commit e96483ca482c7b552c8059478083ef9224b47945 Author: ALittlePatate Date: Sun Apr 21 16:34:29 2024 +0200 initial commit of the files diff --git a/css/styles.css b/css/styles.css new file mode 100644 index 0000000..9b2c969 --- /dev/null +++ b/css/styles.css @@ -0,0 +1,79 @@ +#spike { + float: left; + border-style:solid; + border-color:rgba(18,24,217,0.6); + width: 8.1%; + height: auto; + max-width: 100%; + object-fit: cover; +} + +/* unvisited link */ +a:link { + color: #686bff; +} + +/* visited link */ +a:visited { + color: #686bff; +} + +/* mouse over link */ +a:hover { + color: #5660f1; +} + +/* selected link */ +a:active { + color: #686bff; +} + +.header { + width: auto; + height: auto; + overflow:auto; + background-color: rgba(18,24,217,0.6); + top: 0; + left:0px; + right:0px; +} + +.menu { + font-weight: bold; + float: left; + margin-top: 5.2%; + margin-left: 0.5%; +} + +body { + background: url(../images/bg.gif) repeat 0 0; + color: white; +} + +p { + font-size: large; + margin-left: 3px; + margin-bottom: -5px; +} + +a { + overflow: hidden; +} + +#foot { + top: 10%; + position: relative; + display: block; + margin: 0 auto; +} + +.article { + font-weight: bold; + font-size: large; +} + +.center_image { + display: block; + margin-left: auto; + margin-right: auto; +} \ No newline at end of file diff --git a/images/bg.gif b/images/bg.gif new file mode 100644 index 0000000..b7f51a5 Binary files /dev/null and b/images/bg.gif differ diff --git a/images/footer/gnu_linux.png b/images/footer/gnu_linux.png new file mode 100644 index 0000000..89e3562 Binary files /dev/null and b/images/footer/gnu_linux.png differ diff --git a/images/footer/internet-privacy.gif b/images/footer/internet-privacy.gif new file mode 100644 index 0000000..4f371b8 Binary files /dev/null and b/images/footer/internet-privacy.gif differ diff --git a/images/footer/tor.gif b/images/footer/tor.gif new file mode 100644 index 0000000..46487a9 Binary files /dev/null and b/images/footer/tor.gif differ diff --git a/images/insecure_mode_bypass/Host_IsSecureServerAllowed.png b/images/insecure_mode_bypass/Host_IsSecureServerAllowed.png new file mode 100644 index 0000000..fb669fc Binary files /dev/null and b/images/insecure_mode_bypass/Host_IsSecureServerAllowed.png differ diff --git a/images/insecure_mode_bypass/Host_IsSecureServerAllowed_IDA.png b/images/insecure_mode_bypass/Host_IsSecureServerAllowed_IDA.png new file mode 100644 index 0000000..0dfad19 Binary files /dev/null and b/images/insecure_mode_bypass/Host_IsSecureServerAllowed_IDA.png differ diff --git a/images/insecure_mode_bypass/hooking_Host_IsSecureServerAllowed.png b/images/insecure_mode_bypass/hooking_Host_IsSecureServerAllowed.png new file mode 100644 index 0000000..f4557d9 Binary files /dev/null and b/images/insecure_mode_bypass/hooking_Host_IsSecureServerAllowed.png differ diff --git a/images/insecure_mode_bypass/vac_insecure_error.png b/images/insecure_mode_bypass/vac_insecure_error.png new file mode 100644 index 0000000..f2aacc0 Binary files /dev/null and b/images/insecure_mode_bypass/vac_insecure_error.png differ diff --git a/images/reversing_vac_winapi_hooks/VirtualProtectHook.PNG b/images/reversing_vac_winapi_hooks/VirtualProtectHook.PNG new file mode 100644 index 0000000..fdd6e8c Binary files /dev/null and b/images/reversing_vac_winapi_hooks/VirtualProtectHook.PNG differ diff --git a/images/reversing_vac_winapi_hooks/hooking_explained.png b/images/reversing_vac_winapi_hooks/hooking_explained.png new file mode 100644 index 0000000..60b3dc5 Binary files /dev/null and b/images/reversing_vac_winapi_hooks/hooking_explained.png differ diff --git a/images/reversing_vac_winapi_hooks/winapi_hooks.PNG b/images/reversing_vac_winapi_hooks/winapi_hooks.PNG new file mode 100644 index 0000000..abccd45 Binary files /dev/null and b/images/reversing_vac_winapi_hooks/winapi_hooks.PNG differ diff --git a/images/spike.jpg b/images/spike.jpg new file mode 100644 index 0000000..68e0a3f Binary files /dev/null and b/images/spike.jpg differ diff --git a/index.html b/index.html new file mode 100644 index 0000000..155e936 --- /dev/null +++ b/index.html @@ -0,0 +1,53 @@ + + + + + ~Blog of a French coder~ + + + +
+ + Spike + +
+ the blog + github + pgp key +
+
+ +

