Jump to content

All Activity

This stream auto-updates     

  1. Today
  2. Clippers and Lakers played each other twice. Clippers beat them twice, ONE time Kawhi didn’t have Paul George 🤷🏽‍♂️Just saying
  3. Nah bro Kawhi and Paul George can’t stop Lebron and Davis, if they aren’t injured
  4. ____________________________________________ Mask Name - Marnie Mask Image - ____________________________________________ If im dumb and masks arnt random images then im sorry.
  5. A few years ago I had found the GFL community under the custom game-mode Decoy Dodgeball --- I did a quick Google search to see if the plugin was still around (it is, albeit old, and probably not up-to-date afaik) Any chance that it's still around, in some form or fashion? I see the creator released it to the public some years back.. but I wasn't sure if it had completely died as of late. If so, any info on this? I'm looking to play around with it again, if possible. Though, my hopes aren't high considering CSGO Updates possibly rendering the plugin useless... I had made some maps back then as well, which I believe I might still have access to. Either way, thanks for you time in reading the post, and answering my questions; if you happened to know something. Cheers! -FordoGreenman
  6. Ain't no one is going to stop the Red Sox from winning the finals.
  7. +1 Easy +1 a server regular, and wants to be an admin? Amazing. What's the worst that could happen? Honest we need more active admins imo, and what's the worst that can happen? A demote? Thanks for applying, I'm excited to see you applying.
  8. you must be crazy to think that, Clippers are taking it all.
  9. Yesterday
  10. I’m in full support for the Lakers
  11. I was playing this night, I am a eye witness to John cheating as well.
  12. Announcement! We are extending the deadline 2 weeks. You now have until 11:59 PM (Central Time) on Sunday 2/16 to submit your map. We have a few that are completed, but a few folks said it will be close and the more maps the merrier. If you already submitted a map, and want to make some changes/enhancements now is your chance.
  13. Finnick`s Art Thread

    lay off the chilli dogs boomer inspired by an artist on twitter
  14. Finnick`s Art Thread

    angst juss bored heeheehaahaa
  15. I want a dj job too that was my favorite thing to rp as same with the movie theater owner. You should also add more fun stuff like people who can make mini games for people to play
  16. Change the dam server name to serious role play then cause I have never seen such serious staff and game masters on a server before
  17. I believe this ban should stay. It's 24 hours. Use the time to reflect on our rules, because as you described "thinking" he was the T is just suspicion and not KOSable, meaning it was RDM. DENIED
  18. Thanks. I was just curious about the YMMV thing. As for anything regarding security clearance I mentioned nothing, but I'm sure anyone with that need to know and considering it would leave it to their investigator to determine. Still a very cool guide. Great job.
  19. It's definitely a YMMV kind of thing. Would I advocate REing non-abandonware for the purposes of abusing someone's copyright? Absolutely not. There's a reason I selected a game available on the internet archive from a quarter century ago. That said, what you do with the software that is on your computer is your business. When you start releasing things (e.g. cracked games on TPB), well, that's a whole different story. Which is to say, REing itself is not a gray area at all. It's what you do with it that could be.
  20. This was a very interesting read. Is it considered fully legal or are there some gray areas to it? I wont be participating in it myself as of now because I know I have to meet standards that may seem excessive to others, but it is what it is; it has certainly answered a few curious questions I've had and may I eventually poke around to it more thoroughly when it's absolutely clear I'm allowed to- for academic purposes of course.
  21. I killed them because I thought they were the T. I said so in my appeal. I see someone shooting someone I immediatly think "this guy is a T!"
  22. Hey everyone, The new NYC PoP is now active and everything appears to be working fine! The NYC machines and my VMs are routing to the new PoP without any issues from what I can tell. If you experience any issues, please let me know! Thanks.
