home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Reverse Code Engineering RCE CD +sandman 2000
/
ReverseCodeEngineeringRceCdsandman2000.iso
/
RCE
/
Library
/
+HCU
/
051-060.TXT
< prev
next >
Wrap
Text File
|
2000-05-25
|
50KB
|
1,389 lines
========================================================
+HCU Maillist Issue: 51 11/06/1997
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
========================================================
CONTENTS:
#1 Subject: asking for issues
#2 Subject: Apologies for formatting errors...
#3 Subject: BlackWidow
#4 Subject: ICQ
#5 Subject: pdf cracking
ARTICLES:
-----#1-------------------------------------------------
Subject: asking for issues
Hi all!
wlc wrote:
>Checking my email, I didn't come across ML#47. Was one sent out?
>That would be the one for Sunday, November 2, 1997. In some time
>zones some of you would be one day ahead of me. If one was sent,
>could I trouble you to email me a copy to ************************
>at your convenience. I would hate to miss the valuable contributions.
If somebody did not get an issue or want to have an old issue, please
drop a letter to the managment at **************** and I will send
it to him. Its better not to ask it on the list because he might get
20 of it or not get it at all if everybody is waiting for the other to
send.
Zer0+
PS: wlc if you still need them, write, I will not send it now.
-----#2-------------------------------------------------
Subject: Apologies for formatting errors...
Hello Kubak,
> Yor essay was pretty good in my opinion, althou it had some letters
> missing and was tricky to read. I think that this example shows us,
> how easy it is to crack a protection if You know how to find the
> CRACK, the weak spot of the sheme. Keep up the good work. This one
> was great !!!
I know there were a few formatting problems that caused the
loss of characters...there seems to be a problem with the text editor
in my mailer (Pegasus Mail)...what do you mean when you say it was
tricky to read? Was it the language that was difficult to understand
or my explanations?
Cheers,
+ReZiDeNt
-----#3-------------------------------------------------
Subject: BlackWidow
Hi wlc,
> study or review of VB5 may help. Some may
> find certain features in BlackWidow helpful
> for their method of downloading, and the
> reorganizing files with Clonemaster and
> NameWiz.
BlackWidow is fairly easy to crack (it's a VB5 app as you say,
just bpx on WideCharToMultiByteString - I think that's it - and you're
more or less there, just 'hear' the echo :-))
Unfortunately I have never had any luck with any program of this sort
(BlackWidow, Internet Marauder etc.)...BlackWidow is especially slow,
being a VB monster...
Cya,
+ReZiDeNt
-----#4-------------------------------------------------
Subject: ICQ
Hi all!
Does anybody of you have an ICQ UIN? I often connect with ICQ activated and it
would be nice to meet you online... if you like, you can drop a mail directly
to **************** and after some days I'll put online a message with all your
UINs...
byez,
.+MaLaTTiA.
-----#5-------------------------------------------------
Subject: pdf cracking
Hi all!
I made some progress in cracking Acrobat Reader, namely managed to patch
the program
which now allows selection and copying of a text even when these options
are not allowed.
(Now Fravia can ripp of the text from Ghiribizzo's tutorials and publish
them :)
Some orientation for those who wants to work on it, too.
The program starts to read the /P 65476 permission value at position
47D50D the best
way to break here is BPX 0047D50D IF BYTE(*ECX)==36
The rutin which converts the string to the FFC4 value is called from
4CDF3D
(CALL 51C790). I was looking for this rutin for a long time in the dead
listing
but could not find it because it looks quite different what I was
expecting.
The calcutated value FFC4 is after copying it around for a while at
442844 is moved
to its place at the 26C position of a big structure.
442844 MOV [ECX+0000026C], EAX
Set a break point on this memory location and let the program run. It
will get this value
at two important place: at 442CB8 it gets it to use for decoding the
passwords so we
have to keep the original value here. At 4430E5 the value is used for
setting the permissions,
we sure want to patch here :) So change at
4430E5: MOV EDX, DWORD PTR [EAX+0000026C] to
MOV EDX, 0000FFFC
NOP
This lets you use the select and copy menu point. If you check the
Security settings dialog
don't panic if the settings have not changed, they are calculated in an
other part of the
proram from the original value at 26C. The reason I have not changed the
value at
26C that its used for decrypting things at least in two rounds. And I
have not yet found the
place where the program has already finished with all decryption and I
can safely manipulate
the permissions. Another thing which need to be fixed is patching the
program to ignore
the HideMenuBar preference of the file so the files should not be
patched only the
Acrobat reader. Have a good work folks!
Zer0+
PS to Fravia+: Don't put this on your pages yet, I will send a more
complete description
later :).
