Luigi Auriemma

aluigi@autistici.org

News
Advisories
Proof-of-concepts
Research
Fake_players_bug
MyToolz
Password_recovery
Patches
MyMusic
Amiga_ADF
TestingToolz
RSS
Video
About...
Forum
aluigi.org
backup.aluigi.org
mirror.aluigi.org
RESEARCH

Various research stuff (algorithms, protocols, formats, documentation and so on) for various software
read here if you don't know how to use my stuff


Sections:
"Gamers trust us":
  • Comments, quotes, e-mails, proofs, analysis and destruction of the castle of lies and accusations after a month from the shameful actions of Gamespy: (castleoflies)
       english and italian
  • Once upon a time the love story between me and Gamespy (gamespystory)
    well that's all the real story from the first bug until the 12th November 2003
  • Cease and Desist order from Gamespy's lawyers 12 Nov 2003 (75395-1)
    it is the document (original PDF file) sent by the Gamespy's lawyers ordering me to remove my bug research stuff about their products. I have decided to share it with the community and I authorize everyone to read and share it
  • Cd-key SDK and verification
    • GSHsniff 0.3 (gshsniff)
      packets sniffer that checks any UDP packet from a specific server or host (default master.gamespy.com, you can choice it at runtime) and decodes the packets encoded with XOR (needs Winpcap on Windows)
      Contains also some useful options for a better visualization of the data
    • GSHlog 0.1 (gshlog)
      logger similar to the previous tool but that analyzes only the encoded packets (starting with ';') from/to a specific UDP query port (Win32 only) (needs Winpcap)
    • Online cd-key verifier for games that use the Gamespy cd-key SDK 0.1.2 (gskeycheck)
      interesting tool that verifies if the cd-key of a specific game is valid online or not (just what the game servers do with the clients). The games must use the Gamespy cd-key SDK like Battlefield 1942, Battlefield2, Halo, Painkiller, Star Wars Battlefront and many others listed in that document.
      Read the text file inside
    • Explanation of the authentication method used by the Gamespy CD-Key SDK 0.1 (gskey-auth)
    • GS key challenge builder 0.1 (gskeychall)
      function needed to build the authorization string to send to the game servers of the games that use the Gamespy authorization. It is also a practical example of the first part of the above document
      Here you can find a simple usage example
    • GSHinfo 0.1.2 (gshinfo)
      tool able to send all the 4 available commands: uok unok ison ucount
    • explanation of the hidden functions and commands that are used in the cd-key SDK implemented in some diffused games (read the third section): english and italian
    • Partial list of games that use the Gamespy cd-key SDK (gshlist)
      contains all the game I know that use the Gamespy cd-key, they are divided in 2 categories: those supporting the hidden queries and the rest
  • Gsmsalg
    • GS enctype2 servers list decoder 0.1.1a (enctype2_decoder)
      algorithm used to decrypt the servers list from the master server when using the enctype 2 method (not big-endian compatible)
    • GS enctype1 servers list decoder 0.1a (enctype1_decoder)
      algorithm used to decrypt the servers list from the master server when using the enctype 1 method (not big-endian compatible)
    • Gsmsalg 0.3.2 (gsmsalg)
      This algorithm is an emulation of that used by some game master servers that support the "secure" Gamespy method (I don't know the official name of this method, but secure is the name of a parameter sent by these servers).
      My implementation supports enctype 0, 1 and 2 and can be used for the Gamespy Firewall probe packet too.
      All the informations are in the header of the code
      The following is the list of ports of my code to other languages:
      - full VB/C# port of enctype 2 and master server query code from Tres and FordGT90Concept
      - full PHP port of enctype 1 and 2 and master server query code from jan0
      - Visual Basic port from FiRe^
      - Python port from FiRe^
      - PHP port from FiRe^
      - Java port of the 0.1 version from Venatyr
    • Gsmsalg 0.2.1 (gsmsalg-old2)
      This is an old version but is more easy to use than the 0.3 if you want only to query the Gamespy master server because requires less arguments, the input value is not modified and the output is stored in a fixed buffer (so doesn't need allocation and all the other checks needed in the 0.3 version)
