Luigi Auriemma

me@aluigi.org


News
QuickBMS
Research
MyToolz
Advisories
Proof-of-concepts
Fake_players_bug
Patches
Password_recovery
MyMusic
TestingToolz
About...
RSS_feeds
Amiga_ADF
Forum
aluigi.org
mirror.aluigi.org
twitter
RESEARCH

Various research stuff for various software: algorithms, protocols, formats, documentation and more.
read here if you don't know how to use my stuff and tips for their recompiling



Sections:

QuickBMS:

now it has its own homepage.


Gslist:

  • Gslist 0.8.11a (gslist)
    Gslist is a game servers browser supporting an incredible amount of games (over 4000) for many different platforms like PC, Wii, Playstation and more.
    it can work in both command-line and an experimental web GUI mode, for this reason it's mainly designed for server admins, websites, advanced gamers and testers.
    in short a game server browser is a tool that retrieves the full list of servers (IP and port) of a specific game like Battlefield, Crysis, Unreal and so on.

    features:
    • tons of games supported and for various platforms: PC, Xbox360, Mac, Playstation 2, Playstation 3, PSP, Nintendo DS, Nintendo Wii, Dreamcast, iPhone and more
    • "experimental" web GUI: Gslist can be easily used through a web browser like any "classical" server browser but with the difference of being more simple to use and (optionally) supporting multiple users
    • can execute a program for each server of the list
    • filters for selecting only the servers with specific features like country, minimum/maximum number of players, maps, mods, type of game and so on
    • its list of supported games can be upgraded automatically (-u) or generate the database manually (-m/M)
    • can retrieve all the Gamespy Peerchat rooms "#GPG!" of a specific game (-R) which can be used with my GS peerchat IRC proxy
    • supports many options for redirecting and formatting its output so it can be used as back-end for any program or service
    • supports different types of queries for retrieving information from the servers and with -X is possible to receive these information directly from the master server without sending additional packets
    • optimized for speed and resources
    • experimental SQL option for dumping all the servers information in a SQL database
    • can send hearbeats for adding the own IP in the servers list
    • various other commands, options and customizations

    screenshots:
    video:
    read the text file inside the package for detailed information.
    note: you need zlib, GeoIP and the mysql libraries to compile it on Linux: apt-get install zlib1g zlib1g-dev libgeoip1 libgeoip-dev libmysqlclient15-dev.

  • Miscellaneous configuration files (NOT necessary for Gslist):
    gslist.cfg  gshkeys.txt  full.cfg  detection.cfg  gsfilters.htm (useful)

    note that all the entries in gslist.cfg come from Gamespy so I have no control over them.
    some entries (starting from about 2009) are listed but don't exist on the master server because these names are used by Gamespy probably for other things, like the case of battlefieldbadco2.



GameSpy:

  • Cd-key SDK and verification:

    • GSHsniff 0.3 (gshsniff)
      sniffer that checks any UDP packet from master.gamespy.com or another server of your choice and decodes the packets encoded with the "XOR gamespy" method.
      these packets are those of the games that use the Gamespy SDK for authenticating cdkeys and to know if a player is already playing in a server and other stuff.
      they are usually sent to port 29910 of the master server and contain commands like \auth\.

    • Online cd-key verifier for games that use the Gamespy cd-key SDK 0.1.2a (gskeycheck)
      very interesting tool that verifies if the cd-key of a specific game is valid online or is already in use or has other problems.
      the technique used by the tool is very simple, it does the same operations performed by the game servers when they receive a new connection from a client which passes its hashed cdkey for being authorized with the Gamespy master server. it could be useful to know immediately if an old key is still valid or if there are more detailed errors if it no longer works online.
      the supported games are all those that use the Gamespy cd-key SDK like Battlefield 1942, Battlefield2, Halo, Painkiller, Star Wars Battlefront and many others listed in that document.
      read the text file inside.

    • Explanation of the authentication method used by the Gamespy CD-Key SDK 0.1 (gskey-auth)

    • GS key challenge builder 0.1 (gskeychall)
      function needed to build the authorization string that must be sent to the game servers running the games that use the Gamespy authorization.
      it is also a practical example of the first part of the above "gskey-auth" document.
      here is available a simple usage example.

    • GSHinfo 0.1.2 (gshinfo)
      this tool is able to send all the 4 available queries uok, unok, ison and ucount to any game server which uses the Gamespy CD-Key SDK.
      these "hidden" queries are handled by the game servers to know if a specific player/cdkey is playing in a server or how many authorized players are playing in it.

    • explanation of the hidden functions and commands that are used in the Gamespy cd-key SDK implemented in various games (read the third section): english and italian.

    • Partial list of games that use the Gamespy cd-key SDK (gshlist)
      contains all the games of which I'm aware that use the Gamespy cd-key SDK, they are divided in 2 categories: those supporting the hidden queries (uok, unok, ison, ucount) and the rest that don't seem to support them directly.

  • Gsmsalg and enctype:

    • GS enctypeX servers list decoder/encoder 0.1.3b (enctypex_decoder)
      the algorithm used by ANY game for decrypting (and encrypting) the data from the Gamespy master server on port 28910.
      enctypeX in reality is not only an algorithm (technically a short version of that used for enctype1) but also a specific protocol for receiving various types of information from master servers like ut3pc.ms3.gamespy.com, battlefield2.ms3.gamespy.com, crysis.ms5.gamespy.com and many others for a total of 20 "ms" servers.
      from my tests with enctypeX is possible to:
      • receive the list of online servers of a specific game, including they external and internal (if via NAT) IP addresses and ports
      • receive NAT information about servers behind router/NAT
      • receive the details of each server directly from the master server which means that is not needed to query them because we already have all the needed information (gamename, gamemode, gametype, mapname, numplayers, maxplayers and so on)
      • receive the above details with or without the filtering of colors, non alphabetic chars and html/sql escape chars
      • receive the list of the Gamespy Peerchat IRC channels assigned to a specific game (for example #GPG!765 for Tony Hawk's Underground 2 PC)
      • encrypt a server list and so building the own customized LAN master server compatible with ALL the games which use the Gamespy one natively
      • many advantages than the old enctype methods
      the algorithm is also big endian compatible (so works on PPC too) and is designed for real-time decrypting so the data can be decrypted on the fly during the receiving.
      other than the main decryption/encryption code my set of functions includes also:
      • the one which generates the right ms.gamespy.com hostname to contact which is gamename dependent
      • a function which creates a random id/validate string
      • a multi purpose function which can:
        • tell the main program when the data received by the master server is terminated, because the master server doesn't close the connection (it's in keep-alive mode) so it sends only a marker for the defining the end of the data
        • create an IP:port list (4 bytes:2 bytes) from the received data which is more easy to handle from the main program
        • collect all the additional servers information in a text format like "IP:port \parameter\value\...\parameterN\valueN"
      the only complete usage example of this code and the full protocol is available in Gslist, there is no additional documentation at the moment.
      for testing all the decryptions perfomed by enctypes 1, 2 and X with custom data (useful for programmers) is possible to use the Enctype decoder/tester, it's very good also for who wants to decrypt the encrypted data received from the Gamespy master server without programming a single line of the decryption code: call enctypedec.exe externally with the -l or -L option for doing the job.

    • GS enctype2 servers list decoder/encoder 0.1.2 (enctype2_decoder)
      algorithm for decrypting and encrypting the servers list coming from the Gamespy master server encrypted with the enctype 2 method.
      this enctype was used only by the old RogerWilco application.