=====End of Issue 51====================================
========================================================
+HCU Maillist Issue: 52 11/07/1997
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
========================================================
CONTENTS:
#1 Subject: 'nother tool
ARTICLES:
-----#1-------------------------------------------------
Subject: 'nother tool
For those of you who have not used it, Multi-Edit for windows (the
"ultimate programmer's editor) is a tool not to be missed. Among its
many features (sophisticated S&R, complete macro language, compiler and
debugger support, HTML, etc), there are a few that will appeal directly
to readers of this newsletter:
1) Unlimited file size--and F-A-S-T. Multi-Edit uses its own swap file;
when you first load a program, scroll all the way to the end (there will
be a 10-30 second delay) of the document...from then on, no matter what
the size, you scroll through the file with no delay. This sounds nice
and all for things like AUTOEXEC.BAT, but let me tell you it comes in
handy when working with Netscape.lst (45 MB, fast scrolling!)
2) Small footprint...the whole package is under 5 MB installed, the main
EXE is 39K, the main (largest) DLL is 500K.
3) Colorization of any source code language (ASM, C, ASPECT, PERL, even
one for the WinAPI), plus the capability to customize/add language
definitions
4) Point-and-click Bookmarks...add "create bookmark, "delete bookmark",
and "goto bookmark" to the toolbar and you are in disassembly heaven.
I've been using this app for many months now and it is unbelievably
useful for the "dead-listing" approach (not to mention ASM programming).
....The point of all this being that you can download the v 8.0 beta (no
expiration date, so far) from
********************************************************
....about 2.5 megs total.
When you install, it will ask you for a password...this is easy to fake
through if you have Soft-Ice loaded (change two JNZs to JZs or something
like that... ;). Once installed, when run it will ask you for a serial
number. Note that you can just hit cancel and everything will work fine;
you cannot delete the serial dialogue with BRW (it is created
dynamically by CreateDialogIndirectParam). You can crack it, but it's a
bitch...this is object-oriented code that could win the obfuscated ASM
contest...it may have been written in Delphi even (though the code is
interesting, take a stroll through...). I haven't used Filemon on it yet
(no reg keys made) as I just installed it, but chances are there's a
..cfg or .pwd file that has to be created. Anyways, download, check it
out, enjoy.
Oh yeah, one more thing, you have to have a prev version of MultiEdit
installed...just download the free demo from the "demos" dection of the
FTP site and it works fine.
mammon_
1189923 (ICQ)
______________________________________________________
Get Your Private, Free Email at **********************
=====End of Issue 52====================================
========================================================
+HCU Maillist Issue: 53 11/09/1997
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
========================================================
CONTENTS:
#1 Subject: Ida Pro... Last Chance!
#2 Subject: Smartcheck Trial renamed
#3 Subject: Thanks
#4 Subject: CD magazines
ARTICLES:
-----#1-------------------------------------------------
Subject: Ida Pro... Last Chance!
Friends;
Just a note to remind you... If you have not downloaded Ida Pro from
my web-site yet, Sunday will be your LAST chance. My site WILL go down
Sunday night, and I WILL NOT re-open it any time soon.
Hackmore Readrite
-----#2-------------------------------------------------
Subject: Smartcheck Trial renamed
Hear, hear, hear
fravia+
-------------Forwarded Message-----------------
RE: Smartcheck Trial renamed
Hi Fravia,
just a quick note:
Numega has renamed their Smartcheck Trial File on
******************************************
>from 'smchk50.exe' to 'dfjcmj.exe' (same size still),
so the link in Snatch's essay doesnt work.
Isn't it funny that the creators of SoftICE come up with
such an absolutely disgusting lamer's trick? They can't
really be serious. BTW, the same file (original name) exists
also on ********************************
as65pp
-----#3-------------------------------------------------
Subject: Thanks
Hail +All:
Thought I take a few days off, give you guys a break and check into a
few useful things and do some 'honest' work for a change.
A Thanks to Zero+ and those who sent me the missing ML#. I had missed
out on quite a bit of interesting stuff and a few personalities.
One other Thanks to +ReZiDeNt for the hint. Yeah, VB5 programs loves
to suck on resources and then choke on it. I traced through the code
with WDasm for the fun of it then I dragged and dropped it into the
dead zone for non recyclables.
Hey mammon_ , thanks for the notice re: MultiEdit V8.0 update and
hint.
Secondly, I notice a slight change at your site on your essays
'Mammon_ Tales to his Grandson'. It's a great original title theme.
When I first read your essays in September I followed up on your basic
explanations and tips in setting up and using SoftIce. It was very
helpful advice, especially when I started out without the manuals at
the time. Glad that you took the effort to expand on the topic of
using SoftIce further. You should post more of these in the future.
If +others have sites for me to visit, drop a note.
wlc
-----#4-------------------------------------------------
Subject: CD magazines
Hi, All!
There is a spanish magazine "CD Classic" with a very interesting CD.
Corel Draw 7
AutoCad LT 3.0
TurboCad 2.0
Truespace 3.0
Pionner 1.1
Director 5.0
CleanSweep 3.0
PSP 4.1
Communicator
and more...
