Michael Rothfuss

My Projects

dynamic window manager

I am working on a Window Manager for use on both the X Window System and Microsoft Windows. It takes all of its inspiration from dwm, and will be using code from both dwm and dwm-win32.


When I started college, I wanted to study Computer Science. Apart from the Bioinformatics course I took my very first semester, I was extremely bored by my assignments. To maintain my sanity, I began learning more about networking. I enjoyed reading about the various exploits that had been discovered throughout history. What I found thrilling though, was to challenge myself to discover new ones.

TCP: Maxed Out Send Queue

This program is a bit evil. After establishing a normal connection to a server, the client makes a request to the server that invokes a large response. The client ignores the data it recieves, and continues to make requests that cause more data to be added to the server's Send-Q. Overtime, the Send-Q for this connection will reach its limit. When I tested this against one of my GNU/Linux servers, it caused all TCP communication over the target port to freeze until I disconnected my client.

TCP: Lots of Connections

I built a very lightweight C program that can create an arbitrary amount of connections to a host while using a static amount of RAM. This was just an experiment, it is not very useful.

Knight OnLine

KOL is an MMORPG that originated from Korea. I started playing this game with a good friend of mine while we were in middle school. Once I was in high school and my interest in computers really started to take off, I taught myself x86 Assembly, C, and C++. I used these languages to build a few programs to play with the game some more.

Packet Logger

I built a program using C++ and WinPcap to monitor game network traffic without interfering with the game executable. The game used a pair of keys to encrypt network data: one hardcoded in both the server and the client, the second is sent over the network prior to establishing encrypted communications. These keys were used together in a modified XOR cipher.

Password Hasher

KOL passwords have evolved over time. Originally, passwords were stored and transmitted in plaintext. Then the passwords were switched to MD5 checksums, and eventually a custom hash function was implemented. Using my favorite Win32 debugger, OllyDbg, I located my password in the client RAM and followed it until I discovered the hash function. From there, line by line, I translated the function into a C program.

Table Importer

In the KOL game client, information about monsters, zones, items, skills, etc were stored in table files that matched server-sided SQL tables. These table files started with a header, which defined the number of columns, number of rows, and each column's data type. To prevent malicious users from editing the client data, these tables were encrypted. I wrote a C++ program to decrypt the tables and import the data into a MySQL database.