========================================================
+HCU Maillist          Issue: 211             05/02/1998 
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================

CONTENTS:

#1  Subject: Process Tree

#2  Subject: Re: +HCU ML Issue 209    

#3  Subject: Paper Tiger - A Demo CPU Emulation 'Protection'

#4  Subject: hacking

ARTICLES:

-----#1-------------------------------------------------
Subject: Process Tree

Unfortunatly, the download in not any more available:
the "Download now" button has dissappeared from the Website.
AZ111.

-----#2-------------------------------------------------
Subject: Re: +HCU ML Issue 209    


On Thu, 30 Apr 1998 21:42:54 +0200 (MET DST) "+HCU ML" ******************
writes:
>========================================================
>+HCU Maillist          Issue: 209             04/30/1998 
>--------------------------------------------------------

>Subject: packet monitoring
>
>I think you might find NukeNabber useful. You can find latest version
via
>web search. Probably find links to other stuff you want from this.
>
>~~
>Ghiribizzo
>

here you go heres the URL on my NukeNabber... now laong with this nuking
topic... does anyone know of a way to nuke/kill people from a UNIX
*shell*??? (i dont have root)

TecH_bOi

>
>
>

_____________________________________________________________________
You don't need to buy Internet access to use free Internet e-mail.
Get completely free e-mail from Juno at *******************
Or call Juno at (800) 654-JUNO [654-5866]


-----#3-------------------------------------------------
Subject: Paper Tiger - A Demo CPU Emulation 'Protection'

Some of you may know that I've been working on the CPU emulation
protections. When I finished the demo I sent it to a few friends. At first
I thought it was a very hard crack, but now that I've looked at it from a
cracker's perspective rather than a protectionist's, I've changed my mind :)

For those of you who want to try it, it is at:

*************************************************

Hint: ZYZOZUZ ZCZAZNZ ZCZRZAZCZKZ ZIZTZ ZUZSZIZNZGZ ZAZ ZHZEZXZ
ZLZIZSZTZIZNZGZ ZAZNZDZ ZPZEZNZ ZAZNZDZ ZPZAZPZEZRZ.Z ZIZTZ ZIZSZ ZAZ
ZOZNZEZ ZBZYZTZEZ ZCZRZAZCZKZ.Z

Remove the Zs if you want the hint.

~~
Ghiribizzo

-----#4-------------------------------------------------
Subject: hacking

Some FTP sites can try to switch from downloading into uploading
(or mixed) mode. Has anybody an information on the subject?
Thanks. AZ111.

=====End of Issue 211===================================



========================================================
+HCU Maillist          Issue: 212             05/03/1998 
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================

CONTENTS:

#1  Subject: Undelete Util for FAT32?

#2  Subject: gthorne - on nuking in unix

#3  Subject: Paper Tiger

#4  Subject: nukes

ARTICLES:

-----#1-------------------------------------------------
Subject: Undelete Util for FAT32?

Gentlemen:

I need a simple undelete utility for FAT32.  One which checks the fat and
reconstructs deleted files.  Is there such an animal?

I enjoy the many intelligent posts on the +HCU list.

Thanks
zinger


-----#2-------------------------------------------------
Subject: gthorne - on nuking in unix

Message Body = 

search for teardrop.c
you will find a ton of other files as well, but teardrop is one of the basic nuke programs

+gthorne


-----#3-------------------------------------------------
Subject: Paper Tiger

A note about the different versions:

Depending when you downloaded the file you may have got different versions
of the program. There are also a few beta versions I sent via email and IRC.

Concept Version: Uses a beta version of the ghCPU
Variant A: Uses ghCPU-1
Variant B: Some changes to protection
Variant B2: Minor changes to protection

Possessing multiple versions will make it much easier to crack, except for
variant B and B2 which only has the change:

00000119: 50 C3
0000011A: C3 90

From Variant B onwards, the program displays it's version. If you have
Variant B, then don't bother to get Variant A.

Thanks for the feedback you've given me so far.

~~
Ghiribizzo

-----#4-------------------------------------------------
Subject: nukes

>>>
here you go heres the URL on my NukeNabber... now laong with this nuking
topic... does anyone know of a way to nuke/kill people from a UNIX
*shell*??? (i dont have root)
<<<

Try a search for Nuke and IRC or DoS. You should find a lot of nukes which
you should be able to compile and run from a unix prompt. There are also
precompiled nukes for windows around.

