Luigi Auriemma

me@aluigi.org [PGP]

News QuickBMS Research MyToolz Advisories Proof-of-concepts Fake players bug Patches Password recovery MyMusic TestingToolz About... RSS feeds
aluigi.org zenhax old forum mirror   Twitter LinkedIn
SEARCH
adv.htm
    italiano - swserver

    Blazix 1.2 jsp view and protected folder access (no tag)
    24 Aug 2002:  adv -
poc.htm
papers.htm
    this proxy server transforms any normal IRC server in a Peerchat server.
    it works in a similar way to peerchat_irc but does the opposite job, so the clients of a game which use the Peerchat server can connect to a classical local or remote IRC server:
    game client -> peerchat_server -> IRC server
    the file gslist.cfg must be in the same folder of the tool and naturally is required an IRC server where connecting the players.
    obviously the players need to force the connection of their game clients to the peerchat_server IP, a classical way is modifying the hosts file as explained in the guide of the tool.
    read the text file inside.
papers.htm
papers.htm
papers.htm

  • Halo PC music extractor and concatenator 0.2 (halomus)
    a simple tool for the fans of the music of the game Halo.
    it extracts all the pieces of music files from sounds.map and concatenate them. The output folder will contain about 60 megabytes of music.


papers.htm

  • mmViewer mme dumper 0.1 (mmviewer_dumper)
    this is simply the original mmviewer.exe of mmViewer (version V110103) to which I added some binary code for converting it in a decrypter.
    launch mmdump.exe, select the mme file you want to decrypt and a file called x.z will be automatically generated in the same folder, rename as you wish with a ZIP extension and open it normally.

  • OSRW anticheat logs decrypter 0.1.1 (osrwdec)
papers.htm
papers.htm
    the tool has also various options for listing the files without extracting them, overwriting the existent files, wildcards and other options (mainly debug stuff for myself).
    examples for "Tales of Monkey Island: Launch of the Screaming Narwhal":
  • extraction: ttarchext.exe 24 "C:\Program Files\Telltale Games\Tales of Monkey Island\Launch of the Screaming Narwhal\Pack\0_monkeyisland101_pc_launcheronly.ttarch" c:\output_folder
  • rebuilding: ttarchext.exe -b -V 7 24 "C:\Program Files\Telltale Games\Tales of Monkey Island\Launch of the Screaming Narwhal\Pack\0.ttarch" c:\input_folder
  • decrypt lenc: ttarchext 55 c:\input_file.lenc c:\output_folder
papers.htm
    note that the old versions of the TellTale games (so not those currently available on that website) are not supported because use different encryptions and sometimes format, and being old versions are NOT supported by me in any case.
    if the game uses version 7 or 8 and crashes when uses the rebuilt package try to rebuild the archive specifying the -x option.

    Usually you don't need to create 0.ttarch if you modify only the landb file, you can leave that file in the pack folder.

  • Call of Duty series mpdata decrypter/encrypter 0.1.1a (codmpdatadec)
papers.htm
  • ysext -n c:\data.txt "c:\program files\falcom\ys6_win\release\data.na" c:\data
  • ysext -n c:\data_1101.txt "c:\program files\falcom\ys6_win\release\data_1101.na" c:\data_1101
  • type c:\data.txt c:\data_1101.txt > c:\conf.txt
  • now enter in the folder c:\data_1101 and move all its files into c:\data
  • now c:\data contains all the updated files of the game and c:\conf.txt is the config file required for rebuilding/appending the files to the NI/NA file, while c:\data_1101, c:\data.txt and c:\data_1101.txt can be deleted
papers.htm
papers.htm
    extracts any file contained in the .CBF archives of the games which use the Ptero-Engine like Flying Heroes, Vietcong and Vietcong 2.

  • Virtools .crypted files decrypter 0.1 (virtdec)
    decrypts the .crypted files usually located in the MediaCache folder in the Virtools directory, usually requires the usage of the "Virtools files unpacker" for retrieving the key from the objects file of the original VMO file.
    note that this tool does only the decrypting job, I don't know how to handle the read these files.

papers.htm
papers.htm
  • Battlefield 2 and 2142 bitstream sniffer 0.1.1 (bf2_sniff)
    experimental tool/hooker for monitoring the reading and the writing of the network protocol used in the BF2 and BF2142 games.
    in short there is a loader for the clients and one for the servers which are compatible with both the two games and seems also with almost any known version.
    all you need to do is placing bf2_sniff_client.exe, bf2_sniff_server.exe and bf2_sniff.dll in the folder of your game and launching the needed bf2_sniff_* executable which will inject the dll in the loaded process (the loaders allow you to decide also the command and the dll to load in case you want to customize them without recompiling).
    all the bits read and wrote (received and sent) by your game will be automatically dumped in a text file which can be viewed and analyzed in any moment.
    if you want to understand the network protocol of this game engine, bf2_sniff will help a lot.
quickbms.htm
    Source Code / Linux:
  • quickbms-src-VERSION.zip
    the full source code of the tool, it's separated from the executables to reduce the size of the download and avoiding confusion to the users.
    on Linux it's enough to go in the src folder and launch make.
  • older versions use the quickbms-src-VERSION.zip name prototype and are available on aluigi.zenhax.com, example http://aluigi.zenhax.com/papers/quickbms-src-0.12.0.zip
quickbms.htm
  • for a graphical step-by-step check this page
  • dump the compressed data in a new file, maybe using a hex editor (you can call this file dump.dat)
  • create a new folder (for example c:\output_folder)
  • put comtype_scan2.bat, comtype_scan2.bms and quickbms.exe in the same folder
  • from the command-line type:
quickbms.htm
  • comtype_scan2.bat comtype_scan2.bms dump.dat c:\output_folder
    if you already know the decompressed size (for example 0x112233), use:
  • comtype_scan2.bat comtype_scan2.bms dump.dat c:\output_folder 0x112233
  • during this process you must press CTRL-C when you see quickbms stalled/freezed for some seconds and answer N when Windows will ask you "Terminate batch job (Y/N)?"
quickbms.htm
  • go in the output folder and verify all the created file with a hex editor
  • there are some tricks to make this work easier:
  • search for an expected string with grep, for example if you expect a wav file use grep -rs RIFF c:\output_folder
  • start the verification process from the biggest files
  • remove the files that have a size smaller than the original file
fakep.htm
  • Medal of Honor (AA, SH and BT) Fake players DoS 0.2.1a (mohaafill)
    proof-of-concept specific for the Medal of Honor games: Allied Assault, Spearhead and Breakthrough.
    the only requirement is for the last two games (SH and BT) where is required a valid online cd-key to test an internet server due to the usage of online authentication.
    is possible to use custom player names through the editing of the mohaafill.ini file located in the same folder.

