RESEARCH

read here if you don't know how to use my stuff and tips for their recompiling

Gslist 0.8.11a (gslist)

Gslist is a game servers browser supporting an incredible amount of games (over 4000) for many different platforms like PC, Wii, Playstation and more.

it can work in both command-line and an experimental web GUI mode, for this reason it's mainly designed for server admins, websites, advanced gamers and testers.

in short a game server browser is a tool that retrieves the full list of servers (IP and port) of a specific game like Battlefield, Crysis, Unreal and so on.



features:

tons of games supported and for various platforms: PC, Xbox360, Mac, Playstation 2, Playstation 3, PSP, Nintendo DS, Nintendo Wii, Dreamcast, iPhone and more "experimental" web GUI: Gslist can be easily used through a web browser like any "classical" server browser but with the difference of being more simple to use and (optionally) supporting multiple users can execute a program for each server of the list filters for selecting only the servers with specific features like country, minimum/maximum number of players, maps, mods, type of game and so on its list of supported games can be upgraded automatically (-u) or generate the database manually (-m/M) can retrieve all the Gamespy Peerchat rooms "#GPG!" of a specific game (-R) which can be used with my GS peerchat IRC proxy supports many options for redirecting and formatting its output so it can be used as back-end for any program or service supports different types of queries for retrieving information from the servers and with -X is possible to receive these information directly from the master server without sending additional packets optimized for speed and resources experimental SQL option for dumping all the servers information in a SQL database can send hearbeats for adding the own IP in the servers list various other commands, options and customizations

screenshots: Command-line: servers, options Web GUI: servers, servers, servers, configuration, search, filter, combo

video: gslist_intro

read the text file inside the package for detailed information.

note: you need zlib, GeoIP and the mysql libraries to compile it on Linux: apt-get install zlib1g zlib1g-dev libgeoip1 libgeoip-dev libmysqlclient15-dev.





Gslist is a game servers browser supporting an incredible amount of games (over 4000) for many different platforms like PC, Wii, Playstation and more. it can work in both command-line and an experimental web GUI mode, for this reason it's mainly designed for server admins, websites, advanced gamers and testers. in short a game server browser is a tool that retrieves the full list of servers (IP and port) of a specific game like Battlefield, Crysis, Unreal and so on. features: screenshots: video: read the text file inside the package for detailed information. note: you need zlib, GeoIP and the mysql libraries to compile it on Linux: apt-get install zlib1g zlib1g-dev libgeoip1 libgeoip-dev libmysqlclient15-dev. Miscellaneous configuration files (NOT necessary for Gslist):

gslist.cfg, gshkeys.txt, full.cfg, detection.cfg, gsfilters.htm (useful)



note that all the entries in gslist.cfg come from Gamespy so I have no control over them.

some entries (starting from about 2009) are listed but don't exist on the master server because these names are used by Gamespy probably for other things, like the case of battlefieldbadco2.





COGS Gamearena IRC proxy 0.2.2a (cogs_irc)

this tool acts as a proxy server that lets to use any IRC client to join the COGS chat on thearena-chat.gamearena.com.au:4445.

note: if a channel requires a key, try with cogs , example: /join #quake4demo cogs

read the text file inside.





this tool acts as a proxy server that lets to use any IRC client to join the COGS chat on thearena-chat.gamearena.com.au:4445. note: if a channel requires a key, try with , example: /join #quake4demo cogs read the text file inside. COGS Gamearena IRC challenge algorithm 0.1 (cogs_irc_chall)

this function is able to generate the needed CRYP response to send back to the COGS IRC server.





this function is able to generate the needed CRYP response to send back to the COGS IRC server. COGS Gamearena challenge algorithm 0.1.2 (cogs_chall)

the algorithm for the calculation of the challenge response to send to the COGS server.





