======================================================== +HCU Maillist Issue: 81 12/07/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: Re: +HCU meeting security #2 Subject: Soft-Ice Win16 Imports #3 Subject: Attn +RCG #4 Subject: Re: Cracking Photoshop? #5 Subject: Re: +HCU ML Repository! ARTICLES: -----#1------------------------------------------------- Subject: Re: +HCU meeting security > I admire your courage :-) However, I would not like to put this to >the test in the UK. Unfortunately in this country we have seen >several I would propose that, if there's a convention at all, it should be held in the netherlands. Now don't think of me as a pothead or dutch patriot, I neither smoke weed nor am I dutch, but the Netherlands had NO LAWS at all concerning "hacking/cracking" two years ago. I don't know whether that has changed, anybody familiar with the dutch judicidal system ? If there's no law against cracking, but only against computer piracy, I don't think we have to fear a lot. But most european countries have quite a few and quite draconian laws against software piracy, so, as I already mentioned, those of you who are well-known in the warez-scene shouldn't use their "real" handles when they arrive. HIP went by with no legal consequences for anybody, although many well-known people from the european H/P scene joined, of which some are in legal jeopardy. I wouldn't recommend a meeting in France, since they have a pretty strong anti-computer-fraud-squad in their police, nor Germay, since I've been arrested for no reason at all during the anti-Europe/Maastricht convention in Essen, although I did not have anything to do with it. I can't speak for Italy or Spain, since I've never visited these countries, and neither do I speak their language so they aren't among my favorites :-) >instances of the police overstepping their authority when it comes to >computer issues....although of course in theory they should leave us >in peace, since we are not criminals :-) It might happen that we get some Feds into our "convention", but I seriously doubt that any arrests will be made. Even getting them into our convention seems rather unlikely, since computer-fraud police is mostly active in UK and USA and France, while anti-warez lawyers take these roles in Germany and the NL . As long as we keep warez trading at our convention as low as possible, the chances of getting arrested in the Netherlands are IMHO almost zero. I'm not sure about France, there are a lot of rumors with not too many facts running around. Germany has his famous Gravenruth or something, who is know for hunting down warez people. He is NO cop, but a lawyer ripping people of from what I've heard. Problems might be the political aspect, since German cops are known to be pretty tough on political things, especially in fear of leftist terrorists and vandals. HalVar from Flake BTW: Anybody ever tried to rotate all letters of HAL in 2001 one to the right ?? 8-) Increase all of them by one :-) PPS: Thanks Rezident for your great tute, taught me how to do patchers :-) ______________________________________________________ Get Your Private, Free Email at ********************** -----#2------------------------------------------------- Subject: Soft-Ice Win16 Imports +Rezident: Ja, that is exactly what I mean (re: krnl386.exe, et al). Remember all that crap about thunking and Win16Mutex...16-bit and 32-bit apps call functions that can (unbeknownst to the programmer) remain in the 16-bit dll. It is rather unclear, but my understanding is that kernel or user or gdi calls get sent to the 32-bit dll, then thunked to the 16-bit dll if the function is an old/16-bit one. So all 16-bit apps (and some 320bit, BTW) use these Win16 versions of the core system files--hence their inclusion in 95--and therefore it is good to include their exports in softice (also, the size of 16-bit user and GDI files is almost double that of their 32-bit counterparts; guess everything isn't 32-bit now, is it?). And how goes Linux, BTW? I am more and more of a convert to that OS every day, ever since I discovered shell scripting and the 1K cluster size. In fact I've started to use my 95/NT machine only for its IDA, its SoftIce, and its Netscape....all programming is now strictly Linux, which is where it belongs ;) And I gotta tell you, Linux on a laptop is the most fun you can have! mammon_ ______________________________________________________ Get Your Private, Free Email at ********************** -----#3------------------------------------------------- Subject: Attn +RCG (if you read this list...) Hotmail dropped my mail & I lost your email address. Contact me re the 95 DDK listing, ******************* _m ______________________________________________________ Get Your Private, Free Email at ********************** -----#4------------------------------------------------- Subject: Re: Cracking Photoshop? > Does this mean that the save code is actually in the program? (e.g. >have you been able to get up the save dialog boxes and save a file?). >If so, I'd be very interested in this....I took a (very quick) look at >one demo version of Photoshop, it seemed to be deadware... I haven't been able to save it yet, if I had I wouldn't be asking any questions about it, as the crack would be complete! Looking in the source code though, there are references to GetSaveFileNameA so I have assumed the code is there. I got the demo from an Austalian magazine called PC Authority, for 5 dollars... -----#5------------------------------------------------- Subject: Re: +HCU ML Repository! Hey .+MaLaTTiA. Thanks for providing the cool page. Do you have the source code for the java applet that searches the pages? I would like to have a play around with it.... +Alt-F4 =====End of Issue 81==================================== ======================================================== +HCU Maillist Issue: 82 12/08/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Attn: Zero #2 Subject: One maduro and a malt later... #3 Subject: Web repository address #4 Subject: Win 16 functions.... #5 Subject: locations... ARTICLES: -----#1------------------------------------------------- Subject: Attn: Zero Here is your reworked IDC script (BTW, you were right about using Rnext0, etc...I was a bit hasty): #include static main(){ auto ea,x,f_end; ea = ChooseFunction("Select a function to parse:"); f_end = FindFuncEnd(ea); Message("\n*** Code References from " + GetFunctionName(ea) + " : " + atoa(ea) + "\n"); for ( ea ; ea <= f_end; ea = NextAddr(ea) ) { x = Rfirst0(ea); if ( x != BADADDR) { Message(atoa(ea) + " refers to " + Name(x) + " : " + atoa(x) + "\n"); x = Rnext0(ea,x); } while ( x != BADADDR) { Message(atoa(ea) + " refers