recent posts
Thursday, March 11, 2010
Download
Sunday, February 28, 2010
How To Block Websties Without Software, block websites
Steps:
1] Browse C:\WINDOWS\system32\drivers\etc
2] Find the file named "HOSTS"
3] Open it in notepad
4] Under "127.0.0.1 localhost" Add 127.0.0.2 www.sitenameyouwantblocked.com , and that site will no longer be accessable.
5] Done!
-So-
127.0.0.1 localhost
127.0.0.2 www.blockedsite.com
-->www.blockedsite.com is now unaccessable<--
For every site after that you want to add, just add "1" to the last number in the internal ip (127.0.0.2) and then the addy like before.
IE: 127.0.0.3 www.blablabla.com
127.0.0.4 www.blablabla.com
127.0.0.5 www.blablabla.com
etc
test your anti virus
copy and paste the below code into ur notepad and save it as eicar.com or any batch file with extension .bat. if ur antivirus detects and deletes it ur anti-virus is working,if not detects ur anti-virus is not working.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
boot ur xp faster
. Open notepad.exe, type "del c:windowsprefetch tosboot-*.* /q" (without the quotes) & save as "ntosboot.bat" in c:
2. From the Start menu, select "Run..." & type "gpedit.msc".
3. Double click "Windows Settings" under "Computer Configuration" and double click again on "Shutdown" in the right window.
4. In the new window, click "add", "Browse", locate your "ntosboot.bat" file & click "Open".
5. Click "OK", "Apply" & "OK" once again to exit.
6. From the Start menu, select "Run..." & type "devmgmt.msc".
7. Double click on "IDE ATA/ATAPI controllers"
8. Right click on "Primary IDE Channel" and select "Properties".
9. Select the "Advanced Settings" tab then on the device 0 or 1 that doesn't have 'device type' greyed out select 'none' instead of 'autodetect' & click "OK".
10. Right click on "Secondary IDE channel", select "Properties" and repeat step 9.
11. Reboot your computer.
WindowsXP should now boot REALLY faster.
Tuesday, February 16, 2010
LEGITIMATE ONLINE JOBS
LEGITIMATE ONLINE JOBS:
Call Center / Customer Service Jobs
- Alpine Access Premier provider of customer service solutions using home-based employees. NO FEES.
- Brighten Communications A business-to-business telemarketing company specializing in the outsourcing of lead generation. The clients you will be making calls on behalf of represent professional organizations in industries such as finance, brokerage, and high-tech.
- Customer Loyalty Concepts You will be contacting existing newspaper subscribers selling a variety of services.
- LiveOps Outsourcing call center solutions using work at home agents. $30.00 fee for credit and background check.
- West At Home West agents handle client's interaction with their customers, from customer care and live chat to email and incoming sales calls.
- Working Solutions A long-standing company, workingsolutions.com offers many legitimate - NO FEE - home based opportunities.
- Axion Data Sign up as a home-working independent contractor with this long-standing company. NO FEES TO JOIN.
- Dion Data Solutions Complete an appilcation, and - if approved - you will be contacted to provide work at home data management services for them. NO FEES TO JOIN.
- Palm Coast Data Data entry keyers input customer information, such as names and addresses, or revise information already in the database. Work at home on your own personal computer, linked to Palm Coast Data. Currently hiring work at home keyers in Florida and Colorado. NO COST
Tuesday, February 9, 2010
how to hack any email account by phishing
Steps to Hack Email account password by phishing :
1. First of all, to start with you need a phisher of email account. For example, if you want to hack myspace, you should have myspace phisher. I have explained in my article How to make a myspace phishing site by Myspace Hacking software how to obtain phisher using "phisher creator" - a software to create phishers.
Download Phisher Creator software to hack email password.
The downloaded file is zipped and password protected. Click here to get the password.
2. Using guidelines in that article, construct a phisher. Say you want to make orkut.com phisher. Just enter www.orkut.com in text field of Phisher Creator and you will get required orkut phisher. This phisher will have :
a. Index.htm and
b. write.php
3. Go to www.t35.com - a webhosting service offering free webspace. Now, sign up to this webhost using "Orkut" or "OrkutVerification" as Username. This is very important to make phisher url match with that of orkut.
Update: Many readers have reported (via comments) problems with t35.com. So, if you're having same problem, just try out 110mb.com. Thanks "tryingtolearn" for your update.
Also, you can use http://yourfreehosting.net for uploading your phisher (Recommended).
4. Now, after signing up, login to your account and upload the two files created in step 2 using Phisher Creator.
5. Now, sign up at Yahoo.com or gmail.com and use "Orkutsupport@gmail.com" or likewise email address while signing up. This will be email address visible to victim in his inbox. So, be careful while selecting this email address.
6. After signing up, compose mail such that it informs victim about the fact that you are a part of orkut support team and wanted to inform victim that his orkut account is accessed by illegal third party. Hence, you , as part of orkut support have mailed him to verify ownership of his orkut account by logging in his orkut account using the link provided and provide him the link of your orkut phisher ready to hack his orkut account password. You can use different logic to make him login his orkut account using our phisher.
Once, the victim tries to log into his account using our provided phisher link, his orkut account password is recorded at our free webhost. Now, just go to your t35.com account control panel and see your files database or list. You will get their one new file created named "passes.txt". If such file is not present, try refreshing the page and you will get that file. Now, simply click on "Open" and you will get victim userid and password recorded in that file.
Cheers.... his orkut account password hacked... You are, thus, able to hack orkut account password.
Thats it. I hope this security phishing tutorial is fullproof and you can now hack email account password using Email Phishing. I have tried to keep this email phishing tutorial simple for you to hack email account password.
Monday, January 25, 2010
36 design and photoshop ebooks
remove "*" and type "t" it should look like ftp: //195.135.232.80/Books/design/8.books.Maya.[by.KiN_www.netz.ru].rar
36 Graphics & Design Ebooks
Maya, Photoshop, Macromedia, Bryce, Digital Photography, & more....
Download with FlashGet
f*p://195.135.232.80/Books/design/8.books.Maya.[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/A.Short.Course.in.Digital.Photography.[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Adobe.Creative.Suite.Keyboard.Shortcuts.[by.KiN_www.netz.ru]_3,1.MB.rar
f*p://195.135.232.80/Books/design/Adobe.Photoshop.CS.in.10.Simple.Steps.or.Less.(2004).[by.KiN_www.netz.ru]_7,84 MB.rar
f*p://195.135.232.80/Books/design/Adobe.Photoshop.Tutorial.7.Day.Course.html.a.[28.84.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Advanced.3D.Photorealism.Techniques[9,76.MB_RUS_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Bill.Flemming.Advanced.3D.Photorealism.Techniques.[RUS].[by.KiN_www.netz.ru]_9,75 MB.rar
f*p://195.135.232.80/Books/design/Bryce.5.Manual.[by.KiN_www.netz.ru_4.01MB].rar
f*p://195.135.232.80/Books/design/Corel.103.tutorials.RUS.[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Designing Secure Web-Based Applications for Windows 2000.zip
f*p://195.135.232.80/Books/design/DHTML.Weekend.Crash.Course[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Digital.Photography.Hacks.[by.KiN_www.netz.ru]_11,76.MB.rar
f*p://195.135.232.80/Books/design/How.To.Do.Everything.With.Illustrator.[by.KiN_www.netz.ru]_30,58.MB.rar
f*p://195.135.232.80/Books/design/How.To.Do.Everything.With.Photoshop.7.[by.KiN_www.netz.ru]_9,8 MB.rar
f*p://195.135.232.80/Books/design/How.To.Draw.Anime.Photoshop.Coloring.Tips.[by.KiN_www.netz.ru]_773 kB.rar
f*p://195.135.232.80/Books/design/How.To.Draw.Manga.Photoshop.Techniques.[by.KiN_www.netz.ru]_343 kB.rar
f*p://195.135.232.80/Books/design/How.To.Use.Adobe.Photoshop.7.[by.KiN_www.netz.ru]_14,66 MB.rar
f*p://195.135.232.80/Books/design/HTML.4.01.Weekend.Crash.Course[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/HTML.Complete.Course.[by.KiN_www.netz.ru]_26,79.MB.rar
f*p://195.135.232.80/Books/design/Learn.How.To.Draw.[by.KiN_www.netz.ru]_1,61.MB.rar
f*p://195.135.232.80/Books/design/Learn.HTML4.In.a.Weekend.[by.KiN_www.netz.ru]_11,02.MB.rar
f*p://195.135.232.80/Books/design/Learning.Macromedia.FlashMX.2004[658.kB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Macromedia.Dreamweaver.4.Bible[8,86.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Macromedia.Dreamweaver.MX.2004.Web.Application.Recipes[6,5.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Macromedia.Flash.MX.2004.ActionScript.Reference.Guide.rar
f*p://195.135.232.80/Books/design/Macromedia.Flash.MX.2004.Using.Components.rar
f*p://195.135.232.80/Books/design/Macromedia.Flashmx.Actionscript.Reference.Guide.2004[2,66.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Macromedia.Flashmx.Using.Components.2004[979.kB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Macromedia.Press.Macromedia.Dreamweaver.MX.Dynamic.Applications.[10.46.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/New.Riders.Photoshop.7.Power.Shortcuts.[by.KiN_www.netz.ru]_3,5 MB.rar
f*p://195.135.232.80/Books/design/NewRiders.MacromediaDreamweaverMx2004WebApplicationRecipes(6,5MB_www.netz.ru).rar f*p://195.135.232.80/Books/design/PhotoShop.&.Illustrator.Tutorial.[14.37.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Photoshop.6.Bible.[13.95.MB_www.netz.ru].rar f*p://195.135.232.80/Books/design/Photoshop.75.tutorial.RUS.[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Photoshop.CS.Tips.and.Tricks.[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Photoshop.Rus.4-18[6.5Mb,_www.netz.ru].rar
error and beep codes
1 short beep System is OK
2 short beeps POST Error - error code shown on screen No beep Power supply or system board problem Continuous beep Power supply, system board, or keyboard problem Repeating short beeps Power supply or system board problem
1 long, 1 short beep System board problem
1 long, 2 short beeps Display adapter problem (MDA, CGA)
1 long, 3 short beeps Display adapter problem (EGA)
3 long beeps 3270 keyboard card
IBM POST Diagnostic Code Descriptions
Code Description
100 - 199 System Board
200 - 299 Memory
300 - 399 Keyboard
400 - 499 Monochrome Display
500 - 599 Colour/Graphics Display
600 - 699 Floppy-disk drive and/or Adapter
700 - 799 Math Coprocessor
900 - 999 Parallel Printer Port
1000 - 1099 Alternate Printer Adapter
1100 - 1299 Asynchronous Communication Device, Adapter, or Port
1300 - 1399 Game Port
1400 - 1499 Colour/Graphics Printer
1500 - 1599 Synchronous Communication Device, Adapter, or Port
1700 - 1799 Hard Drive and/or Adapter
1800 - 1899 Expansion Unit (XT)
2000 - 2199 Bisynchronous Communication Adapter
2400 - 2599 EGA system-board Video (MCA)
3000 - 3199 LAN Adapter
4800 - 4999 Internal Modem
7000 - 7099 Phoenix BIOS Chips
7300 - 7399 3.5" Disk Drive
8900 - 8999 MIDI Adapter
11200 - 11299 SCSI Adapter
21000 - 21099 SCSI Fixed Disk and Controller
21500 - 21599 SCSI CD-ROM System
AMI BIOS Beep Codes
Code Description
1 Short Beep System OK
2 Short Beeps Parity error in the first 64 KB of memory
3 Short Beeps Memory failure in the first 64 KB
4 Short Beeps Memory failure in the first 64 KB Operational of memory
or Timer 1 on the motherboard is not functioning
5 Short Beeps The CPU on the motherboard generated an error
6 Short Beeps The keyboard controller may be bad. The BIOS cannot switch to protected mode
7 Short Beeps The CPU generated an exception interrupt
8 Short Beeps The system video adapter is either missing, or its memory is faulty
9 Short Beeps The ROM checksum value does not match the value encoded in the BIOS
10 Short Beeps The shutdown register for CMOS RAM failed
11 Short Beeps The external cache is faulty
1 Long, 3 Short Beeps Memory Problems
1 Long, 8 Short Beeps Video Card Problems
Phoenix BIOS Beep Codes
Note - Phoenix BIOS emits three sets of beeps, separated by a brief pause.
