liveoverflow / liveoverflow_youtube Goto Github PK

View Code? Open in Web Editor NEW

499.0 499.0 213.0 13 KB

Material for the YouTube series

C 82.74% Python 13.11% Makefile 4.15%

liveoverflow_youtube's People

Contributors

Stargazers

Watchers

Forkers

sahirk coder03 heefan h33raj ulrich29 fcontreras18 xdlok fifijensen dp3496 flexing sparklingness mrmugiwara bazzi1991 mahdifox demonsec666 esc0rtd3w bronxc gitluky evgenisabev gr1zly-coder nikhithx86 singla007 viveikyadav grepsecurity rmehta33 gamer199 fatalerrorxdevs tritoke dr4gger demonknight94 caioluders wllidr jmkvcc17 chobot8 ic17b087 insideus dexter-morgan seunghwan82 vivek2411 rhoughton ryanbard yssource keme12 naivenom unstern rjsu26 vekbui96 abelychang codgi farazmurtaza polyfish0 manishpatel836 attackgithub shresthabijay qsdev bllgg shogunishere xmahbub patmacmillan bochen2027 ajocelynpatrick s-sebastian-devops 95adityajain sagaroffsec shiningwhitetee rajdip34 renel1 nsfalex mrvxjhn davidshacklett utkuyurter l9sk bhagat9198 kudakz potentbean sid1527 sergioro9 irislipata exptra ananthuhari syedadzha periperidip desire0 dan-osul dbeee janette88 zandry edwinboos waitti-long amm123 lcxiv pharaoh1 maggiedcon anibilthare kaki-epithesi rafaelbernabeu chanpu9 usernamedark shantanu28sharma dannycerongarcia

liveoverflow_youtube's Issues

license_1.c

When i follow the youtube video (https://www.youtube.com/watch?v=3NTXFUxcKPc&t=8s), my gdb segfaults when i try to run the program after i set the breakpoint.

Basically I type "gdb license_1" in Terminal and it opens the program, pretty much everything is fine up to this point. Then I follow the instructions until I have to type "run". So I type it and run it and then gets some wired error that says "cannot execute: Permission Denied, During startup program exited with code 126". So please can you help me?

Avoid the long folder name

Hi,
I'd like to suggest you that please try to use short names for the folders, sometimes by the resolution of my laptop ( 10.1" ) and a single monitor configuration in my desktop looks difficult to me, it's just a wish for me and maybe others, you could use standard rules for the folders ej youtubechapter_subfolder.

Take the folder 0x05_simple_crackme_intro_assembler as an example, after standarize that it would look like this :

heticor915RE@devilmachine ~/LiveOverflow/0x05$
heticor915RE@devilmachine ~/LiveOverflow/0x06_1$
heticor915RE@devilmachine ~/LiveOverflow/0x07$
heticor915RE@devilmachine ~/LiveOverflow/0x07_09$

Regards,
Hector.
Keep up the good work.

Python Error

When I run program i got this

how to fix it?

Pwn Adventure 3 Fly Not Working Issue

Hi LiveOverflow I saw your latest Pwn Adventure 3 video and saw that you didn't quite get the Fly cheat you wanted working even with the help of another youtuber.

So I decided to give it a go as well and today I reached the solution!

I also then converted it to a cheat engine auto assembler script using pure code injection (instead of dll injection) just for fun.

See my repo here: https://github.com/RetroGamesEngineer/LOPWN

The .cpp and .h file for the cpp version... or the .cea for the cheat engine asm version
Or a directly copy and paste-able version below.

Yea perhaps it can be vectorized to make it a bit faster by adding or multiplying to multiple values at once, and/or using a faster sin & cos than built into x86 fsincos instruction but it's really not necessary as it's fast enough for these purposes.

