Ferib's Blog

Optimizing Lua Development For Restricted Environments

This article explores ways to improve Lua programming in a restricted environment (e.g. games). It discusses different techniques, including Lua code profiling, unit testing, memory inspection, and runtime tooling, to overcome the limitations imposed by the restricted environment as it tries to enhance the development process. The article emphasizes educational purposes and does not promote cheating of any kind.

21/05/2023Blog post
Bringing Obfuscation to the Bitcoin Blockchain

Bitcoin and Litecoin transactions are considered 'anonymous' because they don't require any identification. However, once a Bitcoin address is revealed, all associated transactions become transparent. This article explains how the Unspent Transaction Output (UTXO) model is used by both cryptocurrencies to track historical amounts of data, and how blockchain analysis can be used to identify the parties involved in a transaction. Additionally, the article explores obfuscation techniques that can make it more difficult for outsiders to trace transactions on the blockchain.

02/04/2023Blog post
Reversing Common Obfuscation Techniques

Modern software often deploys obfuscation as part of its anti-tampering strategies to prevent hackers from reversing critical components of the software. In this article, we will have a close look at two common obfuscation techniques to understand how they work and figure out how to deobfuscate/undo them.

14/03/2022Blog post
Lua Devirtualization Part 3: Devirtualizing Luraph

For this article, I will combine all the tools I have created and perform a deep analysis of how well the most common virtualization is implemented. On top of that, I will also try to find out how we can make virtualization better and at which (performance) cost.

24/02/2022Blog post
Inviting Myself to The Diablo II Resurrected Closed Alpha

Today, April 12, 2021, I noticed a significant amount of DM's on my Reddit. People kept asking me to help them set up a crc32 bypass, a technique discussed in one of my previous blog posts. But why did so many people felt the need to bypass crc32 checks? and why did they started desperately asking me for help?

02/05/2021Blog post
Lua Devirtualization Part 2: Decompiling Lua

For this article I will start by taking a deep look into Lua 5.1 and then continue to create a Lua Decompiler from scratch in C#, not only will this be used to decompiler Lua, but it will also be used to identify and lift the Luraph instructions back to original Lua instructions (in Part 3).

28/03/2021Blog post
Lua Devirtualization Part 1: Introduction

In this series of articles, I will take you on a journey to show you a darker side of the programming world. A place that is fueled by money, script kiddies, and even more money. To prevent code from being cracked and resold, we must outsmart each other and develop security mechanisms that are either too hard to solve or take up to much time to solve. One of those security mechanisms are obfuscators, today will be all about why the need for obfuscators and how they work.

21/03/2021Blog post
Protecting Packet Tracer Myself Because No One Gives a F*ck

Thanks to reverse engineering, we can figure out how the Packet Tracer software works, and then modify the Packet Tracer binary to work in a way we want! The goal of this article is to improve Packet Tracer by making it more secure without the need for its source code.

19/02/2021Blog post
Cheating Your Grades With Cheat Engine: The Roast of Packet Tracer

After I found out that Packet Tracer is used as an official exam I had to look at how it works and how secure it is. But after a quick look, I noticed there wasn't much protection at all. Did the developers forgot to put it in, or did they think students at high school/college aren't capable of reversing such software?

27/01/2021Blog post
How I automated McDonalds mobile game to win free iPhones

Reversing and automating the McDonalds mobile game "FriesHit" by sniffing the network protocol and emulating the game packets to get free rewards.

30/09/2020Blog post
Bypassing program's read-only code protection (crc32)

Games often have neat anti-cheating system that prevents hackers from rewriting its codebase. Some games remap themself when it gets started and then puts protections in action. Inside the game's code are CRC32 integrity checks that scan memory regions (including the .text section of the game) to check whether the code has been modified.
Today I will be showing you how I have bypassed the integrity checks.

13/05/2020Blog post
Reversing Public Transport Application 'DeLijn'

It's 7:30 am and you just got out of bed, rushing your way out of the house to catch the bus. You made it, you are now sitting on the bus and waiting for almost an hour to arrive at your destination. You keep staring at your phone, looking at the traffic app to see how long until your bus reaches its destination, but then something comes to mind, "could it be possible to manipulate the traffic application so I can get faster to work? or at least get a free ride?"

24/03/2020Blog post
Reversing the McDonalds Mobile Application to get free food

Just like any other student in a dorm, I often go out to eat because I'm too lazy to cook something and do the dishes after. The only thing that sucks about this is the price. So.. what if I could use my skills once more to take advantage of the McDonalds Mobile Application to reduce the costs of my food?

06/03/2020Blog post
Reversing an Online Webshop for Discounts

Just like any other student, I don't have much money. (Pretty ironic since my last post, but its true). Not so long ago, Apple released the new Apple Watch 5, a smart watch that is too expensive for me. So I was wondering if I could get this cheaper using my Reverse Engineering skills on a online webshop. And hell yeah was I right!

01/03/2020Blog post
What does LockDownBrowser really do?

Just like any student, I'm too lazy to do anything school-related. Not that I'm dumb or unskilled, but just because I don't feel like doing anything for school. Now imagine you have been doing nothing all year long, and you just figured out you have an exam coming up next week, what do you do? cheating! "Work smart, not hard", right?

19/02/2020Blog post
How I woke up with $5.000 in bitcoin

On a Saturday morning, as I am scrolling through my notifications I notice something, a message from my Bitcoin exchange bot. Five thousand dollars was added to my bitcoin wallet. This cannot be right, I think, as I re-read the notification. Five thousand dollars had indefinitely been added to my wallet. How could this be possible?

15/02/2020Blog post
Disable AdBlocker