Code Description
1-1-3 CMOS read/write failure
1-1-4 ROM BIOS checksum error
1-2-1 Programmable interval timer failure
1-2-2 DMA initialisation failure
1-2-3 DMA page register read/write failure
1-3-1 RAM refresh verification failure
1-3-3 First 64k RAM chip or data line failure
1-3-4 First 64k RAM odd/even logic failure
1-4-1 Address line failure first 64k RAM
1-4-2 Parity failure first 64k RAM
2-_-_ Faulty Memory
3-1-_ Faulty Motherboard
3-2-4 Keyboard controller Test failure
3-3-4 Screen initialisation failure
3-4-1 Screen retrace test failure
3-4-2 Search for video ROM in progress
4-2-1 Timer tick interrupt in progress or failure
4-2-2 Shutdown test in progress or failure
4-2-3 Gate A20 failure
4-2-4 Unexpected interrupt in protected mode
4-3-1 RAM test in progress or failure>ffffh
4-3-2 Faulty Motherboard
4-3-3 Interval timer channel 2 test or failure
4-3-4 Time of Day clock test failure
4-4-1 Serial port test or failure
4-4-2 Parallel port test or failure
4-4-3 Math coprocessor test or failure
Low 1-1-2 System Board select failure
Low 1-1-3 Extended CMOS RAM failure
computer hardware trouble shoot,beep codes explained
BIOS Beep Codes
When a computer is first turned on, or rebooted, its BIOS performs a power-on self test (POST) to test the system's hardware, checking to make sure that all of the system's hardware components are working properly. Under normal circumstances, the POST will display an error message; however, if the BIOS detects an error before it can access the video card, or if there is a problem with the video card, it will produce a series of beeps, and the pattern of the beeps indicates what kind of problem the BIOS has detected.
Because there are many brands of BIOS, there are no standard beep codes for every BIOS.
The two most-used brands are AMI (American Megatrends International) and Phoenix.
Below are listed the beep codes for AMI systems, and here are the beep codes for Phoenix systems.
AMI Beep Codes
Beep Code Meaning
1 beep DRAM refresh failure. There is a problem in the system memory or the motherboard.
2 beeps Memory parity error. The parity circuit is not working properly.
3 beeps Base 64K RAM failure. There is a problem with the first 64K of system memory.
4 beeps System timer not operational. There is problem with the timer(s) that control functions on the motherboard.
5 beeps Processor failure. The system CPU has failed.
6 beeps Gate A20/keyboard controller failure. The keyboard IC controller has failed, preventing gate A20 from switching the processor to protect mode.
7 beeps Virtual mode exception error.
8 beeps Video memory error. The BIOS cannot write to the frame buffer memory on the video card.
9 beeps ROM checksum error. The BIOS ROM chip on the motherboard is likely faulty.
10 beeps CMOS checksum error. Something on the motherboard is causing an error when trying to interact with the CMOS.
11 beeps Bad cache memory. An error in the level 2 cache memory.
1 long beep, 2 short Failure in the video system.
1 long beep, 3 short A failure has been detected in memory above 64K.
1 long beep, 8 short Display test failure.
Continuous beeping A problem with the memory or video.
BIOS Beep Codes
Phoenix Beep Codes
Phoenix uses sequences of beeps to indicate problems. The "-" between each number below indicates a pause between each beep sequence. For example, 1-2-3 indicates one beep, followed by a pause and two beeps, followed by a pause and three beeps. Phoenix version before 4.x use 3-beep codes, while Phoenix versions starting with 4.x use 4-beep codes. Click here for AMI BIOS beep codes.
4-Beep Codes
Beep Code Meaning
1-1-1-3 Faulty CPU/motherboard. Verify real mode.
1-1-2-1 Faulty CPU/motherboard.
1-1-2-3 Faulty motherboard or one of its components.
1-1-3-1 Faulty motherboard or one of its components. Initialize chipset registers with initial POST values.
1-1-3-2 Faulty motherboard or one of its components.
1-1-3-3 Faulty motherboard or one of its components. Initialize CPU registers.
1-1-3-2
1-1-3-3
1-1-3-4 Failure in the first 64K of memory.
1-1-4-1 Level 2 cache error.
1-1-4-3 I/O port error.
1-2-1-1 Power management error.
1-2-1-2
1-2-1-3 Faulty motherboard or one of its components.
1-2-2-1 Keyboard controller failure.
1-2-2-3 BIOS ROM error.
1-2-3-1 System timer error.
1-2-3-3 DMA error.
1-2-4-1 IRQ controller error.
1-3-1-1 DRAM refresh error.
1-3-1-3 A20 gate failure.
1-3-2-1 Faulty motherboard or one of its components.
1-3-3-1 Extended memory error.
1-3-3-3
1-3-4-1
1-3-4-3 Error in first 1MB of system memory.
1-4-1-3
1-4-2-4 CPU error.
1-4-3-1
2-1-4-1 BIOS ROM shadow error.
1-4-3-2
1-4-3-3 Level 2 cache error.
1-4-4-1
1-4-4-2
2-1-1-1 Faulty motherboard or one of its components.
2-1-1-3
2-1-2-1 IRQ failure.
2-1-2-3 BIOS ROM error.
2-1-2-4
2-1-3-2 I/O port failure.
2-1-3-1
2-1-3-3 Video system failure.
2-1-1-3
2-1-2-1 IRQ failure.
2-1-2-3 BIOS ROM error.
2-1-2-4 I/O port failure.
2-1-4-3
2-2-1-1 Video card failure.
2-2-1-3
2-2-2-1
2-2-2-3 Keyboard controller failure.
2-2-3-1 IRQ error.
2-2-4-1 Error in first 1MB of system memory.
2-3-1-1
2-3-3-3 Extended memory failure.
2-3-2-1 Faulty motherboard or one of its components.
2-3-2-3
2-3-3-1 Level 2 cache error.
2-3-4-1
2-3-4-3 Motherboard or video card failure.
2-3-4-1
2-3-4-3
2-4-1-1 Motherboard or video card failure.
2-4-1-3 Faulty motherboard or one of its components.
2-4-2-1 RTC error.
2-4-2-3 Keyboard controller error.
2-4-4-1 IRQ error.
3-1-1-1
3-1-1-3
3-1-2-1
3-1-2-3 I/O port error.
3-1-3-1
3-1-3-3 Faulty motherboard or one of its components.
3-1-4-1
3-2-1-1
3-2-1-2 Floppy drive or hard drive failure.
3-2-1-3 Faulty motherboard or one of its components.
3-2-2-1 Keyboard controller error.
3-2-2-3
3-2-3-1
3-2-4-1 Faulty motherboard or one of its components.
3-2-4-3 IRQ error.
3-3-1-1 RTC error.
3-3-1-3 Key lock error.
3-3-3-3 Faulty motherboard or one of its components.