  • Peerchat
  • Protocols
    • GS natneg client 0.1.1 (gsnatneg)
      function for the implementation of the client-side Gamespy natneg protocol for joining servers behind router/NAT
      in short calling this function in a program is possible to query and join any game server behind router/NAT which uses the Gamespy natneg feature
    • GS login checker 0.1 (gslogincheck)
      simple tool which checks if a Gamespy account (username and password) is valid.
      Naturally this works for the accounts created with and for any software and game which uses the Gamespy login (gpcm.gamespy.com:29900), from Gamespy Arcade to Battlefield 2 and so on
    • GS login server emulator 0.1a (gs_login_server)
      a basic but interesting login and stats server emulator (gpcm, gpsp and gamestats) which works with any game that uses these protocols.
      Although it can be useful for some admins and retro-gaming projects (the idea started for PBA2001) I have found it very interesting also for gamers, read the text file for details
    • Gsstats 0.1 (gsstats)
      retrieves the online player statistics of the games that use the Gamespy accounts to play online like Ground Control II and Command and Conquer Generals Zero Hour for example.
      Remember to use also the Gsplayers and gslist.cfg to retrieve the needed profile IDs, the gamenames and the gamekeys
    • gs_sesskey \authp\ resp 0.1 (gs_sesskey)
      simple function to calculate the needed text string from \sesskey\ (port 29920)
    • gs_chresp_num \auth\ response 0.1 (gs_chresp_num)
      simple function to calculate the needed number from \challenge\ (port 29920)
    • GSPlayers 0.1.1 (gsplayers)
      a simple but interesting tool to search all the users that have a Gamespy account through their nickname, email, first/last name or ICQ UIN, then finds also all the people in the buddy list of a specific user and what online users have a specific game installed
      The PIDs are available in gspids.txt
      The updated detection.cfg file can be downloaded directly from the Gamespy webserver, remember to rename it
    • Gs auth 29920 sniff 0.1 (gs29920sniff)
      a simple sniffer that decodes any TCP connection versus the port 29920 of any host or one specified by the user. An example of game that uses this metod is Ground Control II
    • GS login response calculator 0.1.1 (gslogincalc)
      an example program that shows how to build the response string for gpcm.gamespy.com:29900
      probably you want to check also the Gs login checker tool at the beginning of this section
  • Gamespy Arcade password decoder 0.1 (gsapwd)
    decodes the password stored in Profiles\ID\settings.cfg, drag'n'drop suggested
  • Full list of multiplayer games and their PIDs on Gamespy (gspids)
    useful for the stats, for cd-key verification and probably more.
    It's updated almost daily, check it ever week
  • GS SDK challenge-response algorithm 0.1 (gssdkcr)
    the challenge-response algorithm (just the initial handshake) used by some of the games that use the Gamespy SDK.
    Some of these games are Halo, Soldier of Anarchy and Warhammer 40000 Dawn of War.
  • Master server disconnection: game servers can be removed from the online master server list using one spoofed packet 0.1 (gsmsdisc)
    a quick and short document that can be applied to ANY master server that uses unchecked UDP heartbeat packets
  • GS master server disconnector 0.1.2 (gsmsdisc)
    proof-of-concept of the above document for the games that use the Gamespy master server
    successfully tested on Windows XP SP2 as admin and Linux as root, compatibility on other Windows is not guaranteed
    if you want a quick non-spoofing test (some ISP block spoofing) follow this simple example:
    gslist -n gore -b 27778 (adds your IP to the servers list of the game Gore, break it after the first packet)
    gslist -n gore (check if your IP has been successfully added)
    gsmsdisc gore yourIP 27778 (removes that IP)
    gslist -n gore (check if your IP has been successfully removed)
  • Testing tool for RogerWilco 0.4 (wilco)
    a complete and useful testing suite for RogerWilco with a lot of functions, options and informations

