Doug’s Projects

Source code for some of these projects is available at https://bitbucket.org/Douggem just log in with the credentials given in the resume!

ObRegisterCallbacks research

I reversedObRegisterCallbacks and the structures it creates in order to research a solution to Anti-cheat kernel modules protecting game processes.  You can see the results here:

https://douggemhax.wordpress.com/2015/05/27/obregistercallbacks-and-countermeasures/

SKiDE

SKiDE is a script development tool targeted at Arma 3.  It has common IDE features such as syntax highlighting and auto completion, but it also has some Arma specific features like enumeration of script threads and script variables.  It will also, if connected to the game, show the value of variables in a script if the user hovers the mouse over the variable.  SKiDE is still early in development but is already complete enough to be a very strong tool for script development as it offers the user a real-time glimpse into the execution of their scripts.

Peacekeeper Drone

Peacekeeper is an application that acts as a radar for Real Virtuality games.  It reads memory from the target game, finds and parses data structures in the game’s memory, and presents it to the user in the form of a map.  It also allows a small degree of object manipulation, such as changing the user’s weapon properties.  For example, the user can increase the damage his weapon does, eliminate the weapon’s recoil, or make his handgun shoot missiles.

Source available at https://bitbucket.org/Douggem/peacekeeper by logging in with the credentials included in the resume.

DayZ ‘Big’ Cheat

The ‘Big’ DayZ cheat is a DLL that is injected into the Arma2 process that displays information to the user and allows the user to manipulate game objects.  The amount of things it enables the user to do is a  very large list, it does everything from item spawning to instantly killing everyone in the game to throwing vehicles into the sky and making them rain down on your target.

The controls are on the top left side and drawn by the cheat. The red text and yellow markers represent players and are drawn by the cheat. In this image, I’ve teleported everyone to one spot and they are killing each other out of panic.  This image represents the cheat when render by the game engine.

This shows the item spawning system and shows the cheat as rendered through DirectX directly

Real Virtuality Assistant

The Real Virtuality Assistant (RVA) is a tool used to reverse engineer someone else’s script systems or debug your own in Real Virtuality games.  The Real Virtuality engine does not give a mechanism to see currently executing script threads or easily look at script variables, so the RVA had to be created to give developers that functionality.  It can also hide prepackaged addons from the game engine so that developers can use non-whitelisted addons on secured servers, and it also allows the user to terminate script threads which enables the user to disable anti-cheat systems that run in the script engine.

Source is available at https://bitbucket.org/Douggem/real-virtuality-assistant just use the login credentials included in the resume.

The user can choose script variables from 4 different script namespaces and see what they contain. It is very useful for debugging script systems

Battleye interface

The Battleye interface was a Proof of Concept to allow the game’s script system or a server admin through use of a console to issue Battleye admin commands to the server without having the server’s admin credentials.  This would allow script anti-cheat systems to kick and ban users automatically, a feature sorely lacking in current anti-cheat systems.  The Battleye interface primarily did two things: it hooked the game’s console output to display information to the user, and it piped Battleye admin commands directly to the handling function in Battleye’s DLL, bypassing the authentication checks that one would have to pass to normally issue a command to Battleye.

By allowing a system to issue these commands without admin credentials, the server administrator greatly increases the authority of script anti-cheat systems and low level admins without opening up the server to the liability of people other than the owner having the admin credentials, which would allow them to do great harm to the server.

DCryptor – https://bitbucket.org/Douggem/dcryptor

DCryptor is a windows PE encoding tool that I made for a computer security course. It’s very basic and was done as a learning exercise, but it was a very fun project!

What does it do?

  • DCryptor takes the path to a Windows PE binary (.exe, .dll) and encodes it.
  • It encodes the .text and .data sections and drops a stub in the last section of the file, expanding that last section and flagging it as executable
  • For simplicity, it disables the address randomization bit of the PE Optional Header
  • It changes the entry point to a stub which decodes the .text and .data section then jumps back to the original entry point
  • It uses a simple XOR operation with an optionally turning key for encoding. It’s not a good solution for any real-world application!
Advertisements

3 thoughts on “Doug’s Projects

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s