Bonus video with the analysis of the collected data will come within the next 24h. TL;DR summary: If you are a Guild Wars 2 player, don't worry about bots like that. It's child's play. Don't request ArenaNet to waste any resources on it.

I just wanna say that I have watched several tutorials on reverse engineering binaries and I REALLY enjoyed your video because you not only showed what you did to find certain bits of information, but you explained your entire thought process AND you told us the things you did that didn't actually work. 99% of tutorials -- even the good ones -- often leave out explanations of the dead end roads they went down. And the reason that's so important is it helps people who are trying to learn reverse engineering the mindset/thought process they should have when approaching the subject. It's easy to mirror something you watch in a video and think you understand it only to try it on something else and quickly realize you don't really know where to begin or how to approach it. This is the first video I've come across of yours and I'm definitely checking out more after I write this, but I'm really hoping that you take this approach in all of your videos. If not, you should. This is super helpful and you're definitely onto something with this style of talking about a subject. Sorry for the long comment, but I just had to say this. Cheers!

Your strings are wide which is why IDA didn't notice them. You just need to tell IDA to include wide strings in the strings window (right click and configure)

I don't even play GW2, yet this was utterly fascinating. You're a goddamn wizard.

3:31 Sending login credentials over HTTP? Oh boy...

The way that you talk through your way of thinking is so good. Makes it so easy to follow your thought process and your reasons for doing things.

do more bot videos on popular mmos, this is interesting stuff

You showed me nothing I didn't already know, except how to put what I know to use! I appreciate the candor of narration as you work through the problem. That is one of the most important things for people to see, it's OK if you don't know precisely what they next thing you click on is going to do, that's how you learn. Great video, thank you.

Super interessting! And crazy how it was possible to extract such valueable and private information. I bet there's thousands of other companies doing something similar.

One of the best channels about reversing on youtube. Thanks for the video

I love these videos. As large a python application developer, getting to explore more about this very unknown world (at least, to me) is super interesting. Keep the videos coming!

This guy could get employed by Microsoft Apple Google and Amazon all by himself and save these companies trillions ... He is mind-blowing smart. I use computers since i'm a kid and have strong knowledge about pretty much every computer related stuff but in this video I quickly realised how much of a noob I was. This video made me humble so bad. I'm shocked. Wow.

I legit spit my coffee out watching this at 7:30 in the morning when I saw you replay and edit the request to get the online users.

great documentation of your workflow. thanks

By the way, you can just load the memory dump into ida see the disassembly of whatever they tried to obfuscate/encrypt. Ida can also find strings in there, no need to do it manually.

You've inspired me to get back in GW2 after almost a year of not playing it, thanks

For string searching I like ProcessHacker 2 - double click on the process>Memory>[Strings...]>Set the settings>Optionally filter output.

I would like to see more game related reverse engineering videos. Keep it up.

You deserve so many more subscribers. Please keep this content going :D

Couple tips for Windows executable reverse engineering. 1) There are many programs you can use to check how an executable is compiled and packed, couple of my favorites are Detect it easy and peId. 2) You can use Process Hacker 2 to find strings in memory of an executable. Great video btw!

Your videos are very informative. It's almost like you have to play detective to discover what you did. Of course, having the right tools under your tool belt also helps ;) Keep up the great videos!

Dein Video ist Gold wert, konnte dadurch echt viel lernen, danke^^

How didn't I know about fiddler earlier? I love it and constantly mess around with it now! Danke dir

I don't think there is a single video of yours that hasn't had a #MindBlown moment for me. I know you think this is a bit mundane, but like all your work, yet again opening a whole world to my view. Thanks, keep up the great work!

I would have never thought to reverse engineer the bot program to get all the api calls to their server. that's awesome.

Great video. i really enjoy you reverse engineering these types of MMO bots, i would love you try doing it for more bots as its also very educational :D

Really cool video, I like how you went the extra step and tracked thos bot users for data

Excellent video! Best reverse engineering channel!

Super cool video, and absolutely hilarious that such a simple request gave you the bot user's account APIs. Talk about a botch job from the bot developer!

As the bot requires validation to work, you can remove it by checking for strings related to the login page on IDA, the newr adresses will be the validation ones, then you just need to make it return true

Awesome video as always. Guild Wars 2 is a great game, as well.

Okay.. I didn't like the video until you got the entire list of users.. and then geeked out graphing some data.. You earned my like.. Thumbs up clicked :P

Fun fact: You just gave pirates a head start in pirating the bot.

Very cool my friend, subscribed - wish there was more content like this!

BEST CHANNEL EVER IN THE HISTORY OF KZbin AND HUMAN CIVILIZATION

Subbed! Awesome videos ;) GW2 reddit brought me here!

This is just... WOW. Dude you're awesome. Keep it up!

I have 0 dev experience and I dont play gw2. I watched the entire thing. Time to get control of my life.

0_0 I don't know how I ended up here but I couldn't stop watching. This reminds me of how many different programs I find myself using from start to end with making game assets.

You could open the memdump (Yes it's a full memory dump) in IDA and let it automatically find/analyze the binary.

you are defo in the top 5 Comp Sci/Software Eng/Hacking channels.

Just found your channel. Seems to be educative and I believe I will learn a lot. Keep up the good work.

Ich habe keine Ahnung von GW2 und auch nicht vom Programmieren, aber es ist interessant und einigermaßen verständlich für mich. Dankeschön. =)

Your a boss man! This made me happy to watch.