Hey you, thanks for passing by, let me introduce myself. I'm a French C/C++/Python/ASM coder who is interested in reverse engineering, Eurobeat music and 90's looking websites.

+

I don't know how you found this website but be free to check my blog where i post random stuff.

+ +
+

I run Arch Linux, i3 and Emacs: my dotfiles.

+ +
+

Interests:

+

+ +

Some projects of mine:

+

+ + + + \ No newline at end of file diff --git a/pages/blog.html b/pages/blog.html new file mode 100644 index 0000000..1a4ed7a --- /dev/null +++ b/pages/blog.html @@ -0,0 +1,38 @@ + + + + + ~Blog of a French coder~ + + + +
+ + Spike + +
+ the blog + github + pgp key +
+
+ +

In this section of the website you can read the random stuff i post from time to time, i will prob not update the style.css for the programming related ones because it's more readable.

+

The articles

+ + + + + + + \ No newline at end of file diff --git a/pages/insecure_mode_bypass.html b/pages/insecure_mode_bypass.html new file mode 100644 index 0000000..b70aa15 --- /dev/null +++ b/pages/insecure_mode_bypass.html @@ -0,0 +1,71 @@ + + + + + ~Blog of a French coder~ + + + +
+ + Spike + +
+ the blog + github + pgp key +
+
+ +
+

-insecure mode bypass in CS:GO

+ + + +
+

Hey, in this short article i will present you how i found an exploit to join VAC secured community servers with the -insecure flag enabled on CS:GO.

+

+ A bit of context +

+

2 days ago, this exploit was released to unknonwcheats. But as the file wasn't approved and it was only a DLL no matter what, i decided to try to replicate it myself without trying to reverse it. It wasn't that hard but it was a good learning opportunity !

+

+ How -insecure works +

+

The -insecure flag is used to disable VAC and still launch CS:GO, it is useful for debugging the game or to play with cheats without having a chance of VAC getting triggered. The thing is this flag prevents you from joining VAC secured servers such as community servers. This is what message you get if you try to connect to one with this flag enabled :

+

+ +

+

note for translation : You can't connect to the server because you have -insecure enabled.

+

+ How to bypass that +

+

Thanksfully the source code of 2k18 CS:GO leaked in 2020 and is avalaible on Github. After looking for insecure in the repo we quickly find a function named Host_IsSecureServerAllowed, which looks like this :

+

+ +

+

But remember, this is from 2018 CS:GO, we still need to find it in IDA, same thing in IDA, load engine.dll and look for the insecure string, by looking at the xrefs we can find 2022 Host_IsSecureServerAllowed function :

+

+ +

+

We can see that the function is looking for insecure or tools or edit flags and if it find them, it returns false, thus kicking you from the server you are trying to join.

From here we can use the IDA plugin SigMaker to generate a signature for this function. The only thing that is left to do is hook the function, and always return true so the check for the insecure flag are never performed.

+

+ Hooking Host_IsSecureServerAllowed +

+

Hooking this function with MinHook is pretty straightforward, here is the pseudo code :

+

+ +

+

We are basically defining the Host_IsSecureServerAllowed function, and in it, we just say to always return true. Then we scan for the (insanely long) signature for this function and hook it with MinHook.

From now, just build the DLL, inject into CS:GO and you'll see, with -insecure you'll be able to join VAC protected community servers.

+

+ Limitations +

+

At the writing of this blogpost, you can only join community servers with this flag enabled, this may change. Also, remember that even if you join a VAC secured server with this bypass, VAC will still be running thus this exploit is pretty useless. It was only a learning opportunity to me and shouldn't be considered as a VAC bypass.

