released also the script for extracting the files of Need for Speed: Shift nothing new, if the input file has an invalid signature the tool asks if you want to continue its handling which "could" be useful in some very very rare cases where the signature is damaged and even the original programs can't read them better documentation of the format and added options for listing and filtering the files and an experimental one for rebuilding the archive if the version of the game no longer allows the loading of the files from its folder added the -f option which must be manually enabled on both the endpoints and activates a particular mode where multiple files are sent faster (because there is no need to send the confirmation byte for each file) and added the rc4 encryption with -c solved the wrong chunk size implemented from the archives of version 7, anyway only the texture archive (*_tx.ttarch) of the last 2 games of Tell Tale had this problem so all the other files weren't affected updated almost all the advisories and proof-of-concepts to match the build version 3933 which is the latest known release of the Source engine and which is used in games like Orangebox and Team Fortress 2.
Only the sourcenotvnull vulnerability doesn't affect this build added the handling of the tcpdump files (the sniffed sessions generated by wireshark), added the authomatic decompression of the zipped authentication data when is not used the -f option (so in visualization mode only) and allowed the visualization of the data which is not-encrypted solved a bug in ttarch_meta_crypt where in some rare cases was decrypted an additional block of the file corrupting it, added some additional fields in the rebuilding of files of version 2, added the usage of ttarch_meta_crypt also in rebuild mode otherwise some files looked corrupted, in extraction now the offsets of the non-compressed archives are showed as absolute (so 00112233 instead of 0 for the first file) substituited the memmove function with a manual one to avoid the possible senseless memmove bug (the job of memmove is just copying the data byte per byte but for some unknown reasons in rare occasions it could corrupt part of the data) added support for the first chapter of Tales of Monkey Island and Muzzled, now the files are decrypted only when the -m option is enabled for logical reasons, added an option for forcing only the decryption and the encryption of the input file (debug) added option -F which creates the pipe file \.\pipe\ventrcon (/tmp/ventrcon_pipe on linux) so that any program on the same machine can send commands to ventrcon simply writing them in that file, added the -C option for caching the ventrilo 3.x keys (mainly useful for debugging) an experimental and very basic project I created as a test various months ago and which uses a simple way to recognize and limit the players from the same IP address, released also a modified version which allows to choose the maximum number of players (3 by default) added support for the GBI files used in g Burner which are identical to DAA except for some microscopical lame changes, anyway the 99% of the GBI files online are just renamed DAA files so the previous version of daa2iso already worked with them perfectly the only change in this release is the possibility to re-encrypt the file because ARCA Sim Racing seems to need it, for the rest the new major version has been used because now the usage/syntax of the tool is like the one of rfactordec and wtcced added the -L option for placing the list of files in a file, added the -D option for using decimal notation internally, optimized the For command, gained some milliseconds from myitoa, added the experimental commands for implementing recursive functions (Start, Call and End Function) fixed the handling of some numbers (signed integers and shifting are not friends), the letters between ' are now considered numbers (so 'a' is 0x61), now in Get/Put Var Chr is possible to specify also the size of the number through an optional parameter and added: LZX, Binary and Base Name types, Bytes Read and Not EOF internal variables (they are used in Multi Ex), handling of elif and else (very useful), a new optional parameter in Find Loc to avoid to terminate the script if the string is not found, various new String operators, Get Array and Put Array functions which can be used to work on some temporary dynamic arrays (useful in some occasions), Quick BMSver command which allows to specify the minimum version of Quick BMS supported by that script added the -k option which allows to specify a custom key or the name of a game which uses a custom key and is supported by wtcced, this is needed to decrypt/encrypt the files of "Volvo The Game" (example: wtcced -k volvo new.gmt) added the handling of the return values of the myproxocket plugins for the functions myconnect, mybind, mysend and mysendto for allowing the user to skip the calling of the original functions (for example don't sending a packet if its content doesn't match our criteria) and added the function mysocket for hooking the socket function tons of speed improvements and memory and code optimizations, added the double console gui mode (works from command-line if started from the console or with a minimal gui if double-clicked), when the tool asks to overwrite an existent file now is possible to use "a" or "all" for overwriting them automatically, added multiple memory files (MEMORY_FILE, MEMORY_FILE2, MEMORY_FILE3 and so on), added a TEMPORARY_FILE which is nothing else than a file with this name which is saved also in list mode, all numeric variables are saved in hexadecimal, File XOR and File ROT13 now accepts also a variable as argument, added support for various encryption algorithms (aes, blowfish, des, 3des, rc4 and xtea), added the Print command which allows to show a message at runtime and various other enhancements and fixes other than new BMS examples like the one which acts as base for the games which use the TTARCH format (remember that each game has its own key which must be specified in the script) added the handling of the x86 filter in the LZMA decompression, this is absolutely useless in this case because the LZMA chunks in the UIF images don't use such filter but it's good for being 100% compatible with the format added the explode (pkware data compression library), gzip and lzma (included handling of the x86 header and decoder) compressions, the filename of any opened file is saved and can be read from inside the scripts (example: get NAME filename 1), added the Padding command, some small enhancements and bugfixes of the code this tool is a scripts based files extractor compatible with the BMS language.
