Luigi Auriemma

aluigi@autistici.org

News
Advisories
Proof-of-concepts
Research
Fake_players_bug
MyToolz
Password_recovery
Patches
MyMusic
Amiga_ADF
TestingToolz
RSS
Video
About...
Forum
-
aluigi.org
aluigi.altervista.org
mirror.aluigi.org
luigi.eliott-ness.com
forum.aluigi.org
ABOUT

  • about me:
    I'm 27 years old, I live near Milan in Italy and I'm atheist.
    I like free informations and I try my best to publish everything (interesting or not) I make or find each day because probably in all the world exists at least a person that is searching just what I have made.
    As everyone can understand watching the informations in this personal webpage, I like computers and computer bugs but only because they are the only thing I'm able to do better.
    Then I have a special passion for algorithms but this is not a secret, in fact this passion borns from the need of finding the truth and moreover sharing it, that's why I hate the security through obscurity techniques often (ab)used in software, moreover in games.
    I like the logic and the semplicity that move everything, also the most complex thing can be easily explained. Usually we see only the final result while we ignore all the simple steps and levels that compose it. That's reassuring.
    Another important thing about me it's that I hate the mass, it's really horrible to see thousand or billions of people acting like clones, both physically and ideologically. It's really absurd and I don't accept it because there is no need of lobotomized people that do the same things usually for the same target (fucking money) without logic and respect for the others and for the planet.
    The last thing that I think is very important is "to create"... it's not important what is your field of interest but is important to create, be creative and share your creations (freely if possible).
    That's all for the moment, I don't want to be too boring 8-)
    If you want to contact me don't worry I am never busy and I like to receive e-mails and talk about new possible research projects!!!
    If I don't answer to your mail within a couple of days probably it's not arrived or I have confused it for spam or for me is really impossible to reach the mailbox, so retry!!!


  • My policy: optimization of responsible disclosure 0.1
    From the 2008 this policy is no longer valid, contacting or not the vendor/developers is now at my discretion
    Note that I don't "dress a hat" (black, gray, white, etc.) but I simply do my research and I'm happy that people use it, it's not important if they exploit or patch the bugs, is only important that it has been useful or interesting.


  • My "lab"
    The photo of my 2 mq. "room/lab". (18 Feb 2005)


  • about my research:
    I would say that for me the research is a passion but in reality it's most like an obsession.
    My research goes from security bugs to reverse engineering (usually the same thing), and probably the only reason why I do all these things is simply because I'm able to do them and moreover to share my philosophy.
    In fact I do everything open (open source and full disclosure) and for free at 360 degrees, that means not only that I don't have or want a job in the computer security (uhmmm that's probably the reason why I'm usually jobless eh eh eh) but also that I don't sell services, products or other bullshits.
    When I release an advisory the only thing I want to show is my research, not an advertisement like many (almost all) people and companies in the computer security do.
    I do it not only for philosophical reasons but also for a practical implication: I'm free of doing my research without limits and without secrets and moreover when and how I desire. This is the real meaning of the words "free" and "freedom" applied to computers.
    If developers appreciate my work they can credit my name in the changelogs of the patches or in the news of their websites, but I don't ask that to them, it should be a spontaneous form of respect and I'm happy when they do it.
    Then another thing about security bugs, they are for me only a research in fact I don't use the bugs I find versus other people simply because I don't like to do it. I admit it's against nature but exploiting critical bugs doesn't give me emotions, I like only to find them.
    And remember that I find bugs, I don't create them, the developers are the only people that create bugs (indirectly naturally) so they are ever the only responsible. Sometimes I'm able to create patches or work-arounds for software no longer supported but other times that's not possible. Keep that in mind.


  • about licenses:
    My stuff uses the GPL where this is reported in the header of the source code (usually all my Research, Mytoolz, Password Recovery and Testing Toolz sections contain GPLed code) while the rest of software can be considered public code (for example my Proof-of-concept and Fake Players).
    If you have doubts about what GPL means you need only to know that the first rule is that any program which uses GPL code must be released under GPL.
    So, for example, you cannot use my code in your closed source program, you can use my code only if yours is GPL too.


  • about my faults:
    Like any other human I have my regular faults, the first of them is just having a low level of attention that leads ever to distraction and stupid errors. But this fault is at the same time the best help I have for finding bugs since I already know what errors the other people can do.
    Other faults are my slowness and my lazyness, sometimes they are a problem for my current research or for starting new projects except when I'm particularly inspired.


  • about how to help me:
    I do NOT need or want money so I don't accept donations and don't accept paid jobs, I never did it and I will never do it (hopefully).
    The only ways to help me are reporting the small and big errors I do in my documents and my code and propose new research projects, updates and moreover suggestions.
    If you like my stuff and you find it useful you can talk to your friends about it, when I release an advisory is necessary that the major number of people (depending by the vulnerable software) become aware of the problems I have found and then they could find other interesting researches here.


  • about my motto:
    The things I do are NOT complex, I'm not smart or special (probably just the opposite) so anyone can do the same things without having great skills.