Gslist:
  • Gslist 0.8.5 (gslist)
    Gslist is a game servers browser which supports an incredible amount of games (over 1000) for many different platforms.
    It can work in both command-line and an experimental web GUI mode.
    Features:
    • tons of games supported and for various platforms: PC, Mac, Playstation 2, Nintendo DS, PSP, Dreamcast and more
    • web GUI: Gslist can be easily used through a web browser like any "classical" server browser but with the difference of being more simple to use and (optionally) supporting multiple users
    • can execute a program for each online server found
    • filter for selecting only the servers with specific features
    • its list of supported games is updatable
    • supports many options for redirecting and formatting its output
    • can send hearbeats for adding your IP in the servers list
    • supports different types of queries for retrieving informations from the servers
    • optimized for speed and resources
    • experimental SQL option
    • various other commands, options and customizations
    Screenshots: Video: Read the text file inside the package for detailed informations
    Note: at the moment only enctype 0 is big endian (like PPC processors) compatible
    Note: you need GeoIP and the mysql libraries to compile it on Linux: apt-get install libgeoip1 libgeoip-dev libmysqlclient15-dev
  • Miscellaneous configuration files (NOT needed):
    gslist.cfg  gshkeys.txt  full.cfg  detection.cfg

All Seeing Eye:
  • ASE UDP tracker packet sender 0.1 (asetracker)
    simple tool (more like an example) to emulate the method used by ASE to join and leave tracker.udpsoft.com:27246
  • ASE UDP packets decoder 0.1 (aseudpdec)
    some lines of code for decoding any UDP packet that ASE sends or receives from the scanners, the tracker and the other servers
  • All Seeing Eye UDP packets decoding/encoding algorithm 0.1 (ase_udp_decenc)
    the algorithm used to decode and encode the UDP packets sent or received from the various ASE servers
  • ASE Ping 0.1.2 (aseping)
    simple tool to see remote servers informations using the All-Seeing-Eye ping packet (for game servers that use this protocol like Chrome, Purge and so on).
    This tool doesn't support the handling of multiple ping replies (I'm too lazy)
  • All Seeing Eye 'v' ping (aka scanner) algorithm 0.1 (ase_v_algo)
    The C algorithm used by some game servers (like Chrome and IGI2) supporting the ASE 'v' ping type that seems related to scanner servers. This type of ping doesn't seem to have any real practical and useful usage however it could be interesting for someone. More informations inside the file.
  • OpenSource ASE Query SDK 0.1 (asequery_os_sdk)
    An opensource clone that emulates the ASE Query SDK Demo
    All the informations about how it works are naturally in the source code and in the documentation available in the original SDK from Udpsoft
    Currently the ASEQuery_status function works but is not fully complete

COGS Gamearena:
DirectPlay:
Half-Life:
  • Half-life DLL decrypter and rebuilder 0.1 (hldlldec)
    a decrypter and PE rebuilder for the Half-life encrypted DLLs like sw.dll and hw.dll
    the rebuilt DLL file is not 100% perfect but seems to work fine with the disassemblers (tried w32dasm)
  • Steamlist 0.1a (steamlist)
    simple servers browser that contacts the Steam master server. Supports also the option for executing specific commands or programs for each IP
  • HLkeycheck 0.1 (hlkeycheck)
    this little tool simply lets you to know if a Half-Life CD-Key is locally valid (offline) or not
    And this is the small piece of algorithm that does the check
  • Half-Life packets decoder sniffer 0.1.3 (hldec)
    tool (for both Win and Linux) for sniffing and decode the Half-Life packets on the fly. (Needs Winpcap on Windows) (note: Steam versions of the game now seems to use different methods or also compression) And the original disassembled encoding algorithm
  • Half-Life packets encoding function 0.1.2 (hlenc)
    function for encoding the Half-Life packets (note: Steam versions of the game now seems to use different methods or also compression)
  • Half-Life packets decoding function 0.1.2 (hldec)
    function for decoding the for Half-Life packets (note: Steam versions of the game now seems to use different methods or also compression)
    And the original disassembled decoding algorithm