You're so awesome. I love your videos so much! So much to learn, and I really like the way you present the information.

If you're dealing with .NET assemblies, don't bother with Reflector, take a look at dnspy.

Just awesomely crazy... Good job.

I'm glad you waited for the service to shut down before doing this, a buddy of mine found this issue and showed me how to perform it ages ago. We always used to mess with those filthy cheaters. >:)

Thanks for this amazing video, you never fail to deliver :D

Very good video about deep programming knowledge, without getting complex. It helped me!

I'd love it if someone posted this video on the site where the bot was sold. I don't think they'd be all to happy with it if they found out it just spits your API keys out on request.

The mouse key hook actually uses Windows API to intercept and maybe send raw input, no injection required.

This video is strangely motivational.

Very interesting. Good job

WoW, That is really amazing. It's inspiring.

This is some impressive work man!

I love your channel so, so much

The dump format isn't raw, it's stores all sorts of information other than the memory like open handles and threads.

I enjoyed this video! I will watch more of your videos :)

I learned a lot today, thank you for this video :)

Really interresting video.... I'm subscribing to see what's next :) And i will come back on your videos to see what else you have to teach. Thanks for the share, keep on the good work, keep giving us your taught process (mostly why i subscribed!) Good luck on KZbin

I love this video. Please make more videos like this xD

I love your videos, i just got into the security market and i'm learning from 0 your videos will surely help a lot i've always wanted to make bots for games for the sake of it but never did it. I would love if you could make a video about android apps pen testing

You should do more of these documentary's where you reverse engineer a program in the wild.

I have no idea what is going on or where I am but I like this video, even though I understood none of it. I found it enjoying and your voice soothing. Keep making videos, 4am me is out & won't remember this comment :)

Man!!I wanna be able to do all this. You're a genius

WoW nice Love this video, thanks for showing me something new :D

Very interesting. I used to make wallhacks for Soldier Front and aimbots for Gunbound when I was younger... much profits. These videos make me want to get back into it.

7:14 press Windows [no Ctrl +] a to mark every thing in the wimdow your in. (Only text and numbers)

craaazy stuff ...i have no clue about programming but this is crazyy :)

it's hard to really stop injection from happening, when it comes to the mouse clicks you have to rely on the system flag to tell if the clicks are authentic, these need to come from certified drivers (although you can also just patch whatever checks for the flag on the client)

You earned a subscriber, don’t let me down

Super interesting. Thank you for this.

I have no idea whats going on and yet i am going to watch part 2

wow what a great content, subscribed

Thanks for the video! you big helped

I can recommend ILSpy Smartscreen primarily checks code signing certificate of the program (see the Publisher) - not much of hashes and how many are using it. To avoid the smartscreen you must supply your app (with certificate) to Microsoft. Visual Studio should be able to open the memory dump, and also let you step thru it if you want. (I really hope this is available in the community version)

If the memory contains non-obfuscated data you could have easily debugged using some tools like OllyDbg or even Cheat Engine (even if OllyDbg provides a list of strings really similar to the IDA one)

dayum son, your hacking skills are over the top!

you are my favorite channel ☺

Thanks for the video, very interesting!

send the graph to data is beautiful.

For dotNet reversing is better to use dnSpy which have better integration and more features.

I just realized that I had watched this video before, not knowing about GW2 and I'm quite intrigued by how games' economy works, but not the games itself (since I'm not MMORPG kind of player) Then two years later I've already addicted to it and then stumbled this video again browsing GW2 economy subreddit How the table have turned... I'm gonna watch it again

Im in college and watching every single video of yours so that i able to solve any ctf challenges thanks men: ∆

2:08 this that's what sold it to me, your videos are so good ☉_☉

your intro is awesome

Nice, I'm always learning something ;) And I'm always a bit suprised to read german Text. Well, I already know you live in Germany, but your englisch is perfect. BTW: I'm German too

That clicking in the background music sounds like someone munching right next to my ear and I can't bear it :c Glad it stops after around 1 minute

i love reversing . you are my 2nd hero . +rep :)

That was so interesting and fun to watch! The thing is, if I had attempted to do this kind of research, I would have given up after the first 5 minutes, because I know nothing about the workflow and how to interpret findings and outputs of these various programs (even most of the shown programs I did not know). So can you give a short explanation of how you collected this mass of knowledge over time? Ps: Schland :D

Far, far above my level of knowledge and interest, however well explained and interesting to see what you discovered, even if I could not emulate this myself.

DUDE YOU ARE A FUCKING BOSS. I'm super inspired to try some of these tools. Thank you so much. Love your channel.

jaja sehr schönes video Hans

you are awsome , fan from Egypt :)

how could you know if with deleting the username and password parameter will discover the entire API key?

This bot looks like coded in AutoIt. Why did not you just try to decompile with Exe2Auto in case it was an autoit file? Maybethe source was obfuscated but this language is easy to deobfuscate.

I'm more interested on unpacking that binary files. The crazy thing, I did some reversing on a private server of a game launcher back then, what I didn't expect after unpack the binary was that the launcher uses somekind of remote sql to fetch the login data. I can even see the database and it's password for connecting to remote server.

What is written at the end of the 2 sentences in python "raw = open ..." and "with open ..." ?

Man this is crazy shit! Nice video