Posts

Newest Post: An Uncertain Future

Good evening, my readers. As some of you have already noticed, I am working on a personal project I had created several years ago lately, a space where my original creations would be featured. However, as my old self being was unable to deal with the workload and expectations back then, small progress was made before being put side and focusing on the engine instead. I certainly wonder why I did not give this project the attention it deserved, but well, time is irreversible, so I will have to work with the  bare-bones I had left... At present, I got heavily motivated and finally resumed my project after months of reworking the core parts, so this is going to be the main entry where the latest information will be posted. The main plot will not be the big deal, of course, but I will try making it different from the usual. The project has been divided into parts in order to fasten the release process, as I would be stuck in it for longer otherwise, so relevant content will be shown wh...
0

Einherjar...

"Some things appear to be real, but how are you sure they actually exist?" Words provided by Einherjar. This is a SuperNull character, that is also a Proof-of-Concept, I have worked in collaboration with the author Nomi .  Einherjar uses the CTBOF engine vulnerability, which is not so used due to its ROP limitations, to load her shellcode in M.U.G.E.N 1.00.  Download link can be found either  here  or in Nomi's website. Caution: It may not work on some computers, due to the way the ROP technique works, so beware of that matter. It has been a very while since I have created a character like her, but well, this is all for now.
0

M.U.G.E.N 1.00: Command Trigger - Buffer Overflow Attack

Good afternoon, friends. Hmm, I never thought I would be talking about this vulnerability again, but well, let us go straight to the point. As you can guess, this vulnerability also exists in M.U.G.E.N 1.00, but due to the NX Bit protection being active in the program, shellcodes cannot be directly executed, so it is required to use an exploit technique, known as Return-Oriented Programming , to circumvent said protection. I have recently made an exploit that takes advantage of such vulnerability, but as there are several pointer limitations to build a ROP chain that jumps the engine back to default processing, it is currently limited to SuperNull ~ Reloader characters. (> PoC can be downloaded here <) Note: As this exploit requires ROP chains to execute its shellcode, do not expect it to work on all the computers, so beware of it. Well, that is all for today, have a nice day.