There are also some mIRC scripts which integrate nukes into the irc client.

Does anyone here have experience with mIRC scripting? I'd like to integrate
wnuke4.exe into the right popup menu.

~~
Ghiribizzo

=====End of Issue 212===================================



========================================================
+HCU Maillist          Issue: 213             05/04/1998 
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================

CONTENTS:

#1  Subject: Decryption

#2  Subject: CPU-emulation-based protections

#3  Subject: FAT32 - undelete

#4  Subject: growing up....

#5  Subject: ProcDump... a tool of the trade

ARTICLES:

-----#1-------------------------------------------------
Subject: Decryption

Does anybody know how to recover (deprotect) zipped files?

-----#2-------------------------------------------------
Subject: CPU-emulation-based protections

If you are interested in CPU-emulation-based protections, you should try to crack my zelazny.com, available for quite some time on ****************************** It emulates a simple stack-based processor.
Known cracks: Aesculapius did it (congrats!) and Ghiribizzo removed some outer encryption parts (see ***************************************************

Jack of Shadows



-----#3-------------------------------------------------
Subject: FAT32 - undelete

There is a util for undeleting files.

It's part of the Norton Utilities 3.0 and it's called (guess) Norton Undelete. It protect's the Recycle Bin and allows
to undelete files, not only moved into the Recycle bin


          TWD

mailto : twd(point)rulez(at)gmx(point)net

-----#4-------------------------------------------------
Subject: growing up....

Dear all,

after being lazy for a long time, I finally freed about 250 MB of my 
small 1.2 GB to use a better OS instead of the horrible win95. 
However, which would you recommend - Linux or FreeBSD ?

I just hope I'm not starting a OS flame war here..... ;-)

WAFNA

-----#5-------------------------------------------------
Subject: ProcDump... a tool of the trade

Weee.. a commercial... they are everywhere:
As we all know envelope protections is quite common - and sometimes
quite annoying from the perspective that it's a lot of work building a
PE-exe from the memory image of it. This is the main reason why G-rom
has developed a tool ProcDump which can actually rebuild PE-files from
memory. I tipped in and coded a trace-engine that'll allow it to find
the original entrypoint and improve dumping.

This tool is EXTREMELY handy to just about anybody removing PE-Envelopes
of just about any type. It has uses far beyound those of the DOC....

If you're into envelope removing.. I suggest you take a peak at this
tool.
---
btw - fravia: you can find the finished version of my "in memory
patching" eassay on my page:
*******************************************
if you wanna update it on your page.
...
to all those who read (and hopefully enjoyed) this easay may I suggest
you take a peak at my homepage because I released a diffent type of
API-hook that is similar to the Debug approach in many ways but
overcomes some of it's shortcommings.

regrds..

Stone / United Cracking Force

=====End of Issue 213===================================



========================================================
+HCU Maillist          Issue: 214             05/06/1998 
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================

CONTENTS:

#1  Subject: gthorne regarding Linux vs FreeBSD

#2  Subject: Stone's updated essay (fravia+)

#3  Subject: RE:Better memory view questions

#4  Subject: New page

#5  Subject: nuking script

#6  Subject: IDA Pro 3.75

ARTICLES:

-----#1-------------------------------------------------
Subject: gthorne regarding Linux vs FreeBSD

Message Body = 

wafna - to me the difference is in distribution
there are more linux users so it will be easier for you to find more people who have accomplished tasks in linux than freebsd

i have been the kind of person to tend to try whatever comes my way - so for me it would be a temporary change, and i will always go back to linux

this is for no other reason than that it is my old friend, i have solaris as well, but installing it would only be temporary change until i went back to the one i know the best

each new os is a challenge, and rather exciting in that respect, but i do know that linux has more unix emulation than others - built into the kernel - and people have been and will be developing for it en masse, where other free flavors of unix will for many years to come take a back seat to it - this probably includes support for new devices, since linux users seem to have a zeal to 'make it work' that i have rarelyt seen in other development environments

for those of you who may know exceptions to this general rule, great!
i love to hear more about alternative options and therefore learn more as well

+gthorne


-----#2-------------------------------------------------
Subject: Stone's updated essay (fravia+)

Stone's 
>btw - fravia: you can find the finished version of my "in memory
>patching" eassay on my page:
*********************************************

No, it was not there on 4 May 1998, 22:50 UE Time
And it would be nice if you could send your essays to me, updated 
and already formatted, you +lazy master (that is, if you have the time :-)

later
fravia+

-----#3-------------------------------------------------
Subject: RE:Better memory view questions

Imported functions from dll's are all listed in a section 
of PE files called import section.Good dissasamblers like
IDA are capable to pharse this section and give you
all information about imported functions and dll's from
witch are imported.Note that imports names are not encoded.
You can see them as plain text inside PE files. To 
understand what happens behind our eyes I suggest reading
a good PE file reference. 

