Luigi Auriemma [PGP]

News QuickBMS Research MyToolz Advisories Proof-of-concepts Fake players bug Patches Password recovery MyMusic TestingToolz About... RSS feeds zenhax old forum mirror   Twitter LinkedIn

24 Aug 2022 QuickBMS: QuickBMS generic files extractor and reimporter 0.12
CRCHash experimental instruction, fix for a rare append bug, imptype instruction new behavior (check manual), fix for get float/double, fix xmath with multidimensional arrays, Print hex line feed, fix for B/E/C String operators, fixes and improvements for RSA encryption and keys, calldll supporting points to variables and return value, various patches for improving compilation, better support for -x option, some improvements of reimport mode mainly related to variables and hashing encryption, support for tar output with -O option, fix for rot/xor encryption, additional compressions, fix for a memory bug triggered by, many other bug fixes and improvements

27 Sep 2021 MyToolz: DTMF2NUM 0.2
replaced the downsampling function with a simple one, it produced corrupted audio after some seconds and was incorrectly initialized

27 Sep 2021 MyToolz: MORSE2ASCII 0.2.1
replaced the downsampling function with a simple one, it produced corrupted audio after some seconds and was incorrectly initialized

05 Apr 2021 QuickBMS: QuickBMS generic files extractor and reimporter 0.11
SearchArray command, Reimport command, additional options in quickbmsver, idstring and findloc now supporting wildcard single bytes (up to 32), better support for some operators in xmath, String now works with binary data (may break compatibility with some scripts), GARBro and other compressions, choose algorithm in lz77wii_compress, improved PKCS5_PBKDF2_HMAC and BytesToKey, added Rfc2898DeriveBytes, removed tcc symbol that didn't work on Win98 and added few others, calldll supporting entrypoint/rva2file/vatofile/fileto2va/file2va, conflicting symbols from some compressions now static, solved append -1, get filename/path/* on sockets and http links now returns better results, slog to memory_file, fixed bug that asked to overwrite files in append mode, fixed some strings parsing in Encryption EXECUTE, fixed Encryption REPLACE, support for unicode filenames in command-line and in directory scanning, fixed bug in creation of folders with unicode names, visualization of additional info in case of error, added support for MEMORY_FILE[FILENUM], librtomcrypt recompiled without LTC_ARGCHK error, experimental -y option for json output, some optimizations of multidimensional arrays and String X, opening of TEMPORARY_FILE not affecting the names of the input (filename/fullname/basename), -e option in reimport2 mode for disabling compressions, full list of commands in the -c option, endian argument for reverseshort/long/longlong, SLog ID argument for selecting reimport of strings, fix clean_filename rare bug, C structs now require ok from user, fix for get longlong, json deserialization (String X) now handles backslash escapes, String = supporting the current endian, filexor/filerot/filecrypt fix negative offset, SLog with binary type produces an output with all bytes in hex (cstring), String H operator for converting variable to cstring, condition fix for some rare binary strings, condition new prefix 0 working like String, Print colors, FindLoc regex, the FILENUM argument of filexor/rot/crypt is now working (default behavior is all files as before), getarray/putarray multiple arguments, fixed bug in calldll with over 12 arguments, Get VAR ??? for prompt from user, continue/break/label fix, putvarchr longlong, clang support (tested on Termux Android), gcc 10 support, get variable3/variable4 64bit, swprintf removal, oodle (kraken/lzna/bitknit) support on Linux, lz4x_compress fix, Append mode 2 for insert mode, Append mode also working with Put* commands, tcc long long support, putdstring with negative size, -J using VARSZF instead of VARSZ (may cause issues), Encryption Math fix for using variables, improved xmemdecompress on Linux, new code for ppmdh and ppmdi, dump of command-line arguments if invalid, various improvements and optimizations

08 Mar 2021 Research: EAlist 0.1.5
support for the filters of the -X option and automatic retry if there is no reply from the fesl server

17 Oct 2020 Advisories: PDF with all my old security advisories on HMI/SCADA and industrial software released between 2010 and 2012

17 Oct 2020 Advisories: Directory traversal in TheBrain
some simple slides about an old bug found in July 2012 and still unpatched (reported on 5 August 2020)

17 Aug 2020 Password recovery: CuteFTP data retriever and password decoder 0.2.1
handling of unicode strings and heuristic way for dumping and decrypting strings

14 Aug 2020 Research: Anco Software CMP0 decompression 0.1

23 Jul 2020 Proof-of-concepts: Call of Duty Modern Warfare 3 <= 1.9.453 Steam SendP2PPacket NULL pointer 0.1
proof-of-concept for the vulnerability disclosed in November 2012 at the Power of Community conference in Seoul

23 Jul 2020 Research: DemonWare query*info packets 0.1
set of functions for sending querysessioninfo and queryserverinfo 0xfffdfdff packets to Call of Duty Modern Warfare 3 (codmw3) servers

