WinMUGEN: NomiShell - SuperNull Code Multi-Loader

Good evening, readers. 

This is a SuperNull exploit code loader, created by me for the author Nomi, that allows you to execute your character's code multiple times, besides providing a small toolkit to make code creation easier to do.

This exploit template uses all the known engine vulnerabilities to execute code, which also allows to circumvent SuperNull characters who usually seal one of them, so you will not have to worry about your main code being blocked.

Baka.AI, a character created by Nomi, uses the first version of NomiShell to load her main library.

Current Version: V2.02s
(> Download Here <)
After downloading this exploit template, you will have to read the "ReadMe" text file to implement it in your character properly, before executing the NomiShell code loader.

You will no longer have to worry about everything but your code when using it, as due to the way this exploit has been created, all the stack and control flow order are handled by NomiShell.

Well, I guess that is all for now, so have a nice day!

WinMUGEN: Seiobake.EX - ModifyScreen Handler Add-on

Good evening, readers. 

Time flew so fast even another year is over, but well, this just implies a new beginning, so let us get started with the first blog entry of this year.

I have created in collaboration with Nomi, a SuperNull add-on for WinMUGEN, called as ModifyScreen Handler, that allows you to perform angle and scale operations on the engine's screen, which can be useful to create some interesting visual concept on certain characters.

These add-ons are a part of a special framework I am currently developing, called as Seiobake Library, which allows to implement new features into the engine.

Current Version: V1.00s
(> Download Here <)

After downloading this engine add-on, you will have to read the "ReadMe" text file to implement it in your character properly, before executing the NomiShell code loader.

This engine add-on uses a SuperNull multi-loader exploit to be loaded in the process's memory, which is also intended to circumvent most of Sealer type characters, as this is a general purpose module.

I guess this is all for now, so stay tuned for more updates, have a nice day!

  

M.U.G.E.N - Engine Patch Differences

Hello my fellow readers.

You probably noticed new engine patches that combine the functionality of 3v3 and 4v4 simul matches have been released for WinMUGEN and MUGEN 1.xx, but before proceeding to download them, you decide to know what makes these engine patches worth it.

Well, you are in the right place to know what improvements my engine patches feature, so let us begin!

(> Adjustable Simul Team Limit <)

Main feature of my engine patches is the adjustable team limit, which allow you to create simultaneous matches with a maximum of 4 characters, so 4v2 or 3v4 matches are now possible in this patch version.

(> Corrected Versus Screen <)

Versus screen is now capable of showing the characters' potraits, while a maximum of 4 player names can be displayed, depending on the engine version. 

(> Position Adjustment <)

The other 4 characters will have their position X adjusted to their nearest partners instead of appearing on random locations when a non 2v2 simul match is selected. 

(> Reworked AI Control Handling <)

The AI Assignment procedure for simultaneous teams has been reworked in order to allow the player to control a single character while the rest of them are now AI-controlled.

(> Miscellaneous <)

Additional code optimization and bug fixes had to be performed to improve the game experience for some engine patch versions.

4GB Extension is already implemented in these patches.

If you happen to detect any unseen bug while using these engine patches, do not hesitate to let me know it!

Well, this is all for today, so I hope you have found this blog entry interesting to read.

Have a nice day!

M.U.G.E.N 1.xx: Engine Patches

Oh, hello, readers.

I never thought I would end up creating a blog entry for this, as the latter was not even in my plans, but well... I have created these engine patches, which allow you to create simul matches with a maximum of 4 characters instead of 2, while some additional code fixes were implemented in said patches.

Engine Version Download Links:

(> 1.00 - 4v4/3v3 Simul <) or (> 1.1b - EX+ Type <)

Warning: 

As expected from engine patches, unpredictable results could occur if known exploits are triggered in this program version, so keep it in mind while selecting your characters.

I already know engine patches that implement this have already been released, but these patch versions also fixes some primary code defects.