Halo:
  • Halo proxy data decrypter 0.1.2 (haloproxy)
    proxy server that sits between a client and a server and decrypts all the exchanged packets in real-time. The plain-text data in the Halo packets is stored in bitstream format but this tool decrypts only the packets and the main bitstream block, you must get the rest of the data manually
  • Halo packets decryption/encryption algorithm and keys builder 0.1.3 (halo_pck_algo)
    the asymmetric encryption algorithm used by the game Halo.
    this is a set of functions for handling the packets of this game (TEA algorithm), the keys needed to decrypt and encrypt them and the CRC at the end of each packet
  • Halo PC music extractor and concatenator 0.2 (halomus)
    a simple tool for the fans of the music of the game Halo. It extracts all the pieces of music files from sounds.map and concatenate them. The output folder will contain about 60 megabytes of music

Quake 3 engine:
  • Multi engine RCON tool and password guesser 0.2.3b (multircon)
    useful tool, previously known as q3rcon, for sending RCON commands to servers which use different engines and support RCON (remote administration)
    Currently it supports the Quake 3, Medal of Honor, Half-Life, IGI2, Doom 3 and Quake 2 engines (so not only these games but all the others derived by them too)
    The tool contains tons of options and features and also some password guessing functions which include brute forcing and wordlists
    Note about the password guessing function: some engines (quake 3) use an anti password guessing check (or is it a NT/XP workaround???) which allows only max two rcon commands at second and exist many reasons that can avoid to find the right password: packet lost, timeout, the previously mentioned check, possible firewall protections and more, without considering that could be needed months for a good scanning.
    This feature has been added only as proof-of-concept and not as a certain way for recovering the remote password.
    Many people ask me how to use the password guessing function of this tool, the following are some examples:
    - password guessing using passwords of max 8 chars and with all the possible alphanumeric: multircon -i -b 8 azAZ09 SERVER PORT
    - recover an old password: multircon -i -B OLDPWD -b 8 azAZ09 SERVER PORT
    - wordlist: multircon -i -w WORDLIST.txt SERVER PORT
    - rcon DoS: multircon -x -i -b 10 09AZaz -d 100 SERVER PORT
  • Quake 3 engine cd-key to GUID 0.2 (q3key2guid)
    calculates the GUID ("cl_guid") of a Quake 3 cd-key
  • Quake 3 engine GUID MD5 0.1 (q3_guid)
    the md5_init() modification used to calculate the cl_guid hash of cd-key (that contained in "cl_guid")
  • Online cd-key checker for Quake III 0.2.1 (q3onlinekeycheck)
    checks if your cd-key is valid offline and also online, in fact it simply contacts the server authorize.quake3arena.com and waits for a response. This new version has also a function letting you to use a text file containing all the keys you wanna check (a key for each line) and if a key seems valid the program rechecks it to avoid false positives
  • Quake 3 engine huffman algorithm 0.3 (q3huff)
    simple version of the Quake 3 huffman algorithm, ALL the code is from huffman.c of the Quake 3 1.32 GPL source code
    I have only modified some variables and the prototype of the decompressing and compressing functions for a faster and simpler usage. An usage example is here
  • How to disconnect a Quake 3 engine client using a single spoofed packet of at least 4 bytes (q3noclient)
    and the relative proof-of-concept
  • SOF2keycheck 0.1 (sof2keycheck)
    this little tool simply lets you to know if a Soldier of Fortune 2 cd-key is locally valid (offline) or not
    And this is the small piece of algorithm that does the check
  • Q3keycheck 0.1 (q3keycheck)
    this little tool simply lets you to know if a Quake 3 CD-Key is valid or not locally (offline)
    And this is the small piece of the algorithm used for the check