    • GS enctype1 servers list decoder 0.1a (enctype1_decoder)
      algorithm for decrypting the servers list coming from the Gamespy master server encrypted with the enctype 1 method.
      this enctype was used only by the old Gamespy 3d application and is the most complex of all the various enctypes.

    • Gsmsalg 0.3.3 (gsmsalg)
      this algorithm is an emulation of the one used by the Gamespy master server for handling the "secure" parameter sent by these servers.
      my implementation supports enctype 0, 1 and 2 (X doesn't use it) and can be used also for calculating the needed challenge-response string for the Gamespy Firewall probe packet and the heartbeat (the sending of a couple of UDP packets to port 27900 for allowing our IP:port to be added in the list of servers of a specific game, uses enctype 0).
      all the information are in the header of the code.

    • third party ports to other languages:
      the following is the list of ports of some of the gsmsalg and enctype 1, 2 or X code to other languages made by various people:
      - vb.net port of enctype X by NMGod
      - VB, C# and PHP port of enctype 2 by Tras, FordGT90Concept and UltimateSniper
      - Mirc script port of enctype 2 and master server query code by SkorpSSS
      - old PHP port (32bit systems only!) of enctype 1/2 by jan0 and the fixed 64bit compatible version by Atako

  • Peerchat:

    • GS peerchat IRC proxy 0.3.3b (peerchat_irc)
      useful tool that allows to use any IRC client to join the peerchat.gamespy.com chat server.
      indeed peerchat.gamespy.com is only a classical IRC server which uses a simple encryption (watch gs_peerchat), so this multi-client proxy gets the connection from the local IRC client and decrypts/encrypts the data in a completely transparent way:
      IRC client -> peerchat_irc -> peerchat.gamespy.com
      read the text file inside for additional information and options.
      use "gslist -R -n GAMENAME" (where gamename can be any of the games listed in "gslist -l") to retrieve the peerchat channels of a specific game.

    • GS Peerchat sniffer and decrypter 0.2 (peerchat_sniffer)
      the title already explains everything, it does the same job of "peerchat_proxy" but without the boring steps needed for using that tool.
      the only downside is that handling TCP connection through sniffing is not so easy so in some cases after some time the collected data could be visualized corrupted.
      both winpcap and gslist.cfg are needed.

    • GS peerchat server emulator 0.1.3a (peerchat_server)
      this proxy server transforms any normal IRC server in a Peerchat server.
      it works in a similar way to peerchat_irc but does the opposite job, so the clients of a game which use the Peerchat server can connect to a classical local or remote IRC server:
      game client -> peerchat_server -> IRC server
      the file gslist.cfg must be in the same folder of the tool and naturally is required an IRC server where connecting the players.
      obviously the players need to force the connection of their game clients to the peerchat_server IP, a classical way is modifying the hosts file as explained in the guide of the tool.
      read the text file inside.

    • Peerchat IP decoder/encoder 0.3 (peerchat_ip)
      tool for decoding and encoding the IP addresses of the users on the Peerchat server, visible with the classical /whois command (like X19s4Fp1DX).
      the tool can decode and encode also the IP addresses in the users channels/rooms (like #GSP!gamename!MD9NqJlJJM).
      for the room names decoding/encoding are needed other two parameters: a 0 (it could be the user's ID) and the server's port.

    • Peerchat IP encoding/decoding algorithm 0.2 (peerchat_ip)
      the algorithm needed to decode and encode the Peerchat IP addresses visible with the IRC "whois" command inside the Peerchat server (through peerchat_irc).
      it supports also the decoding of the IP addresses associated to the users rooms as written in the previous description.

    • GS Peerchat proxy decrypter 0.3a (peerchat_proxy)
      a proxy utility useful for debugging.
      it decrypts and dumps in a log file all the commands sent and received by the games that use the Gamespy Peerchat server like example Gamespy Arcade and various other games like Tony Hawk Underground 1/2, Race Driver 1/2, all the Command and Conquer series, WarHammer and so on.
      read the text file inside.

    • GS peerchat encryption/decryption algorithm 0.2 (gs_peerchat)
      algorithm for the encryption/decryption of the Gamespy Peerchat data.

  • Protocols:

    • GS passenc/passwordenc decrypter/encrypter 0.1 (gspassenc)
      quick tool for decrypting and encrypting the passenc and passwordenc fields used for creating new users on Gamespy through the protocol used on gpcm.gamespy.com:29900 with the \newuser\ command.
      example: gspassenc e mypassword
      example: gspassenc d e4uEk1iom8MLaw__

    • GS natneg client 0.2 (gsnatneg)
      function for the implementation of the client-side Gamespy natneg protocol for joining servers behind router or NAT.
      in short with the calling of this function in a program is possible to query and join any game server behind router/NAT which uses this Gamespy natneg feature.

    • Gamespy NAT negotiation plugin for Proxocket 0.1 (gsnatneg_proxocket)
      plugin for Proxocket for automatically applying the Gamespy NAT negotiation to existent tools.

    • GS login checker 0.1 (gslogincheck)
      simple tool which checks if a Gamespy account (username and password) is valid.
      naturally this works for the accounts created with and for any software and game which uses the Gamespy login (gpcm.gamespy.com:29900) like Gamespy Arcade, Battlefield 2 and so on.

    • GS login server emulator 0.2.3b (gs_login_server)
      quick and easy-to-use project for emulating a Gamespy login and stats server (gpcm, gpsp and gamestats) which works with any game that uses these protocols like Battlefield 2.
      it can be useful in LAN parties and indeed this tool is very used in Battlefield 2 just for this reason, in retro-gaming projects (the idea started for PBA2001 for Dreamcast) and for using custom nicknames online without having an account (should work with any of these games, tested Race Driver 2 and Battlefield 2).
      note that this tool is databaseless just because its job is only that of allowing the clients (any client) to "think" to be online and joining with any nickname and a fixed password (needed for technical reasons), so this is NOT a project for creating a real set of servers where users can interact with other users.
      read the text file for some details.
      Third-party projects:

    • Gsstats 0.1 (gsstats)
      retrieves the online player statistics of the games that use the Gamespy accounts to play online like Ground Control II, the Command and Conquer series and various others.
      remember to use also the Gsplayers tool and gslist.cfg to retrieve the needed profile IDs, the gamenames and the gamekeys.

    • gs_sesskey \authp\ resp 0.1 (gs_sesskey)
      simple function to calculate the needed text string from \sesskey\ (port 29920).

    • gs_chresp_num \auth\ response 0.1 (gs_chresp_num)
      simple function to calculate the needed number from \challenge\ (port 29920).

    • GSPlayers 0.1.1a (gsplayers)
      a simple and interesting tool for searching all the users that have a Gamespy account through their nickname, email, first/last name or ICQ UIN, then finds also all the people in the buddy list of a specific user and what online users have a specific game installed.
      the PIDs are available in gspids.txt.
      the updated detection.cfg file necessary to the tool can be downloaded directly from the Gamespy webserver, remember to rename it correctly.

    • Gs auth 29920 sniff 0.1 (gs29920sniff)
      a simple "old" sniffer that decodes any TCP connection versus the port 29920 of any host or one specified by the user. An example of game that uses this metod is Ground Control II.
      the data in the connection to that port are XORed with the string "GameSpy3D".

    • GS login response calculator 0.1.1 (gslogincalc)
      an example program that shows how to build the response string for gpcm.gamespy.com:29900.
      for another better and more complete example take a look to the above GS login checker tool.


