Parsing HTML with C++ (With extra UTF-8 woes)

So I was tasked with making a C++ project that scraped data from HTML pages.

For those who aren’t in the “know”, there’s no neato HTML DOM library like JSoup in C++. There’s nothing with jQuery-like selectors either. There’s some niche projects here and there (and there is a google project I was turned onto which I decided probably wasn’t for the best, but worth mentioning anyway) but nothing really substantial.

In PHP, you could do a couple things. Either use “Simple HTML DOM Parser“, or use simplexml with XPath. Both kind of suck for their own reasons (Simple HTML DOM Parser is written in PHP and causes tons of resources to be used for simple operations, and simplexml with XPath is… not fun, turns out C++ isn’t much better, but we’ll get to it later).

In JavaScript, you have jQuery. In Java, JSoup. Both are amazing. If I’m scraping something, I’d prefer to use these… but it’s just too bad I don’t use Java for much else besides android, and I don’t know how well nodejs actually works with jQuery, or if it does, or if it has something similar… I’ve never used node. Maybe worth looking into some day.

C++, though, I had to hack. It’s weird, usually you’ll find C++ libraries for anything but in this case the internet didn’t help me out too much, besides this blog post, so I went with it.

The tools I ended up using for my project:

  • CURL
  • MySQL++
  • libxml++
  • libtidy

Read more

Firefox plugin ownership hijacking exploit

So I ran into an interesting issue today.

People develop Mozilla plugins all the time. Some online and on the store, some offline and not on the store at all for all sorts of purposes. Either because they don’t require network access, because they don’t feel they want it known to the general public or because it is proprietary, sensitive software.

Well a friend designed a plugin which was not designed to be released to the public and something absolutely amazing occured. Somebody uploaded his plugin to Mozilla AMO. Mozilla AMO is basically the Firefox plugin store.

What’s even more fun is that this person did not specify an Update URL in his manifest. It all came tumbling down.

If the Update URL is not explicitly overridden, Firefox tries to grab updates from Mozilla AMO even if the plugin was not installed from the store originally. Firefox will also grant ownership over your plugin key to whoever uploaded it to the store first, meaning the actual original author has little recourse.

So, if you happen to find some plugins on github or on the web and want to create some bots with little effort, look no further! Simply upload a modified plugin to Mozilla AMO and watch as silent updates are delivered to your victims!

Free software for everyone!

Seriously though, people who have private plugins including secretive individuals and huge corporations beware.

Birth of a hacking brain


I haven’t done a post like this ever, but I thought I’d give my account of a phenomenon which was occurring prior to PHP ‘fixing’ it’s allow_url_include configuration option.

Names of the innocent have been omitted, and details changed to protect, well, me.

Sometime around 2007 a friend of mine made a neat script to parse his access logs. People were trying to exploit his server, repeatedly.
They were attempting to use an exploit known as RFI (Remote File Inclusion).

The concept is simple. PHP has a function called ‘include’, this function executes the PHP file given to it

 PHP |  copy code |? 

However, PHP also used to allow you to include remote files by default. This would mean you could do:

 PHP |  copy code |? 

People would do things like

 PHP |  copy code |? 
include($_GET['action'] . '.php');

If you did


You could include your own PHP file and execute arbitrary code.

Okay, explanation over!

Read more

HTML5 with Internet Relay Chat (IRC)

I wrote an UnrealIRCd plugin (well, a proof of concept anyway) that would allow HTML5 clients to connect to your server (leaf or hub, I suppose).

The only real benefit to a fully functioning plugin for HTML5 WebSockets is to remove reliance on Java/Flash, or being able to code a client in Javascript, if that’s your thing.

The repo is here, feel free to check it out. Read more

Crazy Game Fun Times – Deer Hunter Tournament and JFK Reloaded

I decided to write some trainers for dumbass games for dumbass fun, why not?

