Reverse Code Engineering RCE CD +sandman 2000

home *** CD-ROM | disk | FTP | other *** search

/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / Library / +HCU / 211-220.TXT < prev next >

Wrap

Text File | 2000-05-25 | 42.4 KB | 1,248 lines

======================================================== +HCU Maillist Issue: 211 05/02/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Process Tree #2 Subject: Re: +HCU ML Issue 209 #3 Subject: Paper Tiger - A Demo CPU Emulation 'Protection' #4 Subject: hacking ARTICLES: -----#1------------------------------------------------- Subject: Process Tree Unfortunatly, the download in not any more available: the "Download now" button has dissappeared from the Website. AZ111. -----#2------------------------------------------------- Subject: Re: +HCU ML Issue 209 On Thu, 30 Apr 1998 21:42:54 +0200 (MET DST) "+HCU ML" ****************** writes: >======================================================== >+HCU Maillist Issue: 209 04/30/1998 >-------------------------------------------------------- >Subject: packet monitoring > >I think you might find NukeNabber useful. You can find latest version via >web search. Probably find links to other stuff you want from this. > >~~ >Ghiribizzo > here you go heres the URL on my NukeNabber... now laong with this nuking topic... does anyone know of a way to nuke/kill people from a UNIX *shell*??? (i dont have root) TecH_bOi > > > _____________________________________________________________________ You don't need to buy Internet access to use free Internet e-mail. Get completely free e-mail from Juno at ******************* Or call Juno at (800) 654-JUNO [654-5866] -----#3------------------------------------------------- Subject: Paper Tiger - A Demo CPU Emulation 'Protection' Some of you may know that I've been working on the CPU emulation protections. When I finished the demo I sent it to a few friends. At first I thought it was a very hard crack, but now that I've looked at it from a cracker's perspective rather than a protectionist's, I've changed my mind :) For those of you who want to try it, it is at: ************************************************* Hint: ZYZOZUZ ZCZAZNZ ZCZRZAZCZKZ ZIZTZ ZUZSZIZNZGZ ZAZ ZHZEZXZ ZLZIZSZTZIZNZGZ ZAZNZDZ ZPZEZNZ ZAZNZDZ ZPZAZPZEZRZ.Z ZIZTZ ZIZSZ ZAZ ZOZNZEZ ZBZYZTZEZ ZCZRZAZCZKZ.Z Remove the Zs if you want the hint. ~~ Ghiribizzo -----#4------------------------------------------------- Subject: hacking Some FTP sites can try to switch from downloading into uploading (or mixed) mode. Has anybody an information on the subject? Thanks. AZ111. =====End of Issue 211=================================== ======================================================== +HCU Maillist Issue: 212 05/03/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Undelete Util for FAT32? #2 Subject: gthorne - on nuking in unix #3 Subject: Paper Tiger #4 Subject: nukes ARTICLES: -----#1------------------------------------------------- Subject: Undelete Util for FAT32? Gentlemen: I need a simple undelete utility for FAT32. One which checks the fat and reconstructs deleted files. Is there such an animal? I enjoy the many intelligent posts on the +HCU list. Thanks zinger -----#2------------------------------------------------- Subject: gthorne - on nuking in unix Message Body = search for teardrop.c you will find a ton of other files as well, but teardrop is one of the basic nuke programs +gthorne -----#3------------------------------------------------- Subject: Paper Tiger A note about the different versions: Depending when you downloaded the file you may have got different versions of the program. There are also a few beta versions I sent via email and IRC. Concept Version: Uses a beta version of the ghCPU Variant A: Uses ghCPU-1 Variant B: Some changes to protection Variant B2: Minor changes to protection Possessing multiple versions will make it much easier to crack, except for variant B and B2 which only has the change: 00000119: 50 C3 0000011A: C3 90 From Variant B onwards, the program displays it's version. If you have Variant B, then don't bother to get Variant A. Thanks for the feedback you've given me so far. ~~ Ghiribizzo -----#4------------------------------------------------- Subject: nukes >>> here you go heres the URL on my NukeNabber... now laong with this nuking topic... does anyone know of a way to nuke/kill people from a UNIX *shell*??? (i dont have root) <<< Try a search for Nuke and IRC or DoS. You should find a lot of nukes which you should be able to compile and run from a unix prompt. There are also precompiled nukes for windows around. There are also some mIRC scripts which integrate nukes into the irc client. Does anyone here have experience with mIRC scripting? I'd like to integrate wnuke4.exe into the right popup menu. ~~ Ghiribizzo =====End of Issue 