I hate answer question especially a question that you try nothing to answer before you ask. It's wasting my time.
I'm not the one who knows everything. The only one I know is I can find the answer by myself if it's on the internet or at least, try before ask.
Below is the answer of what CAM/TS/TC/SCR means so I hope anyone who askes me can read and understand by themselves. (I don't know why you can use internet to spend your time to search and download such a big file but don't have enough time to look for the meaning by yourself.)
So I hope no one askes me about this again. Whatever you want to know, try google first, if it doesn't work then I guess go to wikipedia.com before you ask someone.
Downloaded a movie and don't know what CAM/TS/TC/SCR means?
CAM - A cam is a theater rip usually done with a digital video camera. A mini tripod is sometimes used, but a lot of the time this wont be possible, so the camera make shake. Also seating placement isn't always idle, and it might be filmed from an angle. If cropped properly, this is hard to tell unless there's text on the screen, but a lot of times these are left with triangular borders on the top and bottom of the screen. Sound is taken from the onboard microphone of the camera, and especially in comedies, laughter can often be heard during the film. Due to these factors picture and sound quality are usually quite poor, but sometimes we're lucky, and the theater will be' fairly empty and a fairly clear signal will be heard.
TELESYNC (TS) - A telesync is the same spec as a CAM except it uses an external audio source (most likely an audio jack in the chair for hard of hearing people). A direct audio source does not ensure a good quality audio source, as a lot of background noise can interfere. A lot of the times a telesync is filmed in an empty cinema or from the projection booth with a professional camera, giving a better picture quality. Quality ranges drastically, check the sample before downloading the full release. A high percentage of Telesyncs are CAMs that have been mislabeled.
TELECINE (TC) - A telecine machine copies the film digitally from the reels. Sound and picture should be very good, but due to the equipment involved and cost telecines are fairly uncommon. Generally the film will be in correct aspect ratio, although 4:3 telecines have existed. A great example is the JURASSIC PARK 3 TC done last year. TC should not be confused with TimeCode , which is a visible counter on screen throughout the film.
SCREENER (SCR) - A pre VHS tape, sent to rental stores, and various other places for promotional use. A screener is supplied on a VHS tape, and is usually in a 4:3 (full screen) a/r, although letterboxed screeners are sometimes found. The main draw back is a "ticker" (a message that scrolls past at the bottom of the screen, with the copyright and anti-copy telephone number). Also, if the tape contains any serial numbers, or any other markings that could lead to the source of the tape, these will have to be blocked, usually with a black mark over the section. This is sometimes only for a few seconds, but unfortunately on some copies this will last for the entire film, and some can be quite big. Depending on the equipment used, screener quality can range from excellent if done from a MASTER copy, to very poor if done on an old VHS recorder thru poor capture equipment on a copied tape. Most screeners are transferred to VCD, but a few attempts at SVCD have occurred, some looking better than others.
DVD-SCREENER (DVDscr) - Same premise as a screener, but transferred off a DVD. Usually letterbox , but without the extras that a DVD retail would contain. The ticker is not usually in the black bars, and will disrupt the viewing. If the ripper has any skill, a DVDscr should be very good. Usually transferred to SVCD or DivX/XviD.
DVDRip - A copy of the final released DVD. If possible this is released PRE retail (for example, Star Wars episode 2) again, should be excellent quality. DVDrips are released in SVCD and DivX/XviD.
VHSRip - Transferred off a retail VHS, mainly skating/sports videos and XXX releases.
TVRip - TV episode that is either from Network (capped using digital cable/satellite boxes are preferable) or PRE-AIR from satellite feeds sending the program around to networks a few days earlier (do not contain "dogs" but sometimes have flickers etc) Some programs such as WWF Raw Is War contain extra parts, and the "dark matches" and camera/commentary tests are included on the rips. PDTV is capped from a digital TV PCI card, generally giving the best results, and groups tend to release in SVCD for these. VCD/SVCD/DivX/XviD rips are all supported by the TV scene.
WORKPRINT (WP) - A workprint is a copy of the film that has not been finished. It can be missing scenes, music, and quality can range from excellent to very poor. Some WPs are very different from the final print (Men In Black is missing all the aliens, and has actors in their places) and others can contain extra scenes (Jay and Silent Bob) . WPs can be nice additions to the collection once a good quality final has been obtained.
DivX Re-Enc - A DivX re-enc is a film that has been taken from its original VCD source, and re-encoded into a small DivX file. Most commonly found on file sharers, these are usually labeled something like Film.Name.Group(1of2) etc. Common groups are SMR and TND. These aren't really worth downloading, unless you're that unsure about a film u only want a 200mb copy of it. Generally avoid.
Watermarks - A lot of films come from Asian Silvers/PDVD (see below) and these are tagged by the people responsible. Usually with a letter/initials or a little logo, generally in one of the corners. Most famous are the "Z" "A" and "Globe" watermarks.
Asian Silvers / PDVD - These are films put out by eastern bootleggers, and these are usually bought by some groups to put out as their own. Silvers are very cheap and easily available in a lot of countries, and its easy to put out a release, which is why there are so many in the scene at the moment, mainly from smaller groups who don't last more than a few releases. PDVDs are the same thing pressed onto a DVD. They have removable subtitles, and the quality is usually better than the silvers. These are ripped like a normal DVD, but usually released as VCD.
