Cracking Tutorials by +ORC

+ORC ¥iºâ¬O Reverse Engineering ¬Éªº¯ª®v¡A¥L¦³¤@¸sª½±µ©Î¶¡±µªº¾Ç®{¡A¦ý¨S¦³¦h¤Ö¤Hª¾¹D¥Lªº¯u¥¿¨­¥÷¡A²q´ú¥L¥i¯à¬O²üÄõ¤H¡A°h¥ð¤j¾Ç±Ð±Â¡C ¥Ñ©ó¥L¥H "+" ²Å¸¹¥[¦bºÙ¸¹«e¡A¥Lªº°lÀHªÌ¥ç¦h¥H¦¹¬°»x¡A¦b¦Û¤vºÙ¸¹®Ç¥[¤W "+" ²Å¸¹¡C ¥L¦h¼Æ±qµ{¦¡ªº dead listing µÛ¤â¡A¥H¤@ºØ¡uÁI¡v¹Dºë¯«¨Ó»â®©µ{¦¡ªº¬y¦V¡A²z´¼¦a°lÁaµ{¦¡¯ß¯Þ¡A§ä¥X³Ì¦³«~¨ýªº¯}¸Ñ¤èªk¡C ¥L³ß·R§âµ{¦¡½X¦C¦L¥X¨Ó¡A¤@Ãä¬ã¨s¡A¤@Ãä¨É¨ü¡u°¨¤Ñ¥§²V¥ñ¯S¥[¡v¡C ²{¦b¤w«Ü¤Ö¨£¨ì +ORC ªºþS¼v¡A¤j·§¤w¸g¡u°h¥X¦¿´ò¡v¡C

• Lesson1 An approach
• Lesson 2 Tools and tricks of the trade
• Lesson 3.1 Hands on: Paper Protections (1)
• Lesson 3.2 Hands on: Paper Protections (2)
• Lesson 4.1 Time Protections - An introduction
• Lesson 4.2 Time Protections - Part 2
• Lesson 5.1 Disk and CDROM access (basic)
• Lesson 6.1 Funny tricks (1)
• Lesson 8.1 How to crack Windows, an approach
• Lesson 8.2 How to crack Windows, a deeper approach
• Lesson 9.1 How to crack Windows, hands on (1)- the "data constraint" trick
• Lesson 9.2 How to crack Windows, hands on (2)- PaintShopPro
• Lesson 9.3 How to crack Windows, hands on (3)- the "dead listing" approach
• Lesson A Advanced cracking: Internet cracking (Unix)
• Lesson C3 How to crack Windows, hands on (4)- Instance Access

---

+HCU Academy of Cracking

+HCU ¬O¤@¸s¬ã¨s Cracking »P Reverse Engineering ªº·R¦nªÌ¡A»E¦b¤@°_¤Á½R¾Ç°Ýªº²Õ´¡C ¥L­Ì²Õ´ÃP´²¡A¦U¾Ç­û«ö·Ó²Õ´©Ò©wÃD¥Ø¡A¦Û¤v§ä´M¬ã¨s¥Ø¼Ð¡A©Mµoªí¬ã¨s½×¤å¡C +HCU ¦¨­ûªº§@«~´¶¹MÀò°ª«×Æg³\¡A«Ü¦h¤w²æÂ÷¡u¯}¸Ñ«OÅ@¡vªº¼h­±¡A¶i¤J¡u­ËĶµ{¦¡¡vªº¹Ò¬É¡C ±q¦WºÙ¤Wªº "+" ¸¹¥iª¾¡A+HCU ¾Ç­û¦h¼Æ¬O +ORC ªº°lÀHªÌ©Î¥õ¼}ªÌ¡C

Project 0: Cracking Wdasm

• How to crack Wdasm6 (very useful for newbies)
• How to crack Wdasm6 (another nice approach)
• How to crack Wdasm7
• How to crack w32dasm version 8
• How to carck w32dasm version 8--another approach
• Quick "Non-Crack" for all Wdasm version (hilarious, but it works)
• Cracking W32dasm version 8.5
• W32Dasm version 8.0 Save re-enabling (How to get our dialogs and routines inside our targets)
• W32Dasm version 8.7 the textfile problem (An hidden memory mover)

