The art of cheating: Making a chess.com chess bot following an unusual approach!

Posted on January 26, 2014 in C • Tagged with C, Chess.com, Cheating, Firefox, Hooking, Chess, Lowlevel, Programming, Security • 21 min read

Table of contents

  1. Preface: Giving first insight into the idea and why I think that hooking into a browser is a good idea.
  2. Many different ways to make browser game bots: Discussion various techniques to write HTTP/WebSocket bots
  3. How does chess.com internally look like?: Investigation of the client side behavior of chess.com
  4. How the bot works: Explaining how my shared library hooks firefox network functions
  5. Conclusion: Summary of my discoveries
  6. Demo Video and another, better demo video: You might only watch that video, but make sure you read the explanation on the very bottom of this blog post!
  7. You may find the sources to the shared library (so) on my github account.

Preface

Usually I don't have good ideas in forms of flashes of genius. On the contrary, I think that many endeavors and interesting projects might be reasonable if realized, but often so, there's a huge amount of work involved and too many variables and strategic decisions in the process that could eventually render the project a failure. What I try to say: A mediocre idea well engineered might be a good product. But a good idea badly implemented and designed is usually just bad in …


Continue reading

IAT hooking

Posted on December 07, 2013 in C • Tagged with C, Hooking, Programming, Security, Windows, Nt, Assembler, Iat • 10 min read

What

I just rummaged through my old hard disk and suddenly stumbled across some old C sources from around a year ago when I played with IAT hooking on windows 7. I will not explain much, but I made the bottom code around a year ago (Thus, in 2012) and it should be able to hook any code (depicted as the handler here) into running processes via the IAT. I suppose the code is not working properly, but it gives a good picture of how an IAT hooking approach might look like.

What'll you do?

Hopefully I'll find some time and motivation (or more appropriate: discipline) to update the little library and finally complete it. Maybe I will also make it compatible with windows 8, but I assume it's not really different from windows 7 (Hell I don't know anything about the windows API)...

#include "main.h"

/* 
 * Implements a little library to Hook the WinApi on running programs.
 * Furthermore, the API provides functions too find code caves and little hook templates for the most common scenarios
 * when we use hooking: Intercept function parameters and monitor output...
 * Supports both, 32 and 64 bit Windows XP to Windows 7. The code is …

Continue reading

Web safe Base64 Encode/Decode in C

Posted on October 29, 2012 in Programming • Tagged with C, Programming • 2 min read

A short while ago I needed to implement a little web safe base64 en/decoder and couldn't find any good small example in the width of the internet, so I decided to do my own dirty one. I hope I help somebody with this  little demonstration code...

I used Pelles C Compiler to build this program, but I am optimistic that it works on every common C Compiler, since it's quite close to the C11 standard.

#include 
#include 
#include 
#include

#define MAX_B64_PADDING 0x2
#define B64_PAD_CHAR "="

char * Base64Encode(char *input, unsigned int inputLen);
char * Base64Decode(char *input, unsigned int inputLen);
static unsigned char GetIndexByChar(unsigned char c);

static char *b64alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";

int main(int argc, char **argv) {

    if (argc != 2) {
        printf("Usage: %s StringToEncode\n", argv[0]);
        exit(EXIT_FAILURE);
    }
    printf("String \"%s\" to: " ,argv[1]);
    printf("%s\n", Base64Encode(argv[1], strlen(argv[1])));

    exit(EXIT_SUCCESS);
}

/* Caller has to free the returned base64 encoded string ! */
char *
Base64Encode(char *input, unsigned int inputLen)
{
    char *encodedBuf;
    int fillBytes, i, k, base64StrLen;
    unsigned char a0, a1, a2, a3;
    /* Make sure there is no overflow. RAM is cheap :) */
    base64StrLen = inputLen + (int)(inputLen * 0.45);

    encodedBuf = calloc(base64StrLen, sizeof(char …

Continue reading