or * to guess their extension, better colors for the hexhtml visualization, automatic handling of xcompressed files (\x0F\x F5\x12\x EE) in comtype xmemcompress, some malloc to calloc changes, new icon, changed major version number due to the huge amount of enhancements from 0.5 added the -S option for scanning only some signatures instead of all, -t for choosing the exact number of threads to use, -a for forcing a specific image address, -3 can be used to write the INT3 directly in the process specified by -P I have just released the proof-of-concept for the game vulnerabilities disclosed by Re Vuln in a paper related to the talk given at No Such Con #1 in May 2013 - Breach, Brink, Cry Engine3, Nexuiz (not the Classic one), Sanctum, The Haunted, Homefront, Monday Night Combat, Quake 4.
The bugs were all 0-days over one year ago and probably they are too.
a player for Linux was really needed so now I can listen the Unreal Championship music on the penguin toosimple tool for playing with the size of the UDP packets (useful for testing possible socket unreachable bugs or flooding the servers of some game engines with socket error messages) and their content, contains also some interesting optionstool for sending RCON commands (both interactive and one only) to servers which use the Quake 3 engine or a compatible RCON protocol.
The tool supports also password guessing through brute forcing and wordlist methodsuhmmm I have added support for ZWB and XSD/XSH archives and solved some bugfixes (now each subsong has its rate and channels, watch the previous news about XWB) but the best thing would be the creation of a Winamp plugin for handling archives which I don't know how to do at the moment..tool is finally complete, I have added support for XSB file (now the extracted files can have the original name), support for samplerate, channels and codecs with automatic header and extension plus many bugfixes and enhancementsadded the function TXbox Adpcm Decoder_Decode_Memory() for the usage of buffers, this function has also optimized the reading and writing performance of the files.
I'm still at the beginning now enctype X is default (so there are no longer problems with big endian processors) and has been added the -R option which shows all the rooms of a game available on the Gamespy Peerchat server (thanx to CHC) substituited Open SSL with another DES function which makes the executable a lot smaller and modified the headers of some source files (so NO changes to the core) with the suggestions of Jari Aalto of Debian added full support to the protocol and algorithm used by ANY game to query the GS master server (use -t -1 to enable it), an option to receive the informations of each server directly from the master server (-X) and now the query of the servers through GS natneg must be enabled with the -G option now the webgui and -Q scanning is slower since I have implemented the reping of the servers and the usage of the Gamespy NAT negotiation for the queries 0, 8 and 11.
