======================================================== +HCU Maillist Issue: 51 11/06/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: asking for issues #2 Subject: Apologies for formatting errors... #3 Subject: BlackWidow #4 Subject: ICQ #5 Subject: pdf cracking ARTICLES: -----#1------------------------------------------------- Subject: asking for issues Hi all! wlc wrote: >Checking my email, I didn't come across ML#47. Was one sent out? >That would be the one for Sunday, November 2, 1997. In some time >zones some of you would be one day ahead of me. If one was sent, >could I trouble you to email me a copy to ************************ >at your convenience. I would hate to miss the valuable contributions. If somebody did not get an issue or want to have an old issue, please drop a letter to the managment at **************** and I will send it to him. Its better not to ask it on the list because he might get 20 of it or not get it at all if everybody is waiting for the other to send. Zer0+ PS: wlc if you still need them, write, I will not send it now. -----#2------------------------------------------------- Subject: Apologies for formatting errors... Hello Kubak, > Yor essay was pretty good in my opinion, althou it had some letters > missing and was tricky to read. I think that this example shows us, > how easy it is to crack a protection if You know how to find the > CRACK, the weak spot of the sheme. Keep up the good work. This one > was great !!! I know there were a few formatting problems that caused the loss of characters...there seems to be a problem with the text editor in my mailer (Pegasus Mail)...what do you mean when you say it was tricky to read? Was it the language that was difficult to understand or my explanations? Cheers, +ReZiDeNt -----#3------------------------------------------------- Subject: BlackWidow Hi wlc, > study or review of VB5 may help. Some may > find certain features in BlackWidow helpful > for their method of downloading, and the > reorganizing files with Clonemaster and > NameWiz. BlackWidow is fairly easy to crack (it's a VB5 app as you say, just bpx on WideCharToMultiByteString - I think that's it - and you're more or less there, just 'hear' the echo :-)) Unfortunately I have never had any luck with any program of this sort (BlackWidow, Internet Marauder etc.)...BlackWidow is especially slow, being a VB monster... Cya, +ReZiDeNt -----#4------------------------------------------------- Subject: ICQ Hi all! Does anybody of you have an ICQ UIN? I often connect with ICQ activated and it would be nice to meet you online... if you like, you can drop a mail directly to **************** and after some days I'll put online a message with all your UINs... byez, .+MaLaTTiA. -----#5------------------------------------------------- Subject: pdf cracking Hi all! I made some progress in cracking Acrobat Reader, namely managed to patch the program which now allows selection and copying of a text even when these options are not allowed. (Now Fravia can ripp of the text from Ghiribizzo's tutorials and publish them :) Some orientation for those who wants to work on it, too. The program starts to read the /P 65476 permission value at position 47D50D the best way to break here is BPX 0047D50D IF BYTE(*ECX)==36 The rutin which converts the string to the FFC4 value is called from 4CDF3D (CALL 51C790). I was looking for this rutin for a long time in the dead listing but could not find it because it looks quite different what I was expecting. The calcutated value FFC4 is after copying it around for a while at 442844 is moved to its place at the 26C position of a big structure. 442844 MOV [ECX+0000026C], EAX Set a break point on this memory location and let the program run. It will get this value at two important place: at 442CB8 it gets it to use for decoding the passwords so we have to keep the original value here. At 4430E5 the value is used for setting the permissions, we sure want to patch here :) So change at 4430E5: MOV EDX, DWORD PTR [EAX+0000026C] to MOV EDX, 0000FFFC NOP This lets you use the select and copy menu point. If you check the Security settings dialog don't panic if the settings have not changed, they are calculated in an other part of the proram from the original value at 26C. The reason I have not changed the value at 26C that its used for decrypting things at least in two rounds. And I have not yet found the place where the program has already finished with all decryption and I can safely manipulate the permissions. Another thing which need to be fixed is patching the program to ignore the HideMenuBar preference of the file so the files should not be patched only the Acrobat reader. Have a good work folks! Zer0+ PS to Fravia+: Don't put this on your pages yet, I will send a more complete description later :). =====End of Issue 51==================================== ======================================================== +HCU Maillist Issue: 52 11/07/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: 'nother tool ARTICLES: -----#1------------------------------------------------- Subject: 'nother tool For those of you who have not used it, Multi-Edit for windows (the "ultimate programmer's editor) is a tool not to be missed. Among its many features (sophisticated S&R, complete macro language, compiler and debugger support, HTML, etc), there are a few that will appeal directly to readers of this newsletter: 1) Unlimited file size--and F-A-S-T. Multi-Edit uses its own swap file; when you first load a program, scroll all the way to the end (there will be a 10-30 second delay) of the document...from then on, no matter what the size, you scroll through the file with no delay. This sounds nice and all for things like AUTOEXEC.BAT, but let me tell you it comes in handy when working with Netscape.lst (45 MB, fast scrolling!) 