=46or theese old issues: +343 471 00 08
=46ax: +343 375 10 53
I bought the special august issue for 600 pts. (~$4)
hope it helps
trurl
=====End of Issue 53====================================
========================================================
+HCU Maillist Issue: 54 11/10/1997
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
========================================================
CONTENTS:
#1 Subject: Read this :)
#2 Subject: java search applet
#3 Subject: two requests.....
#4 Subject: Better than Teleport PRO
#5 Subject: Smartcheck
#6 Subject: Reality cracking for money, or, a Crack for Intercasino
#7 Subject: pentium bug
#8 Subject: pdf again
ARTICLES:
-----#1-------------------------------------------------
Subject: Read this :)
Hi All! :)
Look at this data found in FtpWolf ******************************
* Possible StringData Ref from Data Obj ->"Ask yourself, do you think it "
->"Wise to use a pirate copy in a "
->"Network environment where one "
->"can so easily be traced?"
...It's nice how they try to scare you if you make a wrong crack.... :)
(*phew*... fortunately I didn't... :))
byez,
.+MaLaTTiA.
-----#2-------------------------------------------------
Subject: java search applet
Better late than never....
On 25 Oct 97 at 14:32, +HCU ML wrote:
> > OH!!! IT WOULD BE _GREAT_!!! :)) > I was afraid of making up a >
> cgi, also because fortunecity doesn't > give the possibility to use
> > them... :)
Java search applet is at ****************************************
WAFNA of FCA
-----#3-------------------------------------------------
Subject: two requests.....
Hello all -
request 1) - does anyone have TASM available for d/l?
request 2) - what's the name of that program that creates a crosshair
on the PC and then shows the info for every window you put that
crosshair on?
TIA,
WAFNA of FCA
-----#4-------------------------------------------------
Subject: Better than Teleport PRO
Hello all,
IMHO, better than Teleport PRO is Incontext Web Analyzer.
It comes in a 15-day time-limited version, and then you have to enter
your c/c number, it dials a number in the USA, and then unlocks the
program.
I'm afraid I don't have the URL right now..... but it's a very good
program. It is also useful for montoring your own Web Page to see if
there are any links to things that no longer exist....
WAFNA
-----#5-------------------------------------------------
Subject: Smartcheck
On 5 Nov 97 at 7:21, +HCU ML wrote:
> Subject: An interesting tool: Numega's Smartcheck
>
> Hi +gthorne!
>
> Hope you have downloaded (and used) this NEW JUWEL by Numega:
> Smartcheck
> (Snatch's essay will help you to crack it in three seconds flat...
Well, but where exacty in Fravia's pages is Snatch's essay on
Smartcheck?
Thanks,
WAFNA
-----#6-------------------------------------------------
Subject: Reality cracking for money, or, a Crack for Intercasino
Hello all,
This, believe it or not, is true.
A few months ago I found out that there were Casinos on the Net.
Since I myself like playing the roulette, I went to
*************************** and downloaded their program, noting,
too, that it is possible to play it in 'practice mode' (ie without
money).
After downloading the program, I started playing with it. Began with
50 (fake) dollars, and eventually reached 500, very easily. This
happened more than once.
Now, for those who do not go too much to Casinos, it's not easy at
all to win! In fact, most of the time, you lose!
Anyway, I was happy that I was winning easily, and then tried to use
Intercasino for money. And very quickly I lost $50. This happened
more than once.
So, smelling something very fishy (when you play for fun you win,
when you play for money you lose), I thought of writing them a nasty
e-mail.
But what would that do? Nothing...
So I stopped playing with Intercasino until a few weeks ago, when,
having nothing to do, I gave it one go, and decided to bet against my
better judgement. And I won.
I tried again with my new criteria, and I won again.
And again.
So I thought 'hmmm.... this is nice, I can win $500 every time, and
buy many nice PCMCIA cards...' . But I also thought it would be
something worth telling other people, as long as it remains fairly
'secret', otherwise we all stop winning. So here it is, my 'reality
cracking' techniques for Intercasino:
you see, people who normally go gambling on roulettes know that it is
very very unlikely to get, say, five 'reds' in a row, or the same
number twice, or things like 22-23-22-24, although, strictly
speaking, the probability of getting a fifth red after four reds is
50%.
Anyway, what I noticed, is that Intercasino is not really random, it
uses these psychological subtleties to make people lose. And, since
it is not random, it is crackable.
Here's how.
When you enter Intercasino proper with money, you will have a choice
of games.
Select 'roulette'. The computer will connect to the net and display,
on the left hand side, the last four or five numbers that came out.
Now, this is the tricky bit - you have to bet on what seems
'unlikely'.
For instance, if you have R-R-R-R, bet on red again, USD 5 for each
USD 50 you have. In about 4 cases out of 5, you will win.
If you notice something like R-R-B-R-R, bet on red, which is the
'unlikely' event.
Now this for colours. If you want to bet on numbers, then do as
following:
always put one coin on 0 and 00 (you put it between the two), because
these numbers, for some 'strange' reason, pop up more than the
others....