Half-life DLL decrypter and rebuilder 0.2 (hldlldec)

a decrypter and PE rebuilder for the Half-life encrypted DLLs like sw.dll, hw.dll and some client.dll (like that one of tfc16).

note that although the generated dll is correct seems to exist some checks in it or something similar which avoid the usage of the decrypted dll instead of the encrypted one, for example the game will load correctly but will crash at the multiplayer menu.

so the main purpose is to analyze the clear dll.





a decrypter and PE rebuilder for the Half-life encrypted DLLs like sw.dll, hw.dll and some client.dll (like that one of tfc16). note that although the generated dll is correct seems to exist some checks in it or something similar which avoid the usage of the decrypted dll instead of the encrypted one, for example the game will load correctly but will crash at the multiplayer menu. so the main purpose is to analyze the clear dll. Half-Life packets decoder sniffer 0.1.3 (hldec)

tool (for both Win and Linux) for sniffing and decode the Half-Life packets on the fly. (Needs Winpcap on Windows) (note: Steam versions of the game now seems to use different methods or also compression).

and the original disassembled encoding algorithm.





tool (for both Win and Linux) for sniffing and decode the Half-Life packets on the fly. (Needs Winpcap on Windows) (note: Steam versions of the game now seems to use different methods or also compression). and the original disassembled encoding algorithm. Half-Life packets encoding function 0.1.2 (hlenc)

function for encoding the Half-Life packets (note: Steam versions of the game now seems to use different methods or also compression).





function for encoding the Half-Life packets (note: Steam versions of the game now seems to use different methods or also compression). Half-Life packets decoding function 0.1.2 (hldec)

function for decoding the for Half-Life packets (note: Steam versions of the game now seems to use different methods or also compression).

and the original disassembled decoding algorithm.





function for decoding the for Half-Life packets (note: Steam versions of the game now seems to use different methods or also compression). and the original disassembled decoding algorithm. HLkeycheck 0.1 (hlkeycheck)

this little tool simply lets you to know if a Half-Life CD-Key is locally valid (offline) or not.

and this is the small piece of algorithm that does the check.





Halo proxy data decrypter 0.1.2 (haloproxy)

proxy server that sits between a client and a server and decrypts all the exchanged packets in real-time.

the plain-text data in the Halo packets is stored in bitstream format but this tool decrypts only the packets (it's a decrypter, not a parser) and the main bitstream block, you must get the rest of the data manually.





proxy server that sits between a client and a server and decrypts all the exchanged packets in real-time. the plain-text data in the Halo packets is stored in bitstream format but this tool decrypts only the packets (it's a decrypter, not a parser) and the main bitstream block, you must get the rest of the data manually. Halo packets decryption/encryption algorithm and keys builder 0.1.3 (halo_pck_algo)

the asymmetric encryption algorithm used by the game Halo.

this is a set of functions for handling the packets of this game (TEA algorithm), the keys needed to decrypt and encrypt them and the CRC at the end of each packet.





the asymmetric encryption algorithm used by the game Halo. this is a set of functions for handling the packets of this game (TEA algorithm), the keys needed to decrypt and encrypt them and the CRC at the end of each packet. Halo PC music extractor and concatenator 0.2 (halomus)

a simple tool for the fans of the music of the game Halo.

it extracts all the pieces of music files from sounds.map and concatenate them. The output folder will contain about 60 megabytes of music.





Battlefield 2/2142 cdkey to PunkBuster GUID 0.1.1 (bf2guid)

quick tool for calculating the PB GUID from any cdkey of these two games and others like Crysis and so on.

for the other games is possible to use my Cdkey to Punkbuster GUID tester tool which is a testing tool for guessing the needed seeds and testing various combinations of seeds.





quick tool for calculating the PB GUID from any cdkey of these two games and others like Crysis and so on. for the other games is possible to use my Cdkey to Punkbuster GUID tester tool which is a testing tool for guessing the needed seeds and testing various combinations of seeds. PunkBuster messenger 0.1 (pbmsgs)

Note that EvenBalance has removed or limited such feature in almost all the games, so is still possible to send some types of messages but not multiple messages at too short intervals from outside, read the updates of this advisory for info about the flooding performed in-game.

tool for sending anonymous external messages to any server which uses PunkBuster like America's Army, the Battlefield series, the Call of Duty series, DOOM 3, Enemy Territory and QUAKE Wars, the F.E.A.R. series, Medal of Honor: Airborne, Prey, Quake III Arena, Quake 4, the Rainbow Six series, Return to Castle Wolfenstein, Soldier of Fortune II and many others.