Scene Tags...
PROPER - Due to scene rules, whoever releases the first Telesync has won that race (for example). But if the quality of that release is fairly poor, if another group has another telesync (or the same source in higher quality) then the tag PROPER is added to the folder to avoid being duped. PROPER is the most subjective tag in the scene, and a lot of people will generally argue whether the PROPER is better than the original release. A lot of groups release PROPERS just out of desperation due to losing the race. A reason for the PROPER should always be included in the NFO.
LIMITED - A limited movie means it has had a limited theater run, generally opening in less than 250 theaters, generally smaller films (such as art house films) are released as limited.
INTERNAL - An internal release is done for several reasons. Classic DVD groups do a lot of INTERNAL releases, as they wont be dupe'd on it. Also lower quality theater rips are done INTERNAL so not to lower the reputation of the group, or due to the amount of rips done already. An INTERNAL release is available as normal on the groups affiliate sites, but they can't be traded to other sites without request from the site ops. Some INTERNAL releases still trickle down to IRC/Newsgroups, it usually depends on the title and the popularity. Earlier in the year people referred to Centropy going "internal". This meant the group were only releasing the movies to their members and site ops. This is in a different context to the usual definition.
STV - Straight To Video. Was never released in theaters, and therefore a lot of sites do not allow these.
ASPECT RATIO TAGS - These are *WS* for widescreen (letterbox) and *FS* for Fullscreen.
REPACK - If a group releases a bad rip, they will release a Repack which will fix the problems.
NUKED - A film can be nuked for various reasons. Individual sites will nuke for breaking their rules (such as "No Telesyncs") but if the film has something extremely wrong with it (no soundtrack for 20mins, CD2 is incorrect film/game etc) then a global nuke will occur, and people trading it across sites will lose their credits. Nuked films can still reach other sources such as p2p/usenet, but its a good idea to check why it was nuked first in case. If a group realise there is something wrong, they can request a nuke.
NUKE REASONS...
this is a list of common reasons a film can be nuked for (generally DVDRip)
BAD A/R = bad aspect ratio, ie people appear too fat/thin
BAD IVTC = bad inverse telecine. process of converting framerates was incorrect.
INTERLACED = black lines on movement as the field order is incorrect.
DUPE - Dupe is quite simply, if something exists already, then theres no reason for it to exist again without proper reason.
22 December 2009
03 December 2009
Howto view a remote ip address
How to find a remote IP
Method 1
To view someone's IP# when they send you hotmail email do this:
1) Click "Options" on the upper right side of the page.
2) On the left side of the page, Click "Mail"
3) Click "Mail Display Settings"
4) Under "Message Headers" select "Full" or "Advanced"
5) Click ok
Method 2
reg a dydns account and install the ip pointer, so each time you ping the host name you regestored
for example:
you regestor the host name myhost.dydns.com, then you keep a little software running on the target host. The little software will keep update your IP to dydns.com server.
so at your pc just start cmd, and ping myhost.dydns.com, it will give you the most updated ip address.
Method 3
neverender, what doesn't work for you? Simply type in nc -vvv -l -p 80 on your box, which will set it to listen in verbose mode on port 80. Then give them a link to your IP address (for example: 111.111.111.11) and tell them to type it in their browser. The browser should resolve the address as well as append port 80 automatically. Just make sure that your friend is not very computer literate.
Method 4
Just download a very simple server such as this one and install it on your comp. Then run it and give your ip to the person you want and tell them to connect to it through a browser. Your server will log their connection and you will get their IP.
link:http://www.download.com/Abyss-Web-Se...ml?tag=lst-0-6
Other Ways
-www.imchaos.com and make a "spy poll" to put in ur profile, this will tell u the IP of anybody who answers ur poll
-originalicons.com there is a page for doin it (i dont like it, but it works)
-or irc
Here is a more detailed tutorial about using NetCat.
http://www.onlamp.com/pub/a/onlamp/2...29/netcat.html
Windows users can download NetCat from here:
http://www.atstake.com/research/tool...ork_utilities/
Method 1
To view someone's IP# when they send you hotmail email do this:
1) Click "Options" on the upper right side of the page.
2) On the left side of the page, Click "Mail"
3) Click "Mail Display Settings"
4) Under "Message Headers" select "Full" or "Advanced"
5) Click ok
Method 2
reg a dydns account and install the ip pointer, so each time you ping the host name you regestored
for example:
you regestor the host name myhost.dydns.com, then you keep a little software running on the target host. The little software will keep update your IP to dydns.com server.
so at your pc just start cmd, and ping myhost.dydns.com, it will give you the most updated ip address.
Method 3
neverender, what doesn't work for you? Simply type in nc -vvv -l -p 80 on your box, which will set it to listen in verbose mode on port 80. Then give them a link to your IP address (for example: 111.111.111.11) and tell them to type it in their browser. The browser should resolve the address as well as append port 80 automatically. Just make sure that your friend is not very computer literate.