Project 1: Cracking the Tools you need

• How to register HexWorkshop v2.52 (32bit)
• Hex Workshop 32 v. 2.53(A weak protection scheme is worst than no protection scheme at all)
• Hexpert32, Version 3.0.05(Cracking the tools of the trade)
• Cracking HEdit 2.0(using wdasm as a debugger)
• ULTRAEDIT-32 V. 4.40a(Slight Variations of the Serial Number-based protection scheme)
• Reverse Engineering UltraEdit-32 4.40a(Cracking "blacklisted" Hex/Text Editors)
• Cracking THE tool of the trade (Interactive Disassembler Pro v3.7, bye bye Wdasm)
• SOURCER 7(efficiency of a well positioned BPINT under DOS)
• Interactive Disassembler Pro v3.7 Demo(II)(How to load the previous databases)
• ULTRAEDIT 5.00 S/N Generator(a very funny dynamic addressing process as copy procedure)
• winrar 95 ver.2.0: the guts of a simple protection(why keygenerating when you can patch them on the fly?)
• Cracking Wingdis 2.12(Preparing ourselves for 'real' Java cracking)

Project 2: Cracking Softice

• Cracking Loader32/NmTrans.dll (How it all started)
• More on Winnie (Another approach to crack SoftIce 3.01 14 day trial)
• Registry joggling (Another short approach)
• WiniceNT cracking, a first approach (How EXE checksums work)
• An introduction to virtual devices cracking (An important lesson)
• Deeper WiniceNT cracking, working with HIEW (An important lesson, deepens our undesrtanding of NT-Winice)
• Short and effective Win95's Softice cracking (The final point in cracking Godot for Win95, from Sri Lanka!)
• WinNT-Winice reverse engineering, another approach (The final point in cracking Godot for WinNT, this concludes the whole project2!)
• WinNT-Winice reverse engineering, some explanations (There is never a final point in cracking... a lesson for everyone!)
• Winice 3.01 time-stamp encryption algorithm (Timestamping... and timedestamping)
• How to install Soft-Ice 3.01 Win95 (trial version)
• Melted MeltICE (SoftIce 3.xx detection and another lesson for shareware programmers)
• Little patch to get back the AZERTY keyboard (The new winice.exe version 3.21 is an US copy so it will turn your keyboard into QWERTY)
• ADD-ON 1: NO MORE annoying anti SOFT-ICE tricks
• ADD-ON 2: BoundsChecker time limit defeated (The 'Persistent file' protection scheme)
• ADD-ON 3: BoundsChecker 5.02 Visual C++ Edition ('Hardcoded' serial numbers)
• ADD-ON 4: An interesting tool: Numega Smartcheck 5.0(Echoing a silly "install" and trial protection scheme)
• ADD-ON 5: An interesting tool - Numega's Smartcheck, how to defeat all protections (visual basic 1-5 and other languages as well)
• ADD-ON 6: How to crack ANY program that uses the TL32V2.DLL!

Project 3: Dongle reverse engineering

• Cubase -Dongle protection cracking(the main tricks)
• Dongle reverse engineering(Hasp dongles)
• Dongle cracking: NetXRay 1.1.3(A Very Easy Dongle Protection)
• Simple unix busting(the microphar dongle galore)
• Dongle protection reversing (HASP) - Pinit dongle testing
• Zen and the Art of Dongle Cracking(A somehow 'general' essay about dongles)
• Reverse Engineering MATLAB 5 - Part I: Dongle Protection(Simple dongle reversing: the 'alien dll date' trick)
• Pushing the Envelope with HASP(De-Hasping, zip cracking and other marvels)
• SSI Win32 Dongle Protection(Initial workaround for difficult Win32 targets)
• Dongle Bashing ~ End of the dongle old aera(How a single +HCU reverser can easily blow a whole commercial sector out of history)
• Marx Crypto Box, the most Secure device ever made("Protection Plus Professional")
• Unplugging a dongle protection(unplugging technical library from Micro house)
• Bashing LPT-Parasites(DONGLES: The weak brothership between hard- and software)
• Undocumented HASP - Part I(what d'you think of all the hype about HASP?)
• Dongle DEJAVU(Revealing sentinel Pro main code)
• Undocumented HASP - Part II "xDEAD:xBEEF: extending HASP manufacturer's services"
• How to crack an hardcore dongle-protected program: Cracking 'Security Lock Number' ('SLN')