2) Small footprint...the whole package is under 5 MB installed, the main EXE is 39K, the main (largest) DLL is 500K. 3) Colorization of any source code language (ASM, C, ASPECT, PERL, even one for the WinAPI), plus the capability to customize/add language definitions 4) Point-and-click Bookmarks...add "create bookmark, "delete bookmark", and "goto bookmark" to the toolbar and you are in disassembly heaven. I've been using this app for many months now and it is unbelievably useful for the "dead-listing" approach (not to mention ASM programming). ....The point of all this being that you can download the v 8.0 beta (no expiration date, so far) from ******************************************************** ....about 2.5 megs total. When you install, it will ask you for a password...this is easy to fake through if you have Soft-Ice loaded (change two JNZs to JZs or something like that... ;). Once installed, when run it will ask you for a serial number. Note that you can just hit cancel and everything will work fine; you cannot delete the serial dialogue with BRW (it is created dynamically by CreateDialogIndirectParam). You can crack it, but it's a bitch...this is object-oriented code that could win the obfuscated ASM contest...it may have been written in Delphi even (though the code is interesting, take a stroll through...). I haven't used Filemon on it yet (no reg keys made) as I just installed it, but chances are there's a ..cfg or .pwd file that has to be created. Anyways, download, check it out, enjoy. Oh yeah, one more thing, you have to have a prev version of MultiEdit installed...just download the free demo from the "demos" dection of the FTP site and it works fine. mammon_ 1189923 (ICQ) ______________________________________________________ Get Your Private, Free Email at ********************** =====End of Issue 52==================================== ======================================================== +HCU Maillist Issue: 53 11/09/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: Ida Pro... Last Chance! #2 Subject: Smartcheck Trial renamed #3 Subject: Thanks #4 Subject: CD magazines ARTICLES: -----#1------------------------------------------------- Subject: Ida Pro... Last Chance! Friends; Just a note to remind you... If you have not downloaded Ida Pro from my web-site yet, Sunday will be your LAST chance. My site WILL go down Sunday night, and I WILL NOT re-open it any time soon. Hackmore Readrite -----#2------------------------------------------------- Subject: Smartcheck Trial renamed Hear, hear, hear fravia+ -------------Forwarded Message----------------- RE: Smartcheck Trial renamed Hi Fravia, just a quick note: Numega has renamed their Smartcheck Trial File on ****************************************** >from 'smchk50.exe' to 'dfjcmj.exe' (same size still), so the link in Snatch's essay doesnt work. Isn't it funny that the creators of SoftICE come up with such an absolutely disgusting lamer's trick? They can't really be serious. BTW, the same file (original name) exists also on ******************************** as65pp -----#3------------------------------------------------- Subject: Thanks Hail +All: Thought I take a few days off, give you guys a break and check into a few useful things and do some 'honest' work for a change. A Thanks to Zero+ and those who sent me the missing ML#. I had missed out on quite a bit of interesting stuff and a few personalities. One other Thanks to +ReZiDeNt for the hint. Yeah, VB5 programs loves to suck on resources and then choke on it. I traced through the code with WDasm for the fun of it then I dragged and dropped it into the dead zone for non recyclables. Hey mammon_ , thanks for the notice re: MultiEdit V8.0 update and hint. Secondly, I notice a slight change at your site on your essays 'Mammon_ Tales to his Grandson'. It's a great original title theme. When I first read your essays in September I followed up on your basic explanations and tips in setting up and using SoftIce. It was very helpful advice, especially when I started out without the manuals at the time. Glad that you took the effort to expand on the topic of using SoftIce further. You should post more of these in the future. If +others have sites for me to visit, drop a note. wlc -----#4------------------------------------------------- Subject: CD magazines Hi, All! There is a spanish magazine "CD Classic" with a very interesting CD. Corel Draw 7 AutoCad LT 3.0 TurboCad 2.0 Truespace 3.0 Pionner 1.1 Director 5.0 CleanSweep 3.0 PSP 4.1 Communicator and more... =46or theese old issues: +343 471 00 08 =46ax: +343 375 10 53 I bought the special august issue for 600 pts. (~$4) hope it helps trurl =====End of Issue 53==================================== ======================================================== +HCU Maillist Issue: 54 11/10/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: Read this :) #2 Subject: java search applet #3 Subject: two requests..... #4 Subject: Better than Teleport PRO #5 Subject: Smartcheck #6 Subject: Reality cracking for money, or, a Crack for Intercasino #7 Subject: pentium bug #8 Subject: pdf again ARTICLES: -----#1------------------------------------------------- Subject: Read this :) Hi All! :) Look at this data found in FtpWolf ****************************** * Possible StringData Ref from Data Obj ->"Ask yourself, do you think it " ->"Wise to use a pirate copy in a " ->"Network environment where one " ->"can so easily be traced?" ...It's nice how they try to scare you if you make a wrong crack.... :) (*phew*... fortunately I didn't... :)) byez, .+MaLaTTiA. -----#2------------------------------------------------- Subject: java search applet Better late than never.... On 25 Oct 97 at 14:32, +HCU ML wrote: > > OH!!! IT WOULD BE _GREAT_!!! :)) > I was afraid of making up a > > cgi, also because fortunecity doesn't > give the possibility to use > > them... :) Java search applet is at **************************************** WAFNA of FCA -----#3------------------------------------------------- Subject: two requests..... Hello all - request 1) - does anyone have TASM available for d/l? request 2) - what's the name of that program that creates a crosshair on the PC and then shows the info for every window you put that crosshair on? TIA, WAFNA of FCA -----#4------------------------------------------------- Subject: Better than Teleport PRO Hello all, IMHO, better than Teleport PRO is Incontext Web Analyzer. It comes in a 15-day time-limited version, and then you have to enter your c/c number, it dials a number in the USA, and then unlocks the program. I'm afraid I don't have the URL right now..... but it's a very good program. It is also useful for montoring your own Web Page to see if there are any links to things that no longer exist.... WAFNA -----#5------------------------------------------------- Subject: Smartcheck On 5 Nov 97 at 7:21, +HCU ML wrote: > Subject: An interesting tool: Numega's Smartcheck > > Hi +gthorne! > > Hope you have downloaded (and used) this NEW JUWEL by Numega: > Smartcheck > (Snatch's essay will help you to crack it in three seconds flat... Well, but where exacty in Fravia's pages is Snatch's essay on Smartcheck? Thanks, WAFNA -----#6------------------------------------------------- Subject: Reality cracking for money, or, a Crack for Intercasino Hello all, This, believe it or not, is true. A few months ago I found out that there were Casinos on the Net. Since I myself like playing the roulette, I went to *************************** and downloaded their program, noting, too, that it is possible to play it in 'practice mode' (ie without money). After downloading the program, I started playing with it. Began with 50 (fake) dollars, and eventually reached 500, very easily. This happened more than once. Now, for those who do not go too much to Casinos, it's not easy at all to win! In fact, most of the time, you lose! Anyway, I was happy that I was winning easily, and then tried to use Intercasino for money. And very quickly I lost $50. This happened more than once. So, smelling something very fishy (when you play for fun you win, when you play for money you lose), I thought of writing them a nasty e-mail. But what would that do? Nothing... So I stopped playing with Intercasino until a few weeks ago, when, having nothing to do, I gave it one go, and decided to bet against my better judgement. And I won. I tried again with my new criteria, and I won again. And again. So I thought 'hmmm.... this is nice, I can win $500 every time, and buy many nice PCMCIA cards...' . But I also thought it would be something worth telling other people, as long as it remains fairly 'secret', otherwise we all stop winning. So here it is, my 'reality cracking' techniques for Intercasino: you see, people who normally go gambling on roulettes know that it is very very unlikely to get, say, five 'reds' in a row, or the same number twice, or things like 22-23-22-24, although, strictly speaking, the probability of getting a fifth red after four reds is 50%. Anyway, what I noticed, is that Intercasino is not really random, it uses these psychological subtleties to make people lose. And, since it is not random, it is crackable. Here's how. When you enter Intercasino proper with money, you will have a choice of games. Select 'roulette'. The computer will connect to the net and display, on the left hand side, the last four or five numbers that came out. Now, this is the tricky bit - you have to bet on what seems 'unlikely'. For instance, if you have R-R-R-R, bet on red again, USD 5 for each USD 50 you have. In about 4 cases out of 5, you will win. If you notice something like R-R-B-R-R, bet on red, which is the 'unlikely' event. Now this for colours. If you want to bet on numbers, then do as following: always put one coin on 0 and 00 (you put it between the two), because these numbers, for some 'strange' reason, pop up more than the others.... Now, when looking at the list of the last numbers, you will notice that, OFTEN, they are strangely grouped, eg 2-3-4, 10-12-13, and so on. In a normal roulette, everyone would bet AWAY from these numbers, but not in Intercasino. So bet on numbers NEAR those which just came out, preferably using the carre' - eg you bet on the center of the four numbers 7-8-10-11, and what you place there will be 1/4 on each number. OK, so you bet your $5 and you won $5 (or more if you bet on the numbers and won). You must then LEAVE roulette, and play something else (I play blackjack), this will 'reset' the roulette. Then you go back to the roulette and repeat all the above. After one hour, or 90 minutes, you will notice that your technique has stopped working - STOP immediately, and leave Intercasino for a day or two - don't be tempted to play soon after because you will lose. I tried it three times: 1) started at $50, went to $500, started losing, stopped at $300 2) started at $50, went to $500 and stopped 3) started at $50, went to $300, lost $100, stopped at $200. Now, this could be a coincidence, but I really don't think so. I have played many years with the roulette, and I never saw a roulette 'behaving' so predictably. However, if it starts working for you too, it would be wonderful, besides getting some $$$ we could show Intercasino that not everyone is stupid (let's hope they don't notice...). But if you do lose, don't blame me, OK? I just sent this message because I thought it is something we might all benefit from. WAFNA -----#7------------------------------------------------- Subject: pentium bug Hi all! I just came across the info: the F0, 0F, C7, C8 instruction codes freeze a pentium processor and only the reset helps. This translates to the LOCK CMPXCHG EAX instruction which is not a privileged instuction so you can do it in all rings. With this you can kill a multiuser system (NT or linux) instantly. The only way to bring it back is going to the machine and press reset. That much about secure operation systems on a PC. BTW I have 486 and PPro so I could not check the info. Zer0+ -----#8------------------------------------------------- Subject: pdf again Hi all! Here I send, as promised, a polished version of the Acrobat reader patch which enables to select and copy parts of a document independently of the security settings. I do not want to repeat here how the whole encryption is working in a PDF document (you can find that in the PDF specs from Adobe), so I just point out the most important things. - If a PDF document is encrypted by using the Standard security handler the P key containes the permissions which are granted when the document is opened with the user password. Its a word value, FFFC meaning you are allowed to do everything, FFC0 means you can=B4t touch the document. - You can't just rewrite this value in the document because it is used for generating the key which is used to encrypt the document (check the specs for details.) - However, here is a note from the PDF specs: "Despite the specification of document permissions in a PDF file, PDF cannot enforce the restrictions specified. It is up to the implementors of PDF viewers to respect the intent of the document creator by limiting access to an encrypted PDF file according to the permissions and passwords contained in the file." This means that a reader can ignore the permission settings. Unfortunatly, this nice feature is missing from Acrobat Reader so we have to work a bit. Target: Adobe Acrobat Reader 3.00 2 263 552 bytes Our main aim is to find the place of the program where the permission value can be modified to let us do everything without affecting the decryption of the document. What I did was: set a break point on kernel _lread to monitor the file access, if the P value was read into memory breakpoint set break point on its memory position and see where the program touches it. This way I got to code at 47D50D where the program starts to parse it, at 4CDF3D it converts the string to word value and later puts it at the 26C position of a structure at 442844 MOV [ECX+0000026C], EAX. This was an effective, but long and boring way to find this position. Now looking back I could have found it by searching the dead listing for the value FFFC (remember this is the let everything to do value which is used when there is no protection) the program sure moves it into [ECX+0000026C] a few times. Well, this means I am still quite a way from being a ZEN cracker :( and once again proves the words of the great Dave Mustaine "Hindsight is always 20-20" :) Now that we have this position we can see what the program is doing with it. It takes the value at 442CB8 for generating the decryption key and at 4430E5 it copies it to position 20C and used for setting the permissions. I wanted to fiddle with the permission settings as far as possible from the decryption part so I followed it till 480A62 where it moved to [esi+78] position. Actually the value has been transformed a bit high order byte to 7F and low order byte incremented by 1 so the desired value at this position is 7FFD instead of FFFC. It seems the program is not moving it any further so we have to patch here to move 7FFD into [esi+78]. This enables selecting text and pictures from any document and printing it. If you check the security settings menu point you will see the original settings because the program reads the 26C position which we have not changed to present the settings. If you want to change that you can fiddle with one of the few instructions which reads [reg+0000026C], but I actually forgot which one. I myself prefer not to change it, this way I can check what kind of permissions the author originally set for us :) One last thing: the author of the pdf document can set whether the menubar toolbar and windowUI is displayed when a document is opened. This is controlled by the HideToolBar, HideMenuBar and HideWindowUI flags in the ViewerPreferences dictionary. We of course want to have these goodies always on (which is the default value) so can destroy the reference to these flags so the program cannot recognise them. Therefore search these strings in the reader exe file and change one letter in them. The program cannot parse these settings in the PDF file correctly anymore so we always have the goodies on. PS: I think now I move on to analyse deeper the pdf standard encryption handler and write a small utility to get the user and owner password of a