Wednesday, September 23, 2020

DE: Powerful Builds For Your HQ

You know you're in some shit if someone points.

This one is going to be a short one since we're going to be primarily focused on the use of HQs.  One thing's for damn sure:  I feel that we have some fantastic melee HQ options for the price.

Here are some my favorites so far:
  • Archon, Labyrinthine Cunning, Writ of the Living Muse = 72 base
  • Archon, Hatred Eternal, Djin Blade = 76 base
  • Archon, Famed Savagery, Djin Blade = 76 base
  • Succubus, Blood Dancer, Adrenalight, Triptych Whip = 54 base
  • Succubus, Hyper-swift Reflexes, Adrenalight, Blood Glaive = 54 base
  • Succubus, Precision Blows, Adrenalight, Triptych Whip = 54 base
  • Haeomculus, Diabolical Soothsayer, Vexator Mask = 75 base

Let's start with the Archons.  You've all probably seen me take the Archon with Cunning and Writ of the Living Muse in my lists.  That's because it's one of the most powerful Warlords in the game for the points IMO.  Cunning is absolutely fantastic at regenerating CPs whenever a CP is spent for both you and your opponents.  For DE, I find that some of our Strategems are a little costly, especially that Agents of Vect counterspell that costs 3 just by itself.  With Cunning, you can do some really crazy recycling that can help you sustain the longer gameplan:

For example:
  • You don't want a 2-cost Strategem to go off so you throw out Agents of Vect.
  • Before you even put AoV down, you roll 2 dice for his Strategem for Cunning.
  • Next, you AoV and since you just spent 3 CP, you roll 3 more dice to see if you get any back from Cunning.
  • Agents of Vect then takes effect, hopefuly blocking his Strategem.
  • In this example right here, you're probably going to get back a CP from just playing the game regularly.

When you play Black Heart, you almost have to bring Writ of the Living Muse.  It's one of the best buff batteries in the entire game and enhances the damage potential of every single Black Heart unit within 6".  Everything within this distance gets re-roll 1s to Hit and Wound that that is a huge damage amplifier, especially on things like Dark Lances and Disintegrators when you absolutely need to hit with your more expensive damaging weapons.  Living Muse simply gives you consistent damage and that's exactly what you need to turn your very good shooting up a notch to exceptional.

As for melee Archons, I see two main options here:  Both of which have the Djin Blade of course which is just an upscaled Huskblade.  Hatred Eternal gives you more consistent results via re-roll all wounds in melee but the Famed Savagery Archon from Flayed Skull gives you great burst damage.  With Famed Savagery, you have 8 S5 AP-3 D3 attacks that hits on 2s with re-roll 1s.  Personally, if I was to pick one of the two, I would go for more consistent damage with the Hatred Eternal Warlord trait.  There are bonus points in the fact that Hatred Eternal is a generic WL trait and thus doesn't lock you to any particular Obssession.  As for arming the Archons further, always seek out the Blaster first since you have a fantastic BS2+ and Blasters are amazing with their S8 AP-4 D6 damage from 18" (24" for Obsidian Rose).

I whip my hair back and forth.

The Succubus went from one of the most overcosted units in the entire game to arguably the most cost-efficient melee blender in the game.  I'll start off by listing the Blood Dancer variant that comes with 9 attacks hitting on 2s, re-rolling 1s, and each Hit roll of a 6 turns into 3 Hits instead of 1.  On the regular, she can throw out something like 14 attacks with an Agonizer (Poison 4+ AP-2 1D) and that's just obscene.  Against single wound models, she is almost guaranteed to wipe out entire squads by herself.  She just reminds me of the Blenderlord that I ran for Vampire Counts back in the days of Fantasy.  To make things even more exciting, once you hit Turn 3+, you can activate these multiple hits on a 5+ instead of 6 because of the PFP chart.  The only downside here is that she's a Succubus and she just explodes if anyone swings back at her because she only has a 4++/6+++ with T3 and 5 wounds.  Regardless, LO_OK at her points cost!  For 54 points, she's an absolute steal.  I can't help but hear this garbage ass song whenever she enters combat.

Other variants of the Succubus are also really strong; such as the Blood Glaive Succubus with 5 attacks with Adrenalight dealing S6 AP-3 D3 damage attacks.  I've seen this particular variant built two ways really; with either the Red Grief specific WL trait of 3++ or with Stimm Addict with Grave Lotus and Adrenalight.  This gives her 5 attacks at S7 which is now a serious threat to virtually all targets including light vehicles.  Again, 54 points of awesome.

Another variant I want to introduce you to someone who might be our best duelist.  She has 9 attacks with the Whip just like the Blender because she's from Cult of Strife (for +1 attack), however instead of Blood Dancer, she has the Precision Blows WL trait.  When you're hitting with 8-9 attacks every turn, you're going to be looking for 6s that can just do straight mortal wounds in addition to the regular wounds inflicted with an Agonizer.  That's very good.  For all these Succubus, I highly recommend taking a Blast Pistol on the Blood Glaive Succy to take advantage of her superior BS2+.  Funny enough, the Precision Blows Succubus can still do mortal wounds to Vehicles and Titans.

