|
|
SEARCH
adv.htm
PoC -
dplay8blah
Invalid memory access in Unreal Tournament 3 2.1
17 Jul 2010:
english -
|
adv.htm
english -
ut3steamer
Failed assertion in old games based on Unreal engine
Raven Shield, Deus Ex, Land of the Dead, Postal 2, Rune, Shadow Ops, Unreal 2, UT, UT2003, WarPath, XIII, ...
15 Jul 2010:
|
adv.htm
english -
grawful
Clients unicode buffer-overflow in Unreal engine 2.5
UT2004, UT2003, SWAT4, Postal2, RavenShield, ...
06 Jul 2010:
|
adv.htm
english -
hfsref
Directory traversal in the webadmin of Unreal Tournament 3 1.3
21 Sep 2008:
english -
|
adv.htm
english -
ut3webown
Failed assertion in the Unreal engine
Unreal Tournament 3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, Shadow Ops, ...
15 Sep 2008:
|
adv.htm
15 Sep 2008:
english -
PoC -
unreaload
Server termination in the Unreal engine 3
|
adv.htm
PoC -
ut3sticle
Clients format strings in the Unreal engine
11 Sep 2008:
english -
|
adv.htm
PoC -
armynchia
Memory corruption and NULL pointer in Unreal Tournament III 1.2
Unreal Tournament 3, America's Army 3 ...
30 Jul 2008:
|
adv.htm
PoC -
ut3mendo
NULL pointer in Unreal Tournament 2004 v3369
affects also other games like Red Orchestra, Shadow Ops: Red Mercury, ...
30 Jul 2008:
|
adv.htm
PoC -
asurabof
Unexploitable buffer-overflow in the logging function of the Unreal engine
18 Aug 2007:
english -
|
adv.htm
PoC -
hlboom
Code execution in the Unreal Engine through \secure\ packet
DeusEx, Devastation, Mobile Forces, Nerf Arena Blast, Postal 2, Rune, Tactical Ops, Unreal 1, Unreal II XMP, Unreal Tournament, Unreal Tournament 2003, Unreal Tournament 2004, Wheel of Time, X-com Enforcer, ...
18 Jun 2004:
|
adv.htm
PoC -
cmr4cdos
Arbitrary file overwriting in Unreal engine through UMOD
22 Apr 2004:
english -
|
adv.htm
LAN_PoC -
battlemages
Format string bug in EpicGames Unreal engine
America's Army, DeusEx, Devastation, Magic Battlegrounds, Mobile Forces, Nerf Arena Blast, Postal 2, Rainbow Six: Raven Shield, Rune, Sephiroth: 3rd episode the Crusade, Star Trek: Klingon Honor Guard, TNN Pro Hunter, Unreal 1, Unreal II XMP, Unreal Tournament, Unreal Tournament 2003, Wheel of Time, X-com Enforcer, XIII, ...
10 Mar 2004:
|
adv.htm
PoC -
q3concon
UnrealTournament 2003 2199 client passive DoS
13 May 2003:
english -
|
adv.htm
PoC -
msddos
Unreal engine: results of my research
DoS, DDoS, remote memory problems, execution of malicious code and more
05 Feb 2003:
|
poc.htm
poc.htm
poc.htm
poc.htm
poc.htm
poc.htm
poc.htm
poc.htm
this proof-of-concept is a fake Quake 3 server that sends a message containing the con\con string to all the clients that try to get informations from it. If the client that receives the string is a Windows95/98/98SE system without the con\con patch it will be crashed immediately. The problem happens on some games based on the Quake 3 engine. I have personally tested Quake 3 and Soldier of Fortune 2. The games I have tested and are NOT vulnerables are Return to Castle Wolfenstein and Medal of Honor: Allied Assault
- UnrealTournament 2003 Passive DoS (ut2003pdos)
vulnerable versions: retail v2199 and v2206 demo without fixed IpDrv library
|
poc.htm
- Master Server full DDoS tool 0.1.1 (msddos)
(+ Quake3 Master server statistics!)
- Unreal engine research Proof-of-Concept (research)
(UT2003 versions major than 2166 and UT major than 436 are NOT vulnerables, I don't know what are the games still vulnerables)
|
poc.htm
UDP packet for eating memory or crashing remote systems that run a game based on the Unreal engine (Unreal 1 is not vulnerable)
- UnrDoS 0.1 (unrdos)
Unreal engine network loopback DoS (successfully tested versus UT and UT2003)
- UT2003Bounce 0.1 (ut2003bounce)
|
poc.htm
Ping-pong network proof-of-concept for Unreal Tournament 2003 (UT2003 ONLY)
- UT v436 code execution (Win98 ONLY) (ut436)
This proof-of-concept must be used with the Windows version of UnrealTournament v436 (both UCC and game) on Win98 ONLY. It contains 2 map files that spawn a simple message in console for UCC or a MessageBox for the game.