tool for sending anonymous external messages to any server which uses PunkBuster like America's Army, the Battlefield series, the Call of Duty series, DOOM 3, Enemy Territory and QUAKE Wars, the F.E.A.R. series, Medal of Honor: Airborne, Prey, Quake III Arena, Quake 4, the Rainbow Six series, Return to Castle Wolfenstein, Soldier of Fortune II and many others. Punkbuster master server file downloader 0.1.1 (pbmsdown)

a not so useful tool for downloading pbpat.1, pbsec.cl, pbsec.sv, pbq.4, pbq.5, htm\* and possibly other files for the games which use PunkBuster.





a not so useful tool for downloading pbpat.1, pbsec.cl, pbsec.sv, pbq.4, pbq.5, htm\* and possibly other files for the games which use PunkBuster. PunkBuster online GUID checker 0.1.17 (pbguidcheck)

this tool verifies if a specific game GUID or list of GUIDs has been banned by PunkBuster.

the list of GUIDs can be a classical sequence of GUIDs "one per line" or the html or txt/pbbans.dat version of the PunkBusted Master Ban Lists (the one selectable via Download).

the result of the checks can be dumped in a file through the classical command-line redirection (> dump.txt).





Speed Challenge proxy data decrypter 0.1 (scproxy)

proxy server that decrypts any data exchanged between client and server.

launch the server, launch this proxy tool specifying the IP and port of the server and another port to which you must connect your client and all the packets which will pass through it will be decrypted and displayed in real-time.

example: scproxy 127.0.0.1 19800 1234





proxy server that decrypts any data exchanged between client and server. launch the server, launch this proxy tool specifying the IP and port of the server and another port to which you must connect your client and all the packets which will pass through it will be decrypted and displayed in real-time. example: scproxy 127.0.0.1 19800 1234 Speed Challenge network data checksum 0.1 (speed_challenge_net_cksum)

the checksum algorithm used for calculating the big-endian 16 bits number at the beginning of each network data block.





the checksum algorithm used for calculating the big-endian 16 bits number at the beginning of each network data block. Speed Challenge files decoder 0.1 (scfdec)

decodes the files of the game like material.cfg and others.

these decoded files can be modified and used without the need of reencoding them because the game can read them.





decodes the files of the game like material.cfg and others. these decoded files can be modified and used without the need of reencoding them because the game can read them. Speed Challenge network encryption/decryption algorithm 0.2 (speed_challenge_net)

this is the complete algorithm for the decryption and the encryption of the network data exchanged by this nice game.

the algorithm seems called also CSimpleCrypt, but I have found no information about it or if it is used in other games.





steamuserip 0.1a (steamuserip)

proof-of-concept that uses the P2P networking API to get the LAN and Internet IP addresses of any user when playing some games on Steam.

very good results with DOTA2: steamuserip 570 7656119**********.

additional information are available in the relative thread on the forum.





proof-of-concept that uses the P2P networking API to get the LAN and Internet IP addresses of any user when playing some games on Steam. very good results with DOTA2: steamuserip 570 7656119**********. additional information are available in the relative thread on the forum. steamlobbylist 0.1a (steamlobbylist)

retrieves all the remote lobbies of a game, or all your installed games or a range of games defined by their appID.





retrieves all the remote lobbies of a game, or all your installed games or a range of games defined by their appID. steamfilelist 0.1a (steamfilelist)

lists and optionally downloads all the files located on the remoteStorage of a game, or all your installed games or a range of games defined by their appID.





lists and optionally downloads all the files located on the remoteStorage of a game, or all your installed games or a range of games defined by their appID. Steamlist 0.1a (steamlist)

simple servers browser that contacts the Steam master server.

it supports also the option for executing specific commands or programs for each IP.

please note that this is an old tool.





Xbox ADPCM plugin 0.1.3 (in_xbadpcm)

Winamp plugin for playing the audio compressed with the Xbox ADPCM codec.

supports the wave files with both tag 0x0069 and 0x0011 (used for ima adpcm which "seems" close to xbox adpcm) and XWB/WBA/XSD/XSH archives which are seen as an unique audio file and with the automatic skipping of WMA and PCM audio.





