Reverse Code Engineering RCE CD +sandman 2000

home *** CD-ROM | disk | FTP | other *** search

/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / Library / +HCU / 021-030.TXT < prev next >

Wrap

Text File | 2000-05-25 | 41KB | 1,097 lines

======================================================== +HCU Maillist Issue: 21 09/21/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: packet sniffers #2 Subject: ZERO goes on holiday #3 Subject: re: packet sniffer ARTICLES: -----#1------------------------------------------------- Subject: packet sniffers Zer0 asked for packet sniffers. I used to have a few, but it seems to me they are not difficult to find them on the Web. Probably Zer0 knows exactly while to do, but a reminder can always be useful to those who might have missed something: 1) search with Altavista 2) search with Hotbot 3) search with FTPsearch, using either the filename, or 'sniffer', or whatever, because it will pick up subdirs. 4) search on DejaNews and find the groups where this is most discussed. 5) post a message on USENET 6) search on DejaNews again and look for the people who have been posting articles on packet sniffers 7) try to find people who were looking for p.s., e-mail them if possible, ask them if they got them. 8) be patient.... (very important!!!) 9) be nice, once you found the sniffers, release them on USENET in several groups, upload them to warez sites so that people spread them, put them on dump sites and tell everyone on the warez channels. That's what I always do after getting a particularly difficult warez proggie or making a crack no-one has. Of course, if it's a warez proggie of 60 MB, like Hexen2, it's a little hard to post to USENET.... but something like Sheila Lowe's Handwriting Analysis is different hehehe (2MB), released as FCASL31.ZIP. BTW not with Saltine's crack, but with another that enables the pro version.... WAFNA of FCA -----#2------------------------------------------------- Subject: ZERO goes on holiday Hi boys! I will go on holiday the next Tuesday. While I am away (2 weeks), there will be no possibility to subscribe to or unsubscribe from the list. So if anybody wants to unsubscribe, he has to do it now or has to wait for two weeks. The list should work automatically while I am away. As a precaution if something goes wrong with the list, I gave every necessary info to Malattia. He has the ability to stop the list and reestablish everything on his own computer if he wants. I hope this won't be necessary, but you never know. So, see you later guys and keep up the good work. ZER0 -----#3------------------------------------------------- Subject: re: packet sniffer Hi all! Just as WAFNA of FCA suggested I went out to comb the web for DOS packet sniffers. Here is the result: ethdump can filter the packets if you use the -fXX-XX-XX-XX-XX-XX switch where xx..xx is the ethernet address you want to watch. This is written in the doc file of his companion ethload 2.00, but it works directly for ethdump, too. BTW ethload 2.00 is not freeware anymore, but shareware with a nagscreen. Seems the author goes to the wrong direction. First the source code is gone and now this nag thing :( Another sniffer with source code :) is gobbler which you can find in the frgsrc2.zip packet every where on ftp sites. It seems because of the success of ethload, everybody is forgot about this program, but it works for me. Finally, I found a company which gives the demo of a DOS packet sniffer called netprob4.zip (at ******************** It is crippled in different ways, most notably it only captures 5 packets, but I think I will take care of that after my holiday. :) Bye ZER0 =====End of Issue 21==================================== ======================================================== +HCU Maillist Issue: 22 09/22/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: Important info about the list! #2 Subject: even more on VCL apps O:) ARTICLES: -----#1------------------------------------------------- Subject: Important info about the list! Hi boys! Recently I have changed the Reply-To address of the list which now points to the **************** address. This was necessary because of the bouncing back issues. So from now on if you want to send an article to the list don't use the Reply-To feature of your mailer to fill in the address line, because the letter will go to the manhcu address and will not appear on the list. Always make sure that you send your letter to the ************* address. If you have already sent a letter to the wrong place, don't send it again I will manually insert it in the next issue. (But don't count on this from Monday. :) Bye ZER0 -----#2------------------------------------------------- Subject: even more on VCL apps O:) hello +ReZiDeNT! >the convert.exe program (taken from an old copy of Deplhi 1.0) it >wouldn't work :-( Take a look at your BCB "bin" directory ;) >was 28 bytes less thatnt he extracted RES file - however, after the >'TPF0' string, they were both identical. I think this is the *.res header. Most likely the name of the resource and some signature. >from before the 'TPF0' string, convert.exe would choke on the file :-( >Perhaps I did something wrong? Using the new version of convert.exe should work. >00 00 14 40 00 0D 52 65 67 69 73 74 65 72 43 6C 69 63 6B > ^^ ^^ R e g i s t e r C l i c k > >I'm not sure what the '00 0D' is for, but I took the '14 40' and set a "00" is part of the address: >bpx 00401440 "OD" is the length of the string "RegisterClick" This is called "pascal string" (but not exact: standard pascal has _no_ strings). The dynamic length is holded by a prefix byte (dword for long strings) instead of the "C" nul-terminated string. >Delphi (the VCL is coded in Delphi, a fact that irks me not a little >:-)) Well, I prefer pascal but this is not important here. The official language of this list is English and... ASM! After all every compiler produces machine code and this is the crackers' point of view :) >that BCB (in case you're not familiar with it) is *not* simply 'Delphi >in C' but a pretty nifty tool in its own right - it can make apps Yes, the standard C and C++ libraries are enough bonus :)' BTW it's not very known but Delphi also allows creating non-VCL apps. With some tricks, even compiles for DOS! >much about Delphi/BCB/VCL, you should have *no* problems learning to >crack! I have an ugly problem, the lack of time :'( > Ahh yes, I read that in 'Learn BCB in 21 days'... Well, I see you are also in a hurry :D > Hmm....I suppose that is the primary purpose of your idea >- to aid pin-pointing in VCL apps? Sure >*fantastic* job though, I'd like to discuss it in more detail, and >perhaps help you if I can....mail me at the below address and we can Thanks :-)))) This is a good idea. We can take the discussion back to the list for the conclussions, avoiding cluttering it with details. I have some questions... But I'm overworked now, please wait a few days. bye trurl =====End of Issue 22==================================== ======================================================== +HCU Maillist Issue: 23 09/27/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: DO NOT POST THIS CRACK !?! #2 Subject: BCB stuff #3 Subject: Hi :) ARTICLES: -----#1------------------------------------------------- Subject: DO NOT POST THIS CRACK !?! Hi all This is not very good news. I don't know how many of you guys do what I do and that is to follow the requests on the cracking news groups. It is amazing what brilliant new software 'appears' there. Someone saw something somewhere on the net and post a request (usually with a URL) to the groups and whollah, all you have to do is download and crack it to have yet another brilliant peace of software... This happened tonight and the following message got my attention: ----------------------- Subject: Attn:Saltine Can you do anything with the enclosed URL...please readme>>> From: ********************* Reply-To: **************** Newsgroups: alt.cracks Organization: Spam ain't fer me! Sender: Not me Message-ID: ******************************* **************************** This is the URL for the new 'Cancel' Program by Mike Enlow called 'Usenet Cancel Engine' v1.0,...it cost $199,...the only problem is that with this thing in the wrong hands all 'HELL' *could* brake loose.<G>Hmmmm! Please post response here,my Email address is no good! Thanks Ris -------------------- So I went there and on that page is just some stuff about marketing and shit, mentioning this new program 'UseNet Cancel Engine for Windows 95' No luck there downloading the software but a few minutes later I found the URL from where this software can be downloaded. I did so and started to work on the crack immediately, obviously curious about what to except. The crack was easy; you can use one of three approaches. Firstly the initial box telling you the software is only demo, secondly the registration box asking you to put in a code to unlock the program but thirdly a little box telling you that it's a demo version when the nasty stuff is suppose to happen... No what is this nasty stuff you will ask and I again quote the above: "...the only problem is that with this thing in the wrong hands all 'HELL' *could* brake loose." I tried it and it is true. Within minutes I wiped out a whole porn newsgroup. Yes it actually deletes the articles. I couldn't believe it. I still can't whilst typing this. Now you might ask, why do you tell us here, like this, now? The reason is as follows: I do believe in shearing knowledge BUT DO NOT POST THIS CRACK. Some stupid dick might just wipe the whole newsgroups !!!!!!!!! Yes crack it and join Fravia in his fight against porn, wipe the sites with the Spam and porn amongst yourselves, but keep it amongst yourselves. Enjoy a VERY powerful program and tell me if you don't feel the same. Regards GlorFindeL cc: +Fravia, +ORC ______________________________________________________ Get Your Private, Free Email at ********************** -----#2------------------------------------------------- Subject: BCB stuff Hello trurl, > Take a look at your BCB "bin" directory ;) I use the trial version of BCB that came with the 'Teach yourself BCB in 21 days' - I found a way to patch the compiled EXEs to allow them to run without the IDE being loaded (the PC97 crack didn't work for me) - anyway my version doesn't have this - perhaps you could e-mail it to me? So long as it is not big.... > >was 28 bytes less thatnt he extracted RES file - however, after the > >'TPF0' string, they were both identical. > > I think this is the *.res header. Most likely the name of the > resource and some signature. Yes, something like that... > >from before the 'TPF0' string, convert.exe would choke on the file > >:-( Perhaps I did something wrong? > > Using the new version of convert.exe should work. Yes, I need a copy.... > "OD" is the length of the string "RegisterClick" > This is called "pascal string" (but not exact: standard pascal has > _no_ strings). The dynamic length is holded by a prefix byte (dword > for long strings) instead of the "C" nul-terminated string. Ahhh....I suspected as much, but I'm not familiar with Pascal. The way that BCB implements Pascal style strings is IMHO very clumsy... > Well, I prefer pascal but this is not important here. The official > language of this list is English and... ASM! After all every > compiler produces machine code and this is the crackers' point of > view :) True.... :-) > Yes, the standard C and C++ libraries are enough bonus :)' > BTW it's not very known but Delphi also allows creating non-VCL > apps. With some tricks, even compiles for DOS! I've heard that...I think BCB can also do the same - you can of course make 32-bit console apps easily, but I have heard rumours of DOS apps being created... > I have an ugly problem, the lack of time :'( Hehe, you're not the only one :-) > > Ahh yes, I read that in 'Learn BCB in 21 days'... > > Well, I see you are also in a hurry :D You could say that... :-) > >*fantastic* job though, I'd like to discuss it in more detail, and > >perhaps help you if I can....mail me at the below address and we > >can > This is a good idea. We can take the discussion back to the list for > the conclussions, avoiding cluttering it with details. I have some > questions... But I'm overworked now, please wait a few days. Ok, see you around then... +ReZiDeNt -----#3------------------------------------------------- Subject: Hi :) Hi guys, Zer0 left and maybe his computer had some probs, cause NO ISSUES have been posted since he's gone... So I decided to run the ml myself... I hope it will work! This is the FIRST issue I try to send, so please tell me if there are still some probs, I'll fix them immediately. You can still write at ************** I'll get the messages from that address. REMEMBER what Zer0 said, please DON'T answer using the "Mail From" or "Reply To" address, cause they point to ***************** I'll give a look to that address too to see if there are some messages, but if you want to unsubscribe you'll have to wait until Zer0's back! :) Ah... I got an "on topic" question for you: have you tried to crack Instant Access as in +ORC's lesson? I had some problems when I tried some months ago, and I think I'll return on it next month, but I'd like to know if there's someone who can help me :) byez, .+MaLaTTiA. =====End of Issue 23==================================== ======================================================== +HCU Maillist Issue: 24 09/28/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: Help please (Rezident where are you ?) ARTICLES: -----#1------------------------------------------------- Subject: Help please (Rezident where are you ?) A letter actually sent to Rezident, but he/she seems to be without e-mail Saturday Evening Evening...! Good to see the newsletter is back in circulation ! Thought I would let you know my discoveries in my SAGA. I find that the proggy makes a file called "autolist.tmp", and then reads the data from there. Now, using filemon, I see it looks for this file and there are the comments "CreateNew CreateAlways" (or similar). Now if instead I could change that call to one that just reads the file without creating a new one, then I can set up my own "autolist.tmp" file with all the data I want. Do you know what call this should be ? Sorry that my trying to keep this secret doesn't really help you. Anyway the crux of the matter is : How can I change a call to CREATE a file, to a call to READ a file ?? Remember it's VB5 ! Looking forward to your news, Regards. Zipper49 ______________________________________________________ Get Your Private, Free Email at ********************** =====End of Issue 24==================================== ======================================================== +HCU Maillist Issue: 25 09/30/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: Some clarification by +ReZiDeNt :-) #2 Subject: ML infoz... ARTICLES: -----#1------------------------------------------------- Subject: Some clarification by +ReZiDeNt :-) Hi there Zipper49, > Subject: Help please (Rezident where are you ?) Here! :-) > A letter actually sent to Rezident, but he/she seems to be without e-mail ^^^^^^^^ Yes, I've been having probs with my ISP (or rather, my ISP has had probs with the telco) - OK, this is now a general announcement: I, +ReZiDeNt am a *he* (eg male), *not* a she. Just thought I'd clarify things, I hate ambiguity... > Thought I would let you know my discoveries in my SAGA. I find that > the proggy makes a file called "autolist.tmp", and then reads the > data from there. Now, using filemon, I see it looks for this file > and there are the comments "CreateNew CreateAlways" (or similar). > Now if instead I could change that call to one that just reads the > file without creating a new one, then I can set up my own > "autolist.tmp" file with all the data I want. Do you know what call > this should be ? Sorry that my trying to keep this secret doesn't > really help you. Anyway the crux of the matter is : How can I change > a call to CREATE a file, to a call to READ a file ?? Remember it's > VB5 ! Looking forward to your news, Regards. Zipper49 Hmm....any VB experts here? I really don't know anything about VB, I've only cracked a few VB proggies....the other thing is, if it is 'create new && create always' there is no point in changing it to a 'read' if you see what I mean. I presume you want to stop the program from overwriting the 'autolist.tmp' from which it *later* reads...all you should have to do is nop out the code that calls the 'create new && create always' - so that it only reads the old file, and doesn't create a new one. So I don't see how actually changing the write to a read would be of any use... Good Luck, +ReZiDeNt BTW, I am getting very curious about this program - won't you tell us? ;-) -----#2------------------------------------------------- Subject: ML infoz... Hi All! :) I knew issue 23 didn't arrive to everybody... I really don' tknow why, since I've sent it to all of you... anyway, issue 23 EXISTS, if you didn't get it mail me at **************** and I'll send it to you. Of course, you can mail me even if you've lost another issue... :)) Ah... since I had some probs with the "standard" addresses, I'm using ************** as "From" and "Reply To" (or, it SOULD be this :)... Don't worry, it's only in case mail delivery goes wrong, you can continue writing to the "old" addresses at iname.com. Ok, from now on I'll check the mail daily, and If I don't find a message from you I'll send another unuseful message like this EVERY issue.. ;)) byez, .+MaLATTiA. =====End of Issue 25==================================== ======================================================== +HCU Maillist Issue: 26 10/06/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: Issue 12 / Disk Serials (reply to Rezident) ARTICLES: -----#1------------------------------------------------- Subject: Issue 12 / Disk Serials (reply to Rezident) Rez. Thanx for the advice. Apologies for not responding very quickly (I lost net access for nearly three weeks!). Anyway, I have been trying to crack a commercial protection system which is currently being used by Corel for licensing. They issue their standard 30-day trial stuff with this system on it. The system itself is produced by Elan Computer Systems (or summat like that) and is fairly easy to crack on a system where you know the install date. However, a general crack has been difficult to find. I've been investigating how the system marks the hard drive to ID whether it has been installed b4. The system doesn't change the HD serial