23 Jul 2020 Proof-of-concepts: How to test the NVIDIA Mental Ray vulnerabilities of 2012
just some additional details and the proof-of-concept

23 Jul 2020 Proof-of-concepts: How to test the Samsung SmartTV DLNA vulnerability found in 2012
just some additional details and the proof-of-concept

23 Jul 2020 Proof-of-concepts: Information table for idTech 4 engine (Brink 1.0.23692.48133) multiple vulnerabilities (2013)
vulnerable code vs proof-of-concept

23 Jul 2020 Proof-of-concepts: Information table for CryEngine 3 multiple vulnerabilities (2013)
vulnerable code vs proof-of-concept

01 May 2020 Advisories: The PDF with all the security vulnerabilities I found in multiplayer games when I was an independent researcher from 2001 to 2012

01 May 2020 Advisories: ZIP archive with all the security advisories from 2001 to 2012

20 Oct 2019 QuickBMS: QuickBMS generic files extractor and reimporter 0.10.1
added some few commands similar to 010 Editor, additional work-around for handling multiline strings, full support for float operations and visualization (get/put/math/print/calldll), automatic fixing of ASIZE variables in reimport3, experimental unicode32/utf32 type, fix for rare FDSE issue in GUI mode, d3des and chacha20 encryption, improvements in tomcrypt support, fix for Encryption algorithm string, rotor default value is now 6, ZIP_AES now fully working, CallDLL Python, CallDLL Lua, fixed crash if no RET in Calldll, added some symbols (like printf) in calldll tcc, rare issue with multidimensional arrays

20 Oct 2019 MyToolz: Offzip 0.4.1
better support for files larger than 2Gb, support for input folder scanning, updated zopfli and sign_ext

20 Oct 2019 Research: Telltale TTARCH files extractor/rebuilder 0.3.2
added key for the last The Walking Dead and tentative for fixing bug with some version 8 and 9 archives

06 Jun 2019 Research: Milestone MIX files extractor 0.1.6
added support for big endian archives

20 May 2019 Research: Unigine ung files extractor 0.3.1
fix for version 4 archives that require encryption and -d option for disabling it

28 Apr 2019 QuickBMS: QuickBMS generic files extractor and reimporter 0.10.0
10 years version. PREFIX_OPENSSL for Mac Makefile, single quoted characters bigger than 0xff, fix for some C_struct alloc/free, quickbmsver -32 -64 -F, fix for rare reimport mode filexor, reimport mode full support for multiple reversed math operators, reimport xsize support, signed numbers in Set, fix for calldll with some function names and better support, calldll more arguments, -j option for Slog output in UTF16 unicode, -b C option for filling the *Log empty data with custom byte, default filler is now space in Slog and still zero in *Log, reimport3 mode with automatic shrinking and enlarging of the file if there is no offset, SLog in reimport mode can read UTF8/UTF16LE/UTF16BE, fixed and removed warning in SLog, zlib/deflate reimport fix, -f also works with nameless files, fix for some rare xsize parameters, restored support for empty input file argument, some fixed and new compressions, 0x00 bytes in SLog size-based unicode

27 Feb 2019 News: *VNC password decoder 0.2.1
removed the decryption of unaligned bytes and added passwd and pwd keys in INI files parsing

13 Dec 2018 Research: Overview of game file formats and archives
paper about the formats used by games for archiving their files with some statistics, information and curiosities, originally written in April 2013

04 Dec 2018 News: Small restyling of the website, hopefully more mobile friendly

25 Nov 2018 QuickBMS: QuickBMS generic files extractor and reimporter 0.9.2
fixed make_dir and comtype copy bug bugs introduced in 0.9.1, improvements for long_name_support function and its alternative use for chdir and stat, reimport mode for nameless files on linux, fix for lz4x that took 220 Mb of memory for nothing

22 Nov 2018 QuickBMS: QuickBMS generic files extractor and reimporter 0.9.1
mydown library fix, various fixes related to BytesRead_idx, build_filter, -X and sockets, filexor/rot/crypt reset position when a new filenum 0 is open, QUICKBMS_CRC_TABLE var in verbose mode, QUICKBMS_*_FOLDER variables available at runtime, findloc fix, math mul/imul, direct_var_alloc fix, many fixes in CMD_Set_func, memcpy replaced by mymemmove/STR_MEMCPY for fixing some current and future issues, comtype.h (no longer needed to check defs.h with comtype_scan2), some new compression algorithms and updated libraries, encryption key visualization in verbose mode, encryption rc4_nokey, Capstone disassembler engine supporting many architectures, added another algorithm in encryption random, libtomcrypt update, fixes for quickbms.dll, added many fake compressors used in reimport2, -# option in reimport mode for reimporting only the modified files skipping the others, -U option for listing all the compression algorithms available in quickbms, some new guessed extensions, zstd aluigi fix, important fix for non-english unicode folders and a rare bug caused by multiple path delimiters in non-english filenames, removed ccs=UTF-8 in file opening for using quickbms.exe with Wine again, cstring decoding error if input is wrong, fix for the -f #NUM feature, reimport_4gb_files.bat, tentative of supporting nameless files in append mode, output_folder set to "" will use the folder of input file, revision of runtime help, quickbms_arg var containing whole -a input, some command-line options switched from toggle to fixed value for avoiding wrong double usage, fix for fgetss empty line in quickbms_4gb_files, fix for GUI input file selection in Win98