Winamp plugin for playing the audio compressed with the Xbox ADPCM codec. supports the wave files with both tag 0x0069 and 0x0011 (used for ima adpcm which "seems" close to xbox adpcm) and XWB/WBA/XSD/XSH archives which are seen as an unique audio file and with the automatic skipping of WMA and PCM audio. Xbox ADPCM decoder and player 0.2.3a (xbadpdec)

versatile tool for creating WAV files from any audio file (WAV, raw and within raw files through some offset and size options) which uses the Xbox ADPCM codec.

it has also other interesting options which can be used to play the files on any system without codecs (stdin/stdout pipes) or adding a wave header to raw data for listening the file with the Xbox adpcm codec and more.

as the title suggests, this tool is also an audio player for the supported files encoded with the Xbox ADPCM codec.





versatile tool for creating WAV files from any audio file (WAV, raw and within raw files through some offset and size options) which uses the Xbox ADPCM codec. it has also other interesting options which can be used to play the files on any system without codecs (stdin/stdout pipes) or adding a wave header to raw data for listening the file with the Xbox adpcm codec and more. as the title suggests, this tool is also an audio player for the supported files encoded with the Xbox ADPCM codec. TXboxAdpcmDecoder C 0.1.3 (uXboxAdpcmDecoder)

deeply optimized C port of the TXboxAdpcmDecoder Delphi class written by Benjamin Haisch for decompressing the Xbox ADPCM audio.

support both file-to-file and buffer-to-buffer decompression.





deeply optimized C port of the TXboxAdpcmDecoder Delphi class written by Benjamin Haisch for decompressing the Xbox ADPCM audio. support both file-to-file and buffer-to-buffer decompression. XWB/ZWB files unpacker 0.3.6 (unxwb)

great tool for extracting the data contained in the Xbox files with the XWB, ZWB and WBA extensions and any other file which contains the XWB archives.

it works from both GUI (double-click on unxwb.exe) or command-line where supports various options.

it automatically recognizes the codec, frequency and channels of the audio files and adds the needed headers and extensions for trying to make them ready to play with any player.

the tool has also many options for the visualization of the files in the XWB archives, for the direct conversion of the files (executes a program for each one of them), direct stdout output and many debugging options.

it also support both little and big endian archives.

in case of problems playing the output files try with VLC or MPlayer.

the XMA files can be decoded with xmaencode: xmaencode.exe /X output.wav input_xma.wav





DemonWare query*info packets 0.1 (dw_pck)

Set of functions for sending querysessioninfo and queryserverinfo 0xfffdfdff packets to Call of Duty Modern Warfare 3 (codmw3) servers.





Set of functions for sending querysessioninfo and queryserverinfo 0xfffdfdff packets to Call of Duty Modern Warfare 3 (codmw3) servers. DemonWare bdcrypto bdTicket decryption 0.1a (dwbdcrypto)

some info and a practical demonstration of the bdCrypto mechanism used in the DemonWare SDK.

the implementation about I refer is the one of Call of Duty World at War where is used an additional field called bdTicket which is encrypted and contains info about the license type, ID and user ID of the client.

note that this research is not complete.





some info and a practical demonstration of the bdCrypto mechanism used in the DemonWare SDK. the implementation about I refer is the one of Call of Duty World at War where is used an additional field called bdTicket which is encrypted and contains info about the license type, ID and user ID of the client. note that this research is not complete. DemonWare auth network decrypter 0.1 (dwcryptonet)

a testing tool I wrote in the 2009 and was linked only on my forum.

although my research about the Demonware authentication/master server is not complete (and I highly doubt to continue due to the lack of interest) I guess I can link here a tool I wrote to "start" to analyze this data.

it's totally useless for the people but it's a good start for understanding a bit about the protocol and the types of encryptions to expect to find.

quick usage: dump the content of ALL the connections made to port 3074 of the demonware master server in one raw file and then launch the tool specifiying it and the own "secretsauce".

if you don't know the secretsauce just use your nickname and the bracketsless cdkey (it will calculate it, it's just the XORing of these two parameters).

if the game doen'st use a secretsauce (like Enemy Territory Quake Wars demo) just put a zero or ""





Various research stuff for various software: algorithms, protocols, formats, documentation and more.now it has its own homepage this section collects all those small information (useful or totally useless) which don't lead to projects but can be interesting for some people for curiosity or need.