|
|
-
- 30 Jul 2010 Password_recovery: Digsby password decoder 0.2
- added support for the recent versions
- 29 Jul 2010 Research: GS peerchat IRC proxy 0.3.3
- some small bugfixes and enhancements
- 28 Jul 2010 Research: QuickBMS generic files extractor 0.4.6
- added the COMPRESSED method used to store big amounts of data in the scripts using less bytes (zlib plus base64), experimental support for libtomcrypt, the -E option that allows to change the endianess of a file on the fly by simply knowing its format and reading it, -d option for creating an output folder with the name of the input file, support for variables in FindLoc, support for SEEK_CUR and SEEK_END in GoTo, rnc and pak_explode compressions, r operator in String for reversing strings and = for converting numbers to strings
- 28 Jul 2010 MyToolz: Simple TCP proxy/datapipe 0.4.7a
- added only the possibility of specifying dtls1 in the -X option
- 23 Jul 2010 Research: Telltale TTARCH files extractor/rebuilder 0.1.11b
- added support for the latest Sam and Max
- 22 Jul 2010 Fake_players_bug: Unreal engine basic client and Fake Players DoS 0.2.5
- added some additional testing options
- 22 Jul 2010 MyToolz: Signsrch 0.1.6a
- fixed -F when used with multiple files
- 22 Jul 2010 Research: GS login server emulator 0.2.3b
- added a micro enhancement that should do just nothing
- 20 Jul 2010 Advisories: Lithtech engine memory corruption
- mainly focused on F.E.A.R., no technical info about the bug
- 20 Jul 2010 Fake_players_bug: Lithtech engine Fake Players DoS 0.3
- rewritten almost completely for matching better the protocol
- 19 Jul 2010 Fake_players_bug: Unreal engine basic client and Fake Players DoS 0.2.4
- mini enhancements and support for Devastation and Brothers in Arms (useless because any server of the BIA series crashes through unrealfp)
- 18 Jul 2010 Fake_players_bug: DirectPlay 8 Fake Players DoS 0.1.3
- only some enahncements and support for the bugs reported in the previous advisory
- 18 Jul 2010 Advisories: Vulnerabilities in DirectPlay8
- updated the previous advisory due to a new vulnerability affecting any game based on DP8
- 18 Jul 2010 Advisories: NULL pointer in some games that use DirectPlay8
- 17 Jul 2010 Advisories: Invalid memory access in Unreal Tournament 3 2.1
- 15 Jul 2010 Fake_players_bug: Unreal engine basic client and Fake Players DoS 0.2.3
- some small updates and fixes, added support for Vegas 2 (DemonWare AGORA) and the -B option containing a quick list of bugs to test
- 15 Jul 2010 Advisories: Failed assertion in old games based on Unreal engine
- maybe interesting but only for old games
- 07 Jul 2010 Advisories: Two vulnerabilities in Ghost Recon Advanced Warfighter 1 and 2
- 06 Jul 2010 Advisories: Clients unicode buffer-overflow in Unreal engine 2.5
- for the less recent games and versions of the engine
- 05 Jul 2010 Advisories: Negative memcpy in id Tech 4 engine
- 05 Jul 2010 Advisories: NULL pointer in Tripwire Interactive games
- Red Orchestra Ostfront 41 45, Killing Floor, Darkest Hour and Mare Nostrum
- 03 Jul 2010 Advisories: Denials of Service in Freeciv 2.2.1
- 02 Jul 2010 Research: Telltale TTARCH files extractor/rebuilder 0.1.11a
- added the key of Puzzle Agent and the latest Sam and Max
- 02 Jul 2010 Research: EAlist 0.1.4
- added the -S option that allows to run a fake fesl server that accepts one client at time, I have added it for testing purposes
- 01 Jul 2010 Advisories: Buffer-overflow in the Electronic Arts games that use Gamespy
- 01 Jul 2010 Research: GS login server emulator 0.2.3a
- added a compatibility feature found just today in Red Alert 3 (authtoken used instead of the username)
- 30 Jun 2010 Research: GS login server emulator 0.2.3
- added a bit of more compatibility with some games (like Area51)
- 30 Jun 2010 Advisories: Buffer-overflow in Area 51 1.1
- old game but this bug is so absurd that deserved to be indexed :)
- 29 Jun 2010 TestingToolz One file only web server 0.3
- added some crazy options
- 29 Jun 2010 Advisories: Refractor 2 engine clients URL directory traversal
- 29 Jun 2010 Advisories: Battlefield 2 1.50 voip failed assertion
- almost impossible conditions, reported only for thoroughness
- 29 Jun 2010 Advisories: Endless loop in Qt QSSLsocket 4.6.3
