Reverse Code Engineering RCE CD +sandman 2000

home *** CD-ROM | disk | FTP | other *** search

/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / Library / +HCU / 221-230.TXT < prev next >

Wrap

Text File | 2000-05-25 | 40.3 KB | 1,181 lines

======================================================== +HCU Maillist Issue: 221 05/14/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: IDA SDK, ZIP cracking #2 Subject: dce30 #3 Subject: gthorne ida message #4 Subject: "Internet Magazin", June issue #5 Subject: Illegal Protection Schemes ARTICLES: -----#1------------------------------------------------- Subject: IDA SDK, ZIP cracking I've come across a similar problem with breaking zip files. The plaintext attack works really nicely when you have several files in a zip and know plaintext of one so can break the others. Some have now started 'double-zipping' placing zips within zips to try and stop this. This is a good and bad thing as it is annoying if we knew some of the original plaintext, but we also know something of the ZIP format. Annoyingly enough, we usually know the first 10 bytes of the ZIP file. I'm not sure if you can sacrifice the 3 extra bytes required for a more complex attack. However, if we know the names of the files within the ZIP we can _possibly_ perform a plaintext attack on that (I've not looked closely enough into the zip format). Another good thing is that the licence agreements etc. which are usually small text files are _stored_ and rarely change between versions so you can perform plaintext on that. The unfortunate thing is that pkcrack, afaik, doesn't allow known plaintext to be in the middle of a file, so you'll probably need to write your own cracker. Also, brute force, though somewhat crude, does quite often turn up the passwords (e.g. GhostSoft have now started to PW protect their Ghost updates - but use easy to brute force passwords) Thank you to those who sent me the IDA SDK directly (I received 3 copies to clog my inbox :) Please, no more! Regarding those who asked for IDA375, I'm going offline now so can't send to you. However, I got it posted to several T1 sites (sorry I don't have the URLs) and a lot of people now have it so you are likely to get hold of it somewhere. PaulGao's site has a copy (I haven't used tried it), my version is a RAR file. If you can't find it, contact me by email, and I'll get back to you sometime in June. If you need it, go onto IRC and ask around (#cracking, #cracking4newbies) as many people have it now. OK, sorry if it is slightly off-topic. Have a nice summer and I'll see you all in June. ~~ Ghiribizzo -----#2------------------------------------------------- Subject: dce30 Hi to all Hopefully someone know 'datacrack engine 2 or 3' by Piratel? can someone help me to find how is hidden the Piratel string? were a nice tutorial for me to find out get that and understanding other strange (for me) hidden the file can be found on cracking.m... as dce30us.zip it's packed but thats ok for that,i've tried the xor method but..:( I really appreciate a mate teach me and so continue by myself the rest! +haribo ______________________________________________________ Get Your Private, Free Email at ********************** -----#3------------------------------------------------- Subject: gthorne ida message Message Body = for those of you who want it, i went ahead and put ida 375 on the site on my assembly page greythorne.home.ml.org i was surprised how many people did not know how to run ida in a resizeable window... by the time you get this message it will probably already be mentioned on the page - but heres the simple trick... make a batch file to run idaw.exe instead of running idaw.exe then make a shortcut to the batch file (set the properties to make it quit on exit of course) and guess what.. ida fills the dos box - so you can resize the dos box as you normally would, by choosing font sizes i can barely read my copy of ida in a window at all without doing this just a little tip for the newbies ;) +gthorne -----#4------------------------------------------------- Subject: "Internet Magazin", June issue "Internet Magazin" ************************* in its latest issue in the article "Secret Sites"(pp.22-26) speaks about Warez sites, legal aspects and interviews a New-York hacker Dark Soul ***** garden.net/users/zero/hack). "To be unknown on the Web/ Alias E-Mail adresses"(p.34) gives a list: akaMail, Alta