CCCAM 2.3.0 is taking the backdoor crap even a step further.

[Mr-Bledi]

CCCAM 2.3.0 is taking the backdoor crap even a step further.

The lowest scum of the earth, UVADI TEAM, have done it even better this time. Making sure sharing will die for sure if they keep this crap up.

Before I continue, I would urge people with BRAINS and PROGRAMMING SKILLS, to download IDA PRO (torrent) and decompile it for themselfs to find the fu**ing remotely triggered backdoor.

How it works.

When you install CCcam 2.3.0 , nothing special is happening at first, and cccam will check for input activity on the pc or box to make sure nobody is watching. When it finds itself comfortably alone, it will start sending your ENTIRE CCCAM.CFG info to this IP 176.9.242.159 (a rented root server in germany).
Now I recompiled a version so I could trigger the backdoor myself, and TADA, some fu**ing ITALIAN dialup asswipe connected to the server I just set up , IP : 2.32.190.9. So traffic on my card started. THIS THEY CAN NOT HIDE in Cccam, it shows as a CONNECTED CLIENT from one of your clients in cccam.cfg where the dyndns has been removed (still lack of cccam, if dyndns is non-existing) the security feature doesn't work anymore and everybody can connect on that user.

I have 2 words for UVADI TEAM -> YOU SUCK !!!!!!

The future of CCcam is dead thanks to these low life asswipes , just after free sharing and making their own "spidernetwork" on your card.

BLOCK ALL CLIENTS that have 2.3.0 connected to your server as it will still read all connected clients from the server, trough the client !!

latest original CCcam 2.1.3 and 2.1.4 which are secure and don't have this backdoor code.


PS: AGAIN , if you don't want to take the warning for granted, decompile and look for yourself !!!!!!

 

[testi]

"Now I recompiled a version"

---> so you have the src code of an older version ?

 

[Mr-Bledi]

just unistall cccam 2.3.0 and
install the older versions
CCcam 2.1.3 and 2.1.4 are in this forum too!

 

[testi]

don`t think this has anything to do with my question

 

[victor]

i not see any problem of this vershion

 

[empb]

I wish people would be honest when they copy and paste something near enough word for word from another site (that was posted 18 hours ago on some sites!):

Well Known Search Engine

Instead of pretending they have done some work themselves, would it hurt to credit to original poster. Plus knowing the truth that it is not you Mr-Bledi who have decompiled anything......therefore are totally unable to answer testi's question!!!!

And if the original post is correct and this problem exists simply uninstalling CCCAM 2.3.0 won't fix the problem, you would have to block all connections from others using 2.3.0 on the network.

 

[lemrid]

hi,

as i said somewhere else

so siimple do a

netstat + tcpdump

on an linux pc server runing cccam then u'll be fixed

http://hackepedia.org/?title=Tcpdump

 

[bellof]

QUOTE FROM ANOTHER BOARD:
I think answered is easy becuse he no decompiled code.

If you look to past you see when oscam add suport cccam was info abiut backdore in cccam. Now gbox have new update and is posible coneckt only gbox to gbox i think person can now forced changed to gbox. :thum:

 

[tedy58]

I do not know what happens with the edition of this devils cicikam, but my server that is 2.0.11 has a crash every day morning and I have to wake it up.

 

[hal8000]

After reading this thread I decided to check my DM7020. Connecting by telnet I run netstat -a (from dreambox and find)

root@dm7020:~# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
--snip--
tcp 0 0 192.168.254.24:telnet 192.168.254.68:40022 ESTABLISHED
tcp 0 0 localhost.localdo:12405 localhost.localdom:1682 CLOSE_WAIT
udp 0 0 192.168.254.24:1025 172.16.1.1:28007 ESTABLISHED


My network is 192.168.254.x I have an established UDP to 172.16.1.1 that is not my network but looks like a router address. The address is not pingable. At the momemnt CCcam is not running. I tried to set it up using one of the free CCam servers on the internet, but failed to open any channels, so I'm back to mgcamd now.

Is it possible I have been compromised?
I am not worried as my root password has been changed on my dreambox and dont see any of the IP addresses mentioned in the thread.

 

[1198s]

I do not know what happens with the edition of this devils cicikam, but my server that is 2.0.11 has a crash every day morning and I have to wake it up.

my 2cent
for me devils cicikam is 2.0.11 that is outdated and its used for make multiple server with N line = fake card.
2.3.0 is angelkam

my cards Telesat & TvVlanderen work perfect with CCcam 2.3.0 and my protect Cisco never alert me about the IP reported in first post

for info the IP reported in first post its a Forum :rofl

 

[bellof]

yes you are right amigo k@l@!

When you install CCcam 2.3.0 , nothing special is happening at first, and cccam will check for input activity on the pc or box to make sure nobody is watching. When it finds itself comfortably alone, it will start sending your ENTIRE CCCAM.CFG info to this IP 176.9.242.159 (a rented root server in germany).

guys just for fun put these IPadress in your webbrowser!
then have a look where you will be directed!

that for me say all about these rumour story!!

 

[lpm11]

hm.. I have a question to the author of the waring at the first post. Where are exactly these backdoor commands - give us exactly the address or name of function.

@bellof - this is an explanation: you can manually decompile the code, insert own patches and remake new binary file.
It is very difficult but possible.

Next thing is Netstat - you will not see ICMP packets. It is possible to do two-way communication over ICMP. So if you don't see any special IPs - it doesn't mean that there is no problem. Another thing is that backdor could enable after some time.

And I can add something about oscam:
There was a patch for POSSIBLE CCcam backdoor. It was not a patch for disabling CCcam backdoor. Just one command was unknown and it was disabled (oscam kicks client, which tried to send this command).

 

[lemrid]

hm.. I have a question to the author of the waring at the first post. Where are exactly these backdoor commands - give us exactly the address or name of function.

@bellof - this is an explanation: you can manually decompile the code, insert own patches and remake new binary file.
It is very difficult but possible.

Next thing is Netstat - you will not see ICMP packets. It is possible to do two-way communication over ICMP. So if you don't see any special IPs - it doesn't mean that there is no problem. Another thing is that backdor could enable after some time.

And I can add something about oscam:
There was a patch for POSSIBLE CCcam backdoor. It was not a patch for disabling CCcam backdoor. Just one command was unknown and it was disabled (oscam kicks client, which tried to send this command).

Hi,

well, Netstat was just a little fast reply.

for deeper investigations u can setup outgoing iptable rules allowing just known traffic, or better, u can run a dedicated firwall based on linux distros such as ipfire, pfsense or whatever inorder to block and/or log any suspicious packets. this way, u'll control almost incoming and outgoing traffic

 

[djeeuw]

This is what i expirienced at a friend of mine his dreambox.

http://www.sat-universe.com/showthread.php?t=222738&page=9