The memory layout in Window95 is very simple.The OS use
a page based memory management, providing a linear 4Gb
adress space for each 32bit app.The space is divided as below:

	1. 0 to 4mb Low Win16 Heap
	2. 4mb to 2 gb per-process user area
	3. 2gb to 3 gb a shared memory arena containing
			- memory maped files
			- 32bit system dll's
			- top Win16 global heap
	4.3gb to 4 gb 32 bit System arena containig
	   ring 0 OS components

Each 32 bit process is provided whith it's own adress
space.16 bit aplications are not runned in a separate
adress space in Window95.They are loaded by the OS in
the region starting at 2gb and below 3gb.The system 
loads them as close as posible to 2gb to keep a well
organized memory space.Also not that 16 bit app modules
are not mapped in memory like PE executables.
From this memory layout you can see that Dll's are loaded
in a region what is shared  between processes.This means
that a dll is nod loaded in every process what use it.The
Os simply maps the shared region in every process adress
space.
Note that 16 bit modules are not runing in a separate
memory space in Windows95.In WindowsNT they do , but
this was implemented paying speed.
Also , in WIndow95 are used only two rings ring3 and ring0.
Strange enough , but system dll's runs at the same privilege 
level as user code , on ring3. The VxD's  are running 
on ring0.Transitions between ring 3 code and ring 0 code is
usualy realized through interrupts gates.
Each ring is provided whith it's own stack space.

Per process stacks are alocated when the process is started.
Size and limit is chosed bt the values contained in the .exe
file.(unverifyed but seems to be OK)

The memory layout described is very schematic but should be
good for starting. 
Readings: 
(articles)

1.In memory patching - Three aproaches by Stone
2.Win32 Debug API by Iceman
3.Tweaking whith memory in Windows 95 by Iceman

all three available at Fravia's in the Papers section

(books)

4. System level programing for Win95 by Matt Pietrek

Apologies goes to all of you who are familiar with this
subject.
  
Iceman


______________________________________________________
Get Your Private, Free Email at **********************

-----#4-------------------------------------------------
Subject: New page

We just open a new page for cracks/serials at:
******************************
this page deserve specials links,so be sure to go to Toonland for 
what you're looking!
+a

______________________________________________________
Get Your Private, Free Email at **********************

-----#5-------------------------------------------------
Subject: nuking script

>Subject: nukes
>
>>>>
>here you go heres the URL on my NukeNabber... now laong with this nuking
>topic... does anyone know of a way to nuke/kill people from a UNIX
>*shell*??? (i dont have root)
><<<
>
>Try a search for Nuke and IRC or DoS. You should find a lot of nukes
which
>you should be able to compile and run from a unix prompt. There are also
>precompiled nukes for windows around.
>
>There are also some mIRC scripts which integrate nukes into the irc 
>client.
>
>Does anyone here have experience with mIRC scripting? I'd like to
integrate
>wnuke4.exe into the right popup menu.
>
>~~
>Ghiribizzo
>
Theres a script that has Winnuke, some other nukes, IPmask, etc. all in
it.. its called Sorcery our something... just do a search for it on those
mIRC scripts pages...

TecH_bOi


_____________________________________________________________________
You don't need to buy Internet access to use free Internet e-mail.
Get completely free e-mail from Juno at *******************
Or call Juno at (800) 654-JUNO [654-5866]

-----#6-------------------------------------------------
Subject: IDA Pro 3.75

I can get hold of IDA 3.75 plus updates for a year. However, my supplier
want's something in return. A licence generator for IDA (i.e. IDA.KEY
generator).
I won't be able to work on this until June/July, so if someone want's it
before then, please work on it and send to me.
~~
Ghiribizzo


=====End of Issue 214===================================



========================================================
+HCU Maillist          Issue: 215             05/06/1998 
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================

CONTENTS:

#1  Subject: P-mode

#2  Subject: Better memory view questions, once more.