  • Speed Challenge Fake players DoS 0.2 (scfakep)
mytoolz.htm
    - convert to mono 16bit
    - normalization
    - remove initial/final silence
    support for single wav file or a whole folder (that's how I cleaned all my collection)

  • x86 32bit calling conventions 0.2.2a (calling_conventions)
mytoolz.htm
    the program has been successfully tested with many audio files and moreover with those highly dirty and damaged, for example recorded with a microphone in a room or at a very low volumes or with some noise.

  • myftpidx 0.1.3 (myftpidx) .image.
    tool for indexing recursively any file available inside a FTP server or one of its folders.
    it has options for verbose output, full or relative URL, fields to visualize and HTML output.
    I wrote it because sometimes happens to need a specific file or a set of files available on a FTP server but we don't know in what folder they are located or if exist different and most updated versions and copies of that program/file, so this tool lists all the names and sizes of the files inside a specific FTP directory or just in the entire server for allowing an easy searching of these files in the local list.
mytoolz.htm
  • Signsrch 0.2.4 (signsrch) .image.
    tool for searching signatures inside files, extremely useful in reversing engineering for figuring or having an initial idea of what encryption/compression algorithm is used for a proprietary protocol or file.
    it can recognize tons of compression, multimedia and encryption algorithms and many other things like known strings and anti-debugging code which can be also manually added since it's all based on a text signature file read at runtime and easy to modify.
    supports multithreading, scanning of folders using wildcards, scanning of processes, conversion of the executables offsets in memory offsets, loading of custom signature files and their automatic checking for avoiding errors, automatic finding of the instructions that reference the found signatures (like "Find references" of Ollydbg) and the launching of an executable placing an INT3 byte at the desired memory offset (for example one of those retrieved with the -F option, watch the .htm">Video setion for an example).
    the tool supports 8, 16, 32 and 64 bits, float and double plus automatic CRC table creation and C style strings.
mytoolz.htm

  • DirComp 0.2.1 (dircomp) .image.
    tool for comparing the files contained in two or more directories.
    the output is easy to read and lists all the files which differ (the check is performed on both size and content) and those who are not available in certain folders.

  • Byte2C 0.2a (byte2c) .image.
mytoolz.htm
    the files will be dumped with a guessed extension that can be useful for their quick identification.
    the tool has also a reimport option (-r) like QuickBMS.
    how to dump all the zlib compressed files in an archive:
    - offzip.exe -a input_archive output_folder 0
    how to dump all the deflate compressed files in an archive:
    - offzip.exe -z -15 -a input_archive output_folder 0
mytoolz.htm
    example code to show available network interfaces on Windows.

  • MD5 on the fly 0.1 (md5fly) .image.
    simple utility for Win32 that calculates CRC32 and MD5 checksum of a file and shows the result in a MessageBox.
    To use it: copy or link the file md5fly.exe in the SendTo folder of Windows (example "c:\windows\sendto" or "C:\Documents and Settings\USERNAME\SendTo") or use drag'n drop.
    unsupported

pwdrec.htm
pwdrec.htm
pwdrec.htm
pwdrec.htm
pwdrec.htm
pwdrec.htm
patches.htm
patches.htm
testz.htm
    partially compatible with the following protocols: HTTP, FTP, WebDav, RTSP.

  • mygrep 0.1 (mygrep)
    useful tool for scanning files and folders searching strings (C syntax supported) as binary patterns, utf16 unicode, base64, hex and other methods.
    example: mygrep "\x08\x00\x00\x00mystring" file.txt folder\folder c:\path1

testz.htm
  • Webservers char tester 0.1.1 (webtestchr)
    a simple tool which has been very useful in all this time for the blind and quick testing of some vulnerabilities in software that uses the HTTP protocol.
    practically it scans all the 255 ascii chars and put them in some particular locations of the URI like before and after the slash or at the end of the URI and so on.
    usually the types of vulnerabilities which can be tested through this method are source disclosure (like for php and cgi files), security bypass (like folders or files which require specific rights or password), possible exceptions and others all dependent by the program to test.
    one of the recent advisories in which this tool was helpful was the source disclosure in Ruby WEBrick.

36 results found