no. but it may add info to a specific part of the HD. I don't know. I've recently discovered a registry tracker (part of Norton Utils) which does what its name implies, but I don't seem to be having any luck. Any further suggestions? Noose. =====End of Issue 26==================================== ======================================================== +HCU Maillist Issue: 27 10/08/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: Items Of Interest #2 Subject: Newsgroup deletion program? #3 Subject: Corel's TOUGH protection scheme from Elan #4 Subject: Disk Serials #5 Subject: +HCU ML answer for noose ARTICLES: -----#1------------------------------------------------- Subject: Items Of Interest Hello every-one; I've found some interesting tools you might like to play with. The first one, Pro-View (12.9 mb), can be found at: ******************** It's an editor, debugger, compiler, and a whole lot more. It's free, very easy to use, and has a nice GUI. It works well, as-is, for "every-day" use, and if you're a (very rich) programer, you can buy the extra "plug-ins" which can expand the programs functionality to do even more neat stuff. You can load a programs source code, in nearly any common programing language, and Pro-View will scan the source code for errors, allow you to make repairs, then compile the program for you. It does lots of other neat things too, even without the extra plug-ins. It's not crippled, they just want you to dish out a few kilo-bucks for the plug-ins. *************************** The second item is called Source Navigator (5 mb), and is at: ********************* This program comes in several flavors to suit your OS. Unfortunately, it DOES NOT come in a WIN95 version, but they DO offer a version for WINDOWS NT. This IS a crippled (lite) product, with minimal "save" functions, a file size limit of 50,000 lines, and it won't allow you to play with the windoze API's, but they were kind enough to tell us that, with ONLY the proper "serial number", all three of the disabled functions will work and you will have a FULLY functional product. This program "helps you analyze, reuse, and develop software in C/C++, Java, Tcl, and FORTRAN, and dramatically reduces the time required to understand existing code, and assists with the re-structuring and re-engineering of existing software." Since my computer is set up with WIN95, this program refuses to even install, but if you're using Windoze NT, or one of the other OS's they've developed this product for, this might be the tool you've been looking for. ***************************************** And now I feel the urge to beg. If any-one has the FULL version of IDA-PRO 3.64 (or better yet 3.7), I'ld sure like to take it for a ride. My intentions are to make the program "publicly" available over the net, (all 8 mb of it), with-out having to pay the ($200.00 U.S.) purchase price. My web searches have all come up empty. When I get this program, either as a "gift" or "for cash", I will upload it to a "popular" warez site for all crackers to download, and then place the location in this news letter. If you've already spent the money, or if you know where the program is ALREADY located on the web, please help me out. Hackmore -----#2------------------------------------------------- Subject: Newsgroup deletion program? Hi there GlorFindeL, > No what is this nasty stuff you will ask and I again quote the > above: "...the only problem is that with this thing in the wrong > hands all 'HELL' *could* brake loose." I tried it and it is true. > Within minutes I wiped out a whole porn newsgroup. Yes it actually > deletes the articles. I couldn't believe it. I still can't whilst > typing this. I don't quite understand this (and I'm not going to try it until I do :-)) - do you mean it deletes all the messages for the selected group from ALL the newservers on the Internet?! I don't know much about how newgroups operate, could you possibly elaborate? Thanks, +ReZiDeNt -----#3------------------------------------------------- Subject: Corel's TOUGH protection scheme from Elan Hi there Noose, > Rez. Thanx for the advice. Apologies for not responding very quickly > (I lost net access for nearly three weeks!). Ouch! :-) > Anyway, I have been trying to crack a commercial protection system > which is currently being used by Corel for licensing. They issue > their standard 30-day trial stuff with this system on it. The system > itself is produced by Elan Computer Systems (or summat like that) > and is fairly easy to crack on a system where you know the install > date. However, a general crack has been difficult to find. I've been > investigating how the system