PwnAdventure3 – Patching Binary

When running a video game or any application on your laptop, you execute instructions that has been writing by the developers for a specific purpose. Sometimes, the instructions restrict you: e.g. an evaluation version of an application that exit after 30 minutes, or your player in your MMORPG that cannot jump high enough to access hidden high location. The executed instructions are located on your computer, which you control. You can therefore change those instructions to bypass restrictions (e.g. cracking) but also to improve or add new functionalities. This requires you to open the binary, understand the functions (reverse engineering) and patch it.

In this post, we will not change complex logic of the binary, but simply modify one line in the instructions to improve the capabilities of our character by increasing its movements speed.

Continue reading PwnAdventure3 – Patching Binary

PwnAdventure3 – Reverse Engineering Binary

Players usually explore, interact and understand the game through the classical user interfaces. With Pwn Adventure 3, the inputs are the mouse and keyboard where the user can move and interact with the Pwnie Island world. The output is the rendered 3D graphics and the HUD interface. However, sometime, the output is not enough for the user to fully understand exactly what he has to do in order to finish a quest. Those kind of “secrets” are often used by developers to increase the difficulty of the game and/or to force the player to explore, try and discover new things in the game. Considering the game was released for a 2-days CTF, we don’t have much time. We want to be the first one to finish all quests. That’s where Reverse Engineering comes in handy.

Continue reading PwnAdventure3 – Reverse Engineering Binary

PwnAdventure3 – Asynchronous Proxy in Python

Now that we have reversed most of the network protocol between the game server and the client, let’s intercept and manipulate it. I personally prefer Python when it’s about to build quick and dirty scripts. Here we need to build an asynchronous proxy that handle binary data. In this case, I will use Python 2.7 with the native libraries asyncore, socket and struct.

Continue reading PwnAdventure3 – Asynchronous Proxy in Python

PwnAdventure3 – Building a Wireshark parser

Wireshark is one of the best – if not the best – packet analyser available. It allows you to capture the traffic sent from/to your machine and parse its content in order to have a human readable representation of it. At the moment, there are hundreds of supported protocols and media. Considering that the protocol of Pwn Adventure 3 is custom and not widely used, there is no dissector (parser) installed by default in Wireshark for this protocol. Eric – maetrics – Gragsone has already published a custom dissector in Lua, which was helpful for the realisation of this blog series. However, the dissector is missing some information that we covered in the last blog. Instead of re-using and improving the parser, we will start from scratch so I can explain the process and logic to build a Wireshark dissector.

Continue reading PwnAdventure3 – Building a Wireshark parser

PwnAdventure3 – Network Protocol

We have seen in the previous post a methodology to reverse a network binary protocol. In the given example, we dissected the packet that updates our location in the game. We will continue reversing the protocol but this time with less details as I hope you now have a better understanding of the process.

Continue reading PwnAdventure3 – Network Protocol

The concept of a penetration test

A penetration test – also known as a pentest – is a security and risk assessment of an application(s) and/or a system(s) performed by an IT security professional using manual, and sometimes, automated tests. While automated tests are meant to find low hanging fruits and maximize the coverage of the assessment, manual assessments are still required as many use cases cannot be tested or accurately identified with automated tests.

Continue reading The concept of a penetration test