  23. I'm just gonna add here that I also added a ban to you for RDM/L because you had killed an innocent in the bathroom after they had killed a traitor who was kosed, before they had time to ID the body, they were gunned down by you. Another round previous to that, there was a gun fight going on and you had joined it and killed an innocent. There was a total of 5 reports against you on one map, 4 of which were in fact RDM. I think the ban should remain, although it isn't my choice
  24. Ash Presents... --- Reverse Engineering: A Fun Case Study and Overview --- I. Introduction Reverse Engineering: A phrase commonly associated with both the InfoSec world (e.g. Malware Research) and in the game hacking world (e.g. cracking a game for various reasons). A quick definition that I pulled from Wikipedia is as follows: In 1990, the Institute of Electrical and Electronics Engineers (IEEE) defined reverse engineering as "the process of analyzing a subject system to identify the system's components and their interrelationships, and to create representations of the system in another form or at a higher level of abstraction", where the "subject system" is the end product of software development. Reverse engineering is a process of examination only: the software system under consideration is not modified (which would make it re-engineering or restructuring). Reverse engineering can be performed from any stage of the product cycle, not necessarily from the functional end product [1] This is a fancy way of saying: Reverse engineering is a set of procedures that are used in order to analyze something that we don't know about, so that we can figure out how it works. This can be done for a variety of reasons. Personally, I work on a project that involves re-creating network services for a popular series of Japanese music-based arcade games so that they can be played outside of their intended country. This involves needing to Reverse Engineer (RE) the game binary so that I can know what the game is expecting to receive from the server. I've also previously worked on a project that involved re-creating scripted World of Warcraft events for a private server. That kind of RE relied heavily on performing research through non-technical means (e.g. finding youtube videos and online resources to explain how the events worked once upon a time). In this way, we refer to RE as the process of analyzing something we wish to know more about. The purpose of this tutorial is more strictly just for fun and to serve as motivation to do additional research. We will not be getting into terribly much detail, because that would take hours to write up, and is best left to the student to poke around. Practice and an inquisitive mind are your best friends when trying to learn RE. (Well, that, and a healthy understanding of the target file types e.g. the Windows PE format. If you are more technically inclined, now is a good time to brush up on it but it's not necessary for this tutorial). Practically, you will want to get a good understanding of debuggers as well, but again - that's outside the scope of this tutorial. For the scope of this tutorial, I will make a few assumptions. Primarily, we're going to work on the assumption that code does not look scary to you, and that you have already written some kind of code at some point in time that you have compiled. Ready? Let's go. II. Background Information For our purposes, we will only touch briefly on the process of actually compiling written code into an executable program Consider this basic C program: #include <stdio.h> int main() { // Print Hello World printf("Hello World"); return 0; } If we compile this and execute it, we will get the following: Fairly straightforward! But what we care about here is the process that turned it into something that the system was able to understand. The very basic explanation of this process is two-fold. First, the compiler is going to take these nice, pretty lines of C and turn it to the respective x86_64 instruction set assembly code that it relates to. This will look something like this. Woah. Suddenly our program isn't so clean anymore. That said, the compiler does some magic at this stage which can sometimes be a bit of a PITA, but hey - that's beyond the scope of this :^). Finally, when this is done, the Assembler is going to do its job of turning these instructions into object code - This is what the processor is going to use to actually execute these instructions. We can more or less stop here for this process and ignore say, the linker. The big takeaway here is C code (compiler) > Assembly Code (assembler) > Executable Program In our case, we are wanting to somehow take this process, and go backwards - Given some executable we have, can we somehow follow the reverse of this process and get back to the original source code? Well, the answer is a soft kind of. See that really ugly blob of assembly and how it doesn't look nice and clean like the true source code? That's because of our best friend Mr. Compiler. He looooooves trying to do things in order to make his life and the life of his best friend Mrs. Processor easier, without any consideration to those of us trying to poke our nose into things we weren't intended to. How rude. Luckily for us, we do have a means of getting back to this source code. Enter our friend Ghidra is a free tool developed by the NSA which will perform both the process of Disassembly (turning the .exe back into assembly) and Decompilation (turning that assembly back into as much C as it can). Typically, Disassemblers were very easy to find, however, up until earlier this year, IDA was generally the only go-to for a good decompiler, and - anyone who has ever looked into how expensive IDA is can tell you - is prohibitively expensive. Now, we have a nice free (and open source!) solution to solve this problem. Let's look at what Ghidra is able to do. As you can see, the Disassembler generates something that looks ugly as sin, even compared to the original assembly code that was generated. This is all due to how the compilation process ends up working. The Disassembler (and by association, the Decompiler) have to make some educated guesses on what was originally done. As you can see, the Decompiler was able to generate something for us that, while