to " + Name(x) + " : " + atoa(x) + "\n"); x = Rnext0(ea,x); } } Message("End of output. \n"); } Stay tuned for the recursive + entry point versions! mammon_ ______________________________________________________ Get Your Private, Free Email at ********************** -----#2------------------------------------------------- Subject: One maduro and a malt later... OK, I've got the hang of this IDC language now. I've developed three functions, the first being recursive verison of the adaption of Zero+'s original, the next being a recursive tracing of calls from the entry point(s), and the third being a version of the second that writes the output (which will exceed the message window size for large files) to a file of your choice. I'll present only the first and the third here to conserve space; they should suffice to demonstrate: 1) // Func_tree.idc code per mammon_ ("use, steal, change, but do not claim.") // Outputs to the message window a recursive tree of the calls in a function #include static OutputLine(ea, x, nest){ auto j; for ( j = 0; j <= nest; j = j + 1) { Message(" "); } Message(atoa(ea) + " refers to " + Name(x) + " : " + atoa(x) + "\n"); } static GetXrefs(ea, nest){ auto x; nest = nest + 1; x = Rfirst0(ea); if ( x != BADADDR) { OutputLine(ea, x, nest); GetXrefs(x, nest); x = Rnext0(ea,x); } while ( x != BADADDR) { OutputLine(ea, x, nest); GetXrefs(x, nest); x = Rnext0(ea,x); } nest = nest - 1; } static main(){ auto ea, x, nest, f_end; nest = -1; ea = ChooseFunction("Select a function to parse:"); f_end = FindFuncEnd(ea); Message("\n*** Code References from " + GetFunctionName(ea) + " : " + atoa(ea) + "\n"); for ( ea ; ea <= f_end; ea = NextAddr(ea) ) { GetXrefs(ea, nest); } Message("End of output. \n"); } 2) // Entrytree_out.idc code per mammon_ ("use, steal, change, but do not claim.") // Outputs to a file a recursive tree of the calls from each entry point of the file #include static OutputLine(ea, x, nest, OutFileH){ auto j; for ( j = 0; j <= nest; j = j + 1) { fprintf(OutFileH, " "); } fprintf(OutFileH, atoa(ea) + " refers to " + Name(x) + " : " + atoa(x) + "\n"); } static GetXrefs(ea, nest, OutFileH){ auto x; nest = nest + 1; x = Rfirst0(ea); if ( x != BADADDR) { OutputLine(ea, x, nest, OutFileH); GetXrefs(x, nest, OutFileH); x = Rnext0(ea,x); } while ( x != BADADDR) { OutputLine(ea, x, nest, OutFileH); GetXrefs(x, nest, OutFileH); x = Rnext0(ea,x); } nest = nest - 1; } static main(){ auto ea, x, i, nest, f_end, EPOrd, OutFileH, OutFName; nest = -1; OutFName = AskStr("ida_out.txt", "Enter output filename: "); OutFileH = fopen(OutFName, "wt"); fprintf(OutFileH, "\n*** Code References from " + GetFunctionName(ea) + " : " + atoa(ea) + "\n"); for ( i = 0; i < GetEntryPointQty(); i = i + 1) { fprintf(OutFileH, "Entry Point " + ltoa(i, 10) + "\n"); EPOrd = GetEntryOrdinal(i); ea = GetEntryPoint(EPOrd); f_end = FindFuncEnd(ea); for ( ea ; ea <= f_end; ea = NextAddr(ea) ) { GetXrefs(ea, nest, OutFileH); } } fclose (OutFileH); Message("End of output. \n"); } ********** Simple, eh? Just like C ;) I'll post the next ones at my site or "by request". mammon_ ______________________________________________________ Get Your Private, Free Email at ********************** -----#3------------------------------------------------- Subject: Web repository address Hi! As you all know Malattia made a wonderful web page for the maillist with the old issues. However the url of his page was too long to fit into the header of the issues :) therefore I made a url redirecter at Monolith which points to his page. So the official address of the mallist is ************************ now. This also has the advantage that if he has to move for some reason he just updates the link at Monolith to point to the new page. bye Zer0+ -----#4------------------------------------------------- Subject: Win 16 functions.... Hi mammon, > Ja, that is exactly what I mean (re: krnl386.exe, et al). Remember > all that crap about thunking and Win16Mutex...16-bit and 32-bit apps > call functions that can (unbeknownst to the programmer) remain in > the 16-bit dll. OK, thanks, I'll pass this on... > And how goes Linux, BTW? I am more and more of a convert to that OS > every day, ever since I discovered shell scripting and the 1K > cluster size. In fact I've started to use my 95/NT machine only for > its IDA, its SoftIce, and its Netscape....all programming is now > strictly Linux, which is where it belongs ;) And I gotta tell you, > Linux on a laptop is the most fun you can have! I've not got a laptop, so I can't say, and my Linux box isn't connected to the Internet, so its not as much phun as I would like - nevertheless, I quite like it. I'm getting a bigger HDD (4.3GB, my 1.6GB is way too small) so I will be able to install X-Windows and everything...Netscape is available for X-Windows as well...BTW, do you know of any good WP programs for Linux? I've been using the joe text editor (I'm not a vi wizard ATM :-)) for awhile, but its not exactly a WP.... Cya, +ReZiDeNt -----#5------------------------------------------------- Subject: locations... Hi HalVar, > I would propose that, if there's a convention at all, it should be > held in the netherlands. Now don't think of me as a pothead or dutch > patriot, I neither smoke weed nor am I dutch, but the Netherlands > had NO LAWS at all concerning "hacking/cracking" two years ago. If this is still the case then somewhere like that is probably not a bad idea... > been arrested for no reason at all during the anti-Europe/Maastricht > convention in Essen, although I did not have anything to do with it. Woa! That will keep me out of Germany :-) > BTW: Anybody ever tried to rotate all letters of HAL in 2001 one to > the right ?? 