Stride
Member
As many people of NGU, *********, TTG, and now CC, Probably now by now Kurt2467 has been exposed for having a CID stealer in the new "Good" Menace GTA5 SPRX Menu, has a CID Stealer in it, and there's some great proof to show that this is indeed true. Lets begin! But before I do so, I take 100% NO credit for the proof, or evidence that he is indeed a scammer, liar, and plain asshat in general! All credit goes towards the user Passion on NGU!
Recommendations
Ok, so lets break this down piece by piece, lets start with the facts. The Menace menu, is 10Euros, which is 11.27 in USD, not bad, the menu has lots of options, pretty good menu, but after this, I recommend going to Semjases premium, which is 19USD, worth every penny, or if you're not into purchasing menus, go to Project Eke Premium.
As you ca see, the SPRX Contains a CID Stealer, as provided by the tool, it checks for the Lv2 peek, as stated by Passion. the full results of the SPRX are here:
========================
sc
He then goes onto say that all of those are common/normal for an SPRX and are harmless.
buT however, lv2_peek is not.
Doing more reversing the conclusion was that this was used to read the CID.
[07:39:27 PM] ----: lol
[07:39:34 PM] ----: kurt added a cid stealer in menace
[07:39:34 PM] ----: xD
[07:39:44 PM] **: we was using it for auth really
[07:39:56 PM] ----: Nah dude this is wrong
[07:40:01 PM] ----: I patched it though
[07:40:11 PM] **: patched wot ?
[07:40:18 PM] ----: I removed it
[07:40:27 PM] **: oh
[07:40:30 PM] **: i see
[07:40:50 PM] **: not for like main auth but i mean like a backup
[07:41:41 PM] ----: it's cool
The Dev stated, "It was using it for Authentification really" which for those who don't know he is saying that, Kurt stole the user who bought the menu's cid, so they would know who is who, and could remove the menu or ban the CID, if they tried to manipulate or crack the menu... "great" use.... -_-
[07:40:00 PM] kurt2467: what are you talking about
[07:40:09 PM] ----: lol
[07:40:14 PM] ----: There's a cid stealer in menace
[07:40:18 PM] kurt2467: no there isnt
[07:40:34 PM] ----: uhh m8 there is
[07:40:38 PM] kurt2467: says who?
[07:40:45 PM] ----: Says me because I just checked
[07:40:45 PM] ----: ._.
[07:40:50 PM] kurt2467: oh you did
[07:41:02 PM] ----: http://prntscr.com/b747tu
[07:41:03 PM] ----: kek
[07:41:14 PM] kurt2467: that's not my sprx
[07:41:22 PM] ----: menace_Premium.sprx
[07:41:26 PM] kurt2467: someone put it there
Kurt says that he did not put the CID stealer into the SPRX, and that someone else put it there, but the menu originated from him, and not many people would go as far as this to expose you, or even frame you? Who would waste there time and go as far to frame him for CID stealing, this gets even better, as he lies to himself, lots of times. Who'd want to frame a modder!
This piece of evidence is truly the greatest... thanks passion
"CID.php" nice....
[10:53:10 PM] kurt2467: i did it because i have been low on cids
[10:53:16 PM] kurt2467: that it honestly the truth
[10:53:21 PM] kurt2467: i had no intention in selling them
He's lying obviously
Recommendations
Lets Start with the SPRX menu.
There is a tool, for patching CID stealers in menus, I recommend searching ANY and ALL RTM Tools, and SPRX Menus, with Milky4444's tool, it searches through whatever you select for a CID Stealer, and patches it for you! Easy to use as well, but heres a result from the tool done on Menace, provided by passion.