#3  Subject: 16 bit application

#4  Subject: Hacker Attack? New Forum Location

#5  Subject: IDA Scam - not Ilfak

ARTICLES:

-----#1-------------------------------------------------
Subject: P-mode

Hello Everyone

Loaded program LOCK32.exe into SmartChecker and it tells me
it's a P-mode program. Iam aware that there are a number of
different modes. Would anyone care to discuss aspects of
these modes?

cheers Rundus


______________________________________________________
Get Your Private, Free Email at **********************

-----#2-------------------------------------------------
Subject: Better memory view questions, once more.

Greetings to Iceman and to all others.
I have just received your answer, and I wiil study your references
in the coming days. I am pleased by YOUR answer, because I have already
read your article "WIN32"(20 March 1988) and I have found it the
best among all other articles on Fravia page, as it coincides with my
approach to the problem, and I am not enough competant to judge the
conclusions of the investigations. I briefly explain myself. I am critical
to most of the cracking essays on Fravia pages, because they advance in
the wrong direction: handicraftsmen in the computer age. A new,
"revolutionary" approach is needed to solve unsolvable (until now)
problems. The global vision of the problem is needed, as an OOP
approach in C++ programming. The author of +ORC lessons speak of the
Zen approach (Zen = oriental philosophical school). Christina Cifuentes
has written "Reverse Compilation Techniques" for obtaining the degree
of Doctor of Philosophy. While watching WinIce, first I do not look
for any particular instruction, but try to represent mentally the whole
process on the memory map inside Microsoft black box. As Microsoft
will not reveal its secrets, so the best document sources are outside,
and they are not so numerous: Schulman "Unauthorized Win95" and
Matt Pietreck (I have consulted only his Web page. I hesitate to
order his book, as it is rather expensive; and I am afraid that he will
repeat what has been already said by Schulman). The book of Schulman
has helped me to solve some practical problems. As for the tools
for debugging Windows applications, I appreciate Microsoft tools.
I know that their tools will not reveal what is not revealed in
Microsoft documentation. But contrary to Microsoft documentation,
Microsoft tools do not mislead: they just stop in the middle of
the road and do not advance further, leaving us with a lot of true
data related to threads and process without practical value, especially
in the memory co-ordinates. While watching WinIce we can see also
a lot of that mysterious data.
As for DLL import/export functions, I know that it is indicated
in the beginning of the file, as well as in WDASM list. I meant
if in all jumps and call binary codes the names of the files are not
encoded. For example, in WDASM list I see only references to system
DLL, and no reference to local DLL and help files. And how do they call
each other?
Most assembly books speak of the real mode and non-Windows programs.
As I have only an abstract concept of the protected mode, it is
difficult for me to see clearly a WIN95 process. Even for Schulman
not everything is clear. So I am not ashamed to admit it. I know
theoretically the differance between a linear and a physical adresses,
protected and virtual modes. But when I watch WinIce or any other
debugger, I cannot immediately say what mode is meant and if the
necessary conversion was made, and if I have to correct the debugger.
And for example WDASM: "Attach to an active process" - I could not yet
use it.
Thanks  AZ111.

-----#3-------------------------------------------------
Subject: 16 bit application


When a 32 bit PE application is running, we can get its
Process-Control-Block and Module-Structure. From these,
we can get its PE image head, and then get its entry-point,
the first CS:EIP after loading.

For a 16 bit NE application, can I get the initial
CS:EIP runtime ?

to Iceman: Can you help me ?
Can you give me your email address ?

Thank you.
 Liutaotao                          **********************



-----#4-------------------------------------------------
Subject: Hacker Attack? New Forum Location


Those of you who use the forum will know that it has been down for a few
days. It is now back up, but some of you like myself, will still have
problems accessing it. I think this is a problem with the DNS servers or
something as the forum has been shifted to a different server. I managed to
get the IP of disc.server.com using gthorne's web based nslookup (because,
obviously, my own DNS server wasn't resolving the new server correctly) and
so could get to the forum directly. The new URL is
****************************************** or you can follow the link from
my homepage.

The server has been down due to malicious hackers. Now Stone's site has
also been hacked and Fyodor's too. I wonder if there's someone out there
who doesn't like us...

BTW, the links at the top of the page will not work for some as it uses
disc.server.com rather than a direct IP number.