Now, when looking at the list of the last numbers, you will notice
that, OFTEN, they are strangely grouped, eg 2-3-4, 10-12-13, and so
on. In a normal roulette, everyone would bet AWAY from these numbers,
but not in Intercasino. So bet on numbers NEAR those which just came
out, preferably using the carre' - eg you bet on the center of the
four numbers 7-8-10-11, and what you place there will be 1/4 on each
number.
OK, so you bet your $5 and you won $5 (or more if you bet on the
numbers and won).
You must then LEAVE roulette, and play something else (I play
blackjack), this will 'reset' the roulette. Then you go back to the
roulette and repeat all the above.
After one hour, or 90 minutes, you will notice that your technique
has stopped working - STOP immediately, and leave Intercasino for a
day or two - don't be tempted to play soon after because you will
lose.
I tried it three times:
1) started at $50, went to $500, started losing, stopped at $300
2) started at $50, went to $500 and stopped
3) started at $50, went to $300, lost $100, stopped at $200.
Now, this could be a coincidence, but I really don't think so. I have
played many years with the roulette, and I never saw a roulette
'behaving' so predictably.
However, if it starts working for you too, it would be wonderful,
besides getting some $$$ we could show Intercasino that not everyone
is stupid (let's hope they don't notice...).
But if you do lose, don't blame me, OK? I just sent this message
because I thought it is something we might all benefit from.
WAFNA
-----#7-------------------------------------------------
Subject: pentium bug
Hi all!
I just came across the info:
the F0, 0F, C7, C8 instruction codes freeze a pentium processor
and only the reset helps. This translates to the
LOCK CMPXCHG EAX instruction which is not a privileged
instuction so you can do it in all rings. With this you can kill
a multiuser system (NT or linux) instantly. The only way to
bring it back is going to the machine and press reset.
That much about secure operation systems on a PC.
BTW I have 486 and PPro so I could not check the
info.
Zer0+
-----#8-------------------------------------------------
Subject: pdf again
Hi all!
Here I send, as promised, a polished version of the Acrobat reader
patch which enables to select and copy parts of a document
independently of the security settings.
I do not want to repeat here how the whole encryption is working
in a PDF document (you can find that in the PDF specs from
Adobe), so I just point out the most important things.
- If a PDF document is encrypted by using the Standard security
handler the P key containes the permissions which are granted
when the document is opened with the user password. Its a word
value, FFFC meaning you are allowed to do everything, FFC0 means
you can=B4t touch the document.
- You can't just rewrite this value in the document because it
is used for generating the key which is used to encrypt the
document (check the specs for details.)
- However, here is a note from the PDF specs:
"Despite the specification of document permissions in a PDF file,
PDF cannot enforce the restrictions specified. It is up to the
implementors of PDF viewers to respect the intent of the document
creator by limiting access to an encrypted PDF file according to
the permissions and passwords contained in the file."
This means that a reader can ignore the permission settings.
Unfortunatly, this nice feature is missing from Acrobat Reader
so we have to work a bit.
Target: Adobe Acrobat Reader 3.00 2 263 552 bytes
Our main aim is to find the place of the program where the
permission value can be modified to let us do everything without
affecting the decryption of the document.
What I did was: set a break point on kernel _lread to monitor
the file access, if the P value was read into memory breakpoint
set break point on its memory position and see where the program
touches it. This way I got to code at 47D50D where the program
starts to parse it, at 4CDF3D it converts the string to word
value and later puts it at the 26C position of a structure
at 442844 MOV [ECX+0000026C], EAX. This was an effective, but
long and boring way to find this position. Now looking back
I could have found it by searching the dead listing for the
value FFFC (remember this is the let everything to do value
which is used when there is no protection) the program sure
moves it into [ECX+0000026C] a few times. Well, this means
I am still quite a way from being a ZEN cracker :( and once
again proves the words of the great Dave Mustaine "Hindsight
is always 20-20" :)
Now that we have this position we can see what the program
is doing with it. It takes the value at 442CB8 for generating
the decryption key and at 4430E5 it copies it to position
20C and used for setting the permissions. I wanted to fiddle
with the permission settings as far as possible from the
decryption part so I followed it till 480A62 where it moved
to [esi+78] position. Actually the value has been transformed
a bit high order byte to 7F and low order byte incremented
by 1 so the desired value at this position is 7FFD instead
of FFFC. It seems the program is not moving it any further
so we have to patch here to move 7FFD into [esi+78].
This enables selecting text and pictures from any document
and printing it. If you check the security settings menu
point you will see the original settings because the
program reads the 26C position which we have not changed
to present the settings. If you want to change that you
can fiddle with one of the few instructions which reads
[reg+0000026C], but I actually forgot which one. I myself
prefer not to change it, this way I can check what kind of
permissions the author originally set for us :)
One last thing: the author of the pdf document can set
whether the menubar toolbar and windowUI is displayed
when a document is opened. This is controlled by the
HideToolBar, HideMenuBar and HideWindowUI flags in the
ViewerPreferences dictionary. We of course want to have
these goodies always on (which is the default value) so
can destroy the reference to these flags so the program
cannot recognise them. Therefore search these strings in
the reader exe file and change one letter in them. The
program cannot parse these settings in the PDF file
correctly anymore so we always have the goodies on.