  • Full list of multiplayer games and their PIDs on Gamespy (gspids)
    useful for the stats, for cd-key verification and probably more.
    rarely updated

  • GS SDK challenge-response algorithm 0.1 (gssdkcr)
    the challenge-response algorithm used by some of the games that use the Gamespy SDK for the initial handshake between client and server.
    some of these games are Halo, Soldier of Anarchy and Warhammer 40000 Dawn of War and others.

  • Master server disconnection: game servers can be removed from the online master server list using one spoofed packet 0.1 (gsmsdisc)
    a quick and short document that can be applied to ANY master server that uses unchecked UDP heartbeat packets.
    at the moment I don't know if this technique/bug is still active.

  • GS master server disconnector 0.1.2 (gsmsdisc)
    proof-of-concept of the above document for the games that use the Gamespy master server.
    successfully tested on Windows XP SP2 as admin and Linux as root, compatibility on other Windows is not guaranteed.
    unsupported

  • 2003's responses to Gamespy:



All Seeing Eye:

  • ASE UDP tracker packet sender 0.1 (asetracker)
    simple example tool which emulates the method used by ASE to join and leave tracker.udpsoft.com:27246 specifying the MotdIdLo, MotdIdHi and UserID values.

  • ASE UDP packets decoder 0.1 (aseudpdec)
    some lines of code for decoding any UDP packet that ASE sends and receives from the scanners, the tracker and the other servers.
    the packet to decode must be passed to the tool as a file containing its content.

  • All Seeing Eye UDP packets decoding/encoding algorithm 0.1 (ase_udp_decenc)
    the algorithm used to decode and encode the UDP packets sent and received from the various ASE servers.

  • ASE Ping 0.1.2 (aseping)
    simple tool to see remote servers information using the All-Seeing-Eye ping packet, used in games which support this protocol like Chrome, Purge and so on.
    this tool doesn't support the handling of multiple ping replies (I'm too lazy).

  • All Seeing Eye 'v' ping (aka scanner) algorithm 0.1 (ase_v_algo)
    the C algorithm used by some game servers (like Chrome and IGI2) supporting the ASE 'v' ping type that seems related to scanner servers.
    this type of ping doesn't seem to have any real practical and useful usage however it could be interesting for someone.
    more information inside the file.

  • OpenSource ASE Query SDK 0.1 (asequery_os_sdk)
    an opensource clone that emulates the ASE Query SDK Demo.
    all the information about how it works are naturally in the source code and in the documentation available in the original SDK from Udpsoft.
    currently the ASEQuery_status function works but is not fully complete.
    unsupported



COGS Gamearena:

  • COGS Gamearena IRC proxy 0.2.2a (cogs_irc)
    this tool acts as a proxy server that lets to use any IRC client to join the COGS chat on thearena-chat.gamearena.com.au:4445.
    note: if a channel requires a key, try with cogs, example: /join #quake4demo cogs
    read the text file inside.

  • COGS Gamearena IRC challenge algorithm 0.1 (cogs_irc_chall)
    this function is able to generate the needed CRYP response to send back to the COGS IRC server.

  • COGS Gamearena challenge algorithm 0.1.2 (cogs_chall)
    the algorithm for the calculation of the challenge response to send to the COGS server.



DirectPlay:



gMotor2:



Half-Life:

  • Half-life DLL decrypter and rebuilder 0.2 (hldlldec)
    a decrypter and PE rebuilder for the Half-life encrypted DLLs like sw.dll, hw.dll and some client.dll (like that one of tfc16).
    note that although the generated dll is correct seems to exist some checks in it or something similar which avoid the usage of the decrypted dll instead of the encrypted one, for example the game will load correctly but will crash at the multiplayer menu.
    so the main purpose is to analyze the clear dll.

  • Steamlist 0.1a (steamlist)
    simple servers browser that contacts the Steam master server.
    supports also the option for executing specific commands or programs for each IP.

  • Half-Life packets decoder sniffer 0.1.3 (hldec)
    tool (for both Win and Linux) for sniffing and decode the Half-Life packets on the fly. (Needs Winpcap on Windows) (note: Steam versions of the game now seems to use different methods or also compression).
    and the original disassembled encoding algorithm.

  • Half-Life packets encoding function 0.1.2 (hlenc)
    function for encoding the Half-Life packets (note: Steam versions of the game now seems to use different methods or also compression).

  • Half-Life packets decoding function 0.1.2 (hldec)
    function for decoding the for Half-Life packets (note: Steam versions of the game now seems to use different methods or also compression).
    and the original disassembled decoding algorithm.

  • HLkeycheck 0.1 (hlkeycheck)
    this little tool simply lets you to know if a Half-Life CD-Key is locally valid (offline) or not.
    and this is the small piece of algorithm that does the check.



Halo:

  • Halo proxy data decrypter 0.1.2 (haloproxy)
    proxy server that sits between a client and a server and decrypts all the exchanged packets in real-time.
    the plain-text data in the Halo packets is stored in bitstream format but this tool decrypts only the packets (it's a decrypter, not a parser) and the main bitstream block, you must get the rest of the data manually.

  • Halo packets decryption/encryption algorithm and keys builder 0.1.3 (halo_pck_algo)
    the asymmetric encryption algorithm used by the game Halo.
    this is a set of functions for handling the packets of this game (TEA algorithm), the keys needed to decrypt and encrypt them and the CRC at the end of each packet.

  • Halo PC music extractor and concatenator 0.2 (halomus)
    a simple tool for the fans of the music of the game Halo.
    it extracts all the pieces of music files from sounds.map and concatenate them. The output folder will contain about 60 megabytes of music.



PunkBuster:

  • Battlefield 2/2142 cdkey to PunkBuster GUID 0.1.1 (bf2guid)
    quick tool for calculating the PB GUID from any cdkey of these two games and others like Crysis and so on.
    for the other games is possible to use my Cdkey to Punkbuster GUID tester tool which is a testing tool for guessing the needed seeds and testing various combinations of seeds.

  • PunkBuster messenger 0.1 (pbmsgs)
    Note that EvenBalance has removed or limited such feature in almost all the games, so is still possible to send some types of messages but not multiple messages at too short intervals from outside, read the updates of this advisory for info about the flooding performed in-game.
    tool for sending anonymous external messages to any server which uses PunkBuster like America's Army, the Battlefield series, the Call of Duty series, DOOM 3, Enemy Territory and QUAKE Wars, the F.E.A.R. series, Medal of Honor: Airborne, Prey, Quake III Arena, Quake 4, the Rainbow Six series, Return to Castle Wolfenstein, Soldier of Fortune II and many others.

  • Punkbuster master server file downloader 0.1.1 (pbmsdown)
    a not so useful tool for downloading pbpat.1, pbsec.cl, pbsec.sv, pbq.4, pbq.5, htm\* and possibly other files for the games which use PunkBuster.

  • PunkBuster online GUID checker 0.1.16 (pbguidcheck)
    this tool verifies if a specific game GUID or list of GUIDs has been banned by PunkBuster.
    the list of GUIDs can be a classical sequence of GUIDs "one per line" or the html or txt/pbbans.dat version of the PunkBusted Master Ban Lists (the one selectable via Download).
    the result of the checks can be dumped in a file through the classical command-line redirection (> dump.txt).



Quake 3 engine:

  • Quakelive xmpp.quakelive.com password retriever 0.1.1 (quakelivexmpp)
    a basic tool and a text file which describe how to get the session password needed to use the own Quake Live account on the jabber/xmpp service of xmpp.quakelive.com from outside the game, so using any normal client supporting this open protocol (for example Pidgin):
    - Username: your username
    - Domain/server: xmpp.quakelive.com
    - Resource: quakelive
    - Password: the XAID password got with this tool/method

  • QuakeLive beta files decoder 0.1 (quakelivedec)
    simple decoder/encoder for the PK3 files of QuakeLive beta.