  • about how to use my tools:
    All my tools (except rare cases) work from the console.
    In Windows the console is also known as Windows console, command prompt, command-line or prompt of Ms-Dos (look for cmd.exe or command.com).
    Here there is a quick video about launching a couple of my tools
    So if you use this OS and when you double-click on one of my executables it shows a window and then closes immediately it's all normal, launch it from the console and pass the required arguments.
    All my tools show a quick help at runtime specifiying the required <> and optional [] arguments.
    A quick step-by-step for dummies is the following:
    - copy the executable you want to use in c:
    - go in Start->Run and type: cmd (or command if you use Windows 9x/Me)
    - in the black window type: cd \
    - now digit the name of the executable so you will see all the available options
    - when you have decided the arguments to use type them after the executable name
    - for example if you use the tool gsinfo you need to specify the host and the port like: gsinfo 127.0.0.1 1234
    - other examples:
    · wtcced d "c:\documents and settings\myname\desktop\my input file.gmt" "my output file.gmt"
    · ventrilofp -n "this is my nick" -p mypassword server.domain.org:1234
    · q3fill -w mypass -n -m "mypar\myval\par\val" 127.0.0.1 27960
    · calcc "(((1+2)*(1^4))*10)/(9-1)"
    · echo aGVsbG8K|bde64 d - -
    · sleepy 2s argz.exe "\"this is arg1\"" arg2 arg3
    So you need to use " for specifying spaces in filenames because the console consider each space a new argument, and if you need to specify just a " it's enough to place a backslash before it as in the above examples
    Then if you want to stop the program in any moment keep the keys CONTROL and C pressed at the same time
    Anyway Internet is full of tutorials for using the console and my tools are for people that use the command-line everyday so use a search engine for any doubt
    Another alternative is trying the following experimental tool which lets you to use almost all my tools with a graphical and easy-to-use interface: THEGUI



  • about password recovery and drag'n'drop:
    Almost all my password recovery tools which decode the passwords stored in a file allow the usage of drag'n'drop.
    When you launch the tool it shows some informations and the name of the file you need to use which is usually located in the folder of the program from which you want to recover the password.
    When you have located the file you need only to keep the mouse button pressed on it and move over the executable of my password recovery tool.
    It will automatically shows the stored password or passwords.
    Anyway remember that my tools are ever made to work from command-line (read the above section) so this drag'n'drop feature it's only something more confortable.


  • about CTRL-F:
    The chaos rules on my website so the best way to find what you need is through the Find function (CTRL-F) of your browser


  • about compiling my source code:
    I use ever and only Gcc and its Win32 port Mingw to compile my C stuff.
    If you use other compilers you could receive some small errors, some of them can be solved replacing the sleep() calls with Sleep(), or passing -DWIN32 to the compiler, or specifying the needed library to link (like ..\lib\ws2_32.lib) and so on.
    Some basic examples of how to compile my code (moreover network code) on Windows through some freeware or open source compilers:
    Mingw gcc -o file.exe file.c -lws2_32
    Lcc-win32 lcc file.c
    lcclnk file.obj
    Visual C++ cl file.c -DWIN32 c:\vc\lib\ws2_32.lib
    Borland C++ bcc32 -Iinclude -Llib -DWIN32 file.c
    Digital Mars bin\dmc -Ju file.c lib\wsock32.lib file.c
    Watcom wcl386 -i=..\h;..\h\nt -dWIN32 -l..\lib386;..\lib386\nt file.c
    Pelles C pocc /J /DWIN32 /Ze /I..\include /I..\include\win file.c
    polink /LIBPATH:..\lib /LIBPATH:..\lib\win ws2_32.lib file.obj
    If your compiler doesn't find stristr() try to use stristr.c
    Most of my programs use stdint.h, check that link if you use MSVC since there is file you must download or just go directly to the msinttypes project
    Anyway contact me if you have suggestions to create a more portable code!


  • about my header files:
    If you are a C programmer you have probably noticed my fault of putting the functions I write into files with .H extension (aka header files). I do it to quickly compile my programs in a single compilation pass.
    If you want to use them "normally" you can change the extension in .C and copy the functions prototypes in a file .H that you must include into your program source... but if you are a C programmer you already know that.


  • about this website:
    This website is nothing more than an archive containing everything I do everyday and moreover a personal website.
    All the stuff on this space has been created by me and everything is completely "free" (as freedom) and open source.
    Then remember that I consider all my stuff ever experimental (that's the reason of the 0.X versions) and that naturally exist also old documents and code that I wrote many time ago and so are not well written or are a bit bugged or are just obsolete.

    Note: this server doesn't allow the linking of binary files (like .zip) on others websites because it checks the Referer field of the browser (this is the policy of the server hosting this website *NOT* mine) so if you want to link a binary file available on this website is better if you link the main page or a lot of people will not be able to download it.

    Valid HTML 4.0! [Valid RSS] [Valid WML]