CyberBuddy

From Computernewb Wiki
Jump to navigation Jump to search
Behold, humanity's greatest creation

CyberBuddy is an ancient "literally who" program, created like 30 years ago by a certified sick fuck by the name of John DeFino. The program is basically a BonziBuddy clone, and just like BonziBuddy, features tons of fun and innovative (for the time) spyware features. This page is to document a potential reverse engineer of the whole program and possibly create a private server. The entire program, including the server and everything that runs with it, is coded in Delphi and extensively uses Microsoft Agents, so have fun porting this bitch to Linux.

Fun Facts

It's Spyware

When you start the program each time (and every few minutes) it will connect to an FTP server on thecyberbuddy.com with the following credentials:

  • Username: cbupdates
  • Password: Cb122122

This FTP server is used primarily to store screenshots of your desktop, take photos from your webcam, and even collect information about your hardware. The creator even backed up some photos of old people masturbating. For quality assurance purposes, we can only assume.

This login no longer works as the creator caught CollabVM poking through stuff and replacing files. That is also why the "Buddy Directory" no longer works.

UIN Generation

CyberBuddy, much like ICQ, generates a UIN for each unique user that registers for the program. The request works like this:

hxxp://thecyberbuddy.com/cgi-bin/uinserver.exe?U0&&(Your Cyberbuddy Username)&&(Cyberbuddy Version)&&(Windows Username)&&(Your IP)

So, for example, a "proper" request would look like this:

hxxp://thecyberbuddy.com/cgi-bin/uinserver.exe?U0&&Bob&&2_13_9&&Bob_&&104_192_2_34_

The page returns a plain-text response simply containing UIN(number). So the program would first contact that page and wait for a response. If it got the response UIN319681, it would assign you that UIN. If the program cannot contact the server, the program will simply return "No UIN".

One fatal flaw of this program is that it fails to check if a UIN has already been created or is in active use, so it is completely possible to use the hosts file on your PC to redirect thecyberbuddy.com to your own web server and generate your own UIN, and the program will accept it as "valid" and assign you that UIN. You can even do this for "moderator" UINs like 1000, 1111, 2000, or 3000 and gain access to "moderator" functions with Cyber (a chat bot).

Pinging

The server uses a simple tool named "CBonline2" to check if a user is online. If you ping someone, the following request is made:

hxxp://thecyberbuddy.com/cgi-bin/CBonline2.exe?G(UIN)