- 29 Jun 2010 Advisories: Database error in Mumble server 1.2.2
- a little error, indeed it was part of the next advisory
- 27 Jun 2010 Research: XWB/ZWB files unpacker 0.3.3a
- added only the -D option for using decimal output filenames
- 20 Jun 2010 Advisories: Vulnerabilities in America's Army 3 3.0.7
- again some boring bugs in the same super bugged acpu_decompile function
- 19 Jun 2010 Advisories: Client array overflow in id Tech 4 engine
- this is a correction to the advisory released yesterday and the adding of Wolfenstein to the list of vulnerable games
- 18 Jun 2010 Advisories: Clients vulnerabilities in Enemy Territory Quake Wars 1.5
- 17 Jun 2010 Advisories: Exception in Chrome Engine 4
- 16 Jun 2010 Advisories: Multiple vulnerabilities in TeamSpeak 3.0.0-beta23
- 15 Jun 2010 Research: ISI rFactor files decrypter/encrypter 0.2
- added a minimalistic GUI and the possibility of handling whole folders (so find is no longer needed)
- 15 Jun 2010 Research: Race WTCC files encrypter/decrypter 0.3
- added a minimalistic GUI and the possibility of handling whole folders (so find is no longer needed)
- 15 Jun 2010 TestingToolz: Webservers char tester 0.1.1
- fixed the testing of NULL bytes
- 06 Jun 2010 Password_recovery: Pegasus Mail password decrypter 0.1
- 06 Jun 2010 Password_recovery: TheBat! password decoder 0.1
- 06 Jun 2010 Password_recovery: Phoenix mail password decoder 0.1
- 06 Jun 2010 Advisories: Refractor 2 engine endless loop
- released a reference advisory for tracking the Battlefield 2/2142 vulnerability
- 03 Jun 2010 Proof-of-concepts: Battlefield 2 (1.41 - 1.1.2965-797) / 2142 (1.50 - 1.10.48.0) endless loop 0.1
- proof-of-concept I wrote (and fixed) one year ago based on the vulnerability found by Francis Lavoie-Renaud
- 01 Jun 2010 Research: QuickBMS generic files extractor 0.4.5
- added some enhancements to the Print command, encryption mode for rot, an experimental printf-like operator for the String command, variable used for the Padding command, small fix in the Open command
- 30 May 2010 MyToolz: Morse generator 0.2.1
- substituited the underscore with -, some enhancements included support for any possible char
- 29 May 2010 Research: PunkBuster online GUID checker 0.1.10
- added Battlefield Bad Company 2 and APB, added the possibility of specifying custom gamenames and gameids
- 28 May 2010 Research: QuickBMS generic files extractor 0.4.4a
- fixed two bugs started a couple of versions ago in FindLoc and Get/PutArray
- 26 May 2010 Research: Milestone MIX files extractor 0.1.3
- added support for SBK X
- 25 May 2010 Research: Telltale TTARCH files extractor/rebuilder 0.1.11
- added the key of the latest Sam and Max episode and the -D/E options for decrypting/encrypting only a portion of the input file
- 13 May 2010 MyToolz: Signsrch 0.1.6
- added the -F option that returns the addresses of the executable's instructions which refer to the found signatures (only the first one in case of multiple references), added the -3 option that executes a program placing an INT3 (maybe one of those obtained with -F) in the desired address of the process, added support for big endian ELF executables, fixed the parsing of Windows PE files on Linux big endian, fix in the calculation of the 64bit CRCs
- 12 May 2010 Advisories: Multiple vulnerabilities in the GEM 3 engine
- Majesty 2 is affected by the same bugs of the GEM 2 engine
- 11 May 2010 Research: QuickBMS generic files extractor 0.4.4
- some micro enhancements, added the possibility of recompressing data with the zlib, deflate, lzo1, bzip2 and XMem algorithms (note that QuickBMS is and will remain an extraction/unpacking tool so this is only a just-for-fun feature)
- 09 May 2010 Advisories: Invalid memory access in Torque game engine
- 07 May 2010 Advisories: Multiple vulnerabilities in Alien vs Predator 2.22
- two invalid memory accesses, an exception and two NULL pointers
- 05 May 2010 MyToolz: dump2func ripped functions skeleton generator 0.1.1
- small enhancement of the output and fixed a bug
- 05 May 2010 MyToolz: dump2func ripped functions skeleton generator 0.1a
- 05 May 2010 MyToolz: dump2func ripped functions skeleton generator 0.1