+ + \ No newline at end of file diff --git a/pages/reversing_vac_winapi_hooks.html b/pages/reversing_vac_winapi_hooks.html new file mode 100644 index 0000000..4c58ef4 --- /dev/null +++ b/pages/reversing_vac_winapi_hooks.html @@ -0,0 +1,68 @@ + + + + + ~Blog of a French coder~ + + + +
+ + Spike + +
+ the blog + github + pgp key +
+
+ +
+

Reversing VAC winapi hooks

+ + + +
+

Hello there, been a long time ! Today i will talk about the implementation of winapi hooks inside Valve Anti Cheat (aka VAC).

+

+ A bit of context +

+

Everything i will say is directly from this topic on UC

+

+ What is hooking ? +

+

In the first place we need to properly understand the way hooking works. To hook a function you need to overwrite the first 5 bytes to jmp 0xYOURADDR where 0xYOURADDR is the memory address for the function that will replace the original (a pointer basically). We can also save the original function pointer to return to the original function after our code, this is called a trampoline (tramp) hook.

+

+ +

+ +

+ What's up with VAC ? +

+

Some guy reported that VAC may be hooking VirtualProtect to check if you're messing with the game's code. Another one showed that it has already been reported on UC in the past

+

+ Reversing VAC +

+

VAC is actually in GameOverlayRenderer.dll, which manages... the Steam overlay you got it. Pretty dumb design if you ask me but VAC always tries to think outside of the box. From now we just open the dll in IDA, search for the string "VirtualProtect" and we find it ! Here it is after some renaming :

+

+ +

+

We can see that VAC actually hooks a ton of those winapi functions. For the code, it's pretty straight forward :

  • We get the address of VirtualProtect in the memory with GetProcAddress
  • We hook the function by passing to HookMethod its pointer, the pointer of the modified function and the tramp pointer that we want to use.
    • Now we can actually start looking inside of the hook for VirtualProtect. Here is the cleaned code : +
    +

    + +

    +We see that the function is defined the same as the original one; you need to do this when hooking.This function basically executes VirtualProtect as usual with the trampoline pointer, sets the LastError and returns the result.But you may have noticed an if statement, pretty self explanatory but if the game we're running is a Valve game and we're trying to change the rights of the region to execute/read/write, then it jumps to do_sketchy_stuff_0 which i haven't decompiled yet (lol) but it must have something to do with VAC reporting abuse. +

    + Conclusion +

    +To conclude, reversing VAC is a great way of learning as it's not obfuscated/packed and the code is pretty easy to read. Bye.