PS: I think now I move on to analyse deeper the pdf
standard encryption handler and write a small utility
to get the user and owner password of a document if
I can. I am just curious what could be the owner
pw of the Ghiribizzo files :)
Zer0+
=====End of Issue 54====================================
========================================================
+HCU Maillist Issue: 55 11/11/1997
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
========================================================
CONTENTS:
#1 Subject: Ida Pro Stats...
#2 Subject: none
#3 Subject: +daQ... HELP!
#4 Subject: Sorry +daQ!
ARTICLES:
-----#1-------------------------------------------------
Subject: Ida Pro Stats...
Friends;
I have removed my web-page, and thought I would share some statistics
with anyone who might be interested.
My page recieved 129 hits. Of those, 67 hits were from personal
friends (NON-programers) who enjoyed watching the little guy piss on
Microsoft. The remaining 62 hits were from HCU crackers, and four
personal invitations I had sent out.
Some of you had problems downloading Part-1, which would account, in
part at least, for the difference between the 62 HCU hits and the
(aproximately) 40 readers of this News Letter.
Ten people actualy took the time to say "Thank You", and to all of
you, you're welcome!
Hackmore Readrite
-----#2-------------------------------------------------
Subject: none
1) Javascript search
....Just about every Javascript example you will ever need will be found
at "the Javascript Planet",
********************************************
It's worth it, go there....
2) TASM download
....Yes, I have TASM avail for download; since there seems to be a demand
I will repost it this week (give me till Wed) on that file area I set up
at Fortunecities. The download this time will be as I originally
specified (there was a snag before), all three disks in tasm1.zip
through tasm3.zip. Check yer back ish for the URL or contact me
*********************
3). Program that creates a crosshair&etc&etc is called System
Information, it is a fantastic utility that I have available for
download at
************************************************************
or, alternately, you can track it down using oak.oakland.edu or from
whereever I got it (winsite or simtel or Dave's or something...)
4). wlc: thanks&etc&etc, I have been updating my site but moved it to
eccentrica. BTW, for all, ****************** has a policy which says
pretty much that as long as you don't put up stuff like kiddie porn, yer
okay..they believe in "free speech" (whatever that is...); they start
you off with 500K (so put your downloads and mirrors elsewhere), but
will increase it if you get a lot of hits...regardless of your content.
Plus, NO ADs.
So, wlc: all of the essays are now lodged at
*************************
on a special page /tales.html
....so now you have the latest ;). Any other questions, email me at the
above addr--no need making this ML too 'chat room'...(ps Zero+: if we
have "personal" or one-on-one messages, can we remail through you or
should we try and track each other down? -_m)
And one last thing, to wlc and others...Lord Caligo has the greatest
collection of essays/tuts you have ever seen.
5)trurl: who publishes that mag? I haven't come across it and so will
have better luck going through distributors. Email me or post, as you
prefer....
_m
______________________________________________________
Get Your Private, Free Email at **********************
-----#3-------------------------------------------------
Subject: +daQ... HELP!
+daQ;
If you are reading this, I need your help in a very bad way. Would
you please contact me with an address where we can communicate?
Hackmore
-----#4-------------------------------------------------
Subject: Sorry +daQ!
+daQ;
I forgot... Contact me at: ********************
Hackmore
=====End of Issue 55====================================
========================================================
+HCU Maillist Issue: 56 11/12/1997
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
========================================================
CONTENTS:
#1 Subject: SNATCHED!
#2 Subject: A cracking problem ... :(
#3 Subject: A lame question 'bout wdasm ...
ARTICLES:
-----#1-------------------------------------------------
Subject: SNATCHED!
Hail +All:
WAFNA:
If you used Teleport Port, you may have grabbed the file Snatch1.html
off fravia+ site. Check your subdirectory for this document. Bet you
$5.00 that it is there.
Hackmore: Guess I was the culprit hitting on your site so much.
Finally by deadline I manage to get half of a workable version of
part1 to unzip. Difference between the two, demo and release version
is a reduction in size in the ida.wll in the demo and the inclusion of
a key file in the orginal. A reduction in size in the demo probably
means that some of the features were taken out. Wonder what the
differences are? Thanks for having it available to investigate.
Thank Mammon_ for address to you essays. Yeah, I agree Lord Caligo
got a great site to visit.
wlc
-----#2-------------------------------------------------
Subject: A cracking problem ... :(
Hi guys !!!
As we hadn't talked about cracking a concrete program for a long time I
think I'll change the subject.