- simple tool that creates a C source code for using one or a set of dumped/ripped functions with the automatic handling of the static/fixed buffers and the compatibility with DEP
- 05 May 2010 Research: HLSWlist 0.1.1b
- added only Urban Terror and Left 4 Dead 2 to the list
- 01 May 2010 Research: FSB files extractor 0.2.8a
- nothing new, I have only made the -a option (add header) as default and it's automatically disabled when is used the -s option
- 30 Apr 2010 Research: QuickBMS generic files extractor 0.4.3
- solved the big usage of memory caused by the quad/balz compressions, reduced the amount of used memory in some occasions, bugfix and enhancement for zipcrypto
- 27 Apr 2010 Research: QuickBMS generic files extractor 0.4.2b
- bugfix for unzip_dynamic and bzip2_file
- 26 Apr 2010 Research: QuickBMS generic files extractor 0.4.2a
- only a little customization of the Open command so that the creator of the script can decide to terminate or not if the file doesn't exist
- 25 Apr 2010 Research: QuickBMS generic files extractor 0.4.2
- now the user that use the tool through its gui (double click on quickbms.exe) can select multiple archives to handle, added additional compatibility with the WCX plugins
- 24 Apr 2010 MyToolzSimple TCP proxy/datapipe 0.4.7
- added the -Y option for allowing the tool to act as a SSL tunnel, compatibility with OpenSSL 1.0.0
- 24 Apr 2010 Research: EAlist 0.1.3
- added the -F option to send custom data for testing other commands (there are a couple of examples at runtime), compatibility with OpenSSL 1.0.0
- 23 Apr 2010 Research: QuickBMS generic files extractor 0.4.1
- added support for the WCX plugins used in Total Commander, added tons of new encryptions, support for CRCs of any type, updating of some external libraries (like zlib, lzma and ppmd), some small enhancements and bugfixes
- 16 Apr 2010 Research: Telltale TTARCH files extractor/rebuilder 0.1.10
- added support for The Penal Zone
- 15 Apr 2010 Research: Molebox2 files extractor 0.1
- this is exactly the tool previously called kepmboxext that now needs a custom key as argument to support other games like Aquaria
- 15 Apr 2010 Password_recovery: CamFrog passwords decrypter 0.3.2
- added support for the alternative PhDeviceCLSID method where this value is got from mdlg.dll (Internal Value)
- 15 Apr 2010 Password_recovery: Ubisoft Game Launcher password decrypter 0.1
- decodes the password inside the settings.ini file
- 13 Apr 2010 Advisories: Some bugs
- recently I released some quick advisories (I'm no longer interested in security): netKar, Unity3D, Raknet, Cafu and MX Simulator
- 12 Apr 2010 Research: QuickBMS generic files extractor 0.4
- automatic folder and extensions when it's used no filename in the *log commands, reintroduced all the openssl algorithms manually, fixed and enhanced some features of CallDll, changed the behaviour of lzhuf (it took the decompressed size from the data), improved handling of less known gz/z files, added the pack compression, note: remember to check ever the list of available scripts because I update and write new ones often, for example majesty2.bms is now complete and compatible with any version
- 10 Apr 2010 Research: QuickBMS generic files extractor 0.3.15a
- only an useless bugfix to make "" a constant and added another math operator
- 09 Apr 2010 Research: QuickBMS generic files extractor 0.3.15
- added unsigned If/Elif/Else, some new compressions or enhancements, radix and power math operations, some new and useless Set types, byte2hex/hex2byte/compressions/encryptions/toupper/tolower in the String command, support for any encryption and even any hashing algorithm supported by OpenSSL, usage of dlls as MEMORY_FILE in CallDLL, support for any calling convention: msfastcall/borland/watcom/pascal/safecall/syscall/optlink/clarion, reset of memory file positions in case of multiple input files, fixed a micro bug when using comtype2_scan, exe compiled with the latest OpenSSL (that's why its bigger)
- 06 Apr 2010 Password_recovery: CamFrog passwords decrypter 0.3.1a
- allowed the usage of the phclsid command-line parameter for decrypting the camfrog bot strings
- 04 Apr 2010 Password_recovery: CamFrog passwords decrypter 0.3.1
- fixed the problem with the key of Camfrog Bot