Vista, BigFoot, Correo, EuroMail, ForeverMail, HotMail, MyMail, NetAdress, NetForward, Pobox, WorldPost. HotMail, often seen in our list, is qualified as Microsoft bought company, having a bad reputation to be misused by Spammers. "Books Online": *********** **************** *************** ************** "Handies on the Web. E-Mail, SMS (ShortMessageService) and Fax" (p.78) speaks about the usage of mobile phones. AZ111. -----#5------------------------------------------------- Subject: Illegal Protection Schemes For those of you have read my unfinished Legality of Cracking essay, here's another something that is to be included in the 'Illegal Protections' section: <paraindent><param>right,right,right,right,right</param><fontfamily><param>Arial</param><smaller>WHILE computer games enthusiasts were preparing to opubterate the evil alien race of Zerg, their computers were being hijacked by a software company, a lawsuit alleges. Donald Driscoll, a lawyer in Albany, California, is suing the maker of the Starcraft computer game, claiming that the software surreptitiously gathered confidential information. </smaller></fontfamily></paraindent><fontfamily><param>Arial</param><smaller><paraindent><param>right,right,right,right,right</param>In Starcraft, players compete against each other over the Internet. Driscoll alleges that Blizzard Entertainment of Irvine, California, put a "trap door" in their software. "It takes a file that has important information about your computer and your programs, and if Blizzard requests, it tries to upload your e-mail address and name," he says. Susan Wooley, a spokeswoman for Blizzard, confirms that information has been gathered by Blizzard's games server, battle.net. "We were having problems with people being denied access, so our bat-tle.net server went in and gathered their e-mail addresses," she says. The company has also been able to spot pirated copies of </paraindent><paraindent><param>right,right,right,right,right</param>its software, but Wooley says the data gathered were not used to catch pirates, and have been deleted. The trap door is no longer in use, she adds. </paraindent><paraindent><param>right,right,right,right,right</param>However, David Banisar, a lawyer with the Electronic Privacy Information Center in Washington DC, argues that Blizzard's actions flouted Californian law. "It's downright illegal," he claims. Driscoll filed the lawsuit on behalf of an organisation called Intervention, based in Albany, which sues companies it claims are using unfair business practices. But he argues that the case raises wider privacy issues. "All the government would have to do is hook up with a popular game manufacturer, and it could search for accounting files and tell whether you're making more than you're reporting," says Driscoll. "We're trying to get the word out to software manufacturers: you can't </paraindent>just rummage through somebody's computer." </smaller></fontfamily> Needless to say, this would be very interesting to look at. ~~ Ghiribizzo =====End of Issue 221=================================== ======================================================== +HCU Maillist Issue: 222 05/15/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: REQ: Help for Novell 3.12 #2 Subject: CryptKey #3 Subject: IDA Windows #4 Subject: IDA screen configuration ARTICLES: -----#1------------------------------------------------- Subject: REQ: Help for Novell 3.12 Hi all, I want to change the 5-User-license up to 25, but i don┤t know where to start cracking (perhaps Server.exe?). Can someone help? NiKai ______________________________________________________ Get Your Private, Free Email at ********************** -----#2------------------------------------------------- Subject: CryptKey to: Mu/Muso References can be found at the page: ****************************************************** where it was discribed as an uncrackable protectionist program, based on a one-chip LPT only-once-programmable device. It is rather a publicity page and a warning to crackers. AZ111. -----#3------------------------------------------------- Subject: IDA Windows Regarding IDA window resizing, - I can resize the window when IDAW is run directly from the .EXE. Maybe it is something to do with the default DOS program .PIF file or whatever? That said you may find IDAW screen drawing and navigation is *significantly* faster when it is run from a DOS prompt (or batch file). Some strangeness to do with the DOS window or winoldap being its parent. (That's under Win95 don't know