Welcome to Stone's WebNote

Lowlevel virtues and abuses

It was fun while it lasted.

Visitors since 12th of Jan 1998:

Editorial

No - I've not started updating my page again. It's still on standby. I lost the domain name Sharp provided for me (www.cracking.net) for reasons beyond my control (primarely financial considerations). I wish to thank Sharp for the hospitallity he extended to me. Second I wish to stress that he nor me has anything to do with the adult-entertainment site that's now running there. A lot of people sent me support and urged me to get my page back online so here it is.

Stone - 28th of August 1999

This is where I stopped updating:

I've been very proud of the interest that you have given my webpage. 160.000 hits, in excess of 500 emails. Name the first 10 computer companies that comes to your mind and they all visited my page atleast once. It started small - so small that a very good friend of mine, Patriarch, said to me: "That is not a webpage - that's a webnote". Let there be no doubts - it has been fun.

Has been? Yes. It's over. When I started this homepage cracking homepages was full of text and sourcecodes where hard, if not impossible to obtain. I attribute my success to the fact that I've been able, thanks to the many contributions, to bring tons of sourcecodes on abuse. Why do I stop? Life has gotten to me - other things seems more important now and this page seems less fun. I've gotten work, I'm now on the last months of writting my thesis and that requires my attention as well.. I won't promise that I won't return - but nor will I promise that I ever will. You can continiue to email me - and the page will stay up as long as Sharp wants it to. I will promise you though that my hands won't be kept off the assembler. I still love my TASM & SoftIce. Thanks for the good times - it's been fun!

Btw: I once IMHO had the best abuse-sourcecode-related website. Now I don't - which is a contributing reason to me shutting down. Iczelion's site left me in awe the first time I saw it.

It doesn't seem right to not write some tech-stuff on my last editorial. So here it is:

In Denmark there has been a discussion of the security of homebanking systems. In particular BackOrifice was mentioned in this discussion. Ofcause a remedy was offered by the banks. A virus-signature scanner. So is your money really safe if you signature scan? No way. To examine how simple it was to write a program which would obtain passwords I wrote a small program, it was hardly as complex as BackOrifice - in fact nowhere near the complexity of BO. But it did the job. How long did that take me? 6 hours. Obviously no new program turns up on a signature scan. With viral technology you could easily spread it extremely wide and even avoid registery scanners. So what is my point - this has all been hacking so far and I don't hack.

What I'm advocating for is that bank-programs use anti-debugging and anti-spying code. Not aimed at BO - but aimed genericly at methods such as these attacks. So how long did it take me to make a small program which would foil BO and my little dumb clone and any program that could ever be made using the same methodry? 4 hours. 4 hours development hours appears what your money and privacy is worth to the banks. Other methodry is ofcause availble - 3 methods comes to mind. Each of which would be genericly detectable with only a few hours of work. I won't release my sourcecodes to the public because I don't wanna start a whole new BO-cloning campaign.

On my last editorial I examined a couple of ready made protection systems. That gave a rather big respons and it was quite fun as well. So I continiue where I left off with another of these systems. Armadillo is a protection system that offers to make your software into trialware. It's based on RTE. The program appends your program-exe file to a ready-made standard PE-exe file which will run the protection code. After the anti-debugging and day-checking it'll dump your original file to the harddisk and execute it suspended. To ensure that you don't just grab the unpacked file off the harddisk the code and data is replaced with garbage, that the parent program will restore in memory using the WriteProcessMemory api before resuming the thread. Now this system claims to give would be crackers a bad day. The anti-debugging of this system pretty much boils down to a highlevel-language call to CreateFile("\\.\SICE\"). I won't tell you how to crack it - but lemme just say that on a hung-over sunday it took me 15 minutes to remove the wrapper on the shareware demo. The authors of this shareware show no real knowledge of cracking-methodry and the tools avaible to the modern cracker. If you plan on buying this product - you should also beware that it has a bit of a problem with writeprotected drives. In short: this protection system is crap.

Last but not least I'd like to comment that my Crackme after 3 months remains uncracked! ;)

Two roads diverged.

6th of March 1999.

Stone

Life and thoughts of a Stone

Life and thought of a Stone is now purely dedicated to non-computer related stuff. You can thus skip it ;). This is 100 lines of pure self glorification, self expression and mindnumbing boredom for you.

What have I been up to lately... January... exams.. ugh Hate that. February ... work... hate that as well. I'm writting on the last months of my thesis - econometric analysis ofcause :)... This takes time as well.. Second I'm working nowadays - one gotta make a living. I'm a semi-professional paper-pusher ;). If you feel like hiring an econometrician with ASM-skills lemme know though.. as if ;)..

I couple of months I've been listening to blues. Then I finally spend a lot of money on a B.B. King CD and now blues is out. Don't get me wrong I still like blues - but heavy is back on the deck. Metallica... Gotta love em..

I've been reading a danish book called "I've seen the world begin" by Carsten Jensen - it's a travelling book. Not about countries, beaches etc. but about the authors reflections on people, life, events etc. etc. in the countries he travelles thru. I'm much in two minds about this book. Most chapters is so goddamn annoyingly self-rightous, self-centered stuck up stuff. And then there is them few other chapters. When this author finally gets it right he gets it right. The best chapters are among the best stuff I ever read. Too bad the majority of the stuff in the book is so annoying.

As always - enjoy some Kellogs Frosties.. or Robert Frost.. or whatever... wakes a tiger in you...

The Road Not Taken
by Robert Frost

Two roads diverged in a yellow wood,
And sorry I could not travel both
And be one traveler, long I stood
And looked down one as far as I could
To where it bent in the undergrowth;

Then took the other, as just as fair,
And having perhaps the better claim,
Because it was grassy and wanted wear;
Though as for that the passing there
Had worn them really about the same,

And both that morning equally lay
In leaves no step had trodden black.
Oh, I kept the first for another day!
Yet knowing how way leads on to way,
I doubted if I should ever come back.

I shall be telling this with a sigh
Somewhere ages and ages hence:
Two roads diverged in a wood, and I -
I took the one less traveled by,
And that has made all the difference.

2nd&mi