- 02 Apr 2010 Password_recovery: CamFrog passwords decrypter 0.3
- added support for files like cf_server.conf, cf_room.conf and settings.xml and for the different encryption used in Camfrog Bot
- 22 Mar 2010 Research: EAlist 0.1.2
- added the handling of multiple lobbies which means that now are taken really all the servers of each game (so over 8000 for bfbc2-pc), thanx a lot Steven Hartland
- 17 Mar 2010 Research: EAlist 0.1.1
- added only the -A option for creating new EA accounts, this is useful only in case of problems logging with an existent one
- 16 Mar 2010 Research: EAlist 0.1
- command-line servers browser based on the list of game servers provided by the Electronic Arts master servers commonly called fesl or theater and supporting various games for PC, Xbox 360 and PS3 like Battlefield Bad Company 2, Battlefield Heroes, the Need for Speed series, Skate and others for which don't exist alternative listers
- 08 Mar 2010 Research: Milestone MIX files extractor 0.1.2
- used a better way to guess if the file uses the old method (like in SBK2000/2001) or not
- 12 Feb 2010 Patches: EA games fesl.ea.com certificate verification remover 0.2
- now it should support any game
- 11 Feb 2010 Research: Gslist 0.8.8b
- only an enhancement in the rebuilding of gslist.cfg done with the -m/-M options used by me (users should use -u for the updates)
- 11 Feb 2010 MyToolz: Mydown 0.2.6b / mydownlib 0.2.5c
- another bugfix release, enough useful in some conditions
- 10 Feb 2010 Research: QuickBMS generic files extractor 0.3.14c
- added only 2 compression algorithms used in Pacific Assault and a work-around for some rare gzip files
- 10 Feb 2010 MyToolz: Lame patcher 0.4.4
- added the possibility of patching a running process and launching+patching it
- 10 Feb 2010 MyToolz: Mydown 0.2.6a / mydownlib 0.2.5b
- removed only the percentage from the list of chars to hex-encode and filtered the chars that can't be used on the file systems for saving the files
- 10 Feb 2010 Research: Telltale TTARCH files extractor/rebuilder 0.1.9d
- added only the key for the recent CSI 5 demo
- 08 Feb 2010 Patches: EA games fesl.ea.com certificate verification remover 0.1
- this modification removes the verification of the SSL certificate sent by the *.fesl.ea.com server (port 18240 and possibly others) when an EA game logins on it
- 04 Feb 2010 Research: QuickBMS generic files extractor 0.3.14b
- added the copy compression that could be useful in rare cases when handling data encrypted with block ciphers like AES and blowfish
- 04 Feb 2010 Research: QuickBMS generic files extractor 0.3.14a
- now the ivec in Encryption can be also a variable (useful for decrypting the xbo files of VBS2)
- 01 Feb 2010 Research: QuickBMS generic files extractor 0.3.14
- added tons of new compression algorithms and the 'u' option in the Math command for forcing the unsigned operations
- 25 Jan 2010 Research: QuickBMS generic files extractor 0.3.13
- added only an additional work-around useful with some XMemDecompress streams, the possibility of specifying a wildcard for ScanDir not only through -F but also in the same script, bzip2_file for decompressing bzip files without knowing their output size, -a option for specifying variables visible inside the bms scripts, this allowed to use a new comtype_scan2.bms script for testing all the supported compressions without editing it
- 16 Jan 2010 Research: FSB files extractor 0.2.8
- fixed only the right creation of the header for the XMA and Gamecube/Wii files (-a option)
- 16 Jan 2010 Research: XWB/ZWB files unpacker 0.3.3
- fixed only the right creation of the header for the XMA files
- 15 Jan 2010 MyToolz: PackZip 0.2
- finally I have replaced the old zlib library with the better algorithm used in 7zip which allows more compression
- 05 Jan 2010 Fake_players_bug: SA:MP invisible Fake Players DoS 0.1.5
- added compatibility for the protocol of SA:MP 0.3a
- 05 Jan 2010 Research: Fast Optimized MD5 for short strings 0.1
- optimized MD5 algorithm for input data of max 15 bytes that I reversed from alglib0.dll of the RainbowCrack Project
- 01 Jan 2010 Research: QuickBMS generic files extractor 0.3.12b
- added only the CRI CPK compression
- ... old news
|