~~
Ghiribizzo

-----#5-------------------------------------------------
Subject: IDA Scam - not Ilfak

For those of you who were following the IDA 3.75 scam, I managed to find
the guy responsible. It was NOT Ilfak.

The guy is from Canada (hence the videotron isp) and the password was
mirror. He must have messed up the password. I don't have the files anymore
but try mirrroer and variations as that's how he spelled it when writing to
me.

He says that the next riddle and actual ZIP are no longer online.

~~
Ghiribizzo

=====End of Issue 215===================================



========================================================
+HCU Maillist          Issue: 216             05/08/1998 
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================

CONTENTS:

#1  Subject: some attacks

#2  Subject: Re: Undelete Util for FAT32?

#3  Subject: Re: Decryption

#4  Subject:  RE:Better memory view questions, once more.

#5  Subject: RE: 16 bit application

ARTICLES:

-----#1-------------------------------------------------
Subject: some attacks

> I am critical to most of the cracking essays on Fravia pages, because they advance in
>the wrong direction: handicraftsmen in the computer age. A new,
>"revolutionary" approach is needed to solve unsolvable (until now)
>problems. 

Dear +friend, we are all handicraftsmen in the computer age, and there are 
(unfortunately) not many "revolutionary" approaches. The best by far 
(and last) one I have seen is +ORC's one, which is much more philosophical 
than else.
What we need (<u>we</u> in my sense, of course) are FRESH, NEW, UNTAINTED 
crackers. Not programmers, not coders, not helpdesk experts... crackers! 
People that FEEL code! I'm not joking! 
And in order to get them (if ever!) we MUST deliver 'dummy' lessons
or whatever to 'tease' them into action... 
NEVER underestimate the people you don't know of. They maybe (may be) 
the masters of tomorrow. (On the other hand: ALWAYS criticize 
the people you already know of: they (may be) the obsolete conservatives 
of tomorrow (and this seems to apply to some 'money publishing' gurus too...

The most dangerous ones (in my limited experience) are the ones that 
take themselves too seriously. As soon as one believes that he is 
"somebody", DISTRUST him! 
You find/see/sniff/feel a cracker that does not put HIMSELF into 
discussion? Forget him at once: he isn't worth.
As strange as it may seem in this aera of overbloated ID, the more 
sure of yourself you are, the more moron you are. (Greek philosophs 
of 600 B.C. knew that, we hab$ve forgotten this... :-)

> Subject: Hacker Attack? New Forum Location
I'm currently under heavy attack on my main site (and two other ones), yet 
I'm defending AND I'm trying to counter-attack: culprits are from Canada 
(at least I believe).
No Idea if they are the same that attacked Stone and Fyodor or not.
Fyodor, Stone, please contact me (secure) to discuss this. I'm retaliating
(alone, since +Alistair disappeared), but I'm (apparently) no getting 
nowhere.

later
fravia+

-----#2-------------------------------------------------
Subject: Re: Undelete Util for FAT32?

Hi,

>I need a simple undelete utility for FAT32.  One which checks the fat and
>reconstructs deleted files.  Is there such an animal?

I've got one. It is called "RecoverNT"; you can download it from:

************************

Here is what's written in on-line help:

>RecoverNT is an undelete & file recovery program. RecoverNT is the only true
>32-bit recovery application available, and uses a true easy to use Windows
>interface. RecoverNT allows extraction of files from drives with damaged file
>systems, or where important information has been deleted. The program is
>compatible with all FAT file systems including FAT32 and NTFS file systems.
>The recovered files are displayed in a File Manager type interface with file
>name, size, date, extent of damage, and availability for recovery. The system
>also allows the recovery of whole directories and strives to retain the
>original directory structure. 

It works nice under Windows 95, Windows 98 and Windows NT.

The program is not free, however the patch (crack) for trial version is available.

Sincerely yours,
  Vladimir

Vladimir Katalov
Managing Director
Elcom Ltd.
***************************
************************ (Corporate site)
********************** (Freeware & Shareware from Russia)
ICQ UIN: 9835660



-----#3-------------------------------------------------
Subject: Re: Decryption

Hello,

> Does anybody know how to recover (deprotect) zipped files?