212=================================== ======================================================== +HCU Maillist Issue: 213 05/04/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Decryption #2 Subject: CPU-emulation-based protections #3 Subject: FAT32 - undelete #4 Subject: growing up.... #5 Subject: ProcDump... a tool of the trade ARTICLES: -----#1------------------------------------------------- Subject: Decryption Does anybody know how to recover (deprotect) zipped files? -----#2------------------------------------------------- Subject: CPU-emulation-based protections If you are interested in CPU-emulation-based protections, you should try to crack my zelazny.com, available for quite some time on ****************************** It emulates a simple stack-based processor. Known cracks: Aesculapius did it (congrats!) and Ghiribizzo removed some outer encryption parts (see *************************************************** Jack of Shadows -----#3------------------------------------------------- Subject: FAT32 - undelete There is a util for undeleting files. It's part of the Norton Utilities 3.0 and it's called (guess) Norton Undelete. It protect's the Recycle Bin and allows to undelete files, not only moved into the Recycle bin TWD mailto : twd(point)rulez(at)gmx(point)net -----#4------------------------------------------------- Subject: growing up.... Dear all, after being lazy for a long time, I finally freed about 250 MB of my small 1.2 GB to use a better OS instead of the horrible win95. However, which would you recommend - Linux or FreeBSD ? I just hope I'm not starting a OS flame war here..... ;-) WAFNA -----#5------------------------------------------------- Subject: ProcDump... a tool of the trade Weee.. a commercial... they are everywhere: As we all know envelope protections is quite common - and sometimes quite annoying from the perspective that it's a lot of work building a PE-exe from the memory image of it. This is the main reason why G-rom has developed a tool ProcDump which can actually rebuild PE-files from memory. I tipped in and coded a trace-engine that'll allow it to find the original entrypoint and improve dumping. This tool is EXTREMELY handy to just about anybody removing PE-Envelopes of just about any type. It has uses far beyound those of the DOC.... If you're into envelope removing.. I suggest you take a peak at this tool. --- btw - fravia: you can find the finished version of my "in memory patching" eassay on my page: ******************************************* if you wanna update it on your page. ... to all those who read (and hopefully enjoyed) this easay may I suggest you take a peak at my homepage because I released a diffent type of API-hook that is similar to the Debug approach in many ways but overcomes some of it's shortcommings. regrds.. Stone / United Cracking Force =====End of Issue 213=================================== ======================================================== +HCU Maillist Issue: 214 05/06/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: gthorne regarding Linux vs FreeBSD #2 Subject: Stone's updated essay (fravia+) #3 Subject: RE:Better memory view questions #4 Subject: New page #5 Subject: nuking script #6 Subject: IDA Pro 3.75 ARTICLES: -----#1------------------------------------------------- Subject: gthorne regarding Linux vs FreeBSD Message Body = wafna - to me the difference is in distribution there are more linux users so it will be easier for you to find more people who have accomplished tasks in linux than freebsd i have been the kind of person to tend to try whatever comes my way - so for me it would be a temporary change, and i will always go back to linux this is for no other reason than that it is my old friend, i have solaris as well, but installing it would only be temporary change until i went back to the one i know the best each new os is a challenge, and rather exciting in that respect, but i do know that linux has more unix emulation than others - built into the kernel - and people have been and will be developing for it en masse, where other free flavors of unix will for many years to come take a back seat to it - this probably includes support for new devices, since linux users seem to have a zeal to 'make it work' that i have rarelyt seen in other development environments for those of you who may know exceptions to this general rule, great! i love to hear more about alternative options and therefore learn more as well +gthorne -----#2------------------------------------------------- Subject: Stone's updated essay (fravia+) Stone's >btw - fravia: you can find the finished version of my "in memory >patching" eassay on my page: ********************************************* No, it was not there on 4 May 1998, 22:50 UE Time And it would be nice if you could send your essays to me, updated and already formatted, you +lazy master (that is, if you have the time :-) later fravia+ -----#3------------------------------------------------- Subject: RE:Better memory view questions Imported functions from dll's are all listed in a section of PE files called import section.Good dissasamblers like IDA are capable to pharse this section and give you all information about imported functions and dll's from witch are imported.Note that imports names are not encoded. You can see them as plain text inside PE files. To understand what happens behind our eyes I suggest reading a good PE file reference. The memory layout in Window95 is very simple.The OS use a page based memory management, providing a linear 4Gb adress space for each 32bit app.The space is divided as below: 1. 0 to 4mb Low Win16 Heap 2. 4mb to 2 gb per-process user area 3. 2gb to 3 gb a shared memory arena containing - memory maped files - 32bit system dll's - top Win16 global heap 4.3gb to 4 gb 32 bit System arena containig ring 0 OS components Each 32 bit process is provided whith it's own adress space.16 bit aplications are not runned in a separate adress space in Window95.They are loaded by the OS in the region starting at 2gb and below 3gb.The system loads them as close as posible to 2gb to keep a well organized memory space.Also not that 16 bit app modules are not mapped in memory like PE executables. From this memory layout you can see that Dll's are loaded in a region what is shared between processes.This means that a dll is nod loaded in every process what use it.The Os simply maps the shared region in every process adress space. Note that 16 bit modules are not runing in a separate memory space in Windows95.In WindowsNT they do , but this was implemented paying speed. Also , in WIndow95 are used only two rings ring3 and ring0. Strange enough , but system dll's runs at the same privilege level as user code , on ring3. The VxD's are running on ring0.Transitions between ring 3 code and ring 0 code is usualy realized through interrupts gates. Each ring is provided whith it's own stack space. Per process stacks are alocated when the process is started. Size and limit is chosed bt the values contained in the .exe file.(unverifyed but seems to be OK) The memory layout described is very schematic but should be good for starting. Readings: (articles) 1.In memory patching - Three aproaches by Stone 2.Win32 Debug API by Iceman 3.Tweaking whith memory in Windows 95 by Iceman all three available at Fravia's in the Papers section (books) 4. System level programing for Win95 by Matt Pietrek Apologies goes to all of you who are familiar with this subject. Iceman ______________________________________________________ Get Your Private, Free Email at ********************** -----#4------------------------------------------------- Subject: New page We just open a new page for cracks/serials at: ****************************** this page deserve specials links,so be sure to go to Toonland for what you're looking! +a ______________________________________________________ Get Your Private, Free Email at ********************** -----#5------------------------------------------------- Subject: nuking script >Subject: nukes > >>>> >here you go heres the URL on my NukeNabber... now laong with this nuking >topic... does anyone know of a way to nuke/kill people from a UNIX >*shell*??? (i dont have root) ><<< > >Try a search for Nuke and IRC or DoS. You should find a lot of nukes which >you should be able to compile and run from a unix prompt. There are also >precompiled nukes for windows around. > >There are also some mIRC scripts which integrate nukes into the irc >client. > >Does anyone here have experience with mIRC scripting? I'd like to integrate >wnuke4.exe into the right popup menu. > >~~ >Ghiribizzo > Theres a script that has Winnuke, some other nukes, IPmask, etc. all in it.. its called Sorcery our something... just do a search for it on those mIRC scripts pages... TecH_bOi _____________________________________________________________________ You don't need to buy Internet access to use free Internet e-mail. Get completely free e-mail from Juno at ******************* Or call Juno at (800) 654-JUNO [654-5866] -----#6------------------------------------------------- Subject: IDA Pro 3.75 I can get hold of IDA 3.75 plus updates for a year. However, my supplier want's something in return. A licence generator for IDA (i.e. IDA.KEY generator). I won't be able to work on this until June/July, so if someone want's it before then, please work on it and send to me. ~~ Ghiribizzo =====End of Issue 214=================================== ======================================================== +HCU Maillist Issue: 215 05/06/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: P-mode #2 Subject: Better memory view questions, once more. #3 Subject: 16 bit application #4 Subject: Hacker Attack? New Forum Location #5 Subject: IDA Scam - not Ilfak ARTICLES: -----#1------------------------------------------------- Subject: P-mode Hello Everyone Loaded program LOCK32.exe into SmartChecker and it tells me it's a P-mode program. Iam aware that there are a number of different modes. Would anyone care to discuss aspects of these modes? cheers Rundus ______________________________________________________ Get Your Private, Free Email at ********************** -----#2------------------------------------------------- Subject: Better memory view questions, once more. Greetings to Iceman and to all others. I have just received your answer, and I wiil study your references in the coming days. I am pleased by YOUR answer, because I have already read your article "WIN32"(20 March 1988) and I have found it the best among all other articles on Fravia page, as it coincides with my approach to the problem, and I am not enough competant to judge the conclusions of the investigations. I briefly explain myself. I am critical to most of the cracking essays on Fravia pages, because they advance in the wrong direction: handicraftsmen in the computer age. A new, "revolutionary" approach is needed to solve unsolvable (until now) problems. The global vision of the problem is needed, as an OOP approach in C++ programming. The author of +ORC lessons speak of the Zen approach (Zen = oriental philosophical school). Christina Cifuentes has written "Reverse Compilation Techniques" for obtaining the degree of Doctor of Philosophy. While watching WinIce, first I do not look for any particular instruction, but try to represent mentally the whole process on the memory map inside Microsoft black box. As Microsoft will not reveal its secrets, so the best document sources are outside, and they are not so numerous: Schulman "Unauthorized Win95" and Matt Pietreck (I have consulted only his Web page. I hesitate to order his book, as it is rather expensive; and I am afraid that he will repeat what has been already said by Schulman). The book of Schulman has helped me to solve some practical problems. As for the tools for debugging Windows applications, I appreciate Microsoft tools. I know that their tools will not reveal what is not revealed in Microsoft documentation. But contrary to Microsoft documentation, Microsoft tools do not mislead: they just stop in the middle of the road and do not advance further, leaving us with a lot of true data related to threads and process without practical value, especially in the memory co-ordinates. While watching WinIce we can see also a lot of that mysterious data. As for DLL import/export functions, I know that it is indicated in the beginning of the file, as well as in WDASM list. I meant if in all jumps and call binary codes the names of the files are not encoded. For example, in WDASM list I see only references to system DLL, and no reference to local DLL and help files. And how do they call each other? Most assembly books speak of the real mode and non-Windows programs. As I have only an abstract concept of the protected mode, it is difficult for me to see clearly a WIN95 process. Even for Schulman not everything is clear. So I am not ashamed to admit it. I know theoretically the differance between a linear and a physical adresses, protected and virtual modes. But when I watch WinIce or any other debugger, I cannot immediately say what mode is meant and if the necessary conversion was made, and if I have to correct the debugger. And for example WDASM: "Attach to an active process" - I could not yet use it. Thanks AZ111. -----#3------------------------------------------------- Subject: 16 bit application When a 32 bit PE application is running, we can get its Process-Control-Block and Module-Structure. From these, we can get its PE image head, and then get its entry-point, the first CS:EIP after loading. For a 16 bit NE application, can I get the initial CS:EIP runtime ? to Iceman: Can you help me ? Can you give me your email address ? Thank you. Liutaotao ********************** -----#4------------------------------------------------- Subject: Hacker Attack? New Forum Location Those of you who use the forum will know that it has been down for a few days. It is now back up, but some of you like myself, will still have problems accessing it. I think this is a problem with the DNS servers or something as the forum has been shifted to a different server. I managed to get the IP of disc.server.com using gthorne's web based nslookup (because, obviously, my own DNS server wasn't resolving the new server correctly) and so could get to the forum directly. The new URL is ****************************************** or you can follow the link from my homepage. The server has been down due to malicious hackers. Now Stone's site has also been hacked and Fyodor's too. I wonder if there's someone out there who doesn't like us... BTW, the links at the top of the page will not work for some as it uses disc.server.com rather than a direct IP number. ~~ Ghiribizzo -----#5------------------------------------------------- Subject: IDA Scam - not Ilfak For those of you who were following the IDA 3.75 scam, I managed to find the guy responsible. It was NOT Ilfak. The guy is from Canada (hence the videotron isp) and the password was mirror. He must have messed up the password. I don't have the files anymore but try mirrroer and variations as that's how he spelled it when writing to me. He says that the next riddle and actual ZIP are no longer online. ~~ Ghiribizzo =====End of Issue 215=================================== ======================================================== +HCU Maillist Issue: 216 05/08/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: some attacks #2 Subject: Re: Undelete Util for FAT32? #3 Subject: Re: Decryption #4 Subject: RE:Better memory view questions, once more. #5 Subject: RE: 16 bit application ARTICLES: -----#1------------------------------------------------- Subject: some attacks > I am critical to most of the cracking essays on Fravia pages, because they advance in >the wrong direction: handicraftsmen in the computer age. A new, >"revolutionary" approach is needed to solve unsolvable (until now) >problems. Dear +friend, we are all handicraftsmen in the computer age, and there are (unfortunately) not many "revolutionary" approaches. The best by far (and last) one I have seen is +ORC's one, which is much more philosophical than else. What we need (<u>we</u> in my sense, of course) are FRESH, NEW, UNTAINTED crackers. Not programmers, not coders, not helpdesk experts... crackers! People that FEEL code! I'm not joking! And in order to get them (if ever!) we MUST deliver 'dummy' lessons or whatever to 'tease' them into action... NEVER underestimate the people you don't know of. They maybe (may be) the masters of tomorrow. (On the other hand: ALWAYS criticize the people you already know of: they (may be) the obsolete conservatives of tomorrow (and this seems to apply to some 'money publishing' gurus too... The most dangerous ones (in my limited experience) are the ones that take themselves too seriously. As soon as one believes that he is "somebody", DISTRUST him! You find/see/sniff/feel a cracker that does not put HIMSELF into discussion? Forget him at once: he isn't worth. As strange as it may seem in this aera of overbloated ID, the more sure of yourself you are, the more moron you are. (Greek philosophs of 600 B.C. knew that, we hab$ve forgotten this... :-) > Subject: Hacker Attack? New Forum Location I'm currently under heavy attack on my main site (and two other ones), yet I'm defending AND I'm trying to counter-attack: culprits are from Canada (at least I believe). No Idea if they are the same that attacked Stone and Fyodor or not. Fyodor, Stone, please contact me (secure) to discuss this. I'm retaliating (alone, since +Alistair disappeared), but I'm (apparently) no getting nowhere. later fravia+ -----#2------------------------------------------------- Subject: Re: Undelete Util for FAT32? Hi, >I need a simple undelete utility for FAT32. One which checks the fat and >reconstructs deleted files. Is there such an animal? I've got one. It is called "RecoverNT"; you can download it from: ************************ Here is what's written in on-line help: >RecoverNT is an undelete & file recovery program. RecoverNT is the only true >32-bit recovery application available, and uses a true easy to use Windows >interface. RecoverNT allows extraction of files from drives with damaged file >systems, or where important information has been deleted. The program is >compatible with all FAT file systems including FAT32 and NTFS file systems. >The recovered files are displayed in a File Manager type interface with file >name, size, date, extent of damage, and availability for recovery. The system >also allows the recovery of whole directories and strives to retain the >original directory structure. It works nice under Windows 95, Windows 98 and Windows NT. The program is not free, however the patch (crack) for trial version is available. Sincerely yours, Vladimir Vladimir Katalov Managing Director Elcom Ltd. *************************** ************************ (Corporate site) ********************** (Freeware & Shareware from Russia) ICQ UIN: 9835660 -----#3------------------------------------------------- Subject: Re: Decryption Hello, > Does anybody know how to recover (deprotect) zipped files? Do you mean breaking password-protected ZIP archives? If yes, there are a lot of utilities available. Generally, they're using three methods: - brute-force attack - dictionary-based attack - "known plaintext" attack I can recommend you to try the one I've written myself -- "Advanced