Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
trust.zone VPN client analysis: SoftEther engine
I've been poking around recently in the Windows installers published for various heavily-publicized VPN services. In doing some automated analysis of the "trust.zone" installer, I noticed some interesting strings. Turns out, they're the configuration settings for SoftEther - because that's the actual technology the client uses to make connections.
The original installer, as well as hybrid analysis, is available here:
https://www.hybrid-analysis.com/sample/c64b63cd60026e0fa46da4ee8e044a1d6d3600b931bec13c4ab36a38dd2310c7?environmentId=100
It is interesting that there are username/password combinations hard-coded into this config file. While I'm not intimately familiar with the details of SoftEther configuration (it's a wide area of study, turns out), a few other items in this config seemed curious to me.
Anyhow, posting it here in the event it's useful for others - one never knows.
Cheers,
~ pj
=====================================
# Software Configuration File
# ---------------------------
#
# You may edit this file when the VPN Server / Client / Bridge program is not running.
#
# In prior to edit this file manually by your text editor,
# shutdown the VPN Server / Client / Bridge background service.
# Otherwise, all changes will be lost.
#
declare root
{
bool DontSavePassword false
byte EncryptedPassword +WzqGYrR3VYXrAhKPZLGEHcIwO8=
bool PasswordRemoteOnly false
string UserAgent Mozilla/5.0$20(Windows$20NT$206.3;$20WOW64;$20rv:29.0)$20Gecko/20100101$20Firefox/29.0
uint UseSecureDevice Id 0
declare AccountDatabase
{
declare Account0
{
bool CheckServerCert false
uint64 Create DateTime 1411616710431
uint64 LastConnect DateTime 1424657172144
string ShortcutKey AA19B0D6754475C3E2ECB0BD197EC648D9674337
bool StartupAccount true
uint64 UpdateDateTime 1424657100376
declare ClientAuth
{
uint AuthType 1
byte HashedPassword jgxTNVRzNDCwCYOcifWDgc7Rsl4=
string Username cyGQi
}
declare ClientOption
{
string AccountName trustzone
uint AdditionalConnectionInterval 1
uint ConnectionDisconnectSpan 0
string DeviceName VPN
bool DisableQoS false
bool HalfConnection false
bool HideNicInfoWindow false
bool HideStatusWindow false
string Hostname vpn.trust.zone
string HubName VPN
uint MaxConnection 1
bool NoRoutingTracking false
bool NoTls1 false
bool NoUdpAcceleration false
uint NumRetry 4294967295
uint Port 443
uint PortUDP 0
string ProxyName $
byte ProxyPassword $
uint ProxyPort 0
uint ProxyType 0
string ProxyUsername $
bool RequireBridgeRoutingMode false
bool RequireMonitorMode false
uint RetryInterval 15
bool UseCompress false
bool UseEncrypt true
}
}
}
declare ClientManagerSetting
{
bool EasyMode false
bool LockMode false
}
declare CommonProxySetting
{
string ProxyHostName $
uint ProxyPort 0
uint ProxyType 0
string ProxyUsername $
}
declare Config
{
bool AllowRemoteConfig false
uint64 AutoDeleteCheckDiskFreeSpaceMin 8589934592
string KeepConnectHost de1.trust.zone
uint KeepConnectInterval 50
uint KeepConnectPort 80
uint KeepConnectProtocol 1
bool NoChangeWcmNetworkSettingOnWindows8 false
bool UseKeepConnect false
}
declare DNS
{
declare Server0
{
string Hostname 109.236.91.200
}
declare Server1
{
string Hostname 212.83.51.81
}
declare Server2
{
string Hostname 109.236.91.200
}
}
declare RootCA
{
}
}
@annmoroz

This comment has been minimized.

Copy link

@annmoroz annmoroz commented Jan 3, 2020

Thank you for the configuration, please advise, if I should change IP addresses? Silverhanna

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment