Posts

Newest Post: Personal Restructuring

Good evening, my readers. As some of you have probably noticed, I have not made any new content during these weeks, so let us start talking about only a few primary subjects... Due to some personal affairs I have been dealing with for some years, I will start  prioritizing the latter before it gets too late, which is going to cause the progress of some general stuff I have been working to be greatly slowed (except Eikidankai Project). If everything goes according to the plan, I may resume them before calmly releasing to the public besides providing new information about my personal project, so stay tuned for future updates. Already ongoing works will eventually be released, but additional time may be required to complete them. Well, this is all for now, so have a nice day. Oh yeah, this site could have another theme remodelation, so let us see how things go.

Eikidankai Project: Website Announcement

Hello my fellow readers. While working on some SuperNull exploit add-ons for M.U.G.E.N Engine, I finally decided to focus on a personal project I have been working for several years, but never gave it a higher priority as the former, so here we go: This is my main page where my creations will be featured, including characters, of course. It is still in a beta stage, but decent enough to be shown to the public. New content will be posted in said page as time is on my side, so feel free to leave any feedback in this blog entry. This is all for today, so have a nice day!

WinMUGEN: NomiShell - SuperNull Code Multi-Loader

Good evening, readers.  This is a SuperNull exploit code loader, created by me for the author Nomi , that allows you to execute your character's code multiple times, besides providing a small toolkit to make code creation easier to do. This exploit template uses all the known engine vulnerabilities to execute code, which also allows to circumvent SuperNull characters who usually seal one of them, so you will not have to worry about your main code being blocked. Baka.AI, a character created by Nomi, uses the first version of NomiShell to load her main library. Current Version: V2.02s (> Download Here <) After downloading this exploit template, you will have to read the "ReadMe" text file to implement it in your character properly, before executing the NomiShell code loade r. You will no longer have to worry about everything but your code when using it, as due to the way this exploit has been created, all the stack and control flow order are handled by NomiShell. Well...

WinMUGEN: Seiobake.EX - ModifyScreen Handler Add-on

Good evening, readers.  Time flew so fast even another year is over, but well, this just implies a new beginning, so let us get started with the first blog entry of this year. I have created in collaboration with Nomi , a SuperNull add-on for WinMUGEN, called as ModifyScreen Handler, that allows you to perform angle and scale operations on the engine's screen, which can be useful to create some interesting visual concept on certain characters. These add-ons are a part of a special framework I am currently developing, called as Seiobake Library, which allows to implement new features into the engine. Current Version: V1.00s (> Download Here <) After downloading this engine add-on, you will have to read the "ReadMe" text file to implement it in your character properly, before executing the NomiShell code loader. This engine add-on uses a SuperNull multi-loader exploit to be loaded in the process's memory, which is also intended to circumvent most of Sealer type ch...

M.U.G.E.N - Engine Patch Differences

Hello my fellow readers. You probably noticed new engine patches that combine the functionality of 3v3 and 4v4  simul matches have been released for WinMUGEN and MUGEN 1.xx , but before proceeding to download them, you decide to know what makes these engine patches worth it. Well, you are in the right place to know what improvements my engine patches feature, so let us begin! (> Adjustable Simul Team Limit <) Main feature of my engine patches is the adjustable team limit,  which allow you to create simultaneous  matches with a maximum of 4 characters, so 4v2 or 3v4 matches are now possible in this patch version. (> Corrected Versus Screen <) Versus screen is now capable of showing the characters' potraits, while a maximum of 4 player names can be displayed, depending on the engine version.  (> Position Adjustment <) The other 4 characters will have their position X adjusted to their nearest partners instead of appearing on random locations when a n...

M.U.G.E.N 1.xx: Engine Patches

Oh, hello, readers. I never thought I would end up creating a blog entry for this, as the latter was not even in my plans, but well... I have created these engine patches, which allow you to create simul matches with a maximum of 4 characters instead of 2, while some additional code fixes were implemented in said patches. Engine Version Download Links: (> 1.00 - 4v4/3v3 Simul <)  or  (> 1.1b - EX+ Type <) Warning:  As expected from engine patches, unpredictable results could occur if known exploits are triggered in this program version, so keep it in mind while selecting your characters. I already know engine patches that implement this have already been released, but these patch versions also fixes some primary code defects. Additionally, the 1.1b patch version has been updated to make it compatible with one of the most known add-ons, MUGENHook. ... There is also a  WinMUGEN  patch version in case you need it.

M.U.G.E.N 1.1b: EikiLoader.EX - Postman Reloader

Good evening, readers.  On this occassion, I have created a Reloader template from the EikiLoader.EX program for this engine version, that allows you to load a full version of your character while creating another instance of the process in a similar way to the Postman method. This exploit template uses the STBOF  vulnerability, which we have already talked about previously, to execute its shellcode. (> Download Here <) After downloading this exploit template, you will have to read the "ReadMe" text file to implement it in your character properly, before executing the Reloader shellcode.  You can use this to create your SuperNull/Reloader characters easily without the need of creating complex ROP chains to execute similar code. This is all for now. Have a nice day.

M.U.G.E.N 1.00: ST Filepath - Buffer Overflow Attack

Good evening, friends. It has been a while since I have not talked about engine vulnerabilities, but I think this is the right time to start talking about this new vulnerability. This research was born from Nomi 's ideas about trying to overflow the ST filepath line in WinMUGEN, which motivated me to investigate said insight in M.U.G.E.N 1.00; a nd as expected, it is possible to perform a buffer overflow attack from there by creating a very long filepath string that overwrites the character loader's buffer region including the return address, allowing us to execute our ROP chain. This exploit can be used on both M.U.G.E.N 1.00 and 1.1b, but the main downside is not default-processing reversible, which currently restricts its use to SuperNull:Reloader characters only. (> More information will be added soon <) Note: Due to nature of the ROP exploit technique, do not expect this exploit to work on all the computers, so beware of it. Well, that is all for today, have a nice d...

Einherjar...

  Einherjar: "Certain things appear to be visible, but how are you sure they actually exist?" This is a SuperNull character, that is also a Proof-of-Concept, I have worked in collaboration with the author Nomi .  Einherjar uses the CTBOF engine vulnerability, which is not so used due to its ROP limitations, to load her shellcode in M.U.G.E.N 1.00.  Download link can be found either  here or in Nomi's website Caution: It may not work on some computers, due to the way the ROP technique works, so beware of that matter. It has been a very while since I have created a character like her, but well, this is all for now.

M.U.G.E.N 1.00: Command Trigger - Buffer Overflow Attack

Good afternoon, friends. Hmm, I never thought I would be talking about this vulnerability again, but well, let us go straight to the point. As you can guess, this vulnerability also exists in M.U.G.E.N 1.00, but due to the NX Bit protection being active in the program, shellcodes cannot be directly executed, so it is required to use an exploit technique, known as Return-Oriented Programming , to circumvent said protection. I have recently made an exploit that takes advantage of such vulnerability, but as there are several pointer limitations to build a ROP chain that jumps the engine back to default processing, it is currently limited to SuperNull ~ Reloader characters. (> PoC can be downloaded here <) Note: As this exploit requires ROP chains to execute its shellcode, do not expect it to work on all the computers, so beware of it. Well, that is all for today, have a nice day.