Do you mean breaking password-protected ZIP archives? If yes, there
are a lot of utilities available. Generally, they're using three
methods:

- brute-force attack
- dictionary-based attack
- "known plaintext" attack

I can recommend you to try the one I've written myself -- "Advanced ZIP
Password Recovery". Frist two methods mentioned above are implemented.
You can get more info and download it from:

*********************************

It is shareware ($15); unregistered version has some limitations.
Warning: I've seen some cracks for it, but all of them are not
complete. I've used the strong public-key encryption (RSA), and so
don't think that it can be cracked at all :)

Sincerely yours,
  Vladimir

Vladimir Katalov
Managing Director
Elcom Ltd.
***************************
************************ (Corporate site)
********************** (Freeware & Shareware from Russia)
ICQ UIN: 9835660



-----#4-------------------------------------------------
Subject:  RE:Better memory view questions, once more.

The imports from non-standard DLL's are coded in the same way as
imports from kernel32.dll and others "standard dll's".The best tool
to watch the calls made to this dll's it's Numega's Boundchecker.
You can create your own validation modules for those dll's
, compile them with a suported compiler and then set the error detection 
level to maximum.Run the program from BC and watch.
Dozens of API calls , memory leaks , API failures , non-standard dll's
calls...A wonderfool tool
Understanding protected mode , segments , descriptors , gates it's
not very hard.It took me several weeks , but with a good reference
it's easy.The best reference is Intel's manual . I don;t remember now
exactly it's name but it's something like " Intel architecture Software
Developer Manual." It's available in electronic form ( .pdf ) . Try to
download it from Intel's WEB site.
The best debugger it's Numega's Softice . I use it to debug at both
source level and assembly level.

Iceman

______________________________________________________
Get Your Private, Free Email at **********************

-----#5-------------------------------------------------
Subject: RE: 16 bit application

16 bit windows applications are NE executables,They are not mapped 
images , as PE files are.THe OS loads them in the shared 
memory arena and use LDT to allocate code and data selectors to
be used by this program.Several days ago someone asked me the same 
question.I told him to use the method described below , and
as far as I know he succeded.
A. Windows95 
 Windows 95 allows flat thunking.Therefore , we can call code from 16 
bit dll's for our own use.Remember old , good toolhelp.dll?
It contains all you need to manipulate 16 bit modules.You have to "flat 
thunk " from your 32 bit app to 16 bit code.You can do this 
by using Microsoft;s thunk compiler or by undocumented means ,
as described by Matt Pietrek.
B:Windows NT 
In NT the concept of flat thunking is inexistent.So the method described 
before it's unusable.No problem , since NT give as
a whole set of functions for this. They are VDM Debug API
functions.This API is of an incredible power , you can even get
linear adresses fo classic MS_DOS programs running in a command
prompt.

One final word. Be careful , and once you get an linear adress for
a 16 bit selector don;t relay blindly on it.The best thing you can do is
to retrive this adress every time you want to write in such memory
area. THis is because the OS can change the base adress of 
a selector during the global heap optimization process.
If you need more help feel free to caontact me.

Iceman 


______________________________________________________
Get Your Private, Free Email at **********************

=====End of Issue 216===================================



========================================================
+HCU Maillist          Issue: 217             05/08/1998 
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================

CONTENTS:

#0  Subject: Special addon from +Malattia... please read

#1  Subject: RE: Decryption

#2  Subject: re: P-MODE

#3  Subject: Next Generation of Crackers

#4  Subject: Zip password recovery

#5  Subject: Rre: Decryption.

ARTICLES:

-----#0-------------------------------------------------
Subject: Special addon from +Malattia... please read CAREFULLY! :)

Hi +All! :)

I would be grateful to you if you write directly to me when you think
anyone has done something wrong, like k0X did, and DON'T answer directly
on the list (like k0X did :)))))))
Unfortunately, even if you think you're right, and even if YOU ARE right,
this kind of messages is quite offtopic here, especially if you do have the
address to reply personally to the guy who did something "wrong". 
Hey k0X, nothing personal, as I hope you understood from my PERSONAL mail!
And, just to return "on topic": k0X, why don't you explain us how you crack
Vlad's protection? I think it would be a good essay and a good demonstration
of how weak it is... useful for both +crackers and +programmers (yes, I
think even programmers can wear a plus if they deserve it!). Of course, the
challenge is open for EVERYBODY HERE!!!
Sorry if I made you waste some time reading these lines, I hope you
understand my position and wait for a feedback from you at _manhcu_ address
(NOT_ON_THIS_LIST_PLEASE!:))))
crack well,

+Malattia

-----#1-------------------------------------------------
Subject: RE: Decryption

>I can recommend you to try the one I've written myself -- "Advanced ZIP
>Password Recovery".
>it is shareware ($15); unregistered version has some limitations.
>Sincerely yours,
>Vladimir

Mr  Vladimir...
This is no advertising place nor it is a market place ... We all post here
to learn more....
Please keep up with the guide lines and the "license agreement" of  this
mail list ... Which  i am sure you do know what it means. ;)

k0X

P.S. NOTHING is uncrackable... Even RSA...This is just publicity .. ;) ,
you have to get the proper tools for the job.









