Wednesday, August 26, 2015

Parsing Kismet Logs

We have all been there.  We get a tool to do exactly what we want and then suddenly we have to parse the log.  The log file that we want to use is in a format that we have never heard of is standing in our way of moving to the next project.  I found a simple tool that allows  me to do just that.

The tool is called KLV.  KLV v2 is a tool that combines multiple Kismet log files in the .netxml format, summarizes the data, and outputs an easy-to-read html or csv file.  It is located at the following URL:

Pretty simple and straight forward to use.

Wednesday, January 21, 2015

PwnAdventure 3

Last weekend I participated in Ghost in the Shellcode, a capture the flag competition (ie. hacker contest) which included several unique challenges that involved hacking (cheating) at an MMORPG style game. The game was built using the Unreal 4 Engine, so it's possible that this protocol is same across other games with the same engine, but I have yet to confirm that.

As someone who loves huffing ethernet and inspired by talks such as "DEFCON 19: Hacking MMORPGs for Fun and Mostly Profit", I immediately went for reverse engineering the protocol so that I could build a proxy to perform all sorts of cheats. Sadly, I didn't have enough time to build a proxy, but I was able to write a Wireshark plug-in that parses most of the protocol (available here).

There is a lot to cover in this protocol, so this post will only cover some highlights.

For starters, this is a TCP based protocol that hops around on port 3000 through 3016. This is typical of MMORPGs that spread what looks like a unified map and environment over multiple servers and instances.