I love lying on the internet!
- Whanos: https://github.com/Whanos/ - Initial discovery, first contact with echo.ac, writing.
- Lemon (Wishes to stay anonymous) - Exploit development and assistance.
- kite03: https://github.com/kite03/ - Exploit development, and writing.
https://ioctl.fail/echo-ac-writeup/
I have removed the binary from this repo for security.
You may read extra info and download the driver binary from the official loldrivers.io page: https://www.loldrivers.io/drivers/afb8bb46-1d13-407d-9866-1daa7c82ca63/
echo.ac is a commercial "screensharing tool", marketed and developed mostly for the Minecraft PvP community, but also used by some other game communities, such as Rust. A "screensharing tool" is a program developed to "assist" server admins in identifying if someone's using cheats or similar banned external tools ingame - As such, these programs execute numerous intrusive scans on users computer, while being very vague of what they data collect and why.
When this point was brought up to them, they reacted aggressively and attacked us for criticising this practice. We think that it is unfair that users can be banned for not wanting to run this invasive software.
I (Whanos/protocol) also attempted to disclose this exploit to the CEO in private before disclosing it publicly, but they brushed me off and then banned me from their discord server.
To read our frankly, unprofessional experiences with the staff team of this company, and to see the company's appalling response to us disclosing this exploit to them, read https://ioctl.fail/echo-ac-writeup/.
Thanks for your time ๐.