Project 4: CD-ROM faking

• EMULATE CD-ROM (an ASM file)(Emulating MSCDEX)
• Brief Tutorial on CD Access Based Protection Schemes Under Windows(Cracking Virtua Fighter PC)
• WarLords 3 Cd-Check(A Very Simple Protection)
• CD-Rom reversing MechWarrior2 Mercenaries(Another Approach to the Cd-Check scheme)
• Cracking the Mystique Patch for Tombraider(the write random file trick)
• CD ROM from top to down(MSCDEX, reversing drivers and CD-ROM related interrupts)
• InstallSHIELD Script Cracking(Object oriented cracking: INSTALL WIZARDS CRACKING)
• Quake2 CD-Rom reversing(More about CD-ROM deprotections and Cd-Checks)
• The cracking of "Age of Empires"(with a general digression about CD-based copy protections of most Windows95 games)
• Oldies but Goodies(A Dos Game CD-check with Sourcer 7)

Project 5: Netscape reverse engineering

• Cookies begone!
• Killing those Javascript Messageboxes
• Customizing Netscape's buttons and menus

Project 6: Save disable targets

• Cracking "Save disabled" protections (The "dead listing" and the "live" approaches explained)
• Razzia's tutorial for crippled programs (The beautiful creation of the "RazziaPad")
• W32Dasm Version 8.0 Save re-enabling__NEW!__(How to get our dialogs and our routines inside our targets)
• An interesting tool: Screen Ruler (The "pixel shortcut" method: How to transform a target adding functionalities to it)
• ARJSHELL DISABLED SAVE FUNCTION (A location helds the secret)
• Extending the IDA Script Language (A First Stab)
• Cracking MicroCal Origin 5.0 in 3 Simple Ways (A First Stab)

Project 7: "Most stupid protection" award ³Ì ²Â ³J «O Å@ ¿ï Á|

• Hex Workshop 32 v. 2.53 (Weak protection schemes are worse than no protection at all)
• Claris Home Page version 2.0 (Stupid time trial limits)
• SmartDraw for Windows95, Version 3.11 (Heawy Stupid anti-crackers protection)
• A pretty stupid scheme: Spam Exterminator (it's all there... "autocracked")
• Another "blacklist" protection (Hypersnap-DX version 3.02 Key generator, ASM CODE)
• PhotoShop 4.0 / Digimarc (Commercial stupidity - Digimarc downfall)
• SoftWrapper - Cracking Windows Calculator? (how to reverse engineer a simple "anti-Winice" protection scheme)
• Cracking WinHacker95 2.0 (MSVCRT.dll reverse engineering)
• Kremlin 1.1, a stupidly protected encryption utility (An useful encryptor for our studies, btw)
• Cracking Comments v1.3 (If they would only make it so easy for us every time)
• EnTray-Vous, Merci (How NOT to use the Registry to protect your software)
• Ulead PhotoImpact Trial 3.01 ("Protections" that tell you the name of the calling dll and of the calling function)
• iniquity's inequality protection scheme (and some tips about pascal reverse engineering)
• "Mental" cracking: techfacts95 v1.3 (Am I dreaming?)
• Bypassing Ready made Commercial Protection Schemes (RSAgent32) - Cracking Xing Technology's Mpeg Player
• DLL-based schemes are *dead* (A long overdue lesson for shareware programmers)
• Bullet Proof FTP V1.0 (hidden, bloated exe creation)
• Cracking SendMail 2.0 for Windows NT (Obvious Name Protections)
• An interesting tool: Numega Smartcheck 5.0 (Echoing a silly "install" and trial protection scheme)
• Cracking Unlocker for newbyes (Defeating Lame Commercial Protection Schemes)
• Symantec Visual café trial version 1.0 (a very silly protection scheme on a very interesting target)
• The Easy Protection Schemes And The Lazy Protectionists (InstallShield Software Corporation protection schemes)
• BEGINNERS: Prassi CD-REP trial stupid protection (dead listing a very easy protection scheme)
• BEGINNERS: Awesome AW: MOST STUPID PROTECTION OF THE YEAR 1997! ³Ì ²Â ³J «a ­x ¼ú §@ «~ (Hardcoded and unencrypted registration codes: a touristic tour for beginners)
• BEGINNERS: Big tent, little circus (Observations and Thoughts springing from an mIRC 5.3 crack)