Never trust someone with 5-6, 7? arms.

Lastly, we have the Haemonculus that you will probably see most frequently if you're planning to take Coven units and Alliance of Agony for 1 CP.  This is because Diabolical Soothsayer essentially pays for itself immediately and you can get 2 more CP if you roll well (D3 in total).  Sure, you also get that once a game re-roll for your Warlord, but no one really cares about that because you also gain access to the Vexator Mask.  This thing is actually pretty hilarious.  You can basically take this Haemonculus and just charge into something to tie it up because they cannot use Overwatch on you.  You can then charge your Wyches into them for free without any fear of OW fire.  To make things even more enjoyable, the mask also gives an enemy unit with 6" of the Haemonculus ASL essentially, making them strike last after all other units have gone int the Fight phase.  That's just funny considering the amount of melee boss HQs we have in the Codex.

What are some of your favorite HQs to bring?  I know I've been extra boring with the Black Heart Archon, but hey, it's been working so why not!

Tuesday, September 22, 2020

Ep 34: Top Faves With Dave Goes Digital Is Live!

Ep 34: Top Faves with Dave goes digital

https://soundcloud.com/user-989538417/ep-34-top-faves-with-dave-goes-digital

Dave Tubbs, Nick Nerthery and I talk about military-themed video games.

Join the conversation at https://theveteranwargamer.blogspot.com, email theveteranwargamer@gmail.com, Twitter @veteranwargamer

Follow Dave on Twitter! @FrmrSldrFgtPlyr

Try Audible for your free audiobook credit by going to http://audibletrial.com/tvwg

New Segment - Stump Jay! Dave's attempt to stump Jay took 308 milliseconds to solve.
Maori Wars Empress Miniatures - http://www.empressminiatures.com/page11.htm

Emu Wars Eureka Miniatures - http://www.eurekamin.com.au/product_info.php?cPath=131&products_id=13353

SCW Empress - http://www.empressminiatures.com/page9.htm

Top Faves
Myth: The Fallen Lords - http://projectmagma.net/what/
Gog - https://www.gog.com/
Wolfenstein 3D - http://3d.wolfenstein.com/game_NA.php
Starcraft: Brood War - https://starcraft.com/en-us/
War Thunder - https://warthunder.com/en
Wolfpack - https://www.emuparadise.me/Abandonware_Games/WolfPack_(1990)(NovaLogic)/95670
UBoot Kickstarter - https://www.kickstarter.com/projects/phalanxgames/uboot-the-board-game
Captain Sonar - https://www.asmodee.us/en/games/captain-sonar/
Red November - https://www.fantasyflightgames.com/en/products/red-november/
Close Combat: A Bridge Too Far - https://www.gog.com/promo/20180206_launch_promo_close_combat
Ghost Recon: Advanced Warfighter - https://www.gamestop.com/xbox-360/games/ghost-recon-advanced-warfighter/39276
Axis & Allies CD - http://www.harrisgamedesign.com/phpBB3/viewtopic.php?t=2268
Company of Heroes -  http://www.companyofheroes.com/
Dawn of War - https://www.dawnofwar.com/
Halo - https://www.halowaypoint.com/en-us
Halo Fleet Battles - https://boardgamegeek.com/boardgame/176936/halo-fleet-battles-fall-reach
Diplomacy Play By Email - http://www.playdiplomacy.com/
Junta - https://www.alderacsite.com/junta/
Call of Duty: World at War - http://store.steampowered.com/app/10090/Call_of_Duty_World_at_War/
Total War - https://www.totalwar.com/
Brothers In Arms: Hell's Highway - http://store.steampowered.com/app/15390/Brothers_in_Arms_Hells_Highway/
Nick's Article - http://www.offdutygamers.com/2010/01/brothers-in-arms-hell%E2%80%99s-highway-good-enough-to-be-a-training-aid/

Music courtesy bensound.com. Recorded with zencastr.com. Edited with Audacity. Make your town beautiful; get a haircut.

Saturday, September 12, 2020

The Elder Scrolls V Skyrim VR Free Download


A true, full-length open-world game for VR has arrived from award-winning developers, Bethesda Game Studios. Skyrim VR reimagines the complete epic fantasy masterpiece with an unparalleled sense of scale, depth, and immersion. From battling ancient dragons to exploring rugged mountains and more, Skyrim VR brings to life a complete open world for you to experience any way you choose. Skyrim VR includes the critically-acclaimed core game and official add-ons – Dawnguard, Hearthfire, and Dragonborn.

Dragons, long lost to the passages of the Elder Scrolls, have returned to Tamriel and the future of the Empire hangs in the balance. As Dragonborn, the prophesied hero born with the power of The Voice, you are the only one who can stand amongst them.
GAMEPLAY AND SCREENSHOTS
DOWNLOAD GAME:

♢ Click or choose only one button below to download this game.
♢ View detailed instructions for downloading and installing the game here.
♢ Use 7-Zip to extract RAR, ZIP and ISO files. Install PowerISO to mount ISO files.