22 Nov 2018 MyToolz: mydown 0.4
improvements and fixes, mydowlib is now part of mydown

31 Oct 2018 News: if you saw a warning on this website it was Cloudflare that has been forced for the HTTPS of the previous news. there was no problem on the website, I will evaluate what to do with HTTPS

08 Oct 2018 News: can be reached also on SSL and PGP key (new) available at the top of the page

15 Sep 2018 Research: recompiled steamlobbylist, steamuserip and steamfilelist with the current Steamworks SDK, just in case it makes any difference

17 Jun 2018 QuickBMS: QuickBMS generic files extractor and reimporter 0.9.0
fix bms parsing from buffer, backslash escape with quotes at end of bms line, c_structs fix, extracted/reimported files statistics separated from log operations (append mode), filecrypt disabled during log, String VAR S empties all arguments before setting them, String n (byte2num) N (num2bytes) and U (base64) operators, RNG available in encryption, call/startfunction can set caller arguments with new values, added variable6 and variable7 types, improvement of encryption increment, various updated/improved/new/fixed compressions, increased buffer for selected files, IPC interface with -W option (web/namedpipe/mailslot), type ? when selecting bms script to load the clipboard content, -f #NUM for extracting only the file number NUM, improved xml_json_parser, fast SortArray, special files myfseek, namecrc fix, quickzip fix, Open filenum 0 redirect mode, improvements for Open command now with FDDE2 and FDSE2, -0 works in reimport mode too, ucl/lzo/bzip2 are no longer external, clog with zero-bytes uncompressed files

17 Jun 2018 MyToolz: mydownlib 0.3.4a (and mydown)
SSL fix

09 Mar 2018 QuickBMS: QuickBMS generic files extractor and reimporter 0.8.4
fix and warnings for reimport2 with sequential offset, nvache compression, fix for putvarchr using strings, cipherfinal support for openssl algorithms, BCryptDecrypt encryption, backtrace.c 64bit compatibility, fix for fdnum indexing in file.c, fix for slog in reimport mode with encryption filecrypt, append mode visualization symbol, comtype explode in reimport mode, now reimport2 clears the original space if new file is bigger, fix for qfs compression, base64 small fix, swprintf gcc 7, fix for String VAR t VAR, lz77wii in reimport mode and level5_compress, comtype html/xml/json

21 Jan 2018 QuickBMS: QuickBMS generic files extractor and reimporter 0.8.3
math rol/ror for 8/16 bits, few file number assignment fixes in cmd.c, prs_8ing_compress, now file numbers can be variables too, fixed bug introduced in 0.8.2 in OpenSSL rc4 (probably still affecting openssl 1.1), better visualization of -B with small files, automatic filename if Slog uses empty name, fix for mydownlib with openssl 1.1, the invalid Idstring VAR FILENUM is no longer supported

08 Jan 2018 QuickBMS: QuickBMS generic files extractor and reimporter 0.8.2a
micro bugfix for putvarchr in 0.8.2

07 Jan 2018 QuickBMS: QuickBMS generic files extractor and reimporter 0.8.2
new alternative reimport mode activated with -r -r, other options available in quickbmsver, String v operator acting like CSV, some new compression algorithms, small fix for putvarchr used with variables, Encryption flip for reversing bits, fix for OpenSSL 1.1, new -B option for dumping the unparsed data of the input files, small fix for some coverage statistics, fixed bug in reimport mode with renamed duplicate files, the -. option now allows to reimport data in some header/data builder scripts, comtype copy no longer allocates the full size of the file in memory, experimental support for http:// and https:// input files, important fix for selecting specific files in GUI mode, -J option for forcing all the constant strings as Java/C escaped strings, better support for RIFF files when guessing extensions, xmath supporting also 'char'/time/octal/binary

07 Jan 2018 MyToolz: mydownlib 0.3.4 (and mydown)
fix for zlib compression, experimental keep-alive support for ssl, small typo bugfix, fix for overwriting existent files. probably the last version with the mydown_http2file prototype

07 Jan 2018 Research: FSB files extractor 0.3.8a
small improvement for the scanning feature enabled with -o -1

07 Jan 2018 MyToolz: x86 32bit calling conventions 0.2.2a

07 Jan 2018 Research: EA Madden decompression 0.1

... old news