now the TEMPORARY_FILE is deleted automatically at the end of the extraction without asking, added the following compression algorithms: PKWARE DCL, IBM TERSE (PACK/SPACK), PKWARE reduce, a configurable LZW engine, ultima6, lz5 and yalz77, 4 additional formats for RSA keys, fix for sortarray with arrays having different elements, SLog supporting offsets till 4Gb - 1, reimport mode for deflatex/zlibx, added ZIP file creation in addition to the ISO one, -Q for really quiet mode, updated some algorithms, increased the number of allowed arguments per line for If and String S, setvbuf to 64Kb (probably useless), fix for Xmemdecompress with lzxnative and lzxtdecode formats, replaced sub_var strdup_replace with manual alloc memcpy, feature to embed scripts inside for distribution in modkits many fixes: stricmp crash on Linux/Win XP, String =, set basename, putarray, recognizing end of file in fgetxx, coverage statistics of memory files, skip existent files choice/option, double request of files overwrite in some cases, some rare compression algorithms not working correctly, mcrypt comma separator, a couple of magics in sign_ext.c.
-i option for creating an ISO image, now some compression algorithms don't give error if the end of output is reached (better for the comtype scanner), undk2 replaced by refpack_decompress_safe, more operators in encryption random and support for bitmasks (like key 16), my encryptions like random/math/xmath now support also variables in their configuration, added aes modes ige/bi_ige/heat, less resource used by append log to file, initialization of arrays with multiple input files, 30 new compression algorithms, code improvements and less memory consumed at runtime support for wildcards in the selection of input files, fixes in check_condition: constant strings, basename, filepath and filename, String reverselong/short/longlong weren't recognized, new 'y' String operator for alignment, Set to_unicode for converting to utf16, new FULLBASENAME type, better Print hexdump, String with constant strings, important fixes for the String operators: shl, mul, equal, split and cstring, some new compression algorithms, TEMPORARY_FILE now doesn't prompt for overwriting, better handling of same input and output file, Encryption Math with #INPUT#, some default values to the few compressions that required a ditionary value, LZ4 supporting dictionary and returning no errors in case of short output, fix for filexor/filerot with negative values, fix for utf16 conversion, information and fixes in the manual, reimplemented lzrw, balz and quad compressions, added mcomp/libmcomp, irolz, uclpack and ace compressions -r option for reimporting the extracted files like in Quick BMS (it uses the Zopfli library), the previous -r option has been renamed -R, some changes to the runtime help, it's no longer needed to specify the output folder and offset, option to automatically overwrite the output files, -1 now uses the output filename if specified, added a Makefile for Linux, renamed from Offset file unzipper to Offzip variables between quotes are now considered constants, fixed some math/xmath operators, fixed Findloc unicode, some new compression algorithms, experimental Scandir modes for working with processes, quiet option, fix for Open EXISTS in reimport mode, fix for avoiding to create new files with -w using Open, small improvement of comtype lzma_dynamic, fix for some compresison algorithms that take parameters from the dictionary argument on quickbms_4gb_files -e option for adding environment strings (useful with some Steam games), -T for delayed attachment of the debugger -d, better handling and checking of the filenames that allows to specify just the filename without the whole path or wildcards experimental reimporting of chunked files, fix for Set VAR strlen VAR, Name CRC allowed to use a MEMORY_FILE (useful for compressed embedded list), fix for Name CRC that skipped hex hashes, added Zopfli for better compression of some files, a couple of new compression algorithms, set correct position of memory file in append mode, don't ask to overwrite in append mode if the file has been created by the script, -O - for stdout output (redirect may not work), fix for long directory names SLog command for exporting/reimporting strings (game localization), a couple of new compression algorithms, fixed various recompression algorithms, improvement of RSA and added similar encryptions, added most of the e CRYPT algorithms, compatibility with Windows 8.1, fixed a very rare bug in putarray, some minor fixes new Codepage command for utf16 to utf8 strings conversion (will be improved/expanded in future), base conversion in Math command (binary/octal), fix for the parameters in the Print command after the pipe, many new compression algorithms including also recompression (cpk, bpe and nrv are the most important), new argument for Strlen to get the full size of the variable, initial implementation of rsa encryption, command Append 1 improved to work with Goto, additional parameter in xor_prev/next to specify the operation on the last byte, fixed a bug in Call DLL introduced in the last version, Quick BMS version and information visible in the properties of the exe, restored compatibility with Windows 98 (_fstat64 caused by iostream) tons of new compression algorithms, new Makefile for Linux, calldll from encryption/comtype with #INPUT_SIZE# and #OUTPUT_SIZE#, String with multiplication and hex2uri/uri2hex operators, a '0' added to the String operator allows to set an empty VAR1 in case of errors, rc6 encryption, xor_prev/xor_prev2/xor_next/xor_next2 encryptions, fix for getarray, added adler32 to the available crc functions, fix for a rare bug in reimporting, append 1 now allows to place the new content at the current position of the output file, source code of Quick BMS in a separate zip archive to avoid space and confusion, fix for using libtomcrypt, activated all the rnc compressions available, fix for xmemdecompress of native files (0xed magic), cleaning of spaces at the end of folder names in extraction, fix for filepath type.
