Reverse Code Engineering RCE CD +sandman 2000

home *** CD-ROM | disk | FTP | other *** search

/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / Library / +HCU / 001-010.TXT next >

Wrap

Text File | 2000-05-25 | 26.2 KB | 705 lines

-------------------------------------------------------- +HCU Maillist Issue: 1 1997/09/02 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc.:...... **************** -------------------------------------------------------- Welcome everybody to the +HCU Maillist! First of all, I would like to thank you all for your letters and suggestions about the list. Since more than ten guys subscribed, I officially start the list with this very first issue at the 1st of September. Ok, now the rules of the game! - send the letters you would like to see on the list to the ************* address - with all other problems like help, info, unsubscription send a letter to the managment at the **************** address All letters sent to the ************* address will be processed automatically ( at least will be soon, I hope) and send out to all subscribers. The letters arriving at the managment address are handled manually, so no special rules apply, just write about your problem in plain english. (BTW, the language of the list is English too, if you wondered!) - the list is digested, one issue per 24 hours This means every article arriving to the list are collected in one file and sent out to the subscribers once a day. The text of the individual articles are not changed at all, they just appended after each other. At the begining, even when no publishable article arrived, I send out an issue with a message, warning that you were lazy and did not write anything yesterday. This annoying habit of the list remains only during the first weeks, because I want to test the reliability of the technics behind the list. So if you don't hear about the list, let's say for two days, send a complaining letter to the **************** address. - there is no moderation, what so ever Because, of the automatic nature of the list what you write it will appear on the list. On the other hand if somebody starts to behave like a lamer ( this may be clarified later) he will be removed from the list. (It might even be the faster way to unsubscribe than sending letters to the managment.:) This takes us to the question who can subscribe and/or write to the list. - anybody is allowed to subscribe to the list, but only subscribers are allowed to write to the list At this moment there are only 13 subscribers to the list so I don't think it's necessary to decrease the number of potential writers by further restrictions. If only subscribers are allowed to write to the list that is some kind of protection from outsiders shouting into our discussions. Furthermore the list is not advertised at all (at least not by me), no web page, newsgroup message, what so ever. I will ask Fravia to put up a small link to the mananagment address, deep inside his pages where only the dedicated ones can find. That will be the only entrance to the list so hopefully we will be protected from lamers. If a distinguished HCUker (God for bid, +ORC himself) who is not a subscriber of the list would like to publish some thing, he can write to the managment and his article will be inserted in the next issue. - the list has minimal security, so everybody who cares about anonimity must take care of it himself Most of the subscribers seems not to care about their anonimity so I do not intend to setup serious security precautions (like PGP). One thing I will do, however is to rip off the originating address of every letter before its inserted into the digested issue to protect the anonimity of the writers. If some body wants to have his address published (for example to initiate a privite conversation) then he must write his address in to the body of his letter. Well, I think that's enough for the begining. Of course, these rules are not carved in stone we can change them any time. As a matter of fact we might start some discussion about them on the list at once. For those who would like more technical topics : (since september is here) Could anybody find a crack for the 1998 strainer MSMONEY which patches the exe at a single position, but eliminates all the different kind of date checks? I had to patch at three different positions and I wonder if it can be done with less? Don't for get: send all your articles to ************* Zer0 PS: I have already sent this issue out on the 1st of September, but most probably it could not go through, so I resend it. Sorry, if you happen to read this twice. -- End -- ------------------------------------------------------------ +HCU Maillist Issue: 2 09/03/1997 ------------------------------------------------------------ Send Articles To:............................. ************* Info, Help, Unsubscription, etc:........... **************** ------------------------------------------------------------ ARTICLES: -----#1----------------------------------------------------- Subject: none Hello all list subscribers! Firstly I'd like to congratulate Zer0 for initiating such a fantastic idea - thanks Zer0! > Could anybody find a crack for the 1998 strainer MSMONEY which > patches the exe at a single position, but eliminates all the > different kind of date checks? I had to patch at three different > positions and I wonder if it can be done with less? I can confirm that is *is* possible to crack MSMONEY 3 trial (English version) with just one byte - this patch eliminates all the date checks *and* the 90 transaction check - in other words, all the checks, nags etc. I do not know whether this is possible for MSMONEY 97 trial though...in fact, in order to patch MSMONEY 97 to eliminate *every* possible nag and date check, I patched five locations (if I remember correctly), but this allowed you to use MSMONEY under any circumstances whatsoever, wihtout any nags at all (including the one on exiting). See my 1998 HCU entry for more details of the one-byte-patch for MSMONEY 3 and my reasons for patching five locations in MSMONEY 97 (fraiva+ will post it on the 15th). Cya, +ReZiDeNt -----#2----------------------------------------------------- Subject: Interesting protection Hi! Can somebody please help me to crack a small utility called Internet Commander. You can get it at: ********************************************************** It's written in Delphi and has got some nasty protection. I couldn't find any nag strings inside the disassembly. Besides, I wasn't even able to determine how it creates dialog and messageboxes. (it doesn't use regular APIs for that). Any ideas would be greatly appreciated. Great Dalmuti *************************** ______________________________________________________ Get Your Private, Free Email at ********************** -----End of Issue 2----------------------------------------- ============================================================ +HCU Maillist Issue: 3 09/04/1997 ------------------------------------------------------------ Send Articles To:............................. ************* Info, Help, Unsubscription, etc:........... **************** ============================================================ ARTICLES: -----#1----------------------------------------------------- Subject: RE: Help for Great Dalmuti I did'nt want want my first contribution to the mailing list to be for such a stupid protection. but Great Dalmuti asked for help on this one.(and i had some spare time) Internet Commander ********************************************************* I still don't know what is this prog. (but it sure does'nt deserve the 6 US $ reg. fee) (for people who did not check this out:It has a 10 seconds nag,and "Please Register" everywhere.The prog. is one file called "icwse.exe" ) This prog. is interpreted .. (I didn't know the language, but sure duzn;t look like delphi ,maybe some delphi component is used...I don't have much Delphi info :( (I found out that after an hour at softice ,most of windows API calls are done with GDI) I found out the following chunk in the exe.. (I could not beleive it either) (Commented using Common Sense v 0.00000) |:RegCheck|:StripNum |SD "[Regno]" "10" "6" "[RegVar1]" ; did not figure out those. |SD "[RegVar1]" "1" "8" "[RegVar1]" ; they not added |SD "[Regno]" "7" "9" "[RegVar2]" ; nor multipled. |SD "[RegVar2]" "1" "5" "[RegVar2]" ; just split into two variables |MA "([RegVar1] * [RegVar2])" "0" "[Calc]" ; a simple multiply |MA "([Calc]/2)" "0" "[Calc]" ; divide by 2 |MA "([Calc]+5)" "0" "[Calc]" ; add 5 |MA "([Calc]*63)" "0" "[Calc]" ; multiply by 63 ||IF "[Calc]" "=" "882"|GO "Page 1"|Else|GO "License" ; if result: ; = 882 -> good guy ; <> 882 -> bad guy To crack: Change the occurance of "882" to "315" in the main icwse.exe file. (parenthesis included). You will find the above repeated in icwse.exe 4 - 5 times. Then register using "0000000000" why 315 ? .. RegValue1 * RegValue1 = Calc =0 Calc/2=0 Calc+5=5 Calc * 63 =315 btw: this prog "lays eggs" to some dll called Sky32v3c.dll ,it does some .jpg and etc.. and graphics handling. and the reg. info is stored as plain text in "ic.dat" That's it. Greeting to all +HCU members and to Zero for the time he spent in this mailing list. And ofcourse to +ORC and Fravia Kox -----End of issue 3 ---------------------------------------- PS: Some of you will get this issue twice. Please, bear with me, the system is still under construction. :) ============================================================ +HCU Maillist Issue: 4 09/05/1997 ------------------------------------------------------------ Send Articles To:............................. ************* Info, Help, Unsubscription, etc:........... **************** ============================================================ ARTICLES: -----#1----------------------------------------------------- Subject: Re: +HCU ML Issue 3 Hello everybody! >This prog. is interpreted .. (I didn't know the language, but sure duzn;t >look like delphi ,maybe some delphi component is used...I don't have much >Delphi info :( Just ask :) For some tasks Delphi can be viewed as an interpreter. It recollect a lot of information during the design phase that is stored as resources. You can view a part of it with the Resource Workshop (resources of type RCDATA). If you extract this resources as .RES and skip the header (all before "TPF0...") it can be converted to text with "Convert.exe" an utility included with Delphi. Still not sure what this information can be useful for, but Great Dalmuti asked about strings not appearing in dissasembly. >Greeting to all +HCU members and to Zero for the time he spent in this >mailing list. > >And ofcourse to +ORC and Fravia "Add me too ;)" greetings trurl -----End of Issue 4----------------------------------------- -------------------------------------------------------- +HCU Maillist Issue: 5 09/06/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** -------------------------------------------------------- ARTICLES: -----#1----------------------------------------------------- Subject: Re: Help for Great Dalmuti Subject: RE: > I did'nt want want my first contribution to the mailing list to be for > such a stupid protection. Well, it's really stupid, but hey, we all want to learn something! :) > but Great Dalmuti asked for help on this one.(and i had some spare time) Fortunately, I've got some more spare time to make a little keygen (I don't think it takes SO MUCH, though ;) > I still don't know what is this prog. (but it sure does'nt deserve the 6 US$ > reg. fee) You are right, Kox! Anyway, it's a good exercise: I've never cracked any program written in Delphi before :) Now I know it's quite easy, if they're all like this! :) Let me quote this piece of "code"... my comments are preceded by a "**" > |:RegCheck|:StripNum **STRIPNUM!!! THE NAME TELLS EVERYTHING! > |SD "[Regno]" "10" "6" "[RegVar1]" Let me read this: "Strip from regno the chars from 10th to (10+6)th position, then put the result in Regvar1 > |SD "[RegVar1]" "1" "8" "[RegVar1]" ** SEE ABOVE > |SD "[Regno]" "7" "9" "[RegVar2]" ** SEE ABOVE > |SD "[RegVar2]" "1" "5" "[RegVar2]" ** SEE ABOVE > |MA "([RegVar1] * [RegVar2])" "0" "[Calc]" ; a simple multiply > |MA "([Calc]/2)" "0" "[Calc]" ; divide by 2 > |MA "([Calc]+5)" "0" "[Calc]" ; add 5 > |MA "([Calc]*63)" "0" "[Calc]" ; multiply by 63 > ||IF "[Calc]" "=" "882"|GO "Page 1"|Else|GO "License" Ok, now we have ALL the information to make up a key generator: the last number must be 882, and it is made up by (((Regvar1*Regvar2)/2)+5)*63 Now we just have to create Regvar1 and Regvar2 such that their product is ((882/63)-5)*2 or simply 18 :) Now, how are Rv1 and Rv2 made up? Let's suppose this is the original number: 123456789012345 (15 chars) To make up Rv1 I strip all the nums from the 10th position 123456789 then all the nums from the 1st position 'till the 8th 9 Hey! It's just the number in the 9th position!!! :) If you look at the code for Rv2, you can see that the result is the 6th digit. Now a key generator just have to generate random numbers for the other digits, then simply put these values in Rv1 and Rv2: Rv1 Rv2 2 9 3 6 6 3 9 2 Not so many combinations, I think :) Do I really have to write the C code? Please, don't ask it! I'm sooo lazy... ;) (if you like, I can send it, but I think you can all do this :) Now I've got a question for you: I've written a patcher, a program which takes two files of the same length and checks for the differences to make a patch... You know, of course, how useful it is for us :) My question is: have you done something like this? How does it work? I didn't want the patcher to write the final .exe (yes, it's in C and writes C patches... i didn't have the time to make it in ASM yet O:-), so it writes the C SOURCE for the patch. I think it's more useful, because in this way everybody can change the source and put his name and so on... are you interested in it? Would you like to give me some suggestions to make it better? To avoid reading too many "I'm interested" in next +hcu ml issue, you can write directly to ************************ then I'll put on the following issue the instructions to download it by mail (I hope it will work... it's the first time I use it! :) byez, .MaLaTTiA. -----#2----------------------------------------------------- Subject: Delphi/C++Builder/NeoBook etc. Hello Everyone! A little comment on cracking apps made with Borland products: > >This prog. is interpreted .. (I didn't know the language, but sure > >duzn;t look like delphi ,maybe some delphi component is used...I > >don't have much Delphi info :( The program (I don't think it deserves that title) was written with NeoBook - sort of like Asymetrix Toolbook or Corel Clik-n-Create - basically a crude multimedia