SMJS

GDIntercept is out for most platforms including: - Android (32/64 bit) - Windows - Macbook (M1 chipset)

@ZURC_99 I mean you're surprised? This would be far from the first time encryption methods had a universal key. By now I've just come to expect this from tools which aren't public source.

@SMJSGaming Speaking of Windows did you hear about the possible back door that they found for BitLocker lol

Gotta love it when you spent 5 days debugging just to find out that your hook was partially inlined on Windows making it pretty much useless (images shown is the uses of the method on Windows VS Android)

@bakathesussy Besides the subdomains which are already there what for?

@SMJSGaming make a robtopx email or subdomains please 🙏🙏

#GeometryDash So currently I have all the Android app IDs robtop uses for his GD variants connected to my Discord account (I own the domain)

@1aubreygraham1 Likely just following the trend back then of everything having an X in the name

@SMJSGaming why does he even have the X in the package name

@ddeaen Nah they redirect to Geode

@SMJSGaming redirect it to very scary jumpscare malware scam

Just realized it's geometryjumplite rather than geometrydashlite so fixing that small error right now

@finobedoticu @brint Yup

@SMJSGaming @brint is he really relying on Cloudflare to prevent sql injection?

#GeometryDash So considering RobTop never did the due diligence he should have as a European company to report what was leaked. I may as well just reveal one thing I kept secret for quite a while to not immediately soil his reputation. In the DB leak were unencrypted passwords.

If you think about it. Some of the most critical logins on the web (sftp & ssh which are the protocols to remotely communicate with a server) don't support 2 factor authentication. Kind of a scary thought).

@33YYYYYYY @chrissvector @RobTopGames 1) 2 way obfuscation is useless 2) Nah, most apps use a one time access token which can be revoked at any time when it's compromised. Besides no party involved should have any reason to leave a password 2 way encrypted/encoded since you should test against the hash.

@chrissvector @SMJSGaming @RobTopGames dude, 1) the password in the save file is somewhat obfuscated and 2) you're SUPPOSED to store passwords locally (such as in cookies). ALL apps with authenication store it locally unencrypted (or decryptable by one with access to your computer which is essentially that)

@ArcadiacManiac @ClingingBogGMD @tricipital14 Anyone confirmed compromised through this person's messages was already informed. But unless RobTop goes through the SQL logs (which sadly he isn't doing) I have no way to confirm the scale of the exploit abuse.

@SMJSGaming @ClingingBogGMD @tricipital14 if people have their accounts compromised and you are aware of who these are you should at least have the decency to inform these people

@ArcadiacManiac @ClingingBogGMD @tricipital14 Due to sensitivity on this topic I'm not providing anything identifiable but please refer to my reply on the top comment in this thread to explain how non temp this really is.

@SMJSGaming @ClingingBogGMD @tricipital14 “This same person also got into a bunch of accounts at the time” could you list examples because if so then yea maybe there’s some legitimacy to those login details. But I highly doubt a table named “temp” would contain actual user data

@ArcadiacManiac @ClingingBogGMD @tricipital14 This same person also got into a bunch of accounts at the time, so there's a high likelihood that they used this same table or used a login bypass trick you can execute when you have read access to the DB.

@ArcadiacManiac @ClingingBogGMD @tricipital14 Currently the person from who we found evidence of knowing about this exploit before pen testers got to it has been inactive. I've always said that it's currently unknown to what extend the breach was abused. Just that the possibility of this data was leaked.

@tricipital14 Basically rob seems to have made this table to find common passwords bots check for so that he can blacklist these. However, he just straight up captures raw login inputs from anyone to achieve this. This table has also existed for years.

@SMJSGaming So the table you had access to was called "tempLoginTest" ? Can you give a little more info because a leak of a table with both "Temporary" and "Test" in the title implies that the data inside is worthless or not worth causing a panic over

@greyogd He did in the sense that he immediately patched it once it was reported. But when I told him that others had also found it and that he legally has to disclose that publicly he completely ignored it.

@SMJSGaming how tf he didn't even care about that

@Ripnium It has been running for years and actively inserting data so I wouldn't call it temporary at all

@SMJSGaming yeah but isn't it just a temporary test that was... meant for testing?

@greyogd It was from February but I kept silent about plain text passwords to give RobTop the chance to disclose it properly. Because he didn't I decided to just put that out there.

@SMJSGaming Is this new leak from today or something older

I reported the fact that RobTop hasn't disclosed anything to IMY (The Swedish privacy protection authory).

When I briefly had access to the DB I managed to find one table filled with raw logins called tempLoginTest which had the following columns: - accountID - date - password - username These were raw login inputs which were likely captured and immediately put into the DB on login.

@arnthorrr that was just bruteforce

@SMJSGaming is this how teamtuff hacked accounts or was that just bruteforce