Method 4
Just download a very simple server such as this one and install it on your comp. Then run it and give your ip to the person you want and tell them to connect to it through a browser. Your server will log their connection and you will get their IP.
link:http://www.download.com/Abyss-Web-Se...ml?tag=lst-0-6
Other Ways
-www.imchaos.com and make a "spy poll" to put in ur profile, this will tell u the IP of anybody who answers ur poll
-originalicons.com there is a page for doin it (i dont like it, but it works)
-or irc
Here is a more detailed tutorial about using NetCat.
http://www.onlamp.com/pub/a/onlamp/2...29/netcat.html
Windows users can download NetCat from here:
http://www.atstake.com/research/tool...ork_utilities/
Reverse engineering (Software)
REVERSE CODING
----------------------
REVERSE CODING
----------------------
# Released by Cybnet Security Group
# legalz: modify and use at will, if you make any changes, improvements, updates or use the code
# in another project, please send us what you did and give credit
# if you have any questions, post them at forum.hackerthreads.net
# be sure to check out hackerthreads.org for updates and new tutorials/downloads
Copyrights reserved to k33t, 2002 from CYBNET Security Group
----------------------------------------------------------------------------------------------------
Index:
-------
1.Introduction
2.Disclaimer
3.Hexadecimal
4.RAM and ROM
5.ASM
6.Needed programs
7.Cracking
8.Conclusion
---------------------------
---Introduction----------
Welcome to my Reverse Coding tutorial! In this paper, you will
learn how to crack and modify your own software. I'll try to get
into as much detail as possible, yet also dumb it down a bit. =)
------------------------------------------------------------------------------------------------------
---Disclaimer------------
All information is purely for educational purposes only! The author
cannot be held responsible for any (ab)use of this information.
USE AT YOUR OWN RISK!!!
------------------------------------------------------------------------------------------------------
---Hexadecimal----------
To begin, I'm going to teach you about hexadecimal, so if you already
know it, then move on. Even if you do already know it, I suggest
sticking around for a refreshment of your memory.=)
Hexadecimal, or hex as it's more commonly known, is a base 16
numbering system. Base 16 meaning that it consists of 16 numbers:
0-9 and A-F. Each of these numbers (A-F=10-16) have a value of 4 bits
and are also called nibbles. In representing a hexadecimal number, one
would write an "0x" before the actual bit set. 0x is simply a tag put
before a hex number to let programmers know that it is in fact, hex.
When writing hex, you will not need to use this prefix.
If you haven't already noticed, the 0x prefix looks similar to that of exponential
notation. Actually this is where 0x has been derived, seeing as how
hex is simply a number that has been raised to a power of 16.
This means 10 in hexadecimal represents the value 16+0, or 16. So check
out this example:
0xB3 (hex)= 2*16(squared)+11*16(to the 1st power)+3*16(to the power of 0 )
=2*256+11*16+3=691 (decimal)
Yeah, you could do all of that, or you could be lazy and use an automated
program that does it all for you. Why do you need to know hex? Because
it's used by every piece of software and hardware. How? Memory based address
allocation. Here's an example:
When you clicked on your browsers icon to launch it, the click triggered a "call"
(an asm function that will be discussed more in depth in later chapters.) which
went back to the programs memory with the "click in it's hand." It finds the
address where the code is that makes the program launch and executes it. The
address is written in, you guessed it, hex. An example of an address would be
something like this:
101c5018
5108 would be the actual specific address and 101c would be the sector
of RAM were the address is located. Those are the basics of Hexadecimal
You should probley read this chapter againbecause getting a firm grasp on hex
is essential to cracking and moding programs.
----------------------------------------------------------------------------------------------------------
---RAM and ROM--------
In this section we are gonna learn about RAM and ROM. Many people kno about
the hardware part of RAM and ROM and that's gonna be very useful to you......
just not in this tutorial. =) We are about to learn about the "software" side. I use the
term software loosly in that software tends to have a GUI (Graphical User Interface)
and this does not. BUT, there are ways to access and modify the behavior of it that
I will talk about in this chapter, as well as in the next. To start off, I'll answer some
common questions:
What is RAM?
RAM (Random Access Memory) is basically memory and the process of accessing it.
The term "Random Access Memory" was approprietly given to this memory unit because
when executing a command, the CPU doesn't have to scroll through all the memory on
your PC until it finds the right address. It "randomly" whips out the addy from it's back
pocket and serves it up.This process is both quick and efficient. Learning this process
will help you understand the ASM functions in the next chapter.
How does RAM work?
When a command is issued and the memory is pulled from file, it must first go through
what is called a "vector". A vector is a "gateway" or a "sector" of RAM where the address
of the function is stored with others of it's own kind. An example of a vector would be
something like this:
8c0000b4-8c00ffff
This means that all "addressii" (hehe) that are between those values are stored in that
sector of RAM. A vector acts as a gateway in that, first, pass through a vector to get to
address. Your average program probley has about 30 to 40 main vectors, sectioning
off from boot until exit. Knowing the vector of an addy or a function will greatly reduce
your headache when you start searching for it.
ROM. ROM is a part of memory that doesn't change. (Although we can change it.=) )
Boot ROM for instance, follows the same plan of action it is called upon. ROM also has
vectors, just like RAM. ROM is not that important when it comes to cracking to we will
leave it alone for now.
Back to RAM. Believe it or not, but addressii (there I go again, I'm such a g33k.)
actually follow certain formats or syntax's for certain functions. Take hot keys for
example: In the under ground, we call them "Joker commands". By pressing a certain
combonation of keys, a program will run, close, be stupid, whatever. The syntax for a
Joker command is as follows:
0d-aaaaaf
000zvvvv
Let's examine this format a little closer.
