REVERSERS E-ZiNE [Issue 0003 of 25/06/1999]

REVERSERS E-ZiNE
Issue 0003 - 25/06/1999

Table of Contents

01 - About
02 - Editoral
03 - News
04 - Article about Reverse Engineering
05 - Group info
06 - Webpages
07 - Lamer of this Issue
08 - Future contents

01 About

This E-ZiNE is a try of making some good infos, links, ... about the current Reverse Engineering scene. To improve the quality of this E-ZiNE, I need your help. Published can/will be everything regarding Reverse Engineering - such as URLs, News, ... but definitly NO CRACKS/SERIALS!

02 Editoral

Editoral-in-chief:	TORN@DO	[LEARN TO CRACK]
Co-Editoral-in-chief:	(JOB CURRENTLY AVAIBLE)	[Site Name]
Editoral cooperation:	Fone Bella	[NO HOMEPAGE]
	Knotty DREAD	[DREAD]
WWW:	http://learn2crk.cjb.net

03 News

Websites
I have decided NOT to stop TEACHING HOW TO CRACK yet. I have currently received very detailed e-Mails why I should go on teaching the art. I hope to get quality feedback on each tutorial I will ever write FROM NOW ON. alpine's solution for ID CrackMe 6.0 has been uploaded!

I'm looking for someone who can design me a nice LOGO for the cRACKER's n0TES (currently they are being re-made completely); you should optimize the LOGO you produced for BLACK background ... and you should use cRACKER's n0TES as text for the LOGO. After you have finished your work ... please MAIL me the LOGO (preferable as ZIP attachment).

Eternal Bliss tells us that his CrackMe« Practises For Newbies Site may not be updated during the next 2 weeks so often as he did it the last weeks.

The Immortal Descendants Site is up and running again!

04 Article about Reverse Engineering by Fone Bella

It has been around as long as computers itself, and in time it has achieved its deserved level of notoriety. But what actually is this cracking? Quoting BackByte, cracking is an artistic expression. Everyone can do it, but not all can be good at it. Ed!son, the guru of windows cracking, seems to prefer calling it a state of mind. Whatever definitions it goes by, it remains the largest headache of the software developers.

First of all, I must, like all web pages on this topic, venture a warning that cracking is illegal and all information in this article is only for educational purposes. Cracking, by me, goes as the art of registering unregistered software by manipulation at the assembly level. This is not strictly true though, as it also involves several other catagories like removal of nag screens, enabling disabled functions etc.

To get a clear understanding of cracking, let me first give a brief classification of the different software protection schemes:

1. Expiration: This scheme is two pronged. Software can expire after a 30 day limit or a 60 minute usage or both. After the expiry, the user may have to reset the registry in order to use this software. A common software that follows this scheme is SoftArts Deskey v1.02.010, available at http://www.spiresoft.com and the very popular Jasc Software's Paintshop Pro available at http://www.jasc.com

2. User Registeration: This scheme involves the user entering a code to register himself after paying up the registeration fee to the programmer. This technique is followed by winamp available at http://www.winamp.com

3. Commercial Wrappers: In this method, the software manufactures 'wrap' a try-before-you-buy software to enable it to be registered by going online. There are several commercial wrappers available like Techwave, Vbox etc. This form of protection is followed by Symantec software, available at http://www.symantec.com

4. Dongles: This method is generally followed by big software companies to protect their flagship product. It involves a hardware protection where the software, in order to run, requires the presence of a hardware device called a dongle or a lock attached to a COM port generally. This form of protection is generally seen only with packages, and not shareware. It is implemented to prevent piracy by coping harddisks or burning CD's. This form of protection is followed by 3D Studio Max and Autocad Rel 14.

5. Securom: This is an ingenius technique of protection and is among the most difficult to crack. It is seen generally on games sold on CD's. It involves the encryption of the main source code and keeping the decryption key on the cd itself. This means that even if all the data is copied onto the harddisk (as is almost always), the game would require the CD to play.

6. Nag Screens: Among the all time favourites among programmers, the pop up of nag screens drive us all mad enough to register a program. Generally, nag screens are not used alone, rather are coupled with any of the other protections mentioned above. Nag screens are not localized to shareware. Ever tried opening a text file greater than 32K in notepad. What you get is a nag screen.

It can be clearly inferred from this compilation that no form of protection is totally safe. The goal of a cracker is to find the annoying code and some how get the main procedure to bypass it. This is often achieved by an operation called 'no operation'! In the 8085 instruction set, it had the value of 76. Students of 8085 were told to put a few of these every ten lines so that in case they forgot anything, it could always be added to the program without rewriting the remaining part of the code as early 8085 emulators could not add lines in the middle! This practice continued through the Intel series as they always made their gear backward compatible and now the new hex code is 90 (thats a big hint). Cracking originated with the earliest DOS games where the cracker would follow the system calls in order to get to the location where data about points, lives, ammo etc. were stored, and then edit these values on saving the program. On restarting the game, they would have all their lives, and full ammo or whatever they manipulated! I found a few of these programs at hackers.com . They are of little use to the average user as most of the games mentioned are now extinct. However they make good case studies for the newbie.

The most famous forms of cracking are to register a program in your name. Sure you could get several registeration codes in other people's names, but nothing beats the fun of your name popping up everytime you run the program. This involves setting break points at critical API calls in order to see into a program and find out where the values are stored.

These calls are broken into by setting break points on them by using software like NuMega's SoftICE, which I personally prefer, or Intelligent Dis Assembler Pro. However, these tools are high end tools and are recommended only for the serious cracker. For the less talented ones, there is always the W32DASM 8.9 from UrSoft. This is a very uncomplicated tool and one needs to know very little assembly to crack programs with this. The companion tools with any of these, as none of the above mentioned tools can actually modify a code, is Hackers View or Norton Commander. These allow the cracker to go to the required location and modify the bytes.

Readers will be forgiven to think that if crackers modify with these tools, then what use is it for the others who don't have them. Don't worry, in comes the next concept, cracks and key generators. Cracks are programs written generally in high level languages like PASCAL or C and actually modify the code of the EXE file when initiated. They are generally made to beat CD protections in games and enabling disabled features in crippleware. The other catagory is key generators. These allow a user to register a program in his name by giving the corresponding serial number for the name (for those unclear on the concept, every username has a different registeration code in software such as Winamp or ACDSEE32). These too are written mostly in high level languages, and are easily obtainable on the net (you only have to know where to look for!).

The basic modus operandi of a cracker is, as we went through before, to bye pass the offending code. Other than no op'ing it, the cracker can also go for jump calls. The Intel instruction set provides several jump instructions.

Of late, a great many programmers are taking to programming in Visual Basic. This is not good news for the average cracker as Visual Basic programs cannot be decompiled by W32DASM as the whole construct of the VB programs is the calling of windows DLL files, 95% of which are built in to the system. These show up while decompiling as only a call and hence there is very little to modify. To solve this problem, a chap from Germany, called DoDi (yes, Germany and not Egypt!) has brought out a VB decompiler, who's performance is spectacular. However, it is also a shareware version and DoDi was intelligent enough to encrypt his own code against decryption (any body up to the challenge?).

However notorious this art may be, crackers have found themselves on the recieving end of a lot of respect from end-users and programmers alike. The greatest of these crackers have achieved demi-god statuses. Back in the dark ages of no internet, these skills were self-taught and each cracker would place their observations on their favourite BBS. These were compiled over time and are now priceless tutorials. The notes of ORC+ (Old Red Cracker), KeyBoard Caper, Qapla, Ed!son etc are very popular. A good site to read about cracking is Fravia.org which houses a large collection of cracker and anti-cracker essays. Also available there are links to several cracker proof techniques (ie. cracker proof until cracked!). A useful website for anti-cracker issues is dupecheck.com.

05 Group info

Here you will find a short WHAT IS about a Cracking Group in every Issue. This time it is DREAD:

DREAD was founded by two Dutch people: Knotty Dread and Steinowitz. CyberLatin, with his experience, became the 'kick starter', he helped DREAD a lot on its way to what DREAD is today.

How did we came up with 'DREAD'?
After some brainstorming Knotty Dread came up with the name BREAD (he's got a strange sense of humor, as you see). Steinowitz quickly changed this into DREAD, thinking of Knotty Dread's reggae background. The abbreviation took some time. Artistic Decypherians seemed to fit best with the groups intentions. A group almost called BREAD must have humor, don't you think?

In principle DREAD is a Dutch group, in which foreigners will only be accepted if they can fullfill a function for which we can't find someone speaking Dutch. So foreigners will only be accepted, if they have something important to offer. Later on, we'll probably make an international division as well.

Why Dutch?
Communication of course. Because our main goal is the 'how and why' communication is very important. We Dutch people are known for our language skills, but communicating in Dutch is easier for us. It also creates the possibilities, for example: Dutch tutorials, for the non-gods among us, and for the dutch viewers who will visit our site.

Purposes of DREAD
So the goal in DREAD is 'the art of cracking'. For example: a program is easily cracked so that any serial will be accepted, or the program won't ask for it anymore. Then it's possible that in the startup screen a line like this appears: Registered to: (blank, empty, notin at all!) Not good. This can be removed or changed, let's say to DREAD, or DREADed, or even the crackers' name for instance...

It's the purpose of DREAD to work together with as many people as possible. The structure of DREAD has been designed for that.

Structure of DREAD
At this moment, there are four divisions in DREAD. We have the Reverse Engineering Lab, where reverse engineering/cracking takes place and multiple projects are running at the same time. The Coding Lab is our programming division where reverse engineering tools, but also crackme's and such things are programmed. Public services includes everything which has to do with contact with 'the world'. Furthermore, we have a testing lab: beta-testing programs from the coding lab, help writing helpfiles, dupe-checking and tutorial checking.

06 Webpages

In every issue a few webpages dealing with Reverse Engineering will be described here. You can suggest your own site for one of the next issues.

Site Title	Short Description
THE LEARN TO CRACK Site	This site covers detailed knowledge on HOW TO CRACK. There are also TORN@DO's CrackMes and solutions. There is also a E-ZiNE (yeah, you're reading it) and nice Services like a CrackMe Mailing List, the Public Tutorial Search Engine, The LEARN TO CRACK Forum and The ProcDump32 Site ... and not to forget, the LINKS page is totally AWESOME! Site administrated by TORN@DO.

07 Lamer of this Issue

Well, more and more lamers are requesting cracks ... so I decided to publish the currently best lamer in the actual Issue. Currently the title of THE MOST STUPID LAMER belongs to:

From:	Robert Robson <bosun2@hotmail.com>
Date:	Sat, 22 May 1999 10:25:16 PDT
Received:	from 195.92.194.105 by www.hotmail.com with HTTP

could you send/get me a crack for GTAcars3.1.0 (avaible from : http://www.fifengr.com/gtacars/) because I cant crack it myself -=] BoSuN [=-

08 Future contents

As this E-ZiNE is completely new, there will be changes of course in the next issues. So I'm awaiting your thoughts what I should add to it and what I shouldn't add to it. I'm also awaiting YOUR articles about Reverse Engineering!

Unlike other E-ZiNES I won't add a complete list of links to every issue ... instead I will add different links on each issues ... and maybe at the end of the year, I will release a final YEAR issue, where all the actual links are stored at.

Anything contained in this E-ZiNE may just be used for EDUCATIONAL purposes only!