The Elder Scrolls V Skyrim VR Free Download
http://pasted.co/af29b5ae

INSTRUCTIONS FOR THIS GAME
➤ Download the game by clicking on the button link provided above.
➤ Download the game on the host site and turn off your Antivirus or Windows Defender to avoid errors.
➤ Once the download has been finished or completed, locate or go to that file.
➤ To open .iso file, use PowerISO and run the setup as admin then install the game on your PC.
➤ Once the installation process is complete, run the game's exe as admin and you can now play the game.
➤ Congratulations! You can now play this game for free on your PC.
➤ Note: If you like this video game, please buy it and support the developers of this game.

SYSTEM REQUIREMENTS:
(Your PC must at least have the equivalent or higher specs in order to run this game.)

Minimum:
• OS: Windows 7/8.1/10 (64-bit versions)
• Processor: Intel Core i5-6600K or AMD Ryzen 5 1400 or better
• Memory: 8 GB RAM
• Graphics: Nvidia GeForce GTX 970 / AMD RX 480 8GB or better
• Storage: 15 GB available space

Recommended:
• OS: Windows 10 (64-bit)
• Processor: Intel Core i7-4790 or AMD Ryzen 5 1500X
• Memory: 8 GB RAM
• Graphics: Nvidia GeForce GTX 1070 8GB / AMD RX Vega 56 8GB
• Storage: 15 GB available space
Supported Language: English, French, Italian, German, Spanish, Polish, Czech, Russian, Hungarian, Dutch, Danish, Portuguese, Finnish, Norwegian, Swedish, Korean, and Simplified Chinese language are available.
If you have any questions or encountered broken links, please do not hesitate to comment below. :D

Hiring: 3D Artist



Title: 3D artist
Focus: Environment design
Type: Full-time, permanent
Last day to apply: 17th of June 2018

Frictional games are filled with terror, intrigue, mystery, and emotion. We want our environments to reflect that, from the shape of the landscape to the smallest rock, while subtly guiding players and helping to enhance the gameplay.

This is where you come in.

We are now looking for an experienced 3D artist, who will focus on environment design for our upcoming games. This means working closely with our gameplay programmers / designers, and using modelling, texturing, and design skills to create memorable, interesting, and functional environments for our players to experience.


What will you work on?
We are quite a small team, but we consider it our strength. As an environment artist you will get to work on everything from props to high-level design. This means your contribution will greatly influence how the final game looks, plays, and evokes emotions.

Here are some of the things you will be working on:
  • Collaborating with designers to create level layouts, combining both gameplay and an artistic perspective.
  • Taking levels from whitebox to a polished product.
  • Creating basic models that make up the levels, such as walls and floors.
  • Modelling props of various complexity, both with and without the help of concept art, and often having to take gameplay concerns into account.
  • Constructing particle systems, both by drawing textures and using parameters in our editor.
  • Combining various techniques to create special effects, such as flowing water or fire.
We also encourage working outside of your area of expertise, and always learning new things. The more areas of development you are willing and able take part in, the better!

For some examples of our environments, please check the video above!


What are we looking for?
The person we're looking for is creative, driven and self-sufficient. We have recently set up a central hub in Malmö, Sweden, and hope you can move over to our seaside city sometime in the future.

You have to be a European resident to apply.

Here are some essential skills we require:
  • Good understanding of composition and player guidance.
  • Ability to challenge yourself, make bold creative decisions, and try non-conventional things.
  • A critical approach to your work, with the ability to take a step back and reflect.
  • A strive for structure, efficiency, and clarity.
  • Strong self-drive and ability to organise your own work.
  • Interest in and ability to do research for interesting prop and environment solutions.
  • Love for working on a variety of tasks.
  • Fluency in English.
And here are some more techie skills:
  • Excellent skills in 3D software. Modo preferred.
  • Familiarity with Zbrush/Mudbox/similar.
  • Excellent skills in Substance.
  • Excellent skills in Photoshop or similar software.
  • Familiarity with issue-tracking software.
  • Experience in classic/non-PBR workflow.
  • Basic rigging and animation skills.
If you want to impress us:
  • Love for horror, sci-fi, and narrative games.
  • A major role in completing at least one game.
  • Great free-drawing skills.
  • Experience in level design.
  • Strong game design skills.
  • Experience kitbashing/working with modular sets.

What do we offer?
We make games, because that's what we love. But we know there are other things we love, like playing games, taking part in sports, or spending time with our families. We believe a healthy balance between work and life reflects positively on your work, which is why we don't encourage crunch.

We also offer:
  • Flexible working hours.
  • Opportunities to influence your workflow.
  • Variety in your work tasks, and ability to influence your workload.
  • Participation in our internal game Show & Tell sessions, so you'll have input into all aspects of the game.
  • Social security and holidays that are up to the Swedish standards.
  • An inclusive and respectful work environment.
  • An office in central Malmö you can use as much as you please.
  • Fun workmates, game and movie nights, and other outings!

Apply? Apply!
If all of the above piqued your interest, we would love to hear from you! Send us your application 17th of June the latest - but the sooner, the better! Please attach your:
  • Cover Letter 
    • Why should we hire YOU?
  • CV
  • Portfolio 
    • Link or PDF
  • Preliminary work test
    • See the test below
  • Examples of works that have inspired you or blown you away 
    • PDF, screenshots preferred.

Please note that we require all the attachments to consider you.

Send your application to apply@frictionalgames.com!


Preliminary work test
After 3 years of failed experiments, Professor Kim finally managed to reverse gravity. However, the professor died just as he succeeded, and the whole thing ran amok.

The player enters the research facility where the experiments took place. As they go through the level, they gradually learn about what the professor was trying to achieve. At the end they're met with a revelation, and see the disturbing results of the experiment. As they reach the end, the level must loop in a way where the player finds themselves near the entrance, where they first started.

We are looking for a simple design, done as a rough 3D sketch/white box. You are free to write notes and do paint-overs on top of the 3D.

This test is a first step in the evaluation process, showing us your basic skills, so we are not looking for you to spend a lot of time on it. Imagine this as a quick proof of concept you would present before doing a pitch or a design.

We will evaluate your artist vision, creativity as well as level design skills.

Put everything as a collection of images into one folder on Dropbox, Drive or similar, and send the link to us.


Privacy Policy
By sending us your application, you give us permission to store your personal information and attachments.

We store all applications in a secure system. The applications are stored for two years, after which they are deleted. If you want your your information removed earlier, please contact us through our Contact form. Read more in our Privacy Policy.

Friday, September 4, 2020

Dark Worlds, Act 1: The Ritual, 5E Adventure Review


A new life as an adventurer and as you settle in a tavern in a new land the King's men enter. It appears the King is looking for adventurers, and the Captain has chosen you and your companions, along with another travel, and apparently the tavern owners to be a part of it.

-----

Dark Worlds is a new campaign being released by Petersen Games to be played with the Sandy Petersen's Cthulhu Mythos (SPCM) (review link) expansion for 5e. I was given a PDF copy of The Ritual for review purposes.

It is recommended to use SPCM when playing The Ritual because of added elements like Fright and Dread and monsters. It is not required to use the Mythos book because the expansion has been written to be used as its own setting or as an expansion to the setting you're currently using. I also recommend the using the SPCM because it contains added information about the Cthulhu Mythos that would be helpful as this campaign dives deeper into that lore. Whatever setting you're using, however, won't come into play much. The first scene of chapter one in The Ritualdoesn't go quite as planned and the adventures and other guests at the King's banquet find themselves in another place, Yuggoth. The Ritual is designed to take 4–5 new player characters to fifth level.

The Ritual is divided into 4 chapters (1 for each level). This information is covered in roughly the first two-thirds of this 80+ page book. The events provide experiences and encounters I don't think most role-players have come across before. The newness of the encounters and experiences of location is a great addition for role-playing to take place, especially for players who have learned about all of the monsters and locations of interest in the world. The Ritualalso provides a great introduction into the vast other worldly experiences of Lovecraft Lore of the Dark Worlds of the Elder Gods.

Yogguth has a quality separating it from other worlds, the Mi-Go. These creatures operate on a cultural process. Some may say it is warped by where they live and others by the beliefs they hold. No matter what the reason, these are the creatures, and their creations, the characters are soon set against.

The party isn't alone in this alien world. Besides those who are now part of their slightly expanded party there are natural enemies of the Mi-Go; intelligent beings who are willing to help the adventures to return to their home world. The party must survive an alien world and alien creatures while using alien technology.

The last part of the book contains the information on the non-player characters, the horrors encountered, and the items that could mean the difference between life and death.

This campaign series has a warning that this is campaign setting that could lead character death. The risks and challenges are high. This reminded me of when I first started playing role-playing games decades ago. Character actions are important and there is a penalty for making bad decisions—like trying to fight every encounter instead of fleeing to fight another day.

The entire book is decorated with art providing a wonderfully horrific visual of the Lovecraft-ian descriptions.

Overall

This is the second campaign setting I've had the opportunity of reviewing for the SPCM setting. Like Yig Snake Granddaddy, Dark Worlds makes a promise of providing a fantasy horror setting that is easy to use because of the open gaming license. The authors, Sandy Petersen and Matt Corley, deliver on that promise.

I'm a fan of horror. For me the story has to be well written and The Ritual is well written. Here is an adventure that will allow a game master and their players to create a horror story in a setting that designed for just that cause. Each of the 4 chapters are designed to be completed in a single gaming session. And, if using the elements of horror to build and create the story, you will create something that will last well beyond the time of the session.

Act 1: The Ritual of the Dark Worlds campaign setting for 5e is written by Sandy Petersen and Matt Corley. It is published by Petersen Games (website). It is designed for 4–5 characters to play through 4 gaming sessions.

Here are links to reviews of the other products in this overarching setting.

Sandy Petersen's Cthulhu Mythos (SPCM) Review (link)

Yig Snake Granddaddy Review (another campaign for use with the SPCM) (link)

-----

You roll onto your side as you try to get some sleep. It is hard to keep your eyes shut without seeing the horrors that have been chasing you. You try to remember the people and places from your past. Your past. A past that feels like it was months or years past. Yet, you have only been here for about a week.

 

A Mi-Go Drone

I'm working at keeping my material free of subscription charges by supplementing costs by being an Amazon Associate and having advertising appear. I earn a fee when people make purchases of qualified products from Amazon when they enter the site from a link on Guild Master Gaming and when people click on an ad. If you do either, thank you.

If you have a comment, suggestion, or critique please leave a comment here or send an email to guildmastergaming@gmail.com.

I have articles being published by others and you can find most of them on Guild Master Gaming on Facebookand Twitter(@GuildMstrGmng).


Monday, August 31, 2020

Reversing Rust String And Str Datatypes

Lets build an app that uses several data-types in order to see how is stored from a low level perspective.

Rust string data-types

The two first main objects are "str" and String, lets check also the constructors.




Imports and functions

Even such a basic program links several libraries and occupy 2,568Kb,  it's really not using the imports and expots the runtime functions even the main. 


Even a simple string operation needs 544 functions on rust:


Main function

If you expected see a clear main function I regret to say that rust doesn't seem a real low-level language In spite of having a full control of the memory.


Ghidra turns crazy when tries to do the recursive parsing of the rust code, and finally we have the libc _start function, the endless loop after main is the way Ghidra decompiles the HLT instruction.


If we jump to main, we see a function call, the first parameter is rust_main as I named it below:



If we search "hello world" on the Defined Strings sections, matches at the end of a large string


After doing "clear code bytes" we can see the string and the reference:


We can see that the literal is stored in an non null terminated string, or most likely an array of bytes. we have a bunch of byte arrays and pointed from the code to the beginning.
Let's follow the ref.  [ctrl]+[shift]+[f] and we got the references that points to the rust main function.


After several naming thanks to the Ghidra comments that identify the rust runtime functions, the rust main looks more understandable.
See below the ref to "hello world" that is passed to the string allocated hard-coding the size, because is non-null terminated string and there is no way to size this, this also helps to the rust performance, and avoid the c/c++ problems when you forgot the write the null byte for example miscalculating the size on a memcpy.


Regarding the string object, the allocator internals will reveal the structure in static.
alloc_string function call a function that calls a function that calls a function and so on, so this is the stack (also on static using the Ghidra code comments)

1. _$LT$alloc..string..String$u20$as$u20$core..convert..From$LT$$RF$str$GT$$GT$::from::h752d6ce1f15e4125
2. alloc::str::_$LT$impl$u20$alloc..borrow..ToOwned$u20$for$u20$str$GT$::to_owned::h649c495e0f441934
3. alloc::slice::_$LT$impl$u20$alloc..borrow..ToOwned$u20$for$u20$$u5b$T$u5d$$GT$::to_owned::h1eac45d28
4. alloc::slice::_$LT$impl$u20$$u5b$T$u5d$$GT$::to_vec::h25257986b8057640
5. alloc::slice::hack::to_vec::h37a40daa915357ad
6. core::slice::_$LT$impl$u20$$u5b$T$u5d$$GT$::len::h2af5e6c76291f524
7. alloc::vec::Vec$LT$T$GT$::extend_from_slice::h190290413e8e57a2
8. _$LT$alloc..vec..Vec$LT$T$GT$$u20$as$u20$alloc..vec..SpecExtend$LT$$RF$T$C$core..slice..Iter$LT$T$GT$$GT$$GT$::spec_extend::h451c2f92a49f9caa
...


Well I'm not gonna talk about the performance impact on stack but really to program well reusing code grants the maintainability and its good, and I'm sure that the rust developed had measured that and don't compensate to hardcode directly every constructor.

At this point we have two options, check the rust source code, or try to figure out the string object in dynamic with gdb.

Source code

Let's explain this group of substructures having rust source code in the hand.
The string object is defined at string.rs and it's simply an u8 type vector.



And the definition of vector can be found at vec.rs  and is composed by a raw vector an the len which is the usize datatype.



The RawVector is a struct that helds the pointer to the null terminated string stored on an Unique object, and also contains the allocation pointer, here raw_vec.rs definition.



The cap field is the capacity of the allocation and a is the allocator:



Finally the Unique object structure contains a pointer to the null terminated string, and also a one byte marker core::marker::PhantomData



Dynamic analysis

The first parameter of the constructor is the interesting one, and in x64 arch is on RDI register, the extrange sequence RDI,RSI,RDX,RCX it sounds like ACDC with a bit of imagination (di-si-d-c)

So the RDI parámeter is the pointer to the string object:



So RDI contains the stack address pointer that points the the heap address 0x5578f030.
Remember to disable ASLR to correlate the addresses with Ghidra, there is also a plugin to do the synchronization.

Having symbols we can do:
p mystring

and we get the following structure:

String::String {
  vec: alloc::vec::Vec {
    buf: alloc::raw_vec::RawVec {
      ptr: core::ptr::unique::Unique {
        pointer: 0x555555790130 "hello world\000",
        _marker: core::marker::PhantomData
     },
     cap: 11,
     a: alloc::alloc::Global
   },
   len: 11
  }
}

If the binary was compiled with symbols we can walk the substructures in this way:

(gdb) p mystring.vec.buf.ptr
$6 = core::ptr::unique::Unique {pointer: 0x555555790130 "hello world\000", _marker: core::marker::PhantomData}

(gdb) p mystring.vec.len

$8 = 11

If we try to get the pointer of each substructure we would find out that the the pointer is the same:


If we look at this pointer, we have two dwords that are the pointer to the null terminated string, and also 0xb which is the size, this structure is a vector.


The pionter to the c string is 0x555555790130




This seems the c++ string but, let's look a bit deeper:

RawVector
  Vector:
  (gdb) x/wx 0x7fffffffdf50
  0x7fffffffdf50: 0x55790130  -> low dword c string pointer
  0x7fffffffdf54: 0x00005555  -> hight dword c string pointer
  0x7fffffffdf58: 0x0000000b  -> len

0x7fffffffdf5c: 0x00000000
0x7fffffffdf60: 0x0000000b  -> low cap (capacity)
0x7fffffffdf64: 0x00000000  -> hight cap
0x7fffffffdf68: 0xf722fe27  -> low a  (allocator)
0x7fffffffdf6c: 0x00007fff  -> hight a
0x7fffffffdf70: 0x00000005 

So in this case the whole object is in stack except the null-terminated string.




Related posts


  1. Hack Tool Apk No Root
  2. Best Hacking Tools 2019
  3. Underground Hacker Sites
  4. Hacking Tools For Beginners
  5. Hacking Tools
  6. Hacker Tools Free
  7. Pentest Tools Tcp Port Scanner
  8. Bluetooth Hacking Tools Kali
  9. Hacker Tools Windows
  10. Hacker Tools Online
  11. Pentest Tools For Ubuntu
  12. Hacking Tools For Games
  13. Best Hacking Tools 2020
  14. Pentest Tools Find Subdomains
  15. Hack Tools For Pc
  16. Pentest Tools Apk
  17. Hack Tools Mac
  18. Hacker Tool Kit
  19. Pentest Tools
  20. Pentest Tools Download
  21. Hacker Tools Apk Download
  22. Hacking Tools Mac
  23. Hack And Tools
  24. Easy Hack Tools
  25. Hacker Tools Linux
  26. Nsa Hack Tools
  27. Hack Rom Tools
  28. Hack Tools For Mac
  29. Beginner Hacker Tools
  30. Termux Hacking Tools 2019
  31. New Hack Tools
  32. Pentest Tools Find Subdomains
  33. Pentest Tools Subdomain
  34. Hacker Tools Windows
  35. Free Pentest Tools For Windows
  36. Install Pentest Tools Ubuntu
  37. Pentest Tools Find Subdomains
  38. Pentest Tools Android
  39. Hacker Tools Free
  40. Hacker Tools Apk Download
  41. New Hacker Tools
  42. Hack Apps
  43. Free Pentest Tools For Windows
  44. Hacker Tool Kit
  45. Hacker Tools List
  46. Hacker Tools Software
  47. Hacking Tools For Mac
  48. Hack Tools Download
  49. Hacker Tools List
  50. Pentest Tools Tcp Port Scanner
  51. Hacker Tools 2020
  52. Hacking Tools And Software
  53. Pentest Tools Linux
  54. Pentest Tools Bluekeep
  55. Hack Rom Tools
  56. Game Hacking
  57. Hacker Tools Github
  58. Pentest Tools Github
  59. Game Hacking
  60. Hacking App
  61. Hacking Tools Pc
  62. Pentest Tools Nmap
  63. Pentest Automation Tools
  64. Pentest Tools Tcp Port Scanner

Sunday, August 30, 2020

How To Install And Config Modlishka Tool - Most Advance Reverse Proxy Phishing

Related word


  1. Termux Hacking Tools 2019
  2. Hacker Security Tools
  3. Hack And Tools
  4. Pentest Tools Tcp Port Scanner
  5. Pentest Tools Online
  6. Nsa Hack Tools Download
  7. Hack Tools Mac
  8. Hackers Toolbox
  9. Game Hacking
  10. How To Hack
  11. Hacking Tools
  12. Bluetooth Hacking Tools Kali
  13. Physical Pentest Tools
  14. Wifi Hacker Tools For Windows
  15. Hacker Tools For Windows
  16. Hacker Tools For Mac
  17. World No 1 Hacker Software
  18. Physical Pentest Tools
  19. Bluetooth Hacking Tools Kali
  20. Pentest Tools Apk
  21. Hack Apps
  22. Pentest Tools Port Scanner
  23. Hacking Tools Github
  24. Hacker Tools For Windows
  25. Pentest Tools Windows
  26. Beginner Hacker Tools
  27. Hacking Tools For Pc
  28. Hacker Tools For Pc
  29. Blackhat Hacker Tools
  30. Hacking Tools Free Download
  31. Hacking Tools For Windows Free Download
  32. What Is Hacking Tools
  33. Pentest Tools List
  34. Hack Tools Github
  35. Nsa Hack Tools
  36. Hack Tools Github
  37. Pentest Tools For Android
  38. Pentest Tools Framework
  39. Hackers Toolbox
  40. Top Pentest Tools
  41. Pentest Tools Download
  42. Hack Tools 2019
  43. Pentest Tools Tcp Port Scanner
  44. Hacking Tools
  45. Hack Website Online Tool
  46. Hacker Tools For Windows
  47. Tools 4 Hack
  48. Pentest Tools Free
  49. Top Pentest Tools
  50. Underground Hacker Sites
  51. Hacker
  52. Pentest Tools Online
  53. Pentest Recon Tools
  54. Hack Tools Mac
  55. Hacking Tools Windows 10
  56. Hacker Techniques Tools And Incident Handling
  57. Pentest Tools Download
  58. Hacking Tools For Mac
  59. Pentest Tools Nmap
  60. What Are Hacking Tools
  61. Hack And Tools
  62. Pentest Tools Nmap
  63. Physical Pentest Tools
  64. Hacks And Tools
  65. Pentest Tools
  66. Hacker Tools Apk Download
  67. Hack And Tools
  68. Pentest Tools For Android
  69. Nsa Hack Tools
  70. Hack Tools Mac
  71. Nsa Hacker Tools
  72. Best Hacking Tools 2020
  73. Pentest Tools Url Fuzzer
  74. Hacker Tools For Windows
  75. Hacker Techniques Tools And Incident Handling
  76. Hacker Tools Apk Download
  77. Pentest Tools Alternative
  78. Pentest Tools Kali Linux
  79. Hack Tool Apk No Root
  80. Pentest Tools Github
  81. Hack Tools Mac
  82. Easy Hack Tools
  83. Hacking Tools 2020

inBINcible Writeup - Golang Binary Reversing

This file is an 32bits elf binary, compiled from go language (i guess ... coded by @nibble_ds ;)
The binary has some debugging symbols, which is very helpful to locate the functions and api calls.

GO source functions:
-  main.main
-  main.function.001

If the binary is executed with no params, it prints "Nope!", the bad guy message.

~/ncn$ ./inbincible 
Nope!

Decompiling the main.main function I saw two things:

1. The Argument validation: Only one 16 bytes long argument is needed, otherwise the execution is finished.

2. The key IF, the decision to dexor and print byte by byte the "Nope!" string OR dexor and print "Yeah!"


The incoming channel will determine the final message.


Dexor and print each byte of the "Nope!" message.


This IF, checks 16 times if the go channel reception value is 0x01, in this case the app show the "Yeah!" message.

Go channels are a kind of thread-safe queue, a channel_send is like a push, and channel_receive is like a pop.

If we fake this IF the 16 times, we got the "Yeah!" message:

(gdb) b *0x8049118
(gdb) commands
>set {char *}0xf7edeef3 = 0x01
>c
>end

(gdb) r 1234567890123456
tarting program: /home/sha0/ncn/inbincible 1234567890123456
...
Yeah!


Ok, but the problem is not in main.main, is main.function.001 who must sent the 0x01 via channel.
This function xors byte by byte the input "1234567890123456" with a byte array xor key, and is compared with another byte array.

=> 0x8049456:       xor    %ebp,%ecx
This xor,  encode the argument with a key byte by byte

The xor key can be dumped from memory but I prefer to use this macro:

(gdb) b *0x8049456
(gdb) commands
>i r  ecx
>c
>end
(gdb) c

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x12 18

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x45 69

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x33 51

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x87 135

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x65 101

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x12 18

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x45 69

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x33 51

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x87 135

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x65 101

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x12 18

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x45 69

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x33 51

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x87 135

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x65 101

Breakpoint 2, 0x08049456 in main.func ()
ecx            0x12 18

The result of the xor will compared with another array byte,  each byte matched, a 0x01 will be sent.

The cmp of the xored argument byte,
will determine if the channel send 0 or 1


(gdb) b *0x0804946a
(gdb) commands
>i r al
>c
>end

At this point we have the byte array used to xor the argument, and the byte array to be compared with, if we provide an input that xored with the first byte array gets the second byte array, the code will send 0x01 by the channel the 16 times.


Now web have:

xorKey=[0x12,0x45,0x33,0x87,0x65,0x12,0x45,0x33,0x87,0x65,0x12,0x45,0x33,0x87,0x65,0x12]

mustGive=[0x55,0x75,0x44,0xb6,0x0b,0x33,0x06,0x03,0xe9,0x02,0x60,0x71,0x47,0xb2,0x44,0x33]


Xor is reversible, then we can get the input needed to dexor to the expected values in order to send 0x1 bytes through the go channel.

>>> x=''
>>> for i in range(len(xorKey)):
...     x+= chr(xorKey[i] ^ mustGive[i])
... 
>>> print x

G0w1n!C0ngr4t5!!


And that's the key :) let's try it:

~/ncn$ ./inbincible 'G0w1n!C0ngr4t5!!'
Yeah!

Got it!! thanx @nibble_ds for this funny crackme, programmed in the great go language. I'm also a golang lover.


More info
  1. Tools 4 Hack
  2. Nsa Hacker Tools
  3. Hacker Tools 2020
  4. Pentest Tools For Windows
  5. New Hacker Tools
  6. Hacker Tools Linux
  7. Hacker Tools Linux
  8. Hacking Tools For Windows Free Download
  9. Hacker Tools List
  10. Hacking Tools For Pc
  11. Hacking Tools Online
  12. Hacking Tools 2020
  13. Hacker Tools Software
  14. Hacking Tools For Games
  15. Pentest Tools Alternative
  16. Hacking Tools For Kali Linux
  17. Pentest Tools Alternative
  18. Blackhat Hacker Tools
  19. Hacker Tools For Mac
  20. Pentest Tools Subdomain
  21. Pentest Tools Android
  22. Pentest Tools Nmap
  23. Hacker Tools Linux
  24. Nsa Hack Tools Download
  25. Hack Rom Tools
  26. Hacker Tools Free Download
  27. Black Hat Hacker Tools
  28. Pentest Tools Port Scanner
  29. Hack And Tools
  30. Hack Tools 2019
  31. Pentest Tools Port Scanner
  32. Black Hat Hacker Tools
  33. Nsa Hacker Tools
  34. Pentest Tools Website
  35. Pentest Tools Windows
  36. Best Pentesting Tools 2018
  37. Growth Hacker Tools
  38. Hacker Tools Windows
  39. Hacking Tools For Games
  40. Hacking Tools Pc
  41. Hacker Tools Apk Download
  42. Underground Hacker Sites
  43. Hacker Tools For Mac
  44. Hack Tools For Pc
  45. Pentest Tools Subdomain
  46. Tools Used For Hacking
  47. Nsa Hack Tools Download
  48. Hacker Tools Free Download
  49. Pentest Tools Port Scanner
  50. Android Hack Tools Github
  51. Easy Hack Tools
  52. What Are Hacking Tools
  53. Hacking Tools Mac
  54. Kik Hack Tools
  55. Hacking Tools Windows
  56. Pentest Tools Bluekeep
  57. Pentest Tools Website Vulnerability
  58. Hacker Tools Linux
  59. Tools Used For Hacking
  60. Pentest Tools Github
  61. Hacker Techniques Tools And Incident Handling
  62. Best Hacking Tools 2019
  63. Easy Hack Tools
  64. Top Pentest Tools
  65. Hacking Tools Software
  66. Kik Hack Tools
  67. Hacker Tools For Mac
  68. Hacking Tools For Pc
  69. Hacking Tools Windows
  70. Hacker Search Tools
  71. Hacker Search Tools
  72. What Are Hacking Tools
  73. Hacking Tools Github
  74. Hacking Tools For Mac
  75. Pentest Tools For Windows
  76. Hacking Tools Windows 10
  77. Hacker
  78. Hack Tools Online
  79. Pentest Tools Framework
  80. Pentest Tools Subdomain
  81. Github Hacking Tools
  82. Pentest Tools For Android
  83. Pentest Tools For Android
  84. Pentest Tools Download
  85. Pentest Tools Linux
  86. Pentest Tools Kali Linux
  87. Hacking Apps
  88. Hacking Tools Pc
  89. Pentest Tools Subdomain
  90. New Hack Tools
  91. Hacker Tools Free
  92. Hacker Tools
  93. Underground Hacker Sites
  94. Pentest Tools Github
  95. Hack Tools Online
  96. Pentest Tools Alternative
  97. Pentest Tools Bluekeep
  98. New Hacker Tools
  99. Pentest Tools Find Subdomains
  100. Hacker Tools Apk Download
  101. Hacking Tools Online
  102. Hacker
  103. Pentest Automation Tools
  104. Hacker Tools Mac
  105. Hack Tools
  106. Nsa Hack Tools Download
  107. New Hack Tools
  108. Pentest Automation Tools
  109. Hack Tools Mac
  110. Termux Hacking Tools 2019
  111. Hacking Tools Mac
  112. Hacking Tools Mac
  113. Hack Tools Download
  114. Hack Tools Online
  115. Hacking Tools Online
  116. Free Pentest Tools For Windows
  117. Hacker Tools
  118. Pentest Automation Tools
  119. Pentest Tools Find Subdomains
  120. Hacking Tools For Windows 7
  121. Hacking Tools For Kali Linux
  122. Pentest Tools Website Vulnerability
  123. Top Pentest Tools
  124. Hack Tools For Ubuntu
  125. Usb Pentest Tools
  126. Pentest Tools Tcp Port Scanner
  127. Hacker Tools Software
  128. Hacking Tools For Games
  129. Growth Hacker Tools
  130. Hack Tools
  131. Hack Tools For Mac
  132. Pentest Tools Bluekeep
  133. Usb Pentest Tools
  134. Hacking Tools For Windows
  135. Github Hacking Tools
  136. Computer Hacker
  137. Hacker Tools List
  138. Hacking Tools Windows 10
  139. How To Install Pentest Tools In Ubuntu
  140. Hack Tools For Pc
  141. Hak5 Tools
  142. Hacking Tools Github
  143. Hacking Tools Windows 10
  144. Nsa Hacker Tools
  145. Hacking Tools For Windows Free Download
  146. Hack Tools For Windows
  147. Pentest Tools Bluekeep
  148. Hack Apps
  149. Pentest Tools Kali Linux
  150. Pentest Automation Tools
  151. Hack Tools For Mac
  152. Pentest Recon Tools
  153. Bluetooth Hacking Tools Kali
  154. How To Make Hacking Tools
  155. Hacker Tools For Pc
  156. Pentest Tools Nmap
  157. Hack Rom Tools
  158. Hacker Tools Mac