document if I can. I am just curious what could be the owner pw of the Ghiribizzo files :) Zer0+ =====End of Issue 54==================================== ======================================================== +HCU Maillist Issue: 55 11/11/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: Ida Pro Stats... #2 Subject: none #3 Subject: +daQ... HELP! #4 Subject: Sorry +daQ! ARTICLES: -----#1------------------------------------------------- Subject: Ida Pro Stats... Friends; I have removed my web-page, and thought I would share some statistics with anyone who might be interested. My page recieved 129 hits. Of those, 67 hits were from personal friends (NON-programers) who enjoyed watching the little guy piss on Microsoft. The remaining 62 hits were from HCU crackers, and four personal invitations I had sent out. Some of you had problems downloading Part-1, which would account, in part at least, for the difference between the 62 HCU hits and the (aproximately) 40 readers of this News Letter. Ten people actualy took the time to say "Thank You", and to all of you, you're welcome! Hackmore Readrite -----#2------------------------------------------------- Subject: none 1) Javascript search ....Just about every Javascript example you will ever need will be found at "the Javascript Planet", ******************************************** It's worth it, go there.... 2) TASM download ....Yes, I have TASM avail for download; since there seems to be a demand I will repost it this week (give me till Wed) on that file area I set up at Fortunecities. The download this time will be as I originally specified (there was a snag before), all three disks in tasm1.zip through tasm3.zip. Check yer back ish for the URL or contact me ********************* 3). Program that creates a crosshair&etc&etc is called System Information, it is a fantastic utility that I have available for download at ************************************************************ or, alternately, you can track it down using oak.oakland.edu or from whereever I got it (winsite or simtel or Dave's or something...) 4). wlc: thanks&etc&etc, I have been updating my site but moved it to eccentrica. BTW, for all, ****************** has a policy which says pretty much that as long as you don't put up stuff like kiddie porn, yer okay..they believe in "free speech" (whatever that is...); they start you off with 500K (so put your downloads and mirrors elsewhere), but will increase it if you get a lot of hits...regardless of your content. Plus, NO ADs. So, wlc: all of the essays are now lodged at ************************* on a special page /tales.html ....so now you have the latest ;). Any other questions, email me at the above addr--no need making this ML too 'chat room'...(ps Zero+: if we have "personal" or one-on-one messages, can we remail through you or should we try and track each other down? -_m) And one last thing, to wlc and others...Lord Caligo has the greatest collection of essays/tuts you have ever seen. 5)trurl: who publishes that mag? I haven't come across it and so will have better luck going through distributors. Email me or post, as you prefer.... _m ______________________________________________________ Get Your Private, Free Email at ********************** -----#3------------------------------------------------- Subject: +daQ... HELP! +daQ; If you are reading this, I need your help in a very bad way. Would you please contact me with an address where we can communicate? Hackmore -----#4------------------------------------------------- Subject: Sorry +daQ! +daQ; I forgot... Contact me at: ******************** Hackmore =====End of Issue 55==================================== ======================================================== +HCU Maillist Issue: 56 11/12/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: SNATCHED! #2 Subject: A cracking problem ... :( #3 Subject: A lame question 'bout wdasm ... ARTICLES: -----#1------------------------------------------------- Subject: SNATCHED! Hail +All: WAFNA: If you used Teleport Port, you may have grabbed the file Snatch1.html off fravia+ site. Check your subdirectory for this document. Bet you $5.00 that it is there. Hackmore: Guess I was the culprit hitting on your site so much. Finally by deadline I manage to get half of a workable version of part1 to unzip. Difference between the two, demo and release version is a reduction in size in the ida.wll in the demo and the inclusion of a key file in the orginal. A reduction in size in the demo probably means that some of the features were taken out. Wonder what the differences are? Thanks for having it available to investigate. Thank Mammon_ for address to you essays. Yeah, I agree Lord Caligo got a great site to visit. wlc -----#2------------------------------------------------- Subject: A cracking problem ... :( Hi guys !!! As we hadn't talked about cracking a concrete program for a long time I think I'll change the subject. As I couldn't find the proper file on Fravia's site here goes: The proggie is WebSeeker32. It is a handy utility for W95 it enables You to ask all (or some) search engines a question. The beauty of WS is that he'll check all the pages after he receives the reply from the search engines, if they really exist or if have they been censored :( It comes as a 30-day trial, and then You have to buy it (register). Here comes the funny part: You have to enter a 5 chunk code (called VIP#), and then another code (if You get the first one right) called VIP event. When You enter each chunk (not all numbers are allowed !) it