Home
Il2Cpp Injection and Hooking via Scaffolding
A Il2cpp scaffold is a ready to use (and to inject) DLL, which give us access to every type definition, object and method from the game and also provides a il2cpp helper API. As I was playing around with some game manipulations for the Game A Tainted Grail – The Fall of Avalon I got
Continue Reading „Il2Cpp Injection and Hooking via Scaffolding“
Tainted Grail – FoA – Unlock The Hidden Secrets
The journey of recovering my lost arm. Background Back in the bad weather season, I was looking for a single player game that I could enjoy alongside my usual daily routine. I noticed the release of Oblivion remastered Edition and considered buying it, but the reviews shortly after release weren’t particularly promising, so I decided
Continue Reading „Tainted Grail – FoA – Unlock The Hidden Secrets“
Smart Time Plus RCE – CVE-2024-53543
The Software Smart Time Plus < 8.6 contains several vulnerabilities: which can be chained to achieve unauthenticated remote code execution as SYSTEM on the Windows host. Background and Research During a pentest I stumbled across the following web service on port 443: Smart Time Plus is a time tracking tool developed and published by the
Continue Reading „Smart Time Plus RCE – CVE-2024-53543“
How to Patch a Android Unity Game
This post is a follow-up of the How to mod a simple Android App post and heavily based on this great article https://hacking.kurcin.com/android/use-frida-to-controll-unity-app-il2cpp/ Background about this Project I chose a game that I know and that I played myself for a while, this helps to identify useful methods and properties where you want to hook
Continue Reading „How to Patch a Android Unity Game“
How to mod a simple Android App
Background about this Project This post is about how to reverse and modify the simple Android Dice Roller! app. The app was randomly chosen by me, I wanted to start with something simple, so: Before you start always check, if you can decompile, compile, sign, install and lunch the app, some apps wont run with
Continue Reading „How to mod a simple Android App“
GOG Galaxy – CVE-2022-31262
With my researches, described on my other post Hunting for LPEs in Gaming Software. I was curious about GOG services which run as Local System. I installed GOG on a „fresh“ Windows 11 and Windows 10 system and focused again to the Service „GalaxCommunication“. As we can see the Service is still running with SYSTEM
Continue Reading „GOG Galaxy – CVE-2022-31262“
Hunting for LPEs in Gaming Software
Recently I started to dive deeper into the topic „LPE on Windows“, obviously one of the first things you will learn is to look what runs as system and does it load anything were you have write access to. The Theory I started my learning with some very educating sources about DLL Ghosting and Sideloading.
Continue Reading „Hunting for LPEs in Gaming Software“
RE: DC-932L Reversing a Webcam Part 3 – Building the Firmware
In my last post I described how to extract the firmware, this was quite easy. But to rebuild a firmware is something different. This is a three part long story I need to be honest here, just remembering back to this process is painful, I will just describe some problems about the whole process that
Continue Reading „RE: DC-932L Reversing a Webcam Part 3 – Building the Firmware „
RE: DC-932L Reversing a Webcam Part 2 – Extracting the Firmware
In my last post I described how to get a shell on the device, but my final goal was to extract the firmware, manipulate some data in it and rebuild it so that I have a custom firmware for this device. This is a three part long story There are some good resources about this
Continue Reading „RE: DC-932L Reversing a Webcam Part 2 – Extracting the Firmware“
RE: DC-932L Reversing a Webcam Part 1 – Getting a Shell
Introduction and Story I remember, more then a year ago I watched this fantastic video from stacksmashing about reverse engineering and rebuilding a custom firmware for a webcam. I was absolutely stunned that this is possibile and thought about to try this some time on a device I have at home. As usual, time passes
Continue Reading „RE: DC-932L Reversing a Webcam Part 1 – Getting a Shell“