logo1 (70K)


1. About me - a short description of Andreas Toresäter

2. Projects history - all major projects I have done and a listing of techniques used

3. Competences - listing of my areas of expertise

4. References - Websites, personal references on request


About me, Andreas Toresäter

- reverse engineer and software development expert
I grew up in Enköping a small town in Sweden, after my millitary service I moved to the capital, Stockholm and started to study at the Royal Institute of Technology. The first two years I followed the coriculum of vehicle construction which is a very mathematics and physichs heavy education. However my big interest in programing drowe me to switch to the dataology faqulty.

1999 I started my first company, a one man consultancy firm. The firm mainly did work for a big international medical manufacturing corporation, Orion Pharma AB. There I developed their international intranet and a few other business systems, including an IT support help desk and a storeage database. I also created a series of shareware network tools as a side business. I operated my company in parallell with the last years of University.

In 2003 I started the work on PokerOffice with a friend from school. The work evolved into an interesting product and in 2005 we founded PokerOffice AB (a private shareholders company with a passive investor). In 2007 I sold most of my shares to a consortium of investors, I sigend a contract for two years and stayed on as software architect and reverse enginer at PokerOffice AB.

In 2009 I decided that I wanted to be in charge again and be responsible for all the decisions regarding my work. Hence I started a new one man consultancy firm, with a secondary business of creating smaller applications. If you want me to take a look at some project or if you have a problem you think I can help you with, don't hesiatate to contact me
via email or phone +46(0)763490950


Projects History

International Intranet and Business systems (1999-2003)
I worked as consultant for Orion Pharma AB creating their intranet and a few web based bussines applications using ASP, Exchange and MS SQL. On these projects I was the main responsible for all functionallity and created all the software myself. DHTML, Java Script, ASP and databases was used to create dynamic and easily editable pages for the employees and exectutives.
  • Very large ASP project deployed on Microsoft's webserver IIS
  • Database design, normalization and optimzation of several very large databases in Microsoft SQL Server.
  • Exchange server integration, both in and outgoing data.
  • Java Script for dynamic menues and other dynamic content.
  • Interactive intranet where users have different access rights to different pages.
  • Administrator users have the right to edit or add to the pages and dynamically add the informaton to database.
  • Document integration, presenting Excel, MS Word and PDF files in a seamless manor.

    Distributed security tools 2000-2003
    I did a few client and server/client applications in Java during this time. The focus was network security and auditing which I did for learning and personal interest in this area of programming.
  • AET Tracer (Pro/Lite) collection of network tools also including an abuse (hacking/spam etc) reporter.
  • Can track the real source of any email or IP address.
  • Graphical trace route function with linked Whois information for each node.
  • One click interface to continue auditing the target with any external software.
  • Six of the most common firewalls log's are supported as in data
  • Chaining of proxy servers and forging of custom HTML streams.
  • AET Distributed Network Scanner which can be used both as a standalone client or a server/client pair.
  • Fast multi-threaded Ping, port, smb, name, and smtp scans.
  • SWISS, a webinterface for a modified version of AET Network Scanner's server.
  • AET Tracer was used by the SANS institute for the education of network security experts.
  • The Tukish military tried to reverse AET Tracer Pro and circumvent the copy protection.

    PokerOffice (2003-2009)
    This project occupied me for quite some time, late 2003 me and a friend started working on a statistics tool for internet texas hold'em. The idea was to create a software which would take all hands you played, break them down, store them in a database and then produce reports, graphs and statistics. When I started working on the parsing of hand history data I also looked at some existing software for internet poker. There was at the time one or two odds calculators wich calculated outs and pot odds for poker hands. I reverse engineered them and saw that they in fact used memory reading to get the information in real time. I wondered why this realtime aspect had not yet been introduced in any statistics application and decided that we must try that out. It became a great sucess and we got a really good response to our first release. Everyone was exited about this new kind of poker software and there was even talk about cheating and that PokerOffice was the end of internet poker. Since the first version I worked on 80 plus upgrades to the software, we released two new major versions during my time at the company and had over 30 000 users when I left in 2009. Take a look at www.pokeroffice.com for the PokerOffice home page.