+ + \ No newline at end of file diff --git a/pgp/key.txt b/pgp/key.txt new file mode 100644 index 0000000..f6c944d --- /dev/null +++ b/pgp/key.txt @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGNmrEgBEAC3ADvvisrZBp62p4eeroZ7locZHYY6rNkHyQTXH5sKqerp0ctZ +pxoJfw7U23qvLaqHHlhvgfnxrzQI4DZ23AY9qVh15wMKb5JfkO0LwLRsS4biBuze +c6rR/sebNirD4oXSHIm8w2zYyQTFfoNIYvYItkKf48XKAffCmmywxPgeRlrYzp6T +IyBHe4h4E7V1T0kaCLYMquEPypbSv2yt3DshunEvzNfXoI7Ll7kc2gFn/+WP4W+1 +yC23S8vGcB/+jXUDUYrnosoE+eDtNoauXK4UEFbjZQGydVvNi/qw4riQ+xuUcnfF +/ZSSWuySci3tn1CMxeG39ATcHekuFQTtq7s9inheG9rnavdWPwUDuOPZ6ROHKiNM +PaMAZOTlGZafX64vnwHR3yHMdPvu3n3wz+BUz4K8HGYSWAy3g6HwjlRgIxje2di4 +UTxMzwjejkjU2una8NkTQTu2H6gig75idWfpas3aMxkuFxSTEIinMukAq0Q9lkIU +HHwaPYB5f0OcHzjxA/J5DtuuYBpotc8wZsjM2GKAzxl6OhmbbaSu5N2CkwxFa2JP +rd01N7IEKgpLtsBZlO9MpW4vKTFMixV0Iprt9hlQF1KfxKv0wI41HNJtyhSrLa/e +tGodxPaIfvvF5aHA5G0Dzu+ESXoq/25Op76mtpLzJEwMbz5hkPAag7rMQQARAQAB +tCFBTGl0dGxlUGF0YXRlIDxtYXhpbWVAcGF0YXRlLmRldj6JAlIEEwEIADwCGwMF +CwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAFiEEduDWQnSE27L7ZJAPMWAkNmH+ +np0FAmYlC1MACgkQMWAkNmH+np27Pg/+OdAep9pLxnoKWeF9z5FKnZr+ls1zKiyp +7YgK5WsMYY4ui6CKWVttRHhgMBifWw446d1PU+AB+XT3G13mhd0WPcYPSVhF6Sc2 +xxWj8+o8TdKA0y91oSYLzdZqJLmlt7BOn0I7EHwLdE7F2uaTwdaWp/urFMHJLycW +gN+o9i/gUcSRctOUjoXmPSdmxnE8uNcp0ke3ktxDevckUbSjRImio+HSahHSdm/G +I3r5V23ziROwE8WMDrk+v6kiHA0i7ZSK5YkZpveVpWHRKXKnTBELcbFCRqrYKXXE +6yuk6omSbjqsxN4lytqZr103x94EZhB3JtR3ydiR03TvpuROGz6f3vKj2kDYakd2 +NxDvG8/+7aBtZHqdflKzH/3pch63TgTox45R6PWt9rU03jQC8i/r8S6k5dBprys6 +gTQd9VNRg8srz4kO6LRDR36RfqyT9RRUnBVXpjwQzdR+XiPyawGnUb+487MypjU5 +K4V1qqfvpy9hk2oikFUexm1RbCkOmekvFZz0WJvQ7SLOjHMT0iR/f+N6Q8h3AOVZ +Z0PHI3dkuiDmXFWeBD+nXJqyJTuCAFZEy+QbMCWqnBLr0V4lzW6B6V+jZYmyGkRL +JSvd6rXVZiM20Y2aXK+Muk/Y33YFVn3AOURKRj3bhfthybWGALeXffXxX3Ty/XJK +doeIeG//BTu5Ag0EY2asSAEQAOXuUG5dZlXQPLeDPmxrGadZAMEU8iMyOmTOT13S +ck60iU5U7+QjrU+QUmWwW2bpf7B3PUEzHN7as6BTGoncYcv3djLFGBG9fgdjMKeS +TOvDz+pU3IAhdx0fGa9L82HwCUMMM5f7GCBeuWTaHvmWVR5OeAvaHGTlh90bsIqk +CroXPO905KOv+eszYpzGWdEPJ0ljvv/QsXrJlVxnTKXNGI6k2TjxjCabdw9AT1Q3 +QWeKpMRnatf9g61/dY0u5AtIWFhTF9qk5wkaF4E5fvJ41q5CedgBx0ivO4NkUdI0 +MvEm+BFSU7OKUU9b91OwcUGMf9uNEt42x6xvmgNZ0/07hBUC25akLpCgvvDiPC4o +CoFtsdVeFl8I5KnNQE7bZXv3fp9PMIkZykO7BzTwQRiOrapErP73pI2YSyeqUCt2 ++zfV5XVkaZ8M+FX/hHuAYNQzSBQZ39negZjwgvK06WUJ+T7jmQOSOSyjZrzn/pTi +Xf7AMpinqVqi9AlY0RqjECkI6BW/U4yvYVbvslMfLkHntfG/WsbKlyeZr+B1KgsU +B35TytdJOMJgzXAfTXqpJnyVqQS9spnA7LfyJRHjB1tI5XwI2Q3RgS7gCe1UB8vq +NJVbPnFa36xWsDv6GnSssegcNoKlf/ZT1hTQHeNcsNO00wx0Fz7gONB6FrFzCdrF +77SDABEBAAGJAjYEGAEIACACGwwWIQR24NZCdITbsvtkkA8xYCQ2Yf6enQUCZiUL +UwAKCRAxYCQ2Yf6enT2sEACn4kGQRRV2O32eQkv5JXTPRtuzYDIZ8+EV/7R5PHAS +dKfPZJWw4DK8FIias58yx2GSiP5tbRuh31XQJvOLZZ5WpIfZeQygjorZ5jdcobSj ++uaSy+s+hPDFAZlzd2ELXIVt3hvquFOtw825b1FmLDFCGzTiYb4UEGwIOjP1GQSt +EI9Bl96J0V9UkdRzaBxshuEYAWcGU5IlESGouKLnH1dNKaSuT+B8nPv1xp1UZTa5 +aO+/tM2+i8DhMMOXWMVEAd4jdg0zM8NnXRp4o/5/8UpKg7Sn7h0ReUJwK2WpXOBv +EpTRzb1gITJsJ5C5fzH7HBceDSvr8FDuYBkVz4Fq5godEHBh40Rpp3RE1UYJcHlj +fQD9sYAk1r3rUny/6JwwOkXMxNWUQz79E9VaJYonadKU3wM9ZS2pYP2Bslm1QA4b +I3Dn+VxZy1GfBwrfcKMWcMaQZDWlVUhRRtHzAT4tUACIbJMEQliQE0plSZ6vCZZ3 +KMVXA5m15JLz7CPVK5ul62imW8c4lSxEgaqCvLfQCrURiMbT7M4HfuNsoOKymaRo +Xm4+9+3OqFOvakKajckMPDVT16WWb7dpnE2bIdCULBzrOgl9JyivP9ik3XCXq2gb +iNczgpTBLp9PX3ATh3Fz4kDr1jE1sDFGw179RisnjGO1B7ZtLQ17B/nMh0SLxhyr +MQ== +=YkTw +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python_script/generate_article.py b/python_script/generate_article.py new file mode 100644 index 0000000..01cd1f8 --- /dev/null +++ b/python_script/generate_article.py @@ -0,0 +1,204 @@ +""" +~foldername~template~foldername~ +~titre~Test article~titre~ +~date~ Jan 25, 2022~date~ +~section~Test~section~ +~data~data~data~ +~link~[https://www.google.com]link to google~link~ +~list~Test~list~ +~endlist~ +~image~serverlist.png~image~ +""" +#TODO : +# - add code snippet + + +import os +from os import listdir +from os.path import isfile, join +import shutil +from tkinter import Tk +from tkinter.filedialog import askopenfilename + +def write_file(text) : + with open("out.html", "a") as o : + o.write(text) + +def generate_base(title) : + base = """ + + + + + """+title+""" + + + +
+ + Spike + +
+ the blog + github + pgp key +
+
+ +
+