As I couldn't find the proper file on Fravia's site here goes:
The proggie is WebSeeker32. It is a handy utility for W95 it enables You
to ask all (or some) search engines a question.
The beauty of WS is that he'll check all the pages after he receives the
reply from the search engines, if they really exist or if have they been
censored :(
It comes as a 30-day trial, and then You have to buy it (register). Here
comes the funny part:
You have to enter a 5 chunk code (called VIP#), and then another code
(if You get the first one right) called VIP event.
When You enter each chunk (not all numbers are allowed !) it either
writes "VIP# wrong" (even when the chunk isn't filled entirely) or does
nothing which means You are entering the right code)
I have tried live approach and I yelled no results, so I tried the dead
listing one.
I have menaged to patch the DLL the program uses (wc.dll) in about 10
places so when I enter only 5s (and some other numeric combinations) as
the code it goes all right.
Then You have to enter the VIP event, and it either says (after the
patches) that it is entered wrongly or does nothing at all :(
I am also worried about some other strings I have found ("Sending Your
registration to server", "Could not connect the registration server" or
"There is a problem with Your VIP number call SOME-BUMB-NUBER")
This could mean that the only way to register the proggie is to connect
with their reg. server and d/l some files.
If someone has an idea how to defeat this scheme I'm opened to
suggestions. (If You are interested I can send the locations I patched)
KUBAK
-----#3-------------------------------------------------
Subject: A lame question 'bout wdasm ...
Hi All !!
Does anyone know the name of file with full Wdasm8 ? I have tried a lot
of combinations and they yielded no results.
I know that it is not +OUR way to use programs stolen by someone else,
but I (like Hackmore I hope) like to use the full version with all it's
capabilities, not crippled in any way.
Thanx for THE answer
KUBAK
=====End of Issue 56====================================
========================================================
+HCU Maillist Issue: 57 11/13/1997
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
========================================================
CONTENTS:
#1 Subject: IDA and SmartCheck
#2 Subject: magazine
#3 Subject: Let's take a vote!
#4 Subject: none
#5 Subject: casino
ARTICLES:
-----#1-------------------------------------------------
Subject: IDA and SmartCheck
by virtue of a new ftp site i have, i have put ida pro from hackmore
and smartcheck (in case the guys at numega get a tad smarter than
changing the name...) in my storage directory
if you link to the site, the only dirs i can guarantee will stay in
the same order are pub and +ORC (since the site is new for me and I
have only put a few things on it, I haven't really ordered things the
way i would like yet.
Anyway, the site is at:
*************************
and also:
******************************
Fravia has mentioned that he would like me to start keeping a full zip
of the student essays from his page in the site as well
I will add that when I get a chance
take care all
+gthorne
-----#2-------------------------------------------------
Subject: magazine
Hello!
> My page recieved 129 hits.=20
Aaaargh! I put a web page on programming (with good contents, I think)
a month ago and it has received less hits. :-DDD
> Ten people actualy took the time to say "Thank You",=20
Well I'll say you now:
Thanks :-)
trurl
/*************************/
> trurl: who publishes that mag? I haven't come across it and so will=20
> have better luck going through distributors
I've found their Internet addresses.
Ares Inform=E1tica S.L.
********************************
***********************
I bought that old issue in their stand at SIMO for 600 pts. They told
me the price is the same by mail.
If there is some South America reader... there is a distributor in
Argentina too.
It's really not a computer magazine, but a "crack me" CD wrapped with
some paper ads...=20
greetings
trurl
-----#3-------------------------------------------------
Subject: Let's take a vote!
Friends;
Those of you who frequent +Fravias web-pages are, no doubt, aware of
the "+ORC secret pages" riddle which is located near the bottom of the
"ORC.HTML" page. So far, nobody has been able to solve the riddle.
A friend of mine maintains a web-page dedicated to solving this
riddle, where every-one can "get together" to share thier ideas.
Recently, my friend and I were discussing what should be done IF the
solution is ever found. I've posed this question to several of the +HCU
senior officers, but none of them seem to think the question deserves to
be answered. So lets take a vote on the subject.
1) IF the solution is EVER found, should it...
A) Be kept a secret forever?
B) Be shared ONLY with members of this News Letter?
C) Be shared with the world through my friends web-page?
2) If you answered "B" or "C" to the question above, what
"proof" would we need that the site had actualy been found?
A) A description of the web-page?
B) The ACTUAL web-page, or a URL?
C) The details of the solution itself?
If you have any ideas or opinions OTHER than those listed above,
please feel free to share them with us.
Thank You;
Hackmore Readrite
-----#4-------------------------------------------------
Subject: none
Kubak: w32dasm filename are:
rvw32dsm.zip
w32dasm.zip (size 915K)
w32dsm89.zip
______________________________________________________
Get Your Private, Free Email at **********************
-----#5-------------------------------------------------
Subject: casino
Hello all, esp. WAFNA.
