❌

Normal view

There are new articles available, click to refresh the page.
Before yesterdayPosts on Maurice's Blog 🐍

Game hacking reinvented? - A cod exploit

14 December 2017 at 00:00
A few years ago, I became aware of a security issue in most Call of Duty games. Although I did not discover it myself, I thought it might be interesting to see what it could be used for. Without going into detail, this security issue allows users playing a Call of Duty match to cause a buffer overflow on the host’s system inside a stack-allocated buffer within the game’s network handling.

Harpoon - Yet another ARP posioning tool

16 December 2017 at 00:00
After having started to use libraries like libpcap or WinDivert, I got curious about low-level networking protocols like Ethernet, IP, ICMP, ARP, TCP or UDP. Especially the Address Resolution Protocol (ARP) fascinated me, as I have previously used tools like Ettercap or Cain & Abel to experiment with Man-in-the-middle attacks using ARP poisoning, however, I did not know how ARP poisoning worked in detail. Basically, using an ARP request, you can request the MAC address of a particular host behind a local IPv4 address.

9os - Nyan Cat 'Operating System'

25 December 2017 at 00:00
For our graduation-party at school two years ago, a friend of mine, Olrik, and I decided to play the Nyan Cat theme on all PCs at school. With the name 9os, we started writing the entire project using 16bit x86 assembly. The task was to draw the rainbow behind the cat, then the cat itself, play the music and in the end draw the stars. Drawing the rainbow was pretty simple, as it consists only of a few stripes that need to be drawn at alternating heights and colors.

Google CTF 2019 - JIT

27 June 2019 at 00:00
Thanks to Rektinator and TwistedFate for helping me solve this challenge. JIT was one of Google’s pwnable challenges. It implements an artificial assembly language, which gets jit-compiled into x64 assembly. An example program looks like this: MOV(A, 10) STR(A, 1) LDR(A, 2) SUM() JMP(2) RET() It supports basic instructions to move, add and subtract, jump and compare values. Two files were given: compiler.c and FancyJIT.java The c file implements the jit-compilation by translating each indiviual instruction into the corresponding x64 assembly instruction and storing everything in an executable buffer.

Detecting Hypervisor-assisted Hooking

I recently started to experiment with hypervisors and their use for bypassing anti-cheat or anti-tampering systems. This post will describe the concept of hypervisor-assisted hooking and a few simple approaches to detect such hooks. What is a hypervisor? In short: A hypervisor allows to run virtual machines with hardware acceleration. The concept of hypervisors in general is a huge topic, but for this post, all that depth doesn’t really matter.

Reverse engineering integrity checks in Black Ops 3

17 November 2022 at 00:00
Call of Duty: Black Ops 3 is protected by a DRM that, among other things, protects the integrity of the game’s code at runtime. Reverse engineering those integrity checks has been a personal goal I had for a long time. In this post I’m going to describe my process of achieving exactly that, so let’s dive in. Disclaimer Just a little disclaimer here. The goal of this post is not to encourage piracy.
❌
❌