ZIP Password Recovery". Frist two methods mentioned above are implemented. You can get more info and download it from: ********************************* It is shareware ($15); unregistered version has some limitations. Warning: I've seen some cracks for it, but all of them are not complete. I've used the strong public-key encryption (RSA), and so don't think that it can be cracked at all :) Sincerely yours, Vladimir Vladimir Katalov Managing Director Elcom Ltd. *************************** ************************ (Corporate site) ********************** (Freeware & Shareware from Russia) ICQ UIN: 9835660 -----#4------------------------------------------------- Subject: RE:Better memory view questions, once more. The imports from non-standard DLL's are coded in the same way as imports from kernel32.dll and others "standard dll's".The best tool to watch the calls made to this dll's it's Numega's Boundchecker. You can create your own validation modules for those dll's , compile them with a suported compiler and then set the error detection level to maximum.Run the program from BC and watch. Dozens of API calls , memory leaks , API failures , non-standard dll's calls...A wonderfool tool Understanding protected mode , segments , descriptors , gates it's not very hard.It took me several weeks , but with a good reference it's easy.The best reference is Intel's manual . I don;t remember now exactly it's name but it's something like " Intel architecture Software Developer Manual." It's available in electronic form ( .pdf ) . Try to download it from Intel's WEB site. The best debugger it's Numega's Softice . I use it to debug at both source level and assembly level. Iceman ______________________________________________________ Get Your Private, Free Email at ********************** -----#5------------------------------------------------- Subject: RE: 16 bit application 16 bit windows applications are NE executables,They are not mapped images , as PE files are.THe OS loads them in the shared memory arena and use LDT to allocate code and data selectors to be used by this program.Several days ago someone asked me the same question.I told him to use the method described below , and as far as I know he succeded. A. Windows95 Windows 95 allows flat thunking.Therefore , we can call code from 16 bit dll's for our own use.Remember old , good toolhelp.dll? It contains all you need to manipulate 16 bit modules.You have to "flat thunk " from your 32 bit app to 16 bit code.You can do this by using Microsoft;s thunk compiler or by undocumented means , as described by Matt Pietrek. B:Windows NT In NT the concept of flat thunking is inexistent.So the method described before it's unusable.No problem , since NT give as a whole set of functions for this. They are VDM Debug API functions.This API is of an incredible power , you can even get linear adresses fo classic MS_DOS programs running in a command prompt. One final word. Be careful , and once you get an linear adress for a 16 bit selector don;t relay blindly on it.The best thing you can do is to retrive this adress every time you want to write in such memory area. THis is because the OS can change the base adress of a selector during the global heap optimization process. If you need more help feel free to caontact me. Iceman ______________________________________________________ Get Your Private, Free Email at ********************** =====End of Issue 216=================================== ======================================================== +HCU Maillist Issue: 217 05/08/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #0 Subject: Special addon from +Malattia... please read #1 Subject: RE: Decryption #2 Subject: re: P-MODE #3 Subject: Next Generation of Crackers #4 Subject: Zip password recovery #5 Subject: Rre: Decryption. ARTICLES: -----#0------------------------------------------------- Subject: Special addon from +Malattia... please read CAREFULLY! :) Hi +All! :) I would be grateful to you if you write directly to me when you think anyone has done something wrong, like k0X did, and DON'T answer directly on the list (like k0X did :))))))) Unfortunately, even if you think you're right, and even if YOU ARE right, this kind of messages is quite offtopic here, especially if you do have the address to reply personally to the guy who did something "wrong". Hey k0X, nothing personal, as I hope you understood from my PERSONAL mail! And, just to return "on topic": k0X, why don't you explain us how you crack Vlad's protection? I think it would be a good essay and a good demonstration of how weak it is... useful for both +crackers and +programmers (yes, I think even programmers can wear a plus if they deserve it!). Of course, the challenge is open for EVERYBODY HERE!!! Sorry if I made you waste some time reading these lines, I hope you understand my position and wait for a feedback from you at _manhcu_ address (NOT_ON_THIS_LIST_PLEASE!:)))) crack well, +Malattia -----#1------------------------------------------------- Subject: RE: Decryption >I can recommend you to try the one I've written myself -- "Advanced ZIP >Password Recovery". >it is shareware ($15); unregistered version has some limitations. >Sincerely yours, >Vladimir Mr Vladimir... This is no advertising place nor it is a market place ... We all post here to learn more.... Please keep up with the guide lines and the "license agreement" of this mail list ... Which i am sure you do know what it means. ;) k0X P.S. NOTHING is uncrackable... Even RSA...This is just publicity .. ;) , you have to get the proper tools for the job. -----#2------------------------------------------------- Subject: re: P-MODE Are you sure that it is not a P-CODE program?Cause if not I do not know about what you are talking. Anyway P-Code is a kind of interpreted code.The run time interpretor emulates a stack based procesor to cary out P-code operations. Stack based processors operates preferentialy with the stack , the operands are pop-ed from the stack and than the result is pushed back.The emulated processor maintains two stacks , one for integers and other , called coprocessor stack for floating point values. The P-code model was used by old Microsoft Visual C compilers. (1.5) and maybe others. If your proggie is not a P-code but other thing , please give us more details about ithe P-mode you want to be disscussed. Greetings to all of you , Iceman ______________________________________________________ Get Your Private, Free Email at ********************** -----#3------------------------------------------------- Subject: Next Generation of Crackers >>> What we need (<u>we</u> in my sense, of course) are FRESH, NEW, UNTAINTED crackers. Not programmers, not coders, not helpdesk experts... crackers! People that FEEL code! I'm not joking! And in order to get them (if ever!) we MUST deliver 'dummy' lessons or whatever to 'tease' them into action... <<< When I first started writing tutorials, I tried to recruit new crackers. I released the crack for a program into Usenet with a message attached basically saying "if you want to learn how to do this yourself take a look at this web page..". Although there may be some new crackers due to this, I found that I got more attention from the 'plz crack this' lot than from anyone actually wishing to learn. I think in the end, the next generation of crackers will find us, not the other way around. I disagree with some of fravia's comments above. I think that programmers who learn to crack can be of great help. We already have some great tools (sice dumpers, installshield script decompilers etc.) which have come directly because of the programming skills of some crackers. In any case, it may be impossible to get 'untainted' crackers as a newbie studying tutorials will necessarily be tainted with 'standard' techniques and instruction found within the many tutorials available today. ~~ Ghiribizzo -----#4------------------------------------------------- Subject: Zip password recovery You should try to use pkcrack (known plaintext) whenever possible. For brute force, I recommend FZC (now ver 1.05). FZC implements exhaustive search and dictionary attack. It is fast and unlike AZPR, it is free. ~~ Ghiribizzo -----#5------------------------------------------------- Subject: Rre: Decryption. Thank you for your answer. I well mean what I've said: "to recover" and not "to break", because they are my own files I have protected once and have lost the key. Secondly, I regularly protect some of my files and I want to test their protection. Thirdly, I am not so interested in brute-force or dictionary-based attacks (I have seen such applications on the Web; BTW how many letters does support your tool: 4, 5, 6?), but in a real decryption process, based on the knowledge of the algorithme (Huffman). There some restrictions in certain countries concerning encryption/decryption usage in communications, but, as far as I know, no restrictions for internal home purposes: exercises, tests, compiling/decompiling one's owm files. I think the subject would be interesting for many readers of this list, as it was never really discussed here. I mean how to compile a decryptor, or how to apply a commercial one. My best wishes. =====End of Issue 217=================================== ======================================================== +HCU Maillist Issue: 218 05/10/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Re: Zip password recovery #2 Subject: Re: Zip password recovery #3 Subject: p-mode #4 Subject: CryptKey #5 Subject: Borg Disassembler v1.0 ARTICLES: -----#1------------------------------------------------- Subject: Re: Zip password recovery >You should try to use pkcrack (known plaintext) >whenever possible. For brute force, I recommend >FZC (now ver 1.05). I would also go along with that. Has anoyone here tried to use pkcrack with a fragment of plaintext? I have an encrypted zip with a DLL in it, I have a DLL which I know starts with the same bytes as the one in the zip (first 100 or so anyway). When I look at the compressed versions of two such dlls they differ in the first few bytes. It seems to me that plain text fragment facility in pkcrack is only useful if you have a fragemnt of the compressed version of exactly the same file (in which case you probably have the whole file anyway). Anyone else looked at this and come to some conclusion? -----#2------------------------------------------------- Subject: Re: Zip password recovery Sheesh - 3rd time lucky. Just wanted to add it was me (spyder) asking about pkcrack and fragments, and me that just sent the empty message (fingers working faster than my brain). spyder -----#3------------------------------------------------- Subject: p-mode Hello Everyone Hello Iceman It might be a few days before I can better explain with regards to P-mode or P-code. Since Iam working on Display Doctor and my screen keeps freezing up, maybe part of the protection ( I played with the generating of the password )or not compatible with my video card. I could reload my old video drivers and get my computer up and running. But if it is part of Display Doctor program's protection, I don't want it to beat me. cheers Rundus ______________________________________________________ Get Your Private, Free Email at ********************** -----#4------------------------------------------------- Subject: CryptKey Hi this is Muso, I recently recieved a demo CD of the Protel PCB program which is a 30 days trail version. They use a commecial license system called CryptKey. Does anybody know something about it? Any hints, suggestions? Hope to hear from someone... Muso Mu -----#5------------------------------------------------- Subject: Borg Disassembler v1.0 Borg Disassembler for PE exe's is now available. Please help me in Beta testing this, ******************************************************** Thanks Cronos. =====End of Issue 218=================================== ======================================================== +HCU Maillist Issue: 219 05/11/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: P-code ARTICLES: -----#1------------------------------------------------- Subject: P-code Hello Everyone Hello Iceman You are absolutely right it's P-code and NOT P-mode (thank you). What can I say, except I hope it's the pressure of my heavy workload and Iam not losing my mind. Does anyone know what Service B is with regards to the operations of a Video Card? I think there is a connection with the VxD files. Tried contacting Diamond.com (DirectDraw Stealth 64 Video 2001 PCI) for an answer and only get standard replies from their computer. It will not allow me to talk to it's master. Had to abandon work on Display Doctor.exe because of the above problem. Has anyone worked on Display Doctor? Any help is always greatly appreciated and it helps me sleep at night. cheers Rundus ______________________________________________________ Get Your Private, Free Email at ********************** =====End of Issue 219=================================== ======================================================== +HCU Maillist Issue: 220 05/12/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: IDA #2 Subject: none #3 Subject: Repository updated ARTICLES: -----#1------------------------------------------------- Subject: IDA Does anyone have a idb/idc file for ida.wll which has the functions renamed (e.g. _522 renamed to something meaningful). If so, and you are willing to share, please contact me. Also, does anyone have the IDA SDK? I've obtained IDA375 fully regged. I've already dcc'd it to a few people on IRC. Hopefully it will be spreading around. Anyone with very fast FTP space, please contact me. Also, you can get it from me via DCC if you have a fast connection. I'm usually on IRC at midnight GMT (+/- 3 hours). (or if you see GhiriFTP, FTP to it's IP address and anon login) ~~ Ghiribizzo -----#2------------------------------------------------- Subject: none Hello JaZZ (I'm hoping you're on this list), Congratulations for your very interesting essay on Corel Ventura...there's a few things I'd like to discuss with you regarding the Corel/Elan scheme etc., please contact me: ********************** Cya, +ReZiDeNt -----#2------------------------------------------------- Subject: Repository updated Hi +All! :) I'm sorry the repository hasn't been updated in the last month... this night I'll upload all the back issues until this one! Also, I'll try to find the time to update my secret page too ;) byez, .+MaLaTTiA. =====End of Issue 220===================================