pouët.net

Back to roots 2
screenshot added by wbcbz7 on 2014-02-22 07:46:00
platform :
type :
release date : february 2014
release party : Sochi party 2014
compo : pc demo
ranked : 2nd
  • 0
  • 9
  • 1
popularity : 53%
 53%
  • -0.10
alltime top: #57830
added on the 2014-02-22 07:46:00 by wbcbz7 wbcbz7

popularity helper

increase the popularity of this prod by spreading this URL:

or via: facebook twitter pinterest tumblr

comments

just out of curiosity: why does it try to connect the interwebs?
really? I see no connections
added on the 2014-02-22 09:46:34 by g0blinish g0blinish
chaos zoomer with nice (but ripped from Starport BBS intro) AdLib music. Yes, it really trying to connect to unknown web servers (why?), and it`s not mine prod :)
added on the 2014-02-22 12:46:10 by wbcbz7 wbcbz7
Not very smooth 2d effect on my I7. And only that. Trying to connect? Where can I see that? Don't do anything to my computer..
added on the 2014-02-22 12:57:39 by Optimus Optimus
I saw somwhere a similar web routine...
added on the 2014-02-22 17:00:39 by sim sim
the prod opens a ssl connection to the (seattle based) IP address 4.53.147.198.
sadly i dont speak https so i dont know what they are talking about.
added on the 2014-02-22 17:24:59 by wysiwtf wysiwtf
use wireshark to analyze.
added on the 2014-02-22 18:47:04 by ok3anos ok3anos
Wrapped with Spoon Virtual Application Studio 2012 http://spoon.net/studio cracked with serial by Lz0/LineZer0
The wrapper is a Microsoft .NET transparent SsHd downloader to
Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\roaming\modified\@PROGRAMFILESX86@\

Guessing the Seattle Bellevue IPv4 address 138.8.119.35 is related to Microsoft.

b2r2.exe(1.4 Mb) drops b2r.exe(26 Kb) which is the Back to the roots win32 demo and launches music\a2t_play32.exe

Modifies ProxyServer, ProxyOverride, ProxyEnable, SavedLegacySettings keys through windows registry.
Launches DNS/RPC through svchost.exe

This plus lack of .nfo
Above replace IPv4 address 138.8.119.35 by 4.53.147.198 as wysiwtf said.
All in all personally I wouldn't recommend running this because it is unknown how Lz0 regged this. It might be better to upload the 26kb executable b2r.exe alone, without the bloated >1Mb Internet connection wrapper.
If you want to just see the demo, I've uploaded it to http://www.sendspace.com/file/8mw8sq
but still be warned of the virustotal below

SHA256: 52e0489544ba802de089921d8fecffe9f097e15884e314d42c1ca28c587226f3
File name: b2r.exe
Detection ratio: 2 / 50
Analysis date: 2014-02-22 19:17:56 UTC ( 0 minutes ago )
Antivirus Result Update
CMC Packed.Win32.Zcrypt.3!O 20140220
Qihoo-360 HEUR/Malware.QVM05.Gen 20140222
Hi.
Makes me remember of the 3D0 when you play music thru it and/or an old AMOS Commodore Amiga demo...
Anyone recalls?
Baudsurfer, thanks for this info! Heh, I can`t imagine that this demo packed by cracked packer and modifies registry. Why a\v doesn`t warned this file? :-D
In russian: да, эту дему точно рупор делал :)
added on the 2014-02-23 12:29:19 by wbcbz7 wbcbz7
Quote:
Baudsurfer, thanks for this info! Heh, I can`t imagine that this demo packed by cracked packer and modifies registry. Why a\v doesn`t warned this file? :-D
In russian: да, эту дему точно рупор делал :) added on the 2014-02-23 12:29:19 by wormsbiysk


The demo itself is only 26 kb (I've given the link to the extracted file here) whereas the executable in the download link you provided is over a megabyte.

I do not have interest to reverse-engineer a megabyte of wrappers : I'd rather code something myself : I stopped looking when I saw the hacked serial, the sshd protocol and attempts to access my registry keys related to Internet connection.

BB Image
afaik demo ain't packed to hide virus. some parts has been created with help of portable Virtual Application Studio.
maybe the reason in the tool?
My Comodo still silent.
added on the 2014-02-23 14:23:04 by g0blinish g0blinish
and tune ain't ripped from StarportBBStro 2(because sources are shared, Reality made famous tune for RAD Tracker).
added on the 2014-02-23 14:28:23 by g0blinish g0blinish
should be fixed...
sucks added on the 2014-05-06 01:14:59 by T$ T$

submit changes

if this prod is a fake, some info is false or the download link is broken,

do not post about it in the comments, it will get lost.

instead, click here !

[previous edits]

add a comment