8-) Increase all of them by one :-) Yes, that was where the name HAL came from - I don't know whether this was with IBM's blessing or not though... > PPS: Thanks > Rezident for your great tute, taught me how to do patchers :-) No problem, glad it helped! :-) Cya, +ReZiDeNt =====End of Issue 82==================================== ======================================================== +HCU Maillist Issue: 83 12/09/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Re: Spain's computer laws #2 Subject: Am I being ignored ??? #3 Subject: Stripping addresses #4 Subject: java applets #5 Subject: How to avoid getting arrested #6 Subject: OK for Niederland #7 Subject: Stack-RegNum tracing #8 Subject: BoundsChecker V SmartCheck ARTICLES: -----#1------------------------------------------------- Subject: Re: Spain's computer laws Hi all! > anything to do with it. I can't speak for Italy or Spain, since I've > never visited these countries, and neither do I speak their language so I spoke to a friend of mine, who is a native of Spain. She told me that the penalties for software piracy are somewhat high, but since it is very difficult to convict someone, that the Spanish government usually ignores it. She also stated that as long as we did not cause any trouble and we were there just for a convention, that the authorities most likely would not interfere. I will be talking to someone who is into the warez scene in Spain, so I should have a more thorough description soon. CodeLib -----#2------------------------------------------------- Subject: Am I being ignored ??? Hi all !!! It is a dificult thing I want to write today. I don't know if it is just me, or my postings are being ignored ? I have asked two times for help on WebSeeker, and onece for Mgphx. I didn't get any answer (Even a " It is to lame, do it Yourlsef !") I know that some of You are busy, i know that the proggies are oldies, but I want to crack them. As far as i remember this list was intended for purpouse of asking for help. I'm not asking for ready made cracks, i'm only asking for tips, or clues. I know that most of us don't know where their notes are, but even if You have made the crack a long time ago You should at leas remember the approach used ... If I'm being ignored for a reason, then please tell me what is it, because i'm getting a bit frustrated, not reading a word of answer to fairly easy (for You) questions. With best regards KUBAK -----#3------------------------------------------------- Subject: Stripping addresses Hi All! As you have maybe seen yet, I'm stripping internet addresses from the issues of the ml published in my page... to do this, I've written a little program which looks for every string containing ******* and **** but as I've seen many addresses without "http" or "ftp" headers, I've added the ****** string too... so, if your address doesn't start with ****** and you don't want it to be published, please remember to add ********* before it. I'll always give a look to the files before uploading them, but it's better if you make the program check (I'm not perfect... :)) byez, .+MaLaTTiA. -----#4------------------------------------------------- Subject: java applets Hi +Alt-F4, hi All! :) > Hey .+MaLaTTiA. > Thanks for providing the cool page. Hey, your satisfaction is my pleasure ;) > Do you have the source code for the java applet that searches the pages? Sure! Its address is: ******************************************************* > I would like to have a play around with it.... It's good: I have just downloaded it and used without any change... if you happen to make it better (maybe faster... it would be SO nice!), please tell me and let me put it on the ml page... :) Listen, I've seen your essays and I think you should know java well, don't you? I've got a question for you: is it possible to reverse engineer a .class file? Is there any decompiler/disassembler/debugger? Is it possible to get/change some information using SoftIce? I don't know java, but I'm beginning to study it... do you have any suggestion? THANX! :) byez, .+MaLaTTiA. -----#5------------------------------------------------- Subject: How to avoid getting arrested Hi +Rezident, > If this is still the case then somewhere like that is probably not a >bad idea... >> convention in Essen, although I did not have anything to do with >>it. > Woa! That will keep me out of Germany :-) Something VERY valuable I've learnt past then and which has kept me from being searched/arrested several times during demonstrations/dubious meetings: Press Identity Cards. If you're either student in school or in college, join some newspaper and write an article from time to time. Then contact your local "Junior Press Union" (or something like that, in Germany it is called DJP, in France UJJ or something) Those Cards will seriously intimidate policemen. During that arrest at the Anti-Europe convention, a friend of mine with such a card was able to leave the place where the police had surrounded the demonstrators, walk around freely and so on. This card is INCREDIBLY valuable. If there are cops, they'll usually leave you alone, and treat you BY FAR better than all the others. Even if they decide to take you to a police station for interrogation purposes, you can insist that you only attended to write an article about it. For all you people out of college: I don't know how to get a Card like that in your case, sorry, but if you can get one, get it ! HalVar ______________________________________________________ Get Your Private, Free Email at ********************** -----#6------------------------------------------------- Subject: OK for Niederland A dutch meeting is a good idea IMO, since +ORC seems as well to be dutch, this could be a very nice impulse to get him there :-) I have checked: States-Schipol flights are at the moment very cheap: 180 US dollars one way (charter), and therefore we could ever have some friends from the other site of the pond. Now our dutch friends should "manifest themselves" and find a nice place (small hotel/pension/summer house) and check the EU (and dutch) laws... btw you all still seem to believe that there are law difference between the various States of the European Union. >From a legal point of view this IS NOT TRUE. The difference may exist in their implementation, but unfortunately (and in many case fortunately) the European Union directives have PREDOMINANCE (from a legal point of view) on the Member States own laws, whatever the Member States or their disinformed citiziens think or belive or like or dislike about it. There are hundred of cases brought to the Luxembourger court (and won :-) by guys that did not liked a national law and discovered that it did not collimate with an european directive. Since the european directives are pretty liberal (most of the time), this is in our trade a VERY USEFUL fact, that we'll need if and when it comes to a lawyer's struggle. So once more, you must only check that the relative EU-law/directive/ prescription/whatever :-) has been ACCEPTED by the Member State of choice, a process that can take years. Once he has, his laws are toilet paper vis-a-vis of the EU-directive, which, I repeat, suits us pretty well in most of the case. Since "implementation" matters a lot, I would nevertheless agree on the Netherlands as a very good choice. I would be there. later fravia+ -----#7------------------------------------------------- Subject: Stack-RegNum tracing O.K., here's my first real "cracking" posting to this list. Excuse me if it is a bit foolish, but I'm really stuck here. My targer is a program called " PackagerMK1", and I succesfully cracked it by eliminating the right