Copy and paste-able directly into CE's CheatTable list:

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>11</ID>
      <Description>"Pwn Fly"</Description>
      <LastState/>
      <VariableType>Auto Assembler Script</VariableType>
      <AssemblerScript>[enable]
//RetroGamesEngineer on github (C) 2019
alloc(FlyThread,$1000)
registersymbol(FlyThread)
createthread(FlyThreadStart)

define(VK_F1,70) //Toggle on/off
define(VK_MBUTTON,4) //Trigger Flying

struct rot
pitch: dd ?
yaw: dd ?
pitchcos: dd ?
pitchsin: dd ?
yawcos: dd ?
yawsin: dd ?
endstruct

struct vec3
x: dd ?
y: dd ?
z: dd ?
endstruct

FlyThread:
label(NewPlayerPosition) //Forcing good alignment for NewPlayerPosition (so movaps works fine)
NewPlayerPosition:
dd 0 0 0 0
label(FlyEnabled)
FlyEnabled:
dd 1
label(FlyActive)
FlyActive:
dd 0
label(FlySpeed)
FlySpeed:
dd (float)33.33

label(FlyThreadStart)
FlyThreadStart:
push 1
call Sleep
//Get Pointers on initially starting thread before proceeding to main loop
//"PitchYaw","[[[[[['GameLogic.dll']+97d80]+58]+1cc]+294]+2a0]"
mov eax,[GameLogic.Game] //Same as
//mov eax,["GameLogic.dll"+97d80] // &lt;--
test eax,eax
je @b
mov eax,[eax+58]
test eax,eax
je @b
mov eax,[eax+1cc]
test eax,eax
je @b
mov eax,[eax+294]
test eax,eax
je @b
lea eax,[eax+2a0]
mov [PitchYawPointer],eax
//"PlayerPosition","[[[[[['GameLogic.dll']+97d7c]+1c]+4]+114]+90]"
mov eax,[GameLogic.GameWorld] //Same as
//mov eax,["GameLogic.dll"+97d7c] &lt;--
test eax,eax
je @b
mov eax,[eax+1c]
test eax,eax
je @b
mov eax,[eax+4]
test eax,eax
je @b
mov eax,[eax+114]
test eax,eax
je @b
lea eax,[eax+90]
mov [PlayerPositionPointer],eax

label(FlyThreadLoop)
FlyThreadLoop:
push 1
call Sleep
cmp [FlyEnabled],0 //Exit thread upon disabling
je FlyThreadExit
push VK_F1
call GetAsyncKeyState
and ax,8000
je @f
xor [FlyActive],1 //Toggle Fly on/off
push #337
call Sleep
@@:
cmp [FlyActive],1 //Only Fly if activated
jne FlyThreadLoop
push VK_MBUTTON  //And Middle Mouse Button is pressed
call GetAsyncKeyState
and ax,8000
je FlyThreadLoop

mov eax,[PitchYawPointer]
mov edx,PitchYaw
//Get pitch sin &amp; cos
fld dword [eax+pitch]
fmul dword [PI_divided_by_180] //Degrees to radians
fsincos
fstp dword [edx+pitchcos]
fstp dword [edx+pitchsin]
//Get yaw sin &amp; cos
fld dword [eax+yaw]
fsub dword [Ninety] //rot.yaw - 90.0f
fmul dword [PI_divided_by_180] //Degrees to radians
fsincos
fstp dword [edx+yawcos]
fstp dword [edx+yawsin]

mov ebx,[PlayerPositionPointer]
mov ecx,NewPlayerPosition
//Calculate new x coordinate
xorps xmm0,xmm0
subss xmm0,[edx+yawsin]   // -(sinf(DegreesToRadians(rot.yaw-90.0f)))
mulss xmm0,[edx+pitchcos] // * cosf(DegreesToRadians(rot.pitch)
mulss xmm0,[FlySpeed]     // * FlySpeed
addss xmm0,[ebx+x]        // + PlayerPosition.x ==
movss [ecx+x],xmm0        //Store in NewPlayerPosition.x
//Calculate new y coordinate
movss xmm0,[edx+yawcos]   // cosf(DegreesToRadians(rot.yaw-90.0f)
mulss xmm0,[edx+pitchcos] // * cosf(DegreesToRadians(rot.pitch)
mulss xmm0,[FlySpeed]     // * FlySpeed
addss xmm0,[ebx+y]        // + PlayerPosition.y ==
movss [ecx+y],xmm0        //Store in NewPlayerPosition.y
//Calculate new z coordinate
movss xmm0,[edx+pitchsin] // sinf(DegreesToRadians(rot.pitch))
mulss xmm0,[FlySpeed]     // * FlySpeed
addss xmm0,[ebx+z]        // + PlayerPosition.z ==
movss [ecx+z],xmm0        //Store in NewPlayerPosition.z