updated the compression and crc scanner to match the new amount of algorithms added the -c option that allows to guess and dump the chunked files, option -D to specify dictionary, -d to visualize the hexdump of the data before and after the compressed streams, statistics information, offset where the compressed streams ends, amount of bytes between the current compressed stream and the previous one, zlib header and crc information, updated extensions guesser (strnicmp fix for Linux) most of the global variables now have a g_ prefix, new Name CRC instruction for working with list of filenames, support for full scripts passed as command-line argument (';' separated), support for C NULL delimited arrays like short var, many new crc/hash algorithms for the encryption and namecrc commands, added basename/filepath/filename comparisons for conditions, fix for math x with big numbers, added Set filepath, String P mode to use the same syntax of the Print command, enhancement of the Comtype dictionary to allow data containing zeroes, added new compression and recompression algorithms, mpq encryption, fix for the prs compression, more information when a read and compression error occurs, option -M for extracting only the files different than those available in another folder, no folders creation with -0 and -O, QUICKBMS_FILENAME internal variable, updated some libraries, zlib_noerror and deflate_noerror automatically increase the uncompressed size if needed (they use the same code of unzip_dynamic), Xmemdecompress with automatic decompression of Xbox files compressed with xbcompress (lzxdecode and lzxnative), lzma_dynamic with automatic scanning of the flags in case of failure, small fix for some gzip files, other small fixes and improvements, support for C enum, idstring information in -V mode, visualization of the last script line that caused the error, updated some libraries like lzma ZDI-12-163/ZDI-11-232, ZDI-12-114, ZDI-12-115, ZDI-12-100, ZDI-12-133, ZDI-12-148, ZDI-12-033, ZDI-11-351, ZDI-11-345, ZDI-11-329, ZDI-11-330, ZDI-11-320, ID954, ID953, ID973, ID974, ID975, ZDI-11-262, ZDI-11-263, ZDI-11-264, ZDI-11-245, ZDI-11-246, ZDI-11-235, ZDI-11-171, ZDI-11-170, ZDI-11-160, ZDI-11-161, ZDI-11-162, ZDI-11-163, ZDI-11-164, ZDI-11-165, ZDI-11-166, ZDI-11-156 (the material has been released as-is) review and better writing of quickbms.txt, source code extension H to C, -a can be specified multiple times for new arguments, new argument for the Append command to choose when and how write the new data, added new names for String operators, Endian can save the current endianess in a variable, Get line works even if there is no new line delimiter at end of file, last offset visualized when a compression fails, additional arguments for String printf, fix for base64_compress that wasn't handled, added comtype lz4_compress, new behavior of Debug command, base_offset argument for Padding command, negative index variable for get/putarray for taking and storing elements at the end of array, a positive value in goto SEEK_END is automatically converted in negative to seek correctly, fix for the filenames ending with .
or * to guess their extension, better colors for the hexhtml visualization, automatic handling of xcompressed files (\x0F\x F5\x12\x EE) in comtype xmemcompress, some malloc to calloc changes, new icon, changed major version number due to the huge amount of enhancements from 0.5 added the -S option for scanning only some signatures instead of all, -t for choosing the exact number of threads to use, -a for forcing a specific image address, -3 can be used to write the INT3 directly in the process specified by -P I have just released the proof-of-concept for the game vulnerabilities disclosed by Re Vuln in a paper related to the talk given at No Such Con #1 in May 2013 - Breach, Brink, Cry Engine3, Nexuiz (not the Classic one), Sanctum, The Haunted, Homefront, Monday Night Combat, Quake 4.