  • Multi engine RCON tool and password guesser 0.2.3d (multircon)
    useful tool, previously known as q3rcon, for sending RCON commands to servers which use different engines and support RCON (remote administration).
    currently it supports the Quake 3, Medal of Honor, Half-Life, IGI2, Doom 3 and Quake 2 engines (so not only these games but all the others derived by them too).
    the tool contains tons of options and features and also some password guessing functions which include brute forcing and wordlists.
    note about the password guessing function: some engines (quake 3) use an anti password guessing check (or is it a NT/XP workaround???) which allows only max two rcon commands at second and exist many reasons that can avoid to find the right password: packet lost, timeout, the previously mentioned check, possible firewall protections and more, without considering that could be needed months for a good scanning.
    this feature has been added only as proof-of-concept and not as a certain way for recovering the remote password.
    many people ask me how to use the password guessing function of this tool, the following are some examples:
    - password guessing using passwords of max 8 chars and with all the possible alphanumeric: multircon -i -b 8 azAZ09 SERVER PORT
    - recover an old password: multircon -i -B OLDPWD -b 8 azAZ09 SERVER PORT
    - wordlist: multircon -i -w WORDLIST.txt SERVER PORT
    - rcon DoS: multircon -x -i -b 10 09AZaz -d 100 SERVER PORT

  • Quake 3 engine cd-key to GUID 0.2 (q3key2guid)
    calculates the GUID ("cl_guid") of a Quake 3 cd-key.

  • Quake 3 engine GUID MD5 0.1 (q3_guid)
    the md5_init() modification used to calculate the cl_guid hash of cd-key (that contained in "cl_guid").

  • Online cd-key checker for Quake III 0.2.1 (q3onlinekeycheck)
    checks if your cd-key is valid offline and also online, in fact it simply contacts the server authorize.quake3arena.com and waits for a response.
    this new version has also a function letting you to use a text file containing all the keys you want to check (a key for each line) and if a key seems valid the program rechecks it to avoid false positives.

  • Quake 3 engine huffman algorithm 0.3 (q3huff)
    simple version of the Quake 3 huffman algorithm, ALL the code is from huffman.c of the Quake 3 1.32 GPL source code.
    I have only modified some variables and the prototype of the decompressing and compressing functions for a faster and simpler usage. An usage example is here.

  • How to disconnect a Quake 3 engine client using a single spoofed packet of at least 4 bytes (q3noclient)
    and the relative proof-of-concept.

  • SOF2keycheck 0.1 (sof2keycheck)
    this little tool simply lets you to know if a Soldier of Fortune 2 cd-key is locally valid (offline) or not.
    and this is the small piece of algorithm that does the check.

  • Q3keycheck 0.1 (q3keycheck)
    this little tool simply lets you to know if a Quake 3 CD-Key is valid or not locally (offline).
    and this is the small piece of the algorithm used for the check.



Race Driver (Codemasters):



Speed Challenge - Jacques Villeneuve's Racing Vision:

  • Speed Challenge proxy data decrypter 0.1 (scproxy)
    proxy server that decrypts any data exchanged between client and server.
    launch the server, launch this proxy tool specifying the IP and port of the server and another port to which you must connect your client and all the packets which will pass through it will be decrypted and displayed in real-time.
    example: scproxy 127.0.0.1 19800 1234

  • Speed Challenge network data checksum 0.1 (speed_challenge_net_cksum)
    the checksum algorithm used for calculating the big-endian 16 bits number at the beginning of each network data block.

  • Speed Challenge files decoder 0.1 (scfdec)
    decodes the files of the game like material.cfg and others.
    these decoded files can be modified and used without the need of reencoding them because the game can read them.

  • Speed Challenge network encryption/decryption algorithm 0.2 (speed_challenge_net)
    this is the complete algorithm for the decryption and the encryption of the network data exchanged by this nice game.
    the algorithm seems called also CSimpleCrypt, but I have found no information about it or if it is used in other games.



Ubi.com (aka GS4/Game Service/GamingZone):



Unreal engine:

  • Unreal engine packets plugin for sudppipe 0.2.2 (unreal_sudp)
    plugin for sudppipe which displays (and allows to edit) the content of the channels 1 and 3 of the packets of the games based on the Unreal engine:
    sudppipe -l unreal_sudp.dll SERVER 7777 1234
    then from the console of the game (~ key) type: open 127.0.0.1:1234


  • Unreal engine basic client and Fake Players DoS (unrealfp)
    link to the experimental client emulator tool available in the Fake Players section.
    it allows to send custom "control" commands to the servers based on the Unreal engine.

  • UMOD CRC calculation 0.2 (umodcrc)
    C header file containing the function to easily calculate the 32bit checksum of the umod package files, accepts filename or file descriptor as input.

  • UMOD file format 0.2.1 (umod)
    simple document containing the structure of the umod files.

  • UMOD extractor 0.3.3 (umodext)
    extracts all the files contained in the umod package files used by the Unreal engine based games (like UT, UT2003, UT2004 and so on). There are a lot of useful options and an automatic umod checksum calculator and fixer.

  • UnrIndex 0.1a (unrindex)
    old and simple tool which converts the numbers into the index type numbers used by the Unreal engine and viceversa.

  • Very very quick and practical explanation to the UnrealTournament 2003 heartbeat method 0.1.2 (ut2003ms)
    this document is an explained step by step about the authentication method used on the Unreal Tournament 2003 and 2004 master server (but with different server names).



Ventrilo:

  • Ventrilo port 5000 packet decoder 0.1 (vent5000dec)
    decoder for the packets sent to/from port 5000, a typical example are those for update.ventrilo.com and proinfo.ventrilo.com.

  • ventrilo3_handshake 0.3 (ventrilo3_handshake)
    set of functions for handling the centralized handshakes and the scrambled in-game keys used in Ventrilo 3.x.

  • Ventrilo RCon tool 0.2.9a (ventrcon)
    useful tool for sending rcon commands (both interactively and one-only) to Ventrilo servers.
    it contains also some custom commands which are /chan and /subchan for creating, deleting and listing all the available channels on the server and /user for creating new users.
    other options cover the possibility of executing all the commands in a file or sending commands through a local pipe file and various debugging functions.
    supports all the Ventrilo 2.x and 3.x versions.

  • Ventrilo status retriever 0.1 (ventstat)
    gets status information from the Ventrilo servers which has been implemented starting from version 2.1.2 of Ventrilo.
    it can be compared to the default "ventrilo_status" program included in Ventrilo but with support for any available command and a better handling of the input containing the target server (for example you can use URLs too).
    - Mark Veaudry has created a porting of the program and the algorithm to PHP.

  • Ventrilo UDP status algorithm 0.1 (ventrilo_udp)
    set of functions for decrypting and encrypting the UDP packets used to get the status information from Ventrilo server.

  • Ventrilo password hashing algorithm 0.1 (ventrilo_pwd_hash)
    the algorithm for calculating the password hash introduced from version 2.3.0 of Ventrilo.
    this hashing code is used by the clients for logging in the server and for the EncPass field in the ventrilo_srv.usr file.

  • Ventrilo proxy data decrypter 0.3.3 (ventrilo_proxy)
    debugging tool able to decrypt and show and dump in real-time all the data exchanged between a Ventrilo client and server.
    this is THE tool for anyone interested in the Ventrilo protocol.

  • Ventrilo encryption/decryption algorithm 0.2a (ventrilo_algo)
    the algorithm needed to decrypt and encrypt the connection between the Ventrilo client and server.
    very useful is also this data manipulation example 0.2b showing both decryption and encryption.



