Luigi Auriemma

me@aluigi.org [PGP]

News QuickBMS Research MyToolz Advisories Proof-of-concepts Fake players bug Patches Password recovery MyMusic TestingToolz About... RSS feeds
aluigi.org zenhax old forum mirror   Twitter LinkedIn
SEARCH
adv.htm
    poc - dplay8blah

    Invalid memory access in Unreal Tournament 3 2.1 (game)
    17 Jul 2010:  adv -
adv.htm
    adv - ut3steamer

    Failed assertion in old games based on Unreal engine (game)
    Raven Shield, Deus Ex, Land of the Dead, Postal 2, Rune, Shadow Ops, Unreal 2, UT, UT2003, WarPath, XIII, ...
    15 Jul 2010: 
adv.htm
    adv - grawful

    Clients unicode buffer-overflow in Unreal engine 2.5 (game)
    UT2004, UT2003, SWAT4, Postal2, RavenShield, ...
    06 Jul 2010: 
adv.htm
    adv - hfsref

    Directory traversal in the webadmin of Unreal Tournament 3 1.3 (game)
    21 Sep 2008:  adv -
adv.htm
    adv - ut3webown

    Failed assertion in the Unreal engine (game)
    Unreal Tournament 3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, Shadow Ops, ...
    15 Sep 2008: 
adv.htm
    15 Sep 2008:  adv - poc - unreaload

    Server termination in the Unreal engine 3 (game)
adv.htm
    poc - ut3sticle

    Clients format strings in the Unreal engine (game)
    11 Sep 2008:  adv -
adv.htm
    poc - armynchia

    Memory corruption and NULL pointer in Unreal Tournament III 1.2 (game)
    Unreal Tournament 3, America's Army 3 ...
    30 Jul 2008: 
adv.htm
    poc - ut3mendo

    NULL pointer in Unreal Tournament 2004 v3369 (game)
    affects also other games like Red Orchestra, Shadow Ops: Red Mercury, ...
    30 Jul 2008: 
adv.htm
    poc - asurabof

    Unexploitable buffer-overflow in the logging function of the Unreal engine (game)
    18 Aug 2007:  adv -
adv.htm
    poc - hlboom

    Code execution in the Unreal Engine through \secure\ packet (game)
    DeusEx, Devastation, Mobile Forces, Nerf Arena Blast, Postal 2, Rune, Tactical Ops, Unreal 1, Unreal II XMP, Unreal Tournament, Unreal Tournament 2003, Unreal Tournament 2004, Wheel of Time, X-com Enforcer, ...
    18 Jun 2004: 
adv.htm
    poc - cmr4cdos

    Arbitrary file overwriting in Unreal engine through UMOD (game)
    22 Apr 2004:  adv -
adv.htm
    LAN_PoC - battlemages

    Format string bug in EpicGames Unreal engine (game)
    America's Army, DeusEx, Devastation, Magic Battlegrounds, Mobile Forces, Nerf Arena Blast, Postal 2, Rainbow Six: Raven Shield, Rune, Sephiroth: 3rd episode the Crusade, Star Trek: Klingon Honor Guard, TNN Pro Hunter, Unreal 1, Unreal II XMP, Unreal Tournament, Unreal Tournament 2003, Wheel of Time, X-com Enforcer, XIII, ...
    10 Mar 2004: 
adv.htm
    poc - q3concon

    UnrealTournament 2003 2199 client passive DoS (game)
    13 May 2003:  adv -
adv.htm
    poc - msddos

    Unreal engine: results of my research (game)
    DoS, DDoS, remote memory problems, execution of malicious code and more
    05 Feb 2003: 
poc.htm
poc.htm
poc.htm
poc.htm
poc.htm
poc.htm
poc.htm
poc.htm
    this proof-of-concept is a fake Quake 3 server that sends a message containing the con\con string to all the clients that try to get information from it. If the client that receives the string is a Windows95/98/98SE system without the con\con patch it will be crashed immediately. The problem happens on some games based on the Quake 3 engine. I have personally tested Quake 3 and Soldier of Fortune 2. The games I have tested and are NOT vulnerables are Return to Castle Wolfenstein and Medal of Honor: Allied Assault

  • UnrealTournament 2003 Passive DoS (ut2003pdos)
    vulnerable versions: retail v2199 and v2206 demo without fixed IpDrv library

poc.htm
  • Master Server full DDoS tool 0.1.1 (msddos)
    (+ Quake3 Master server statistics!)

  • Unreal engine research Proof-of-Concept (research)
    (UT2003 versions major than 2166 and UT major than 436 are NOT vulnerables, I don't know what are the games still vulnerables)
poc.htm
    UDP packet for eating memory or crashing remote systems that run a game based on the Unreal engine (Unreal 1 is not vulnerable)
  • UnrDoS 0.1 (unrdos)
    Unreal engine network loopback DoS (successfully tested versus UT and UT2003)
  • UT2003Bounce 0.1 (ut2003bounce)
poc.htm
    Ping-pong network proof-of-concept for Unreal Tournament 2003 (UT2003 ONLY)
  • UT v436 code execution (Win98 ONLY) (ut436)
    This proof-of-concept must be used with the Windows version of UnrealTournament v436 (both UCC and game) on Win98 ONLY. It contains 2 map files that spawn a simple message in console for UCC or a MessageBox for the game.
    If you use UCC: copy ut-ucc436.unr in Maps dir and run "ucc server ut-ucc436.unr"
    If you use the game: copy DM-ut436.unr in Maps dir, run the UT game and select the map from Deathmatch maps
papers.htm
papers.htm
  • Gslist 0.8.11a (gslist)
    Gslist is a game servers browser supporting an incredible amount of games (over 4000) for many different platforms like PC, Wii, Playstation and more.
    it can work in both command-line and an experimental web GUI mode, for this reason it's mainly designed for server admins, websites, advanced gamers and testers.
    in short a game server browser is a tool that retrieves the full list of servers (IP and port) of a specific game like Battlefield, Crysis, Unreal and so on.