about NT). Also don't forget you can set IDAW screen rows and columns in IDA.CFG. spyder -----#4------------------------------------------------- Subject: IDA screen configuration A lot of newbies I've spoken to don't seem to like using IDA. Perhaps it is due to having the default screen size? I found it impossible to use IDA with the default settings as so little of the listing could be seen. I haven't tried gthorne's batch file trick. You can modify the settings using the ida.cfg file (as well as many other settings). To change the screen size look for the following: SCREEN_MODE = 0x8440 // Screen mode to use // high byte - cols, low byte - rows // i.e. 0x5020 is 80cols, 32rows I use 8440 which corresponds to 132x64. The screen is not resizable but this isn't a problem for me. ~~ Ghiribizzo =====End of Issue 222=================================== ======================================================== +HCU Maillist Issue: 223 05/18/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: gthorne - ida speed and such #2 Subject: starcraft illegalities #3 Subject: The Big Brother Strikes Again ARTICLES: -----#1------------------------------------------------- Subject: gthorne - ida speed and such Message Body = ahh yes - i had a suspicion it was working faster before i think that was my original reason for working in the dos box - looking back on it heres what i think may be happening... in windows, the app is using memory on the fly allotted by windows itself in dos, the memory area is prerequisitioned and set as protected and unresizeable to me that says that anything running in a dos box will be not under the added stress of constant memory size adjustments i am sure there are probably some other non-obvious reasons as well, but unless completely off - it sounds reasonable to me as to why bonsoir, +gthorne -----#2------------------------------------------------- Subject: starcraft illegalities This is a multi-part message in MIME format. ------=_NextPart_000_0037_01BEA143.519D59E0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0038_01BEA143.519D59E0" ------=_NextPart_001_0038_01BEA143.519D59E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi all.. here is a bit of info I found about starcraft... might be of interest to = you all... =20 =20 >>>>>>.Quote =20 It has come to my attention (via a few friends on IRC, whose names I = have forgotten), that during any failed Starcraft BATTLE.NET connection (i.e. you have an invalid CD-Key), some sensitive information is = (illegally) retrieved from your registry and sent up to Blizzard. This only seems to occur the first time you connect using an invalid key, but not = afterwards. I have personally confirmed this using socket traces. =20 As of the writing of this document, 6 registry keys in particular are checked and sent back to Blizzard, who obviously hope to collect names = and e-mail addresses of those who attempt "invalid" connections to = BATTLE.NET. These 6 keys are: =20 HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info\DefName HKEY_CURRENT_USER\Software\Microsoft\Internet Mail and News\Mail\Sender = Name HKEY_CURRENT_USER\Software\Netscape Navigator\User\User_Name HKEY_CURRENT_USER\Software\Microsoft\Internet Mail and News\Mail\Sender = EMail HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\User\User_Addr HKEY_CURRENT_USER\Software\Kali\Kali95\User Info\email =20 Blizzard has the ability to change which registry keys are checked at = any time, but currently only these 6 are checked. I would advise doing a = "Find" operation in REGEDIT and removing any traces of your real e-mail and = name. =20 To combat this outright "invasion" of your computer privacy, I have = coded a small program that will make your computer "anonymous" by setting = these 6 registry keys to anonymous values. (Setting the names to Ben Dover and = ************************************* in particular). Just run = BNETANON.EXE to display your current settings and click YES to "anonymize" them. Any settings that show up as "<not defined>" have never been created, so you don't need to worry about them. =20 Can't believe that Blizzard would do such a thing? Do the socket trace yourself: go to ************************** download Socket Spy/32, and register it using the following codes: =20 Name=3DBeowulf Company=3DRAZOR 1911 Code=3DOHJGH3LNLKM3O372 (note that all the O's are the letter O, not = zero) =20 Fire up Socket Spy/32, do "File/Begin Trace" (you may want to also turn = on