Project 8: Visual Basic reverse engineering

• How to crack all Visual Basic programs
• Visual Basic 4 cracking for newbyes
• A decompiler is enough!
• A decompiler is more than enough!
• Reverse Engineering VBX Custom Controls
• An Explanation of how Make_Mak for Visual Basic Works,
• Visual Basic - VB40032.DLL comparison code
• Like watching a movie!
• MCSE MCNE tests - BeachFront Quizzer
• Happy VB5 cracking
• OCX Control Highlights - Licensing schemes
• An example of VB Cracking using SmartCheck
• Inside the VB3 .EXE
• BEGINNERS: Pluckit 3.0 Hip Hip Hurray for Smartcheck
• Visual Basic Unprotection...

Project 9: Microsoft bashing

• More essays will come soon
  

Project A: VisualC++ *.DLL reverse engineering

• More essays will come soon
  

Project B: Demos and Intros reverse engineering

• More essays will come soon
  

Other useful essays

• Cracking (black and blue) Java Workshop 2.0
• Cracking Symantec Visual cafe trial version 1.0(a very silly protection scheme on a very interesting target)

---

Cracking Tutorials by fravia+

fravia+ ¬O reverse engineering ¬É¤ºªºµÛ¦W°ª¤â¡A ¥L¹ï¡u·L³n¡v¥H¤Î¬F¬É°Ó¬ÉªºÅv¶Õ²`·P¯e´c¡A¸g±`¨­Åé¤O¦æ¦a¥´À»©M±ÆÀ½³o¨Ç¡u¥ø¹Ï¿WÅQ¥@¬Éª¾ÃÑÅv§Q¡vªº´c¶Õ¤O¡C ¯}¸Ñ VB ²£«~¡A¥i¯à´N¬O¥L¹ï¥I·L³nªº¨ä¤¤¤@ºØ¤â¬q¡C¥L³ß·R½Õ»s©M¨É¨üÂû§À°s¡A¦³ÂI¹³ +ORC ªº­·¶®¡C ¨Æ¹ê¤W¡Afravia+ ¤Q¤À±R©| +ORC ªº¡uÁI¹D¡v²z½×¡A»{¬° reverse engineering ¤£³æ¤î¬O¤@ªù§Þ³N¡A ÁÙ¬O¤@ºØ°l¨D¯u²zªº¹ê½î¹Lµ{¡C

Windows 3.1: Taskman disassembling

• Lesson 1.a, Taskman part 1
• Lesson 1.b, Taskman part 2

  Windows 95: Filemon.exe disassembling

  FILEMON ¬O Cracker ±`¥Îªº¦n¤u¨ã¡A¥¦¥i¥HºÊ¹î¬Yµ{¦¡°õ¦æ®É¡A¨ä¥LÀɮ׳QŪ / ¼gªº¬ö¿ý¡C Fravia ¾ÌÂDz`«p¥\¤O¡A³ºµM¯à°÷§â¤@­Ó .exe Á٭즨¬° C »y¨¥ªº­ìµ{¦¡¡A¹Lµ{§¹¥þ©ÜÅS¡A¥O¤H¹Ä¬°Æ[¤î¡I
• Lesson 2a: Introduction to filemon
• Lesson 2b: reverse engineering without source code
• Lesson 2c: filemon reversed
• Lesson 2d: back to main
• Lesson 2e: vxd vagaries and mysteries

