Here's a script by Keegan Ryan for sending a custom public key in a certificate, which on a backdoored system will reach the hooked function. gist.github.com/keeganryan/a...
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission. The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system(). It's RCE, not auth bypass, and gated/unreplayable.
so what if botw/totk take place in the same parallel world as termina? it would explain the lack of a triforce and the mismatch of ganondorf backstories. and the timeline split basically wouldn't matter.
"Playing a game online that was released while Stack Smashing was new is probably not a wise move. But why just assume it’s unwise when we could spend hours reverse engineering it and confirming that one way or the other?" heh. can't wait to see the talk. research.nccgroup.com/2023/12/19/r...
This blog post is part one in a short series on learning some basic game hacking techniques. I’ve chosen Warcraft 2 for a variety of reasons: Old games have more lax security (no anti-cheat) …