Capture To Disk to save a .TXT copy of the trace) then launch Starcraft = and attempt a BATTLE.NET connection. After you are denied, exit out of = Starcraft and check out the trace results. If this is the first time you have = attempted to connect to BATTLE.NET using a particular bogus CD-Key, you should see = what I mean. Note that the registry keys are only polled the FIRST time you = try an invalid key, but not afterwards (I THINK). I have included a trace I = did myself as TRACE.TXT. =20 What does all of this mean? Well, if you plan to do "war-dialing" with generated keys to find a valid one, you will definately want to make = your information anonymous. If you don't ever use BATTLE.NET for Starcraft, then this doesn't affect you at all. - Beowulf [RAZOR 1911] >>>>>>>>>>end quote cheers....HaQue ------=_NextPart_001_0038_01BEA143.519D59E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.72.3110.2"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV> <DIV><FONT color=3D#000000 size=3D2>Hi all..</FONT></DIV> <DIV><FONT color=3D#000000 size=3D2>here is a bit of info I found about = starcraft...=20 might be of interest to you all...</FONT></DIV> <DIV><FONT color=3D#000000 size=3D2></FONT> </DIV> <DIV><FONT color=3D#000000 size=3D2></FONT> </DIV> <DIV><FONT color=3D#000000 = size=3D2>>>>>>>.Quote</FONT></DIV> <DIV><FONT color=3D#000000 size=3D2></FONT> </DIV> <DIV><FONT color=3D#000000 size=3D2>It has come to my attention (via a = few friends=20 on IRC, whose names I have<BR>forgotten), that during any failed = Starcraft=20 BATTLE.NET connection<BR>(i.e. you have an invalid CD-Key), some = sensitive=20 information is (illegally)<BR>retrieved from your registry and sent up = to=20 Blizzard. This only seems to<BR>occur the first time you connect using = an=20 invalid key, but not afterwards.<BR>I have personally confirmed this = using=20 socket traces.</FONT></DIV> <DIV><FONT color=3D#000000 size=3D2></FONT> </DIV> <DIV><FONT color=3D#000000 size=3D2>As of the writing of this document, = 6 registry=20 keys in particular are<BR>checked and sent back to Blizzard, who = obviously hope=20 to collect names and<BR>e-mail addresses of those who attempt=20 "invalid" connections to BATTLE.NET.<BR>These 6 keys = are:</FONT></DIV> <DIV><FONT color=3D#000000 size=3D2></FONT> </DIV> <DIV><FONT color=3D#000000 = size=3D2>HKEY_CURRENT_USER\Software\Microsoft\MS Setup=20 (ACME)\User = Info\DefName<BR>HKEY_CURRENT_USER\Software\Microsoft\Internet Mail=20 and News\Mail\Sender Name<BR>HKEY_CURRENT_USER\Software\Netscape=20 Navigator\User\User_Name<BR>HKEY_CURRENT_USER\Software\Microsoft\Internet= Mail=20 and News\Mail\Sender = EMail<BR>HKEY_CURRENT_USER\Software\Netscape\Netscape=20 Navigator\User\User_Addr<BR>HKEY_CURRENT_USER\Software\Kali\Kali95\User=20 Info\email</FONT></DIV> <DIV><FONT color=3D#000000 size=3D2></FONT> </DIV> <DIV><FONT color=3D#000000 size=3D2>Blizzard has the ability to change = which=20 registry keys are checked at any<BR>time, but currently only these 6 are = checked. I would advise doing a "Find"<BR>operation in REGEDIT = and=20 removing any traces of your real e-mail and name.</FONT></DIV> <DIV><FONT color=3D#000000 size=3D2></FONT> </DIV> <DIV><FONT color=3D#000000 size=3D2>To combat this outright = "invasion" of=20 your computer privacy, I have coded<BR>a small program that will make = your=20 computer "anonymous" by setting these<BR>6 registry keys to = anonymous=20 values. (Setting the names to Ben Dover and <BR><A=20 ************************************************************************** o.is.illegal.com</A>,=20 in particular). Just run BNETANON.EXE<BR>to display your current = settings and=20 click YES to "anonymize" them. Any<BR>settings that show up as = "<not defined>" have never been created, so you<BR>don't = need to=20 worry about them.</FONT></DIV> <DIV><FONT color=3D#000000 size=3D2></FONT> </DIV> <DIV><FONT color=3D#000000 size=3D2>Can't believe that Blizzard would do = such a=20 thing? Do the socket trace<BR>yourself: go to "<A=20 ********************************************************************* = download=20 Socket Spy/32, and</FONT></DIV> <DIV><FONT color=3D#000000 size=3D2>register it using the following=20 codes:</FONT></DIV> <DIV><FONT color=3D#000000 size=3D2></FONT> </DIV> <DIV><FONT color=3D#000000 size=3D2> = Name=3DBeowulf<BR>Company=3DRAZOR=20 1911<BR> Code=3DOHJGH3LNLKM3O372 (note that all the = O's are the=20 letter O, not zero)</FONT></DIV> <DIV><FONT color=3D#000000 size=3D2></FONT> </DIV> <DIV><FONT color=3D#000000 size=3D2>Fire up Socket Spy/32, do = "File/Begin=20 Trace" (you may want to also turn on<BR>Capture To Disk to save a = .TXT copy=20 of the trace) then launch Starcraft and<BR>attempt a BATTLE.NET = connection.