Xbox:

  • Xbox ADPCM plugin 0.1.3 (in_xbadpcm)
    Winamp plugin for playing the audio compressed with the Xbox ADPCM codec.
    supports the wave files with both tag 0x0069 and 0x0011 (used for ima adpcm which "seems" close to xbox adpcm) and XWB/WBA/XSD/XSH archives which are seen as an unique audio file and with the automatic skipping of WMA and PCM audio.

  • Xbox ADPCM decoder and player 0.2.3a (xbadpdec)
    versatile tool for creating WAV files from any audio file (WAV, raw and within raw files through some offset and size options) which uses the Xbox ADPCM codec.
    it has also other interesting options which can be used to play the files on any system without codecs (stdin/stdout pipes) or adding a wave header to raw data for listening the file with the Xbox adpcm codec and more.
    as the title suggests, this tool is also an audio player for the supported files encoded with the Xbox ADPCM codec.

  • TXboxAdpcmDecoder C 0.1.3 (uXboxAdpcmDecoder)
    deeply optimized C port of the TXboxAdpcmDecoder Delphi class written by Benjamin Haisch for decompressing the Xbox ADPCM audio.
    support both file-to-file and buffer-to-buffer decompression.

  • XWB/ZWB files unpacker 0.3.4 (unxwb)
    great tool for extracting the data contained in the Xbox files with the XWB, ZWB and WBA extensions and any other file which contains the XWB archives.
    it works from both GUI (double-click on unxwb.exe) or command-line where supports various options.
    it automatically recognizes the codec, frequency and channels of the audio files and adds the needed headers and extensions for trying to make them ready to play with any player.
    the tool has also many options for the visualization of the files in the XWB archives, for the direct conversion of the files (executes a program for each one of them), direct stdout output and many debugging options.
    it also support both little and big endian archives.
    in case of problems playing the output files try with VLC or MPlayer.
    the XMA files can be decoded with xmaencode: xmaencode.exe /X output.wav input_xma.wav



Others:
  • File extractors/decoders/decrypters:

    • Unigine ung files extractor 0.1 (uniginex)
      files extractor for the ung archives used by the Unigine game engine.

    • mmViewer mme dumper 0.1 (mmviewer_dumper)
      this is simply the original mmviewer.exe of mmViewer (version V110103) to which I added some binary code for converting it in a decrypter.
      launch mmdump.exe, select the mme file you want to decrypt and a file called x.z will be automatically generated in the same folder, rename as you wish with a ZIP extension and open it normally.

    • OSRW anticheat logs decrypter 0.1.1 (osrwdec)
      decrypter for the log files generated by the OSRW anticheat for rFactor (F1 rFactor 2010).
      these files have a rar extension and are located in the OSRW folder of the game.

    • Molebox2 files extractor 0.1 (molebox2ext)
      extractor for the archives of the games that use a particular version of Molebox for archiving their files like: Kingdom Elemental, Aquaria and others.
      the encryption algorithm used by the version of Molebox adopted in this game uses 16 bit code and is NOT compatible with the encryption used, for example, with the current trial version of Molebox (which looks more simple), so I don't know why there is this strange difference.
      instead the file format should be the same or similar for any Molebox version.
      the last argument of the command-line is the hexadecimal key that is located in the game's process near the ".BOX" signature.
      (this is exactly the tool previously called kepmboxext)

    • DefenseGrid dgp files hash calculator 0.2 (dgridhash)
      calculates, appends and replaces the hash at the end of the dgp files used in the game Defense Grid.
      works also with the files of the demo that use a modified sha1 algorithm.

    • SD Gundam Capsule Fighter Online ZPK/ZDX/DAT files extractor/rebuilder 0.4.2 (sdgundamext)
      tool for extracting the files from the ZPK/ZDX archives and for unpacking the DAT (aka ZOAGZIP) files of this game.
      the tool has also a rebuild option which could be useful with the recent patches (from the end of August 2009) of this game where seems no longer possible to use the extracted files in the game main folder.

    • Test Drive Unlimited savegames/files decrypter/encrypter 0.1 (tdudec)
      quick tool for decrypting and re-encrypting the files in the playersave folder of the user and the .btrq, .db and any other encrypted file of this game.
      remember to add the type 1 for decrypting/encrypting the non-savegame files, examples:
      - tdudec.exe d commondt.sav commondt.sav.new
      - tdudec.exe d 246_Dino_GT.btrq 246_Dino_GT.btrq.new 1
      and remember also that the BNK files are archives so they must be extracted first with programs like Bnk Editor.

    • PartyGaming files decrypter 0.1 (partydec)
      decrypter for the encrypted files used in PartyPoker, PartyGammon, PartyCasino and so on like the various INI and BIN files (ARA.ini, GRA.ini, Sys.ini, NewTable.bin, poker.bin, Table.bin and so on).

    • Telltale TTARCH files extractor/rebuilder 0.2.3 (ttarchext)
      tool for extracting and rebuilding the files archived in the ttarch archives used in the games developed by Telltale Games like:
      - Hector
      - Back to the Future
      - Poker Night at the Inventory
      - Sam & Max
      - Nelson Tethers: Puzzle Agent
      - Tales of Monkey Island
      - CSI series
      - Strong Bad's Cool Game for Attractive People
      - Wallace & Gromit's Grand Adventures
      - Bone
      - Telltale Texas Hold'em
      - Jurassik Park
      - The Walking Dead series
      - Poker Night 2
      - The Wolf Among Us
      remember to use the -m option to dump the FONT and D3DTX files as DDS and the AUD as OGG but do NOT use this option if you plan to rebuild the ttarch archive!.
      the tool has also various options for listing the files without extracting them, overwriting the existent files, wildcards and other options (mainly debug stuff for myself).
      examples for "Tales of Monkey Island: Launch of the Screaming Narwhal":
      • extraction: ttarchext.exe 24 "C:\Program Files\Telltale Games\Tales of Monkey Island\Launch of the Screaming Narwhal\Pack\0_monkeyisland101_pc_launcheronly.ttarch" c:\output_folder
      • rebuilding: ttarchext.exe -b -V 7 24 "C:\Program Files\Telltale Games\Tales of Monkey Island\Launch of the Screaming Narwhal\Pack\0.ttarch" c:\input_folder
      remember that if you have modified only a couple of files (for example english.langdb and one or images) you don't need to rebuild the whole archive but it's enough to build a new one called 0.ttarch containing ONLY the files you modifed, it will be read by the game like a patch and will occupy only a minimal amount of space.
      note that the old versions of the TellTale games (so not those currently available on that website) are not supported because use different encryptions and sometimes format, and being old versions are NOT supported by me in any case.
      if the game uses version 7 or 8 and crashes when uses the rebuilt package try to rebuild the archive specifying the -x option.

      Usually you don't need to create 0.ttarch if you modify only the landb file, you can leave that file in the pack folder.

    • Call of Duty series mpdata decrypter/encrypter 0.1.1a (codmpdatadec)
      decrypter and re-encrypter for the Profiles mpdata file used in Call of Duty 4 and Call of Duty 5 / World at War.

    • Asura engine "AsuraCmp" files decompressor 0.1 (asurauncmp)
      decompressor for the compressed data files used in the games based on the Asura engine like Sniper Elite, Rogue Trooper, Guard Shield and so on.
      these compressed files are easily recognizable due to the AsuraCmp signature at their beginning.
      the tool simply decompress the file, does not extract or handle its content.

