Anatomy of a Keylogger

I read this insane article about how a hacker figured out the antics of a keylogger. You should read the whole account over on Spiderlabs. The main breakthrough was when he downloaded and ran the malware in a safe environment. This allowed him to track the rogue program connecting to an FTP server. He spied on the net traffic to discover the username and password the malware used to FTP things up to the owner's server.

That is when the real ownage began. He was able to log into the FTP server and search around. Further tracking involved finding out the license used for a commercial keylogging app, and typing that back to a real person's name. Oh this is so cool. This just goes to show you that when you have the right skills, you can figure all kinds of things out.

I am just curious why the guy did not play any tricks on the keylogger. If you got access to their site, you could reverse the roles and hijack the script kiddies.

Building a Bot

I have been surveying a bunch of iPhone apps recently. There goes my monthly data charges. Previously I had heard about this game Bejeweled. But I never tried it out until now. The thing is very fun. I have the version called Bejeweled Blitz. Recently I read a tutorial on how to build a bot to win at Bejeweled. Winning means scoring a whole lot of points I guess.

The first decision to make in building the bot is choice of language. Personally I would use C or C++. However the example bot I saw was built with AutoIt. This is a language from Microsoft for creating macros for automation. I think the syntax of AutoIt is kind of like Visual BASIC.

Once you have chosen a language, you need to be able to read Bejewled icons on the screen. Before that you got to figure out the coordinates of the upper right hand corner of the window. Then you must determine the spacing of the icons in the Bejeweled window. The smart breakthrough was to figure out the location on an icon you can test to determine its color.

So far we have been dealing with the easy stuff. Next you need to come up with some Artificial Intelligence to choose the best icons to swap in order to maximize Bejeweled profits. Personally I think you should first swap icons near the top of the screen to ensure the bottom opporunities do not get shifted. However if the bot is considering all possibilities, it should look for longer combos and perhaps double combos.

Bejeweled is so fun that I might just have to try writing a bot to play it for me. The easiest way to do this would probably be to get a version of Bejeweled running on my PC where I have better control of the environment.

Demoscene Alive and Well

I have been watching videos of some 2012 demoscene entries. A lot of them were great. However two of them really stole the show. In fact, they won their respective contests. These are 64kb entries. That is, the code fits in 64kb of memory. They do a lot with a little.

First up is Proton-K by Kewlers. They got a rocket flying out in outer space. The beginning could be a scene right out of Star Wars. I like how the camera rotates around the rocket, causing the light from the sun to be briefly eclipsed. There are some neat effects on the rocket's surface as some weird energy light balls pass through the rocket.

Next up is Gaia Machina by Approximate. I love the scene where the wind blows on the windmill and grass. Hot graphics to say the least. Some weird alien looking legs move through the nature scene. Then just when you thought you had seen it all, the strawberries light up. Freaky good.

Sometimes when I am creating an intro scene for one of my apps, I feel like I am a demoscene participant. I got to make a lot happen in a small amount of time with little code.

Wallhacks and Other Game Cheats

I read an intro article on hacking games via DirectX over at AltDevBlogADay. The essence of the techinques is to intercept the game calls to the DirectX API. Then you can substitute your own evil code in there. The most common of such hacks is the wallhack.

For the wallhack, you wait until a call is made to DirectX with the enemy's position. Then you literally draw a wall around them on the screen. I guess that traps the enemy in the wall. They can't get you or shoot you. Pwned.

Another hack you can do with an enemy location is to draw them a different color. For example, you could highlight all the bad guys in red. This will allow you to visually detect them easier, and shoot them up. Now doing things such as this might get you noticed. And if the game cops catch you, you might be banned. So you need to be sneaky. But that is a story for a future post.