-----#2-------------------------------------------------
Subject: re: P-MODE

Are you sure that it is not a P-CODE program?Cause if not I do not know 
about what you are talking.
Anyway P-Code is a kind of interpreted code.The run time interpretor
emulates a  stack based procesor to cary out P-code operations.
Stack based processors operates preferentialy with the stack , the
operands are pop-ed from the stack and than the result is pushed 
back.The emulated processor maintains two stacks , one for integers
and other , called coprocessor stack for floating point values.
The P-code model was used by old Microsoft Visual C compilers.
(1.5)  and maybe others.
If your proggie is not a P-code but other thing , please give us more 
details about ithe P-mode you want to be disscussed.


Greetings to all of you , Iceman

______________________________________________________
Get Your Private, Free Email at **********************

-----#3-------------------------------------------------
Subject: Next Generation of Crackers

>>>
What we need (<u>we</u> in my sense, of course) are FRESH, NEW, UNTAINTED 
crackers. Not programmers, not coders, not helpdesk experts... crackers! 
People that FEEL code! I'm not joking! 
And in order to get them (if ever!) we MUST deliver 'dummy' lessons
or whatever to 'tease' them into action... 
<<<

When I first started writing tutorials, I tried to recruit new crackers. I
released the crack for a program into Usenet with a message attached
basically saying "if you want to learn how to do this yourself take a look
at this web page..". Although there may be some new crackers due to this, I
found that I got more attention from the 'plz crack this' lot than from
anyone actually wishing to learn. I think in the end, the next generation
of crackers will find us, not the other way around.

I disagree with some of fravia's comments above. I think that programmers
who learn to crack can be of great help. We already have some great tools
(sice dumpers, installshield script decompilers etc.) which have come
directly because of the programming skills of some crackers.

In any case, it may be impossible to get 'untainted' crackers as a newbie
studying tutorials will necessarily be tainted with 'standard' techniques
and instruction found within the many tutorials available today.

~~
Ghiribizzo

-----#4-------------------------------------------------
Subject: Zip password recovery

You should try to use pkcrack (known plaintext) whenever possible. For
brute force, I recommend FZC (now ver 1.05).

FZC implements exhaustive search and dictionary attack. It is fast and
unlike AZPR, it is free.

~~
Ghiribizzo


-----#5-------------------------------------------------
Subject: Rre: Decryption.

Thank you for your answer. I well mean what I've said: "to recover"
and not "to break", because they are my own files I have protected
once and have lost the key. Secondly, I regularly protect some of
my files and I want to test their protection. Thirdly, I am not so
interested in brute-force or dictionary-based attacks (I have seen
such applications on the Web; BTW how many letters does support
your tool: 4, 5, 6?), but in a real decryption process, based on the
knowledge of the algorithme (Huffman). There some restrictions in
certain countries concerning encryption/decryption usage in communications,
but, as far as I know, no restrictions for internal home purposes:
exercises, tests, compiling/decompiling one's owm files. I think
the subject would be interesting for many readers of this list,            
as it was never really discussed here. I mean how to compile a decryptor, or
how to apply a commercial one.
My best wishes.

=====End of Issue 217===================================



========================================================
+HCU Maillist          Issue: 218             05/10/1998 
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================

CONTENTS:

#1  Subject: Re: Zip password recovery

#2  Subject: Re: Zip password recovery

#3  Subject: p-mode

#4  Subject: CryptKey

#5  Subject: Borg Disassembler v1.0

ARTICLES:

-----#1-------------------------------------------------
Subject: Re: Zip password recovery


>You should try to use pkcrack (known plaintext) >whenever possible. For brute force, I recommend >FZC (now ver 1.05).

I would also go along with that. Has anoyone
here tried to use pkcrack with a fragment of
plaintext? 

