Archive for category Reverse Engineering

Old School Game: Reuinion (and a Saved Game Editor)

Posted by eric in Gaming, General Software, Reverse Engineering, Reviews on June 9, 2009

Reunion Title Screen

Reunion Title Screen

Does anyone else remember playing Reunion back on their 386’s with a staggering 2MB of RAM? Lord knows I remember!

Reunion came out over fifteen years ago and I still feel the urge to play it now and then even today. It’s a great game and can be downloaded from many abandonawre sites across the internet.

I started playing again recently using DOSBox and I was amazed, because I didn’t even know the game had sound! :) When I played “back in the day”, my system didn’t have a Sound Card (because I couldn’t afford a Creative AWE32), so needless to say it was a whole different experience. The game has a fantastic production value and even when modern development languages, I’m not sure that even I’d be able to create a game of such depth a complexity!

Anywho, I began to get frustrated because I knew there were parts of the game I was missing because I couldn’t meet certain goals or didn’t have enough resources. Granted, I should have spent the time perfecting the game and working towards those achievements….. but it’s an old game and I don’t have as much free time as I did when I was thirteen years old :P

To that end, I sat down and studied the Save Game format for a while and also the (paltry) Save Editor that was included in the Abandonware version. I knew I could come up with something better that gives me even more options in the game. It took me a couple hours but I was able to come up with a pretty functional Saved Game Editor for Reunion that works around a couple glitches the previous version had.

I know, I’m a total cheater but it was a fun little project and I figure perhaps ONE person on the entirety of the Internet must need something like this as well, so I figure I’d throw it out there for anyone who needs it :)

Reunion Saved Game EditorDownload (92kb)

, , , , ,

No Comments

.NET StringBuilder — Fast, but not as fast as you think!

Posted by eric in C# Programming, General Programming, Microsoft .NET 3.0 / WinFX, Reverse Engineering on May 28, 2009

I recently ran into a situation where I was tasked to profile some .NET code and do some optimizations anywhere hot spots popped up. I was amazed to find out that one of the BIGGEST offenders in our code block was a simple call to StringBuilder.Append(char). I had to take a step back and scratch my head and wonder if my profiler was confused.

I re-ran some tests using the StopWatch class to hard code some metrics into the application and they also confirmed the findings. What’s up? How could a class that everyone says you can use to your hearts content when it came to string concatenation was failing me?

Turns out, it was a mix of misuse and a common misconception about the StringBuilder Class.

Read the rest of this entry »

, , , , , , , , ,

1 Comment

To All BBS Software Authors – Please Donate Your Artwork To The People!

Posted by eric in General Software, Reverse Engineering on January 29, 2008

I’m a child of the BBS generation. Well, to be fair to all the grey beards out there, I’m a child of the late BBS generation (1993-1998). I have many, many fond memories of my favorite door games, FidoNet threads and meet-ups.

I frequented a local BBS here in San Diego, California called Dream Net. Dream Net ran a multi-line BBS software called MajorBBS and was sysoped by Blondie (Tara) and Reep (George). What made Dream Net so great is that being multi-lined allowed it to host some of the first great MUD’s such as MajorMUD and my personal favorite, Tele-Arena. Other great multi-user games included TradeWars 2002, Farwest Trivia and T-LORD (Tournament LORD, which was a version of Legend of the Red Dragon for MajorBBS).

Now over fifteen years later, BBS’s are all but dead. Those of us who used them try and contact old friends using sites like BBSMates.com. People have put out documentarties and books on the BBS culture and lamenting of those days when carrier signals screamed from little boxes. I believe as a whole the remaining BBS community is very co-operative in trying to preserve their past and makes sure the software, which easily qualifies as abandonware, doesn’t fall victim to the cyber ether to be lost forever on a floppy disk in a closet somewhere. A great example of this effort is The MajorBBS Restoration Project.

The MajorBS Restoration Project is a group of people ranging from hardcore software developers to enthusiasts looking to preserve and restore everything relating to the MajorBBS bulletin board software and related software. One thing people are running into is the legality and morality of using ‘pirated’ copies of software that is no longer for sale or the parent companies no longer exist. I have found myself in the same situation and began to dabble in MajorBBS reverse engineering in order to make the modules I wished to use for my own private purposes, functional.