As you ca see, the SPRX Contains a CID Stealer, as provided by the tool, it checks for the Lv2 peek, as stated by Passion. the full results of the SPRX are here:
========================
Magic : 0x454353
Header Ver. : 0x2000000
Key Revision : 0x80
Header Type : 0x100
Metadata Offset : 0x40020000
Header Len : 0x8005000000000000
Data Len : 0xc8100b0000000000
AppInfo Offset : 0x7000000000000000
ELF Offset : 0x9000000000000000
PHDR Offset : 0xd000000000000000
SHDR Offset : 0x0
SectionInfo Offset : 0x8001000000000000
SCE Ver. Offset : 0xe001000000000000
ControlInfo Offset : 0xf001000000000000
ControlInfo Len. : 0x7000000000000000
Padding : 0x0
AuthID : 0x300000100001010
VendorID : 0x2000001
App Type : 0x4000000
App Ver. : 0x100
ELF Ident. : *ELFf
Obj File Type : 0xa4ff
Machine Type : 0x1500
ELF Ver. : 0x1000000
ELF Entry : 0x0
PH Offset : 0x4000000000000000
SH Offset : 0x0
ELF Flags : 0x1
ELF Header Size : 0x38004000
PRGM Header Size : 0x300
ELF Header Entries : 0x0
SH Entry Size : 0x0
SH Entries : 0x0
String Table : 0x0
Module Name: C:/Users/-----/Desktop/Menace_Premium.sprx
Attribute(s) : 0x4000
Table Of Contents (TOC): 0x38e10400
Vesion: 0x500
Export Pointer Start: 0x0
Export Pointer End: 0x38e10400
Import Pointer Start: 0x0
Import Pointer End: 0x10000000
========================
Found Syscall At: 0x1e88
Found Syscall At: 0x3328
Found Possible CID Stealer At: 0x28094
Found Syscall At: 0x28098
Found Syscall At: 0x44af4
Found Syscall At: 0x44bc8
Found Syscall At: 0x44c14
========================
Passion had also checked the SPRX Menu himself, to see if there was maybe a mistake in the program, and mis called the CID stealer, (doubt it) but here are the results of such.
If you didn't know, to call a syscall in PPC, you load register 11 (r11) with the syscall number followed by "sc".
So like this:
li r11, 1Header Ver. : 0x2000000
Key Revision : 0x80
Header Type : 0x100
Metadata Offset : 0x40020000
Header Len : 0x8005000000000000
Data Len : 0xc8100b0000000000
AppInfo Offset : 0x7000000000000000
ELF Offset : 0x9000000000000000
PHDR Offset : 0xd000000000000000
SHDR Offset : 0x0
SectionInfo Offset : 0x8001000000000000
SCE Ver. Offset : 0xe001000000000000
ControlInfo Offset : 0xf001000000000000
ControlInfo Len. : 0x7000000000000000
Padding : 0x0
AuthID : 0x300000100001010
VendorID : 0x2000001
App Type : 0x4000000
App Ver. : 0x100
ELF Ident. : *ELFf
Obj File Type : 0xa4ff
Machine Type : 0x1500
ELF Ver. : 0x1000000
ELF Entry : 0x0
PH Offset : 0x4000000000000000
SH Offset : 0x0
ELF Flags : 0x1
ELF Header Size : 0x38004000
PRGM Header Size : 0x300
ELF Header Entries : 0x0
SH Entry Size : 0x0
SH Entries : 0x0
String Table : 0x0
Module Name: C:/Users/-----/Desktop/Menace_Premium.sprx
Attribute(s) : 0x4000
Table Of Contents (TOC): 0x38e10400
Vesion: 0x500
Export Pointer Start: 0x0
Export Pointer End: 0x38e10400
Import Pointer Start: 0x0
Import Pointer End: 0x10000000
========================
Found Syscall At: 0x1e88
Found Syscall At: 0x3328
Found Possible CID Stealer At: 0x28094
Found Syscall At: 0x28098
Found Syscall At: 0x44af4
Found Syscall At: 0x44bc8
Found Syscall At: 0x44c14
========================
Passion had also checked the SPRX Menu himself, to see if there was maybe a mistake in the program, and mis called the CID stealer, (doubt it) but here are the results of such.