marks the hard drive to ID whether it > has been installed b4. Yes, I know all about Elan ************** :-) I've been trying to (properly) crack the Corel protection for months, with no success - if you know how, *tell us* please! It's had me stumped! No, it doesn't mark the HD, I'll tell you what it does (I spent a long time investigating this protection, I had intended to post my findings here sooner or later <g>) - Ok, it writes *two* keys to the registry (which must be gotten rid of) and one license file (windows\system\101.lic in my case) which must also go. The registry keys are: HKEY_LOCAL_MACHINE\SOFTWARE\Elan\SentinelLM\CurrentVersion\SentinelLM HKEY_LOCAL_MACHINE\System\SOFTWARE\RBO\L1025e4a2 Note that the value name 'L1025e4a2' will be different on your computer. To reinstall a Corel product I found I had to delete the 101.lic file and both registry keys (the whole key, not just the values). I also found that I couldn't get it to run if the year was not 1997, *regardless* of the install date. I am *VERY* interested in how you managed to crack this protection scheme ('Elan Sentinal' I think it's called) - it's sort of like a software dongle 'wrapper' if you like - I couldn't even disassemble the EXE file properly! > The system doesn't change the >HD serial no. but it may add info to a > specific part of the HD. I don't know. I've recently discovered a > registry tracker (part of Norton Utils) which does what its name > implies, but I don't seem to be having any luck. As I mentioned above, it uses the registry...anyway, good luck, this is a *tough* protection scheme (at least I found it so), the most 'perfect' one I have seen yet. I suspect a loader such as Greythorne's date cracker would work with this, but IMO this is not a proper crack. Keep working on it though, please let me know what you find!!! :-) Cya, +ReZiDeNt -----#4------------------------------------------------- Subject: Disk Serials On 6 Oct 97 at 22:32, manhcu wrote: > Subject: Issue 12 / Disk Serials (reply to Rezident) > > Anyway, I have been trying to crack a commercial protection system > which is currently being used by Corel for licensing. They issue > their standard 30-day trial stuff with this system on it. The system > itself is produced by Elan Computer Systems (or summat like that) > and is fairly easy to crack on a system where you know the install > date. However, a general crack has been difficult to find. I've been > investigating how the system marks the hard drive to ID whether it > has been installed b4. > > The system doesn't change the HD serial no. but it may add info to a > specific part of the HD. I don't know. I've recently discovered a > registry tracker (part of Norton Utils) which does what its name > implies, but I don't seem to be having any luck. IMHO, isn't a registry tracker something that would monitor only the Win95 registry? If so, it won't show something that writes directly to a disk sector, I think. Anyway, there is an excellent program (regmon.zip) that does monitor the Win95 registry. Have you tried using file monitor (filemon.zip)? If would show if the program is creating a tiny little file somewhere. Wafna -----#5------------------------------------------------- Subject: +HCU ML answer for noose Hi people, time to contribute :) Noose wrote: >Anyway, I have been trying to crack a commercial protection system which >is currently being used by Corel for licensing. They issue their >standard 30-day trial stuff with this system on it. I looked at only one Corel product being CorelCad. The 30-day 'expiry' sequence uses a registry key in (I think!!) HKEY_LOCAL_MACHINE. Anyway its {insd"{STRING}"} where STRING is similar to 99a3ea1b. The coding sequence was as follows: Installed on 31/5/97 99a3ea1b gives 30 day remaining on 13/6/97 the same string would give 17 days remaining on the same date (13/6/97) then simply changing the 5th and 6th digit would give:- ea = 17 days remaining eb = expired ec = 16 days remaining ed = expired ee = 15 days remaining ef = expired f0 = 22 days remaining **interesting e0 = 14 days remaining get the drift ? its easy just to extend the expiry as and when required be editing the registry. I didnt bother to look further into the prgm, since its a *&%^$# useless app. One last point is that if you increase the string above 30 days the prgm reads it as expired. I didnt check the 4th digit:(. >I've been investigating how the system marks the hard drive to ID whether it has >been installed b4. In this case it simply erased the registry key {insd"{STRING}"} after expiry but left the "path". Simply re-inserting a valid insd"STRING" will get the prgm working. >I've