=20 After you are denied, exit out of Starcraft<BR>and check out the trace = results.=20 If this is the first time you have attempted<BR>to connect to BATTLE.NET = using a=20 particular bogus CD-Key, you should see what<BR>I mean. Note that the = registry=20 keys are only polled the FIRST time you try<BR>an invalid key, but not=20 afterwards (I THINK). I have included a trace I did<BR>myself as=20 TRACE.TXT.</FONT></DIV> <DIV><FONT color=3D#000000 size=3D2></FONT> </DIV> <DIV><FONT color=3D#000000 size=3D2>What does all of this mean? Well, if = you plan to=20 do "war-dialing" with<BR>generated keys to find a valid one, = you will=20 definately want to make your<BR>information anonymous. If you don't ever = use=20 BATTLE.NET for Starcraft,<BR>then this doesn't affect you at = all.</FONT></DIV> <DIV><FONT color=3D#000000=20 size=3D2> &nbs= p; = ; = = - Beowulf [RAZOR 1911]<BR></FONT></DIV> <DIV><FONT color=3D#000000 = size=3D2>>>>>>>>>>>end=20 quote</FONT></DIV> <DIV><FONT color=3D#000000 face=3D""=20 size=3D2>cheers....HaQue</FONT></DIV></DIV></BODY></HTML> ------=_NextPart_001_0038_01BEA143.519D59E0-- ------=_NextPart_000_0037_01BEA143.519D59E0 Content-Type: text/plain; name="TRACE.TXT" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="TRACE.TXT" recv (SOCKET=3D94, flags=3D0x0000) returns (10 bytes) 0000: FF 07 0A 00 02 00 00 00 00 00 .......... send (SOCKET=3D94, flags=3D0x0000) returns (4 bytes) 0000: FF 2D 04 00 .-.. send (SOCKET=3D94, flags=3D0x0000) returns (4 bytes) 0000: FF 30 21 00 .0!. send (SOCKET=3D94, flags=3D0x0000) returns (29 bytes) 0000: 00 00 00 00 33 37 33 33 36 38 30 32 34 36 30 35 = ....373368024605 0010: 30 00 52 41 5A 4F 52 20 31 39 31 31 00 0.RAZOR.1911. recv (SOCKET=3D94, flags=3D0x0000) returns (22 bytes) 0000: FF 2D 16 00 38 7B D7 5D 65 0C BD 01 69 63 6F 6E = .-..8{.]e...icon 0010: 73 2E 64 61 74 00 s.dat. recv (SOCKET=3D94, flags=3D0x0000) returns (21 bytes) 0000: FF 30 15 00 04 00 00 00 44 49 53 41 42 4C 45 44 = .0......DISABLED 0010: 20 4B 45 59 00 .KEY. recv (SOCKET=3D94, flags=3D0x0000) returns (385 bytes) 0000: FF 18 41 00 00 00 00 00 01 00 00 80 53 6F 66 74 = ..A.........Soft 0010: 77 61 72 65 5C 4D 69 63 72 6F 73 6F 66 74 5C 4D = ware\Microsoft\M 0020: 53 20 53 65 74 75 70 20 28 41 43 4D 45 29 5C 55 = S.Setup.(ACME)\U 0030: 73 65 72 20 49 6E 66 6F 00 44 65 66 4E 61 6D 65 = ser.Info.DefName .... etc. the rest of the registry keys send (SOCKET=3D94, flags=3D0x0000) returns (4 bytes) 0000: FF 18 xx xx send (SOCKET=3D94, flags=3D0x0000) returns (xx bytes) 0000: 00 00 00 00 (INSERT YOUR NAME/EMAIL HERE) = xxxxxxxxx closesocket (SOCKET=3D94) returns (NO ERROR) ------=_NextPart_000_0037_01BEA143.519D59E0-- -----#3------------------------------------------------- Subject: The Big Brother Strikes Again This is my first mail to this mailinglist. Some time ago I speculated with my friend about the NSA and the possibility if they had an automatic email-surveying system which could scan every piece of email sent on this earth. So my friend made a test. For a while he sent email and put names of terrorist organizations in them. He also added his webpage URL to email-signature. And a week after that his webpage was visited by a person with url ending with .mil suffix, which turned out to be a anti-terrorist organization under NSA. Makes you think, doesn't it? Dirac ______________________________________________________ Get Your Private, Free Email at ********************** =====End of Issue 223=================================== ======================================================== +HCU Maillist Issue: 224 05/19/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Starcraft illegal ARTICLES: -----#1------------------------------------------------- Subject: Starcraft illegal Blizzard's crew tell was true of the spying activities,but was only to locate peoples who have bugs with the game... I've also heard,a trial should be engaged against for illegalities... anyway watch out.. ceban ______________________________________________________ Get Your Private, Free Email at ********************** =====End of Issue 224=================================== ======================================================== +HCU Maillist Issue: 225 05/20/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: IDA speed #2 Subject: Winrar #3 Subject: gthorne - ida speed and such ARTICLES: -----#1------------------------------------------------- Subject: IDA speed >ahh yes - i had a suspicion it was working faster before > >i think that was my original reason for working in the dos >box - looking back on it > >heres what i think may be happening... > >in windows, the app is using memory on the fly allotted by >windows itself in dos, the memory area is prerequisitioned >and set as protected and unresizeable to me that says that >anything running in a dos box will be not under the added >stress of constant memory size adjustments >i am sure there are probably some other non-obvious reasons >as well, but unless completely off - it sounds reasonable to >me as to why Hmmm, IDA itself doesn't run slowly it is screen drawing or just scrolling that gets killed - it can't even keep up with the keyboard repeat rate while scrolling with cursor keys. IDAW is a Win32 console app so I can't really see its memory allocation has much to do with the DOS window that started it. (talking Win95 here) If you look at the task list while running IDAW 'directly' you will see winoldap, looking at the window properties will show the application was apparently started by CONAGENT.EXE. CONAGENT.EXE is a real DOS program. I don't know how this lot hangs together but I do know IDAW runs a lot better started from a DOS window and I don't think it is the only Win32 console app so affected. spyder -----#2------------------------------------------------- Subject: Winrar Hello Everyone Iam trying to find or break a password in a rar file. But have found very little information, so far on CRC and/or rar's implementation of it by searching the web. Any help with detailed information, URLs, books, etc would be appreciated. cheers Rundus ______________________________________________________ Get Your Private, Free Email at ********************** -----#3------------------------------------------------- Subject: gthorne - ida speed and such hi, U are right iDa under windows is slowest..... The real reason is because it is a Console32 APP.... Means it use the console API (getstdhandle, writefile) which is fucking slow !!! IDA under dos use Direct video access.... and when windows run, the app is allowed to do direct video access (they are in fact catched by a VXD which do it properly). This is the main reason. And this is not due to memory allocation on the fly. If u look at dos box properties, u will see that u can set the memory to be allocated when needed... If u ever write any console APP program u will notice what I say ;) cu =====End of Issue 225=================================== ======================================================== +HCU Maillist Issue: 226 05/21/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: RAR PW cracking #2 Subject: gthorne - ida on speed #3 Subject: RAR PW cracking ARTICLES: -----#1------------------------------------------------- Subject: RAR PW cracking I've seen it at 'password recovery tactics' (I don't know the link off-hand, but I think it may still be linked by my page) There are actually binaries there which crack the various versions of RAR - so you can reverse these to find out what's going on. Also Joe Pescel's (sp) page might have something (I don't know the url). You can probably pull others from the web somewhere. ~~ Ghiribizzo -----#2------------------------------------------------- Subject: gthorne - ida on speed Message Body = as always, i am thrilled by the number of responses to topics on this newsletter thank you all for posting :) and you guys are right, it doesnt make much sense how a win app stays within the confines of a dos box without making a separate window for it, three cheers to ilfak for that one! i keep trying to find the time to learn windows based programming, but it just hasnt been able to happen - for now i must satisfy myself with command prompt until my free time increases whats one more language when i have already programmed in over a dozen? on a different note: did anyone other than fravia and myself get postings from a new york jobhunter attempting recruitment? i have checked him out somewhat and his company really does search for people to work in silicon valley and new york city we are curious as to whether he has been surfing the web and randomly finding hackers and crackers - or less likely - he got a tip from someone we know any input on this one would be nice - unless someone has really done a number on net sources, he is legitimate for those of you who are worried about it, you shouldnt be check the website at ************ if you want to see for yourself and as always, thanks for your time fellow rev-engineers +gthorne -----#3------------------------------------------------- Subject: RAR PW cracking Hi +All! :) >I've seen it at 'password recovery tactics' (I don't know the link >off-hand, but I think it may still be linked by my page) It should be ******************************** but you can visit Ghiribizzo's GOOD page anyway, of course... ;)) byez, .+MaLaTTiA. =====End of Issue 226=================================== ======================================================== +HCU Maillist Issue: 227 05/23/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: otec #2 Subject: Email change #3 Subject: Ghiribizzo's Homepage #4 Subject: rar #5 Subject: Job hunting and OpentNT..... #6 Subject: about speed of IDA ARTICLES: -----#1------------------------------------------------- Subject: otec greythorne: Yeah, I got an email from this guy too. I sent him a note to the effect that he would have to come up with a much more convincing offer ($$$ ;) than "joining his pool of employees" to get me to compromise my handle that blatantly. But I did the same as you, he is legit and his email does point to the president of the company. Unfortunately I browsed his job listings and my last recruiter was much better ;) _m ______________________________________________________ Get Your Private, Free Email at ********************** -----#2------------------------------------------------- Subject: Email change Sorry for this, but I've just realised that my email account has also been lost. If you've sent stuff to me recently then it has gone. You can use ************************ temporarily. ~~ Ghiribizzo -----#3------------------------------------------------- Subject: Ghiribizzo's Homepage Well, if it was on my homepage, it isn't there anymore. It got wiped. Well, it lasted quite a while anyway. There are no plans to replace it for the moment. ~~ Ghiribizzo -----#4------------------------------------------------- Subject: rar Hello Everyone Hello Ghiribizzo The rar file is rida98.exe and it's your password (or Caligo ) :-)) I have a copy of IDA v3.75 already, but became interested and traced through part of rida.exe. Finding where it compares the CRC values and the decryption of the password you have entered in with 8 bytes of the file at a time. cheers Rundus ______________________________________________________ Get Your Private, Free Email at ********************** -----#5------------------------------------------------- Subject: Job hunting and OpentNT..... Those Jobhunters fill my mailbox everyday, If they think can you can spell the word "PC", they contact you.... :-( (Spammmers) (example of today follows..) "From: Jim Rogers *********************** Subject: Job Opportunity To: ********************* UNIX.....Blabla...slime...sugar...$$$$...etc..... Now more serious talk, after fixing a date problem in OpenNT 2.1 (three files.) I was wondering if somebody made a key generator for it ??? (there was one for 2.0 and I saw some mails in the archive.) If not I like to make one but not alone as this would be my first one so sharing some thoughts would nice...... (I just bought the program so I have allready 2 working keys :-) ******************* -----#6------------------------------------------------- Subject: about speed of IDA IDAW is a Win32 console program. It use standard console display API's, and all these API's are very slowly. We can speed this by write video memory directly just as we do in DOS. Every Win32 console program has a correspondent VM. From the VMcb structure we can get 'CB_High_Linear' which is the base memory of the VM. So the console screen memory is CB_High_Linear + B8000h Write directly to this memory will speed your console program. Best regards, Liutaotao =====End of Issue 227=================================== ======================================================== +HCU Maillist Issue: 228 05/24/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Numega's new Java product #2 Subject: RAR PW ARTICLES: -----#1------------------------------------------------- Subject: Numega's new Java product Hi All! I got this in my mail today , and I know some of you are interested in Numega's product and Java in particular so do it at your own risk.... "Hello Java developer! I'd like to invite you to participate in the beta program for our latest Java development tool -- JCheck. NuMega JCheck is an automatic run-time error detection and diagnosis tool for Java developers. It automates Java debugging and helps solve tough Java problems. With JCheck you can: * Understand your program execution flow and debug logic errors quickly and easily with run-time event logging. * Analyze and diagnose difficult Java thread usage problems with advanced thread monitoring. * Build reliability into your Java applications and components while you develop. Why should I join? Aside from the thrill of getting your hands on the latest and greatest in development tools from NuMega, and having the power to make a difference in the development of those tools, you'll be eligible for our "Beta Rewards" program! How do I sign-up? It's easy! Start at the following link and accept our online non-disclosure agreement (NDA). Then, fill out our short survey about your current project and development environment. Once your application has been reviewed, you will be contacted with additional instructions and software. The URL: ********************************************* The user name is: "betaweb" The password is: "2manYbugs" (case-sensitive) Any other questions? If you have any additional questions, please contact our beta manger at ************************ Thank you and we look forward to working with you! The NuMega Beta Team" maybe I was a fool filing up there form but they do make use of it ;) Bisoux -----#2------------------------------------------------- Subject: RAR PW Rundus, The pw isn't mine. The version of IDA I sent about was named either IDA375.RAR or ID.DAT (though they could have been renamed). The archive was not passworded. The archive was an image of an installed IDA rather than the install files themselves (i.e. the NID files). The RAR file you've got is either from somewhere else, or someone put a PW on it (I hate it when they do that). ~~ Ghiribizzo =====End of Issue 228=================================== ======================================================== +HCU Maillist Issue: 229 05/24/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: win32.hlp & vb5 #2 Subject: Email echo #3 Subject: Evelock prot ARTICLES: -----#1------------------------------------------------- Subject: win32.hlp & vb5 Hi all, I was wondering if any1 out there knows of a newer win32.hlp? I would = thing that with win98 out there would be more functions to list etc.... = also I have been searching for a similar reference for VB functions.. is = there such an animal? also looking for a vb5 decompiler.... cheers, HaQue -----#2------------------------------------------------- Subject: Email echo Hello Everyone Hello Fravia The site ***************** doesn't seem to exist anymore. Are there any others you would recommend? Hello Ghiribizzo The pw rar file contains all the files for IDA V375 and its at lordcalgio site. So it must be his copy. I just assume it was your rar file and he had a copy of it. cheers Rundus ______________________________________________________ Get Your Private, Free Email at ********************** -----#3------------------------------------------------- Subject: Evelock prot Hi all, i'm working in a protection from AZ-Tech called Everlock, is very inetersting and has some nice antidebugging trick, i want know is anyone has worked with it before, i didn't found any crack in the web or any info about it, it seems the only way to crack it is using a TSR or a program that block and simulate the writes to the key disk, the program that do this is a commercial copier called Neverlock Business, if someone want join this proyect i can share the info i have about the scheme. Norway =====End of Issue 229=================================== ======================================================== +HCU Maillist Issue: 230 05/25/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: echo.de (fravia+) ARTICLES: -----#1------------------------------------------------- Subject: echo.de (fravia+) Dear Rundus echo worked for me right now, so try again, there are some others like that, but they nail you down on their databases and then spam you with crap offers. Technische Uni Berlin is the only non profit one (until now, that is) I know of. Just try again. The server has MANY other interesting functions as well, btw. later fravia+ =====End of Issue 230===================================