Understanding a Cheap Character's Tier

Cheap Tier Ranking: (WIP)

Before we begin, we must start from the assumption that we need to evaluate a character's tier based on the technology it uses to attack the enemy, rather than the technology it uses for its own functioning. (However, there may also be special cases where we are actually forced to evaluate them based on the technology they use.)

This distinction is important because many cheap characters use buffer overflows to load their code. For example, if we consider that a character is a Supernull simply because it uses CMDOF, this makes no sense - since all modern cheap characters use buffer overflows, for example, to configure their Anti-Malware code. And yes, even God characters use buffer overflows, so things can become very confusing!

Tiers do NOT apply if the character uses exploits or bugs solely for effects or other reasons that do not attack the enemy!

If the character only uses exploits for effects, then it's not a cheap character! (...and that makes sense too.)

Below God

If the character doesn't use exploits or bugs (or uses them not to attack the enemy, as mentioned above), then their tier depends entirely on their AI difficulty and attacks.

God

A character is a God if it does not attack the enemy directly, and therefore does not specifically tamper the enemy's memory structure. Instead, it uses the engine's bugs to indirectly tamper with the enemy's data.
So check for projectiles, statedefs and helper's behaviours!

• They may use DtC/AtC or buffer overflows that modify the engine's memory.
• However, this is not important, as such technologies are usually only used to create effects, add features, or simplify coding for the author.
• Attacks like %nF1 modify the engine's memory via DtC. This places the character in the Null tier. (hence why it is banned in tournaments).

Null

A character is a Null if it uses technologies such as %n (Stecon Overflow, Variable Expansion, or DtC/AtC that simply write single bytes into memory) in order to directly modify the engine's or enemy's memory values to defeat the opponent.
Check for Null state controllers which contain integer variables numbers over 59 (or float variables over 39, both called extended variables), simple DtCs which have %0d%n or only %n as their "text" parameter or statedefs which contain over 512 Null/Turn state controllers!

Note: %f belongs to the Void tier!

Void

A character is a Void if it uses %f technology (often a chain of DtC state controllers or Variable Expansion) to create shellcodes inside the engine's memory and execute it in order to defeat the opponent.
Check for chains of DtC state controllers which have %*d%n%d and %f/%g/%e at the last state controller as their "text" parameter or extended variables which write huge numbers in addresses!

The difference between Null and Void is simple:

• Null: Only modifies values in memory.
• Void: Writes the shellcode in memory and executes it.

Secretary

A character is a Secretary if it uses an external file that launches MUGEN with its own parameters or is executed while MUGEN is running. But it should be noted that the Secretary tier has two subtiers: Low Tier and Top Tier.
Check if the character has EXE or BAT files!

• Low Tier Secretary: Uses a BAT/EXE file to run MUGEN with specific parameters (Ced's Zaphkiel is an example, which "attacks" P1 by putting -p1.life at 0.).
• Top Tier Secretary: Uses a BAT/EXE file that executes while MUGEN is already running, modifying memory or creating external threads/processes to defeat the opponent.

Postman

A character is a Postman if it contains .BAT/.HTA files that launch MUGEN externally in order to win.
Check if the character has BAT or HTA files! Remember to always check the code inside of it!
Its sub-tiers are:

• Low Tier Postman: Launches MUGEN with a dummy file as the P2 DEF parameter.
• Mid Tier Postman: Modifies the enemy's files and then loads them into Quick Versus in order to instantly win.
• Top Tier Postman: Uses a command-line exploit to seize the engine's internal control, allowing shellcode injection during the match.

This tier is quite controversial in the cheap community, since technically, the enemy is never truly defeated, as it is never loaded. (Top Tier excluded.)

Supernull

The Supernull tier is rather difficult to understand as these cannot usually be identified without low-level programming and debugging skills. The exact tier often depends on the author's opinion!
Check if the character contains file with a buffer overflow or a ROP if you're on 1.x, or simply debug the character's assembly, if you know what you're doing.
This tier is divided into three main sub-tiers: Invoker, Replacer, and Reloader.

• Supernull (without subtier): The character has a buffer overflow in a file/multiple files (CMDOF, FBOF, DBOF), and the shellcode directly attacks the enemy without loading external DLLs/EXEs, without rebooting MUGEN or replacing roster characters. (by creating threads, modifying the engine's image data, etc.)
• Invoker: The character uses threads/codes to attack the enemy from its DLLs or external processes.
• Replacer: The character's shellcode replaces the characters in the roster with its dummy DEF.
• Reloader: The character's shellcode restarts MUGEN to instantly win.

But what tier does the character belong to if, for example, they use a DLL to restart MUGEN in order to win? Is it a Reloader or an Invoker?

If a DLL is used to restart MUGEN, the tier is Supernull:Reloader, not Invoker, because the reboot is the primary attack vector!

If the character is only a proof of concept or a demo (like Take's MUGENPaint), it is simply categorized as a Supernull. This is one of the cases where we must evaluate based on the technology used.

Hypernull

A character is a Hypernull when its code is loaded while MUGEN is loading characters from your select.def file, essentially when the engine starts loading. Typically this is achieved with a specially crafted ZIP file or with a modified init.lua file or even a ROP in the DEF file if we're using MUGEN 1.1. Sub-tiers mirror those of Supernull.
Check if the character contains a ZIP file with around 16 KB of filesize, or, if you know what you're doing, debug the character's assembly.

Ultranull

A character is an Ultranull when its code is loaded while MUGEN is initializing its module libraries. This means the shellcode is embedded in a crafted DLL file loaded during engine startup. Sub-tiers mirror those of Supernull.
Check if the character contains a DLL file with known names, or simply debug the character's assembly, if you know what you're doing.

Anti-Malware

The Anti-Malware tier is the only one where we are forced to classify characters by the technology used, since Anti-Malware characters may not attack the enemy at all.
Ask for the author or read the README, if it contains the character's tier, or simply debug the character's assembly, if you know what you're doing.
Identification methods include:

• Driver: Characters come with drivers, typically .SYS files. Always inspect them! Some may be fake, containing only text or CNS code despite the extension!
• Registry: The character modifies registry keys, causing specific executables to run automatically when the operating system starts.