3-3-3-3
3-3-4-1
3-3-4-3
3-4-1-1
3-4-1-3
3-4-2-1
3-4-2-3
3-4-3-1
3-4-4-1
3-4-4-4 Faulty motherboard or one of its components.
4-1-1-1 Floppy drive or hard drive failure.
4-2-1-1
4-2-1-3
4-2-2-1 IRQ failure.
4-2-2-3
4-2-3-1
4-2-3-3
4-2-4-1 Faulty motherboard or one of its components.
4-2-4-3 Keyboard controller error.
4-3-1-3
4-3-1-4
4-3-2-1
4-3-2-2
4-3-3-1
4-3-4-1
4-3-4-3 Faulty motherboard or one of its components.
4-3-3-2
4-3-3-4 IRQ failure.
4-3-3-3
4-3-4-2 Floppy drive or hard drive failure.
3-Beep Codes
Beep Code Meaning
1-1-2 Faulty CPU/motherboard.
1-1-3 Faulty motherboard/CMOS read-write failure.
1-1-4 Faulty BIOS/BIOS ROM checksum error.
1-2-1 System timer not operational. There is a problem with the timer(s) that control functions on the motherboard.
1-2-2
1-2-3 Faulty motherboard/DMA failure.
1-3-1 Memory refresh failure.
1-3-2
1-3-3
1-3-4 Failure in the first 64K of memory.
1-4-1 Address line failure.
1-4-2 Parity RAM failure.
1-4-3 Timer failure.
1-4-4 NMI port failure.
2-_-_ Any combination of beeps after 2 indicates a failure in the first 64K of memory.
3-1-1 Master DMA failure.
3-1-2 Slave DMA failure.
3-1-3
3-1-4 Interrupt controller failure.
3-2-4 Keyboard controller failure.
3-3-1
3-3-2 CMOS error.
3-3-4 Video card failure.
3-4-1 Video card failure.
4-2-1 Timer failure.
4-2-2 CMOS shutdown failure.
4-2-3 Gate A20 failure.
4-2-4 Unexpected interrupt in protected mode.
4-3-1 RAM test failure.
4-3-3 Timer failure.
4-3-4 Time of day clock failure.
4-4-1 Serial port failure.
4-4-2 Parallel port failure.
4-4-3 Math coprocessor.
boost your internet speed with small changes
These settings allow you to boost the speed of your broadband Internet connection when using a Cable Modem or DSL Router with Windows 2000 and Windows XP.
Open your registry and find the key below.
Create the following DWORD values, as most of these values will not already exist you will need to create them by clicking on 'Edit -> New -> DWORD Value' and then set the value as shown below.
DefaultTTL = "80" hex (or 128 decimal)
Specifies the default time to live (TTL) for TCP/IP packets. The default is 32.
EnablePMTUBHDetect = "0"
Specifies whether the stack will attempt to detect Maximum Transmission Unit (MTU) routers that do not send back ICMP fragmentation-needed messages. The default is 0.
EnablePMTUDiscovery = "1"
Specifies whether the TCP/IP stack will attempt to perform path MTU discovery as specified in RFC 1191. The default is 1.
GlobalMaxTcpWindowSize = "7FFF" hex (or 32767 decimal)
Specifies the system maximum receive window size advertised by the TCP/IP stack.
TcpMaxDupAcks = "2"
Determines the number of duplicate ACKs that must be received for the same sequence number of sent data before "fast retransmit" is triggered.
SackOpts = "1"
Enables support for selective acknowledgements as documented by Request for Comment (RFC) 2018. Default is 0.
Tcp1323Opts = "1"
Controls RFC 1323 time stamps and window scaling options. Possible values are: "0" = disable RFC 1323 options, "1" = window scale enabled only, "2" = time stamps enabled only and "3" = both options enabled.
TcpWindowSize = "7FFF" hex (or 32767 decimal)
Specifies the receive window size advertised by the TCP/IP stack. If you have a latent network you can try increasing the value to 93440, 186880, or 372300.
Exit your registry and restart Windows for the changes to take effect.
If you don’t want to edit the registry, here's a little TCP utility that is ideal...
http://www.broadbandreports.com/front/doctorping.zip
reverse coding
---Hexadecimal----------
To begin, I'm going to teach you about hexadecimal, so if you already
know it, then move on. Even if you do already know it, I suggest
sticking around for a refreshment of your memory.=)
Hexadecimal, or hex as it's more commonly known, is a base 16
numbering system. Base 16 meaning that it consists of 16 numbers:
0-9 and A-F. Each of these numbers (A-F=10-16) have a value of 4 bits
and are also called nibbles. In representing a hexadecimal number, one
would write an "0x" before the actual bit set. 0x is simply a tag put
before a hex number to let programmers know that it is in fact, hex.
When writing hex, you will not need to use this prefix.
If you haven't already noticed, the 0x prefix looks similar to that of exponential
notation. Actually this is where 0x has been derived, seeing as how
hex is simply a number that has been raised to a power of 16.
This means 10 in hexadecimal represents the value 16+0, or 16. So check
out this example:
0xB3 (hex)= 2*16(squared)+11*16(to the 1st power)+3*16(to the power of 0 )
=2*256+11*16+3=691 (decimal)
Yeah, you could do all of that, or you could be lazy and use an automated
program that does it all for you. Why do you need to know hex? Because
it's used by every piece of software and hardware. How? Memory based address
allocation. Here's an example:
When you clicked on your browsers icon to launch it, the click triggered a "call"
(an asm function that will be discussed more in depth in later chapters.) which
went back to the programs memory with the "click in it's hand." It finds the
address where the code is that makes the program launch and executes it. The
address is written in, you guessed it, hex. An example of an address would be
something like this:
101c5018
5108 would be the actual specific address and 101c would be the sector
of RAM were the address is located. Those are the basics of Hexadecimal
You should probley read this chapter againbecause getting a firm grasp on hex
is essential to cracking and moding programs.
----------------------------------------------------------------------------------------------------------
---RAM and ROM--------
In this section we are gonna learn about RAM and ROM. Many people kno about
the hardware part of RAM and ROM and that's gonna be very useful to you......
just not in this tutorial. =) We are about to learn about the "software" side. I use the
term software loosly in that software tends to have a GUI (Graphical User Interface)
and this does not. BUT, there are ways to access and modify the behavior of it that
I will talk about in this chapter, as well as in the next. To start off, I'll answer some
common questions:
What is RAM?
RAM (Random Access Memory) is basically memory and the process of accessing it.
The term "Random Access Memory" was approprietly given to this memory unit because
when executing a command, the CPU doesn't have to scroll through all the memory on
your PC until it finds the right address. It "randomly" whips out the addy from it's back
pocket and serves it up.This process is both quick and efficient. Learning this process
will help you understand the ASM functions in the next chapter.
How does RAM work?
When a command is issued and the memory is pulled from file, it must first go through
what is called a "vector". A vector is a "gateway" or a "sector" of RAM where the address
of the function is stored with others of it's own kind. An example of a vector would be
something like this:
8c0000b4-8c00ffff
This means that all "addressii" (hehe) that are between those values are stored in that
sector of RAM. A vector acts as a gateway in that, first, pass through a vector to get to
address. Your average program probley has about 30 to 40 main vectors, sectioning
off from boot until exit. Knowing the vector of an addy or a function will greatly reduce
your headache when you start searching for it.
ROM. ROM is a part of memory that doesn't change. (Although we can change it.=) )
Boot ROM for instance, follows the same plan of action it is called upon. ROM also has
vectors, just like RAM. ROM is not that important when it comes to cracking to we will
leave it alone for now.
Back to RAM. Believe it or not, but addressii (there I go again, I'm such a g33k.)
actually follow certain formats or syntax's for certain functions. Take hot keys for
example: In the under ground, we call them "Joker commands". By pressing a certain
combonation of keys, a program will run, close, be stupid, whatever. The syntax for a
Joker command is as follows:
0d-aaaaaf
000zvvvv
Let's examine this format a little closer.
0d= The proclemation of a specifyed format
aaaaa= The address of the function
f= The float or remainder; "Floating point number" ; decimal
000= "NOP" No operation
z= The "Booleon" as we the C++ programmers call it. A booleon is an "IF, THEN" statement.
"IF this is true, THEN do this." Value 0= equal; 1= different; 2=less than; 3=greater than.
vvvv= The combonation of hex values (The values of the keys pressed) used to execute the "CALL"
Say the "A" key had a vlaue of fffb and the "B" key has a vlaue of fffd. You would then add both
values using a hex calculator and get fff9 as the sum. The output on you calculator would
show 1fff8. Add the first value and the last value to find the fourth byte segment. So say
we've found the address of the Joker function (usually in the boot ROM sector) commonly
called the "Maple address" and we are ready to program in some hex code. Our code may
look like this:
0d7ae671
0000fff9
This means that IF the value of fff9 (A and B) is equal (0) to the address (aaaaf) of the function,
THEN execute it. See? Easy isn't it? You'll need to know things like this when modding programs
as a use of executing of your arbitrary code in certain parts of your program at a certain time.
Joker commands are also reversable in that if you enter the same code except with a 1,2, or 3,
in the z slot and by changing the button combonations. Reversable meaning terminating the
function or other functions that were started. A good use for this is for firewalls and babysitting
programs. Are you on a college machine and can't download stuff because of that pesky firewall?
Crack it open and program in some Joker commands so you can turn it on and off at will
WITHOUT the administrator's password!
--------------------------------------------------------------------------------------------------------------
---ASM-----------------------
To start off with our small and to the point ASM section, I'll warn you in advance, after reading this,
you'll need to go take a shower cause this is disgusting! Here we go!
To begin, I'm gonna define for you some functions that you'll be seeing alot of, and be using. Here they are:
.:Hex:. .:ASM:. .:MEANING:.
75,0f85 jne jump if not equal
74,0f84 je jump is equal
eb jmp jump directly to
90 nop no operation
77,0f87 ja jump if above
0f86 jna jump if not above
0f83 jae jump if above or equal to
0f82 jnae jump if not above or equal
0f82 jb jump if below
0f83 jnb jump is not below
of86 jbe jump if below or equal
0f87 jnbe jump if not below or equal
0f8f jg jump if greater
0f8e jng jump if not greater
0f8d jge jump if greater or equal
0f8c jnge jump if not greater or equal
0f8c jl jump if less
0f8d jnl jump if not less
0f8e jle jump if less or equal
0f8f jnle jump if not less or equal
The easy thing about most of the functions in ASM are that they sound like what they mean.
Jump, means of coarse, to Jump from one thing to another. Example:
"jmp 00401744" would mean to jump directly to the address 00401744 once the code
hits the function.
Let's look at "CALL". Call is a function that is used to "call" a certain task, string, address, whatever.
Take a look at this example:
"Call 0040ccc2" this would of coarse call the address 0040ccc2 and use it. Those are the functions
you'll be using.
The reason why I'm not going into loads of detail in this chapter is because when
cracking software, not an extensive amount of knowledge of ASM is needed. If you want
to know more or need help with something, e-mail me at the address provided at the end of
this tutorial. This chapter wasn't so nasty was it? Nah, it was easy =)
------------------------------------------------------------------------------------------------------------------------
---Needed Programs----------------
The programs you will need are as follows:
WDasm 8.9 or Higher
Hiew 6.1
Softice for win9x v3.24
SubmitWolf(demo)v4.01 (http://www.trellian.com/swolf)
Programming Language (C,C++,Pascal,ASM whatever you would like) Prefably C for this tutorial!
And a brain (no seriously)
--------------------------------------------------------------------------------------------------------------------------
---Cracking-----------------------------
Ok, here we go! The first thing you need to do is to open up SoftIce and then swolf32.exe which is the name given to our
target program. Go to the help menu and select register. Here's where your brain will come in, start to look
for how the protection is running by entering some random crap into the blank space. Don't press the OK button yet though.
Instead, press CTRL-D to bring up SoftIce. What we are gonna try to do is define a breakpoint, using BPX hmemcpy.
Hit CTRL-D again and it will bring you back to the program. Click OK on the box and SoftIce will again pop up. Now press F12
and it will bring you to the target program code. Scroll down a few lines and find:
:004167D9 8D4C2410 lea ecx, dword ptr {esp+10}--;ecx=the random crap you typed in.
:004167DD 8D94290000000 lea edx, dword ptr {esp+00000090}-;edx=name
:004167E4 51 push ecx
:004167E5 52 push edx
:004167E6 E8B5450100 call 0042ADA0----;this is the call which calculates the serial
:004167EB 83C410 add esp, 00000010--;
:004167EE 85C0 test eax, eax----;and return eax=1 if true (booleon =) )
:004167F0 0F8596000000 jne 0041688C----;jump to registered
:004167F6 8D442408 lea eax, dword ptr {esp+08}
:004167FA 8D8C2488000000 lea ecx, dword ptr {esp+00000088}
:00416801 50 push eax
:00416802 51 push ecx
:00416803 E868470100 call 0042AF70----;this call tests our serial
:00416808 83C408 add esp, 00000008---;
:0041680B 85C0 test eax, eax----;for v3.XX one.
:0041680D 7433 je 00416842;jump is equal
The call that we want to focas on is at 004167E6. This call tests wether our serial is for the correct version or not.
Let's trace the call 004ADA0:
*Referenced by a CALL at address:
:0042ABFC
:0042ADA 83EC30 sub esp, 00000030
:0042ADA3 55 push ebp
:0042ASA4 56 push esi
:004ADA5 57 push edi
:0042ADA6 8B7C24444 mov edi, dword ptr {esp+44}--;edi=our fake serial
:004ADAA 85FF test edi, edi
:004ADAC 0F4A7010000 je 0042AF59----;die if empty
:004ADB2 8B6C2440 mov ebp, dword ptr {esp+40}--ebp=our name
:0042ADB6 85ED test ebp, ebp
:004ADB8 0F849B010000 je 0042AF59---;die if empty
:004ADBE 8A07 mov al, byte ptr {edi}--;compare 1st byte of serial with 'p', die
:0042ADC0 3C50 cmp al, 50----;
:0042ADC2 0F8587010000 jne 0042AF4F----;if not equal
:0042ADC8 807F0134 cmp byte ptr {edi+01}, 34--:compare byte of serial with '4'
:004ADCC 750C jne 0042ADDA----;
:0042ADCE C70500C8430000000000 mov dword ptr {0043C800}, 00000000
:0042ADD8 EB1C jmp 0042ADF6
As we can see by the above, the code tells us that the first value of our serial will
be 'p' and a cycle of a four byte algorythm. I could go on and on about all of the internals
of all this stuff but that would be going beyond the scope of this tutorial. The idea was to show
how to crack this pro, and thats what I'm going to do. Based on the information I've given you, and the
information that you can deduce from reading the code, I've written a small key generator in C.
If you know C, then you'll be able to tell where i got the algorythms to write it. So here it is:
#include
#include
int main(void)
{
long code=555583,count1,count2;
char name[25],cod[5],type='0';
clrscr();
textcolor(14);
printf("This is a simple key-generator written by k33t of CYBNET Security Group");
printf("=================================================");
text color(10);
printf("SubmitWolf(demo)ver4.1 cracked by k33t");
textcolor(14);
printf("%c%c%c",0x10,0x10,0x10");
textcolor(12);
printf("Yup")
prinf("-November 2002");
prinf("'\n\nSelect Edition PRO(0) or Enterprise(1) (0/1)=");
scanf("%c",&type);
if(type=='1')code=557283;
getchar();
prinf("Enter Registration Name=");
scanf("%[^\n]",name);
for(count1=0;count1<=3;count1++
cod[count1]=name[count1];
for(count=1;count1=3;count1++){
for(count2=0;count2<=3;count2++)
cod[count2]=cod[count2]*(code%100);
code=code/100;
}
for(count1=0;name[count1]>0;count1++);
for(count2=0;count2<=3;count2++)
cod[count2]=cod[count2]^(name[count1]+3);
for=(count1-3;count1>=0;count1--){
code=code+(cod[count1]&0xFF);
if(count1>0)
code=code*0x100;
}
if(code<0)code=-code;
for(;code<10000;) code=code*10;
for(;code>999999;) code=code/10;
printf(Your Serial Number=P%c4-%ld",(type=='1')? 'E':'4'code);
return ;
}
Ok! So! An overall conclusion of this code is:
1.First two characters of the serial must be either 'PE' or 'P4'.
2.Multiply every first four characters or our name with every byte of our serial before '-'
3.XOR every four byte with every byte of our name.
4.Convert to positive number if<0.
5.Convert to number between 10000 and 1000000.
secret backdoor to many websites
Ever experienced this? You ask Google to look something up; the engine returns with a number of finds, but if you try to open the ones with the most promising content, you are confronted with a registration page instead, and the stuff you were looking for will not be revealed to you unless you agree to a credit card transaction first....
The lesson you should have learned here is: Obviously Google can go where you can't.
Can we solve this problem? Yes, we can. We merely have to convince the site we want to enter, that WE ARE GOOGLE.
In fact, many sites that force users to register or even pay in order to search and use their content, leave a backdoor open for the Googlebot, because a prominent presence in Google searches is known to generate sales leads, site hits and exposure.
Examples of such sites are Windows Magazine, .Net Magazine, Nature, and many, many newspapers around the globe.
How then, can you disguise yourself as a Googlebot? Quite simple: by changing your browser's User Agent. Copy the following code segment and paste it into a fresh notepad file. Save it as Useragent.reg and merge it into your registry.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
@="Googlebot/2.1"
"Compatible"="+http://www.googlebot.com/bot.html"
Voila! You're done!
You may always change it back again.... I know only one site that uses you User Agent to establish your eligability to use its services, and that's the Windows Update site...
To restore the IE6 User Agent, save the following code to NormalAgent.reg and merge with your registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
@="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
Ps:
Opera allows for on-the-fly switching of User Agents through its "Browser Identification" function, while for Mozilla/FireFox browsers a switching utility is available as an installable extension from this url:
help://chrispederick.myacen.com/work/firefox/useragentswitcher/download/
about google
Hand type the following prefixes and note their utility:
link:url Shows other pages with links to that url.
related:url same as "what's related" on serps.
site:domain restricts search results to the given domain.
allinurl: shows only pages with all terms in the url.
inurl: like allinurl, but only for the next query word.
allintitle: shows only results with terms in title.
intitle: similar to allintitle, but only for the next word. "intitle:webmasterworld google" finds only pages with webmasterworld in the title, and google anywhere on the page.
cache:url will show the Google version of the passed url.
info:url will show a page containing links to related searches, backlinks, and pages containing the url. This is the same as typing the url into the search box.
spell: will spell check your query and search for it.
stocks: will lookup the search query in a stock index.
filetype: will restrict searches to that filetype. "-filetype:doc" to remove Microsoft word files.
daterange: is supported in Julian date format only. 2452384 is an example of a Julian date.
maps: If you enter a street address, a link to Yahoo Maps and to MapBlast will be presented.
phone: enter anything that looks like a phone number to have a name and address displayed. Same is true for something that looks like an address (include a name and zip code)
site:www.somesite.net "+www.somesite.+net"
(tells you how many pages of your site are indexed by google)
allintext: searches only within text of pages, but not in the links or page title
allinlinks: searches only within links, not text or title
Speed Up Internet
Windows 2k/XP
1. First, open the Windows Registry using Regedit, and (after backing up) navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider
2. Note the following lines (all hex dwords):
Class = 008 ( biggrin.gif - indicates that TCP/IP is a name service provider, don't change
LocalPriority = 1f3 (499) - local names cache
HostsPriority = 1f4 (500) - the HOSTS file
DnsPriority = 7d0 (2000) - DNS
NetbtPriority = 7d1 (2001) - NetBT name-resolution, including WINS
3. What we're aiming to do is increase the priority of the last 4 settings, while keeping their order. The valid range is from -32768 to +32767 and lower numbers mean higher priority compared to other services. What we're aiming at is lower numbers without going to extremes, something like what's shown below should work well:
4. Change the "Priority" lines to:
LocalPriority = 005 (5) - local names cache
HostsPriority = 006 (6) - the HOSTS file
DnsPriority = 007 (7) - DNS
NetbtPriority = 008 ( biggrin.gif - NetBT name-resolution, including WINS
5. Reboot for changes to take effect
2. Windows 9x/ME
1. The tweak is essentialy the same as in Windows 2000/XP, just the location in the Registry is slightly different. For a more detailed description see the Windows 2000/XP section above
2. Open the Windows Registry using Regedit, and (after backing up) navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP\ServiceProvider
3. You should see the following settings:
Class=hex:08,00,00,00
LocalPriority=hex:f3,01,00,00
HostsPriority=hex:f4,01,00,00
DnsPriority=hex:d0,07,00,00
NetbtPriority=hex:d1,07,00,00
4. The "priority" lines should be changed to:
LocalPriority=hex:05,00,00,00
HostsPriority=hex:06,00,00,00
DnsPriority=hex:07,00,00,00
NetbtPriority=hex:08,00,00,00
5. Reboot for changes to take effect
3. System.ini IRQ Tweak - Windows 9x/ME ONLY
1. Find your Network Card's IRQ
1. In order to add the entry to your System.ini file, you'd first have to find your NIC's IRQ
2. Right-click on My Computer icon on your Desktop, then left-click on Properties (a shortcut for that would be to press the 'Windows' + 'Pause' keys). Navigate to Device Manager and double-click on Computer. Under "View Resources" you will find a list of IRQs, each with description of the device that's using it. Note the IRQ number used by your Network Adapter
2. Adding the entry to System.ini
1. Once you've found the IRQ of your Network Card, you need to reserve some RAM for its use, by adding an entry to the System.ini file. You can edit the file in any text editor, however the easiest way is to use Windows' built in "System Configuration Editor"
2. Navigate to Start > Run and type sysedit . Find the [386enh] Section in the System.ini file and add Irq[n]=4096 under it, where [n] is the IRQ number of your NIC and 4096 is the amount of RAM you want to reserve in Kbytes. We recommend using 4096, however you can experiment with different values if you want. Save changes in the file, exit and reboot for changes to take effect.
Note: If you choose to try different values, keep in mind that reserving too much RAM for your NIC will decrease the amount of RAM available for applications, while reserving too little might not give the desired effect
3. Additional Thoughts
1. The only negative effect of the System.ini IRQ tweak is that it will reduce the amount of RAM available for running applications a bit, by reserving some specifically for your Network Card's use. The gain in performance usually outweighs the negative effect by far, considering any Computer with 32Mb of RAM or more
2. This tweak may or may not work for you. It is not a documented tweak by Windows
3. Keep in mind that if you add hardware to your system the IRQ of the Network Adapter might change, in which case you will need to modify the setting in System.ini
4. In systems with multiple NICs, you might want to add the setting for both IRQs. Also, you could reserve RAM for other IRQs if you wish, just use common sense and don't forget it reduces the amount of RAM available for running applications
5. If you are using an USB device, it does not have a specific IRQ, however you can try adding the entry using the IRQ of the USB Controller
6. For internal Cable Modems, you'd have to add the entry using the IRQ of your modem, rather than the IRQ of a Network Card
RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them
Stop A Restart Process In 3steps
Stop A Restart Process In 3steps
Some times we need to stop some restart process quickly. In windows XP some times it gives auto restart warning and here is good solution for it.
1. Go to Start menu
2. Click on RUN
3. Enter the following command excluding hashcodes "shutdown -a"
its Done.
Standard ASCII Character Set
Standard ASCII Character Set= For Bytes
The first 32 values (0 through 31) are codes for things like carriage return and line feed. The space character is the 33rd value, followed by punctuation, digits, uppercase characters and lowercase characters.
0 NUL
1 SOH
2 STX
3 ETX
4 EOT
5 ENQ
6 ACK
7 BEL
8 BS
9 TAB
10 LF
11 VT
12 FF
13 CR
14 SO
15 SI
16 DLE
17 DC1
18 DC2
19 DC3
20 DC4
21 NAK
22 SYN
23 ETB
24 CAN
25 EM
26 SUB
27 ESC
28 FS
29 GS
30 RS
31 US
32
33 !
34 "
35 #
36 $
37 %
38 &
39 '
40 (
41 )
42 *
43 +
44 ,
45 -
46 .
47 /
48 0
49 1
50 2
51 3
52 4
53 5
54 6
55 7
56 8
57 9
58 :
59 ;
60 <
61 =
62 >
63 ?
64 @
65 A
66 B
67 C
68 D
69 E
70 F
71 G
72 H
73 I
74 J
75 K
76 L
77 M
78 N
79 O
80 P
81 Q
82 R
83 S
84 T
85 U
86 V
87 W
88 X
89 Y
90 Z
91 [
92 \
93 ]
94 ^
95 _
96 `
97 a
98 b
99 c
100 d
101 e
102 f
103 g
104 h
105 i
106 j
107 k
108 l
109 m
110 n
111 o
112 p
113 q
114 r
115 s
116 t
117 u
118 v
119 w
120 x
121 y
122 z
123 {
124 |
125 }
126 ~
127 DEL
Name
Abbr.
Size
Kilo
K
2^10 = 1,024
Mega
M
2^20 = 1,048,576
Giga
G
2^30 = 1,073,741,824
Tera
T
2^40 = 1,099,511,627,776
Peta
P
2^50 = 1,125,899,906,842,624
Exa
E
2^60 = 1,152,921,504,606,846,976
Zetta
Z
2^70 = 1,180,591,620,717,411,303,424
Yotta
Y
2^80 = 1,208,925,819,614,629,174,706,176
Monday, January 18, 2010
firefox tweaks
Yes, firefox is already pretty damn fast but did you know that you can tweak it and improve the speed even more?
That's the beauty of this program being open source.
Here's what you do:
In the URL bar, type “about:config” and press enter. This will bring up the configuration “menu” where you can change the parameters of Firefox.
Note that these are what I’ve found to REALLY speed up my Firefox significantly - and these settings seem to be common among everybody else as well. But these settings are optimized for broadband connections - I mean with as much concurrent requests we’re going to open up with pipelining… lol… you’d better have a big connection.
Double Click on the following settins and put in the numbers below - for the true / false booleans - they’ll change when you double click.
Code:
browser.tabs.showSingleWindowModePrefs – true
network.http.max-connections – 48
network.http.max-connections-per-server – 16
network.http.max-persistent-connections-per-proxy – 8
network.http.max-persistent-connections-per-server – 4
network.http.pipelining – true
network.http.pipelining.maxrequests – 100
network.http.proxy.pipelining – true
network.http.request.timeout – 300
One more thing… Right-click somewhere on that screen and add a NEW -> Integer. Name it “nglayout.initialpaint.delay” and set its value to “0”. This value is the amount of time the browser waits before it acts on information it receives. Since you’re broadband - it shouldn’t have to wait.
Now you should notice you’re loading pages MUCH faster now!
google secrets
method 1
?ww.google.com
put this string in google search:
"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Notice that i am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.
voila!
method 2
?ww.google.com
put this string in google search:
?intitle:index.of? mp3
You only need add the name of the song/artist/singer.
Example: ?intitle:index.of? mp3 jackson
hacking password protected webpages
Chapter 4: Hacking Webpages
Getting the Password File Through FTP
Ok well one of the easiest ways of getting superuser access is through
anonymous ftp access into a webpage. First you need learn a little about
the password file...
root:User:d7Bdg:1n2HG2:1127:20:Superuser
TomJones:p5Y(h0tiC:1229:20:Tom Jones,:/usr/people/tomjones:/bin/csh
BBob:EUyd5XAAtv2dA:1129:20:Billy Bob:/usr/people/bbob:/bin/csh
This is an example of a regular encrypted password file. The Superuser is
the part that gives you root. That's the main part of the file.
root:x:0:1:Superuser:/:
ftp:x:202:102:Anonymous ftp:/u1/ftp:
ftpadmin:x:203:102:ftp Administrator:/u1/ftp
This is another example of a password file, only this one has one little
difference, it's shadowed. Shadowed password files don't let you view or
copy the actual encrypted password. This causes problems for the password
cracker and dictionary maker(both explained later in the text). Below is
another example of a shadowed password file:
root:x:0:1:0000-Admin(0000):/:/usr/bin/csh
daemon:x:1:1:0000-Admin(0000):/:
bin:x:2:2:0000-Admin(0000):/usr/bin:
sys:x:3:3:0000-Admin(0000):/:
adm:x:4:4:0000-Admin(0000):/var/adm:
lp:x:71:8:0000-lp(0000):/usr/spool/lp:
smtp:x:0:0:mail daemon user:/:
uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp:
nuucp:x:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:x:37:4:Network Admin:/usr/net/nls:
nobody:x:60001:60001:uid no body:/:
noaccess:x:60002:60002:uid no access:/:
webmastr:x:53:53:WWW Admin:/export/home/webmastr:/usr/bin/csh
pin4geo:x:55:55:PinPaper Admin:/export/home/webmastr/new/gregY/test/pin4geo:/bin/false
ftp:x:54:54:Anonymous FTP:/export/home/anon_ftp:/bin/false
Shadowed password files have an "x" in the place of a password or sometimes
they are disguised as an * as well.
Now that you know a little more about what the actual password file looks
like you should be able to identify a normal encrypted pw from a shadowed
pw file. We can now go on to talk about how to crack it.
Cracking a password file isn't as complicated as it would seem, although the
files vary from system to system. 1.The first step that you would take is
to download or copy the file. 2. The second step is to find a password
cracker and a dictionary maker. Although it's nearly impossible to find a
good cracker there are a few ok ones out there. I recomend that you look
for Cracker Jack, John the Ripper, Brute Force Cracker, or Jack the Ripper.
Now for a dictionary maker or a dictionary file... When you start a
cracking prog you will be asked to find the the password file. That's where
a dictionary maker comes in. You can download one from nearly every hacker
page on the net. A dictionary maker finds all the possible letter
combinations with the alphabet that you choose(ASCII, caps, lowercase, and
numeric letters may also be added) . We will be releasing our pasword file
to the public soon, it will be called, Psychotic Candy, "The Perfect Drug."
As far as we know it will be one of the largest in circulation. 3. You then start up the cracker and follow the directions that it gives
you.
The PHF Technique
Well I wasn't sure if I should include this section due to the fact that
everybody already knows it and most servers have already found out about
the bug and fixed it. But since I have been asked questions about the phf
I decided to include it.
The phf technique is by far the easiest way of getting a password file
(although it doesn't work 95% of the time). But to do the phf all you do
is open a browser and type in the following link:
http://webpage_goes_here/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
You replace the webpage_goes_here with the domain. So if you were trying to
get the pw file for www.webpage.com you would type:
http://www.webpage.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
and that's it! You just sit back and copy the file(if it works).
The best way to get root is with an exploit. Exploits are explained in the
next chapter.
how linux boots
As it turns out, there isn't much to the boot process:
1. A boot loader finds the kernel image on the disk, loads it into memory, and starts it.
2. The kernel initializes the devices and its drivers.
3. The kernel mounts the root filesystem.
4. The kernel starts a program called init.
5. init sets the rest of the processes in motion.
6. The last processes that init starts as part of the boot sequence allow you to log in.
Identifying each stage of the boot process is invaluable in fixing boot problems and understanding the system as a whole. To start, zero in on the boot loader, which is the initial screen or prompt you get after the computer does its power-on self-test, asking which operating system to run. After you make a choice, the boot loader runs the Linux kernel, handing control of the system to the kernel.
There is a detailed discussion of the kernel elsewhere in this book from which this article is excerpted. This article covers the kernel initialization stage, the stage when the kernel prints a bunch of messages about the hardware present on the system. The kernel starts init just after it displays a message proclaiming that the kernel has mounted the root filesystem:
VFS: Mounted root (ext2 filesystem) readonly.
Soon after, you will see a message about init starting, followed by system service startup messages, and finally you get a login prompt of some sort.
NOTE On Red Hat Linux, the init note is especially obvious, because it "welcomes" you to "Red Hat Linux." All messages thereafter show success or failure in brackets at the right-hand side of the screen.
Most of this chapter deals with init, because it is the part of the boot sequence where you have the most control.
init
There is nothing special about init. It is a program just like any other on the Linux system, and you'll find it in /sbin along with other system binaries. The main purpose of init is to start and stop other programs in a particular sequence. All you have to know is how this sequence works.
There are a few different variations, but most Linux distributions use the System V style discussed here. Some distributions use a simpler version that resembles the BSD init, but you are unlikely to encounter this.
Runlevels
At any given time on a Linux system, a certain base set of processes is running. This state of the machine is called its runlevel, and it is denoted with a number from 0 through 6. The system spends most of its time in a single runlevel. However, when you shut the machine down, init switches to a different runlevel in order to terminate the system services in an orderly fashion and to tell the kernel to stop. Yet another runlevel is for single-user mode, discussed later.
The easiest way to get a handle on runlevels is to examine the init configuration file, /etc/inittab. Look for a line like the following:
id:5:initdefault:
This line means that the default runlevel on the system is 5. All lines in the inittab file take this form, with four fields separated by colons occurring in the following order:
# A unique identifier (a short string, such as id in the preceding example)
# The applicable runlevel number(s)
# The action that init should take (in the preceding example, the action is to set the default runlevel to 5)
# A command to execute (optional)
There is no command to execute in the preceding initdefault example because a command doesn't make sense in the context of setting the default runlevel. Look a little further down in inittab, until you see a line like this:
l5:5:wait:/etc/rc.d/rc 5
This line triggers most of the system configuration and services through the rc*.d and init.d directories. You can see that init is set to execute a command called /etc/rc.d/rc 5 when in runlevel 5. The wait action tells when and how init runs the command: run rc 5 once when entering runlevel 5, and then wait for this command to finish before doing anything else.
There are several different actions in addition to initdefault and wait, especially pertaining to power management, and the inittab(5) manual page tells you all about them. The ones that you're most likely to encounter are explained in the following sections.
respawn
The respawn action causes init to run the command that follows, and if the command finishes executing, to run it again. You're likely to see something similar to this line in your inittab file:
1:2345:respawn:/sbin/mingetty tty1
The getty programs provide login prompts. The preceding line is for the first virtual console (/dev/tty1), the one you see when you press ALT-F1 or CONTROL-ALT-F1. The respawn action brings the login prompt back after you log out.
ctrlaltdel
The ctrlaltdel action controls what the system does when you press CONTROL-ALT-DELETE on a virtual console. On most systems, this is some sort of reboot command using the shutdown command.
sysinit
The sysinit action is the very first thing that init should run when it starts up, before entering any runlevels.
How processes in runlevels start
You are now ready to learn how init starts the system services, just before it lets you log in. Recall this inittab line from earlier:
l5:5:wait:/etc/rc.d/rc 5
This small line triggers many other programs. rc stands for run commands, and you will hear people refer to the commands as scripts, programs, or services. So, where are these commands, anyway?
For runlevel 5, in this example, the commands are probably either in /etc/rc.d/rc5.d or /etc/rc5.d. Runlevel 1 uses rc1.d, runlevel 2 uses rc2.d, and so on. You might find the following items in the rc5.d directory:
S10sysklogd S20ppp S99gpm
S12kerneld S25netstd_nfs S99httpd
S15netstd_init S30netstd_misc S99rmnologin
S18netbase S45pcmcia S99sshd
S20acct S89atd
S20logoutd S89cron
The rc 5 command starts programs in this runlevel directory by running the following commands:
S10sysklogd start
S12kerneld start
S15netstd_init start
S18netbase start
...
S99sshd start
Notice the start argument in each command. The S in a command name means that the command should run in start mode, and the number (00 through 99) determines where in the sequence rc starts the command.
The rc*.d commands are usually shell scripts that start programs in /sbin or /usr/sbin. Normally, you can figure out what one of the commands actually does by looking at the script with less or another pager program.
You can start one of these services by hand. For example, if you want to start the httpd Web server program manually, run S99httpd start. Similarly, if you ever need to kill one of the services when the machine is on, you can run the command in the rc*.d directory with the stop argument (S99httpd stop, for instance).
Some rc*.d directories contain commands that start with K (for "kill," or stop mode). In this case, rc runs the command with the stop argument instead of start. You are most likely to encounter K commands in runlevels that shut the system down.
Adding and removing services
If you want to add, delete, or modify services in the rc*.d directories, you need to take a closer look at the files inside. A long listing reveals a structure like this:
lrwxrwxrwx . . . S10sysklogd -> ../init.d/sysklogd
lrwxrwxrwx . . . S12kerneld -> ../init.d/kerneld
lrwxrwxrwx . . . S15netstd_init -> ../init.d/netstd_init
lrwxrwxrwx . . . S18netbase -> ../init.d/netbase
...
The commands in an rc*.d directory are actually symbolic links to files in an init.d directory, usually in /etc or /etc/rc.d. Linux distributions contain these links so that they can use the same startup scripts for all runlevels. This convention is by no means a requirement, but it often makes organization a little easier.
To prevent one of the commands in the init.d directory from running in a particular runlevel, you might think of removing the symbolic link in the appropriate rc*.d directory. This does work, but if you make a mistake and ever need to put the link back in place, you might have trouble remembering the exact name of the link. Therefore, you shouldn't remove links in the rc*.d directories, but rather, add an underscore (_) to the beginning of the link name like this:
mv S99httpd _S99httpd
At boot time, rc ignores _S99httpd because it doesn't start with S or K. Furthermore, the original name is still obvious, and you have quick access to the command if you're in a pinch and need to start it by hand.
To add a service, you must create a script like the others in the init.d directory and then make a symbolic link in the correct rc*.d directory. The easiest way to write a script is to examine the scripts already in init.d, make a copy of one that you understand, and modify the copy.
When adding a service, make sure that you choose an appropriate place in the boot sequence to start the service. If the service starts too soon, it may not work, due to a dependency on some other service. For non-essential services, most systems administrators prefer numbers in the 90s, after most of the services that came with the system.
Linux distributions usually come with a command to enable and disable services in the rc*.d directories. For example, in Debian, the command is update-rc.d, and in Red Hat Linux, the command is chkconfig. Graphical user interfaces are also available. Using these programs helps keep the startup directories consistent and helps with upgrades.
HINT: One of the most common Linux installation problems is an improperly configured XFree86 server that flicks on and off, making the system unusable on console. To stop this behavior, boot into single-user mode and alter your runlevel or runlevel services. Look for something containing xdm, gdm, or kdm in your rc*.d directories, or your /etc/inittab.
Controlling init
Occasionally, you need to give init a little kick to tell it to switch runlevels, to re-read the inittab file, or just to shut down the system. Because init is always the first process on a system, its process ID is always 1.
You can control init with telinit. For example, if you want to switch to runlevel 3, use this command:
telinit 3
When switching runlevels, init tries to kill off any processes that aren't in the inittab file for the new runlevel. Therefore, you should be careful about changing runlevels.
When you need to add or remove respawning jobs or make any other change to the inittab file, you must tell init about the change and cause it to re-read the file. Some people use kill -HUP 1 to tell init to do this. This traditional method works on most versions of Unix, as long as you type it correctly. However, you can also run this telinit command:
telinit q
You can also use telinit s to switch to single-user mode.
Shutting down
init also controls how the system shuts down and reboots. The proper way to shut down a Linux machine is to use the shutdown command.
There are two basic ways to use shutdown. If you halt the system, it shuts the machine down and keeps it down. To make the machine halt immediately, use this command:
shutdown -h now
On most modern machines with reasonably recent versions of Linux, a halt cuts the power to the machine. You can also reboot the machine. For a reboot, use -r instead of -h.
The shutdown process takes several seconds. You should never reset or power off a machine during this stage.
In the preceding example, now is the time to shut down. This argument is mandatory, but there are many ways of specifying it. If you want the machine to go down sometime in the future, one way is to use +n, where n is the number of minutes shutdown should wait before doing its work. For other options, look at the shutdown(8) manual page.
To make the system reboot in 10 minutes, run this command:
shutdown -r +10
On Linux, shutdown notifies anyone logged on that the machine is going down, but it does little real work. If you specify a time other than now, shutdown creates a file called /etc/nologin. When this file is present, the system prohibits logins by anyone except the superuser.
When system shutdown time finally arrives, shutdown tells init to switch to runlevel 0 for a halt and runlevel 6 for a reboot. When init enters runlevel 0 or 6, all of the following takes place, which you can verify by looking at the scripts inside rc0.d and rc6.d:
1. init kills every process that it can (as it would when switching to any other runlevel).
# The initial rc0.d/rc6.d commands run, locking system files into place and making other preparations for shutdown.
# The next rc0.d/rc6.d commands unmount all filesystems other than the root.
# Further rc0.d/rc6.d commands remount the root filesystem read-only.
# Still more rc0.d/rc6.d commands write all buffered data out to the filesystem with the sync program.
# The final rc0.d/rc6.d commands tell the kernel to reboot or stop with the reboot, halt, or poweroff program.
The reboot and halt programs behave differently for each runlevel, potentially causing confusion. By default, these programs call shutdown with the -r or -h options, but if the system is already at the halt or reboot runlevel, the programs tell the kernel to shut itself off immediately. If you really want to shut your machine down in a hurry (disregarding any possible damage from a disorderly shutdown), use the -f option.
how to make an animated logo
How To Make An Animted Logo, the easy way
Things you will need:
QUOTE
1. Photoshop or Paintshop (any versions)
2. Xara3D 5.xx
3. Jasc animation shop 3.xx
4. DUH!! A pic you want as a logo LOL
Things you MIGHT need:
1. a computer
2. Internet connection
3. consciousness
4. corn on the cob
Here they are for your convinience:
Adobe Photoshop CS v8.0 thanx to TheCollector
http://www.shareordie.com/index.php?showto...85&hl=Photoshop
Jasc Paint Shop Pro 9.0 Retail thanx to arclite
http://www.shareordie.com/index.php?showto...&hl=Jasc&st=100
Xara3D 5.02 thanx to Zabref
http://www.shareordie.com/index.php?showtopic=6512&hl=XARA
Jasc Animation Shop 3.11 thanx to sev7en
http://www.shareordie.com/index.php?showtopic=34928&hl=
Steps:
1. Using your photo editor fix/touch up you pic/logo to your liking….too easy(example bellow)
user posted image
2. Save it some where easy to find, for example “C:\pictures” or “C:\Windows\thecenterofhell\system\system32\system64\system128\???” although I don’t recommend the second one.
3.Open Xara3D 5.xx, press “Alt+T” or click on the “T” button on the LEFT PANEL erase all of the text in the window that pops up then press ok.
user posted image
user posted image
4. Press “Alt+U” or click on the yellow “U” surrounded in gray on the LEFT PANEL, check the “button” box and select a desire button type and leave this option window open you will need it again.
user posted image
5. Press the “At+X” or click the black “X” on the LEFT PANEL, click “load texture” in the pop up window, find the picture you made/adjusted and highlight it then click open or just double-click it. Use the “size, x, y, angle” sliders to adjust the picture or “texture” and in the “button options” windows use the “stretch, corners”(corners, only if using this option you can adjust) to adjust the button size.
user posted image
6. Press “Alt+A” or click the black “A” on the LEFT PANEL with what looks like to me is a half-halo with an arrow tip!? Anyway, here is a quick rundown on what the options here do: (BY THE WAY TO ACTIVATE OR “PREVIEW ANIMATION” PRESS “Ctrl+spacebar”).
user posted image
A. Frames per cycle: This is the number of frames for each complete cycle through the animation sequence. The greater the number of frames the smoother the animation. The drawback is that the file is bigger - this is a big disadvantage for web graphics. You may need to try different values to get the best results.
B. Frames per second: The animation speed. Slow speeds can give jerky movement. High speeds can also give jerky movement as the program displaying the animation may not be able to keep up. Again you may need to try different values.
C. Pause: This pauses the first frame before continuing the rest of the animation. Type in a value in centiseconds (1/100ths of a second) - a 2 second pause is 200 cs. Note that this applies only to the first frame; use Frames per cycle and Frames per second to control the overall speed of the animation.
D. Loop Value: Unchecked is Infinite, Any other value see for yourself. Lmao
E. Loop: This lets you specify how many times the animation should repeat itself. Note that some browsers take any value other than 1 to mean 'loop forever'. Therefore, your animation either plays once or forever.
F. Style: This controls the type of animation:
Rotate 1 rotates all the text as one; Rotate 2 rotates each character. (Buttons have a single Rotate option.) Rotate text/Rotate lights - select whether you want the text to rotate or the lights or both. You cannot rotate the shadow as this would create very large files. Direction - selects the direction of rotation.
Swing options: Swing 1 swings all the text as one; Swing 2 swings each character. (Buttons have a single Swing option.) Angle - how much you want the heading to swing.
Pulsate options: Pulsate 1 pulsates all the text as one; Pulsate 2 pulsates each character. (Buttons have a single Pulsate option.) Minimum text size - how far back to pulsate the text. Shrink+Grow & Grow+Shrink - only have an effect if you Pause the animation. These options select the starting point for the animation (maximum or minimum.)
Fade options: Fade in - the heading emerges from the background color. Fade out - the heading merges into the background color. SO AFTER PICKING ONE………………..
7. On the top left go to FILE>>>EXPORT ANIMATION or press “Ctrl+Shift+X” and save in desired location.
user posted image
8. When the next window pops up (Export as animated gif save location then options): Experiment with each one to get it right, but remember the SoD rules about Siggys and Avatars.
user posted image
user posted image
Because Animated GIFs can be quite large, you may find that a 16 or 32 color, optimized palette per frame, produces the best results for the smallest file size. However you might need to experiment.
Dithering always makes GIFs look better, but also makes them larger. When outputting at 256 colors you may find that there is no need to turn dithering on.
Current Window Size lets you export just the area surrounding the text (Crop on) or the entire window area (Crop off.)
User Defined lets you specify the dimensions of the bitmap.
How to make key generators?
How to make key generators?
-===========================-
Introduction
------------
I take no responsibility of the usage of this information.
This tutorial, is for educational knowledge ONLY.
Hi there, in this tutorial, I intend to teach you how to make a pretty
simple keygen, of a program called W3Filer 32 V1.1.3.
W3Filer is a pretty good web downloader...
I guess some of you might know the program.
I`ll assume you know:
A.How to use debugger (in this case, SoftIce).
B.How to crack, generally (finding protection routines,patching them,etc...).
C.How to use Disassembler (This knowledge can help).
D.Assembly.
E.How to code in Turbo Pascal ™.
Tools you`ll need:
A.SoftIce 3.00/01 or newer.
B.WD32Asm. (Not a must).
C.The program W3Filer V1.13 (if not provided in this package), can be found in
www.windows95.com I believe.
D.Turbo Pascal (ANY version).
Well, enough blah blah, let's go cracking...
Run W3Filer 32.
A nag screen pops, and , demands registration (Hmm, this sux ;-)) Now,
We notice this program has some kind of serial number (Mine is 873977046),
Let's keep the serial in mind, I bet we`ll meet it again while we're on
the debugger.
Well, now, let's put your name and a dummy reg code...
set a BP on GetDlgItemTextA, and, press OK.
We pop inside GetDlgItemTextA, Lets find the registration routine...
I`ll save you the work, the registration routine is this:
:00404DB2 8D95A8FAFFFF lea edx, dword ptr [ebp+FFFFFAA8]
:00404DB8 52 push edx ---> Your user name here.
:00404DB9 E80B550000 call 0040A2C9 ---> Registration routine.
:00404DBE 83C408 add esp, 00000008 ---> Dunno exactly what is it.
:00404DC1 85C0 test eax, eax ---> Boolean identifier, 0 if
:00404DC3 7D17 jge 00404DDC ---> registration failed, 1 if
OK.
Well, Let's enter the CALL 40A2C9, and see what's inside it:
(Please read my comments in the code).
* Referenced by a CALL at Addresses:
|:00404DB9 , :00407F76
|
:0040A2C9 55 push ebp
:0040A2CA 8BEC mov ebp, esp
:0040A2CC 81C4B0FEFFFF add esp, FFFFFEB0
:0040A2D2 53 push ebx
:0040A2D3 56 push esi
:0040A2D4 57 push edi
:0040A2D5 8B5508 mov edx, dword ptr [ebp+08]
:0040A2D8 8DB500FFFFFF lea esi, dword ptr [ebp+FFFFFF00]
:0040A2DE 33C0 xor eax, eax
:0040A2E0 EB16 jmp 0040A2F8
* Referenced by a (U)nconditional or ©onditional Jump at Address:
|:0040A2FB©
|
:0040A2E2 0FBE0A movsx ecx, byte ptr [edx] ----> Here Starts the
interesting part.
:0040A2E5 83F920 cmp ecx, 00000020 ----> ECX is the the current
char in the user name, Hmm, 20h=' '...
:0040A2E8 740D je 0040A2F7 ----> Let's see,
:0040A2EA 8A0A mov cl, byte ptr [edx] ----> Generally, all this loop
does, is copying
the user name from
[EDX], to [ESI], WITHOUT the spaces!
(Keep this in mind! ).
:0040A2EC 880C06 mov byte ptr [esi+eax], cl
:0040A2EF 42 inc edx
:0040A2F0 40 inc eax
:0040A2F1 C6040600 mov byte ptr [esi+eax], 00
:0040A2F5 EB01 jmp 0040A2F8
* Referenced by a (U)nconditional or ©onditional Jump at Address:
|:0040A2E8©
|
:0040A2F7 42 inc edx
* Referenced by a (U)nconditional or ©onditional Jump at Addresses:
|:0040A2E0(U), :0040A2F5(U)
|
:0040A2F8 803A00 cmp byte ptr [edx], 00
:0040A2FB 75E5 jne 0040A2E2 ----------------> This is the loop , we got
what it does,
Let's continue tracing
the code...
:0040A2FD 56 push esi --------> The user name is pushed, in order
to
Upcase it's chars.
* Reference To: USER32.CharUpperA, Ord:0000h
|
:0040A2FE E80F330000 Call User!CharUpper ---> After this, our name is in
upper case.
:0040A303 56 push esi -----> Our name in upper case here.
* Reference To: cw3220mt._strlen, Ord:0000h
|
:0040A304 E86F300000 Call 0040D378 ---> This is the length of our name.
:0040A309 59 pop ecx
:0040A30A 8BC8 mov ecx, eax ---> ECX=Length.
:0040A30C 83F904 cmp ecx, 00000004 ---> Length>=4 (MUST).
:0040A30F 7D05 jge 0040A316 ---> Let's go to this address...
:0040A311 83C8FF or eax, FFFFFFFF
:0040A314 EB67 jmp 0040A37D
* Referenced by a (U)nconditional or ©onditional Jump at Address:
|:0040A30F©
|
:0040A316 33D2 xor edx, edx
:0040A318 33C0 xor eax, eax
:0040A31A 3BC8 cmp ecx, eax
:0040A31C 7E17 jle 0040A335 ---> (Not important, just another useless
checking).
===================================================================================
============ FROM HERE AND ON, THE IMPORTANT CODE, PAY ATTENTION ==================
===================================================================================
One thing before we continue, EDX = 00000000h as we enter to the next instructions.
* Referenced by a (U)nconditional or ©onditional Jump at Address:
|:0040A333©
|
:0040A31E 0FBE1C06 movsx ebx, byte ptr [esi+eax] ---> EBX <--- char in user
name, offset EAX.
:0040A322 C1E303 shl ebx, 03 -----> Hmm, it shl's the char by 03h...
(Remember that).
:0040A325 0FBE3C06 movsx edi, byte ptr [esi+eax] ---> Now EDI <--- Char in
user name , offset EAX.
:0040A329 0FAFF8 imul edi, eax -----> It multiplies the char by the
offset in user name! (Remember that).
:0040A32C 03DF add ebx, edi -----> Adds the result to EBX (That was
Shelled (Ding Dong =)).
:0040A32E 03D3 add edx, ebx -----> EDX=EDX+EBX!!! - This is the CORE
of this registration routine!!!
:0040A330 40 inc eax -----> Increase EAX by one (next char).
:0040A331 3BC8 cmp ecx, eax
:0040A333 7FE9 jg 0040A31E ----> If ECX
loop.
* Referenced by a (U)nconditional or ©onditional Jump at Address:
|:0040A31C©
|
:0040A335 A120674100 mov eax, dword ptr [00416720] ---> HMMMMMM, What's in
here?????
:0040A33A C1F803 sar eax, 03 ---------> WAIT! Please type in SIce '?
EAX'
Does this number in EAX look
familiar to us? ;-)
If you still don`t understand,
than, It's
our SERIAL NUMBER! (PLEASE, take
your time, and check by
yourself - don`t trust me!). OK,
so now we know,
That it SHR's EAX by 03 (SAR is
almost identical to SHR).
:0040A33D 03D0 add edx, eax ---------> Hmm, it adds the result from the
loop, the serial number shr'd by 03h
:0040A33F 52 push edx -------> Let's continue. (At this point, I
can tell you , the reg number, is
in EDX - only that the reg number
is in HEX --> That's how you enter it).
* Possible StringData Ref from Data Obj ->"%lx"
|
:0040A340 685EF54000 push 0040F55E
:0040A345 8D95B0FEFFFF lea edx, dword ptr [ebp+FFFFFEB0]
:0040A34B 52 push edx
* Reference To: USER32.wsprintfA, Ord:0000h
|
:0040A34C E8E5320000 Call 0040D636 -------> This one, does HEX2STR (Takes
the value from EDX, and turns it to an hex string).
:0040A351 83C40C add esp, 0000000C
:0040A354 8D8DB0FEFFFF lea ecx, dword ptr [ebp+FFFFFEB0] -----> type 'd ecx' -
THIS is the reg number! That's enough for us, the rest of
the code, is
just for comparing the correct reg code with ours.
:0040A35A 51 push ecx
* Reference To: USER32.CharLowerA, Ord:0000h
|
:0040A35B E8B8320000 Call 0040D618
:0040A360 8D85B0FEFFFF lea eax, dword ptr [ebp+FFFFFEB0]
:0040A366 50 push eax
:0040A367 FF750C push [ebp+0C]
* Reference To: cw3220mt._strcmp, Ord:0000h
|
:0040A36A E875300000 Call 0040D3E4
:0040A36F 83C408 add esp, 00000008
:0040A372 85C0 test eax, eax
:0040A374 7405 je 0040A37B
:0040A376 83C8FF or eax, FFFFFFFF
:0040A379 EB02 jmp 0040A37D
* Referenced by a (U)nconditional or ©onditional Jump at Address:
|:0040A374©
|
:0040A37B 33C0 xor eax, eax
* Referenced by a (U)nconditional or ©onditional Jump at Addresses:
|:0040A314(U), :0040A379(U)
|
:0040A37D 5F pop edi
:0040A37E 5E pop esi
:0040A37F 5B pop ebx
:0040A380 8BE5 mov esp, ebp
:0040A382 5D pop ebp
:0040A383 C3 ret
Making the actual Keygen
~~~~~~~~~~~~~~~~~~~~~~~~
Now, after I've explained how does the program calculate the registration
code, you can either write your own keymaker, without looking at my code, or
look at my code (in Turbo Pascal - sorry for all you C lovers ;-) Next time).
That's it, here's the source of my keygen:
------------------- Cut here ---------------------------------------------
Program W3FilerKeygen;
var
Key,SerialNum,EB,ED,digit:Longint;
I,x:Byte;
Name,KeyHex:String;
begin
Writeln(' W3Filer32 V1.1.3 Keymaker');
writeln('Cracked by ^pain^ ''97 / Rebels!');
Write('Your Name:'); { Read the name }
readln(Name);
Write('Serial Number:');
readln(SerialNum); {Yes, we need the serial number for the calculation!}
Key:=0;
x:=0;
For I:=1 to length(Name) do
begin
Name[I]:=upcase(Name[i]);
If Name[I]<>' ' then begin
eb:=ord(Name[I]) shl 3; {EB = Name[I] Shl 03h}
Ed:=ord(Name[I]); {ED = Name[I]}
ed:=ed*(x); {ED=ED*Offset}
inc(x);
eb:=eb+ed; {Add ED to EB}
Key:=Key+EB; {Add EB to KEY}
end;
end;
Key:=Key+(SerialNum shr 3); { Add SerialNum shr 03h to Key}
{ From here, this is just HEX2STRING --> I`m quite sure it's
Self explaintory, else - go and learn number bases again! ;-)}
KeyHex:='';
repeat
digit:=Key mod 16;
key:=key div 16;
If digit<10 then KeyHex:=Chr(Digit+ord('0'))+KeyHex;
If digit>10 then KeyHex:=Chr(Digit-10+ord('a'))+KeyHex;
until key=0;
writeln('Your Key:',KeyHex);
writeln(' Enjoy!');
end.
owner doesn't bear any responsibility for the mis use of the resources in the blog.
The blog is designed for educational purposes