JFK Reloaded Rapid Fire

 C++ |  copy code |? 
// This evades the hard-coded bullet record limit (basically, the ballistics screen and replay might fuck up and crash because you shot too many bullets)
DWORD WINAPI lpBallisticSanityThread(LPVOID lpParam) {
    while(true) {
        unsigned long* pdwShotsFired = ( unsigned long* )0x006162AC;
        if( *pdwShotsFired > 0x26 ) {
            *pdwShotsFired = 0x24;
    return 0;
__declspec( noinline ) VOID InstallPatches() {
    memset_s( ( unsigned char* )0x5A1CF8, 0xEB, 1 );
    memset_s( ( unsigned char* )0x59F1FA, 0x90, 2 );
BOOL APIENTRY DllMain( HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved )
    if(ul_reason_for_call == DLL_PROCESS_ATTACH) {
        CreateThread(0, 0, lpBallisticSanityThread, 0, 0, 0);
    return TRUE;

Read more

I really don’t like the Android API

Well, you know me, I seem to be pretty decent at just complaining about things. So, let’s dive right into the Android SDK.

There is a visual designer, but nobody uses it. Nobody should use it. It’s terrible.

I can’t say it’s the fault of XML inherently, maybe it’s just the editor and the rendering that has major issues, but it’s broken as hell in Eclipse and Android Studio and using it is only useful for widgets or nested fragments.

I don’t like it’s HTML+CSS-like design. It feels filthy. It could be a lot worse, though, so let’s put aside this gripe and move to the main issue.

The actual API
When I jumped into android programming, I was so frustrated. Super pissed. That’s because I was stuck in the UI design and restoring states, I gave up.

Later on, a very retarded android developer (people actually pay him) told me to use the AndroidManifest.xml hack to let android handle my orientation changes for me.
Holy fucking shit it was like a brand new world!

No more Parcelable classes, no more savedInstanceState bundles… everything was awesome. Of course, this was all placebo, because in the end I needed to change my methods away from the XML configuration hack (because there is many forms of changing states in Android, and it only handles a few of them).

  • I hate how the OS doesn’t handle states itself.
  • I hate that I have to handle states, and I hate that it is so troublesome. You either have to store specific members of a class, or make your class extend Parcelable, which means writing a lot more lines when you really shouldn’t have to.
  • I hate how much extra typing I have to do to deal with savedInstanceState or retained, nested fragments (which is ultimately what I ended up using, a hell of a lot easier than that retarded bundle bullshit).
  • I don’t like how only some of the XML settings for layouts has a method in an object (Like, for ListView you can set ‘divider’, and ‘dividerHeight’ in XML and Java, but you can’t ‘showDividers’, this is a minor example that I had on hand, but it happens all the time).
  • This is an SDK problem, but it’s also a slight Java problem (depending on who you ask) – Overrides lead to ambiguity. That is because the SDK is ambiguous. Yes, there is Fragment and Activity life cycles in the SDK docs, however that lifecycle isn’t always true in every circumstance. Some overrides are only fired in specific circumstances, and sometimes that information is buried in lines of text elsewhere, and you only find out when you get a NullPointerException or some such thing. Annoying.

Full disclosure, I’m not a professional Java developer or anything, and even I can see that in many ways, a lot of my extra burden would be resolved in my projects by extended classes (I do it sometimes, but probably not nearly as much as I should), so many of these points might be moot. I mean, if I can speed of the development of other things, maybe this burden wouldn’t be so heavy? I don’t know, but I know these things are a burden. It really sucks the energy out of me when I have to make another fragment class just to retain data across orientation changes, app kills, minimize/maximize… etc. It takes up a lot of time that I could be spending on other things, and it seems like it could be a lot easier. That’s just me. Maybe I’m wrong.

It could be that I’m a moron and I’m making this way too hard on myself, it’s happened before. If I am indeed a moron, please comment below and tell me how to do this less verbosely.

The good!
What would a rant be without the things I really enjoy?

  • I like Java’s default classes and how extensive string manipulation is, how easy it is, I like the eclipse editor (although people keep trying to push me into studio). There’s a lot of stuff already done for you, like C#.
  • I like the HUGE amount of libraries which solve problems I’ve not had to solve myself by nature of them existing. Jsoup, Picasso, OkHttp and Joda Time are super.
  • Overrides, while being a problem they are also a godsend – because, well, you can override anything. Ignoring the ambiguity of some SDK functions, this allowed me to make some very cool changes to widgets that wouldn’t have been possible in some other languages. So they’re also good in their own way.
  • Another compliment for Java – Strong typing. Weak types pls go.