either writes "VIP# wrong" (even when the chunk isn't filled entirely) or does nothing which means You are entering the right code) I have tried live approach and I yelled no results, so I tried the dead listing one. I have menaged to patch the DLL the program uses (wc.dll) in about 10 places so when I enter only 5s (and some other numeric combinations) as the code it goes all right. Then You have to enter the VIP event, and it either says (after the patches) that it is entered wrongly or does nothing at all :( I am also worried about some other strings I have found ("Sending Your registration to server", "Could not connect the registration server" or "There is a problem with Your VIP number call SOME-BUMB-NUBER") This could mean that the only way to register the proggie is to connect with their reg. server and d/l some files. If someone has an idea how to defeat this scheme I'm opened to suggestions. (If You are interested I can send the locations I patched) KUBAK -----#3------------------------------------------------- Subject: A lame question 'bout wdasm ... Hi All !! Does anyone know the name of file with full Wdasm8 ? I have tried a lot of combinations and they yielded no results. I know that it is not +OUR way to use programs stolen by someone else, but I (like Hackmore I hope) like to use the full version with all it's capabilities, not crippled in any way. Thanx for THE answer KUBAK =====End of Issue 56==================================== ======================================================== +HCU Maillist Issue: 57 11/13/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: IDA and SmartCheck #2 Subject: magazine #3 Subject: Let's take a vote! #4 Subject: none #5 Subject: casino ARTICLES: -----#1------------------------------------------------- Subject: IDA and SmartCheck by virtue of a new ftp site i have, i have put ida pro from hackmore and smartcheck (in case the guys at numega get a tad smarter than changing the name...) in my storage directory if you link to the site, the only dirs i can guarantee will stay in the same order are pub and +ORC (since the site is new for me and I have only put a few things on it, I haven't really ordered things the way i would like yet. Anyway, the site is at: ************************* and also: ****************************** Fravia has mentioned that he would like me to start keeping a full zip of the student essays from his page in the site as well I will add that when I get a chance take care all +gthorne -----#2------------------------------------------------- Subject: magazine Hello! > My page recieved 129 hits.=20 Aaaargh! I put a web page on programming (with good contents, I think) a month ago and it has received less hits. :-DDD > Ten people actualy took the time to say "Thank You",=20 Well I'll say you now: Thanks :-) trurl /*************************/ > trurl: who publishes that mag? I haven't come across it and so will=20 > have better luck going through distributors I've found their Internet addresses. Ares Inform=E1tica S.L. ******************************** *********************** I bought that old issue in their stand at SIMO for 600 pts. They told me the price is the same by mail. If there is some South America reader... there is a distributor in Argentina too. It's really not a computer magazine, but a "crack me" CD wrapped with some paper ads...=20 greetings trurl -----#3------------------------------------------------- Subject: Let's take a vote! Friends; Those of you who frequent +Fravias web-pages are, no doubt, aware of the "+ORC secret pages" riddle which is located near the bottom of the "ORC.HTML" page. So far, nobody has been able to solve the riddle. A friend of mine maintains a web-page dedicated to solving this riddle, where every-one can "get together" to share thier ideas. Recently, my friend and I were discussing what should be done IF the solution is ever found. I've posed this question to several of the +HCU senior officers, but none of them seem to think the question deserves to be answered. So lets take a vote on the subject. 1) IF the solution is EVER found, should it... A) Be kept a secret forever? B) Be shared ONLY with members of this News Letter? C) Be shared with the world through my friends web-page? 2) If you answered "B" or "C" to the question above, what "proof" would we need that the site had actualy been found? A) A description of the web-page? B) The ACTUAL web-page, or a URL? C) The details of the solution itself? If you have any ideas or opinions OTHER than those listed above, please feel free to share them with us. Thank You; Hackmore Readrite -----#4------------------------------------------------- Subject: none Kubak: w32dasm filename are: rvw32dsm.zip w32dasm.zip (size 915K) w32dsm89.zip ______________________________________________________ Get Your Private, Free Email at ********************** -----#5------------------------------------------------- Subject: casino Hello all, esp. WAFNA. Before speaking on the subject, briefly my general vision of all discussed problems: The reverse engineering is a specific aspect of the base problem: ENCRYPTING - DECRYPTING. All human and machine languages encrypt something. Understanding a certain language means its DECRYPTING, it is based on the stocked knowledge (dictionnary, rules, grammar, etc.) in the human or computer memory. Translating from one language (machine or human) to another (machine or human) is a decrypting (first stage)+encrypting(second stage). The real solution of the discussed problems lies in engaging computer in