isn't completely identical, is generally fairly serviceable so that we can go about our business. One thing that isn't in this program were variables - unfortunately, these variable names are nearly always missing from the decompiled view and are left with dummy names. So now that we are fresh with our understanding of how source code becomes a program, and how that program turns back into some semblance of its original code, let's see how to go about doing it! III. Prep Step one is installing Ghidra and its Java requirement. Come back when you're done. https://ghidra-sre.org/ https://ghidra-sre.org/InstallationGuide.html#Install With that handy, if you'd like to follow along with this tutorial, grab a copy of this really old shareware game I used to play like 23 years ago. https://archive.org/download/ARCADE95/ARCADE95.zip If you're feeling squirrely, go find some other shareware game and see if you can "crack" another game! IV. Initial Research So now that we've got everything downloaded, let's take a look at the file structure of this. Looks like we've got some resources, some help documentation, some random files used for that help documentation, and an executable. Let's open it up. We've got the typical "Hey, if you like this, give us money!" window (which, by the by, as far as I can tell, the company no longer exists, which is why we're using this for our tutorial) We've got a few options that seem to be locked so that we can't access this during the "trial" And some more locked options. Cool. Let's get under the hood and see what is going on. V. Ghidra The first time you load up Ghidra, you'll get the usual set-up steps of agreeing to a lot of things you didn't read. Once this is all done, you'll see the Project Selection screen. This will look something like this: Step One is creating a new project! To do this, select File > New Project, or use Ctrl+N. It will ask you if you would like to create a Non-Shared Project or a Shared Project. In this case, we want to create a Non-Shared Project. The next screen will ask you to give it a directory and a Name. Once this is done, click "Finish". Your project will now list as an Active Project, albeit an empty one. Simply drag over your .EXE file into this window, to import it! When you attempt to import your project, you will see this window. While a more proper RE course would go into details about what all of this means, simply just press OK here. The Import Summary will pop up next. For that, just hit 'OK'. Finally, Double Click the .EXE file that is now listed under your Active Project. The CodeBrowser tool will open it, and you will see the following: This analysis is what will allow the various code functions to be decompiled. We will click Yes here, and in the menu that appears after, click Analyze - there are many other Analysis options which can be selected, but for the sake of having this not become huge, just go with the defaults. It shouldn't take too long for this Analysis to complete - say, a minute or so. When it is all done, an error might come up - Just ignore it And click 'OK'. With that, we will have our workspace all set-up and ready to go! Compare what you've got to this link to make sure you're all set up: https://ash.s-ul.eu/FftnKCSc.png VI. Analysis So we've got Ghidra all ready with our Disassembly view, but where do we go now? Unfortunately, this process is not an exact science. When I will start a new arcade game, generally, I'll start with looking at the strings. Ghidra will go through the entire program and try to identify strings, or string-like things. We'll get a lot of nonsense here (since the tool will just guess that the null terminated AksfVn looking things that really aren't strings are, but we'll ignore them). To look at all of the strings Ghidra has identified, Select Search > For Strings from the top menu. A window with options will come up - Just keep all of those settings default, and select 'Search'. Give this an overview. Some things will be very obviously non-strings, while others, like the listing of languages about 1/4th of the way down, may seem strange! A lot of this comes from the various libraries (e.g. DLLs) that the program uses. These can also generally be ignored. What we're interested in are the game strings. Can you think of where to start? Well, think back - when we were doing our initial overview, we noticed that there were some options that were not accessible, to include Buy Five Tickets Buy Ten Tickets <And all of those options> Let's take a look at what's going on around that 'Buy Five Tickets' line. In the 'Filter', type 'Buy'. We can look at that first string by simply clicking it - the Assembly view will jump to that specific instruction! Now let's close out of that and take a look. At address 0x449224, we've got that string - What's important here is that XREF on the right. These XREFs are anything which refers to this particular 'thing'. Let's dissect what it means FUN_ : This means that we are looking at some 'function' - since we don't know what it was originally called, Ghidra just gives it the prefix FUN_ 004021c3: This is the starting address of the function itself 0040225e: This is the address of the line that references our 'Buy Five Tickets' string For now, click anywhere in that name to jump to that function. Not only will you see that function in the assembly view, but the Decompiled view should now have what Ghidra believes is a representation of the original code that made up that function! The Reverse Engineer in me is elated by this. Why? Well, look at the first line of this picture! We've got some 'If' statement - If it is true, then we never do anything with Buy Five Tickets or Buy Ten Tickets! This seems like it would be a good lead to me, no? So that line says if some variable is equal to zero, don't use Buy Five Tickets/Buy Ten Tickets. This sounds like it could be something like ' if (isActivated == 0)' to me, so what I'll do is change that variable name to 'isActivated' instead of the ugly '_DAT_004...'