0d= The proclemation of a specifyed format
aaaaa= The address of the function
f= The float or remainder; "Floating point number" ; decimal
000= "NOP" No operation
z= The "Booleon" as we the C++ programmers call it. A booleon is an "IF, THEN" statement.
"IF this is true, THEN do this." Value 0= equal; 1= different; 2=less than; 3=greater than.
vvvv= The combonation of hex values (The values of the keys pressed) used to execute the "CALL"
Say the "A" key had a vlaue of fffb and the "B" key has a vlaue of fffd. You would then add both
values using a hex calculator and get fff9 as the sum. The output on you calculator would
show 1fff8. Add the first value and the last value to find the fourth byte segment. So say
we've found the address of the Joker function (usually in the boot ROM sector) commonly
called the "Maple address" and we are ready to program in some hex code. Our code may
look like this:
0d7ae671
0000fff9
This means that IF the value of fff9 (A and B) is equal (0) to the address (aaaaf) of the function,
THEN execute it. See? Easy isn't it? You'll need to know things like this when modding programs
as a use of executing of your arbitrary code in certain parts of your program at a certain time.
Joker commands are also reversable in that if you enter the same code except with a 1,2, or 3,
in the z slot and by changing the button combonations. Reversable meaning terminating the
function or other functions that were started. A good use for this is for firewalls and babysitting
programs. Are you on a college machine and can't download stuff because of that pesky firewall?
Crack it open and program in some Joker commands so you can turn it on and off at will
WITHOUT the administrator's password!
--------------------------------------------------------------------------------------------------------------
---ASM-----------------------
To start off with our small and to the point ASM section, I'll warn you in advance, after reading this,
you'll need to go take a shower cause this is disgusting! Here we go!
To begin, I'm gonna define for you some functions that you'll be seeing alot of, and be using. Here they are:
.:Hex:. .:ASM:. .:MEANING:.
75,0f85 jne jump if not equal
74,0f84 je jump is equal
eb jmp jump directly to
90 nop no operation
77,0f87 ja jump if above
0f86 jna jump if not above
0f83 jae jump if above or equal to
0f82 jnae jump if not above or equal
0f82 jb jump if below
0f83 jnb jump is not below
of86 jbe jump if below or equal
0f87 jnbe jump if not below or equal
0f8f jg jump if greater
0f8e jng jump if not greater
0f8d jge jump if greater or equal
0f8c jnge jump if not greater or equal
0f8c jl jump if less
0f8d jnl jump if not less
0f8e jle jump if less or equal
0f8f jnle jump if not less or equal
The easy thing about most of the functions in ASM are that they sound like what they mean.
Jump, means of coarse, to Jump from one thing to another. Example:
"jmp 00401744" would mean to jump directly to the address 00401744 once the code
hits the function.
Let's look at "CALL". Call is a function that is used to "call" a certain task, string, address, whatever.
Take a look at this example:
"Call 0040ccc2" this would of coarse call the address 0040ccc2 and use it. Those are the functions
you'll be using.
The reason why I'm not going into loads of detail in this chapter is because when
cracking software, not an extensive amount of knowledge of ASM is needed. If you want
to know more or need help with something, e-mail me at the address provided at the end of
this tutorial. This chapter wasn't so nasty was it? Nah, it was easy =)
------------------------------------------------------------------------------------------------------------------------
---Needed Programs----------------
The programs you will need are as follows:
WDasm 8.9 or Higher
Hiew 6.1
Softice for win9x v3.24
SubmitWolf(demo)v4.01 (http://www.trellian.com/swolf)
Programming Language (C,C++,Pascal,ASM whatever you would like) Prefably C for this tutorial!
And a brain (no seriously)
--------------------------------------------------------------------------------------------------------------------------
---Cracking-----------------------------
Ok, here we go! The first thing you need to do is to open up SoftIce and then swolf32.exe which is the name given to our
target program. Go to the help menu and select register. Here's where your brain will come in, start to look
for how the protection is running by entering some random crap into the blank space. Don't press the OK button yet though.
Instead, press CTRL-D to bring up SoftIce. What we are gonna try to do is define a breakpoint, using BPX hmemcpy.
Hit CTRL-D again and it will bring you back to the program. Click OK on the box and SoftIce will again pop up. Now press F12
and it will bring you to the target program code. Scroll down a few lines and find:
:004167D9 8D4C2410 lea ecx, dword ptr {esp+10}--;ecx=the random crap you typed in.
:004167DD 8D94290000000 lea edx, dword ptr {esp+00000090}-;edx=name
:004167E4 51 push ecx
:004167E5 52 push edx
:004167E6 E8B5450100 call 0042ADA0----;this is the call which calculates the serial
:004167EB 83C410 add esp, 00000010--;
:004167EE 85C0 test eax, eax----;and return eax=1 if true (booleon =) )
:004167F0 0F8596000000 jne 0041688C----;jump to registered
:004167F6 8D442408 lea eax, dword ptr {esp+08}
:004167FA 8D8C2488000000 lea ecx, dword ptr {esp+00000088}
:00416801 50 push eax
:00416802 51 push ecx
:00416803 E868470100 call 0042AF70----;this call tests our serial
:00416808 83C408 add esp, 00000008---;
:0041680B 85C0 test eax, eax----;for v3.XX one.
:0041680D 7433 je 00416842;jump is equal
The call that we want to focas on is at 004167E6. This call tests wether our serial is for the correct version or not.
Let's trace the call 004ADA0:
*Referenced by a CALL at address:
:0042ABFC
:0042ADA 83EC30 sub esp, 00000030
:0042ADA3 55 push ebp
:0042ASA4 56 push esi
:004ADA5 57 push edi
:0042ADA6 8B7C24444 mov edi, dword ptr {esp+44}--;edi=our fake serial
:004ADAA 85FF test edi, edi
:004ADAC 0F4A7010000 je 0042AF59----;die if empty
:004ADB2 8B6C2440 mov ebp, dword ptr {esp+40}--ebp=our name
:0042ADB6 85ED test ebp, ebp
:004ADB8 0F849B010000 je 0042AF59---;die if empty
:004ADBE 8A07 mov al, byte ptr {edi}--;compare 1st byte of serial with 'p', die
:0042ADC0 3C50 cmp al, 50----;
:0042ADC2 0F8587010000 jne 0042AF4F----;if not equal
:0042ADC8 807F0134 cmp byte ptr {edi+01}, 34--:compare byte of serial with '4'
:004ADCC 750C jne 0042ADDA----;
:0042ADCE C70500C8430000000000 mov dword ptr {0043C800}, 00000000
:0042ADD8 EB1C jmp 0042ADF6
As we can see by the above, the code tells us that the first value of our serial will
be 'p' and a cycle of a four byte algorythm. I could go on and on about all of the internals
of all this stuff but that would be going beyond the scope of this tutorial. The idea was to show
how to crack this pro, and thats what I'm going to do. Based on the information I've given you, and the
information that you can deduce from reading the code, I've written a small key generator in C.
If you know C, then you'll be able to tell where i got the algorythms to write it. So here it is:
#include
#include
int main(void)
{
long code=555583,count1,count2;
char name[25],cod[5],type='0';
clrscr();
textcolor(14);
printf("This is a simple key-generator written by k33t of CYBNET Security Group");
printf("========================================== =======");
text color(10);
printf("SubmitWolf(demo)ver4.1 cracked by k33t");
textcolor(14);
printf("%c%c%c",0x10,0x10,0x10");
textcolor(12);
printf("Yup")
prinf("-November 2002");
prinf("'\n\nSelect Edition PRO(0) or Enterprise(1) (0/1)=");
scanf("%c",&type);
if(type=='1')code=557283;
getchar();
prinf("Enter Registration Name=");
scanf("%[^\n]",name);
for(count1=0;count1<=3;count1++
cod[count1]=name[count1];
for(count=1;count1=3;count1++){
for(count2=0;count2<=3;count2++)
cod[count2]=cod[count2]*(code%100);
code=code/100;
}
for(count1=0;name[count1]>0;count1++);
for(count2=0;count2<=3;count2++)
cod[count2]=cod[count2]^(name[count1]+3);
for=(count1-3;count1>=0;count1--){
code=code+(cod[count1]&0xFF);
if(count1>0)
code=code*0x100;
}
if(code<0)code=-code;
for(;code<10000;) code=code*10;
for(;code>999999;) code=code/10;
printf(Your Serial Number=P%c4-%ld",(type=='1')? 'E':'4'code);
return ;
}
Ok! So! An overall conclusion of this code is:
1.First two characters of the serial must be either 'PE' or 'P4'.
2.Multiply every first four characters or our name with every byte of our serial before '-'
3.XOR every four byte with every byte of our name.
4.Convert to positive number if<0.
5.Convert to number between 10000 and 1000000.
Forgive me if this code is buggy as I wrote it very quickly in the little spare time I had.
-----------------------------------------------------------------------------------------------------------
---Conclusion-------
Well how was your first cracking expierience? Not bad eh? Ok well if you have any questions,
problems,comments,.....criticsms.......you can e-mail them to me at:
----------------------
REVERSE CODING
----------------------
# Released by Cybnet Security Group
# legalz: modify and use at will, if you make any changes, improvements, updates or use the code
# in another project, please send us what you did and give credit
# if you have any questions, post them at forum.hackerthreads.net
# be sure to check out hackerthreads.org for updates and new tutorials/downloads
Copyrights reserved to k33t, 2002 from CYBNET Security Group
----------------------------------------------------------------------------------------------------
Index:
-------
1.Introduction
2.Disclaimer
3.Hexadecimal
4.RAM and ROM
5.ASM
6.Needed programs
7.Cracking
8.Conclusion
---------------------------
---Introduction----------
Welcome to my Reverse Coding tutorial! In this paper, you will
learn how to crack and modify your own software. I'll try to get
into as much detail as possible, yet also dumb it down a bit. =)
------------------------------------------------------------------------------------------------------
---Disclaimer------------
All information is purely for educational purposes only! The author
cannot be held responsible for any (ab)use of this information.
USE AT YOUR OWN RISK!!!
------------------------------------------------------------------------------------------------------
---Hexadecimal----------
To begin, I'm going to teach you about hexadecimal, so if you already
know it, then move on. Even if you do already know it, I suggest
sticking around for a refreshment of your memory.=)
Hexadecimal, or hex as it's more commonly known, is a base 16
numbering system. Base 16 meaning that it consists of 16 numbers:
0-9 and A-F. Each of these numbers (A-F=10-16) have a value of 4 bits
and are also called nibbles. In representing a hexadecimal number, one
would write an "0x" before the actual bit set. 0x is simply a tag put
before a hex number to let programmers know that it is in fact, hex.
When writing hex, you will not need to use this prefix.
If you haven't already noticed, the 0x prefix looks similar to that of exponential
notation. Actually this is where 0x has been derived, seeing as how
hex is simply a number that has been raised to a power of 16.
This means 10 in hexadecimal represents the value 16+0, or 16. So check
out this example:
0xB3 (hex)= 2*16(squared)+11*16(to the 1st power)+3*16(to the power of 0 )
=2*256+11*16+3=691 (decimal)
Yeah, you could do all of that, or you could be lazy and use an automated
program that does it all for you. Why do you need to know hex? Because
it's used by every piece of software and hardware. How? Memory based address
allocation. Here's an example:
When you clicked on your browsers icon to launch it, the click triggered a "call"
(an asm function that will be discussed more in depth in later chapters.) which
went back to the programs memory with the "click in it's hand." It finds the
address where the code is that makes the program launch and executes it. The
address is written in, you guessed it, hex. An example of an address would be
something like this:
101c5018
5108 would be the actual specific address and 101c would be the sector
of RAM were the address is located. Those are the basics of Hexadecimal
You should probley read this chapter againbecause getting a firm grasp on hex
is essential to cracking and moding programs.
----------------------------------------------------------------------------------------------------------
---RAM and ROM--------
In this section we are gonna learn about RAM and ROM. Many people kno about
the hardware part of RAM and ROM and that's gonna be very useful to you......
just not in this tutorial. =) We are about to learn about the "software" side. I use the
term software loosly in that software tends to have a GUI (Graphical User Interface)
and this does not. BUT, there are ways to access and modify the behavior of it that
I will talk about in this chapter, as well as in the next. To start off, I'll answer some
common questions:
What is RAM?
RAM (Random Access Memory) is basically memory and the process of accessing it.
The term "Random Access Memory" was approprietly given to this memory unit because
when executing a command, the CPU doesn't have to scroll through all the memory on
your PC until it finds the right address. It "randomly" whips out the addy from it's back
pocket and serves it up.This process is both quick and efficient. Learning this process
will help you understand the ASM functions in the next chapter.
How does RAM work?
When a command is issued and the memory is pulled from file, it must first go through
what is called a "vector". A vector is a "gateway" or a "sector" of RAM where the address
of the function is stored with others of it's own kind. An example of a vector would be
something like this:
8c0000b4-8c00ffff
This means that all "addressii" (hehe) that are between those values are stored in that
sector of RAM. A vector acts as a gateway in that, first, pass through a vector to get to
address. Your average program probley has about 30 to 40 main vectors, sectioning
off from boot until exit. Knowing the vector of an addy or a function will greatly reduce
your headache when you start searching for it.
ROM. ROM is a part of memory that doesn't change. (Although we can change it.=) )
Boot ROM for instance, follows the same plan of action it is called upon. ROM also has
vectors, just like RAM. ROM is not that important when it comes to cracking to we will
leave it alone for now.
Back to RAM. Believe it or not, but addressii (there I go again, I'm such a g33k.)
actually follow certain formats or syntax's for certain functions. Take hot keys for
example: In the under ground, we call them "Joker commands". By pressing a certain
combonation of keys, a program will run, close, be stupid, whatever. The syntax for a
Joker command is as follows:
0d-aaaaaf
000zvvvv
Let's examine this format a little closer.
0d= The proclemation of a specifyed format
aaaaa= The address of the function
f= The float or remainder; "Floating point number" ; decimal
000= "NOP" No operation
z= The "Booleon" as we the C++ programmers call it. A booleon is an "IF, THEN" statement.
"IF this is true, THEN do this." Value 0= equal; 1= different; 2=less than; 3=greater than.
vvvv= The combonation of hex values (The values of the keys pressed) used to execute the "CALL"
Say the "A" key had a vlaue of fffb and the "B" key has a vlaue of fffd. You would then add both
values using a hex calculator and get fff9 as the sum. The output on you calculator would
show 1fff8. Add the first value and the last value to find the fourth byte segment. So say
we've found the address of the Joker function (usually in the boot ROM sector) commonly
called the "Maple address" and we are ready to program in some hex code. Our code may
look like this:
0d7ae671
0000fff9
This means that IF the value of fff9 (A and B) is equal (0) to the address (aaaaf) of the function,
THEN execute it. See? Easy isn't it? You'll need to know things like this when modding programs
as a use of executing of your arbitrary code in certain parts of your program at a certain time.
Joker commands are also reversable in that if you enter the same code except with a 1,2, or 3,
in the z slot and by changing the button combonations. Reversable meaning terminating the
function or other functions that were started. A good use for this is for firewalls and babysitting
programs. Are you on a college machine and can't download stuff because of that pesky firewall?
Crack it open and program in some Joker commands so you can turn it on and off at will
WITHOUT the administrator's password!
--------------------------------------------------------------------------------------------------------------
---ASM-----------------------
To start off with our small and to the point ASM section, I'll warn you in advance, after reading this,
you'll need to go take a shower cause this is disgusting! Here we go!
To begin, I'm gonna define for you some functions that you'll be seeing alot of, and be using. Here they are:
.:Hex:. .:ASM:. .:MEANING:.
75,0f85 jne jump if not equal
74,0f84 je jump is equal
eb jmp jump directly to
90 nop no operation
77,0f87 ja jump if above
0f86 jna jump if not above
0f83 jae jump if above or equal to
0f82 jnae jump if not above or equal
0f82 jb jump if below
0f83 jnb jump is not below
of86 jbe jump if below or equal
0f87 jnbe jump if not below or equal
0f8f jg jump if greater
0f8e jng jump if not greater
0f8d jge jump if greater or equal
0f8c jnge jump if not greater or equal
0f8c jl jump if less
0f8d jnl jump if not less
0f8e jle jump if less or equal
0f8f jnle jump if not less or equal
The easy thing about most of the functions in ASM are that they sound like what they mean.
Jump, means of coarse, to Jump from one thing to another. Example:
"jmp 00401744" would mean to jump directly to the address 00401744 once the code
hits the function.
Let's look at "CALL". Call is a function that is used to "call" a certain task, string, address, whatever.
Take a look at this example:
"Call 0040ccc2" this would of coarse call the address 0040ccc2 and use it. Those are the functions
you'll be using.
The reason why I'm not going into loads of detail in this chapter is because when
cracking software, not an extensive amount of knowledge of ASM is needed. If you want
to know more or need help with something, e-mail me at the address provided at the end of
this tutorial. This chapter wasn't so nasty was it? Nah, it was easy =)
------------------------------------------------------------------------------------------------------------------------
---Needed Programs----------------
The programs you will need are as follows:
WDasm 8.9 or Higher
Hiew 6.1
Softice for win9x v3.24
SubmitWolf(demo)v4.01 (http://www.trellian.com/swolf)
Programming Language (C,C++,Pascal,ASM whatever you would like) Prefably C for this tutorial!
And a brain (no seriously)
--------------------------------------------------------------------------------------------------------------------------
---Cracking-----------------------------
Ok, here we go! The first thing you need to do is to open up SoftIce and then swolf32.exe which is the name given to our
target program. Go to the help menu and select register. Here's where your brain will come in, start to look
for how the protection is running by entering some random crap into the blank space. Don't press the OK button yet though.
Instead, press CTRL-D to bring up SoftIce. What we are gonna try to do is define a breakpoint, using BPX hmemcpy.
Hit CTRL-D again and it will bring you back to the program. Click OK on the box and SoftIce will again pop up. Now press F12
and it will bring you to the target program code. Scroll down a few lines and find:
:004167D9 8D4C2410 lea ecx, dword ptr {esp+10}--;ecx=the random crap you typed in.
:004167DD 8D94290000000 lea edx, dword ptr {esp+00000090}-;edx=name
:004167E4 51 push ecx
:004167E5 52 push edx
:004167E6 E8B5450100 call 0042ADA0----;this is the call which calculates the serial
:004167EB 83C410 add esp, 00000010--;
:004167EE 85C0 test eax, eax----;and return eax=1 if true (booleon =) )
:004167F0 0F8596000000 jne 0041688C----;jump to registered
:004167F6 8D442408 lea eax, dword ptr {esp+08}
:004167FA 8D8C2488000000 lea ecx, dword ptr {esp+00000088}
:00416801 50 push eax
:00416802 51 push ecx
:00416803 E868470100 call 0042AF70----;this call tests our serial
:00416808 83C408 add esp, 00000008---;
:0041680B 85C0 test eax, eax----;for v3.XX one.
:0041680D 7433 je 00416842;jump is equal
The call that we want to focas on is at 004167E6. This call tests wether our serial is for the correct version or not.
Let's trace the call 004ADA0:
*Referenced by a CALL at address:
:0042ABFC
:0042ADA 83EC30 sub esp, 00000030
:0042ADA3 55 push ebp
:0042ASA4 56 push esi
:004ADA5 57 push edi
:0042ADA6 8B7C24444 mov edi, dword ptr {esp+44}--;edi=our fake serial
:004ADAA 85FF test edi, edi
:004ADAC 0F4A7010000 je 0042AF59----;die if empty
:004ADB2 8B6C2440 mov ebp, dword ptr {esp+40}--ebp=our name
:0042ADB6 85ED test ebp, ebp
:004ADB8 0F849B010000 je 0042AF59---;die if empty
:004ADBE 8A07 mov al, byte ptr {edi}--;compare 1st byte of serial with 'p', die
:0042ADC0 3C50 cmp al, 50----;
:0042ADC2 0F8587010000 jne 0042AF4F----;if not equal
:0042ADC8 807F0134 cmp byte ptr {edi+01}, 34--:compare byte of serial with '4'
:004ADCC 750C jne 0042ADDA----;
:0042ADCE C70500C8430000000000 mov dword ptr {0043C800}, 00000000
:0042ADD8 EB1C jmp 0042ADF6
As we can see by the above, the code tells us that the first value of our serial will
be 'p' and a cycle of a four byte algorythm. I could go on and on about all of the internals
of all this stuff but that would be going beyond the scope of this tutorial. The idea was to show
how to crack this pro, and thats what I'm going to do. Based on the information I've given you, and the
information that you can deduce from reading the code, I've written a small key generator in C.
If you know C, then you'll be able to tell where i got the algorythms to write it. So here it is:
#include
#include
int main(void)
{
long code=555583,count1,count2;
char name[25],cod[5],type='0';
clrscr();
textcolor(14);
printf("This is a simple key-generator written by k33t of CYBNET Security Group");
printf("========================================== =======");
text color(10);
printf("SubmitWolf(demo)ver4.1 cracked by k33t");
textcolor(14);
printf("%c%c%c",0x10,0x10,0x10");
textcolor(12);
printf("Yup")
prinf("-November 2002");
prinf("'\n\nSelect Edition PRO(0) or Enterprise(1) (0/1)=");
scanf("%c",&type);
if(type=='1')code=557283;
getchar();
prinf("Enter Registration Name=");
scanf("%[^\n]",name);
for(count1=0;count1<=3;count1++
cod[count1]=name[count1];
for(count=1;count1=3;count1++){
for(count2=0;count2<=3;count2++)
cod[count2]=cod[count2]*(code%100);
code=code/100;
}
for(count1=0;name[count1]>0;count1++);
for(count2=0;count2<=3;count2++)
cod[count2]=cod[count2]^(name[count1]+3);
for=(count1-3;count1>=0;count1--){
code=code+(cod[count1]&0xFF);
if(count1>0)
code=code*0x100;
}
if(code<0)code=-code;
for(;code<10000;) code=code*10;
for(;code>999999;) code=code/10;
printf(Your Serial Number=P%c4-%ld",(type=='1')? 'E':'4'code);
return ;
}
Ok! So! An overall conclusion of this code is:
1.First two characters of the serial must be either 'PE' or 'P4'.
2.Multiply every first four characters or our name with every byte of our serial before '-'
3.XOR every four byte with every byte of our name.
4.Convert to positive number if<0.
5.Convert to number between 10000 and 1000000.
Forgive me if this code is buggy as I wrote it very quickly in the little spare time I had.
-----------------------------------------------------------------------------------------------------------
---Conclusion-------
Well how was your first cracking expierience? Not bad eh? Ok well if you have any questions,
problems,comments,.....criticsms.......you can e-mail them to me at:
Restrict Time allowed on the pc (Windows)
To restrict a users logon hours , use the net user command. These commands are used from the Command Prompt. (Start - RUN - and type cmd)
Below are some examples:
1 - net user Joanna /time:M-F,08:00-17:00
2 - net user Ninja /time:M-F,8am-5pm
3 - net user Echelon /time:M,4am-5pm;T,1pm-3pm;W-F,8:00-17:00
4 - net user Shine /time:all (this one means this user can always log on)
Note:You can only restrict when a user can log on to the system. On a stand alone computer, there is no way to force a user to log off when their hours expire, without a third party script or software.
Below are some examples:
1 - net user Joanna /time:M-F,08:00-17:00
2 - net user Ninja /time:M-F,8am-5pm
3 - net user Echelon /time:M,4am-5pm;T,1pm-3pm;W-F,8:00-17:00
4 - net user Shine /time:all (this one means this user can always log on)
Note:You can only restrict when a user can log on to the system. On a stand alone computer, there is no way to force a user to log off when their hours expire, without a third party script or software.
Recover a corrupted filesystem
Recover a Corrupted System File
If an essential Windows file gets whacked by a virus or otherwise corrupted, restore it from the Windows CD. Search the CD for the filename, replacing the last character with an underscore; for example, Notepad.ex_. If it's found, open a command prompt and enter the command EXPAND, followed by the full pathname of the file and of the desired destination: EXPAND D:\SETUP\NOTEPAD.EX_ C:\Windows\NOTEPAD.EXE. If either pathname contains any spaces, surround it with double quotes.
If the file isn't found, search on the unmodified filename. It will probably be inside a CAB file, which Win XP treats as a folder. Simply right-drag and copy the file to the desired location. In other Windows platforms, search for a file matching *.cab that contains the filename. When the search is done, open a command prompt and enter EXTRACT /L followed by the desired location, the full pathname of the CAB file, and the desired filename; for example: EXTRACT /L C:\Windows D:\I386\Driver.cab Notepad.exe. Again, if the destination or CAB file pathname contains spaces, surround it with double quotes.
If an essential Windows file gets whacked by a virus or otherwise corrupted, restore it from the Windows CD. Search the CD for the filename, replacing the last character with an underscore; for example, Notepad.ex_. If it's found, open a command prompt and enter the command EXPAND, followed by the full pathname of the file and of the desired destination: EXPAND D:\SETUP\NOTEPAD.EX_ C:\Windows\NOTEPAD.EXE. If either pathname contains any spaces, surround it with double quotes.
If the file isn't found, search on the unmodified filename. It will probably be inside a CAB file, which Win XP treats as a folder. Simply right-drag and copy the file to the desired location. In other Windows platforms, search for a file matching *.cab that contains the filename. When the search is done, open a command prompt and enter EXTRACT /L followed by the desired location, the full pathname of the CAB file, and the desired filename; for example: EXTRACT /L C:\Windows D:\I386\Driver.cab Notepad.exe. Again, if the destination or CAB file pathname contains spaces, surround it with double quotes.
Subscribe to:
Posts (Atom)