Race Driver (Codemasters):
Speed Challenge - Jacques Villeneuve's Racing Vision:
Ubi.com (aka GS4 or Game Service):
  • UBI.COM gschat IRC proxy 0.2.1a (ubichat_irc)
    an IRC proxy server that lets people to join the Ubi.com IRC server gsxirc01.gs.mdc.ubisoft.com:6668 using their preferred IRC client (the encryption/decryption in fact is completely transparent and in real-time).
    It is multi-thread, so accepts more clients at the same time, and has 2 command-line options for the binding of a specific interface and the enabling of the log file.
    If somebody has a solution or informations about the garbage problem (data in uncommon format sent by the server), please let me know.
    Usage: start the tool and connect with your preferred IRC client to localhost (127.0.0.1) on port 6668
  • Ubi.com gschat encoding/decoding algorithm 0.1 (ubi_gschat)
    the algorithm able to decode and encode the data for the IRC server gsxirc01.gs.mdc.ubisoft.com (previously called gschat.ubisoft.com and spud.ubisoft.com)
  • Ubi.com gschat proxy real-time decoder 0.1 (NO longer supported at the moment)
    this is a proxy server that decodes IRC data exchanged between Ubi.com client and gschat.ubisoft.com in real-time, practically your Ubi.com client will connect to localhost where runs this proxy server that automatically contacts the gschat server
  • Ubi.com decoding algorithm 0.1 (ubi_algo)
    the algorithm able to decode the Ubi.com data sent and received from the Ubi.com servers
  • Ubi.com real-time packets decoder 0.1 (ubisniff)
    this program captures and decodes in real-time any data sent and received from the Ubi.com servers (also knows as routers), it is very important to know what data and type of data is exchanged. Very useful the -u option. (Win32 only, needs Winpcap)
  • Ubi.com password decoder 0.1 (ubicompwd)
    decodes the stored password in the profile files (nickname.cfg)
  • Step by step to retrieve channels in Ubi.com 0.1 (ubichan)
    a short step by step enough useful to know the IRC channels to join
  • People on Ubi.com can be easily banned 0.1 (ubiban)
    useful if you had problems with temporary bannings

Unreal engine:
Ventrilo:
  • Ventrilo RCon tool 0.2.2 (ventrcon)
    useful tool for sending rcon commands (both interactive and one-only) to Ventrilo servers.
    supports all the Ventrilo 2.x and 3.x versions and contains also the /chan custom commands which allow to create/delete/list all the available chans
  • Ventrilo status retriever 0.1 (ventstat)
    gets status informations from the Ventrilo servers (from version 2.1.2), just like the ventrilo_status program but with support for any available command and a better handling of the input containing the target server (for example you can use URLs)
    - Mark Veaudry has created a port of the program and the algorithm to PHP: http://content.teampfeffer.com/src/ventrilo_status_php.zip
  • Ventrilo UDP status algorithm 0.1 (ventrilo_udp)
    set of functions to decrypt/encrypt the UDP packets used to get the status informations from Ventrilo server (from version 2.1.2)
  • Ventrilo password hashing algorithm 0.1 (ventrilo_pwd_hash)
    the algorithm for calculating the password hash introduced in version 2.3.0
    this hashing code is used by the clients for logging in the server and for the EncPass field in the file ventrilo_srv.usr
  • Ventrilo proxy data decrypter 0.3 (ventrilo_proxy)
    debugging tool able to decrypt and show in real-time the data exchanged between a Ventrilo client and server
  • Ventrilo encryption/decryption algorithm 0.2 (ventrilo_algo)
    the algorithm needed to decrypt and encrypt the Ventrilo network stream
    Very useful is also this data manipulation example 0.2a showing both decryption and encryption