    • Stainless Steel Studios SSA files extractor 0.1 (ssaext)
      an extractor which works with all the games developed by Stainless Steel Studios like Empire Earth, Empires: Dawn of the Modern World and Rise and Fall: Civilizations at War.

    • Canhel PAC->ZIP and ZIP->PAC converter 0.1 (canhelpaczip)
      converts the PAC files of this (beta) mmorpg in ZIP and viceversa.

    • Spike Girls SGP* files decoder 0.1a (sgpdec)
      simple decoder for the SGP* files of this game.

    • Ultima Online uodemo.dat extractor 0.1b (uodemoext)
      files extractor for the uodemo.dat file of Ultima Online Second Age, the tool could work with other encrypted files too.

    • Egosoft X series CAT/DAT files extractor 0.1 (egoxext)
      extractor for the CAT/DAT archives used in any of the X games developed by Egosoft: X, X2 and X3.

    • Cauldron FS files extractor 0.2a (cauldronext)
      extractor for the FS archives of the games developed by Cauldron like Battle Isle, Chaser, Gene Troopers, Civil War, Battle for the Pacific, Soldier of Fortune Payback, Secret Missions, Secret Service and so on.
      the tool allows also to specify (-x) the byte to use for XORing the compressed chunks of the demos, like 0x48 for the demo of Battle Isle and 0x44 for the Chaser one.

    • Big Scale Racing files decoder 0.1 (bsrdec)
      quick decoder for all the FSW, FS3, FSP and the other encoded files of this game.

    • MotorM4x files decoder 0.1.1 (motorm4xdec)
      decodes and re-encodes the files extracted from the ZIP archives with the MDL/DTF extensions of the game MotorM4x.

    • EipiX Pyroblazer packages/files extractor 0.1 (pyroblazerext)
      extractor for the Packages.dat archive of the game Pyroblazer.
      the tool "could" work also with other games developed by EipiX.

    • WorldShift XE/XP files extractor 0.1.2d (worldshiftext)
      tool for extracting the compressed/encrypted XE and XP archives used in the WorldShift game

    • WorldShift XE files rebuilder 0.1b (worldshiftbuild)
      tool for building the XE archives of this game, useful in case have been modified the original file and you want to re-import them in the game.

    • ShellShock Nam67 files extractor 0.1 (ssnam67ext)
      extractor for the "assets" data files of this game.

    • Milestone MIX files extractor 0.1.3 (msmixext)
      extractor for the MIX archives used in the Milestone games like S.C.A.R., Superbike 2000 and 2001, Evolution GT, MotoGP 08, SBK 08, SBK 09, SBX X, Superstars V8 Racing, Superstars V8 Next Challenge and more.

    • Falcom Ys NACCI savegame files decrypter/encrypter 0.1 (ysnacci)
      tool for decrypting and re-encrypting the savegames of Ys6, Ys Felghana/Ys3 and Ys Origin.

    • Falcom YS games XSO files extractor and rebuilder 0.1.1b (xsoext)
      tool for extracting and rebuilding the XSO files used in the YS game series of Falcom.
      the XSO are the files which contain all the dialogs of the games and this tool first dumps all them in a new text file very easy to edit with any text editor and AppLocale (AppLocale is needed for seeing the asian characters) and then recreates the new XSO files from that text file.

    • Falcom YS games NA/NI/Z files extractor and rebuilder 0.1.3b (ysext)
      complete tool for extracting and rebuilding (-r) or appending (-a) the NA/NI/Z archives used by the series of games developed by Falcom like Ys Origin, Ys Felghana, Ys VI and any other which uses these types of files.
      the tool supports also various options like listing all their content without extracting them, wildcards for specific files, decrypting and encrypting them without extracting their content, creating a Z file and so on.
      typical usage example for extracting all the files and creating a complete index/config file:
      • md c:\data
      • md c:\data_1101
      • ysext -n c:\data.txt "c:\program files\falcom\ys6_win\release\data.na" c:\data
      • ysext -n c:\data_1101.txt "c:\program files\falcom\ys6_win\release\data_1101.na" c:\data_1101
      • type c:\data.txt c:\data_1101.txt > c:\conf.txt
      • now enter in the folder c:\data_1101 and move all its files into c:\data
      • now c:\data contains all the updated files of the game and c:\conf.txt is the config file required for rebuilding/appending the files to the NI/NA file, while c:\data_1101, c:\data.txt and c:\data_1101.txt can be deleted

    • NCF/CCF packet format to tcpdump capture format 0.2 (ncf2cap)
      converts the CommView NCF and CCF dumps into the classical tcpdump/Wireshark CAP format.

    • ORK files decrypter and extractor 0.1.1 (orkdec)
      files extractor for the ORK archives used in the games developed by Black Hole Entertainment like Armies of Exigo and Warhammer Mark of Chaos (both demo and retail keys supported).
      note that you must know the full path of the files to extract otherwise you can do nothing, that's why exist the above "orkdec filenames dumper".

    • orkdec filenames dumper 0.1.1 (orkdec_files)
      tool for loading the games which use the ORK archives and automatically dumps all the loaded filenames in a text file that can be used with orkdec for the subsequent extraction.
      compatible with any version and game (tested Armies of Exigo and WarHammer Mark of Chaos, both demo and retail), remember to use no-cd executables since are not encrypted.

    • PS2/VXBG files extractor/rebuilder 0.1 (ps2ext)
      extractor and rebuilder for the files with the PS2 extention used in games like Syberia 1.

    • WPE packet format to Tcpdump capture format 0.2 (wpe2cap)
      simple tool for converting the files saved with Winsock Packet Editor (WPE) Pro, supports both PAC and TXT files and multiple TCP connections.

    • Vital engine files extractor 0.1 (vitalext)
      extractor for the GRP files used by the games based on the Vital engine like Codename Outbreak / Venom and Boiling Point.

    • THPS HED/WAD files extractor/builder 0.2a (hedwadext)
      simple extractor and rebuilder for the games which support the hed/wad files like Tony Hawk Pro Skater.
      doesn't seem to work on some of the most recent games so I need to classify it as unsupported.

    • BOR PAK extractor/builder 0.1a (borpak)
      a tool for extracting and building the PAK archives used in the game Beats of Rage.

    • BOR music player 0.1.1 (borplay)
      simple command-line player for the music files used in the Beats of Rage mods
      the tool supports both BOR and PAK files, many can be found here and here.
      BOR music files use the classical ADPCM codec so the source code of this tool can be modified just a bit for playing also other files encoded with the same algorithm.

    • Close Combat First to Fight files extractor 0.1 (ccftfext)
      files extractor for the BIN/XXX and PWD archives of this game and hopefully other similar games which contain various texture, script and audio files.

    • FSB files extractor 0.3.2a (fsbext)
      files extractor for the FSB (FMOD Sample Bank) archives used by the FMOD library.
      it supports FSB1, FSB2, FSB3, FSB3.1, FSB4 and FSB5 and also the encrypted archives that can be cracked easily because it's possible to see parts of the original password.
      the tool has also options for listing files, automatic big to little endian conversion for wave files, -a option for adding headers to the extracted files for playing them with VLC or vgmstream (fsbext generates the header for all the formats like pcm, ima-adpcm, vag, gcadpcm, xma, mp3, it214, it215 and so on) and even for rebuilding the original FSB archive.
      the FSB files are used in a huge number of PC, Xbox, Playstation and Nintendo games so if you have one of these files this is the tool for the job.
      the tool works from both command-line and minimalistic GUI on Windows when the exe is double-clicked.
      Note: the mp3/delta format used by Fmod is incompatible with the standard players, so from version 0.3.1 fsbext dumps only the first mono/stereo channel. this behaviour can be disabled with the -m option.

