Posts

Newest Post: An Uncertain Future

Good evening, my readers. As some of you have already noticed, I am working on a personal project I had created several years ago lately, a space where my original creations would be featured. However, as my old self being was unable to deal with the workload and expectations back then, small progress was made before being put side and focusing on the engine instead. I certainly wonder why I did not give this project the attention it deserved, but well, time is irreversible, so I will have to work with the  bare-bones I had left... At present, I got heavily motivated and finally resumed my project after months of reworking the core parts, so this is going to be the main entry where the latest information will be posted. The main plot will not be the big deal, of course, but I will try making it different from the usual. The project has been divided into parts in order to fasten the release process, as I would be stuck in it for longer otherwise, so relevant content will be shown wh...
6

M.U.G.E.N Engine Researches: State Filepath Overflow

Good evening, readers.  It has been a while since the last blog entry was created, but well, life things. For this occassion, we are going to talk about the latest vulnerability discovered in M.U.G.E.N Engine, which has been used by SuperNull characters like " On The Verge of Death " or " Qvorda ",  so let's begin. State Filepath Overflow, also known as " STBOF " or " ST.Path ", is an engine vulnerability that allows for arbitrary code execution during character selection, making it a good alternative to use for SuperNull characters. The discovery of this vulnerability was born out of Nomi 's ideas about trying to overflow the ST Filepath textline in WinMUGEN, which was impossible to perform, as only 255 bytes can be used per text string. However, it could  feasibly be used on the 1.xx engine versions due to their increased textline size limit(4095 bytes), so I decided to investigate it further. "St" is the entry filepath the en...
0

WinMUGEN: Seiobake.EX - ModifyScreen Handler Add-on

Good evening, readers.  Time flew so fast even another year is over, but well, this just implies a new beginning, so let us get started with the first blog entry of this year. I have created in collaboration with Nomi , a SuperNull add-on for WinMUGEN, called as ModifyScreen Handler, that allows you to perform angle and scale operations on the engine's screen, which can be useful to create some interesting visual concept on certain characters. These add-ons are a part of a special framework I am currently developing, called as Seiobake Library, which allows to implement new features into the engine. Current Version: V1.01s (> Download Here <) After downloading this engine add-on, you will have to read the "ReadMe" text file to implement it in your character properly, before executing the NomiShell code loader. This engine add-on uses a SuperNull multi-loader exploit to be loaded in the process's memory, which is also intended to circumvent most of Sealer type ch...

M.U.G.E.N 1.00: ST Filepath - Buffer Overflow Attack

Good evening, friends. It has been a while since I have not talked about engine vulnerabilities, but I think this is the right time to start talking about this new vulnerability. This research was born from Nomi 's ideas about trying to overflow the ST filepath line in WinMUGEN, which motivated me to investigate said insight in M.U.G.E.N 1.00; a nd as expected, it is possible to perform a buffer overflow attack from there by creating a very long filepath string that overwrites the character loader's buffer region including the return address, allowing us to execute our ROP chain. This exploit can be used on both M.U.G.E.N 1.00 and 1.1b, but the main downside is not default-processing reversible, which currently restricts its use to SuperNull:Reloader characters only. (> Full information about this engine vulnerability can be found here . <) Note: Due to nature of the ROP exploit technique, do not expect this exploit to work on all the computers, so beware of it. Well, tha...

Einherjar...

"Some things appear to be real, but how are you sure they actually exist?" Words provided by Einherjar. This is a SuperNull character, that is also a Proof-of-Concept, I have worked in collaboration with the author Nomi .  Einherjar uses the CTBOF engine vulnerability, which is not so used due to its ROP limitations, to load her shellcode in M.U.G.E.N 1.00.  Download link can be found either  here  or in Nomi's website. Caution: It may not work on some computers, due to the way the ROP technique works, so beware of that matter. It has been a very while since I have created a character like her, but well, this is all for now.
0

M.U.G.E.N 1.00: Command Trigger - Buffer Overflow Attack

Good afternoon, friends. Hmm, I never thought I would be talking about this vulnerability again, but well, let us go straight to the point. As you can guess, this vulnerability also exists in M.U.G.E.N 1.00, but due to the NX Bit protection being active in the program, shellcodes cannot be directly executed, so it is required to use an exploit technique, known as Return-Oriented Programming , to circumvent said protection. I have recently made an exploit that takes advantage of such vulnerability, but as there are several pointer limitations to build a ROP chain that jumps the engine back to default processing, it is currently limited to SuperNull ~ Reloader characters. (> PoC can be downloaded here <) Note: As this exploit requires ROP chains to execute its shellcode, do not expect it to work on all the computers, so beware of it. Well, that is all for today, have a nice day.

Eikidankai EX

  Title is self explanatory, so let us go straight to the point. I have been programming in these days, an omed build for Eikidankai characters(stylish ones), capable of beating ZIP characters. I have thought about this concept some months ago, but packaging code stuff prevented me from progressing with it, until friends told me about a certain program to pack content into a single executable file... That was how a new Omed concept was born: Eikidankai EX There is no difference between the full Eikidankai build and the EX version but the way they are loaded in program data, as the latter is linked to the program, so it is instantly loaded when opening M.U.G.E.N. Eso Brad, as the first Eikidankai EX character I have made, will be released to the public after dealing with the last details. That is all for now, stay tuned for new content. Have a nice day. 
0

WinMUGEN Exploits: Command Trigger Buffer Overflow

Good evening, my friends. Well, today we are going to talk about a new exploit, found in WinMUGEN. Information provided by ydccdy, a Chinese MUGEN author, has revealed the existence of an exploit found in the CMD processor,  the command expressions to be exact. , whose main function is to trigger determined actions from the commands written in StateDef -1. After having taken a look at the exploit, I have noticed the command name length is fixed to 64 bytes, giving the chance to execute arbitrary code from a CMD expression by surpassing this length, basically a buffer overflow. What M.U.G.E.N authors put in their state controllers to make use of the commands, either it can be used to execute arbitrary code, for example, these 2 pictures: Command = "Insert all your shellcode here, it is less versatile, but well. 1234" Note: The 1234 characters are used as a return address for the exploit. I have made this character after spending a few hours to pr...
0