Xbox:
  • Xbox ADPCM plugin 0.1.2 (in_xbadpcm)
    Winamp plugin for playing the audio compressed with the Xbox ADPCM codec
    Supports wave (tag 0x0069), DAT files (like those extracted with the old versions of my XWB/ZWB files unpacker) and XWB/ZWB/WBA/XSD/XSH archives (seen as an unique audio file and with the automatic skipping of WMA and PCM audio)
  • Xbox ADPCM decoder and player 0.2.3a (xbadpdec)
    versatile tool for creating WAV files from any audio file (WAV, raw and within raw files through some offset and size options) which use the Xbox ADPCM codec
    Has also other interesting options which can be used to play the files on any system without codecs (stdin/stdout pipes) or adding a wave header to raw data for listening the file with the Xbox adpcm codec and more
    As the title suggests, this tool is also an audio player for the supported files encoded with the Xbox ADPCM codec and works on both *nix/BSD (using libao, compile the tool with -lao) and Windows (through waveOut)
  • TXboxAdpcmDecoder C 0.1.3 (uXboxAdpcmDecoder)
    C port (with many optimizations) of the TXboxAdpcmDecoder Delphi class written by Benjamin Haisch for decompressing the Xbox ADPCM audio
    Support both file-to-file and buffer-to-buffer decompression
  • AFS files extractor 0.1 (afsex)
    a very simple extractor for this type of files used by some Xbox games
  • XWB/ZWB files unpacker 0.3.1 (unxwb)
    great tool for extracting the data contained in the Xbox files with the XWB, ZWB and WBA extensions and any other file which contains the XWB archives.
    It automatically recognize the codec, frequency and channels of the audio files and adds the needed headers and extensions... in short the extracted files are ready to play
    The tool has also many options for the visualization of the files in the XWB archives, for the direct conversion of the files (executes a program for each one of them), direct stdout output and many debugging options.
    Both little and big endian archives are supported
    In case the wave header is not built with some files you can use my WAVEhead tool which is very simple to use (follow its runtime example)

Others:
  • File extractors/decoders/decrypters
  • Algorithms, functions and derivated tools
  • Network based projects (listers, checkers, info retrievers, ...)
    • PunkBuster messenger 0.1 (pbmsgs)
      Note that EvenBalance has removed or limited such feature in almost all the games, so is still possible to send some types of messages but not multiple messages at too short intervals
      tool for sending anonymous external messages to any server which uses PunkBuster:
      America's Army, Battlefield 1942, Battlefield 2, Battlefield 2142, Battlefield Vietnam, Call of Duty, Call of Duty 2, DOOM 3, Enemy Territory, Enemy Territory: QUAKE Wars, F.E.A.R., Medal of Honor: Airborne, Prey, Quake III Arena, Quake 4, Rainbow Six 3: Raven Shield, Rainbow Six: Vegas, Return to Castle Wolfenstein, Soldier of Fortune II
    • Battlefield 2 and 2142 bitstream sniffer 0.1 (bf2_sniff)
      experimental tool/hooker for monitoring the reading and the writing of the network protocol used in the BF2 and BF2142 games.
      In short there is a loader for the clients and one for the servers which are compatible with both the two games and seems also with almost any known version.
      All you need to do is placing bf2_sniff_client.exe, bf2_sniff_server.exe and bf2_sniff.dll in the folder of your game and launching the needed bf2_sniff_* executable which will inject the dll in the loaded process (the loaders allow you to decide also the command and the dll to load in case you want to customize them without recompiling).
      All the bits read and wrote (received and sent) by your game will be automatically dumped in a text file which can be viewed in any moment.
      If you want to understand the network protocol of this game engine, bf2_sniff will help you a lot
    • Punkbuster master server file downloader 0.1.1 (pbmsdown)
      a not so useful tool for downloading pbpat.1, pbsec.cl, pbsec.sv, pbq.4, pbq.5, htm\* and possibly other files
    • Babo Violent 2 RCON 0.1 (bv2rcon)
      simple tool which works as a RCON client for the Babo Violent 2 servers
    • JMeetREC 0.2b (jmeetrec)
      this easy-to-use tool allows the recording of a webcam video (frames) available on JMeeting.
      You can also watch the video in real-time or re-watch it in any other moment through two simple cross-platform html files (watch_ever.htm requires dom.disable_image_src_set disabled on Firefox)
      It contains many option and is possible to monitor multiple webcams at the same time through the watch_thumb.htm file
      Does NOT need accounts
    • AWCamREC 0.2.1b (awcamrec)
      recorder, lister and thumbnails viewer/monitor for the webcams on AnyWebcam.com
      Does NOT need accounts
    • PunkBuster online GUID checker 0.1.6 (pbguidcheck)
      verifies if a specific GUID (hash of 32 chars) used in a specific game has been banned by PunkBuster, the tool contains also the data of no longer supported games like mohpa, jotr, lockdown and farcry
    • Ultima Online account checker 0.1 (uologin)
      verifies if an online UO account is valid or not
    • Ultima Online login encryption algorithm 0.1 (uologin)
      the algorithm used to send the login informations to the login.owo.com server, it's based on the latest 5.00 encryption algorithm
    • Teamspeaklist 0.1.1 (tspeaklist)
      allows to retrieve the list of online TeamSpeak servers through the usage of filters and has also other options like executing a specific program for each server found
    • Neverwinter Nights account checker 0.1.1 (nwnlogin)
      tool for verifying if an username and a password are an existent Bioware NWN account
    • Qtracklist 0.1 (qtracklist)
      simple servers browser that uses the Qtracker master server. Supports also the option for executing specific programs for each IP.
      Sometimes check the following link for possible updates:
      qtracklist.cfg (qtracklist)
      updated 17 Jun 2008 (corresponding to Qtracker 4.71)
    • QtrackUP 0.1 (qtrackup)
      just a simple heartbeats sender for the Qtracker master server like the original QtUplink
      qtrackup.cfg (qtrackup)
      updated 07 Nov 2005 (corresponding to QtUplink 1.52)
  • MD5 hashes of the WADs for the Doom engine 0.2 (wad_md5.h)
    C style collection of MD5 hashes of tons of Doom/DoomII/Heretic/Hexen wads
  • Colin McRae Rally 3 bonus cheats calculator 0.1 (cmr3cheats)
    calculates all the cheat codes referred to your bonus code
  • Gore cd-key checker 0.1 (gorekeycheck)
    checks if a specific Gore cd-key is valid or not
  • Westwood online chat password encoder 0.1 (wocenc)
    the encoding algorithm used by Westwood to encode the passwords used by the users to chat. Completely useless... old stuff

