open All Channels
seplocked Market Discussions
blankseplocked Market Bot is a scam
This thread is older than 90 days and has been locked due to inactivity.

Author Topic

Algorithm 5
Deep Core Mining Inc.
Posted - 2007.03.05 20:03:00 - [1]

Was intrigued by the mention of an EVE market bot the other day, so went and found the site it was on and downloaded the executable.

Of course, there's no way in hell I'm either going to 1) Give someone 120m isk 2) Actually run the damned thing and risk either breaking the EULA or having my eve account stolen or having my computer pwned, but I was curious how it was implemented.

The funcionality they were talking about would seem tricky to implement given the weird buggyness of the market sections of the EVE GUI, so I wanted to decompile it and see if it was mouse/keyboard etc.

The only other way I could think of was image recognition, and that's hardcode stuff.

But weird, the program is only 600k. That's not much to do anything and it's a single .exe. That's not much room to do anything given what it's trying to do.

OK, lets run the thing through 'strings' on a linux box to see if it is trying to call home or hack my box.

No ip addresses or evidence of calling home, but what do you know!



The "buy" page on the market bot website mentions an "anti-scam" method. You contact them, they give you your "personal code" (which I'll bet looks like that first list) and then you give them isk and they give you a "registration code" (which I'll bet looks like that second list).

In fact, it looks like a simple declaraction of a list or hash with 10 hard-coded license numbers.

Also, all the GUI elements appear to have the default names (Button1, Button2, Button3 etc) which is classic evidence of a simple GUI mockup. There's no other error or message strings in the application, so obviously it's never going to throw a prompt at you.

In fact, judging from the binary it's not much more than a simple Delphi mockup of a GUI. There's nothing to even find the EVE binary on the disk, and some strings that suggest obvious bugs.

Rightio then. A quick heuristic virus scan on the binary shows nothing particularly evil, so lets fire it up.

It wants my character name, so enter random junk.

Personal code, enter one from the first list. The program says it's good.

Enter the registration details, in real life I'd have paid them by now.

A curiously-close-to-one-second pause to look like it's doing something, and the program says I'm registered.

Click ok and blam, "Access Violation at blah blah blah".

If I was the scammer, at this point I'd be leading people on promising a fix etc etc...

So my analysis. That website and the application is a well executed scam. And note the license counter at the top of the page keeps going up. I'd bet you that's their scam counter, the number of people that have fallen for it.

At 50 people, they'll announce the scam and the 6 billion isk they've made.

As for the "thanks" down the bottom, I'd bet you that's either the name of the guys running the con, or names of well known EVE people intentionally put in there to muddy the waters and gain credibility. :)

Well done whoever came up with this, by the looks you're already over 3 billion richer.

Essence Enterprises
Posted - 2007.03.05 20:28:00 - [2]

Nice analysis, thank you. I am glad that bot was fake, congrats scammers for this original idea and shame for all those who tried to purchase it! Evil or Very Mad

Redglare's Demise
Mutually Assured Distraction
Posted - 2007.03.06 01:22:00 - [3]

After hearing about this bot, I was sure that it wasnt what it claimed to be, but I expected it to be a keylogger or something.

Good to hear its just a scam... although that sounds odd.

Dark Shikari
Deep Core Mining Inc.
Posted - 2007.03.06 01:36:00 - [4]

Disassembly ftw! Razz

Ramblin Man
Posted - 2007.03.06 05:19:00 - [5]

Nice one!

Jade Grimpkin
The Sunshine Touring Company
Posted - 2007.03.06 11:57:00 - [6]

scamming macro users? Me like.


This thread is older than 90 days and has been locked due to inactivity.


The new forums are live

Please adjust your bookmarks to

These forums are archived and read-only