components of the "serial-checking" part of the code. But since I've never made a KeyGen before, I thought this might be a nice target to practice on. Now comes my problem: I tried a "backwards" approach, by going from the comp_loop backwards through the code. Now my problem is: After I traced back some code successfully, I had to find out that the program pops the finished correct serial off the stack, so setting a bpm on the location and then registering again in order to find out from where it's accessed doesn't work, since you get a hit on almost every push. Is it somehow possible to set a bp in SoftIce on something like "break if 88703434 is written to this area" ? Or should I try the "frontal" approach, by watching what the program does with my username ? H0lvar from Flake ______________________________________________________ Get Your Private, Free Email at ********************** -----#8------------------------------------------------- Subject: BoundsChecker V SmartCheck Has anyone used both of these programs? I downloaded them both the other day, and they seem to be very similar??? It seems to me that SmartCheck is just a Visual Basic version of bounds checker. Are there any other differences??? Anyway they are both very cool, so download them quick. I got mine from: ftp.ultranet.com/pub0/n/numega/files/ which has a lot of other goodies as well :) Smartcheck is called: dfjcmj.exe =====End of Issue 83==================================== ======================================================== +HCU Maillist Issue: 84 12/10/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Answer to Kubak, IDC #2 Subject: Issue 82 #3 Subject: Re: java applets ARTICLES: -----#1------------------------------------------------- Subject: Answer to Kubak, IDC Hi Kubak! >Subject: Am I being ignored ??? Not really :). Last time you asked about Webseeker and Micrografix I downloaded them, but then my brother gave me some work and I had no time to do anything else for four days. Finally, its over so I checked them out. Unfortunatelly, Micrografix came through corrupted and I dont want to download again (more then 9 meg if I am correct). Lets hope somebody else willing to help. But Webseeker is here and I am ready to work on it. I just checked it out and seenms to have a lot of things to crack. So tell me what you have done and where exactly you need help (BTW, you might have do this at the first place then you have better chance to get an answer. On the otherhand you seems to be a persistent guy, thats a good for cracking :) Ok, as I see we can crack: - eliminate the registration dialog - eliminate the 15 day time limit (I think its easy, you can set back the date and it works again :) - getting demo registration - getting a purchase registration - getting a VIP registration (I have know idea what this VIP can do) However in my opinion calculating a valid registration might be not enough, because this software likes to communicate with the server at ffg, and even if you have a registration which looks good means nothing if they check ther customer data base and you are not there. In my opinion its best to remove the nag, the time limit and nuke every reference to the ffg site so the cracked proggi cannot go to mama. So thats my first impression. So tell me where you are stucked, and I try to fix it. PS: I tried to use the IDC scripts mammon_ made for us, but the xref functions are still not working correctly in my IDA (I may have to reinstall it). Anybody with the same problem, or solution? Zer0+ -----#2------------------------------------------------- Subject: Issue 82 ....I may have overloaded the ML and caused it not to send; I mailed about 3K in IDC scripts for samples (in response to Zer0+ and in general) and that may have tipped the size over the limit. If so, apologies all... For those who need MASM: Do an ftpsearch for masm611, you will get one hit--a server in russia with Masm 6.11c (and a few other goodies too), a little over 4 MB download. TASM, being OO, is of course better, but you never know when you will need this (perhaps to write VXDs ;). I also got this email yesterday: "...You might also be interested in my Binary Editor (oh no, not another one). This one is quite different - you teach it the layout of the data and it operates much like a debugger, decoding and allowing manipulation. It allows the user to write a DLL which provides the data being edited from somewhere other than a file (a running program perhaps), and also allows the user to write his own plug in disassembler. OS/2, Win32, AIX, DOS versions. Useful...? ******************************************* has full information." The file (BE.ZIP) is--as it comes--useless for anything but taking apart graphics files at a hex-editor level. However, you can add file-type definitions (PE file, NE file, MZ file) that contain specifics as to file header/organization info which will make this a surprisingly useful tool (it seems; haven't had time to try it yet), plus the author provides an interface (via a .H file) that allows you to write DLL files for modifying/disassembling the binary data in the file AND to allow the program to access specific memory locations such as programs, ROM on cards, BIOS, etc. (again, ahaven't had time to try this out). Seems ideal--with a little work--for hardware-based protections (even absolute CD-ROM reads), and can be designed to capture byte streams from COM/LPT ports. Anyone want to check this out? mammon_ ______________________________________________________ Get Your Private, Free Email at ********************** -----#3------------------------------------------------- Subject: Re: java applets Hi .+MaLaTTiA., hi All! :) :) >It's good: I have just downloaded it and used without any change... if you >happen to make it better (maybe faster... it would be SO nice!), please tell me >and let me put it on the ml page... :) HeHe. I am gonna try and make it faster, becoz it seems pretty slow. If I get anywhere I'll tell you. I know an easy way to make it download slightly quicker(Make it into a jar file). If you don't mind wating a couple of days, I'll give you something at the end of the week that is either: -Faster -At the very least a jar file so it can be downloaded quicker. >Listen, I've seen your essays and I think you should know java well, don't you? Done a lot of programming(The object oriented stuff is cool), but haven't done much cracking of it yet. >I've got a question for you: is it possible to reverse engineer a .class file? >Is there any decompiler/disassembler/debugger? Is it possible to get/change >some information using SoftIce? I don't know java, but I'm beginning to study >it... do you have any suggestion? THANX! :) IDA will dissasemble it. There are a few others that can as well You could change stuff with softice, but I think it would be pretty hard... Cracking Java is cool, but I suggest learning it fully first. You can do some kick ass programming with it(Full applications, not just crappy web animators), and if you read a good design book(May I suggest "Design Patterns"?) it teaches you to use object-orientation to the full. Then start learning about Hostile applets, and then you can start having some fun :) +Alt-F4 (Finally remembers to add his name to the end of an email :) =====End of Issue 84==================================== ======================================================== +HCU Maillist Issue: 85 12/11/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: packetboy crack #2 Subject: Fravia.org down ? #3 Subject: All apologies ... #4 Subject: problem #5 Subject: Any Comments Or Insight? #6 Subject: Perspective ARTICLES: -----#1------------------------------------------------- Subject: packetboy crack --====================987654321_0==_ Content-Type: text/plain; charset="us-ascii" Thanx for including me on the mailing list.I have a short essay for the newbies like me :-).Thanx again and Happy Crackin. ______________________________________________________ Get Your Private, Free Email at ********************** --====================987654321_0==_ Content-Type: text/plain; name="packetboy1_2.txt" Content-Disposition: attachment; filename="packetboy1_2.txt" Hello Fellow Crackers, I am a newbie here and still learning this art.However I found a protection so stupid it has to be in the top 5 :-). Listen up fellow newbies this is an easy one for ya.The target for today boys and girls is packetboy1.2 from ndg software.It capures incoming packets and display various info about them.Breaking out W32Dasm and checking string data references we find this: 6017334etc (24 digits).hmmmmmmmm I wonder what that that could be? drop out of Wdasm and go to packetboy and enter the number to see what happens.A message screen pops up and says thanx for registering and voila! all done.No more nags and all features enabled.This company really needs to come up with a (dare I say?)better protection.This is my first letter on cracking so please don't mind my grammattical errors or my bad explanation of things. Some constructive criticism on how to make my short essay better is welcome as well. ps-Big thanx to +DataPimp for the info on hiew Happy Cracking, ooWARLORDoo--====================987654321_0==_ Content-Type: text/plain; charset="us-ascii" --====================987654321_0==_-- -----#2------------------------------------------------- Subject: Fravia.org down ? I don't know whether this is only temporary, but fravia.org seems to be down. HalVar ______________________________________________________ Get Your Private, Free Email at ********************** -----#3------------------------------------------------- Subject: All apologies ... Hi all !!!! Great apologies to all !!!! Especially to : wlc, .MaLaTiA, +ZERO For: posting on such stupid protection scheme !!!! Let's get more get more concrete, here goes the story. I have received Your letters and read them all carefully. One of You wrote that he found an old version of WebSeeker, but there is a newer one in ZDNET. So i have decided to D/L the new one (i have earlier worked on an old version). I lost my notes, so I decided to redo my work to tell You what have I acomplished. You can imagine the shock, when I didn't find the strings I have been using !!!! So I had a look at the main directory of WebSeeker and I have found a nice little (maybe not so little 300KB+) dll called ix.dll. Simply a hunch, let's disassemble it, and wow !!! my beloved string are here !. I knew it all they have removed the protection routine from the main proggy ;) That's even better for us !! After I saw an exported function GetIsPurchased, i thought it is to easy. I have set SI to load it's exports and BPX on it. 2 hits during startup "r fl-z" and we have a purchased WebSeeker. The only thing was to pach the dll : nopping the xor ax,ax was enough, it works perfectly (offline at least). But the problem of misterious VIP# remains, I still do not know what to do with it ;( I have menaged to patch the code (in 5 locations or so) in a way (in old version, don't have much time now..) that when I enter only 5s as the VIP# it goes allright, and then the next window pops up where You should enter the "VIP ACTION" and this is where I'm stuck ;) (BTW: it seams that the vip# is being calculated, not checked with anything) That's it for now, hope You had better luck ;) Thanx again, Kubak -----#4------------------------------------------------- Subject: problem Hello all My problem is that when I do a search in Softice95 v3.2, sometimes softice will lock up, instead of displaying the message " xxxxxx not found" For example s 0 l ffffffff "unregistered" s 30:0 l ffffffff "unregistered" Now for the questions: 1. Is there an escape sequence without rebooting? 2. A better way to search for data? Also has anyone been able to download from ******************** yet? I also have been looking at the Photoshop demo, but have not found the Save code. Any feedback would be greatly appreciated and christmas greetings to all. cheers Rundus ______________________________________________________ Get Your Private, Free Email at ********************** -----#5------------------------------------------------- Subject: Any Comments Or Insight? Hail +All: Someone forward the following to me. I edited the spacing for better viewing. Any insights into this or just a rumor until Xmas. 10:34 EDT, Using lynx on www1.yahoo.com and www2.yahoo.com (Dont ask why graphical browsers dont work.. cuz i aint sure as of yet.) P4NTZ/H4GiS - W0RLD D0M1N4T10N '97 [INLINE] For the past month, anyone who has viewed Yahoo's page & used their search engine, now has a logic bomb/worm implanted deep within their computer. The worm part of this 'virus,' (in layman's terms) spreads itself across internal networks that the infected machine is on. Binary programs are also infected. On Christmas Day, 1997, the logic bomb part of this 'virus,' will become active, wreaking havoc upon the entire planet's networks. The virus can be stopped. But not by mortals. An antidote program has been written. This program is resting somewhere on a computer in the southeastern hemisphere. The U.S. government will be notified of the precise location of the antidote program upon the immediate release of Kevin Mitnick. In the meantime, it would be a wise move on the part of the children of corporate and militant America to remove all money they have in