For the most part, previous license holders for MajorBBS software have come forward and donated their source code, which represents thousands of hours in hard work and labor, to the community for preservation and continued development by enthusiasts. An example of this would be M.B. Murdock & Associates and their MajorBBS game Galactic Empire. As a company, they closed their doors in 1996 due to the decline in BBS sales, but in 2002 Mike Murdock released the source code for the Galactic Empires MajorBBS module under the GPL license.

There have been a few software vendors who have been known to protect the MajorBBS modules they’ve developed either as a corporation, or as an individual developer who ran his own business during this period. Part of me, as a software developer myself, can understand that you might not want to just give out the source code to something you’ve worked so hard on. Lord knows I don’t go around handing out my own ;) But some of these people actually go as far to being legal action against individuals who are running ‘pirated’ copies of their software, fifteen years after it was released.

I’m not saying that it justifies piracy, but I think legally if I can prove:

  • The software is over a certain age (perhaps ten+ years)
  • The originating company no longer exists, or
  • The company does exist but will no longer sell copies of the software

Then, aren’t they just using their old software as bait to perhaps lure users into a lawsuit for pirating software that was impossible to purchase by legal means.

What I would love to see is a movement to simply preserve the past. My past. Millions of people’s pasts. Let’s try to come together using projects like the MajorBBS Restoration Project or others of it’s type, and get those programs we all love and remember back in the open before they’re lost forever! Even a simple keygen that would take a software author a few hours to package and release could help many, many people.

, ,

3 Comments

Semagic LiveJournal Client Password Decryption and Recovery

Posted by eric in C# Programming, Reverse Engineering on February 15, 2007

Semagic (link) is a client application for LiveJournal (link).

Recently I needed to recover a password that was 'remembered' by Semagic, but it was hidden in the password field. Simple password unmasking applications weren't helping me any as the field itself isn't a simple password box.

After further investigation I was able to find where Semagic stores the saved passwords in the Windows Registry. It was obvious that the password was encrypted and was stored in it's entire form. Since Semagic is open source, I was able to find the code block which served as its password decrypter:

PLAIN TEXT
C++:
  1. m_password = m_app->GetProfileString(userkey, _T("password"), _T(""));    //Gets Encrypted password from registry
  2. enc = m_app->GetProfileInt(userkey, _T("obscure"), 0);    //Checks to see if the password is 'obscured'
  3.  
  4. if (enc) {    //If password is obscured
  5. LPTSTR str = m_password.GetBuffer(m_password.GetLength());    //Password
  6. LPTSTR key = new TCHAR[m_user.GetLength()+1];    //Sets Key Size (Username + 1)
  7. _tcsncpy(key, (LPCTSTR) m_user, m_user.GetLength()+1);    //Copies Username to Key
  8. LPTSTR orig = key;
  9.  
  10. while (*str) {
  11. if (!*key)    //If we're OOB on the key, reset it
  12. key = orig;
  13. *(str) -= 'a';    //subtract the value of 'a', which is 97, from the encrypted value
  14. *(str++) ^= *(key++);    //XOR bitwise based on the key
  15. }
  16. key = orig;
  17. m_password.ReleaseBuffer();
  18. delete[] key;
  19. }

So needless to say it was just a matter of debugging and some time before I was able to port the decryption routine over to a stand alone C# application.

PLAIN TEXT
C#:
  1. for (int iLoop = 0; iLoop <Convert.ToString(sPassword).Length; iLoop++)
  2. {
  3. int iInputCharacter = (int)Convert.ToChar(sPassword.ToString().Substring(iLoop,1));
  4.  
  5. if(iXORCharacter>= sUserName.Length) iXORCharacter = 0;
  6.  
  7. iInputCharacter -= 97;
  8. iInputCharacter ^= (int)Convert.ToChar(sUserName.Substring(iXORCharacter, 1));
  9.  
  10. textBox1.Text += (char)iInputCharacter;
  11.  
  12. iXORCharacter++;
  13. }

I've compiled a quick little program that'll extract the usernames from the registry and display their passwords:

Semagic Password Decrypter

This program is 100% safe and won't e-mail your password to me or any other silly crap like that. I just figured someone out there would need it as well.

Cheers!

, , , ,

3 Comments