removed some filtered chars in the -Q scanning solved a bug in the backup SQL query and removed the underscore filtering (thanx to ouioui), added the -E option for ignoring some SQL errors and -D for choicing a custom amount of milliseconds between each query (-Q/webgui) added support to the zeroed compressed files like S_9021__W. Z of YS6, added an option for extracting/listing only the files with a specific extension and moved a size check to the correct location Research: Falcom YS games NA/NI/Z files extractor and rebuilder 0.1complete tool for extracting and rebuilding/appending the NA/NI/Z archives used by the series of games developed by Falcom like Ys Origin, Ys Felghana and any other which uses these types of files Research: Ventrilo RCon tool 0.2rewritten using the ventilofp code (but Ventrilo 3.x is not supported yet), added support to version 2.2, added the /chan custom commands which allow to create/delete/list all the available chans and many bugfixes I have found a bug in the stristr, in short "findme" is not found in "ffindme".
note that this version is NO longer compatible with the previous one!
full support of two other shameful ways used by Power ISO for obfuscating the data: the swapping of the 3 decompression functions in the inflate algorithm and another senseless encoding of the index table added handling of master server messages in enctype X (useful in case you use a wrong -f filter), now everything is displayed on stderr except the servers and games list and their informations, the classical list of the IP:port of the servers will bet no longer displayed when -X is in use to avoid duplicates with the "IP:port \parameter\value" output, finally the system tray icon of works completely and gslist can be launched or terminated from there too substituited the decompression library from zlib to the more simple and tiny tinf library which has allowed me to add support to a small and unusual difference in the inflate algorithm used in Power ISO which caused the failure of daa2iso with some DAA files, continued the research on some unused or rarely used fields of the DAA file format the default hexadecimal format is now immediate because no longer uses the slow sscanf() which instead remain active for the other alternative formats chosed by the user, added also a very useful option which allows to handle the hexdumps added support to all the latest games like Call of Duty 5, Crysis Wars and War Hammer Online and a new feature which allows to verify a list of GUIDs of various formats included the pbbans one available on Punk Busted this tool has the main purpose of finding any ASCII and unicode string inside PE and ELF executables with the possibility of modifying these strings with an external text editor and re-injecting them in the original executable added a real-time disassembler with parsing of ASCII and unicode strings, usage of sh_flags instead of sh_type for the visualization of the characteristics of the ELF sections, fixed a problem with virtual offsets set to zero (ELF) solved a mistake in the calling of mysendto and myrecvfrom, removed the usage of secure_in_use in acpdump.h which caused an endless loop, modified the prototype of mysend/mysendto so now is possible to create a new buffer during their hooking which will be automatically freed by proxocket after its usage with the real functions, better handling of mysend/mysendto with the WSASend/WSASend To functions, improved the examples available in myproxocket.c added some examples and more informations in myproxocket.c, now myconnect and mybind are called before the original functions, if the return value of myconnect/mybind/mysend/mysendto is negative will be not called the relative original functions I have almost rewritten this small tool, now the compressed data generated by it is complete and not partial or corrupted as before.
removed the -l/-s options and renamed -x to -o (offset).
still no news about the optimization of the compression, this is a limit of zlib Proxocket is a dll proxy project for the main Winsock functions which allows to capture any type of packet and data sent/received by a specific software of your choice and optionally modifying its content through a custom dll easy to develop I have started to restyle a bit the whole website with better descriptions (many of them are incredibly old or short) of each stuff here making everything less confusing to navigate and understand...
let me know if you have ideas for building files from Ogg Vorbis/CELT frames fixed a crash with -9 at the end of the process, Call Dll with automatic handling of stdcall functions exported with or without @ name, sega_lzs2 with automatic handling of headers and size, automatic handling of nameless files inside folders (like folder\), -X option that acts as -H for the Windows console (colored fields highlighting with hex viewer), better support for Snappy, another small fix for -d/D, less memory requested for -X/H, additional checks to verify if the reimported file is bigger than the original -O option to redirect any extracted file to the same output file (good to be used with named pipes), exit/error codes, real unicode utf16 support in the bms commands, -Y to answer yes automatically to any request from the tool, full fix for -d/D and support for same input and output folder ("_extract" suffix), fixed getarray with constant variables, fix for -9, -3 option to place INT3 before any Call Dll, support for Windows 98, ffce algorithm, exception handler, added fix for lz4 output size, -D option similar to -d but without folder with name of the file, -f/F filter with negation filter like -f "*.mp*;!