I have an encrypted zip with a DLL in it, I have
a DLL which I know starts with the same bytes as the one in the zip (first 100 or so anyway).

When I look at the compressed versions of two
such dlls they differ in the first few bytes. 

It seems to me that plain text fragment facility 
in pkcrack is only useful if you have a fragemnt
of the compressed version of exactly the same file
(in which case you probably have the whole file anyway). 

Anyone else looked at this and come to some
conclusion?




-----#2-------------------------------------------------
Subject: Re: Zip password recovery


Sheesh - 3rd time lucky.

Just wanted to add it was me (spyder) asking about
pkcrack and fragments, and me that just sent the empty message (fingers working faster than my
brain).

spyder


-----#3-------------------------------------------------
Subject: p-mode

Hello Everyone

Hello Iceman

It might be a few days before I can better explain with
regards to P-mode or P-code. Since Iam working on Display Doctor
and my screen keeps freezing up, maybe part of the protection
( I played with the generating of the password )or not compatible with 
my video card. I could reload my old video drivers and get my computer 
up and running. But if it is part of Display Doctor program's 
protection, I don't want it to beat me.

cheers Rundus



______________________________________________________
Get Your Private, Free Email at **********************

-----#4-------------------------------------------------
Subject: CryptKey

Hi this is Muso,
I recently recieved a demo CD of the Protel PCB program which is a 30 
days trail version. They use a commecial license system called 
CryptKey. Does anybody know something about it? Any hints, 
suggestions?

Hope to hear from someone...

Muso
Mu

-----#5-------------------------------------------------
Subject: Borg Disassembler v1.0

Borg Disassembler for PE exe's is now available.
Please help me in Beta testing this,

********************************************************

Thanks
Cronos.

=====End of Issue 218===================================



========================================================
+HCU Maillist          Issue: 219             05/11/1998 
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================

CONTENTS:

#1  Subject: P-code

ARTICLES:

-----#1-------------------------------------------------
Subject: P-code

Hello Everyone

Hello Iceman

You are absolutely right it's P-code and NOT P-mode (thank you).
What can I say, except I hope it's the pressure of my heavy
workload and Iam not losing my mind.

Does anyone know what Service B is with regards to the operations
of a Video Card? I think there is a connection with the VxD files.
Tried contacting Diamond.com (DirectDraw Stealth 64 Video 2001 PCI)
for an answer and only get standard replies from their computer. It
will not allow me to talk to it's master.

Had to abandon work on Display Doctor.exe because of the above
problem. Has anyone worked on Display Doctor?

Any help is always greatly appreciated and it helps me sleep at
night.

cheers Rundus


______________________________________________________
Get Your Private, Free Email at **********************

=====End of Issue 219===================================





========================================================
+HCU Maillist          Issue: 220             05/12/1998 
--------------------------------------------------------
Send Articles To:......................... *************
Info, Help, Unsubscription, etc:....... ****************
Web Repository.........................hcuml.home.ml.org
========================================================

CONTENTS:

#1  Subject: IDA

#2  Subject: none

#3  Subject: Repository updated

ARTICLES:

-----#1-------------------------------------------------
Subject: IDA

Does anyone have a idb/idc file for ida.wll which has the functions renamed
(e.g. _522 renamed to something meaningful). If so, and you are willing to
share, please contact me.

Also, does anyone have the IDA SDK? I've obtained IDA375 fully regged. I've
already dcc'd it to a few people on IRC. Hopefully it will be spreading
around. Anyone with very fast FTP space, please contact me.

Also, you can get it from me via DCC if you have a fast connection. I'm
usually on IRC at midnight GMT (+/- 3 hours). (or if you see GhiriFTP, FTP
to it's IP address and anon login)

~~
Ghiribizzo

-----#2-------------------------------------------------
Subject: none

Hello JaZZ (I'm hoping you're on this list),

Congratulations for your very interesting essay on Corel Ventura...there's
a few things I'd like to discuss with you regarding the Corel/Elan scheme
etc., please contact me: **********************

Cya,
+ReZiDeNt

-----#2-------------------------------------------------
Subject: Repository updated

Hi +All! :)

I'm sorry the repository hasn't been updated in the last month... this night
I'll upload all the back issues until this one! Also, I'll try to find the
time to update my secret page too ;)

byez,

 .+MaLaTTiA.


=====End of Issue 220===================================