'bomber.py' is obfuscated and takes lot of time to evaluate fully. #19
Comments
|
Thanks For Your Suggestions... Yeah about that verification stuff and at last yeah i made it only available for debian systems only I am not building A Commercial Grade Application Here And This Script Will be open sourced Soon after its APK version is made We already Thought of what problems users are facing So At the conclusion TBomb APK will solve all isues no verification links will be there |
|
@TheSpeedX - just mentioning to make sure you won't lose this issue. A response to all of your false statements.
Chromium and Firefox are open-source, too, and it might cause WAY GREATER problems if someone finds an exploit. But these are still open, huh? What security do you event talk about?
How's it? Your government got it down? [Doubt]
No, you put ads to get cash flown, that's no secret.
TBomb in its current state is already a tool that is capable of dealing damage, nothing would change if it were open-source.
Why so? Is there a problem with other package managers? [Doubt x2]
APK is WAY easier to decompile and get discovered around. Also - I'm curious why 50% of your stargazers are almost empty?. Seems like a reason to notify a support team, quite resembling a bot net to boost a repo. |
|
@scpketer Any Further Questions Mention me xD Answers To Your Different ViewsChromium and Firefox are on there own. They Are not Doing Tools like SMS Spamming etc And API got banned as the site owners Found these requests and limited it Do you really think Sending SMS Would be Free ???? We Give it For Free Thats Too with international Support And Yeah We Also Need Cash to move on To Other Projects And TBomb Was OpenSourced Before I Got to See a whole lot of misuse.... And Yeah TBomb Will Be Opensourced might be in 2 months again There is not a problem Using For other package mantainers APK will be user friendly ... And I Dont know who the Stargazers And if u really think its a botnet and bypassed Github's New Awesome Captcha , Please Provide Me Its Link Or Code xD |
|
It's not my business to find out how did your stargazers have registered. The report is sent to GitHub support and they are currently reviewing it. All that is worrying me is that most of them have no avatar, most of them have empty repositories, and all of those have your repositories starred and forked.
I do understand that India has a lot of population and you could gain so much followers (this includes this repo stargazers and forkers as well as your profile followers, about their user content, see above, it's in bold), but man - you've got this account just in 2018, and, assuming you've created TBomb instantly after this - it's been even less than 2 years, and you've got 120+ stars already. Also - if there are so many stargazers, why's activity is just zero? No PRs, just 19 (including this one) issues, kind of suspicious. That's not how we do on GitHub. Just as this one repo, I've also seen 'commit bot' - these are sort of restricted, aren't they? |
|
Watch it, @TheSpeedX. What do you say about that? I'm not going to dig up your stargazers, but things are all the same out there as well. |
|
Ok Great I will Help in all way To Github Support And Those Who Forked They cant change as The code is obfuscated... How could i say about my Stargazers ?? And TBomb Was A Hell When it was started Man It Users wish they starred my repo And This Tool Does not make much issue as its only for debian If u want u can dig up the stargazers and see And i think my tool got Popular Coz Many Youtubers Posted Video About This And yeah commit-bot was Made By me They Are not actually restricted there is a repo called gitfitti which will draw graffiti in your contribution history... So i dont actually think commit-bot is restricted .... @scpketer Hope That you were Satisfied With my other answers as well If not comment I am ready To Reply xD |
|
@scpketer Really Hats Of To Your efforts So i am here to answer Any of your question if I can |
|
@TheSpeedX, I have nothing against YouTubers made a video about your tool, that's understandable (but, actually, with the quality of videos on your channel I start to re-think it - man, just look at all of those intros in your videos, they're just awful of being vertical) However, I just respond at what I see - a lot of empty accounts made for just forking your repo. You do know what forks are for, right? For other people to make changes. But take a look yourself - they ARE EMPTY. No changes. P.S. Can't call it an effort though - it's so easy to just pick avatar-less accounts and quick-check if they have any activity besides just forking stuff. |
|
@scpketer I am not much of an editor xD I know what forks are for but i think others dont might be As U saw there were guys with several other forks But no commits so I think it might be due to a reason So they might have forked it xD ;-) I really Am ethical man Why would i just Do like empty forks you will also find Forks with no contribution Not all forkers contribute |
|
@TheSpeedX, it would be understandable if it wasn't for all the empty accounts at your profile followers as well as in stars and forks. You see - people are on GitHub for creating stuff or contributing. It's suspicious that people just wander around your repo. Just a few of them have anything except your repository. |
|
Let the Github Community Check and Verify it Thanks @scpketer A Lot For submiting for review ;-) You Helped Me To Maintain The Repo like Some Official ones xD |
|
Official ones don't have fake stargazers and forkers, @TheSpeedX. |
|
Yup thats why i thanked u @scpketer to help me to take it to notice of github community And after this it gonna look a bit official as no fake stuff But i think u are still thinking i made the fake stargazers and fork Had it been that why should have i left watchers Any way thanks |
|
Now I see - watchers are damn 90% of those 'avatar-less content-less users'. |
|
But i dont think they are content less though Although i have not seen all |
|
@Scpketer Im sorry, that i forked my friends repo ">__> It is not my and SpeedX's Job to check all Watchers and Stargazers. If the community recognize that, is a feedback of course everytime welcome :-D Even if some stargazers are fake, what can we do? Sincerly 0n1cOn3 |
Please point out where I've said I have something against people who have forked this repo for reason.