any financial institutions. One of the many functions of our virus is that it will cause an acceleration of clocks to the year 2000. The PANTS/HAGIS alliance has taken control of the world's computers. We own everyone, and everything. No one is safe. No computer is safe. Our goal, which we have achieved, is world domination. The Fail Safe: [From H4G1S, PANTS, and the MLF] On February 14 1995, Kevin David Mitnick was incarcerated for the sole purpose of furthering the egomaniacal agenda of the United States secret service (cervix), and the self aggrandizement of both would be "security expert" Shimomura and has-been media lackey John Markoff. To commemorate this date and further etch our outrage into the hearts and minds of corporate and militant America, we have built in a fail safe: On exactly 01:00 hours February 14, 1997 there will be a nationwide failure of powergrids in strategic locations. Remember, this will only occur if Kevin David Mitnick is not released and exonerated of all trumped up charges made against him. And now, a note from PANTS: Kevin Mitnick was wrongly jailed for a crime he did not commit. Everyone is well aware of the fact that Mitnick was *not* behind the attack on Shimomura's computers. Tsutomu Shimomura is a hypocrite, who is out to make a fast buck & a name for himself. Throughout the entire course of his & John Markoff's lame excuse for a book, he trashes Mitnick's mocks him for 'not having a life.' He makes no mention, however, of his own illicit activities with cellular phones. Mitnick did what he did out of intellectual curiosity, without compromising the hacker ethic. The goal of Shimomura's activity, however, was merely to listen in on other people's conversations. If Mitnick doesn't have a life or ethics for checking someone's email for reasons of self preservation... then what does that say about Shimomura, who eavesdrops on unknowing victims for recreation? Shimomura also constantly slams hackers as being 'clueless,' and 'ankle-biters.' "h3y m1zt3r s3kUr1ty 3xp3rt.. 1ph y00'r3 s0 el8, h0w k0m3 u'r3 alw4yz g3tt1ng 0wn3d by u$ 4nkl3b1t3rz?" Tsutomu is a puppet of an increasingly Orwellian government. He is owned by PANTS & H4G1S. (Not to mention quite a few other individuals, who shall remain nameless.) The media hails Tsutomu Shimomura as "cyberspace's top cop." The media forgets that the policemen of cyberspace are no different than their analog world counterparts. Which is to say, 99% of the time, they're completely fucking retarded and inept. After being incarcerated, Mitnick's rights were continually violated. (As they have been in the past. Refer to Jonathan Littmann's "The Fugitive Game."). Ridiculous things ranging from not being allowed to use the phone (h3 m1ght wh1$tl3 th3 l4Unch k0d3z & st4rt w0rld w4r ***** to being put in solitary confinement because the prison officials believed he could turn his walkman radio into a device with which he could tap their offices. However, not having access to any sort of soldering equipment, and the fact that being a prisoner means HE IS IN A CELL ALL DAY, this would obviously be quite impossible. He is also prohibited from using a computer to assist him in researching for his case, despite the fact that the library computer is not connected to a phone line, or with the outside world in any other way. This limitation makes the task of defending himself nearly impossible, which is exactly what they want. The EFF has, of course, stepped in with their own hypocritical two cents ("Mitnick is an electronic miscreant," etc, etc). This is no different from their actions in the past.. however, we expected better from the supposedly libertarian John Perry Barlow. Shows what happens when you listen to the government & the popular media, I guess... "You need only reflect that one of the best ways to get yourself a reputation as a dangerous citizen these days is to go about repeating the very phrases which our founding fathers used in the struggle for independence." --Charles A. Beard [LINK] HAQRZ AGA1NST GEEKZ 1N SN0WSU1T$ MITNICK LIBERATION FRONT PANTS W0RLD D0M1NAT10N '97 [INLINE] ------- End of Forwarded Message -----#6------------------------------------------------- Subject: Perspective Hail +All: In regard to the previous item I posted, I would like to put things into perspective. First, I received the virus query from a friend. Whether it is a hoax or for real, these things comes and goes, who cares? Something like this only give law makers the inititive to make more laws to restrict internet access and usage for our good and safety. Cybercops to patrol and protect the information high way. Lately, the news media (Canada) have been doing more and more stories on negatives like computer fraud, money laundering, and computer crimes, leading to justification for making tougher laws and setting up futuristic computer crime fighting units. On the other hand they promote the big guys, internet banking with the big banks and investment institutions, and their own safe news and commercial sites. Probably the same where ever you are. All the politicians will be blindly persuaded into doing the 'right' thing for the good of everyone. Preparing us to accept the presence of a Big Brother. Maybe the virus scare is their creation. Create a monster virus to justify new laws and groups to fight it. Make the Net safe for children to play in. Behave or go to jail. What a society? How many more days of freedom do we have left? Should we use the convention as a smokescreen to see how many feds shows up? Reading up on fravia+ essays and other related contributions, we got to get better at it for the sake of survival. Learn to separate the truth from fiction and then hunker down for the blast. It is not a safe world that we live in. wlc =====End of Issue 85==================================== ======================================================== +HCU Maillist Issue: 86 12/12/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: java decompiling #2 Subject: Soft-Ice lockup/computer crime #3 Subject: ftp site and fravia.org #4 Subject: xmas bombs and softice searches ARTICLES: -----#1------------------------------------------------- Subject: java decompiling find mocha (decompiler) in the net though it never got past 1.0, it is INCREDIBLY GOOD at decompiling exacting source from java applets if you havent seen what it can do, you will be nothing short of amazed when you see its output maybe someone will write a c decompiler someday that does as well +gthorne -----#2------------------------------------------------- Subject: Soft-Ice lockup/computer crime Rundus: I don't know of any other way to search the entire memory area in Soft-Ice--you