decrypting process by giving him precise instructions. It is like mathematics, especially algebraic problems: from certain known facts to find (= calculate!) the unknown, and the computer is very strong in mathematics! Now first OCR (optical character recognition) programs appear on the market, including sharewares: Papyrus, Cuneic forms. They are based on decryption process. Casino problem: I speak here only about roulette. There are two absolutly different classes: 1) mechanical roulette. It is a fair play. It is up to you to chose the right moment to enter the game, in order to win. It is true that here the mathematical probability rule is valid, but it concerns the roulette table in general and ALL the participants taken together, and NOT A PARTICULAR GAMBLER. First conclusion: never play alone at the roulette table! But in an Internet casino you are alone at the roulette table, and secondly: 2)it is an electronical roulette, it is PROGRAMMED (while the mechanical roulette is not programmed by anybody) for a particular purpose. An electronical roulette can be defeated by its own arms: a counter program. I do not mean counterfeating the downloaded program (there are such demands in certains newsgroups...), but using your own computer as an assistant, I mean teaching your computer to defeat another in gambling. Remember: in real casino it is forbidden to use the computer, in Internet casino nobody can check it. For further details look for CASINO and ROULETTE by your search engines. I play at the Golden Palace Casino *********************** with their huge software of 8.5 Mb, and now they force me to upgrade it with 1.5 Mb more. Why? I do not play with real money, but it takes me certains efforts not to lose. And why is it so huge? Is it not to spy on my hard disk? While I am playing online their game, they perhaps in the meantime reading all my files through their software... And remember also: in a real casino nobody (at least officially) traces your losses and gains, while in the Internet casino everything is registered, and may be used for the feedback. Good chance to all! I am interested in any published article (or message) on this subject, but I will not enter into discussion on a personal level (by E-mail). With my greetings, AZ111. =====End of Issue 57==================================== ======================================================== +HCU Maillist Issue: 58 11/14/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: WDAsm 8.9 full #2 Subject: SmartCheck for dummies #3 Subject: Forum (the next level...) ARTICLES: -----#1------------------------------------------------- Subject: WDAsm 8.9 full Hi KUBAK! > Hi All !! > Does anyone know the name of file with full Wdasm8 ? I have tried a > lot of combinations and they yielded no results. I know that it is > not +OUR way to use programs stolen by someone else, but I (like > Hackmore I hope) like to use the full version with all it's > capabilities, not crippled in any way. Thanx for THE answer KUBAK Go to the below page (my site :-)) and you'll find the *full* version of WDAsm 8.9 there: ************************************** Cya, +ReZiDeNt -----#2------------------------------------------------- Subject: SmartCheck for dummies Hail +Friends: A thanks to +gthorne for SmartCheck. Took off a copy for evaluation and read Snatch1.html for hints and reference to get it up and running. Great tool to dismantle those VB programs. Now we can be reduced to simple, mindless code tracers. No more chasing elusive calls and trying to read assembler. Start up SmartCheck and use it to run your program. In this case, it was NameWiz which I previously mentioned in ML#49 from ******************** or you can try BlackWidow or Clone Master, all using VB5 from this site. Starting SmartCheck, you will see two screen panes pop up in SmartCheck. Use it to run the target, NameWiz. When the target execute, the usual registration window pops up on start up, therefore no need to hunt for it. Enter the 2 items asked for and then switch back to SmartCheck. On the left window pane you have a detail listing (similar to a Window File Explorer file directory and subdirectory listing). Click on the items to open them up. Check around and you will see one re: the routine for registration. Click to open it up and follow it down. Every time you see a line doing a string compare, a letter of the serial number is compared your input. There were 12 comparisons in my case and if you copied down the comparisons you have the 12 digit code to reenter later to register. Beware, overuse of this program will make you lazy and reliant on power tools but it will leave you more time to read fravia+ essays. wlc -----#3------------------------------------------------- Subject: Forum (the next level...) Attn: All * Bulletin Board Now Open * It came to me during my long commute this evening that there is a great need for training/documentation (especially regarding such tools as IDA and Soft-Ice), both for the readers of this ML and for the "cracking community" at large. Over the past few days I have peen frequenting the bulletin boards at Eccentrica and at American Cybernetics, and was surprised by both the wealth of information they provided (more the latter than the former site), and the speed of the reponses. "Inspired", if you will, I set up a bulletin board for the purpose of posting questions & answers/tips & tricks for the tools we use the most. This bulletin board will hopefully attract a few outsiders who know more about these tools than we do and, if the "cracking" aspect is not too blatant, we may be able to convince the authors or programs such as W32Dasm or IDA to pay the page a visit and answer "their buyer's" questions. The bulletin board is now (11/13) up an active--and empty :(--at ******************************************* I hope a few of you attend; I hope many post questions--I, for one, will answer. mammon_ ______________________________________________________ Get Your Private, Free Email at ********************** =====End of Issue 58==================================== ======================================================== +HCU Maillist Issue: 59 11/15/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: SmartCheck, bug or feature? #2 Subject: free books on the net ARTICLES: -----#1------------------------------------------------- Subject: SmartCheck, bug or feature? Greets, i'm writting this letter because while playing around with SmartCheck after i had d/l it the other day i tried to open up a random VB program that was sitting on my HDD and got and error message saying "programx.exe is not a valid Win32 executable". it just so happened that this program was NOT a shareware product but instead a program that was packaged on a digital telephone directory (WhitePagesCD). After futher inspection i found that it was a VB 3 exe (using VBRUN300.DLL) and that neither quikveiw or BRW had problems opening it and it decompiled without a hitch. i'm almost positive that this program would run on Win 3.x, so is it that SmartCheck can only open pure Win32 executables? or haven't i configured it right? or maybe this is just a freak bug... any ideas? Regards, faeton -----#2------------------------------------------------- Subject: free books on the net Hi all! at ******************* you can find the text of complete books on different computer subjects from JAVA to WIN registry. You have to sign up with you email, go through a stupid registering procedure and you can select five books (actually more) from lista to read online. When you are asked at the begining for your favourite subjects select all, then you can chose from all the books. (changing the settings later is tricky). Then you can read the books you are interested in online or just grab the whole thing onto your harddrive. >From some books like Linux system administrators survival guide the pictures are missing, you better check it before grabbing. Have a nice hunting. Bye zer0+ =====End of Issue 59==================================== ======================================================== +HCU Maillist Issue: 60 11/16/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: SmartCheck #2 Subject: MCP book site is great! #3 Subject: The Vote Is In! ARTICLES: -----#1------------------------------------------------- Subject: SmartCheck No chance for me with the SmartCheck. Following a notice in your list I have found smchk50.exe at ftp.numega.com and downloaded not without difficulties(at 80% stage the transfer became very slow: 80-90 bt per sec, though other numega files at that moment were not so reluctant). I have lost the time for nothing: the file asks for a password to be opened, and for the same reason it collapsed at the final stage of landing on my hard disk: only 10% remained. Neither could I open the sites announced by +gthorne: ************************* and ******************************* Maybe a password is also required there. Finally I downloaded it from ftp.ultranet.com, but I could not install it, as it asked me from the start: " Please enter the password to extract the attached files". As I did not respond to that request, the file has completly dissapeared from my hard disk! No trace anywhere! Additional information to the recent interview of Mr.Fravia+ "Smartchecking targets": ******************** propose now the version 1.3 (2.7 Mb), and not the version 1.2 of AnonMail. AZ111. -----#2------------------------------------------------- Subject: MCP book site is great! Hi +Zer0! > at ******************* you can find the text of complete books > on different computer subjects from JAVA to WIN registry. > You have to sign up with you email, go through a stupid > registering procedure and you can select five books (actually > more) from lista to read online. When you are asked at the > begining for your favourite subjects select all, then you can > chose from all the books. (changing the settings later is > tricky). Then you can read the books you are interested in > online or just grab the whole thing onto your harddrive. > >From some books like Linux system administrators survival guide > the pictures are missing, you better check it before grabbing. > Have a nice hunting. I've just been there, this site is *fantastic*! Thanks for telling us about it, I just hope it stays there for awhile :-) Cya, -----#3------------------------------------------------- Subject: The Vote Is In! Friends; The Vote is in! Here are the results: One person contacted me by E-mail, his vote was to expose everything. Nobody else had an opinion, so the majority of ONE rules. (It might be worth mentioning that I abstained from voting.) Now that we know what should be done with the solution, I'm free to inform you that the solution to the riddle HAS been found. Very soon, you will find the solution to +ORCs riddle, the addresses of his two remaining "gates", and the location of his web-site at: ************************************** If you intend to solve the riddle yourself, you should avoid the link mentioned above. Hackmore =====End of Issue 60====================================