Anyway, final bit of info, here’s some screenshots from an app I’ve been making. It’s dumb animu bullshit but it seems at least 120 people are interested in it, since that’s how big my alpha tester group is (Has 120 users by word of mouth on facebook/twitter/etc, it’s a closed group, pretty impressive I think, especially since it’s only been a couple days)

Anti-hacking advice and methods for the amateur game developer.

I hang around game forums sometimes, and the subject of game development pops up every once in a while. I figured I’d write this for people who are indie or amateur developers who might not necessarily have the money to pay an outside developer to protect their game (You can hire me if you do, by the way), but want their game to be somewhat free of the really, really bad hacks that plague poorly made online games.

This post will talk more about concepts that give the developer nasty results and not so much code. If you want to see some anti-hacking code, there’s a tag for that on my blog! Use it!

The netcode, and never trusting the client to do anything.
In an ideal world (for those who don’t like cheating) games would be run on the cloud and every pixel would be delivered to the client, and they’d only be restricted to sending keyboard and mouse input to the server. This comes with a whole bunch of other problems, but ignore those for a moment and really think about it. If the client was never trusted to do anything or handle any data, there would be no hacking. There’d be data to input into our ESP or aimbot calculations and there’d be no data to write, such as in our “no recoil” or “no spread” code. This is pretty much how consoles control hacking, by completely locking out the user. It’s not perfect and people do cheat on consoles, but because consoles actively fight against user input it is much more rare.

Having said all that, I am a consumer advocate and I really, really hate that the gaming industry is going in this direction. However, the lesson should not be lost on people who still want to develop video games on the computer today, without those severe controls.

Exhibit A: The ARMA franchise

Bad design.

This code allows you to disable all keyboard input for admins on an ARMA server. Really.

I’m starting with ARMA because it uses an engine which defies common sense. It is probably the least secure, most insane multiplayer game design I’ve ever seen. It’s bizarre. Read more

Quick critique: ARMA Series scripting language.

Alright, fuck it.

People know me, I mean, I don’t consider myself a complete fool when it comes to programming and I think there’s probably a lot of people who don’t really consider me that shabby either.
I am however completely incapable of developing ARMA3 missions. It’s just not possible. I tried.

Here’s the problem: The game’s scripting engine is god awful. Nobody says this enough, if you go on the BIS forums and try to state this openly you will be berated by fanboys who have no programming background and have very likely never touched the sqf “language” in their life. I’m going to go point-by-point here and explain what went wrong with this clusterfuck of a language. Read more

How I hacked Max Payne 3

Random information: This post was written months before I published it, back in November 2012. I didn’t publish it because I was angry at the time and it felt like a rant. It still is a rant, but I feel like it should be published anyway.

Just a short post, maybe it’ll help people hacking RAGE engine games since Rockstar took it upon themselves to be gigantic assholes to the modding community. I’m going to show them how you hack their games, online. Yes. This doesn’t stop me, the person who will ruin your fun in online games. This kills the modding community. Thanks a lot Rockstar games, you are the biggest pieces of scumbag shit in the sandbox gaming arena today. Read more

D Module Injector

I wrote a D module injector! It’s coded in C++, but it works with the latest DMD2.

Basically, here’s a rundown of the problem I was facing. You can’t use CreateRemoteThread to invoke LoadLibrary to load a D module into a foreign (or local, for that matter, seriously try LoadLibrary with CreateThread in a C++ application) process without it crashing. For some reason or another you must load the module in the primary process thread. This is what this hook does. I suspend the “main” thread, switch out EIP for my own (allocated code cave) and JMP back to the original code.

This has only been tested with “Hitman: Absolution” but give it a shot on your process and let me know how it goes! I included the source code and binary for the C++ program in the download below. Enjoy.

Download403 downloads