About Teletype
Join
R
@rybakoshka
February 21, 2021

WWH education 20-21. Part 9. «Antidetects»

Lecture#10 Antidetects 12.01.2020

Lecturer: XERll

[19:01:02] <XERll> Welcome to the lecture. Today's lecture is dedicated to Antidetects. In this lecture, we will talk in general about antidetects, we will analyze two popular antidetects from the forum that are great for our work, and we will understand some of the features and tricks in working with these programs.

[19:03:09] <XERll> For those who have been in this area for a long time, have already heard a lot about Antidetects, but for beginners who have only recently come to this area, it will be useful to know what it is all about and what are eating". Antidetect is a program or a set of programs that allows you to uniqueize your system, change various fingerprints and parameters in order to bypass the anti-fraud system in stores (shops), payment systems (Paypal, Skrill, etc.), online banking and other things. where you want to change your identity. A huge plus of antidetects is that they allow you to use your system for work without changing it, thereby saving you precious time. Previously, the main task of Antidetects was simply to uniqueize the system, but now it is not just to uniqueize the system, but to make all prints and parameters natural, so that you can "merge with the rest of the crowd of users." This is very useful and necessary, for example, when working with logs.

[19:04:51] <XERll> I will explain using the available examples from real life how antidetect and antifraud work: in the first case, if you imagine that FACE ID on an Iphone is an antifraud system, and to unblock it you need to show a NEW face every time, then thanks to antidetect, we can make very, very many faces, and each time calmly and successfully pass this defense.

[19:05:43] <XERll> In the second case, if we imagine that FACE ID on Iphone is an anti-fraud system, and in order to unblock it, you need to show the same face every time, which, in principle, is the reality on Iphone, then we can "copy" the owner's face and successfully bypass the protection (of course, knowing approximately how this "faceprint" should look like).

[19:07:47] <XERll> But in modern Antifraud systems, they are not fools either and the development of new protections and detections does not stand still, so every day they are being improved and today not only the parameters and fingerprints of the system are evaluated, but also a number of other factors.

For example, in such a large Amazon store or Paypal payment system, the behavioral factor is assessed by a neural network, your IP, DNS, and your "fingerprint" on the Internet are also assessed by various parameters (more details below).

Therefore, although antedetect plays an important role, success lies not only in its use, but in its correct use in combination with other factors, which I indicated above. With deliberate work, analyzing your drives and various tools that you use, you are doomed to success :)

[19:08:00] <XERll> yarah: Do you see my message?

[19:10:00] <XERll> https://www.youtube.com/watch?v=2PQxoQQOPpY

Screenshot: http://prntscr.com/isj1yg

Above, I indicated a link to a video in which you can see how many factors the Anti-Fraud system takes into account. Look after the lecture is over and you will see that the browser plays an important role, but this role is not the only one.

On the screenshot, you can see how many parameters apply to the use of an E-mail address when driving in other services.

[19:12:11] <XERll> Types of antidetects

There are two types of antidetects:

1) Antidetects, which allow you to change the hardware parameters of your system or your virtual machine.

These parameters include: parameters of information about the processor, video card, BIOS, network card, date of creation of folders, and system, various other devices in the system.

These antidetects are needed when working with programs that are installed on your Windows. These can be poker clients, for example, PokerStars, bookmaker clients, etc.

[19:16:59] <XERll> Examples of actual iron antidetects:

A) Antidetect by Vektor T13 - Actual solution in the field of iron antidetect from Vertor_T13 for VirtualBox. The solution is fully supported by the author, as can be seen from his telegram channel. The disadvantage of this solution is that the solution is free, so you will not receive full-fledged technical support for free, and getting a consultation for money will still take a huge amount of time and it is not a fact that you will still receive it.

B) Aff Combine (KRAKEN PRO) - antidetect for VmWare, which also includes browser Antidetect. Sold on our forum for $ 1400. The antidetect is supported by the author, there is support in Telegram, a general chat for discussing work and solving various problems. We will talk about this solution in more detail today below.

[19:20:41] <XERll> 2) Antidetects, which allow you to change browser settings, thereby imitating any system or device.

Using these antidetects, you can simulate any system (Windows, MAC, Linux, Android, IOS), browser (FF, Chrome, Opera, Safari), game consoles, Smart TV, etc.

These antidetects are also of two types:

Type 1: Antidetect based on a regular browser in which the extension or Addon is installed. Basically all antidetects of this type (Antidetect 7.7, Antidetect 8, Antidetect from Cert, Genesis Security, Antidetect Ivan Iovation, AFF Combine)

Here Antidetects can be divided into two more categories:

A) Antidetects based on the Firefox browser. This category includes: Antidetect 7.7, Antidetect from Good Job, AFF Combine, Antidetect Ivan Iovation)

B) Antidetects based on the Chromuim browser. This category includes: Antidetect from Cert, Antidetect 8, Genesis Security.

Category “B” antidetects have a higher purchase price than the first ones, because they require more cash investments, more knowledge to create it.

2 TYPE OF ANTI-DETECTES: Anti-detection, written on the source code of the engine. Of the examples that I know, Linken Sphere can be attributed here. It is written in the Chromuim source code, and therefore contains a very large number of possible chips and tools. But more on this later.

[19:22:20] <XERll> Examples of current antidetects:

Antidetect from Cert is a Chromuim based antidetect. Binds to the gland, i.e. can only be used on 1 system. The author of the antidetect is one of the very first developers of the antidetect in general, and even more so based on the Chromuim browser. The updates are stable. It is on sale in Verif, it costs $ 5000. The most expensive antidetect available. The price of the product is unreasonably high. Each update is also paid and costs from $ 50 to $ 300. Even if you missed some update and did not take it, you will have to pay for all previous updates to get the latest version. In my opinion, taking into account the remaining antidetects on the market, it is not worth taking a newbie. At the moment, the fate of the antidetect remains unknown. the author of the antidetect disappeared, his topic was deleted on the Verif forum.

Byte Antidetect 8 is a Chromuim based antidetect. This author has other products: Antidetect 5,6,7, which are developed based on the Mozilla Firefox browser. They showed themselves well and proved themselves in their time. Antidetect 8 is not a very popular product, there are no more than 30-40 users of antidetect in total. It is also sold in Verif, price: 3000 $ + 100 $ monthly subscription fee. This antidetect is not developing very quickly, but it has some advantages: free configs, non-unique Canvas, and a small number of users. More on what Canvas is below.