Informations:
this section collects all those small informations (usefull or totally useless) which don't lead to projects but can be interesting for some people for curiosity or need
  • how to bypass the Windows File Protection without registry hacks or files modifications: for example if you want to substituite notepad.exe it's enough to go in c:\windows\system32\dllcache and delete the notepad.exe file available there, then substituite the real notepad.exe and then click on CANCEL and then YES when Windows will ask you to insert the cdrom
  • the web access of Win-Spy can be easily bypassed using some fixed cookies like "bsup=F5DE0FF25D86C40F9778D8" or "bsup=88944B4EC605C2D0B50D6ADCCAFD" and then is possible to download any file from the remote computer through a directory traversal vulnerability, an example of HTTP query is available here (nc SERVER 80 -v -v < winspyweb.txt)
  • IpSwitch FTP log server (used by WS_FTP) logs sender 0.1 (wsftplogfun)
    source code of a simple tool for building packets for this logger server (0xaaaa, 0xaaab and 0xaaad)
  • steam:// URL parameters: purchase, install, uninstall, preload, run, rungameid, runsafe, updatenews, storeurl, open, backup, validate, store, browsemedia, advertise, defrag, store_demo, installaddon, removeaddon, appnews, guestpasses, openurl, connect, viewfriendsgame, support, ackMessage, paypal, clickandbuy, publisher, subscriptioninstall, settings, friends, hardwarepromo, url, AddNonSteamGame
  • if you receive the error "cstdio:170: error: '::snprintf' has not been declared& while compiling C++ stuff (it happened to me with WinVNC) add -D_GLIBCXX_USE_C99_DYNAMIC to the c++ command or _GLIBCXX_USE_C99_DYNAMIC in the Makefile
  • W32dasm bug: for example the bytes 66C78030A540000100 are disassembled as "mov word ptr [ebx+0040A530], 0001" which is wrong since it should be eax and not ebx... really a luck to find it eh eh eh
  • Gorky 17 files extractor 0.1 the format of the Gorky 17 game files is very simple and I like the music of this game so I have written this basic files extractor. The archive containing the mp3 music is dat\common\voice.dat
  • The links used by Winamp for getting the list of online radios and TVs: winamp-links.txt
  • The authentication on Steam happens with the sending of a SHA1 hash of the password plus two 32 bit numbers sent by the server at its left and right (N1passwordN2). Then the hash is encrypted using AES
  • The packets of the game Tony Hawk Underground 2 are simply XORed with the first byte of the received packet
  • The All Seeing Eye master server uses a proprietary compression algorithm for the servers list, I think it's an updated version of that used in the Qizmo proxy
  • CloneCD... when a bad registry protection can be bypassed with a registry cleaner
  • Does really exist the password protection in Medieval Total War?
    funny document about a game with a server's password protection badly programmed
  • Why the Linux version of UnrealTournament crashes (signal 11) using the OpenGL or SDL driver
    I had this problem and it is incredibly simple to solve
  • Chat of Jmeeting: irc://irc.jmeeting.com:8067
  • Chat of Anywebcam: irc://chat.anywebcam.com:8080 (needs password)
  • Chat of Dark Horizons: Lore: irc://irc.mgonetwork.com
  • UT2004 DEMO cd-key/hash:
    UT2004-UTDEMO-UTDEMO-UT2004 / 238c7dd4ec4a065e2314c1c8b4d41ca6
  • UT2003 DEMO cd-key/hash:
    UT2DEM-UT2DEM-UT2DEM-UT2DEM / c44a7b7b1624e9d459c22fac61dc9dcc