Before speaking on the subject, briefly my general vision of all
discussed problems:
The reverse engineering is a specific aspect of the base problem:
ENCRYPTING - DECRYPTING. All human and machine languages encrypt
something. Understanding a certain language means its DECRYPTING,
it is based on the stocked knowledge (dictionnary, rules, grammar,
etc.) in the human or computer memory. Translating from one language
(machine or human) to another (machine or human) is a decrypting
(first stage)+encrypting(second stage). The real solution of the
discussed problems lies in engaging computer in decrypting process
by giving him precise instructions. It is like mathematics, especially
algebraic problems: from certain known facts to find (= calculate!)
the unknown, and the computer is very strong in mathematics!
Now first OCR (optical character recognition) programs appear on
the market, including sharewares: Papyrus, Cuneic forms. They are
based on decryption process.
Casino problem: I speak here only about roulette. There are two
absolutly different classes: 1) mechanical roulette. It is a fair
play. It is up to you to chose the right moment to enter the game,
in order to win. It is true that here the mathematical probability rule
is valid, but it concerns the roulette table in general and ALL the
participants taken together, and NOT A PARTICULAR GAMBLER. First
conclusion: never play alone at the roulette table! But in an
Internet casino you are alone at the roulette table, and secondly:
2)it is an electronical roulette, it is PROGRAMMED (while the
mechanical roulette is not programmed by anybody) for a particular
purpose. An electronical roulette can be defeated by its own arms:
a counter program. I do not mean counterfeating the downloaded
program (there are such demands in certains newsgroups...), but
using your own computer as an assistant, I mean teaching your
computer to defeat another in gambling. Remember: in real casino
it is forbidden to use the computer, in Internet casino nobody
can check it. For further details look for CASINO and ROULETTE
by your search engines. I play at the Golden Palace Casino
*********************** with their huge software of 8.5 Mb, and
now they force me to upgrade it with 1.5 Mb more. Why? I do not play
with real money, but it takes me certains efforts not to lose.
And why is it so huge? Is it not to spy on my hard disk?
While I am playing online their game, they perhaps in the meantime
reading all my files through their software... And remember also:
in a real casino nobody (at least officially) traces your losses
and gains, while in the Internet casino everything is registered,
and may be used for the feedback. Good chance to all!
I am interested in any published article (or message) on this subject,
but I will not enter into discussion on a personal level
(by E-mail). With my greetings, AZ111.
=====End of Issue 57====================================
========================================================
+HCU Maillist Issue: 58 11/14/1997
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
========================================================
CONTENTS:
#1 Subject: WDAsm 8.9 full
#2 Subject: SmartCheck for dummies
#3 Subject: Forum (the next level...)
ARTICLES:
-----#1-------------------------------------------------
Subject: WDAsm 8.9 full
Hi KUBAK!
> Hi All !!
> Does anyone know the name of file with full Wdasm8 ? I have tried a
> lot of combinations and they yielded no results. I know that it is
> not +OUR way to use programs stolen by someone else, but I (like
> Hackmore I hope) like to use the full version with all it's
> capabilities, not crippled in any way. Thanx for THE answer KUBAK
Go to the below page (my site :-)) and you'll find the *full*
version of WDAsm 8.9 there: **************************************
Cya,
+ReZiDeNt
-----#2-------------------------------------------------
Subject: SmartCheck for dummies
Hail +Friends:
A thanks to +gthorne for SmartCheck. Took off a copy for evaluation
and read Snatch1.html for hints and reference to get it up and running.
Great tool to dismantle those VB programs. Now we can be reduced to
simple, mindless code tracers. No more chasing elusive calls and
trying to read assembler. Start up SmartCheck and use it to run your
program. In this case, it was NameWiz which I previously mentioned in
ML#49 from ******************** or you can try BlackWidow or Clone
Master, all using VB5 from this site.
Starting SmartCheck, you will see two screen panes pop up in
SmartCheck.
Use it to run the target, NameWiz. When the target execute, the usual
registration window pops up on start up, therefore no need to hunt for
it. Enter the 2 items asked for and then switch back to SmartCheck. On
the left window pane you have a detail listing (similar to a Window File
Explorer file directory and subdirectory listing). Click on the items
to open them up. Check around and you will see one re: the routine for
registration. Click to open it up and follow it down. Every time you
see a line doing a string compare, a letter of the serial number is
compared your input. There were 12 comparisons in my case and if you
copied down the comparisons you have the 12 digit code to reenter later
to register.
Beware, overuse of this program will make you lazy and reliant on power
tools but it will leave you more time to read fravia+ essays.
wlc
-----#3-------------------------------------------------
Subject: Forum (the next level...)
Attn: All
* Bulletin Board Now Open *
It came to me during my long commute this evening that there is a great
need for training/documentation (especially regarding such tools as IDA
and Soft-Ice), both for the readers of this ML and for the "cracking
community" at large. Over the past few days I have peen frequenting the
bulletin boards at Eccentrica and at American Cybernetics, and was
surprised by both the wealth of information they provided (more the
latter than the former site), and the speed of the reponses.