Byte Antidetect 7 is an antidetect based on the physical Firefox browser. In parallel, version 8 of antidetect is supported and version 7 of antidetect is periodically updated. The author sells it for $ 500 forever / or for $ 100 monthly. On our forum, you can buy version 7.1 from Billy Bones. The price of the action for students is $ 50. The product is totally worth the money. A good option for a beginner, especially if it costs $ 50. Configs can also be purchased immediately from the author for $ 3 from Billy Bones for $ 1 and below, without the need to fulfill any conditions. The disadvantages include that the antidetect does not replace some prints, for example audiofingerprint, some configs need to be edited a little manually.

[19:24:05] <XERll> Antidetect Ivan Iovation - Antidetect from the Romanian author, which appeared on the market quite recently. It also includes an iron antidetect, but the main focus is towards browser blood pressure, which is why I put it in this category. Antidetect based on Firefox. The price of this solution is $ 200 per month, which is quite a considerable price for a beginner. The disadvantages of this Antidetect are: its price, complexity in installation, it is difficult to install it, and even according to the manual it is very difficult and crap, and the technical support from the author costs $ 99/1 DAY, plus support only in English, binding to one system. From the pros: a non-unique canvas, but only a few pieces, and the antidetect itself is still new, unbroken in carder circles, which is a good plus. I would advise you to take it NOT for beginners, for those who "do not pass" any shops, merch from other Antidetects. And then, given the fact that, for example, there are only a few non-unique canvases, you will not roam too much in one shop.

[19:26:46] <XERll> Genesis Security - this product is not quite an Antidetect in the usual sense. It is used for logging. I'll explain in more detail now.

This product has a Genesis Market with a large number of bots that you can buy. The price of a bot is on average from $ 20 to $ 60.

The bot can contain logs, browser cookies, and most importantly, the fingerprint of its system (Fingerprint), which from the point of view of Antidetect can be called a config (more on this later). Buying a bot that has access to Paypal in its logs, a browser cookie and its fingerprint, we essentially get an excellent option for working with logs, thereby increasing the chance of success, since in addition to browser logs and cookies, we have a system fingerprint, thereby causing better confidence in Antifraud systems.

But from the point of view of ordinary drives, it is not very rational to average $ 30 or more for 1 config. But the plus of this option is that access to the shop is free, there is no monthly payment or payment in order to get there. All expenses will only consist in buying bots (configs)

Another significant disadvantage for a beginner in this shop is that there are no replacements. For example, if you take a Paypal or Amazon log or some other shop on the forum, from the Azorult stealer or another similar solution and the LOGIN / PASSWORD turns out to be incorrect, then you will be replaced, but there are no replacements in the Genesis shop. Therefore, for beginners, there is some risk of losing money just like that, especially not being able to work with logs. In my opinion, for those who want to go in the direction of working with logs, first it is better to practice and learn from the logs of the Azorult stealer and the like, which are sold on our forum, and only then, if necessary, go to Genesis.

[19:28:23] <XERll> Well, since we have already touched on the topic of working with logs, then the best option for working with the logs of the Azorult stealer and the like is definitely Linken Sphere.

With the help of Linken Sphere you can quickly and conveniently import cookies into a session, quickly configure the available parameters for a log: UserAgent, resolution, time zone, language, number of cores (hardwareConcurrency), RAM (deviceMemory), video card (WebGL).

And using such tools as a heater and an automatic machine, it is quick and convenient to warm up the desired store without spending a lot of time on it.

You can read more about this in my article: https://wwh-club.net/threads/nastrojka-konfigov-s-nulja-rabota-s-logami-nastrojka-konfiga-sovety-fishki.135378/

[19:30:42] <XERll> And we pass, after long digressions, to a browser antidetect corresponding to price and quality, definitely suitable for beginners, and which is worth having in your arsenal:

Linken Sphere is one of the most popular antidetects. Written on the source code of the Chromuim engine. Sold on our forum. The pluses include: Excellent support, updates, no binding to the system, substitution of all basic prints, built-in functionality for working with ssh, socks and tor, the ability to drive in from several tabs at once, because 1 tab as one system, and you can open a lot of such tabs; built-in automaton and web emulator and other pluses. Also, everyone who is studying for the first time will be given Linken Sphere for 1 month for free. Therefore, you will be able to evaluate this product in practice.

Cons, as for a beginner, will be: a monthly subscription fee of $ 95 (5% lifetime discount by a BBX user), a shop with configurations is not available, i.e. configs; if there is no PRO subscription (price $ 475 for half a year), there is no possibility to fully customize windows.navigator parameters. But the set of parameters allows us to fully recommend it, I also use it myself.

[19:32:26] <XERll> But it is worthwhile to immediately clarify about driving in: antidetects are not a panacea and a loot button; it's just a tool. Therefore, you do not need to neglect the VNC, Dedicated, virtual machines, real systems. Sometimes it goes better in one shop, with something worse, with something it makes no difference at all. So take it as a rule: "All means are good in the fight against antifraud."

I think it is worth explaining right away what a config is in any antidetect and what types of configs exist. A config is a set of files or just code that contains information about the browser and the system (browser javascript parameters, WebGL parameters, font set, etc., Canvas parameters, and any others.) Simply put, a config is a snapshot of the system and browser. The use of configs reduces the time for setting up an antidetect, just grab and load the config, and you are almost ready to go.

Configs can be real and generated. Real ones are those configs that are "copied" from real systems by collecting parameters, and generated configs are those made with the help of a generator program. The disadvantage of the generated configs is that the parameters may be incorrect, not correspond to reality. At this time, generated configs are no longer used anywhere.

[19:34:18] <XERll> Very often, after the lecture, there are questions about what Canvas, WebGL, WebRTC are. Therefore, I will immediately explain about this with the simplest option that I have found for all the time, so that each person would roughly understand what it is and what it is eaten with.

Canvas is a technology that is used to render the visual elements of web pages. Until 2006, when surfing the web, to display a web page, the server had to transfer to our PC the visual elements of the site - graphics, tables, etc., which heavily loaded the communication channel (remember the speeds of that time) or we had to use Macromedia Flash, to watch videos, or play basic games. But then Canvas came, which is based on JavaScript and now the site does not transmit ready-made elements, but simply shows us the text of the script, which is executed not on the server, but ON OUR PC using our browser and our hardware. The speed has increased, the load on the servers has decreased, the possibilities have expanded. Canvas refers to 2D graphics. So, systems, depending on various parameters, render elements in different ways. This allows you to create a fingerprint, as well as determine which browser and OS it belongs to.

[19:36:28] <XERll> WebGL is a 3D rendering technology and this technology is based on the OpenGL accelerator, or to be more precise, on OpenGL ES.

WebGL works like this - The website transmits javascript code to our PC, which is processed by our browser in two modes:

1. Software acceleration

2. Hardware acceleration

Since javascript is executed only on the user's PC, the above accelerators will be used not from the server, but from our regular work or home PC.

The algorithm is as follows:

1. Peaks are forming

2. Vertex shaders are formed

3. Lines are drawn between the vertices and the shape of the image appears

4. Geometry is added

5. Pixels are forming

6. Pixels are filled with color (Pixel shader)

7. Added effects (anti-aliasing, transparency, etc.)

And that's it - the picture is ready. It will take a moment for the user, but the number of operations that will be performed is simply colossal and hundreds of different graphic parameters are involved in all this. This picture and a set of parameters allows you to create a print.

[19:37:56] <XERll> WebRTC is a technology that allows audio and video streaming between browsers and mobile applications. Thanks to WebRTC technology, user browsers can transfer data to each other directly. WebRTC doesn't need a separate server to store and process data. All data is processed directly by browsers and mobile applications of end users. The danger of WebRTC technology lies in determining your real IP address. Since the connection is directly with another user, browser, website or mobile application, the network settings are ignored. To create audio and video links, browsers must exchange external and local IP addresses. Therefore, despite the VPN, TOR is determined by the real IP address.

If you are using tunnels or socks, then WebRTC will be able to determine your real IP address behind the proxy or the IP address of the VPN server if you are using the VPN + tunnel / sock chain.

Any antidetect can and should be used for your anonymity and security in your chain. This, of course, is not a panacea, but I highly recommend adding an antidetect to your security chain, at least the Sphere.

[19:39:13] <XERll> Tips for keeping you safe with antidetects:

First, use different configs on different sites. On one, let's say OS Windows, on the other OS Linux.

Secondly, periodically change these configs.

Thirdly, store the software itself on an encrypted USB flash drive or hard drive or container.

For the Linken Sphere antidetect, you can add:

A) Store the password in your head, in order to avoid the possibility for a third party to log into your antidetect account and get your configurations, history, cookies.

B) Use in the TOR connection chain.

[19:40:57] <XERll> An excellent solution for anonymity and security on the Internet is to use the Sphere (https://sphere.tenebris.cc/).

The Sphere is a free product from the developers of Linken Sphere. The advantages of this solution, even in contrast to Antidetects, are that:

1) The product is completely free.

2) The product does not have server bindings, hardware bindings, therefore, it can be used wherever you want

3) The product does not require installation, it is Portable, this is a huge plus in that it is convenient to transfer it between systems, it is convenient to place it on an encrypted container, USB flash drive, disk, and there will be no installation traces to all this.

4) The information about sessions in this solution is also encrypted, which, if received by third parties, makes it impossible to use.

5) The product has all the necessary substitutions in its arsenal.

[19:42:35] <XERll> Let's move on to the main part of the lecture and consider two antidetects. One iron antidetect is AFF Combine, which also combines a browser antidetect and Linken Sphere - one of the best browser antidetects.

For all questions about AFF Combine, by the way, you can always contact me in LAN or Jabber or support, which will solve problems with installation, setting up and configuring antidetect. Telegram: @AFF_Combine

This antidetect consists of two parts. We will analyze each part in detail: what, why and what is needed.

So, after installation, open the first part of the antidetect. Run the file "clc.exe". Screenshot: https://prnt.sc/lu5yao

We press the "Connect" button and your personal copy of the antidetect is authorized on the server and is completely ready to work. Screenshot: https://prnt.sc/lua3ps

[19:44:56] <XERll> Let's analyze in detail all possible configuration areas

1 area shows which version of VMware is needed for the full operation of the iron antidetect. To put, of course, only this version. If you click on this inscription, a link for downloading Wmware of the required version will open. A detailed step-by-step manual for installing a virtual machine on Windows 10 is attached to this antidetect.

The Session Quality area under the number 10 shows the quality of the connection between your antidetect and the authorization server, and if authorization is successful, it is displayed that the connection with the server is successful: "connected".

[19:46:51] <XERll> Go to the next area: "My Tools"

The Share button allows you to create a shared folder for all physical devices and virtual machines. The feature is needed to quickly and easily transfer files and folders, for example, to your virtual machines. To copy folders, you need to use archives.

Button 2 "Syscheck" shows your VMware version if it does not match the required version. If it matches, it shows that all "SYSTEM OK"

Button 3 "DNS LP" (DNS Leak Protection) is a useful feature for Windows 10. The fact is that in addition to the DNS server that you specified in your system or system for driving, Windows 7, 8,10 still sends to everything in parallel known servers to the system, but uses the response from the server from which the information came faster. Those. this may not be the DNS server specified in the configuration. Therefore, the inclusion of this function is simply necessary for driving and for safety.

Button 4 "Connect / Disconnect" just allows you to connect to the antidetect server for work or, on the contrary, disconnect from it.

The next area "VMware" refers to the iron antidetect, just in this area you can select the components of your virtual machine on VmWare.

[19:49:08] <XERll> Button 5 "Select graphics adapter" allows you to select the video card of your virtual machine from the drop-down list. There are video cards Nvidia, AMD, Intel (5 in total). Let me clarify that it is not just the name of the video card and driver that is installed in the system. Soon drivers for video cards will be available, and, therefore, installing different drivers, the uniqueness of the video card will be even greater, plus Canvas and WebGL will have a different fingerprint when installing different drivers.

Button 6 "Select mainboard / chipset" allows you to select the motherboard of your virtual machine from the drop-down list (the motherboard is emulated). There are 8 Intel and AMD motherboards.

After selecting the motherboard, the processor family is automatically selected, button 7 "Select CPU family". It is possible to choose it yourself. There are 9 processors in total.

Button 7 “Select network vendor” allows you to select from the drop-down list the MAC Address for the virtual machine for the manufacturer. Only 15 manufacturers. Example: "D-Link, Asus, Apple, TP-link, etc."

Button 8 “Select network vendor” allows you to select your processor ID from the drop-down list. This feature is not for beginners, and is not yet available at all.

This whole area makes it possible to receive various real virtual systems: with different video cards, processors, network equipment and use them in turn or simultaneously, if the system requirements of your PC allow it.

[19:52:03] <XERll> The "Network" area (number 11) corresponds to the quality of the Internet connection and allows you to make some interesting points.

Network Latency Tx / Rx allows you to add receive (Rx) and send (Tx) latency in milliseconds.

Net packets loss Tx / Rx allows you to specify in percentage how much data will be lost when transmitting or receiving packets.

In order for this to work, you need to flip the switch from OFF to ON.

Why is this necessary at all? This allows you to emulate bad internet. Let's say if the Internet is with 2G or even 3G, with a bad signal, with bad weather, there will be delays, roughly speaking, both games will have a high ping, and some amount of data may be lost, again an analogy with games when the Internet "lags" ... In ordinary devices, this can also be, especially if the Internet is via a USB modem or via a DSL connection or via a satellite dish.

[19:54:35] <XERll> And the last area (number 12) is just the final one, in this part of the program. It allows you to just patch the Vmware program itself so that the iron antidetect works (Patch VMware), and patch your virtual machines with the settings that you specify in the VMware area (numbers 5,6,7,8,9).

[19:55:50] <XERll> Sorted out the first part of the antidetect; move on to the second. The second part also contains hardware and browser antidetect. The second part can be used, as well as on those virtual machines that we created and patched (the first part of the program), or simply as a browser antidetect on your main system.

Screenshot: https://prnt.sc/lw4ulz

[19:57:14] <XERll> 1) Button to switch between WEB browser antidetect (Firefox) and hardware OS (Windows)

2) This area is intended for adding a list of sites that will be opened when the antidetect is launched. "+" Adds a site, "-" removes it.

3) Button for creating a new configuration.

4) Button to save the configuration.

5) A button that allows you to select and load your configurations for work.

When loading a configuration, the name of your configuration will be displayed instead of "Add or Open Config".

6) Button for launching a browser antidetect in private mode. This mode does not save browser history, cookies, search history, temporary files.

7) Button to launch browser antidetect.

[19:58:27] <XERll> Go to the "Network ID" area. Screenshot: https://prnt.sc/lw6hd2

1) DNS Leak Protection - the same feature as in the first part of the program. If you use the second part of the program based on, then there is no point in cutting it in a second time. If you use it on a virtual machine, then you must enable it.

2) DPI Protection. The Deep Packet Inspection system (abbreviated DPI) performs a deep analysis of all packets passing through it and allows you to filter traffic by its content. Enabling this feature allows you to bypass DPI systems, making it harder to track you from a security point of view. More details about this system: https://habr.com/post/111054/ (read at your leisure)

3) Allows you to select a network adapter for spoofing the MAC address.

4) Actually the substitution of the MAC address itself. The dice button makes this parameter random, random. You can also manually select the manufacturer (D-Link, Asus, Apple, TP-link, etc.) The "Set New" button sets the MAC address for the adapter. "Test eth .." checks for MAC address spoofing.

[20:00:01] <XERll> Next HW ID’s.Screenshot area: https://prnt.sc/lw6i4y

This area is responsible for replacing the processor in your system. From the drop-down list, you can select different processors for installation, you can manually specify the processor yourself. The "Set" button sets the processor substitution. You can choose between Intel and AMD processors, set the processor frequency.

[20:01:56] <XERll> And the main area of ​​the iron antidetect: "Windows ID" .Screenshot: https://prnt.sc/lw72qf

Let's quickly analyze the main parameters. Let me remind you that the dice makes this parameter random, random "SET ALL" - this button sets all the parameters from this area at once.

Owner (UName) - this parameter sets the username in OC.

Company - this parameter sets the name of the company in OC. This field can be empty.

Product name - this parameter sets the version of the Windows system and its number. Example: Windows 10 Pro

Edition - this parameter also applies to the system version. Example: "Home", "Professional", "Enteprise"

System build - this parameter sets the BUILD of your system build. You can view it by opening "All Programs" -> "Accessories" -> "System Tools" -> "System Information".

[20:03:22] <XERll> Windows ID / IE ID / MPID - this parameter sets the activation key for your operating system, a unique ID for Internet Explorer and Mediaplayer.

Install Date - these parameters set the date and time of installing your OC on your system.

Windows / Program Files dirs creation date / time - these parameters set the date and time when the Program Files folder was created in your OS.

And the parameters of the "A" area in the screenshot set the version and build number of your OC (similar to the System Build parameter), the kernel version.

[20:05:05] <XERll> Go to the first part of the program - WEB (Firefox), ie browser antidetect. Let's start with the "proxy" section. Screenshot: https://prnt.sc/lw9tuj

[20:07:15] <XERll> This section allows you to connect Socks, Http, FTP, SSL Proxy and TOR. To enable TOR, you just need to click the "Tor" inscription in the upper right corner of this section. For work, we will have enough to use two modes: Socks and SSH.

To connect, we use the IP: Port format, for example: "157.205.203.45:19723".

If Socks / SSH has a Login: Password, then we use a section with a built-in Proxyfier. (Screenshot: http://prntscr.com/lw9w56). Just fill in IP, PORT, Login, Password and click the ">"

After successfully adding the Proxy, you can check the IP against the MaxMind database. To do this, click on the “MaxMind” picture in the upper right corner, and in a few seconds all the necessary information on the IP address will appear in this section (Screenshot: http://prntscr.com/lw9xzi). We pay attention to two parameters: 1) No proxy - this parameter shows whether your IP is defined as a Proxy. 2) Low - this parameter shows the level of IP "spamming" according to MaxMind bases (the less, the better).

The "Auto TZ" checkbox allows you to automatically set the Timezone in the system (time).

[20:08:38] <XERll> Configs section (Screenshot: http://prntscr.com/lwa0jg).

In this section it will be possible to purchase paid configs. The main feature in comparison with other antidetects will be that the configs will contain cookies, browsing history, logged in accounts on social networks. This, firstly, reduces our time for warming up and swinging the session, there is no need to go to different sites and spend time on it, and secondly, logged in accounts from the Antifraud shop can give us some confidence, and, therefore, the chances of a successful driving may be higher.

[20:09:41] <XERll> Move on to the next section. (Screenshot: https://prnt.sc/lwa57l)

This section allows you to set the UserAgent and Languages ​​parameter. For better passability, it is better to use the latest Firefox browser user agents. In terms of language, the last parameter shows the preferred language coefficient from 0.1 to 0.9. Better to bet from 0.5 to 0.8. At the end, you must click toggle to "ON" for the substitutions to work.

[20:11:22] <XERll> Moving on to the Canvas, WebGL and Audio substitutions. (Screenshot: http://prntscr.com/lwag5h).

To generate the fingerprint data, you just need to click the "Generate" button. The slider controls the uniqueness of the fingerprint data. It is not worth moving to the big side without the need. Also in this section, you can change the parameter responsible for the video card in WebGL (Unmasked Renderer).

The next section deals with fonts. Screenshot: https://prnt.sc/lwm3hm

Font FP checkbox - is responsible for substitution of the font print. Under it is just a field with a random fingerprint generator.

DF (Document Font) - checkbox is responsible for using document fonts / external CSS fonts in the browser.

The "Use legible fonts" checkbox is responsible for using standard fonts in the browser, below you can specify and use non-standard fonts.

[20:13:23] <XERll> Section BOM | DOM. Screenshot: http://prntscr.com/lwmauw

This section already refers to the config parameters. They should not be touched unless there is a strong need.

Actually, what can be edited here? BuildID version of Firefox, it is possible to predefine it, Windows bitness (32-bit or 64-bit), number of cores in the processor (most popular values: 2,4,8), Windows version (XP, 7,8, 8.1, 10) ...

[20:14:17] <XERll> And the last interesting section on options. Screenshot: https://prnt.sc/lwmwn9

The most necessary parameters for work:

Flash - this checkbox enables or disables Flash in your browser. It is better not to use Flash without the need for it.

Plugin scan - this checkbox allows you to enable or disable the ability of sites to see plugins of your browser. Be sure to include.

WebGL - this checkbox enables or disables WebGL. Be sure to include.

JSP Fingerprint - this checkbox enables the ability to get a unique fingerprint of the browser through the speed of video rendering and errors in the process. Better to turn it on.

[20:17:27] <XERll> WebRTC - this checkbox enables or disables WebRTC.

ClearRTC - this checkbox also applies to WebRTC and is related to displaying external and internal. IP addresses. Better to turn it on.

Unlinkable is a parameter for security, it is better not to use it for work. In a nutshell: the parameter prevents the site from seeing cookies and other data in the browser of other sites, only those related to this site.

Keyb.FP - this checkbox enables or disables the site's ability to get your keyboard fingerprint. Better to turn it on.

[20:19:22] <XERll> And we're moving on to the Linken Sphere browser antidetect.

For all questions, by the way, you can always contact the support, which will solve problems with the installation, with the launch of the browser. Telegram: @devtnbrs

So, I open the antidetect, enter the login / password.

First of all, I open the general browser settings. They are located in the "Edit" tab, then from the drop-down list we find "Preferences". Screenshot: https://prnt.sc/lkaf5p

[20:20:54] <XERll> You can read about all the settings and all points of the sphere in the documentation, but in the screenshot I have highlighted all the most important and necessary settings for a beginner.

1. This parameter sets the default site that will open after creating a session. You can install any checker, for example f.vision, whoer.net or the search engine Google, Yandex, Yahoo, or in general any site that you come up with.

2. This parameter sets the default search engine, i.e. through which search engine the search will go if you enter into the address bar of the browser.

3. This parameter sets the physical size of the screen. It is best to put it under the config, i.e. if the config is 1920 by 1080, then we set the same values ​​in this parameter. A very important parameter, it is best to set it every time under the session (config).

4. This parameter sets the substitution of the system time. You can choose two options: either using Javascript, or the system time will change. Choose option 2 (system time).

[20:24:02] <XERll> 5. This parameter sets whether to use TOR when authorizing in an antidetect. Check the box

6. This parameter sets whether or not to save the password from your account at login. For safety, it is better to disable this checkbox.

7. This parameter allows you to close ports in Web Sockets. Web sockets is a protocol for exchanging messages between a browser and a web server. Simply put, the site can check your open / closed Web Sockets ports. Close the ports that belong to the IP itself, for example 80, 8080 in this way will not work right away, I say.

8. This parameter allows you to enable / disable GPU acceleration in the browser. Simply put, if this function is enabled, then the drawing of elements and windows is faster. If possible, it is better to enable this item, but if the browser crashes, stops working after that, then it is better to disable this item.

The rest of the parameters are aimed more at every trifle, and do not greatly affect the work, so you can read about them in the documentation.

[20:25:20] <XERll> Now let's move on to setting up the sessions themselves in the browser, in other words, the configs.

We will analyze in more detail about free and paid configs in this antidetect and options for work at the end of the lecture.

So let's start by parsing the first area. (Screenshot: https://prnt.sc/lkak5t)

[20:26:15] <XERll> 1. This parameter allows you to select a session from the list.

2. This parameter is needed to create a new session. To do this, enter the session name in this field.

3. This parameter allows you to write a note for the session. It is useful to indicate all the necessary information on the session, for example, about IP, open ports, whether it has been successfully driven from the session or not, other features. A very useful feature. In order not to get confused in the sessions and to simplify your life by analyzing the drives, I advise you to indicate all the useful information in this field: Proxy Score, Risk Score, which shops were driven into, by what method, map used, the result of driving, etc.

4. This parameter sets the color of the session in the browser. Useful to use so that it is more convenient not to get confused in them.

[20:27:25] <XERll> 5. This parameter allows you to imprint the entire session and, if necessary, not to copy prints from canvas, fonts, rect, audiofingerprint.

6. This parameter is needed in order to rename the session.

7. This parameter allows you to enable / disable WebGL rendering using the video card resources. Disable only if the video card is weak or not yet at all like, for example, on remote servers.

8,9,10. These parameters allow you to enable / disable HTML 5 Storage, paragraph 9 - allows you to save data and use it even after the browser is restarted, paragraph 10 - allows you to save and use data through the standard for storing large structured data "IndexedDB". What you need to know: it's better to enable them to drive them in, and if the session is for security, then it's better to disable them.

[20:30:10] <XERll> Go to the next area, ie section. (Screenshot: http://prntscr.com/lkb5e2)

1. This parameter allows you to enable or disable the substitution of Canvas. I explained what Canvas is already above. This substitution uniqueizes Canvas, thereby changing this fingerprint. The only disadvantage of all antidetects is that the uniqueness of Canvas becomes 100%, and the uniqueness of the real system is about 99% with something. Therefore, you can periodically disable this parameter if there is a suspicion that because of this, the anti-fraud may not be allowed to enter.

2. This option allows you to enable or disable Fingerprint Audio Substitution. Audio fingerprint in 2019 is no longer as rare as it used to be; it has gained a lot of popularity in anti-fraud systems lately. Site where you can check the audio print: https://audiofingerprint.openwpm.com/

Antidetect replaces 4 parameters: Fingerprint using DynamicsCompressor (sum of buffer values), Fingerprint using DynamicsCompressor (hash of full buffer), Fingerprint using OscillatorNode, Fingerprint using hybrid of OscillatorNode / DynamicsCompressor method

[20:32:49] <XERll> 3. This option allows you to enable or disable font substitution. The detector has appeared a long time ago and is used everywhere. A special plus of the sphere is that you can not only replace the imprint, but also use any list of fonts or create your own. The site where you can check the font print: https://browserleaks.com/fonts (two parameters "Fingerprint")

4. This parameter allows you to enable or disable the substitution of the browser coordinate system (rects). The "getClientRects" element allows you to get the exact position and pixel size of the desired element, and depending on the system, or rather on the system's screen resolution, fonts and many other parameters, the results will be different. This detection also appeared a very long time ago and is highly popular. The site where you can check the rects fingerprint: https://browserleaks.com/rects (Parameter: "Full Hash")

[20:36:06] <XERll> 5. This parameter allows you to enable or disable the use of random plugins. It makes sense to use it in free configs or if there are no plugins in the config. But it is best to write them manually when necessary.

6. This parameter allows you to enable or disable saving and encrypting cookies. For your own safety, the "Must Have" item.

7. This option allows you to enable or disable Flash. Flash technology is already outdated, so in 2019 there is nothing suspicious about Flash turned off. For many, it is no longer installed in the system. Enable only when absolutely necessary.

8. This option allows you to enable or disable fingerprint uniqueization. Those. when starting a session, they will be new every time. For safety, it can be completely used, it is categorically not worth using for driving.

9. This parameter allows you to specify which prints to uniqueize (Canvas, Audio, Plugins, Rects, WebGL, Fonts, Media Devices). This parameter is closely related to the previous one.

10. This parameter blocks the output of the Canvas hash. There is no need to use the parameter. Practical impact on driving is not noticed.

[20:38:21] <XERll> Moving on to the next area. (Screenshot: http://prntscr.com/lkazhi)

1. Selecting the type of connection. Now I will indicate the most necessary and describe them.

No proxy - this type of connection implies the use of your Internet connection, i.e. as if you are using the most common browser. It is required if you need to use Proxyfier and other programs to use Socks / SSH. But if you use these programs, then a huge plus of the sphere is "killed" in that you can use different sessions with different socks or SSH tunnels at the same time. The only option, when at least somehow it might be reasonable to use this type of connection, is if you have a configured router in which you can connect a sock or an SSH tunnel, for example, a router from Sedoy.

Tor - this type of connection is a great option for surfing sites, i.e. for use in security chains, which I talked about at the beginning of the lecture.

Socks, SSH Tunnel - these two types of connection are the basis for working with this product. These modes should be used for driving. For each session, you can set up different socks or SSH tunnels and use all the tabs (sessions) at the same time, i.e. work like a machine gun not from one session, but from 3 or 5 or even more at once.

[20:41:20] <XERll> 2. Area for specifying SOCKS / SSH and port.

Input example: 154.250.117.3:6732

3. This item disables Local IP in WebRTC.

4. This area is responsible for Login / Password in Socks / SSH. If your Socks or SSH tunnel has a username / password, then you must enter them in this area, if they are not there, just leave the fields blank.

5. This checkbox enables / disables WebRTC substitution. Disabling spoofing will use your real WebRTC.

6. This checkbox is responsible for the External IP WebRTC. External WebRTC IP must match your IP Sock or SSH tunnel. The checkbox must be disabled if the IP of the connection is different from the IP that we receive "at the exit". The output IP, by the way, is usually indicated in the history of the service where you take the socks, for example, in Faceless or Luxsocks.

7. This checkbox enables IPv6 substitution. Use only if the IP address is leaked in your system using the “https://browserleaks.com/ip” checker “IPv6 Leak Test”. Otherwise, do not include.

8. This checkbox completely disables WebRTC in the session. I clarify that it is WebRTC itself, and not its substitution.

[20:43:01] <XERll> 9. This feature allows you to set the DNS server manually. When you press the "Check DNS" button, its validity is checked. It must be used for security, and also when driving if the DNS country of your Socks or SSH tunnel is different. This parameter is very important, since there are often SSH tunnels or Socks that show the DNS of another country, or your native DNS system (this is what happens by default, if this field is not filled in, and the Socks or SSH tunnel does not have its own parameter) and you are catching cancellations due to suspicious activity.

10. A button that greatly simplifies the work. When you click on it, it checks the validity of the Socks / SSH tunnel and automatically sets the geolocation, session language, time zone, external WebRTC.

[20:45:21] <XERll> Moving on to the next area. Screenshot: http://prntscr.com/lkan72

1. This section is related to UserAgent. In it you can manage UserAgents, i.e. add, edit or delete. The buttons "Chrome", "Safari", "MSIE", "Other" allow you to quickly select UserAgent by browser type. The item "Regenerate configure after useragent change" allows you to change the session parameters after changing the UserAgent

2. This section is responsible for the language (language) of the session. There is no need to register it manually, it is easier to click the "Check proxy / geo" button and the language will be automatically installed under the country of the Socks / SSH tunnel.

3. This function allows you to block pop-ups on sites in the session, prohibits the creation of pop-ups. Use only if really necessary.

4. This function should not be turned on unnecessarily. Simply put, it should be turned on when the site loads crookedly or is not fully functional.

5. This feature blocks the entry of Russian characters on the site when driving. It is useful to enable it because in which case it does not allow you to enter Russian characters when driving. Naturally, this feature does not work for the input of Russian characters in the URL.

[20:47:53] <XERll> Moving on to the next area. Screenshot: http://prntscr.com/lkat45

1. Config manager - free configurations for the sphere. At the moment there are more than 60,000 of them. The downside is that they can be used by all active users, and the selection is random. You can only select Browser type and OC when downloading the free config.

2. WebGL Parameters. I already talked about what WebGL is above, this section just allows you to configure all the parameters of WebGL 1 Version and WebGL 2 Version or disable it completely if necessary.

3. Section "Advanced settings". One of the most interesting and important sections of the field for me. In it you can edit most of the parameters, add plugins, edit HTTP Headers.

4. A set of fonts. In this section you can create / add or edit the names of the fonts, i.e. create your own list of fonts, which will be seen by the antifraud shop in addition to the font imprint itself, which we discussed above.

[20:48:52] <XERll> 5. Button for simulating window resolution. This feature allows you to adjust your real screen resolution to match the session data. The function is required when working with mobile configs (Android, Iphone, as well as with tablets).

6. Button for simulating Touch Screen. The most useful function when working with mobile configs. It fully simulates Touch Screen, just like on mobile devices.

7. This parameter determines the length of the screen. Example: 1920

8. This parameter determines the width of the screen. Example: 1080

[20:50:55] <XERll> The next two small areas. Screenshot: http://prntscr.com/lkapz3

1. This area is responsible for changing the geo-location of your system. Latitude - geographic latitude, longitude - geographic longitude.

2. This area corresponds to the time zone and time.

These two areas do not require manual configuration. You just need to click the "check proxy / geo" button and the values ​​will be set automatically for your SSH / Socks tunnel.

[20:53:07] <XERll> Let's move on to the possible options for working with this antidetect.

1. If you have access to the config shop, or you can purchase configs from someone, then take the required config, add it to the antidetect, configure the connection to SSH / Socks, Custom DNS if necessary, configure the time zone and geo-position, fingerprints that you need replace and drive forward.

2. If there is no access to the config shop or you have no one to get the configs from, then use free configurations, of which there are already more than 60,000. Configure after that, as in the first option, and drive ahead.

You can also manually tweak the required parameters to make the free configuration more unique.

This can and should be done, because the built-in configs are used by a considerable number of people, and this can negatively affect the result. But for a beginner, they are more than suitable.

It is also possible not to download a free config, but to write it yourself in the field from scratch, but for the first option, for the second, you need to have experience, knowledge of all parameters.

[20:54:49] <XERll> Useful tools in this Antidetect that you can use:

1) There is a Web Emulator in Antidetect - this function allows you to automatically simulate user behavior by visiting sites for you in automatic mode, while you are drinking cold beer while relaxing on your armchair. In practice, this is necessary to warm up the store before driving, i.e. cookies, browsing history are typed, or you can type history in the shop you are going to drive into.

2) Antidetect has a function of automatic typing of text. Those. copy the text to the clipboard, press the key combination, and the antidetect simulates manual input. The function is very convenient and useful, but even despite the advanced imitation, anti-fraud may not be very good at this function. Therefore, use only when you are more or less confident that this will not affect the success of the drive.

3) There is an Automator in Antidetect - this is a more advanced heater, which allows a finer and more advanced setting for warming up shops. The downside is that to use this tool, you need to thoroughly understand and study this tool, because writing a script for an automator is not so easy, and even few of all active users of the sphere can do it.

[20:58:08] <XERll> And now I will answer all your questions about antidetects or about our area of ​​work in general.

Subscribe to my profile: https://wwh-club.net/members/xerl.1390/

Leave reviews in your profile. Jabber for those who have questions or who personally want to chat: wirl @@ laba.im

[20:58:11] <Goodman> 1. Do I understand correctly that if we work only in the browser, then we can not bother with the iron Antidetect?

2. I tried to enter the PayPal log from the Sphere, but for some reason, after passing the captcha, the http fragment of the site got out and did not get into the account, and I read somewhere that PayPal began to burn the sphere, tried it with 5 accounts, what could be wrong?

3. According to the Sphere settings, as I understand it, you can see the link that was thrown above?

4. Returning to the first question, is there any reason to use Vectora's antidetect and put different portable versions of browsers on top, will the prints be different?

5. And yet, in short, why do we use the iron antique, and why the browser?

6. Genesis if you buy a bot from them, for example, with PayPal logs, then after working with PayPal, you can work with this bot on other shops with someone else's CC, do I understand correctly? And you won't need to set up the system, but just pick up the sock according to KX?

[21:02:33] <XERll> 1) Correct

2) AF Paypal does not work that way, that in case of your detection, fragments of the site are crawled out, write off the spheres, they will figure it out, they will issue a new version;

3) As an option

4) If the hardware is the same for him, then the prints will be the same. If you put different TYPES of browsers, then yes they will be different. But there will most likely not be a difference in prints between several versions.

5) We use Iron Antique for any programs that are installed in the system, we use the browser antidetect in our work in cases when your work does not go beyond the browser.

6) Right.

[21:03:52] <GruRus>

1.> Use in the TOR connection chain;

Wouldn't this action increase the number of hops, thereby allowing the AF to identify the user as suspicious?

2. The opinion on such antidetects is interesting: ndalang (free browser antidetect, did not use it myself) and OWASP / Vektor Patreon. On WWH, information about OWASP is not often found, but at the same time, based on my experience (a year of work in the field, several months on Vector). In a number of aspects, the vector exceeds the sphere by 3 heads.

[21:06:17] <XERll> 1) I did not recommend using TOR in the connection chain as work, but only as anonymity, if we are talking about anonymity, then this does not really matter. If we look in terms of resources such as forums

[21:06:35] <XERll> or mate shops, socks, etc.

[21:06:57] <XERll> if from the point of view of driving, then yes, if the chain ends with TOR it's mega pale

[21:08:57] <XERll> 2) ndalang - not used. About the second

[21:09:01] <XERll> in what aspects?

[21:09:26] <goldenbaum> 1. We put the iron antique to muddy something from the installed applications to the system? Can examples plz

2. Once again, I want to know your opinion separately. About a bundle of rasperry pie plus an iPhone? Wouldn't it be better for antifraud. Are there any specific settings for the phone besides the disabled geo

3. Paid configs are objectively better than any configured by me? Better to take and not rack your brains, right?

[21:09:29] <GruRus> Working with Amazon self-registers, for example, on the vector will give 6-7 / 10 accs, on the sphere 2-3

[21:10:03] <GruRus> Working with Google, working with a brute stick

[21:14:05] <XERll> 1) Poker clients ala Poker-Stars, although again it is permissible and I know those guys who use iron blood pressure and then use a regular browser and drive in, and who uses the desired blood pressure and rolls a sphere onto it or other antidetect

2) By mob. work is not for me, I did not dig deep into this topic

3) About taking or puzzling is true to some extent.

those. roughly speaking by example

[21:15:18] <XERll> you need an iPhone case. You can order it for money and they will make it for you in 5 minutes on a machine / 3D printer, etc.

or you can make it yourself, but you will spend more time, conventionally, we will take two hours. As you experience, you will do no worse than the first option, but you will still spend more time.

[21:15:29] <XERll> so if you want to save time, take the configs

[21:16:03] <XERll> if there is time, the desire to learn, then you choose the path of creation yourself, then, if necessary, combining this and that or editing ready-made ones.

[21:17:39] <XERll> GruRus: Again, everything is conditional and in what conditions to compare. Just about 3 days ago, a new version was released on the sphere; its passability is still unclear. According to the old versions, I do not exclude that in the field of self-registrations the vector may be better, in the field of logs I would rather give preference to the sphere, especially if there are a large number of them

[21:24:29] <Koba787>

1 - how often and widely is audiofingeprint used in af?

2 - how will af react if I turn off the sound card in the virtual machine? AF will still initialize the absence of a card and assign a fingerprint, or will AF simply throw points at risk soon?

3 - what is the taco of the stealer Azorult?

5 - link to material on the broken sphere

7 - AFF_Combine - under 1 - the version that you need? in this case, the screenshot shows Workstation. As I understand AFF is put on the basis, but under mac os Workstation does not exist or AFF works with fusion?

8 - for inexpensive solutions, the type for 50 and 100 dollars will be the same detailed lecture? I would very much like to know about software for 50 bucks also in detail))

9 - you can read about all the settings of the sphere in the documentation - is the documentation included with the purchase or can you get acquainted with the beast somewhere in advance?

10 - 10 sulfur point about IndexedDB - not clear ((what makes this Indexed?

11 - a point in the Sphere about cookies - so, for a certain session, we'd better save cookies and let the AF read them? so why should we disable or encrypt? It seems like they said that then you can get a decrease in points from AF

12 - point about External IP WEbRTC sphere - not clear point at all? What do IP connections and output IP mean? ] What are Faceless and Luxspkcs?

13 - I would like to return to the question from the previous lectures: I think you can also answer - “Everything is always different, there is no common recipe. On average, up to 300-500 bucks comes easily. But, you are newbies. You need to start with smaller amounts.

»- Question: less than 300?))

14 - Is there an imaginary bar-limit without EBV on USA and EU cards for Internet transactions?

15 - how safe is it to use sphere based without VM?

[21:33:22] <XERll> 1) Constantly, but less often than Canvas / WebGL the same

2) Throw in points

3) Stiller software and implementation. By type, if stealers are a common name, as antidetects, then Azorult is by the type of a product, for example Linken Sphere

5) I didn't quite understand which link is broken

7) AFF is put on the virtual machine, not on the base. The second part (browser) yes, it can be put on the basis.

8) No for them)

9) https://ls.tenebris.cc/documentation/introduction

10) IndexedDB is a browser store of data that a website writes to your browser's database

11) Encrypt for security, the inability to pull them out of your system by 3 persons or intercept. For sites that read or write your cookies, this has no effect

12) Faceless, Luxsocks are proxy services where proxies are sold. Public IP is the IP of your system. If let's say you add a proxy to a regular system through proxy software, then Public IP will not respond to the substitution of your IP due to the proxy, but IP VPN will shine

13) I don't quite understand what the quote is about, I don't attend other lectures :)

14) On Usa, maybe it depends on both merchandise and the bank

15) If it is on an encrypted flash drive or cryptocontainer, then the rules

[21:33:35] <XERll> and with an unsaved password, the most important thing is

[21:33:43] <XERll> because the data is stored in the cloud and not on the pc

[21:35:29] <Koba787> the link you gave in the sphere section

[21:35:59] <XERll> drop this link here

[21:36:13] <Koba787> https://wwh-club.cc/threads/nastrojka-konfigov-s-nulja-rabota-s-logami-nastrojka-konfiga-sovety-fishki.135378/

[21:58:57] <gangass13> a question for other lecturers or just understanding at least a little

[21:59:02] <gangass13> does it make sense now to download the sphere crack and climb in the settings to figure it out, or can we wait until the end of the subscription for a month and then proceed to the practical study of the settings? it's just that there is already a lot of information, I would like it to begin to be assimilated in some kind of practice, but in fact we only learned how to download the virtual machine

[22:02:03] <XERll> gangass13: it makes no sense there is version 6.7 of the crack

[22:02:30] <XERll> gangass13: yes, you can renew the current subscription and in case of this option they will add 6 weeks

[22:03:41] <XERll> and the interface is different between 6.7 and the latter. In any case, you can allocate 1 day to climb from 6 weeks, this is enough with your head

Don't forget that we have a private channel with the most up-to-date information and material, please contact our support team @ouhom2 to enter

@rybakoshka
February 21, 2021, 07:20
0 reactions
0 views