    • Nexus files extractor 0.1.1 (nexusext)
      tool for extracting or decrypting ALL the dat files used in the game Nexus - the Jupiter Incident aka Galaxy Andromeda and Imperium Galactica III: Genesis.

    • TNTFOLDER files decrypter/encrypter 0.3 (tnt2zip)
      tool for converting the encrypted .tntFolder files used in the games based on the TNT engine made by GSC Gameworld to the original ZIP files and viceversa.
      some of the games which use the tntFolder archives are HoveRace and FireStarter.

    • CBF files extractor 0.2.2 (cbfext)
      extracts any file contained in the .CBF archives of the games which use the Ptero-Engine like Flying Heroes, Vietcong and Vietcong 2.

    • Virtools .crypted files decrypter 0.1 (virtdec)
      decrypts the .crypted files usually located in the MediaCache folder in the Virtools directory, usually requires the usage of the "Virtools files unpacker" for retrieving the key from the objects file of the original VMO file.
      note that this tool does only the decrypting job, I don't know how to handle the read these files.

    • Virtools files unpacker 0.1.3 (unvirt)
      extracts the files contained in VMO, NMS, NMO, CMO, VBF (VXBG) and any other file of the same format created with the Virtools programs.
      note that this tool does only the extraction job, I don't know how to handle the components and objects files.

    • Zanzarah PAK files unpacker/repacker 0.1 (zanzapak)
      a simple unpacker/repacker written to patch this game for the traduction made by the "Figli di Gaucci" team.

    • GameGuard files decrypter 0.1 (gguardfile)
      simple and a bit useless (because files can't be re-encrypted) tool to decrypt the configuration and update files used by the NProtect GameGuard anti-cheat program (that used by some MMORPG games).
      read the text file inside for some examples and details.

    • Rome Total War sounds extractor 0.1.1 (rtwsndext)
      simple and old tool to extract any sound and moreover music from the IDX files in the Data\Sounds folder of the game Rome Total War.

    • Massive Assault Network files decoder/encoder 0.1 (manext)
      an useful tool to decode and re-encode the encoded files used by the game Massive Assault Network.

    • Lineage II files decoder/encoder 0.2.1 (lin2ed)
      this tool lets you to decode and re-encode the files of the MMORPG game Lineage II.
      supports the following encryption formats: 111, 121, 211 and 212.
      it is no longer supported due to the introduction of the 411/412/413/414 formats that use private keys so decryption is ok but is not possible to re-encrypt the files.
      so I highly suggest you to check the following website: http://dstuff.luftbrandzlung.org/l2asylum/.

  • Algorithms, functions and derivated tools:

  • Network based projects (listers, checkers, info retrievers):

    • Origin PIDs (origin_pids.txt)
      PIDs of the games available on EA Origin.
      last update: 11 Aug 2013.

    • EAlist 0.1.4 (ealist)
      command-line servers browser based on the list of game servers provided by the Electronic Arts master servers commonly called fesl or theater and supporting various games for PC, Xbox 360 and PS3 like Battlefield Bad Company 2, Battlefield Heroes, the Need for Speed series, Skate and others for which don't exist alternative listers.
      the usage of the tool is the same of gslist.
      for using the tool is necessary an EA account (any account or any EA game is ok for all the supported games), note that the needed account doesn't seem the one with the mail address as username... anyway in doubt try it.
      if you don't have one or something doesn't work using your existent one you can register a new account directly using the -A option and the mohair-pc gamename: ealist -a NEWUSER NEWPASS mohair-pc -A
      example for querying the Battlefield Bad Company 2 PC servers:
      ealist -n bfbc2-pc -a USERNAME PASSWORD mohair-pc
      the tool allows also to send custom data (experimentally) for testing other types of commands and even to run a fake fesl server which becomes very useful in combination with gs_login_server and games like Red Alert 3 and Battlefield 2142.

    • Live for Speed setups dumper 0.1 (lfsdumpsetups)
      decrypter of the setups received from the server which allows to save the setups of the other players.
      practically in this game you can save the setup of another player only if he presses the "send setup" button (ss) near your nickname but in reality this is not needed because the setup is already received from the server when joined and everytime the other players change or modify their setup.
      as input the tool requires only the dumped tcp stream of the connection which can be capture with a sniffer like Wireshark, an example step-by-step is showed at runtime.
      tested with Live for speed S2 Z.

    • America's Army 3 auth packets ssc_decrypt 0.2.1 (aa3authdec)
      simple tool for decrypting any encrypted communication and sniffed session (tcpdump format, like the files generated by Wireshark) with the authentication server of America's Army 3 auth.aa3.americasarmy.com and any other data encrypted with the ssc_encrypt function like, for example, the query packets implemented from version 3.0.5 of AA3.
      usage examples:
      - aa3authdec.exe "c:\Program Files\America's Army 3\Binaries\aa3.key.db" raw_dump.dat
      - aa3authdec.exe -o 10 c6mw4it2kg7sz5o0813d9qyufenhj query_dump.dat
      note that this tool probably works also with other games which use the Leverage library.

    • How to get the list of game servers from getgsc.com 0.1.3 (getgsc_list)
      quick example of how to retrieve the servers list of Total Gaming Client and GameTracker.

    • HLSWlist 0.1.1c (hlswlist)
      command-line servers browser based on the list of game servers provided by HLSW on multimaster.hlsw.org:12451 and with an usage similar to gslist (so syntax and options are the same).
      it supports all the games available on HLSW and which are partially listed here.

    • CameraWaREC 0.1 (camerawarec)
      command-line recorder, lister and thumbnails viewer/monitor for the webcams on CameraWare.
      does NOT need accounts to work.

    • CamFrog login tester example 0.1 (camfroglogin)
      practical example of the implemenation of my camfrogcrypt functions and basic tool for testing the login mechanism on the CamFrog servers.
      compatible with the current Camfrog protocol (5.1).

    • Battlefield 2 and 2142 bitstream sniffer 0.1.1 (bf2_sniff)
      experimental tool/hooker for monitoring the reading and the writing of the network protocol used in the BF2 and BF2142 games.
      in short there is a loader for the clients and one for the servers which are compatible with both the two games and seems also with almost any known version.
      all you need to do is placing bf2_sniff_client.exe, bf2_sniff_server.exe and bf2_sniff.dll in the folder of your game and launching the needed bf2_sniff_* executable which will inject the dll in the loaded process (the loaders allow you to decide also the command and the dll to load in case you want to customize them without recompiling).
      all the bits read and wrote (received and sent) by your game will be automatically dumped in a text file which can be viewed and analyzed in any moment.
      if you want to understand the network protocol of this game engine, bf2_sniff will help a lot.

    • Babo Violent 2 RCON 0.1 (bv2rcon)
      simple tool which works as a RCON client for the Babo Violent 2 servers, so is possible to send rcon commands to the own server.

    • JMeetREC 0.2d (jmeetrec)
      this easy-to-use tool allows the recording of a webcam video (frames) available on JMeeting.
      you can also watch the video in real-time or re-watch it in any other moment through two simple cross-platform html files (watch_ever.htm requires dom.disable_image_src_set disabled on Firefox).
      it contains many option and is possible to monitor multiple webcams at the same time through the watch_thumb.htm file.
      does NOT need accounts to work.

    • AWCamREC 0.2.1d (awcamrec)
      command-line recorder, lister and thumbnails viewer and monitor for the webcams on AnyWebcam.
      does NOT need accounts to work.

    • Ultima Online account checker 0.1 (uologin)
      verifies if an online Ultima Online account is valid or not.