may have some memory manager/drivespace-type program that causes Soft-Ice to lock up when going the global search. I also experienced many lockups with the Soft-Ice 3.22 beta when "stepping"...the only fix was to Ctrl-D which, instead of returning control to the program, unlocked Soft-Ice: you may want to give this a shot. The lockups made me a little nervous; I downgraded to the 3.2 standard version and have had no problems with it. re computer crime/etc: I've been exposed to quite a range of paranoia/conspiracy theory in my time, and quite honestly I have trouble coming to the conclusion that there is a single "source" running the show: things are just too disorganized (yes, the paranoids say, but that is only a bluff...whatever). What is readily apparent is that we live in a consumer economy--a consumer culture, composed of individuals content to graze on the simple numbing pleasures of TV, fast food,etc--and this economy/culture/society is run by a collection of individual interests (individuals and/or coporations), each with its own agenda. The reason why deviants, knowledge-seekers, or out-spoken individuals get targeted is that they go against the consumer ideal: they create, they do not consume; they sow discord, they do not entertain; they are self-reliant, not slaves to the products/services/lifestyles dished out in mass by the society in which they are immersed. In short, the targetting/persecution of freethinkers, deviants, crackers, whatever is less a sinister plot than the natural result of a society trying to retain its internal cohesion (such as it may be) by rejecting influences (or virii ;) that threaten to compromise that cohesion. There are always deviants in the herd, and those deviants are hated by the herd for being different from the herd, regardless of whether they be inferior or superior (on an intellectual, physical, or spiritual level) to the herd. OK, enough mindless rambling, mammon_ ______________________________________________________ Get Your Private, Free Email at ********************** -----#3------------------------------------------------- Subject: ftp site and fravia.org fravia has decided that he will keep up the site at cracking.net as well as the new site at fravia.org that way if one is down, there is at least a second option also - the ftp site that was set up for me at ************************* is not active i have tried to reach the guy who set it up on many occasions, but he has not responded - i do not know if he will bring it back online or any such news - except that at one time he mentioned adding a new hard drive with a couple of gigs on it in the near future (he told me this when the site was given to me) for now i will assume that it is just another lost site oh well, it was so much fun having all that hard drive space --- even if it did only last a week or so +gthorne -----#4------------------------------------------------- Subject: xmas bombs and softice searches Every now and again i see a few messages that just interest the holy hell out of me - political computing being one of them. There was a hacked website found at yahoo recently, though it was a funny hack in that it was detected by only the oldest browsers (apparently yahoo has a browser detection feature that redirects you to whatever page on yahoo can be seen by your browser) on one hand i would not believe one word of the 'web browser downloaded a worm to your site' messages. on the other, if it were a program that you downloaded that said that, i would pay it heed. (read up on the old michaleangelo scare that only affected certain clueless asian (and other clueless) servers because they didnt bother to check up on the warnings that everyone else 'vaccinated' against long before the thing hit it's day of mischief. i get more emails during the times of the mass email virus scares (you know the ones... 'you are being warned of an email virus... send this to all your friends' the sad part is very often the same people seem to send me the 'is there such thing' messages over and over again (every time someone sends thim a silly message like this) No Virginia, there isn't a grinch in your stocking this year. Now would you quit believing those messages you keep getting from 'Santa' ? regarding the lockups in softice i havent had a problem here lately, but in the past i have found that i was getting lockups when i did a search- but ONLY when i used softice with my altscreen option (i am one of those silly people who kept an old pc monitor and hercules card around so long that someone finally found a new way of making it usable before i threw it in the dumpster) this behavior has been verified by other users - by nature of their asking me for a solution (they were not happy to find out that i was having the same bug pop up) it would not surprise me if the video settings for other cards/monitors were also flawed. i am of the opinion that problems tend to repeat themselves on occasion. +gthorne =====End of Issue 86==================================== ======================================================== +HCU Maillist Issue: 87 12/13/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: the ringmasters ARTICLES: -----#1------------------------------------------------- Subject: the ringmasters Hello _mammon, > re computer crime/etc: > I've been exposed to quite a range of paranoia/conspiracy theory in > my time, and quite honestly I have trouble coming to the conclusion > that there is a single "source" running the show: things are just > too disorganized (yes, the paranoids say, but that is only a > bluff...whatever). IMHO, it really doesn't matter *who* is running the show - the show is not one I am enjoying :-) Of course, it would be difficult for a single source to control everything, but then all these people who are in on it probably believe that *they* are the ones running the show....wheels within wheels....(no, I'm not paranoid ) Cya, +ReZiDeNt =====End of Issue 87==================================== ======================================================== +HCU Maillist Issue: 88 12/14/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Pegasus Mail ARTICLES: -----#1------------------------------------------------- Subject: Pegasus Mail Hi All! I was studying Pegasus Mail's passwords encryption system to build a pw decrypter when I saw a beautiful thing: with the full program there's an extension, called EVE, that lets you use different identities (mail accounts) in the same program session. Well, if you look at eve.pm (the data file automatically created the first time you run the extension) you can see ALL THE ACCOUNTS AND THE PASSWORDS... NOT ENCRYPTED!!! :-| Well, maybe it's not beautiful if YOU use Pmail, but it's great if you want to get others' accounts... ah... I've deleted my eve files :) byez, .