Tuesday, August 24, 2010

Kaillera Resources

Okay, let's dive into the wild world of Kaillera and where we can find useful information about it.

An open source kaillera client is available here: http://sourceforge.net/projects/okai/files/

An open source kaillera server is available here: http://sourceforge.net/projects/emulinker/files/emulinker-kaillera-server/

The best known documentation of the kaillera protocol is here: http://www.emulinker.org/index.php?page=Kaillera_Network_Protocol

To run Kaillera, we need:

-Game system emulator (n64, mame, etc); http://www.emulinker.org/index.php?page=Emulators

-Kaillera client.dll (standard emulators come with this client) : http://www.kaillera.com

This can be replaced by overwriting it in the directory with a new kailleraclient.dll file.

Note: By downloading these programs you do so at your own risk, as they are known to have unfixed security vulnerabilities.  The kaillera.com client in particular is probably 8 years old and has some issues.


 Several alternate clients used are Ownaclient, Supraclient, and the open kaillera client I mentioned above.

However, all of these clients contain numerous vulnerabilities, including remote buffer overflows.

The unique problem of Kaillera security is that there are no active developers out there right now who can fix these issues, and all known kaillera clients are vulnerable.  Therefore, I will have to say less than I desire to protect the users at the moment.

For the safety of Kaillera end users, someone needs to help patch these programs or simply release a new, better coded kaillera client.  Please contact me if you have any suggestions or solutions regarding this.

Monday, August 23, 2010

First Kaillera Blog Post!

Hello everyone,

Welcome to my blog!  This will be a useful place for me to post on Kaillera, as I have been spending a lot of time this summer trying to figure out the network protocol, writing a pretty basic client in perl for it, as well as looking at various security issues in kaillera clients and servers.

This blog will be updated with various details of those things no doubt.  I will keep security information rather vague for now since many issues remain to be fixed. 

Enjoy!