This website started in 2003 as a repository of all my documents and works in fields like reverse engineering, security, programming, and even for sharing other unrelated things like music experiments with FastTracker and my personal Amiga disks of the old days.
The main reasons that led to starting this project are or have been:
- doing things with passion and releasing everything for free
- sharing source code created by me and other information retrieved during my research
- improving my own skills and attention to details (necessary when something goes public)
All the material has been released under the GPL license, or in public domain where not specified.
For additional information and examples please check the GPL FAQ and, for developers, take a look at this specific question.
For the Advisories section I adopted a full responsible disclosure till 2008 (the old policy), then I opted for a find&release full-disclosure by cutting the step of contacting the developers and waiting their times, from the end of 2010 I started to use bug bounty services like ZDI and IDefense, while from September 2012 I started my own company REVULN. That's the date from when the Advisories section is no longer updated.
The best way to find what you need on this website is through the Find function (CTRL-F) of your browser.
There is also an useful SEARCH function integrated in the left menu.
This About section has been recently (2012?) rewritten because the old one was untouched from over 10 years. I preferred to replace it with a fresh and more professional new one.
Feel free to contact me by email at email@example.com (alias for firstname.lastname@example.org).
My PGP key is available here.
You can follow me on:
- about my forum:
In 2008 I started the forum forum.aluigi.org on which I gave support for all my stuff and got new ideas/projects/feedback/tools/patches. I closed it in 2011 due to the time and effort necessary to handle the growing community.
Since 2014 I maintain a forum about game file formats research: zenhax.com.
- about how to use my tools:
All my tools (except rare cases) work from the console (aka command-line tools).
In Windows the console is also known as Windows console, command prompt, command-line or prompt of Ms-Dos (look for cmd.exe or command.com).
Here is located a quick video about launching a couple of my tools.
So if you use this operating system and when you double-click on one of my executables it shows a window and then closes immediately it's all normal, launch it from the console and pass the required arguments.
All my tools show a quick help at runtime specifiying the required <> and optional  arguments.
A quick and ugly step-by-step for dummies is the following:
- copy the executable you want to use in c:
- go in Start->Run and type: cmd (or command if you use Windows 9x/Me)
- in the black window type: cd \
- now type the name of the executable so you will see all the available options
- when you have decided the arguments to use type them after the executable name
- for example if you use the tool gsinfo you need to specify the host and the port like: gsinfo 127.0.0.1 1234
- other examples:
- wtcced d "c:\documents and settings\myname\desktop\my input file.gmt" "my output file.gmt"
- ventrilofp -n "this is my nick" -p mypassword server.example.com:1234
- gslist -n bfield1942 -f "(numplayers > 10)"
- calcc "(((1+2)*(1^4))*10)/(9-1)"
- echo aGVsbG8K | bde64 d - -
- sleepy 2s argz.exe "\"this is arg1\"" arg2 arg3
Then if you want to stop the program in any moment keep the keys CONTROL and C pressed at the same time
Anyway Internet is full of tutorials for using the console and my tools are for people that use the command-line everyday so use a search engine for any doubt
Another alternative is trying the following experimental tool which lets you to use almost all my tools with a graphical and easy-to-use interface: THEGUI
Note that Windows 7 has a stupid feature that marks any executable with the words "patch" or "setup" in its name as a program that needs Administrator privileges, so if it happens with some of my tools (like lpatch or lfsdumpsetups) it's enough that you rename them removing those words.
- about password recovery and drag'n'drop:
Almost all my password recovery tools which decode the passwords stored in a file allow the usage of drag'n'drop.
When you launch the tool it shows some information and the name or the extension of the file you need to use which is usually located in the folder of the program from which you want to recover the password or in the %APPDATA% folder.
When you have located the file you need only to keep the mouse button pressed on it and move it over the executable of my password recovery tool.
It will automatically show the stored password or passwords.
Anyway remember that my tools are ever made to work from command-line (read the above section) so this drag'n'drop feature is "only" something more confortable.
- about compiling my source code:
I use ever and only Gcc and its Win32 port Mingw to compile my C stuff.
If you use other compilers you could receive some small errors, some of them can be solved replacing the sleep() calls with Sleep(), or passing -DWIN32 to the compiler, or specifying the needed library to link (like ..\lib\ws2_32.lib) and so on.
The following are some basic and quick examples of how to compile my code (moreover network code) on Windows through some freeware or open source compilers:
Mingw gcc -o file.exe file.c -lws2_32 Lcc-win32 lcc file.c
Visual C++ cl file.c -DWIN32 c:\vc\lib\ws2_32.lib Borland C++ bcc32 -Iinclude -Llib -DWIN32 file.c Digital Mars bin\dmc -Ju file.c lib\wsock32.lib file.c Watcom wcl386 -i=..\h;..\h\nt -dWIN32 -l..\lib386;..\lib386\nt file.c Pelles C pocc /J /DWIN32 /Ze /I..\include /I..\include\win file.c
polink /LIBPATH:..\lib /LIBPATH:..\lib\win ws2_32.lib file.obj
Most of my programs use stdint.h, check that link if you use MSVC or go directly to the msinttypes project
Anyway contact me if you have suggestions to create a more portable code!
- about multiplatform code:
Almost all my code is written with compatibility and multi platform support in mind so, except some Windows specific tools, all my code can be compiled on linux, bsd, mac and other systems supported by the gcc compiler.
Depending by the project my code may be even endian compatible, which means that code can parse/handle specific binary protocols or formats on both intel/little endian and network/big endian architectures (like PowerPC).
The "main" compilation command is ever: gcc -o exe file.c
if in the package there are other .c files you must add them too or just use: gcc -o exe *.c
if you receive an error about inflate, deflate, compress or uncompress, add -lz
if you receive an error about pthread, add -lpthread
if you receive an error about aes, des, ssl or similar, add -lssl -lcrypto
if you receive an error about dlsym, add -ldl
- about antivirus:
Unfortunately some of my precompiled proof-of-concept tools may be tagged by antivirus software as hacktool, exploit or just aluigi.
All my stuff on my website is open source and anyone can analyze and recompile it, additionally each zip package is periodically hash checked by me.
Some AV (like Kaspersky) may even deny access to everything containing the word "adv" in the URL, read about it here. There is also a thread on my old forum about some ridiculous things made by various AV.
- about real "free" stuff:
This website and its content are completely free in any meaning you give to this word:
- free source code: it's all open source and anyone can compile, watch and modify it
- free information: everything is proved and explained in detail and ever with a practical example
- free as gratis: everything it's here for being shared
- advertising free: as already said I don't need to gain money from my passion and I HATE advertisements of any form
- images free: except the 3 images below there are no other images loaded in the webpages
- server-side scripts free: everything is in pure old-style static hand-written HTML, the only PHP scripts are the Search and the RSS
- something else that I don't remember at the moment... but it's free too :)
- about this website:
This website is nothing more than an archive containing everything I do everyday and moreover a personal website.
All the stuff on this space has been created by me and everything is completely free and open source.
Please note that some documents and tools wrote many years ago may be obsolete or not well written.
This website is or has been hosted completely for free by:
- Nick Kusters: 2012 - 2013
- Sami Khayat of the old Eliott-Ness: 2009 - 2011
- Altervista: 2003 - present
Note that some file downloaders may not work with this website.
- ZenHAX: 2017 - present.