CyberBuddy is an ancient "literally who" program, created like 30 years ago by "John DeFino". The program is basically a BonziBuddy clone, and just like BonziBuddy, features tons of fun and innovative (for the time) spyware features. This page is to document a potential reverse engineer of the whole program and possibly create a private server. The entire program, including the server and everything that runs with it, is coded in Delphi and extensivley uses Microsoft Agents, so have fun porting this bitch to Linux.
How to access the private server
The private server tries to revive the program and make it usable again. Currently, news, jokes, and thoughts are "working". UIN Generation does not work properly yet and Chat does not work at all.
- Download the setup here
- Open your hosts file in C:\windows\system32\etc\hosts
- Add the following entries:
- 184.108.40.206 thecyberbuddy.com
- 220.127.116.11 mycyberbuddy.com
- 18.104.22.168 yeayou.com
- Save it.
- Start the program.
Note that although the original program is spyware, the private server "disables" this by disabling the FTP functionality (in fact, it is now disabled in the real program as well)
FTP connection on startup
When you start the program each time (and every few minutes) it will connect to an FTP server on thecyberbuddy.com with the following credentials:
- Username: cbupdates
- Password: Cb122122
This FTP server is used primarily to store screenshots of your desktop, take photos from your webcam, and even collect information about your hardware. The creator even backed up some photos of old people masturbating. For quality assurance purposes, we can only assume.
This login no longer works as the creator caught CollabVM poking through stuff and replacing files. That is also why the "Buddy Directory" no longer works.
CyberBuddy, much like ICQ, generates a UIN for each unique user that registers for the program. The request works like this:
hxxp://thecyberbuddy.com/cgi-bin/uinserver.exe?U0&&(Your Cyberbuddy Username)&&(Cyberbuddy Version)&&(Windows Username)&&(Your IP)
So, for example, a "proper" request would look like this:
The page returns a plain-text response simply containing
UIN(number). So the program would first contact that page and wait for a response. If it got the response
UIN319681, it would assign you that UIN. If the program cannot contact the server, the program will simply return "No UIN".
One fatal flaw of this program is that it fails to check if a UIN has already been created or is in active use, so it is completely possible to use the hosts file on your PC to redirect
thecyberbuddy.com to your own web server and generate your own UIN, and the program will accept it as "valid" and assign you that UIN. You can even do this for "moderator" UINs like
3000 and gain access to "moderator" functions with Cyber (a chat bot).
The server uses a simple tool named "CBonline2" to check if a user is online. If you ping someone, the following request is made: