How to Null/Remove backdoor from WoWonder

How to null WoWonder + app api + updates + remove all callbacks.

Tested and working with WoWonder v2.3.2 (latest as of 6/22/19).

I gave this guide a makeover and spent a lot of time working on it.

If you don't want to null WoWonder yourself you can visit the link below to find all the latest nulled WoWonder versions.

PURCHASE CODE NULL
Go to install/index.php and remove the code around lines lines 9-40 as shown below.

PHP:

function check_($check) {
   $siteurl           = urlencode(getBaseUrl());
   $arrContextOptions = array(
       "ssl" => array(
           "verify_peer" => false,
           "verify_peer_name" => false
       )
   );
   $file              = file_get_contents('http://www.wowonder.com/purchase.php?code=' . $check . '&url=' . $siteurl, false, stream_context_create($arrContextOptions));
   if ($file) {
       $check             = json_decode($file, true);
   } else {
       $check             = array('status' => 'SUCCESS', 'url' => $siteurl, 'code' => $check);
   }
   return $check;
}
function check_success($check) {
   $siteurl           = urlencode(getBaseUrl());
   $arrContextOptions = array(
       "ssl" => array(
           "verify_peer" => false,
           "verify_peer_name" => false
       )
   );
   $file              = file_get_contents('http://www.wowonder.com/purchase.php?code=' . $check . '&success=true&url=' . $siteurl, false, stream_context_create($arrContextOptions));
   if ($file) {
       $check             = json_decode($file, true);
   } else {
       $check             = array('status' => 'SUCCESS', 'url' => $siteurl, 'code' => $check);
   }
   return $check;
}

In the same file remove the code around lines 35-42 as shown below.

$p = check_(trim($_POST['purshase_code']));
if (isset($p['status'])) {
  if ($p['status'] == 'ERROR') {
   $ServerErrors[] = $p['ERROR_NAME'];
  }
} else {
 $ServerErrors[] = 'Failed to connect to server, please try again later, or contact us.';
}

Add $go = 1; before if (empty($ServerErrors)) {, and make if (empty($ServerErrors)) { say if ($go == 1) { as shown below.

Still in install/index.php remove the code around lines 91-96 as shown below.

$p2 = check_success(trim($_POST['purshase_code']));
if(isset($p2['status'])) {
if ($p2['status'] == 'SUCCESS') {
  $can = 1;
}
}

Finally, add $can = 1; above if ($can == 1) { as shown below.

You have now nulled the installer properly, give yourself a pat on the back as we are now over half way done!

APP NULL
Nulling the apps is pretty easy, we just need to edit the wowonder.sql file in the root of the script.

Go around line 654 and find (141, 'footer_background', ''),, we need to make that line say (141, 'footer_background', '#aaa'),. Don't forget to add the comma.

We're gonna do the same thing for the other 2 footer_background entries in the sql file. On the footer_text_colorentry we have to make it's value be #ddd, for example: (143, 'footer_text_color', '#ddd'),.

Removing the following code does not make the apps be nulled, but it is used during legitimate activation of them. We will remove the code from the app as an extra security measure (this is sort of a callback).

Go to xhr/admin_setting.php and remove the code around lines 649-707.

$data['android_status']        = 0;
$data['windows_status']        = 0;
$data['android_native_status'] = 0;
if (!empty($_POST['android_purchase_code'])) {
   $android_code = Wo_Secure($_POST['android_purchase_code']);
   $file         = file_get_contents("http://www.wowonder.com/access_token.php?code={$android_code}&type=android", false, stream_context_create($arrContextOptions));
   $check        = json_decode($file, true);
   if (!empty($check['status'])) {
       if ($check['status'] == 'SUCCESS') {
           $update                 = Wo_SaveConfig('footer_background', '#aaa');
           $data['android_status'] = 200;
       } else {
           $data['android_status'] = 400;
           $data['android_text']   = $check['ERROR_NAME'];
       }
   }
}
if (!empty($_POST['android_native_purchase_code'])) {
   $android_code = Wo_Secure($_POST['android_native_purchase_code']);
   $file         = file_get_contents("http://www.wowonder.com/access_token.php?code={$android_code}&type=android", false, stream_context_create($arrContextOptions));
   $check        = json_decode($file, true);
   if (!empty($check['status'])) {
       if ($check['status'] == 'SUCCESS') {
           $update                        = Wo_SaveConfig('footer_background_n', '#aaa');
           $data['android_native_status'] = 200;
       } else {
           $data['android_native_status'] = 400;
           $data['android_text']          = $check['ERROR_NAME'];
       }
   }
}
if (!empty($_POST['windows_purchase_code'])) {
   $windows_code = Wo_Secure($_POST['windows_purchase_code']);
   $file         = file_get_contents("http://www.wowonder.com/access_token.php?code={$windows_code}&type=windows_desktop", false, stream_context_create($arrContextOptions));
   $check        = json_decode($file, true);
   if (!empty($check['status'])) {
       if ($check['status'] == 'SUCCESS') {
           $update                 = Wo_SaveConfig('footer_text_color', '#ddd');
           $data['windows_status'] = 200;
       } else {
           $data['windows_status'] = 400;
           $data['windows_text']   = $check['ERROR_NAME'];
       }
   }
}
if (!empty($_POST['ios_purchase_code'])) {
   $windows_code = Wo_Secure($_POST['ios_purchase_code']);
   $file         = file_get_contents("http://www.wowonder.com/access_token.php?code={$windows_code}&type=ios", false, stream_context_create($arrContextOptions));
   $check        = json_decode($file, true);
   if (!empty($check['status'])) {
       if ($check['status'] == 'SUCCESS') {
           $update             = Wo_SaveConfig('footer_background_2', '#aaa');
           $data['ios_status'] = 200;
       } else {
           $data['ios_status'] = 400;
           $data['ios_text']   = $check['ERROR_NAME'];
       }
   }
}

CALLBACK REMOVAL
Getting rid of all the dangerous external requests.

It can be dangerous for a nulled script to be making contact with the author's server. Therefore, as an extra security measure I've included that information in this guide.

The first file we need to fix is in the root of the script, updater.php.

What I recommend you do is remove every line of code from the file except for the <?php and then say return;. See below for reference.

The next file is located in xhr/check_for_updates.php.

Simply remove the code around lines 19-47 as shown below.

PHP:

if (Wo_CheckMainSession($hash_id) === true) {
   $arrContextOptions = array(
       "ssl" => array(
           "verify_peer" => false,
           "verify_peer_name" => false
       )
   );
   if (!empty($_GET['purchase_code'])) {
       $purchase_code = Wo_Secure($_GET['purchase_code']);
       $version       = Wo_Secure($wo['script_version']);
       $siteurl       = urlencode($_SERVER['SERVER_NAME']);
       $file          = file_get_contents("http://www.wowonder.com/check_for_updates.php?code={$purchase_code}&version=$version&url=$siteurl", false, stream_context_create($arrContextOptions));
       $check         = json_decode($file, true);
       if (!empty($check['status'])) {
           if ($check['status'] == 'SUCCESS') {
               if (!empty($check['versions'])) {
                   $data['status']         = 200;
                   $data['script_version'] = $wo['script_version'];
                   $data['versions']       = $check['versions'];
               } else {
                   $data['status'] = 300;
               }
           } else {
               $data['status']     = 400;
               $data['ERROR_NAME'] = $check['ERROR_NAME'];
           }
       }
   }

Finally, the last place we need to edit to remove all the callbacks is in the xhr folder as well, xhr/download_updates.php.

Remove the code around lines 10-56 and you've successfully nulled the entire WoWonder script!

Get WoWonder app from here and follow above steps

truecodes

Search This Blog

How to Null/Remove backdoor from WoWonder

Comments

Post a Comment