Rakion: Entities and editing cell creatures
Part I: Gamehacking: Rakion, the begining
Parte II: Rakion: Entities and editing cell creatures
A principle in the gamehacking is that if a value changed we can scan the memory, get its address, and modify the value arbitrarily. For example, if player’s health has 64 or 0x100 as max value and receives one of damage, that value will decrease one, allowing us to scan the memory, obtain a group of results, and on that group keep scanning everytime that health value is modified to reduce the result group to a few addresses until getting the health player address with the purpose of modifying that value at our whim.
Of course there are variants, and it isn’t the only way, but it’s a good first step.
Identifying vftables through MS's C++ RTTI
Run-Time Type Information or RTTI, is a mechanism that exposes object types information at runtime, used to do safe typecast, using dynamic_cast<> and to manipulate type information using typeid operator and std::type_info class at runtime.
There are some RTTI data structures, but in this post we will see two of them, almost some fields are importants to know class C++ inherintance relationship, class name, and polymorphism but they probably will be treated in a future post. To clarity, I’d like to mention that MSVC 64-bit compiler has definied _RTTI_RELATIVE_TYPEINFO by default. In addition, Visual Studio has /GR compiler option enabled by default to add run-time type information.
Bluefrost windows exploitation challenge for Ekoparty 2022
This challenge was made by @NicolasEconomou for Ekoparty 2022, and I really enjoyed trying to solve that challenge. The challenge is a vulnerable server allowing us to send it data and control the server buffer size leading to a stack buffer overflow. There are some trivial bugs, but they only are a bait for the real way to exploit it, crafted a stack layout for the iret instruction.
An easy way to reconstruct an ESP32 app image to ELF
Three years ago, in a CTF I found a challenge using ESP32 architecture. In that context the time is key, and this blogpost are my notes about how to quickly reconstrut the ESP32 app image challange to an ELF binary.
Gamehacking: Rakion, the begining
Part I: Gamehacking: Rakion, the begining
Parte II: Rakion: Entities and editing cell creatures
Some words of my past
When I started in reverse engineering I was in high-school in Peru and with my frieds I played DotA and Rakion. One day a dude started to use a cheat (at that time we called it “hack” :P), after asking him many times he told me where he had downloaded it.
At that moment I started in the world reversing, it was very hard to me because I didn’t know anything about programming, reverse engineer, assembly, even how to use google. Furthermore, starting in the gamehacking world is very hard because there is money involved.
In the forum where I downloaded the cheat, one day a guy shared a really good post about what I’m going to name, “My first cheat”. He said it was their research, but then other people denied it, saying it was someone else’s work that he had appropriated. While there was a fight of egos in that forum, for me it was the beginning of my world in reverse engineering.
Several years have passed and I want to technically tell you how I started and what cheats for Rakion I did.