. To do this, simply click on that ugly variable name, and press 'L', or right click and select 'Rename Global'. Here, you can change the name. I changed it to 'isActivated'. Now, it looks like: So that's pretty cool! Did you catch where it said that the value was a 'Global'? Well, that means this variable is used elsewhere! Let's have a look. In order to see all of the places something is referenced, just double click the variable name. In our Assembly view, we now see: So as we know, there are 6 places that reference this variable - three of which are where the variable is 'read' to, and three of which are where something is written to that variable, denoted by the (R) and (W) respectively. Remember how that code wanted to see if isActivated is 0, well, what we would like to see now is if there are any situations where that variable is written with a non-zero value. Let's ignore all of the (R)s for now, and take a look at the (W)s Selecting the first one brings us back to the function we came from: Whoops - let's double click isActivated again, and choose the second one: Hey now. We're getting somewhere! We actually see both the second AND third writes here - the third is just within the body of that if statement. Speaking of which, what's going on with that if statement? Well, we've got something about CommandLineInfo, then a Function Call, then we set isActivated to 1. We then have another function call which looks like it compares two values with the == operator, and checks to see if they're equal. If they aren't, we set isActivated to 0! Let's see what that DAT_004492b0 is. Double click that to navigate to where that variable sits in memory. Oho. That's the ASCII string "2011". It wasn't processed as a string by Ghidra for some reason. Honestly, that's not too uncommon. There are ways to fix this, but it's outside our scope for now. So let's go back - click that FUN_004059f7 in the XREFs list to go back, or hit the back arrow up top by the menu under 'Edit' Looking at the code again, we are comparing some value, local_24, to 2011. If local_24 == 2011, then isActivated remains at 1. How do we get local_24 to be 2011 then? Well, unfortunately, we don't really see anything for local_24. If you mouse-wheel click on local_24, you will highlight every instance of that variable in this function. A quick glance shows that it's declared on line 15 as a CString of size 16, and is only used on line 46 and 51. Let's look around a bit. Remember that CComandLineInfo function on line 42? Well, let's see what that is about. Notice how it is actually named something reasonable instead of FUN_<address>? Well, that's because it's an imported function. Taking a look at the Assembly view, you will see the function call as: Do a quick google search and you'll find https://docs.microsoft.com/en-us/cpp/mfc/reference/ccommandlineinfo-class?view=vs-2019 Hmm...So immediately before we check that some value is equal to 2011, we're creating an object that parses command line info....Surely it isn't as easy as just running that exe file with 2011 as a parameter...is it? Whelp... No splash screen either :^) - We've just managed to "activate" the game. Apparently, the game checks to see if it was launched with 2011 as its first parameter. If it does, it treats itself as being activated. If you'd want to do this without having to run it in a command prompt, you can also create a shortcut with 2011 as a part of the target. Congrats! You've just RE'd a Shareware game from 24 years ago to get the full version, since it can't be purchased legitimately anymore! VII. Takeaways As you can see, this was a fairly straightforward example, but we did make a few assumptions - We never actually saw where local_24 was getting populated by 2011, we just assumed that to be the case from the documentation on google -- well, a lot of REing is making those sorts of educated guesses. There are often times where we just have to slam our heads against these problems and hope for the best. Not everything with this process is methodical - Often times, it just comes down to how you as the reverse engineer goes about it. Personally, my first starting point is always going to strings, but maybe you prefer to do something else. This is fine. The best way to go about it, honestly, is to just poke around. Find something that seems interesting to you, and open it up and see what you can find! I always like to introduce people to RE with an exercise like this because it's always interesting to be able to see how these old games used to work and certain assumptions that were made before the days of crazy DRM schemes and encryption. Sure, having a random parameter being checked for equivalence seems ridiculously insecure, but this was the mid 90s and all of these fancy tools weren't in heavy use, so they could get away with it! Naturally, things aren't that easy these days, and there is a lot of work that takes place to try to trip up less advanced hackers. I hope this tutorial has given you enough of an interest in this subject matter to warrant further research! There are a ton of excellent videos on the subject on YouTube on more advanced usage of Ghidra, and what more modern programs may look like. The last bit of parting advice I'll give is to always stay curious, and to keep learning as much as possible! VIII. Sources [1] https://en.wikipedia.org/wiki/Reverse_engineering#Reverse_engineering_of_software IX. Homework RE the activation code of https://archive.org/download/BOTZW95/BOTZ_W95.zip PM me your answer and proof that it works, and you might get a prize!
  25. Name: Yoshikage Kira Steam ID (or steam profile link): STEAM_0:0:46799269 Banned by: I killed innos as a detective. 2 of the deaths were misclicks with the double barrel as i did not know how it work. Other times I killed innos because I thought they were T's, since I saw them shooting first. Ban Reason: Karma ban Why should you be unbanned My supposed RDMs are all accidental. I made that clear on the server. I hope that I may be unbanned so I can do better next time.
  26. The football in Spring time, especially after NFL gives them a huge chance to be a success, especially if it's going to be after the Super Bowl. Alliance of American Football had a great success before they ran out of money to bankrupt. I think in order for XFL to succeed, they have to have a millionaire/billionaire owners in charge of the league, which is a odd and perfect timing. Vince McMahon is a billionaire and operates WWE, so I believe it will survive in long term.
  1. Load more activity
  • Create New...