    • Ultima Online login encryption algorithm 0.1 (uologin)
      the algorithm used to send the login information to the login.owo.com server of Ultima Online, it's based on the latest 5.00 encryption algorithm.

    • Teamspeaklist 0.1.1 (tspeaklist)
      allows to retrieve the list of online TeamSpeak servers through the usage of filters and has also other options like executing a specific program for each server found.

    • Neverwinter Nights account checker 0.1.1 (nwnlogin)
      tool for verifying if an username and a password are an existent Bioware NWN account.

    • Qtracklist 0.1.1 (qtracklist)
      simple servers browser that uses the Qtracker master server. Supports also the option for executing specific programs for each IP.
      remember to check the following link periodically for possible updates to the games list:
      qtracklist.cfg (qtracklist)
      updated 13 Nov 2010 (corresponding to Qtracker 4.92)

    • QtrackUP 0.1 (qtrackup)
      just a simple heartbeats sender for the Qtracker master server like the original QtUplink.
      qtrackup.cfg (qtrackup)
      updated 07 Nov 2005 (corresponding to QtUplink 1.52)

  • decompression functions:
    all used in QuickBMS where are located tons of other memory2memory algorithms.

    • uberflate 0.1.1 (uberflate)
      library for performing kzip+deflopt+defluff+deflopt without using files and achieving one of the best zlib/deflate compressions available, more info in uberflate.h.
      I have written a simple tool for testing the library using ubeflate_test.exe input_file output_file:
      uberflate_test

      the library is implemented in QuickBMS and can be tested using the following BMS script:
          comtype uberflate
          get SIZE asize
          clog "dump.dat" 0 SIZE SIZE

    • undflt 0.1 (undflt.c)
      an algorithm defined as DFLT used in LEGO Lord of the Rings and maybe other games of Traveller's Tales.

    • Simple LZSS used in SEGA 0.1 (unyakuza.h)
      Used in Yakuza 3 and Binary Domain.

    • hd2 (hd2.h)
      algorithm used in Hidden and Dangerous 2.

    • ntcompress (ntcompress.h)
      the algorithms for types 0x30 and 0x40 used in NTCompress.exe of Nintendo Wii Revolution SDK.

    • undk2 (undk2.h)
      algorithm used in the games of Electronic Arts.

    • un434a (un434a.h)

    • stalker_lza (stalker_lza.h)
      algorithm used in the game Stalker.

    • tzar_lzss (tzar_lzss.h)
      interesting algorithm used in the game Tzar.

    • un49g (un49g.h)
      algorithm used in the games developed by 49Games.

    • undarksector 0.1a (undarksector.h)
      a simple algorithm used in the game Dark Sector as ZIP type 64.

    • unlz2k 0.1a (unlz2k.h)
      an algorithm defined as LZ2K used in Transformers and LEGO Star Wars / Batman and maybe other games of Traveller's Tales.

    • unmeng 0.1 (unmeng.h)
      an algorithm used in DreamKiller (Mindware engine).

    • unrlew 0.1 (unrlew.h)
      an RLEW implementation.

    • Asura huffboh 0.1 (asura_huffboh.c)
      compression algorithm (huffman?) used in the Asura engine.
      I don't know what exact algorithm it is, anyway it gets the dictionary from the first 300 bytes of the data/file.

    • unthandor 0.1 (unthandor.c)
      decompression algorithm reversed from the game Thandor.
      I don't know what exact algorithm it is, anyway it gets the dictionary from the first 256 bytes of the data/file.

    • unlzwx 0.1 (unlzwx.c)
      an implementation of a LZW memory decompressor in use in the Milestone games.

    • unlzss 0.1 (unlzss.c)
      function for a LZSS memory decompression (the classical one).
      in QuickBMS I use a better and more versatile version.

    • unlzw 0.1.2 (unlzw.c)
      simple LZW memory decompression function in use on the Vietcong games, it seems compatible with the algorithm used in the compress (*.Z) utility.


  • MD5 hashes of the WADs for the Doom engine 0.2 (wad_md5.h)
    C style collection of MD5 hashes of tons of Doom/DoomII/Heretic/Hexen wads which were needed for some of my projects.

  • Westwood online chat password encoder 0.1 (wocenc)
    the encoding algorithm used by Westwood to encode the passwords used by the users to chat. probably useless... old stuff.



Information and games zip passwords:
this section collects all those small information (useful or totally useless) which don't lead to projects but can be interesting for some people for curiosity or need.

old and unsupported stuff:
  • Testing tool for RogerWilco 0.4 (wilco)
    a complete and useful testing suite for RogerWilco with a lot of functions, options and information
  • GSHlog 0.1 (gshlog)
    another logger/sniffer similar to GSHsniff but which looks only to encoded packets and only to those sent/received to a specific game port.
  • GSInfo 0.4 (gsinfo)
    retrieves information from all the servers that use the standard Gamespy queries like "\status\", "\players\" and many others plus the new query protocol (FE FD ...)
    use Gslist
  • HLInfo 0.1.6 (hlinfo)
    very basic tool to retrieve information from Half-Life servers
    use Gslist
  • IDInfo 0.2 (idinfo)
    retrieves information from servers that use the IDSoftware protocol (Quake, Q2, Q3, RTCW, SOF, SOF2 and many others)
    use Gslist
  • UnrealTournament 2003 online servers added to favorites 0.1 (ut2003fav)
    this simple program is like an experiment to automatically add the servers listed in the page http://ut2003master.epicgames.com/serverlist/full-all.txt with lower ping into the favorites section of UT2003. The tool can be used on both Win32 and GNU/Linux and must be launched by the UT2003\SYSTEM directory. I recommend you to do a backup copy of the file UT2003.ini and to test different maximum ping timeout. To clean your UT2003.ini file you must simply delete the text lines in it beginning with Favorites=
  • UnrealTournament 2003 servers list retriever 0.2 (ut2003ms)
    it is based on the web list available on http://ut2003master.epicgames.com/serverlist/full-all.txt
  • UnrCheck 0.2 (Package files checker) (unrcheck)
    old and no longer supported utility for finding possible errors in the package files used by the games based on the Unreal engine. I have created it when I found the bugs in the Unreal engine at February 2003
  • Unreal Tournament 2003 alternative network project 0.1.3 (ut2003altproj)
    inside the package there is a complete explanation, however it is a simple patch for the retail UT2003 version 2225 (both Win32 and Linux versions) letting the users to play in the DEMO network of UT2003 using their original retail copy. My idea is to create a parallel/alternative network for all the players having the full original game
    at the moment is possible to join the demo network but NOT to host in it, uses a manual method to host your server in this network (like Gslist)
  • Unreal Tournament 2004 alternative network project 0.2.1 (ut2004altproj)
    this project is a patch for Unreal Tournament 2004 v3369 (both Win32 and Linux) and allows the usage of your retail game on the demo network or the usage of the retail patch on the demo.
    it is just like the same project I did for UT2003 listed above.
    the old projects are available for the versions 3355, 3339 and 3236
    at the moment is possible to join the demo network but NOT to host in it, uses a manual method to host your server in this network (like Gslist)
  • Empires Dawn of the modern World: packets encoding/decoding algorithm 0.1 (empires_algo)
    the algorithm needed for the encoding and decoding of the packets exchanged by this strategic game
    note: it's not complete
  • Winziphide 0.3.1 (winziphide)
    this tool converts all the attributes of the files in the zip to directories attributes so Winzip and some other programs cannot show them (and viceversa for re-showing them)
  • Easy step-by-step to run Google Earth on Windows 98 0.1