//Write new player position to current player position! :)
movaps xmm0,[ecx]
movaps [ebx],xmm0
jmp FlyThreadLoop

label(FlyThreadExit)
FlyThreadExit:
ret

label(PI_divided_by_180)
PI_divided_by_180:
dd (float)0.0174532

label(Ninety)
Ninety:
dd (float)90.0

label(PitchYaw)
PitchYaw:
dd 0 0 0 0 0 0

label(PitchYawPointer)
PitchYawPointer:
dd 0

label(PlayerPositionPointer)
PlayerPositionPointer:
dd 0

[disable]

FlyThread+10: //Causes FlyThread to exit
dd 0

unregistersymbol(FlyThread)
</AssemblerScript>
      <CheatEntries>
        <CheatEntry>
          <ID>13</ID>
          <Description>"NewPlayerPosition.x"</Description>
          <VariableType>Float</VariableType>
          <Address>FlyThread</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>14</ID>
          <Description>"NewPlayerPosition.y"</Description>
          <VariableType>Float</VariableType>
          <Address>FlyThread+4</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>15</ID>
          <Description>"NewPlayerPosition.z"</Description>
          <VariableType>Float</VariableType>
          <Address>FlyThread+8</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>16</ID>
          <Description>"FlyEnabled"</Description>
          <VariableType>4 Bytes</VariableType>
          <Address>FlyThread+10</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>17</ID>
          <Description>"FlyActive"</Description>
          <VariableType>4 Bytes</VariableType>
          <Address>FlyThread+14</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>18</ID>
          <Description>"FlySpeed"</Description>
          <VariableType>Float</VariableType>
          <Address>FlyThread+18</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>

Opening 0x07/0x08 "unbreakable" in radare2

How? I modified it to hang for a second at the end, so i have time to quickly ^Z it away, and:

sudo gdb
attach <process>

That got gdb attached (with debug symbols & everything)
Then, i used vmmap to get its mappings and found that the layout is something like this:

<asdf+0> (one page)
nothing (one page)
<asdf+0> (one page)
<asdf+0x1000> (one page)

So i used nasm to get an object that looks ok similar:

incbin "asdf"
resb 1024
incbin "asdf"
incbin "asdf"

And ran: nasm embed.s -felf64 -o asdf-fake.o
To my surpries, asdf-fake.o was good enough for radare and i was able to open it.
But there were no symbols (they were left alone in the cold with gdb). After analyzing it i did s <TAB> <TAB> and found some functions radare2 found:

[0x08000180]> s 
rax                 rbx                 rcx                 rdx                 rsi                 rdi                 r8                  
r9                  r10                 r11                 r12                 r13                 r14                 r15                 
rflags              rbp                 rsp                 section.            segment.ehdr        section..text       sym..text           
rip                 fcn.08000718        fcn.08000740        fcn.08000750        fcn.08000760        fcn.08000770        fcn.08000780        
fcn.080007c0        fcn.08000861        fcn.08000890        fcn.0800089a        fcn.08002c08        fcn.08002c30        fcn.08002c40        
fcn.08002c50        fcn.08002c60        fcn.08002c70        fcn.08002cb0        fcn.08002d51        fcn.08002d80        fcn.08002d8a        
fcn.08004cf8        fcn.08004d20        fcn.08004d30        fcn.08004d40        fcn.08004d50        fcn.08004d60        fcn.08004da0        
fcn.08004e41        fcn.08004e70        fcn.08004e7a        section..shstrtab   section..symtab     section..strtab

So i had a look at the first function, fcn.08000718. It was a small leaf function which looked very much like PLT handler. It had a code XREF from fcn.0800089a
What is that? main.
So that wasn't too hard...

brute_cookie.c

first include in the file is missing the characters "#i", might be confusing for beginners.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.