recently discovered a registry tracker (part of Norton Utils) which does what its >name implies, but I don't seem to be having any luck. Registry monitor (by Russimoqich??) works well. With the above and a dead list approach you should have all the answers. Hope this assists. basE+mEtaL =====End of Issue 27==================================== ======================================================== +HCU Maillist Issue: 28 10/14/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: Re: Newsgroup deletion program (Also known as UCE) #2 Subject: The list is back! ARTICLES: -----#1------------------------------------------------- Subject: Re: Newsgroup deletion program (Also known as UCE) Hi +ReZiDeNt >I don't quite understand this (and I'm not going to try >it until I do :-)) - do you mean it deletes all the messages for the >selected group from ALL the newservers on the Internet?! I don't know >much about how newgroups operate, could you possibly elaborate?> To be honest I do not have a clue as to wether it deletes the files on different servers. Unfortunately I have only tested (looked) on my own news server. I would appreciate if someone (you if you have time) joins me on the IRC and see if the articles dissapears on your news-servers... PS Sorry for the late response but for some unknown reason I don't get this group's letters on time and only have letters up to 8-Oct-97. Regards GlorFindeL ______________________________________________________ Get Your Private, Free Email at ********************** -----#2------------------------------------------------- Subject: The list is back! Hi boys! I am back and see what an asshole I am. I forgot to switch on the machine with the list, before I left so no surprising the list died :(. Fortunatelly, Malattia took over, so some of the messages got through, but the traffic dropped considerably lately. Maybe he has problems with his connection, because I could not reach him. Anyway, I take over the control of the list now and try to revitalize. Sorry, for the problem I caused, you can now start again sending your articles to the ************* address as before. Zer0+ =====End of Issue 28==================================== ======================================================== +HCU Maillist Issue: 29 10/15/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: Newsgroup deletion program (Also known as UCE) #2 Subject: The list is back etc. #3 Subject: Keeping the list alive! ARTICLES: -----#1------------------------------------------------- Subject: Newsgroup deletion program (Also known as UCE) Hi GlorFindeL, > To be honest I do not have a clue as to wether it deletes the files > on different servers. Unfortunately I have only tested (looked) on > my own news server. I would appreciate if someone (you if you have > time) joins me on the IRC and see if the articles dissapears on your > news-servers... Well, I rarely if ever use IRC - the cost of staying on-line is too high where I live :-( And I wonder what my ISP would do if I wiped their porn groups? ;-) But seriously, it does sound worth investigating, do you have a URL where it can be downloaded? > PS > Sorry for the late response but for some unknown reason I don't get > this group's letters on time and only have letters up to 8-Oct-97. No problem, there have been some probs with the list (as you know) - MaLaTTiA is very busy.... Cya, +ReZiDeNt -----#2------------------------------------------------- Subject: The list is back etc. Hi Zer0+, > I am back and see what an asshole I am. I forgot to switch on the > machine with the list, before I left so no surprising the list died > :(. Fortunatelly, Malattia took over, so some of the messages got > through, but the traffic dropped considerably lately. Maybe he has > problems with his connection, because I could not reach him. Anyway, > I take over the control of the list now and try to revitalize. > Sorry, for the problem I caused, you can now start again sending > your articles to the ************* address as before. No worries! It's great to have the list up full time again! I had an idea though, I don't know what others think about this - but would it be possible to send out an issue each day even if there are no contributions? Just so that we all know things are still 'alive'? Keep up the good work! +ReZiDeNt -----#3------------------------------------------------- Subject: Keeping the list alive! Hi all! As +Rezident suggested, from now on every day an issue will be sent out to show that the list is up and running. If there are no articles that they the issue will contain a one sentence warning that you were lazy :) Keep on writing Zer0+ =====End of Issue 29==================================== ======================================================== +HCU Maillist Issue: 30 10/16/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: Corel (Elan) Protection #2 Subject: Aesculapius HomePage Censored... #3 Subject: Re: Newsgroup deletion program (Also known as UCE) URL inside #4 Subject: New protection? ARTICLES: -----#1------------------------------------------------- Subject: Corel (Elan) Protection OK, the way I cracked the date problem was using WinDasm32, I pulled disass. the corel app (I've been using PhotoPaint 7 Plus). One of the import functions is GetLocalTime (I think it's a kernel routine). Anyway, there's only one reference to it which happens to be within a standard MS C++ routine to convert the full date into seconds from 1970, with adjustments for time zone etc. I actually stumbled in this routine whilst analyzing the demo version of Elan from their website. Try downloading the demo and adding the string "ELMDEBUG=1" to your environment. You'll find that when running, the protection displays debugging info which gives details of what the ???.lic file contains encoded in those long numbers. Now, the commercial version still has the same debugging routines which are called at the same instances - however, they are disabled (presumably by some internal flag). This doesn't matter tho' because the demo gave me enough info on what the data was they would have been displaying. From this I located the "Get the date" routine which is the one I mentioned earlier. It is then a simple enough matter (so long as you have access to the MS specification on how GetLocalTime returns its values) to fool the protection into always believing it is the same date - by adding a small routine to return the same date every time. Now, base+metal has suggested a few things about the registry value which suggest that it contains the actual install date encoded. I believe that is could be a very simple matter to write a routine to get the value of this key, convert it to the date it indicates, and plug that into a crack. Thus making a generic crack for virtually all Corel 30-day trial apps and also many from other companies which use the system. I'm actually quite interested in finding out how the ???.lic file encodes the information it contains, but I think that could be a little long-winded, and if I'm correct with the above assumption, also a little pointless. Noose. -----#2------------------------------------------------- Subject: Aesculapius HomePage Censored... I'm back at ********************************************************* Aesculapius -----#3------------------------------------------------- Subject: Re: Newsgroup deletion program (Also known as UCE) URL inside Hi +ReZiDeNt OK (for those who are interested) here it is: ************************************* Check it out and crack it but keep the crack to yourselfs. Join me and lets find out if this thing is as potent as they make it out to be... Regards GlorFindeL ******************* ______________________________________________________ Get Your Private, Free Email at ********************** -----#4------------------------------------------------- Subject: New protection? Hi all! I was thinking about a new(?) protection, which I want to implement for the "Our protections" page of Fravia+. However, before I put some work in it I would like to ask you if one of you have met a protection similar to this: The protected program is a crippleware, but it can be turned to full version with a registration code. The idea behind the protection is very simple : the actual code of the disabled function is scrambled and the registration number is used to decode it to get the functional code. The strength of the protection comes from the fact that the program practically containes no checks whether the supplied registration number is good and the decoded program code is functioning or not. (There can be some checks without weakening the protection, but the program can just run the scrambled code, too, with the result of interesting crashes :) The lack of any information inside the protection about the correctness of the password makes it difficult to crack with the usual methods. In my opinion if the coding is cryptogaphically strong enough its almost the same as if the protected function was not present at all. This scheme is very simple, yet powerfull (at least I think), so probably it has been already used (maybe in exe protectors?). If any one of you has seen a protection like this, or has any comments, please let me know! Thanks Zer0+ =====End of Issue 30====================================