the client with these daily updates? Don't they gather some info?
How would we know if there's a keylogger & screen share as well, I've ran an aimbot once that could debug my whole PC and know what tasks other programs are even doing which wasn't cool when I found out talking to the support team.
I'm cautious but if I ever get hacked I'll know it's Runemate, I don't even need an anti virus to know if I got a virus on my PC.
Click to expand...
If you dont need antivirus to know you have a virus, then you should already know if runemate has a key logger (Which is doesn't, obv). The, somewhat passive income, generated from runemate over the long run, is much more profitable. Besides at the smallest sign of a breach, anyone with a decent amount of money would change their passwords. Might be more likely that a jmod steals your gold. If memory serves there was a jmod that did that, by recovering accounts with the details that they had high-level access to, siphoning cash and selling it.

But... All of this is hypothetical and highly improbable. *Takes off tinfoil hat*
 
M

masteryeetvader

Joined
Aug 31, 2019
Messages
11
Swatarinaess said:
If you dont need antivirus to know you have a virus, then you should already know if runemate has a key logger (Which is doesn't, obv). The, somewhat passive income, generated from runemate over the long run, is much more profitable. Besides at the smallest sign of a breach, anyone with a decent amount of money would change their passwords. Might be more likely that a jmod steals your gold. If memory serves there was a jmod that did that, by recovering accounts with the details that they had high-level access to, siphoning cash and selling it.

But... All of this is hypothetical and highly improbable. *Takes off tinfoil hat*
Click to expand...

Being a smart ass doesn't always provide the answers to an argument. I don't believe Runemate has a keylogger but how would you prove that it doesn't? The difference from a file/service starting up with Windows as opposed to a program like Runemate is that you have to open it every time and that's big, having less characteristics than normal virus and unrestricted access only when the program is open, especially one that's updated sometimes twice a day and with such a budget for encryption you'd be lucky to get any detection from an anti virus at all.
So no I wouldn't know what's behind the hood unless I start investigating the program but I would know if any DLL,EXE running on Windows is out of place which is what I was saying but I'm not very surprised that a coder such as yourself wouldn't know this because half of you are brainless. To conclude, me being able to neutralize the ones that aren't supposed to be there unless they were put there by me is an easy job. Also if you bring up something like a JMOD stealing money than why not a Runemate manager as well? Just for thought
 
auxi

auxi

Joined
May 24, 2016
Messages
1,113
MasterYeetVader said:
Being a smart ass doesn't always provide the answers to an argument. I don't believe Runemate has a keylogger but how would you prove that it doesn't? The difference from a file/service starting up with Windows as opposed to a program like Runemate is that you have to open it every time and that's big, having less characteristics than normal virus and unrestricted access only when the program is open, especially one that's updated sometimes twice a day and with such a budget for encryption you'd be lucky to get any detection from an anti virus at all.
So no I wouldn't know what's behind the hood unless I start investigating the program but I would know if any DLL,EXE running on Windows is out of place which is what I was saying but I'm not very surprised that a coder such as yourself wouldn't know this because half of you are brainless. To conclude, me being able to neutralize the ones that aren't supposed to be there unless they were put there by me is an easy job. Also if you bring up something like a JMOD stealing money than why not a Runemate manager as well? Just for thought
Click to expand...

tl;dr?
 
swatarinaess

swatarinaess

Bot Consultant
Joined
Nov 17, 2014
Messages
304
auxi said:
tl;dr?
Click to expand...
"...I would know if any DLL,EXE running on Windows is out of place which is what I was saying but I'm not very surprised that a coder such as yourself wouldn't know this because half of you are brainless."

"To conclude, me being able to neutralize the ones that aren't supposed to be there unless they were put there by me is an easy job. Also if you bring up something like a JMOD stealing money than why not a Runemate manager as well? Just for thought."

tl;dr: Why wouldn't they. Something something, half the coders are dumb.
 
Last edited:
savior

savior

Java Warlord
Joined
Nov 17, 2014
Messages
4,906
Savior said:
I mean you can believe what you want...
if it makes you feel better to believe that runemate got hacked, instead of accepting that you were uncautious and got hacked on your own, then so be it
 
feel free to debug any sorts of connections going from the client to the runemate server. you'll find that the only time it's transferring your accounts login information (IF you enter them into the client) are encrypted. they're encrypted with your runemate login credentials (maybe amongst other things, idk). Technically arbiter could use the rm credentials you're sending to the server by logging into the client to decrypt your players credentials.

Let's ignore that this is already extremely unlikely, but okay, it is a minor security flaw.

Now arbiter has hundreds of thousands of player account credentials. What's he gonna do then, just pick random ones? or go after a specific runemate user? there isn't even a guarantee those credentials are valid.

Runemate sends very few information such as gp in inventory, any rings of duelings equipped, or a part of your quest list, in order to build navigation paths using runemate's web. this data isnt even mapped to a distinct player you've added to your client, just to your runemate user.

Lets assume he'd go by the accounts with the most wealth currently in the inventory by using the data of a completely different service (it's getting more and more ridiculous as you can see). Now if arbiter logged into these accounts, you would see a lot of users complaining about locked accounts due to suspicious account use, namely differences in IPs, jagex does that pretty easily.

Now i've seen some ban reports, and i've seen some "hacked" reports, but i've never seen a single "account locked" report on the forums.

Please do not feel offended, i really just want to make things clear.
TLDR: even if (and thats a big fucking if) the recent downtime involved a huge database leak, there are encryptions in place that prevent anyone from reading your account information.
Click to expand...
@MasterYeetVader read what i wrote down in the spoiler
 
wet rag

wet rag

easily triggered ✌
Joined
Dec 31, 2015
Messages
4,585
DgpuquP.png
 
M

masteryeetvader

Joined
Aug 31, 2019
Messages
11
I'm not a troll and you obviously did not read what I said and why. You make your conclusions before reading and understanding why I even said it. GG

I just hate it when idiots come to me with stupid arguments when they're barely knowledgeable in their area of expertise. Butthurt?
Please stick to RS botting and keep the insults/trolling to yourselves because it's sad and pathetic.
Community doesn't even have a decent power mining bot that focuses on 1 area, I tried the premium ones too which says a lot about you guys because half of you are truly brainless enough to even think about competing with Tribot and others.
There may be a handful of good bot authors here which I do respect but I feel sad for the ones here commenting instead of making better bots. For real.
 
Savior said:
@MasterYeetVader read what i wrote down in the spoiler
Click to expand...
@Savior You're speaking my language but anything going to @Swatarinaess comes back as an answer from a 5 year old. You can understand where I'm coming from with this.
 
Top