The bugs were all 0-days over one year ago and probably they are too.
fixed memory consumption with files without names, fixed unicode conversion with no delimiters, added a math/xmath operator for strings, added new comptypes for handling lzma/lzma2 without header/prop (like those used in 7z files, previously known as msf), added hmac hashing using "hmac algorithm", updated various compression algorithms, added variable5 type, added QUICKBMS_HEXHASHL for low case hash, can specify lzma prop using dictionary, fix for multi dimensional arrays, alignment in read/write process memory this is the dumb file mutation fuzzer I wrote in 2011 for my personal usage and was incredibly useful at that time.
I have decided to release it because I no longer use it, read for additional information and examples improvements for quickbmsver, *log with the xsize value used for reading aligned data (sometimes useful with block ciphers), fix for the xmath command that now works with unsigned numbers, String 'f' operator to filter non alphanumeric chars, improvements for the scexpand compression, added a new crc algorithm, option to use case sensitive variable names, additional work-arounds for gzip in case of invalid fields, encryption hash that performs hashing on the string specified as key if available (very useful), added tons of hashing algorithms thanks to sphlib fixed multiple If, endian guess VAR, handling of some unicode spaces in the scripts, implemented correct disabling of the secure allocation, Math with reverse operations, tons of new decompression algorithms and some new recompressions, hex visualization of the encryption key in verbose mode, some new experimental lzss window initilizations, update of some libraries, more details for the exceptions, more details for the lzma errors new features and improvements, large files support, the remote file is checked before downloading only if it's necessary, option -d for setting the output folder and -L for downloading a sequence of files (with incremental fields), multiple hosts, automatic concatenation of options that support multiple strings (like -c/s/M), optional milliseconds delay for the -l loop option, all the enhancements added in mydownlib automatic guessed extension for the filenames that have a dot or a * at the end, replaced the Scummvm RNC compression with the old one because it didn't work, fixed lzlib compression, updated various libraries, backtrace after crashes, Windows 8.1 fix, fix for Call DLL with a MEMORY_FILE of same name but different content, set VAR ? to allow the user to choose the content of the variable at runtime, If case sensitive if used the 'u' optional parameter, added ZPAQ compression, added more return values in case of lzma errors, usage of variables in encryption random, autostart with -9 if quickbms crashes just when launched, fix for open FDSE in gui mode, added the possibility of specify quoted strings on multiple lines with automatic \r\n added with each line, If statement with strncmp and added additional names for the other checks (like strstr, strcmp and so on), new alternative math/xmath operators, encryption xmath, encryption random (experimental), changed syntax for encryption math, new String operator S for splitting a string in multiple variables, a new compression, updated disasm engine, improved memory read/write function (process.h), fix for debug string visualization, filexor/filerot supporting also textual key, additional choice 0 (zero) for skipping all the existent files at runtime multiple conditions in the If statements, usercall calling convention, Next allows to specify a math operation, new compression algorithms, int3 option working also with compression and encryption, fix for String printf and int3 added some new compression algorithms, -k option to automatically skip existent files, usage of PAGE_GUARD instead of PAGE_NOACCESS to avoid issues with bugged drivers (Xonar and so on), experimental XMath command for multiple simple maths in one line added the Prev command to decrease a variable in a For cycle, comtype dictionary as variable if size specified, String C string with x operator, lot of new compression algorithms mainly from Scummvm, verbose -3 option, exception handler with additional info, \u unicode in C strings fix for offsets in FSB5, automatic fixing of mp3 files (removing of non-standard padding) and dumping of the first 1 or 2 channels for multichannel files to make them playable (use -m option to disable this feature).
for the moment this is an experiment so I will know if it works or not only in the next weeks/months.
the alternatives were protecting the single zip files or removing the executables fixed a bug in the reimporting in case of filenames starting with slash/backslash, added the RCN recompression, allowed the usage of the secure free() with non secure allocated memory (otherwise it's not possible to free memory allocated by external libraries) now that my proof-of-concept is out (yeah is the poc written by Microsoft in November 2011 using the example packet I sent to ZDI) I have decided to release my original advisory and proof-of-concept packet written the ...
full-disclosure as usual :) added some new compression algorithms, optimization and customization of the secure allocation functions (they can be disabled using the option -9, needed in some occasions due to some limitations of this feature), fixed a bug that specified an input folder in case of selection of multiple files my website is and has ever been from the 2006 so check your bookmarks because lately aluigi.has continuos problems (temporary up & down from about 2 weeks).
note that it's a backup/mirror website that I switch as primary when needed so using you will catch ever the working website or alternatively mirror.if the main one fails modified to meet the *printf %n out-of-standard in use from Windows Vista, it's a shame that I must modify a perfectly working program for this reason moreover because the tool is linked to and not 8.0 or 9.0...
no comment added the EXECUTE method for both Comtype and Encryption, String scanf/strstr/strrstr, various new compression algorithms, usage of in reimport mode if the compressed size is bigger than the original one, fixes and optimizations it was only a quick automated experiment so it's nothing special or interesting at the moment, maybe requires additional research or just to be put in the trash.
there are 2 advisories but the bug is probably the same, sorry but I don't care now now it's no longer needed to specify the output folder when used from the command-line, added arguments to the Call Function command, enhanced the unzip_dynamic compression, fixed a bug in the recompression of XMem Compress finally an homepage for this project, many fixes and additions some of which are time, time64, clsid, ipv4, ipv6, assembly types (yes now it can be used as a quick assembler/disassembler), rotate, reverse and pc1 encryption, msf compression, new experimental input and outputs with SSL added to the socket interface, the -H option for a html output of the parsed file format and much more updated the supported calling conventions, added experimental support for network sockets and processes, various fixes for the write operations, added rotate encryption and a new useless option for the math one updated some libraries, added libkirk and nitrosdk, incremental xor and rot encryptions, aes ctr, added the new types: float, double, variable, variable2 and variant, new cool debug mode, various fixes, allowed the reimporting of nameless files (like 00000000.dat), experimental parsing of C structures, handling of multiline comments, added falcom recompression and dragonballz decompression added the experimental -r option that allows to reimport the extracted files or some of them without modifying the scripts (yeah finally it's possible), added the lzo1/1x/2a, gzip and lzss recompressions, fixed the behaviour of unzip_dynamic, fixed and enhanced the automatic extensions, File Crypt command, Math and Swap encryptions some optimizations like the real-time decryption (no longer uses the temporary file), options for specifying the password, encrypting/decrypting the file, the offset where starts the FSB data and even a minimilistic scanning the file added putbits, fixed a possible problem in write mode, added the R string operation, fixed the reading of the filexor/filerot keys, now the extracting of files non compressed and non encrypted should take almost no memory, experimental quickbms64_test version for archives and files bigger than 4 gigabytes, various fixes and enhancements fixed a bug in the -Q option, added the possibility to build custom packets to use with -d/-Q, fixed the building of gslist.cfg; note that the unavailability of games like Co D4 and Quake3 depends by the master server so nothing to do with gslist but if you need alternatives take a look at hlswlist, qtracklist and getsc optimizations only for the rebuild mode, now it automatically works also with files that include an header so the -R option is NO longer needed, fixed also a rounding math in the recalculation of the lenghtsamples field added the COMPRESSED method used to store big amounts of data in the scripts using less bytes (zlib plus base64), experimental support for libtomcrypt, the -E option that allows to change the endianess of a file on the fly by simply knowing its format and reading it, -d option for creating an output folder with the name of the input file, support for variables in Find Loc, support for SEEK_CUR and SEEK_END in Go To, rnc and pak_explode compressions, r operator in String for reversing strings and = for converting numbers to strings added some enhancements to the Print command, encryption mode for rot, an experimental printf-like operator for the String command, variable used for the Padding command, small fix in the Open command added the -F option that returns the addresses of the executable's instructions which refer to the found signatures (only the first one in case of multiple references), added the -3 option that executes a program placing an INT3 (maybe one of those obtained with -F) in the desired address of the process, added support for big endian ELF executables, fixed the parsing of Windows PE files on Linux big endian, fix in the calculation of the 64bit CRCs some micro enhancements, added the possibility of recompressing data with the zlib, deflate, lzo1, bzip2 and XMem algorithms (note that Quick BMS is and will remain an extraction/unpacking tool so this is only a just-for-fun feature) added support for the WCX plugins used in Total Commander, added tons of new encryptions, support for CRCs of any type, updating of some external libraries (like zlib, lzma and ppmd), some small enhancements and bugfixes automatic folder and extensions when it's used no filename in the *log commands, reintroduced all the openssl algorithms manually, fixed and enhanced some features of Call Dll, changed the behaviour of lzhuf (it took the decompressed size from the data), improved handling of less known gz/z files, added the pack compression, note: remember to check ever the list of available scripts because I update and write new ones often, for example majesty2is now complete and compatible with any version added unsigned If/Elif/Else, some new compressions or enhancements, radix and power math operations, some new and useless Set types, byte2hex/hex2byte/compressions/encryptions/toupper/tolower in the String command, support for any encryption and even any hashing algorithm supported by Open SSL, usage of dlls as MEMORY_FILE in Call DLL, support for any calling convention: msfastcall/borland/watcom/pascal/safecall/syscall/optlink/clarion, reset of memory file positions in case of multiple input files, fixed a micro bug when using comtype2_scan, exe compiled with the latest Open SSL (that's why its bigger) command-line servers browser based on the list of game servers provided by the Electronic Arts master servers commonly called fesl or theater and supporting various games for PC, Xbox 360 and PS3 like Battlefield Bad Company 2, Battlefield Heroes, the Need for Speed series, Skate and others for which don't exist alternative listers added only an additional work-around useful with some XMem Decompress streams, the possibility of specifying a wildcard for Scan Dir not only through -F but also in the same script, bzip2_file for decompressing bzip files without knowing their output size, -a option for specifying variables visible inside the bms scripts, this allowed to use a new comtype_scan2script for testing all the supported compressions without editing it added the Get Bits command, the possibility of calling functions without restoring the variables at the moment of the call, removed the problem of using the Log commands with filenames that have a number as first char I have ONLY changed Z_DEFAULT_COMPRESSION to Z_BEST_SPEED in rebuild mode, this is done to prevent a bug of the game (NOT of my tool) that crashes on slow computers even with the original packages (thx JH Im) added the xxtea encryption, calldll with memory_file, asking of deleting the TEMPORARY_FILE if used, possibility to use stdin as input file (use -), the For instruction now can be initialized with any math operation (example: For i -= 10 To FILES), Put/Put DString/Put CT commands which allow to write inside a file/memory_file, compression algorithm used in STALKER and some minimal things (for example: Set VAR1 = VAR2) added two new compressions, fixed a DEP compatibility in the Call Dll command and added another path for searching the dll to import, added the possibility of using a variable or memory file in the Encryption command, the SCRIPT MESSAGE alert showed by the Print command is now placed on stderr fixed a bug in the algorithms used in Open SSL where the non-padded data was wrongly decrypted at the end, major DEP compatibility with the imported dumped functions (like tzar_lzss, unlz2k and so on), a possible minimal speed/memory improvement and added the compression used in Dungeon Keeper 2 added tons of new compression algorithms included the conversion of any base (like base2/binary, base8, base32 and so on), better disposition of the source code, implemented the scanning feature for all the compression algorithms fixed and optimized the scanning of the input folder, added the manual choice of an alternative filename if the one got from the archives can't be saved and added a couple of non-important compressions and encryptions added CSI 5 Deadly Intent and solved a bug in the modified blowfish algorithm (don't worry I have already personally verified each file extracted from the recent games for excluding any problem/corruption) added the ICE encryption, uuencode, ascii86, yenc, compression used in the games of 49Games, mszh, the fullname data type, changed the behaviour of the not and negation operators in Math since now it's taken var2 as input (so now are used both the variables) and added the N (negative) and A (absolute) operators added support for plugins and/or custom functions through the Call DLL command, added the unmeng and unlz2k compressions, added a fake 64bit type of variable (fake because Quick BMS works only with 32bit numbers) implemented all the encryption functions of Open SSL through its great EVP interface, added some new compression algorithms, added some enhancements like the configuration of the lzss parameters and Put Var Chr which auto-reallocate the variables added the compressions huffboh, ucl/nrv, dmc, uncompress/lzw, lzhuf, lzari, rle7, rle0, rle, added the encryptions twofish, cast5, seed, serpent, aes-cfb128, fixed lzssboh and idea, added a new switch in Encryption for selecting the encryption mode (default is decryption), added the possibility of specifying a dictionary for the lzo and zlib/inflate compressions, added the visualization of the elapsed seconds for the extraction added the decryption of the Connect Cache cookies used by Steam beta (totally useless) and added some command-line options for the decryption of custom fields like Key and Account Record Data and their dumping in a file because these fields contain raw data solved a small bug when a compressed file has a size equal to zero, added support for XMem Decompress and some lzw variants, added the idea encryption.