If you didn't know, to call a syscall in PPC, you load register 11 (r11) with the syscall number followed by "sc".
So like this:
sc
He then goes onto say that all of those are common/normal for an SPRX and are harmless.
buT however, lv2_peek is not.
Doing more reversing the conclusion was that this was used to read the CID.
Facts 2:Talking to the site Dev
This man is just the Dev of Menaces website, but Passion felt that he might of not knew about it, and if he did, he'd confront him for doing so.
[07:39:27 PM] ----: lol
[07:39:34 PM] ----: kurt added a cid stealer in menace
[07:39:34 PM] ----: xD
[07:39:44 PM] **: we was using it for auth really
[07:39:56 PM] ----: Nah dude this is wrong
[07:40:01 PM] ----: I patched it though
[07:40:11 PM] **: patched wot ?
[07:40:18 PM] ----: I removed it
[07:40:27 PM] **: oh
[07:40:30 PM] **: i see
[07:40:50 PM] **: not for like main auth but i mean like a backup
[07:41:41 PM] ----: it's cool
The Dev stated, "It was using it for Authentification really" which for those who don't know he is saying that, Kurt stole the user who bought the menu's cid, so they would know who is who, and could remove the menu or ban the CID, if they tried to manipulate or crack the menu... "great" use.... -_-
Conversation with Kurt himself
[07:39:43 PM] ----: y the cid stealer in menace.
[07:40:00 PM] kurt2467: what are you talking about
[07:40:09 PM] ----: lol
[07:40:14 PM] ----: There's a cid stealer in menace
[07:40:18 PM] kurt2467: no there isnt
[07:40:34 PM] ----: uhh m8 there is
[07:40:38 PM] kurt2467: says who?
[07:40:45 PM] ----: Says me because I just checked
[07:40:45 PM] ----: ._.
[07:40:50 PM] kurt2467: oh you did
[07:41:02 PM] ----: http://prntscr.com/b747tu
[07:41:03 PM] ----: kek
[07:41:14 PM] kurt2467: that's not my sprx
[07:41:22 PM] ----: menace_Premium.sprx
[07:41:26 PM] kurt2467: someone put it there
Kurt says that he did not put the CID stealer into the SPRX, and that someone else put it there, but the menu originated from him, and not many people would go as far as this to expose you, or even frame you? Who would waste there time and go as far to frame him for CID stealing, this gets even better, as he lies to himself, lots of times. Who'd want to frame a modder!
This piece of evidence is truly the greatest... thanks passion
"CID.php" nice....
The Coincidence...
For modder's who remember, there was a ban wave in May, around the time that the Menace menu was released, hence the CID stealer, he is clearly not a safe modder, as lots of us were banned that month, over his stupidity, and greediness, he steals these CID'S which were most likely PRIVATE and isn't even safe enough or even smart enough, to save them for further use, he gets them banned from being an idiot, at least be smart about it if you're going to do something shady and sneaky..Final piece of GOLD evidence
[10:53:05 PM] kurt2467: nope
[10:53:10 PM] kurt2467: i did it because i have been low on cids
[10:53:16 PM] kurt2467: that it honestly the truth
[10:53:21 PM] kurt2467: i had no intention in selling them
He's lying obviously
All proper credits go to the user passion on NGU, you can find him and thank him I only made tweaks and comments 
Oh and a suggestion, never trust Kurt, and be sure to roast him if you ever see him online, CID stealing ass munch.
Also thank you Nosta the moderator for allowing me to post this
BE SAFE AND HAPPY MODDING.
Oh and a suggestion, never trust Kurt, and be sure to roast him if you ever see him online, CID stealing ass munch.
Also thank you Nosta the moderator for allowing me to post this
BE SAFE AND HAPPY MODDING.
Last edited:
