Ghost in the ShellCode 2014 CTF WriteUp: Choose Your Pwn Adventure 2: Unbearable (aka The Drunken Master)
Ghost in the ShellCode 2014 just ended, and this year was epic. Their flagship for this CTF was a first-person style shooter game where you could edit a local file called GameLogic.dll to modify your client. The client uses .NET, so I used GrayWolf to do my reversing and editing. You'll see how super awesome GrayWolf is for understanding and editing IL ^.^
I'm going to show you how to edit some of your character's basic attributes with the goal of surviving the bear onslaught at the end. We can start by opening GameLogic.dll under /pwnadventure2_Data/Managed/GameLogic.dll and diving right into the Player class. First, let's start by actually being able to move around this game at a reasonable speed. In the UpdateMovement() function, we can see a run and a walk modifier. Editing this value will give our character the super speed we desire. Similarly, under the UpdateJumpForce() function, we can quickly find a jump force modifier and jack that up to basically make our character fly.
Now that our character has super movement abilities, we need something to actually survive the bear onslaught. Just standing on top of the treasure chest won't save you either, because at the 1:30min marker the bears all get assault rifles, and the tables really turn. For this reason, we must Enter The Drunken! When you drink Wine in Choose Your Pwn Adventure 2, you get a slight damage resistance boost. The following hack edits this modifier to make you invulnerable when you drink Wine, awakening the drunken master within. This time we will be in the localPlayerInfo class, under the UseAccessory() function. Again, padding these numbers will really increase your chances at surviving the onslaught ;)
There you have it guys and girls, Drunken Master Mode for Choose Your Pwn Adventure 2, Ghost In The ShellCode 2014.
Now that was a fun one :)
I'm going to show you how to edit some of your character's basic attributes with the goal of surviving the bear onslaught at the end. We can start by opening GameLogic.dll under /pwnadventure2_Data/Managed/GameLogic.dll and diving right into the Player class. First, let's start by actually being able to move around this game at a reasonable speed. In the UpdateMovement() function, we can see a run and a walk modifier. Editing this value will give our character the super speed we desire. Similarly, under the UpdateJumpForce() function, we can quickly find a jump force modifier and jack that up to basically make our character fly.
Now that our character has super movement abilities, we need something to actually survive the bear onslaught. Just standing on top of the treasure chest won't save you either, because at the 1:30min marker the bears all get assault rifles, and the tables really turn. For this reason, we must Enter The Drunken! When you drink Wine in Choose Your Pwn Adventure 2, you get a slight damage resistance boost. The following hack edits this modifier to make you invulnerable when you drink Wine, awakening the drunken master within. This time we will be in the localPlayerInfo class, under the UseAccessory() function. Again, padding these numbers will really increase your chances at surviving the onslaught ;)
There you have it guys and girls, Drunken Master Mode for Choose Your Pwn Adventure 2, Ghost In The ShellCode 2014.
Now that was a fun one :)
