Posts

Newest Post: VoidShell Library: Destiny Notes

Good afternoon, readers. Oh yeah, this is going to be the first blog entry of 2026, so let us begin by talking about the VoidShell library's future. As many of you can guess, this library initially started as an ASM x86 program inside a ST file, which was loaded by the engine through a SuperNull exploit (The StateDef Overflow engine vulnerability was used as main vector back then), and despite you could expect, it was simpler than the current version. "Eikidankai" was the first name given to said library and early build versions were used on a few known characters (such as x00x00x or Void.Schmelze) to withstand most SuperNull enemies from the past decade. However, there was no real defense behind it, as it just seals most of the engine vulnerabilities while hooking some primary functions, causing their exploits to be effectively blocked but also rendering them unstable. They were eventually left as PoC characters while the Eikidankai program had to be reworked from scrat...
0

M.U.G.E.N 1.xx: Engine Patches

Oh, hello, readers. I never thought I would end up creating a blog entry for this, as the latter was not even in my plans, but well... I have created these engine patches, which allow you to create simul matches with a maximum of 4 characters instead of 2, while some additional code fixes were implemented in said patches. Engine Version Download Links: (> 1.00 - 4v4/3v3 Simul <)  or  (> 1.1b - EX+ Type <) Warning:  As expected from engine patches, unpredictable results could occur if known exploits are triggered in this program version, so keep it in mind while selecting your characters. I already know engine patches that implement this have already been released, but these patch versions also fixes some primary code defects. Additionally, the 1.1b patch version has been updated to make it compatible with one of the most known add-ons, MUGENHook. ... There is also a  WinMUGEN  patch version in case you need it.

M.U.G.E.N 1.1b: EikiLoader.EX - Postman Reloader

Good evening, readers.  On this occassion, I have created a Reloader template from the EikiLoader.EX program for this engine version, that allows you to load a full version of your character while creating another instance of the process in a similar way to the Postman method. This exploit template uses the STBOF  vulnerability, which we have already talked about previously, to execute its shellcode. (> Download Here <) After downloading this exploit template, you will have to read the "ReadMe" text file to implement it in your character properly, before executing the Reloader shellcode.  You can use this to create your SuperNull/Reloader characters easily without the need of creating complex ROP chains to execute similar code. This is all for now. Have a nice day.

M.U.G.E.N 1.00: ST Filepath - Buffer Overflow Attack

Good evening, friends. It has been a while since I have not talked about engine vulnerabilities, but I think this is the right time to start talking about this new vulnerability. This research was born from Nomi 's ideas about trying to overflow the ST filepath line in WinMUGEN, which motivated me to investigate said insight in M.U.G.E.N 1.00; a nd as expected, it is possible to perform a buffer overflow attack from there by creating a very long filepath string that overwrites the character loader's buffer region including the return address, allowing us to execute our ROP chain. This exploit can be used on both M.U.G.E.N 1.00 and 1.1b, but the main downside is not default-processing reversible, which currently restricts its use to SuperNull:Reloader characters only. (> Full information about this engine vulnerability can be found here . <) Note: Due to nature of the ROP exploit technique, do not expect this exploit to work on all the computers, so beware of it. Well, tha...