Additionally, the 1.1b patch version has been updated to make it compatible with one of the most known add-ons, MUGENHook.

...

Are you looking for the WinMUGEN patch version? Click here then.

M.U.G.E.N 1.1b: EikiLoader.EX - Postman Reloader

Good evening, readers. 

On this occassion, I have created a Reloader template from the EikiLoader.EX program for this engine version, that allows you to load a full version of your character while creating another instance of the process in a similar way to the Postman method.

This exploit template uses the STBOF vulnerability, which we have already talked about previously, to execute its shellcode.

(> Download Here <)

After downloading this exploit template, you will have to read the "ReadMe" text file to implement it in your character properly, before executing the Reloader shellcode. 

You can use this to create your SuperNull/Reloader characters easily without the need of creating complex ROP chains to execute similar code.

This is all for now. Have a nice day.

M.U.G.E.N 1.00: ST Filepath - Buffer Overflow Attack

Good evening, friends.
It has been a while since I have not talked about engine vulnerabilities, but I think this is the right time to start talking about this new vulnerability.

This research was born from Nomi's ideas about trying to overflow the ST filepath line in WinMUGEN, which motivated me to investigate said insight in M.U.G.E.N 1.00; and as expected, it is possible to perform a buffer overflow attack from there by creating a very long filepath string that overwrites the character loader's buffer region including the return address, allowing us to execute our ROP chain.

This exploit can be used on both M.U.G.E.N 1.00 and 1.1b, but the main downside is not default-processing reversible, which currently restricts its use to SuperNull:Reloader characters only.

(> More information will be added soon <)

Note:

Due to nature of the ROP exploit technique, do not expect this exploit to work on all the computers, so beware of it.

Well, that is all for today, have a nice day.

Einherjar...

 Einherjar:
"Certain things appear to be visible, but how are you sure they actually exist?"

This is a SuperNull character, that is also a Proof-of-Concept, I have worked in collaboration with the author Nomi. 
Einherjar uses the CTBOF engine vulnerability, which is not so used due to its ROP limitations, to load her shellcode in M.U.G.E.N 1.00. 

Download link can be found either here or in Nomi's website

Caution:
It may not work on some computers, due to the way the ROP technique works, so beware of that matter.

It has been a very while since I have created a character like her, but well, this is all for now.

M.U.G.E.N 1.00: Command Trigger - Buffer Overflow Attack

Good afternoon, friends.
Hmm, I never thought I would be talking about this vulnerability again, but well, let us go straight to the point.

As you can guess, this vulnerability also exists in M.U.G.E.N 1.00, but due to the NX Bit protection being active in the program, shellcodes cannot be directly executed, so it is required to use an exploit technique, known as Return-Oriented Programming, to circumvent said protection.

I have recently made an exploit that takes advantage of such vulnerability, but as there are several pointer limitations to build a ROP chain that jumps the engine back to default processing, it is currently limited to SuperNull ~ Reloader characters.

(> PoC can be downloaded here <)

Note:

As this exploit requires ROP chains to execute its shellcode, do not expect it to work on all the computers, so beware of it.

Well, that is all for today, have a nice day.

WinMUGEN: EX Engine Patch

Hello, friends.

For this occassion, I have created my engine patch for WinMUGEN, which allows you to create simul matches with a maximum of 4 characters instead of 2, while several code fixes were made to improve the game experience.

Download Here:

(> Version 1.04S <)

Warning: 

As expected from engine patches, unpredictable results could occur if known exploits are triggered in this program version, so keep it in mind while selecting your characters.

...

Are you looking for the 1.00/1.1b patch versions? Click here then.

M.U.G.E.N Cheap Wiki

 Do you want to know how an engine exploit works in detail? Do you want to know more details about a character you like? Do you want to add your research into some articles? 

If that is the case, we have this page for you to check out: 

All the articles about characters, authors, and exploits can be found in this Wikia page, so you can get an idea about how they work in detail!

Main articles have already been covered, but new content is yet to be created.