old and unsupported stuff:
  • GSInfo 0.4 (gsinfo)
    retrieves informations from all the servers that use the standard Gamespy queries like "\status\", "\players\" and many others plus the new query protocol (FE FD ...)
    use Gslist
  • HLInfo 0.1.6 (hlinfo)
    very basic tool to retrieve informations from Half-Life servers
    use Gslist
  • IDInfo 0.2 (idinfo)
    retrieves informations from servers that use the IDSoftware protocol (Quake, Q2, Q3, RTCW, SOF, SOF2 and many others)
    use Gslist
  • UnrealTournament 2003 online servers added to favorites 0.1 (ut2003fav)
    this simple program is like an experiment to automatically add the servers listed in the page http://ut2003master.epicgames.com/serverlist/full-all.txt with lower ping into the favorites section of UT2003. The tool can be used on both Win32 and GNU/Linux and must be launched by the UT2003\SYSTEM directory. I recommend you to do a backup copy of the file UT2003.ini and to test different maximum ping timeout. To clean your UT2003.ini file you must simply delete the text lines in it beginning with Favorites=
  • UnrealTournament 2003 servers list retriever 0.2 (ut2003ms)
    it is based on the web list available on http://ut2003master.epicgames.com/serverlist/full-all.txt
  • UnrCheck 0.2 (Package files checker) (unrcheck)
    old and no longer supported utility for finding possible errors in the package files used by the games based on the Unreal engine. I have created it when I found the bugs in the Unreal engine at February 2003
  • Unreal Tournament 2003 alternative network project 0.1.3 (ut2003altproj)
    inside the package there is a complete explanation, however it is a simple patch for the retail UT2003 version 2225 (both Win32 and Linux versions) letting the users to play in the DEMO network of UT2003 using their original retail copy. My idea is to create a parallel/alternative network for all the players having the full original game
    At the moment is possible to join the demo network but NOT to host in it, uses a manual method to host your server in this network (like Gslist)
  • Unreal Tournament 2004 alternative network project 0.2.1 (ut2004altproj)
    this project is a patch for Unreal Tournament 2004 v3369 (both Win32 and Linux) and allows the usage of your retail game on the demo network or the usage of the retail patch on the demo.
    It is just like the same project I did for UT2003 listed above.
    The old projects are available for the versions 3355, 3339 and 3236
    At the moment is possible to join the demo network but NOT to host in it, uses a manual method to host your server in this network (like Gslist)
  • Empires Dawn of the modern World: packets encoding/decoding algorithm 0.1 (empires_algo)
    the algorithm needed for the encoding and decoding of the packets exchanged by this strategic game
    Note: it's not complete
  • Winziphide 0.3.1 (winziphide)
    this tool converts all the attributes of the files in the zip to directories attributes so Winzip and some other programs cannot show them (and viceversa for re-showing them)
  • Easy step-by-step to run Google Earth on Windows 98 0.1