    features:
papers.htm
papers.htm
  • Unreal engine packets plugin for sudppipe 0.2.2 (unreal_sudp)
    plugin for sudppipe which displays (and allows to edit) the content of the channels 1 and 3 of the packets of the games based on the Unreal engine:
    sudppipe -l unreal_sudp.dll SERVER 7777 1234
    then from the console of the game (~ key) type: open 127.0.0.1:1234

papers.htm
papers.htm
    simple document containing the structure of the umod files.

  • UMOD extractor 0.3.3 (umodext)
    extracts all the files contained in the umod package files used by the Unreal engine based games (like UT, UT2003, UT2004 and so on). There are a lot of useful options and an automatic umod checksum calculator and fixer.

  • UnrIndex 0.1a (unrindex)
papers.htm
papers.htm
    some of the games which use the tntFolder archives are HoveRace and FireStarter.

    simple and old unpacker for the files with .UZ2 extension used in some games which use the Unreal engine.

    -->
  • CBF files extractor 0.2.2 (cbfext)
papers.htm
  • GSHlog 0.1 (gshlog)
    another logger/sniffer similar to GSHsniff but which looks only to encoded packets and only to those sent/received to a specific game port.
  • GSInfo 0.4 (gsinfo)
    retrieves information from all the servers that use the standard Gamespy queries like "\status\", "\players\" and many others plus the new query protocol (FE FD ...)
    use Gslist
  • HLInfo 0.1.6 (hlinfo)
papers.htm
  • IDInfo 0.2 (idinfo)
    retrieves information from servers that use the IDSoftware protocol (Quake, Q2, Q3, RTCW, SOF, SOF2 and many others)
    use Gslist
  • UnrealTournament 2003 online servers added to favorites 0.1 (ut2003fav)
    this simple program is like an experiment to automatically add the servers listed in the page http://ut2003master.epicgames.com/serverlist/full-all.txt with lower ping into the favorites section of UT2003. The tool can be used on both Win32 and GNU/Linux and must be launched by the UT2003\SYSTEM directory. I recommend you to do a backup copy of the file UT2003.ini and to test different maximum ping timeout. To clean your UT2003.ini file you must simply delete the text lines in it beginning with Favorites=
papers.htm
papers.htm
    inside the package there is a complete explanation, however it is a simple patch for the retail UT2003 version 2225 (both Win32 and Linux versions) letting the users to play in the DEMO network of UT2003 using their original retail copy. My idea is to create a parallel/alternative network for all the players having the full original game
    at the moment is possible to join the demo network but NOT to host in it, uses a manual method to host your server in this network (like Gslist)
  • Unreal Tournament 2004 alternative network project 0.2.1 (ut2004altproj)
    this project is a patch for Unreal Tournament 2004 v3369 (both Win32 and Linux) and allows the usage of your retail game on the demo network or the usage of the retail patch on the demo.
    it is just like the same project I did for UT2003 listed above.
    the old projects are available for the versions 3355, 3339 and 3236
fakep.htm
    it's interesting to notice that various programs which accept TCP connections suffer of some negative effects caused by their stressing through this simple tool.

  • Unreal engine basic client and Fake Players DoS 0.2.8 (unrealfp)
    interesting project about a basic client for sending custom commands to the servers of almost any game based on Unreal engine 1, 2 and 3:
    - America's Army
fakep.htm
    - The Wheel of Time
    - Tribes Vengeance
    - Turning Point - Fall of Liberty
    - Unreal 1
    - Unreal II XMP
    - Unreal Tournament
fakep.htm
    - Unreal Tournament
    - Unreal Tournament 2003
    - Unreal Tournament 2004
    - Unreal Tournament 3
    - Warpath
    - X-Com Enforcer
fakep.htm
    - does not work with Klingon Honor Guard and probably other old games while others just crash completely due to their bugged netcode.
    Notes:
    - depending by the version of the engine, it can test passworded servers without knowing the keyword.
    - with the games based on the Unreal 3 engine and where is possible to use the JOINSPLIT command (Unreal Tournament 3, America's Army 3 and so on), it's enough to specify such command for testing the filling of the entire server slots using only one player: unrealfp -1 -x 2 -s JOINSPLIT 1 64 -l "ui_bink_master?Name=player?team=0?Face=0" 127.0.0.1 7777

patches.htm
patches.htm
patches.htm
testz.htm
  • FindBits 0.2.2a (findbits)
    simple and useful tool for analyzing a given file to search if exist text strings or bytes which are packed in bitstreams.
    the tool can be even used to read and visualize a custom amount of bits, for example using the option -s "1 4 32 1000" the tool will visualize the hexadecimal, string, decimal and binary values of the first 1, 4 and 32 bits of the file and the hex dump of the subsequent 1000 bits.
    some examples of game protocols which use the bitstreams are the Unreal engine and the Battlefield series.

  • loDNS 0.1.1 (lodns)
testz.htm
47 results found