    Working with this complex and advanced software I got the opportunity to specialize in many aspects of software development. I was responsible for designing and implementing almost all steps in the product cycle from system design and development, pacakaging, product installation, licensing and the busniess system handling customers and sales.

  • Database design and implementation in Java with McKoi and MySQL.
  • Reverse enginering of third part poker clients using debuggers, memory readers, decompilers, dependency walkers, API hooks and other tools. An API of the poker games complete state in real time was required to build our application.
  • GUI design and implementation in Java. Most common controls available is used in PokerOffice and I have also created many custom controls.
  • API hooks, API spies, memmory scanners and even screen scraping routines based on the result from the reverse enginering.
  • Message hook in C++ to control what keyboard and mouse actions is let through to the poker clients.
  • C++ to Java connection using JNI. The C++ hooks and memory reading etc is best done in native code and the rest (GUI, text parsing, database, calculations etc) in Java.
  • Copy protection system using Java byte code obfustaction (RetroGuard) and a custom built source code encryption system with a sub-classed class loader to add extra security. Note: it took the cracking/hacker community three years and many tries to break our copy protection. When they did we easily scaled the code to use online licenses which still works good.
  • Packaging and product installation using NSIS (Nullsoft Scriptable Install System) to set up all copying of files and registry editing etc.
  • Business system in PHP using MySQL databases on a Linux Apache server, integration of several affiliates and Google analytics.
  • Online licensing system with reoccuring fees using a client part in Java and a distributed server part in PHP/MySQL. A syncronized worldwide network of HTTP/MySQL servers is used for best redundance and minimal downtime.
  • Setting up and designing a SVN versioning system for the developers.



    AETBot and ArenaHelper (2009-present)
    These projects goes deeply into the realm of reverse enginering in general and third part memory handling in detail. The actual proof of concept is that I want to show that it is possible to build a very advanced bot which can not be detected by Bilzzards anti cheat detection, aka Warden. Most bot are created with code injection and/or api hooks. Both are fairly easy to detect since they modify the process in some way or an other. There are of course a lot of different ways to hide that you inject or hook, but, then there are always ways to detect the hiding and so the battle between software developers and hackers continue. My approach is instead built on memory reading only. All interaction with the process is done by simulating mouse and keyboard so there is no way to discern the bot from a real human user.
  • Reverse engineering with Olly dbg and IDA Pro, to get the game state and objects from the WoW process.
  • Memory reading and bot AI was coded in C++
  • Dialog based GUI created with MFC.
  • Simulation of human like mouse and keyboard actions using AutoHotkey and C++
  • Message hook capturing mouse and keyboard to be able to filter or manipulate the input.
  • Online license system built in C++, PHP and MySQL.


    Competences

    Languages
  • Swedish
  • English
  • Some German

    Programming Languages
  • Java
  • C, C++
  • Perl
  • Pascal
  • AutoIT
  • BASIC
  • Modula 3
  • Mozart
  • PHP
  • ASP
  • HTML, DHTML
  • JavaScript
  • RegExp
  • SQL

    Techniques and Systems
  • System development
  • Software development
  • System architecture
  • Reverse Enginering
  • Encryption and Decryption techniques
  • Client/Server techniques
  • GUI programming Java
  • GUI programming C++/MFC
  • Mobile agent systems
  • Network systems
  • Databases, design normalization etc.
  • CGI using Perl
  • J2EE
  • Syntax analysis
  • Ant
  • NSIS, Nullsoft Scriptable Install System
  • MS SQL Server
  • MySQL
  • MS IIS, Internet Information Server
  • Exchange Server
  • Eclipse
  • Borland Jbuilder
  • Visual Studio
  • Apache Server
  • SVN
  • CVS
  • Windows OS
  • Linux OS
  • Unix OS

    Other
  • Car and Motorcycle drivers license