If you use UCC: copy ut-ucc436.unr in Maps dir and run "ucc server ut-ucc436.unr"
If you use the game: copy DM-ut436.unr in Maps dir, run the UT game and select the map from Deathmatch maps
|
papers.htm
papers.htm
- Gslist 0.8.8b (gslist)
Gslist is a game servers browser which supports an incredible amount of games (over 3000) for many different platforms.
it can work in both command-line and an experimental web GUI mode, for this reason it's mainly designed for server admins, websites, advanced gamers and testers.
in short a game server browser is a tool that retrieves the full list of servers (IP and port) of a specific game like Battlefield, Crysis, Unreal and so on.
features:
|
papers.htm
papers.htm
- Unreal engine packets plugin for sudppipe 0.2.2 (unreal_sudp)
plugin for sudppipe which displays (and allows to edit) the content of the channels 1 and 3 of the packets of the games based on the Unreal engine:
sudppipe -l unreal_sudp.dll SERVER 7777 1234
then from the console of the game (~ key) type: open 127.0.0.1:1234
|
papers.htm
papers.htm
simple document containing the structure of the umod files.
- UMOD extractor 0.3.3 (umodext)
extracts all the files contained in the umod package files used by the Unreal engine based games (like UT, UT2003, UT2004 and so on). There are a lot of useful options and an automatic umod checksum calculator and fixer.
- UnrIndex 0.1a (unrindex)
|
papers.htm
papers.htm
some of the games which use the tntFolder archives are HoveRace and FireStarter.
simple and old unpacker for the files with .UZ2 extension used in some games which use the Unreal engine.
-->
- CBF files extractor 0.2.1 (cbfext)
|
papers.htm
papers.htm
- GSHlog 0.1 (gshlog)
another logger/sniffer similar to GSHsniff but which looks only to encoded packets and only to those sent/received to a specific game port.
- GSInfo 0.4 (gsinfo)
retrieves informations from all the servers that use the standard Gamespy queries like "\status\", "\players\" and many others plus the new query protocol (FE FD ...)
use Gslist
- HLInfo 0.1.6 (hlinfo)
|
papers.htm
- IDInfo 0.2 (idinfo)
retrieves informations from servers that use the IDSoftware protocol (Quake, Q2, Q3, RTCW, SOF, SOF2 and many others)
use Gslist
- UnrealTournament 2003 online servers added to favorites 0.1 (ut2003fav)
this simple program is like an experiment to automatically add the servers listed in the page http://ut2003master.epicgames.com/serverlist/full-all.txt with lower ping into the favorites section of UT2003. The tool can be used on both Win32 and GNU/Linux and must be launched by the UT2003\SYSTEM directory. I recommend you to do a backup copy of the file UT2003.ini and to test different maximum ping timeout. To clean your UT2003.ini file you must simply delete the text lines in it beginning with Favorites=
|
papers.htm
papers.htm
inside the package there is a complete explanation, however it is a simple patch for the retail UT2003 version 2225 (both Win32 and Linux versions) letting the users to play in the DEMO network of UT2003 using their original retail copy. My idea is to create a parallel/alternative network for all the players having the full original game
at the moment is possible to join the demo network but NOT to host in it, uses a manual method to host your server in this network (like Gslist)
- Unreal Tournament 2004 alternative network project 0.2.1 (ut2004altproj)
this project is a patch for Unreal Tournament 2004 v3369 (both Win32 and Linux) and allows the usage of your retail game on the demo network or the usage of the retail patch on the demo.
it is just like the same project I did for UT2003 listed above.
the old projects are available for the versions 3355, 3339 and 3236
|
fakep.htm
it's interesting to notice that various programs which accept TCP connections suffer of some negative effects caused by their stressing through this simple tool.
- Unreal engine basic client and Fake Players DoS 0.2.5 (unrealfp)
interesting project about a basic client for sending custom commands to any server of almost any game based on the Unreal engine 1, 2 and 3:
- America's Army
|
fakep.htm
- The Wheel of Time
- Tribes Vengeance
- Turning Point - Fall of Liberty
- Unreal 1
- Unreal II XMP
- Unreal Tournament
|
fakep.htm
- Unreal Tournament
- Unreal Tournament 2003
- Unreal Tournament 2004
- Unreal Tournament 3
- Warpath
- X-Com Enforcer
|
fakep.htm
- does not work with Klingon Honor Guard and probably other old games while others just crash completely due to their bugged netcode.
Notes:
- depending by the version of the engine, can test passworded server without knowing the keyword.
- with the games based on the Unreal 3 engine and where is possible to use the JOINSPLIT command (Unreal Tournament 3, America's Army 3 and so on), it's enough to specify such command for testing the filling of the entire server slots using only one player: unrealfp -1 -x 2 -s JOINSPLIT 1 64 -l "ui_bink_master?Name=player?team=0?Face=0" 127.0.0.1 7777
|
patches.htm
patches.htm
testz.htm
- FindBits 0.2.2 (findbits)
simple and useful tool for analyzing a given file to search if exist text strings or bytes which are packed in bitstreams.
the tool can be even used to read and visualize a custom amount of bits, for example using the option -s "1 4 32 1000" the tool will visualize the hexadecimal, string, decimal and binary values of the first 1, 4 and 32 bits of the file and the hex dump of the subsequent 1000 bits.
some examples of game protocols which use the bitstreams are the Unreal engine and the Battlefield series.
- loDNS 0.1 (lodns)
|
testz.htm
it uses 127.0.0.1 as default IP address in which resolving the hostnames but it can be changed at command-line, if it's used the IP 0.0.0.0 the tool will not reply (monitoring only).
it's a good way for resolving unknown hostnames locally while testing a program, it's only needed to set 127.0.0.1 as primary DNS and launching loDNS.
- Unreal engine test server 0.1 (unrealts)
basic way for emulating an Unreal server and testing the sending of commands to a connected client
|
47 results found
|