presentation creation application. > For some tasks Delphi can be viewed as an interpreter. It recollect > a lot of information during the design phase that is stored as > resources. You can view a part of it with the Resource Workshop > (resources of type RCDATA). If you extract this resources as .RES > and skip the header (all before "TPF0...") it can be converted to > text with "Convert.exe" an utility included with Delphi. Still not > sure what this information can be useful for, but Great Dalmuti > asked about strings not appearing in dissasembly. I've not used Delphi much (I dislike Pascal) but I've been using C++Builder a lot recently - it has many excellent points (compiles ANSI C code, allows direct WIN32 API calls etc) - but I found that cracking code created with it is very much like cracking Dephi programs. I believe this is due to the fact that C++Builder utilises the VCL (Visual Component Library), as does Delphi. Since the VCL is coded in Deplhi (and C++Builder can compile Delphi code!) the resulting code can look very much alike. As an example, when cracking a Delphi app with a registration code protection, you'll probably find that you can't set a breakpoint on 'GetWindowText' (since this call is apparently not used by the VCL) - you'll need to try 'hmemcpy' or something similar - the same is true of C++Builder. In fact, anything that applies to Delphi will appliy to C++Builder as well if the program use the VCL (this may not always be the case, as C++Builder can also compile programs using the OWL or MFC libraries). Anyway, I hope this info helps any newbies who come across Delphi/C++Builder programs (these will probably become more common, as there are rumours that Borland will merge C++Builder and Borland C/C++ for the next release) +ReZiDeNt -----End of Issue 5---------------------------------------- -------------------------------------------------------- +HCU Maillist Issue: 6 09/07/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** -------------------------------------------------------- ARTICLES: -----#1----------------------------------------------------- Subject: patchers On 6 Sep 97 at 14:41, ************* wrote: > Now I've got a question for you: I've written a patcher, a program > which takes two files of the same length and checks for the > differences to make a patch... You know, of course, how useful it is > for us :) My question is: have you done something like this? How > does it work? I didn't want the patcher to write the final .exe > (yes, it's in C and writes C patches... i didn't have the time to > make it in ASM yet O:-), so it writes the C SOURCE for the patch. (from MALATTIA) Well, there's already an alpha version of a program that does exactly what you are saying - compares two files of the same length, checks the differences, writes the patch in C and then, after you changed it, if you want to do so, compiles it to an exe file. Unfortunately, the link to it went down yesterday... it was at Odin's cracking resources. Anyway, it's an 800 KB file, called patchit.zip The name of the program is 'PatchIt 97' and it's made by Qapla. Until 00:01 GMT of 8 September, you can fetch it at ************************************** IF and ONLY IF you type the address correctly. Incidentally, if you want something funny for a homepage (funny IMHO, that is), get ribbon2.gif from the same ~cardone. You know those 'blue ribbon' things, free speech, right? Well, this is 'black ribbon campaign - kill the lamers' WAFNA of FCA -----End of Issue 6---------------------------------------- ======================================================== +HCU Maillist Issue: 7 09/08/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: Re: +HCU ML Issue 5 ARTICLES: -----#1------------------------------------------------- Subject: Re: +HCU ML Issue 5 Hello! >> but Great Dalmuti asked for help on this one.(and i had some spare time) Please, never change a quoted text... I have NO spare time at all :( >Fortunately, I've got some more spare time to make a little keygen (I don't >think it takes SO MUCH, though ;) The idea was saving even more time in every Delphi (or C++Builder) app. >From the resources you can find not only the attributes of the button but also the *address* of the routine that is called when you push it. Unfortunately it didn't work for this particular case O:-) because as you say: >like this! :) Let me quote this piece of "code"... ....this is not Delphi code. It's a script language executed from delphi. greetings trurl =====End of Issue 7===================================== -- End -- ======================================================== +HCU Maillist Issue: 8 09/09/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: Some info about the list ARTICLES: -----#1------------------------------------------------- Subject: Some info about the list Hi everybody! I think it's time to try the list myself :) There are two things I forgot to mention before. The first thing: The list can not accept letters longer than 20 kb. The long letters are filtered out and will not appear on the list. If somebody happens to have some info which he can not squeeze into 20 kb :() please, split it into two separate letters. The second thing is much more important: if somebodys subscribing address is not valid anymore please, notify me as soon as possible to stop the list sending issues to that address. The big problem with an invalid address is, that the bouncing back letters are not comming to me, but to the postmaster of our domain :( I guess this in a long run might be unhealthy for me and the list. I am working on the problem, but in the mean time tell me if an address is not valid anymore. If somebody has intimate knowledge about the SMTP protocol and knows how i can redirect the return path from my computer to an other e-mail address (Sender: field maybe), please let me know, too. Thanks in advance ZER0 =====End of Issue 8===================================== ======================================================== +HCU Maillist Issue: 9 09/10/1997 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** ======================================================== CONTENTS: #1 Subject: Re: patchers #2 Subject: ******* #3 Subject: Internet Commander was created with *NeoBook* ARTICLES: -----#1------------------------------------------------- Subject: Re: patchers On 7 Sep 97 at 15:51, WAFNA of FCA wrote: > Well, there's already an alpha version of a program that does exactly > what you are saying - compares two files of the same length, checks > the differences, writes the patch in C and then, after you changed > it, if you want to do so, compiles it to an exe file. Woa! Great! It' like what I want for the next versions of my proggie... > Until 00:01 GMT of 8 September, you can fetch it at > ************************************** Thanx a lot, I've downloaded it immediately! :) I've seen the program... :-O it's wonderful. I don't know how to feel... it's great! It's exactly how I wanted to make my program like, and it's good looking too... my proggie is under DOS, so it doesn't have such a beautiful GUI, and it's VERY simple... I don't really know if I want to go on with it, after this... :) > Incidentally, if you want something funny for a homepage (funny IMHO, > that is), get ribbon2.gif from the same ~cardone. You know those > 'blue ribbon' things, free speech, right? Well, this is 'black ribbon > campaign - kill the lamers' Very nice!!! I've downloaded it! :)) Maybe I'll put it in my homepage too... :) erm... I'm afraid I'm offtopic... sorry! O:-) I've got a question for you all, boyz... what are the tools you have programmed that you find most useful? Do you think there's something every cracker should have? You don't have to tell me your "secret tricks"... just something to help me to learn and crack better, maybe! :) byez, .MaLaTTiA. -----#2------------------------------------------------- Subject: ******* Hello Everyone! I greatly appreciate all the help I got on cracking the internet commander. I need some more help however. I found a pretty interesting program on the web called ******* by Farallon ********************************************************************************* What it allows you to do is observe someone else's desktop in real time over the network. It is cross-platform too (can observe mac from PC and vise versa). Although this program is free, it has couple of drawbacks. First of all it is a 16 bit program (they didn't even bother building a 32 bit version). Second, it displays a dialog box telling you to upgrade it to some other prog for only $49.95 every time you run it. Whatever I tried, I could not get rid of the dialog. Borland Resource Workshop will painlessly delete any other dialog from the prog, but deleting this one causes a crash. Patching fails too. Can you guys help me with this one please. Thanks in advance. Great Dalmuti P.S. I think that the ultimate goal we can reach with this prog, is to remove all the strings and dialogs, make it startup quietly on your enemy's computer, so you can watch over him anytime you want. Cool huh? By the way, do you know of any other progs that can do similar things? Something 32 bit maybe! ______________________________________________________ Get Your Private, Free Email at ********************** -----#3------------------------------------------------- Subject: Internet Commander was created with *NeoBook* Hi there people, > ....this is not Delphi code. It's a script language executed from > delphi. Actually, it isn't made in Delphi at all - it's created with a program called 'NeoBook' available from ************************** It may be possible that NeoBook itself was written in Dephi however... Cya, +ReZiDeNt =====End of Issue 9===================================== =====NOTE: Issue #10 DOES NOT EXIST!====================