"Inspired", if you will, I set up a bulletin board for the purpose of
posting questions & answers/tips & tricks for the tools we use the most.
This bulletin board will hopefully attract a few outsiders who know more
about these tools than we do and, if the "cracking" aspect is not too
blatant, we may be able to convince the authors or programs such as
W32Dasm or IDA to pay the page a visit and answer "their buyer's"
questions.
The bulletin board is now (11/13) up an active--and empty :(--at
*******************************************
I hope a few of you attend; I hope many post questions--I, for one, will
answer.
mammon_
______________________________________________________
Get Your Private, Free Email at **********************
=====End of Issue 58====================================
========================================================
+HCU Maillist Issue: 59 11/15/1997
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
========================================================
CONTENTS:
#1 Subject: SmartCheck, bug or feature?
#2 Subject: free books on the net
ARTICLES:
-----#1-------------------------------------------------
Subject: SmartCheck, bug or feature?
Greets, i'm writting this letter because while playing around with
SmartCheck after i had d/l it the other day i tried to open up a random
VB program that was sitting on my HDD and got and error message saying
"programx.exe is not a valid Win32 executable". it just so happened that
this program was NOT a shareware product but instead a program that was
packaged on a digital telephone directory (WhitePagesCD). After futher
inspection i found that it was a VB 3 exe (using VBRUN300.DLL) and that
neither quikveiw or BRW had problems opening it and it decompiled
without a hitch. i'm almost positive that this program would run on Win
3.x, so is it that SmartCheck can only open pure Win32 executables? or
haven't i configured it right? or maybe this is just a freak bug... any
ideas?
Regards,
faeton
-----#2-------------------------------------------------
Subject: free books on the net
Hi all!
at ******************* you can find the text of complete books
on different computer subjects from JAVA to WIN registry.
You have to sign up with you email, go through a stupid
registering procedure and you can select five books (actually
more) from lista to read online. When you are asked at the
begining for your favourite subjects select all, then you can
chose from all the books. (changing the settings later is
tricky). Then you can read the books you are interested in
online or just grab the whole thing onto your harddrive.
>From some books like Linux system administrators survival guide
the pictures are missing, you better check it before grabbing.
Have a nice hunting.
Bye zer0+
=====End of Issue 59====================================
========================================================
+HCU Maillist Issue: 60 11/16/1997
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
========================================================
CONTENTS:
#1 Subject: SmartCheck
#2 Subject: MCP book site is great!
#3 Subject: The Vote Is In!
ARTICLES:
-----#1-------------------------------------------------
Subject: SmartCheck
No chance for me with the SmartCheck. Following a notice in
your list I have found smchk50.exe at ftp.numega.com and downloaded
not without difficulties(at 80% stage the transfer became very slow:
80-90 bt per sec, though other numega files at that moment were
not so reluctant). I have lost the time for nothing: the file asks
for a password to be opened, and for the same reason it collapsed
at the final stage of landing on my hard disk: only 10% remained.
Neither could I open the sites announced by +gthorne:
************************* and *******************************
Maybe a password is also required there.
Finally I downloaded it from ftp.ultranet.com, but I could not
install it, as it asked me from the start: " Please enter the
password to extract the attached files". As I did not respond to
that request, the file has completly dissapeared from my hard
disk! No trace anywhere!
Additional information to the recent interview of Mr.Fravia+
"Smartchecking targets": ******************** propose now
the version 1.3 (2.7 Mb), and not the version 1.2 of AnonMail.
AZ111.
-----#2-------------------------------------------------
Subject: MCP book site is great!
Hi +Zer0!
> at ******************* you can find the text of complete books
> on different computer subjects from JAVA to WIN registry.
> You have to sign up with you email, go through a stupid
> registering procedure and you can select five books (actually
> more) from lista to read online. When you are asked at the
> begining for your favourite subjects select all, then you can
> chose from all the books. (changing the settings later is
> tricky). Then you can read the books you are interested in
> online or just grab the whole thing onto your harddrive.
> >From some books like Linux system administrators survival guide
> the pictures are missing, you better check it before grabbing.
> Have a nice hunting.
I've just been there, this site is *fantastic*! Thanks for
telling us about it, I just hope it stays there for awhile :-)
Cya,
-----#3-------------------------------------------------
Subject: The Vote Is In!
Friends;
The Vote is in! Here are the results:
One person contacted me by E-mail, his vote was to expose everything.
Nobody else had an opinion, so the majority of ONE rules. (It might
be worth mentioning that I abstained from voting.)
Now that we know what should be done with the solution, I'm free to
inform you that the solution to the riddle HAS been found. Very soon,
you will find the solution to +ORCs riddle, the addresses of his two
remaining "gates", and the location of his web-site at:
**************************************
If you intend to solve the riddle yourself, you should avoid the link
mentioned above.
Hackmore
=====End of Issue 60====================================