+MaLaTTiA. =====End of Issue 88==================================== ======================================================== +HCU Maillist Issue: 89 12/15/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: PKZip project #2 Subject: pm hack ARTICLES: -----#1------------------------------------------------- Subject: PKZip project Attn: All Does anyone have the book "C Programmer's Guide to NetBIOS" or the CRC-32 algorithm used in pkzip? I'm trying to write a pkzipfile brute force engine (yeah, a known-plaintext approach would be faster, but this is for bulk processing of about 50 files...I'm after results over finesse and efficiency), and have downloaded every pkware spec I can find...they are all missing this algorithm (which is more or less crucial to decrypting the zips...pkzip's algorithm according to their documentation uses the pwd along with three keys as part of the encoding/encrypting/compression algorithm...thus simply faking the password as we usually do, or compromising the algorithm, will not work as the data must still be decrypted/decompressed using the correct pwd as a parameter). The crc32 algorithm is apparently given in the NetBIOS book, a copy of which I have not (yet) found. Alternatively, if any of you have produced a pkzip-pwd cracker recently, some advice or source code would be greatly appreciated.... mammon_ ______________________________________________________ Get Your Private, Free Email at ********************** -----#2------------------------------------------------- Subject: pm hack Hi +All! Time ago I found an asm source code for a hack that allows reaching ring 0 from a Windows app. I don't remember the exact location of it. I think it could be placed on Cameron's or Protected Mode pages, linked from Fravia+'s but I can't find it now. Does anyone knows where I could find this kind of information? thanks +trurl =====End of Issue 89==================================== ======================================================== +HCU Maillist Issue: 90 12/16/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Ring0 Code #2 Subject: Re: PKZip project #3 Subject: c-dilla ARTICLES: -----#1------------------------------------------------- Subject: Ring0 Code +trurl: Now what would you want such an evil bit of code for? I have seen it two places, 1) in Pietrek's Windows 95 Systems Programming Secrets (so check O'Reilly and Schulman's sites), and 2) in Kauler's Windows Assembly Language & Systems Programming. Source code for 2) looks a little like this: (Case WM_Create): xcreate: call makering0selector invoke GETSTOCKOBJECT,OEM_FIXED_FONT mov hOemFont,ax ;handle to font. ret ..................... ..DATA dpmiproc DD 0 ;dpmi extensions entry point. RING0CALLGATE LABEL DWORD ;use this to call ring-0 code. ring0_off DW 0 ;callgate selector for RING0FUNC ring0_cs DW 0 ; / ms_dos_str DB "MS-DOS",0 ldt_selector DW 0 ;for direct writing to ldt. descriptor_selector DW 0 ;ring0, cannot be accessed directly. ring0errormsg DB "There was an error creating ring 0 access... aborting program.",0 ..CODE makering0selector PROC invoke GLOBALPAGELOCK,cs cmp ax,0 je lockfailed lea si,ms_dos_str mov ax,168Ah ;get dpmi extensions entry point. int 2Fh ;-->es:di (undocumented) ;*** cmp al,0 ????? ;*** jne extensionsnotfnd mov WORD PTR[dpmiproc],di ;save entry point mov WORD PTR[dpmiproc+2],es ; / mov ax,100h ;undocumented call dpmiproc ;-->ax=selector to ldt. jc extensionsnotfnd mov ldt_selector,ax mov es,ax ;create a ring-0 32-bit descriptor... push es invoke ALLOCSELECTOR,cs ;-->ax=alias to cs. pop es cmp ax,0 je selectorerror and ax,0FFF8h ;get offset of descriptor in ldt. mov bx,ax mov al,es:[bx+5] ;get access-rights byte. and al,10011111b ;clear dpl field.# mov es:[bx+5],al mov al,es:[bx+6] ;get granularity & seg-size bits. or al,01000000b ;set bit7, for 32-bit. mov es:[bx+6],al or bx,0100b ;set bit-2, selects ldt.leave dpl=0.# mov di,bx ;temp save. mov descriptor_selector,bx ;save. ;create callgate, to above descriptor..... push es invoke ALLOCSELECTOR,0 ;create a descriptor in ldt. pop es cmp ax,0 je selectorerror mov ring0_cs,ax ;save final selector. and ax,0FFF8h ;get offset of descriptor in ldt. mov bx,ax mov es:[bx],ring0func ;my ring0 code mov es:[bx+2],di ;ring0 alias. mov BYTE PTR es:[bx+4],0 ;04 ;****??dwords copied to stack. mov BYTE PTR es:[bx+5],11101100b ;present=1,dpl=3,app=00,type=C mov WORD PTR es:[bx+6],0 ; (type=C: 386 callgate) qwert: jmp SHORT qwerty lockfailed: extensionsnotfnd: selectorerror: lea si,ring0errormsg call errormsgproc call xquitmessage ;quit program. qwerty: ret makering0selector ENDP ;.................................... freeourselectors PROC invoke FREESELECTOR,descriptor_selector invoke FREESELECTOR,ring0_cs invoke GLOBALPAGEUNLOCK,cs ret freeourselectors ENDP ;.................................... That's enough for here. I have the 32-bit source code for the book avail at ******************************************************** and the 16-bit on my tools page. mammon_ ______________________________________________________ Get Your Private, Free Email at ********************** -----#2------------------------------------------------- Subject: Re: PKZip project =46irst just a hello, been subscribed for a few days and this is my first post. Call me spyder (on here anyhow).=20 >Does anyone have the book "C Programmer's Guide to NetBIOS" or the=20 >CRC-32 algorithm used in pkzip? Nope but look for a zip password cracker called pkcrack (ftp search will find plenty) which comes with c source and certainly includes CRC32 routines. Source has got to be available for the for the infozip packages also.=20 Also get fzc104.zip which is worth running in case you get lucky with a short password and also worth running with the biggest word list you can find because it is so fast. If you really want to do it yourself then fzc104 may give you some sort of performance target to aim at (or be embarrassed by).=20 -----#3------------------------------------------------- Subject: c-dilla Hello All, I've been writing a lot of stuff that is not strictly cracking related - so back on to topic: I've just had a couple of emails out of the blue (from people in different continents) asking for information on a protection called 'C-Dilla' - the website is at: ************************ I think I'll take a look and see what I find - have you heard anything about this protection? From the sound of it, it should be a challege (apparently it uses VXDs etc)... Anybody want to check this out with me? Cya, +ReZiDeNt =====End of Issue 90====================================