"""+title+"""

+""" + write_file(base) + +def generate_date(date) : + base = """ + + +
+""" + + write_file(base) + +def generate_paragraph(p) : + base = "

"+p+"

" + write_file(base) + +def generate_section(s) : + s_2 = s.replace(" ","-") + base = ''' +

+ '''+s+''' +

+''' + write_file(base) + +def generate_end_file() : + base = ''' +

+ + ''' + + write_file(base) + +def generate_image(path) : + base = ''' +

+ +

+''' + write_file(base) + +def set_foldername(name) : + os.mkdir("../images/"+name) + onlyfiles = [f for f in listdir(".") if isfile(join(".", f))] + for f in onlyfiles : + if f.endswith(".jpg") or f.endswith(".jpeg") or f.endswith(".png") or f.endswith(".ico") or f.endswith(".gif") : + shutil.move(f, "../images/"+name+"/"+f) + +def main() : + Tk().withdraw() # we don't want a full GUI, so keep the root window from appearing + filename = askopenfilename() # show an "Open" dialog box and return the path to the selected file + + name = "" + titre = "" + date = "" + was_list = False + with open(filename, "r") as a : + for line in a.readlines() : + + if line.startswith("~foldername~") : + final_line = line.replace("~foldername~","").strip() + name = final_line + set_foldername(final_line) + + elif line.startswith("~titre~") : + final_line = line.replace("~titre~","").strip() + titre = final_line + generate_base(final_line) + + elif line.startswith("~date~") : + final_line = line.replace("~date~","").strip() + date = " " + final_line + generate_date(final_line) + + elif line.startswith("~section~") : + final_line = line.replace("~section~","").strip() + generate_section(final_line) + + elif line.startswith("~image~") : + final_line = line.replace("~image~","").strip() + final_line = "../images/"+name+"/" + final_line + generate_image(final_line) + + else : + if line.startswith("~endlist~"): + was_list = False + write_file("") + continue + + if line.startswith("~list~") : + l = line.split("~list~") + res = "" + + if not was_list : + res += "