For the first, I'm pretty sure this repo's authors are the one and only people that are directly invested into gaining more fame. Sadly, not in a fair way. For the second, if all these fake profiles are not yours - why didn't you contact support with plain and simple 'hey guys, we've got hella bots over here, mind taking a look?'. Like it's not something that is hard to notice. |
|
Now, thanks to @darkestentropy's bombcrack project - there are so many possibilities far and wide to bring up using the cracked bomb. Stay tuned~ |
|
@scpketer
Bro i think u are pretty much high i mean really high You can see youtube theres lots of video about TBomb Are they bot too And if i could really bot like fooling github for unique clones and unique view i really wont be here wasting time with you Ahh now i get it ,
I think you actually did say that you did so i did not care much about it and i am not as free as you are so i did not... Sorry If I hurted You |
|
Enough. That doesn't seem to have any effect. |
|
It seems to be that you are opinion Resistant. If you really mean, that those stargazer are fake, you should be wrong. |
|
Y'all should be wrong, including you, 'totally-not-a-twin-acc-of-speedx'. |
|
Im sorry, but you have seen that i dont have only SpeedX's TBomb Project. And I can not stand it, if you assert things without having a real proof of it! |
None are wrong i respect darkestentropy as he said me logical and valid stuff unlike you @scpketer If you argue like this i will actually think that you only made fake accounts and did this stuff to depopularisation . If they also did not find any trouble , why is ut trouble with you??
Lol Just because you dont have any answer... |
|
Hi @scpketer & @darkestentropy I have sad news..... And thats why it was obfuscated... Thats the result:
We also have not seen any other PR's to implement new API's. I have seen more Projects on Github where you can just grab the compiles version. And those repo doesn't released the source code yet. instead the compiled version get's updated. |
First of all, most APIs were already unstable back in August '19 (the first time I've seen TBomb).
If you didn't want to give the user an ability to increase the amount of sent SMS - you shouldn't have uploaded source code in any disassemblable form. There is no perfect obfuscation; moreover, as @darkestentropy has proved with their bombcrack,
Congratulations, you've just discovered the true popularity of your tool - don't let all of those stars/forks counters confuse you. |
|
I assume you are original TBomb developer, too - so why you haven't added any new APIs? |
|
Im a Tester of TBomb. If i would know how to get those strings, i would lovely add them. |
|
From the user's perspective, I can see that it's really hard to understand how to add new APIs. TheSpeedX guy has used os shell calls to I'll be also working on a better API requests system so everyone can add new APIs with Python. |
There was more API's earlier, but they had been updated. But since august (Where this Issue has been open) SpeedX lost the joy to keep it up-to-date.
Exactly that was the reason WHY bomber.py was obfuscated..... But you and @darkestentropy killed it.
What has this Todo ? You already give yourself the answer why nothing happend about the Shell Calls with Curl. |
Obfuscation is disassemblable. Web service with all your private code on your side would do a trick. |
|
But when you have an idea how to implement the API's without to expose them.. Why not a PR :-D |
Of Course. Check some older PR's which has been denied. You will see there many kiddos which just add or remove some values to increase the Limite of TBomb. And that was also a reason why it was obfuscated. This two reasons where for the obfuscation. |
I'm not making a web service for you. |
|
🤦🏻♂️
🤦🏻♂️ |
|
Your talking about implement a better API platform, but would not provide another improvement for secure those API's and Settings. Your indescribably. |
|
TBomb already has it's code open - what is the point to move those APIs to the web service now? |
|
And oh look - somebody even tried to deal with the obfuscation way before the Entropy. https://issue.life/questions/53640508 |
LOL, potencial malicious software xD |
Well, at least we could separate the API's from the bomber.py and settle them into another "Project". So it has to been build and could provide more security how this works. |
Hello!
You're on GitHub, if you haven't noticed it yet. We're doing open-source stuff here.
Why won't you leave your bomber script as-is? Your bomber script is just a wrapper around your ReST API (according to requests your script is sending) anyway.
Also, about that 'verification'. You're just getting paid on the ads at the site where you provide 'verification code'.
And the last one - the script is only working on Debian-based systems. Package managers like
pacmanoryastare not working here because you're only trying to useaptwithout ever checking if this command exists.The text was updated successfully, but these errors were encountered: