Super Adventures is finally back, a little later than planned. That's partly because my internet broke, partly because I've been really busy, and partly because even looking through all the games in this new itch.io bundle took forever:
There's 742100014271509... at least 1637 DRM free games, asset packs, books, soundtracks, tools, etc. in it! It's like one of those 1000+ game compilation CDs they used to make, except here it's not just stuff you've never heard of.
It includes games like Celeste,Nuclear Throne, Pyre, Receiver, Cook Serve Delicious 2,Heavy Bullets, Minit, A Short Hike, Night in the Woods, Glittermitten Grove, Jimmy and the Pulsating Mass, Paranautical Activity, Oxenfree, Pikuniku, 2064: Read Only Memories, Super Win the Game, Octodad: Dadliest Catch and They Bleed Pixels. Not saying that I played any of those ones specifically for this article, but they're in there. I already wrote about They Bleed Pixels a while back though, it's good. Minit too.
I've been meaning to write about some of the games you can find on itch.io for ages, so I'm glad this is finally motivating me to do something. Speaking of motivating people to finally do things, it's also raised $5,000,000 (so far) for the NAACP Legal Defense and Educational Fund, and Community Bail Fund to help support the Black Lives Matter movement in their efforts to get things moving. So if I sound like I'm trying to advertise this bundle and persuade you to donate money to get it, that's because I am.
But that means I have to get this written and published while the bundle's still for sale, so I'm feeling a little bit rushed here! I did the maths, and it turns out I don't have time to download, play and review 900 or so games, so I've narrowed it down to 7. I don't have time to properly play and review them either to be honest, but I can definitely give you some hastily typed words about the 30 minutes I tried them for. Plus I've got a bonus review from a friend to show off an extra game and boost the word count a little, so you've got that to look forward to as well.
I hopped back on CoC for an Oblivion Campaign with a friend of mine partially in anticipation of the new Convergence CID and partially because the Void Archon should be here next week. It's honestly been a lot of fun with some good back and forth thus far. We're officially half way through the campaign and I'm looking forward to every time we get to play.
Much to my surprise, the CoC CID is going to start in less than a week (Nov 4th), and yesterday we were treated to an extended Dev Chat where they showed off artwork and gave some rules previews.
You can watch the video on YouTube here.
I posted a summary of the Dev Chat on the Convergence Facebook group you can check out here, but honestly watch the video those guys are great.
Because I'm not a patient man and because wild speculation is fun as hell I wanted to write about what possibilities have me the most excited and the few places where I'm a bit worried.
The Tesselator "SHOTS! SHOTS! SHOTS!" – Lil Jon
Two Guns, Range 10, POW 12, Volume Fire (+1 Hit and Damage vs. Med Base, +2 for Large/Huge bases), Reload 1 on each gun. Flight.
Can you imagine Orion's feat turn with a swarm of these? It will simply gun down entire units worth of models, including things like Satyxis Raiders. Oh and vs. huge bases it's easy to get this thing to POW16.
The only weakness is that it's not a spray, so range limiting abilities will apply to it, making it as sad into Kruger2, Old Witch2/3 and a few other bits. Still, if it's fast then this can be mitigated.
We don't know it's points cost yet, which will be a big deal on what this model can really do.
Asphyxious 4 "The Most Interesting Robot in the World"
Do you like taking damage buffs and/or a melee beater in ranged focused lists? Because Gaspy4 will do that for you!
Gaspy is in Convergence and he brings Dark Shroud to everything in his battlegroup. He can take Cryx(!), Merc, or CoC jacks.He also has his Iron Litch stats with DEF 15, ARM 17, and 18 Boxes with 5 focus, with the ability to claim souls to get even more focus.
Many casters in Convergence can bring a +2 damage buff for jacks, and Gaspy probably brings a more reliable Dark Shroud application than taking a Void Archon. As such it seems almost trivial to swing +4 damage on a target.
What's better is that he gives Bloodthirsty to all construct models in his command range, extending the threat of jacks and infantry alike vs. living models. So he brings a conditional speed up and a damage buff to Convergence, plus whatever the other two spells are on his card (it's revealed he has Caustic Mist clouds).
Gaspy has always had MAT 6 and RAT 3 and my guess is that will stay to keep him reasonable and to not make an obvious melee addition able to effectively run ranged vectors.
While he is being added to Clockwork Legions and the new Strange Bedfellows themes he's the only Mercenary unit Convergence can take, so he's easily available in Destruction Initiative without sacrificing your Merc solo option. He will be expensive at 14 points PLUS taking a jack, but honestly 1 or 2 Stalkers with him seems like the de-facto standard, though there definitely seems to be a case for taking some other Cryx heavies or even Merc Heavies that can do ranged roles if you want them.
Stalkers just to apply Dark Shroud reliably from a million miles away just seem incredibly obvious and it's not hard to get them up to PS16 with Blessed and Grievous Wounds, and they have extended control, meaning they can be up to 20" from Gaspy.
Imagine Orion with a bunch of the Tesselators and other jacks, with Gaspy providing Stalkers for applying Dark Shroud when the melee gets joined, or to apply Dark Shroud to a huge base, further buffing our ranged output. Heck if you want to go the Assimilator route, you can apply the +2 damage to any target.
Still, Gaspy4 with just a single Stalker would cost 22 points, likely 30 points with two stalkers. That's not a cheap package, but it seems like it could seriously add a ton of value.
Nemo4 "Look at what they've done to my boy" - Hungerford
We know a bit less on the specifics of Nemo4 beyond the fact that he's a Protoss Looking Battle Engine with 30 damage boxes, a good gun, and the ability to take Cygnar, Merc, and CoC jacks.
So why am I excited? Well Nemo1, 2, and -1 (the alt CoC caster) were all MAT 5 RAT 5, Nemo3 was MAT 5 RAT 6. I'm guessing Nemo4 will probably be MAT 5 and RAT 5, making him very likely to focus on bringing ranged jacks to CoC lists that don't want to take ranged heavies in the Battlegroup because the caster has a low RAT: Axis and Lucant, I'm looking at you.
That's not all he's good for, there are certainly some other jacks that may be interesting from Cygnar that immediately come to mind: A Centurion in a Lucant list seems really rough to deal with on Feat turn, and then there are all the ranged lights in Cygnar.
Nemo will have limited applications because he will only be in Destruction Initiative and Strange Bedfellows with no ability to get him into Clockwork Legions.
Still, I can see applications for wanting to take him in an Axis DI list where he'd support some TEP's, putting out serious firepower and not being able to be charged.
Negator "Well Damn"
6 Points, two Initials, flight and "fast", and POW 11 with Flank: Negator
Um, yes please. This thing can easily get itself up to POW 15 or 16. Taking a literal swarm with the new Syntherion setup seems like it could be utterly devastating. I'm having a hard time identifying what caster wouldn't be strong with this. Flank on jacks gets silly and this thing is 6 points. That's two for Requisition options in Clockwork Legions after you take a Corollary, and then you start filling up jack points. I do want to see the rest of the rules but this just seems incredibly powerful based on what we know.
Debbie Downer Time
I have some mild concerns that there will be a few Legacy models left behind in the CID, though I hope that bringing this up will have a few simple changes be addressed:
No Pathfinder out for our Infantry
CoC has two casters that can actually solve Pathfinder issues for our infantry: Aurora 1 and Axis. Neither of them really help protect the rather expensive Enigma Foundry package we need to keep our infantry running.I'm hoping that the Transverse Enumerator will get Pathfinder as an option to give out turn to turn. They are FA:3 so they limit the ability to spam it everywhere, and it gives a reason to take the UA that largely gets ignored a lot these days.
Primarily this just lets us play infantry in a variety of casters that would otherwise get ignored and it requires a tax to take it. It's an easy way to open up new options in list design for a limited faction that doesn't appear to really break anything by allowing up to 3 units to be able to pay for the ability to get Pathfinder.
Modulator Guns
Most of the new electric guns are coming in at POW12 base, which means the Conflux can up the damage to POW14 with some hoops and well, a 33 point conflux. The Modulator being taken up to POW12 base would be a real quality of life improvement, especially since the new Tesselator starts at that and brings more shots at only 1" shorter range. We still don't know point costs for the Tesselator so this could just be moot, but I'd love to see the Modulator get a bit of a boost while keeping it's value at 10 points.
Conclusions Monday is going to be awesome, I can't wait to see all the new rules. I intend to get playtest games in as well as post at least the Pathfinder concern above in the general feedback group Overall I'm stoked to see what can be done and I'm trusting the process to get us what looks like will be awesome releases.
In this episode I talk with Greg aka SoulBlazer from the SNES Podcast and the Playstation Power Podcast. He helped establish NES game rentals in the video store that his mother managed in the 80s and 90s. It's a fun interview and I hope that you enjoy it. As always, I thank you for listening.
The photo used as the artwork was found on Roger Ebert's web site without a photographer credit. Please don't sue.
Today makes 4 days before we have to be out of our old home and in our first ever house that we will own! This meant a LOT of moving today and even more tomorrow as our goal is to be out and sleeping in our new home by tomorrow night!
So with all of this in mind, please understand the reasons for me repeatedly playing all these app games. I will get to physical games as soon as I am able but currently our new house is so small that we can't even fit a kitchen table in there, lol.
Today for the #2019gameaday challenge I played another game of Zombie in my pocket and ALMOST walked away with a win but at the last second I ran out of time and all was lost.
It really is a fun game and I love that its just as easy to win as it is to lose!
As always, thank you for reading and don't forget to stop and smell the meeples! :)
This post is going to be a rather strange post compared to previous ones. But bear with me, in the middle of the post you will see why this post fits the IT security topic.
I'm also terribly sorry for not posting recently, but I was busy with my SPSE and SLAE certification. Both are recommended for Python and Assembly noobs like me. But back to this post.
A little bit of history
Cheating in games started as help for game testers. By using invincibility or infinite ammo testers were able to test the game quicker, which meant less money spent on testing. I personally use cheat codes in games, depending on my mood. Sometimes it feels good to slash all the opponents while I'm invincible, sometimes it is more fun to play the game without cheats. One can argue whether cheating in games is OK or not, but I believe it depends, there is no black or white. But one thing is for sure, it is part of the gaming industry. There is huge demand for cheats. There were even cheat books printed on paper...
The different types of cheats (on PC)
There are different types of cheats in PC gaming. Following is a noncomplete list of these cheats:
Cheat codes
The good old IDDQD type of cheats. These are left in the game by the developers intentionally. Nothing interesting here.
Edit memory
This is my favorite. I will talk about this at the end of the post. Whenever a user launches a new program, the program's whole memory is accessible (read/write) to every other program launched by the user. And since the memory stores the current game state (health, ammo, armor, etc.), these values can be changed easily. In the good old times, there were POKE commands to do this cheats, and the memory address to write into was published by people who found where the game stores the most critical states about the game.
Code injection
This is like patching the game code. For example, one can change the "DEC (pointer to your current health)" instruction with NOP (do nothing), thus becoming invincible. In multi-player cheats, there is the aimbot to help you aim at enemies, wallhack to see through the wall, increase hitbox of the enemy for smoother hit, or in MMORPGs, one can write macros to collect items while the player is not online. I would say the so-called "trainers" more or less fit into this category and the previous one.
Saved game editor
The first time a kid meets a hex-editor (just like the co-author of this blog did with SIM City when he was 10 years old - David). It can teach a lot about file structures, the hexadecimal numeral system, etc. Fun times.
Hacking game server
Not very common, but even more fun. Warning: endless trolling possibilities in multi-player games ahead :) How to hack a game server? Well, I think this might deserve another full blog post ...
Network traffic hacking
One last necessary type of cheating is to modify network traffic between the client and the game server. AFAIK SSL is not universal in gaming, so stunnel is not needed for this hack, but ettercap can help in changing the communication.
Why cheating becomes more critical (and challenging)?
Now in the age of in-app-payments, the game creators are no longer thinking about cheats as funny things but something to be destroyed to the ground. Because cheating decreases its revenue. Or not. At least they think it does. To quote Wikipedia here, "cheating in such games is nonetheless a legal grey area because there are no laws against modifying software which is already owned, as detailed in the Digital Millennium Copyright Act."
A lot of online games include anti-cheating components like PunkBuster, nProtect GameGuard, or Valve Anti-Cheat. This whole cheating/anti-cheating industry is the same as the virus/anti-virus industry. A cat and mouse game.
Freemium games
If you have not played with "freemium" games, you should watch South Park season 18, episode 6. - "Freemium Isn't Free." If you did play with freemium games, you definitely have to watch it :) There are many problems with freemium games. It is free to install, free to play. The first 3-4 hours might be fun to play. But after that, it turns out it is impossible to advance in the game without paying money for it. And by spending cash, I mean spending a LOT! Let's have a look at today's example, an arcade racing video game.
For 99.99 USD, you can get 3 000 000 credit. For almost double the price of a new PC game, you can get these credits. In this particular game, I estimate one have to play ~6-24 hours constantly to get this amount of credit. But by playing ~6 hours, I mean 6 hours without progress in the game! Kind of boring. And what do you get from 3 000 000 credit? You can buy one of the most expensive cars, but can't tune them fully. You have to play more (without progress) or buy more. But guess what, there are more cars you can't buy by only playing the game. Those are only available via in-app-purchase.
Even though the player has 58 765 533 credits, it is not possible to buy this car. Only available through real money.
So, what are your possibilities? You are either Richie Rich, and can afford the money to buy these. Or you can be insane, and try to play the game without in-app-purchase. Or give up the game and try another freemium ... Or, you can try to hack the game!
Hack all the freemium games!
Although I was not playing this racing game from day one, I was able to witness the evolution of the cheats against this game. The cheats which worked in one day was not working one month later. The game is continuously updated to defeat the newly published cheats.
Noob start
So, I want to hack this game, what is the first thing a noob like me does? Bing it! Google it!
From the first page result, let's check this tool:
While trying to download that, I just have to give my email address to spammers, or my mobile number will be subscribed to premium rate text messages. What fun.
Another "cheat" program will install malware/adware on your computer. Never ever try these programs. They are fake 99% of the time and after installing those you will have another problem, not just how to hack freemium games.
Beginners start - Cheat engine
When I first heard about hacking games in memory, I visualized hours of OllyDBG/ImmunityDBG/(insert your favorite Windows debugger here). It turned out, there are some specialized tools to help you with cheating the game. No assembly knowledge required. My favourite tool is CheatEngine. I highly recommend to download it and spend 10 minutes to get past the built-in tutorial levels to get a feeling about this tool. It's super duper awesome.
When I first tried to hack this game myself, I scanned the memory for my actual credit and tried to change that, no luck. Keep reading, you will see what happened.
Start the game, play the first level, and check how many credits is paid for winning the race. Pro tip: use dual display for full-screen game cheating.
Restart the same level, attach Cheat Engine to the game's process
Scan the memory for the same value at the beginning of the race
Scan the memory for the same value at the end of the game. The intersect of the first and second scan includes the real value where the credit is stored for winning the race.
Change the values (both the real one and some false positives) to something big
Watch the game to crash
Be amazed at the money you received
Nowadays, most of the cheats on YouTube does not work. Except for these kind of cheats. I don't want to recreate that tutorial, so you should watch it first then come back.
Are you back? Great. Do you have any idea what have you just seen? No? Well, in this case, don't try this at home. Copy-pasting assembly code from random internet posts and running on your computer is always a bad idea. It is precisely as risky as downloading free programs from random internet sites.
Although I have not seen people trolling others with this cheat engine type of shellcode, I think the time will come when these will be turned into something terrible. These shellcodes might work, or might harm your computer. The good news is, we can have a look at the code and analyze it.
When you open CheatEngine and try to define a new custom type, you are greeted with a skeleton assembly code. I don't want to detail what all the skeleton code does, let's just focus on the difference between the skeleton code and the code used in the video. This is the "decrypt function":
xor eax, 0baadf00d rol eax, 0e
What does it mean? The actual credit is encrypted in memory. If you want to scan it in memory, you won't be able to find it. But! The encryption is rotating the value to the right (ROR) with 0xE (14 in decimal), and after that, it is XOR-ed with 0xbaadf00d. Decrypting it is the inverse of the functions in reverse order (in this particular case, the order does not matter, but that's not the point). The inverse function of XOR is XOR, and the inverse function of ROR (rotate right) is ROL (rotate left). Now that we analyzed the assembly code, we can be sure that it is safe to execute. Just follow the video and see your coins falling from the sky. For free. In a freemium game. Have fun!
Encrypt memory - applications at financial institutions
Another exciting thing is that I don't recall any thick client applications in the financial industry encrypting the values in memory. And I agree, there are more significant problems with thick client applications than not encrypting the essential values in memory. But still, some thick client applications are regularly updated, maintained. Maybe it is a good idea to encrypt the values in memory. It will make attackers' life harder. Not impossible, but harder. Perhaps the developers of these applications should learn from the gaming industry (or from malware developers for that matter) because it is a shame that an arcade racing game or an FPS is protected better than an application responsible for transacting millions of dollars. Just think about the RAM scraping malware stealing millions of credit card data ...
Moral of the story
Cheating is part of the gaming history, and the freemium games are trying to take away the cheats from the gamers because they want money. Thanks to CheatEngine and some clever hacks, these programs can be still beaten. And guess what, there is CheatEngine for Android - although it did not work for me on the latest Android. And sometimes, hacking all kinds of applications can be more comfortable with CheatEngine, compared to traditional debuggers.
Also, always check the code before executing it! And when you find something cool, publish it, so everyone could enjoy the games!
How do I get started with bug bounty hunting? How do I improve my skills?
These are some simple steps that every bug bounty hunter can use to get started and improve their skills:
Learn to make it; then break it! A major chunk of the hacker's mindset consists of wanting to learn more. In order to really exploit issues and discover further potential vulnerabilities, hackers are encouraged to learn to build what they are targeting. By doing this, there is a greater likelihood that hacker will understand the component being targeted and where most issues appear. For example, when people ask me how to take over a sub-domain, I make sure they understand the Domain Name System (DNS) first and let them set up their own website to play around attempting to "claim" that domain.
Read books. Lots of books. One way to get better is by reading fellow hunters' and hackers' write-ups. Follow /r/netsec and Twitter for fantastic write-ups ranging from a variety of security-related topics that will not only motivate you but help you improve. For a list of good books to read, please refer to "What books should I read?".
Join discussions and ask questions. As you may be aware, the information security community is full of interesting discussions ranging from breaches to surveillance, and further. The bug bounty community consists of hunters, security analysts, and platform staff helping one and another get better at what they do. There are two very popular bug bounty forums: Bug Bounty Forum and Bug Bounty World.
Participate in open source projects; learn to code. Go to https://github.com/explore or https://gitlab.com/explore/projects and pick a project to contribute to. By doing so you will improve your general coding and communication skills. On top of that, read https://learnpythonthehardway.org/ and https://linuxjourney.com/.
Help others. If you can teach it, you have mastered it. Once you discover something new and believe others would benefit from learning about your discovery, publish a write-up about it. Not only will you help others, you will learn to really master the topic because you can actually explain it properly.
Smile when you get feedback and use it to your advantage. The bug bounty community is full of people wanting to help others so do not be surprised if someone gives you some constructive feedback about your work. Learn from your mistakes and in doing so use it to your advantage. I have a little physical notebook where I keep track of the little things that I learnt during the day and the feedback that people gave me.
Learn to approach a target. The first step when approaching a target is always going to be reconnaissance — preliminary gathering of information about the target. If the target is a web application, start by browsing around like a normal user and get to know the website's purpose. Then you can start enumerating endpoints such as sub-domains, ports and web paths.
A woodsman was once asked, "What would you do if you had just five minutes to chop down a tree?" He answered, "I would spend the first two and a half minutes sharpening my axe." As you progress, you will start to notice patterns and find yourself refining your hunting methodology. You will probably also start automating a lot of the repetitive tasks.