---

Art of Cracking

¨Ó¦Û¤­´ò¥|®ü¡AÃö©ó¯}¸Ñªº¸ê®Æ¡C

• ¡u³n¦B¡v¤EX ¥|ÂI¹s¤@, ²Õ¥ó ¤@ ¤G ¤T ¥| ¤­ ¤» (¥Î copy «ü ¥O ¶¶ §Ç ¦X ¨Ö ¦U ²Õ ¥ó ¦¨ ¬° .zip, ­Y ªG copy ¤] ¤£ À´ ±o ¥Î ¡A ´N §O ¤U ¸ü ¤F ¡C)
• ¡u³n¦B¡vNT ¥|ÂI¹s¤@, ²Õ¥ó ¤@ ¤G ¤T ¥| ¤­ ¤» (¥Î copy «ü ¥O ¶¶ §Ç ¦X ¨Ö ¦U ²Õ ¥ó ¦¨ ¬° .zip¡A ½Ð ª` ·N ¡A ¦w ¸Ë SI «e ¡A ­n ³q ¹L ¤@ ¶µ ¦Ò ¸Õ ¡A ´N ¬O ©î ¸Ñ ¤@ ­Ó ±K ½X Âê ¡C ¶Ç »D Numega »{ ¬° ¡A ¦p ªG ³o ¼Ë ² ³æ ªº ¦Ò ¸Õ ³£ ¤£ ¦X ®æ ¡A «K ¨S ¸ê ®æ ¨Ï ¥Î ³o ªF ¦è ¤ª ¤ª ¡C)
• Cracking Softice
• Softice Manual ¨Ï¥Î¤â¥U
• Softice Command Reference «ü¥O¤â¥U
• Finely written set of cracking tutorial in .com format
• Cracking using W32Dasm, in .exe format
• Example of cracking, Target: Softart's Deskey
• Assembly for Crackers ²Õ¦X»y¨¥ªº°ò¥»ª¾ÃÑ
• How to Crack WinAMP
• How to make key-generators?
• Example of making Key Generator, Target: Exile I - Escape from the Pit
• A short tutorial on how to use softice, for beginners
• A very short tutorial on cracking serial number protection, for beginners
• A tutorial with the target included, for beginners
• Tutorial 1 2 3 4 5 6 7 8 9 by TKC
• Tutorial 1 2 3 4 5 by Flu[X]
• The Amateur Crackist Tutorial Version 1.3 by Specular Vision
• Cracking 101 1 2 3 4 by Buckaroo Banzai
• The Cracking Manual written by the Cyborg
• How to Crack by Charles Petzold
• Examples of IBM PC Cracks: MEan-18 Golf by Accolade
• Cracking a Self-Booter
• Cracking on the IBM PC Part I, II
• IBM Disk Cracking Made Simple by Phobos
• How to crack Circuit MakerThis tutorials help to crack the popular "time-lock".
• Cracking Sale AgentThis tutorial deals with removing RSA wrappers from "Try&Buy" software.

---

Anti-Anti-Debugging Tricks

¡u«OÅ@¥D¸qªÌ¡v¬°¤F¨¾¤î§O¤H¯}¸Ñµ{¦¡¡A·QºÉ¿ìªk¥Oµ{¦¡Ãø¥H¸ÑŪ©M°lÁa¡C ¥i¬O·U«OÅ@±o±K¡A«K·U§l¤Þ¤H¨Ó¬ã¨s¡C­n©î¸Ñ³o¨ÇÃB¥~«OÅ@ªºµ{¦¡¡A¥²¶·¥ý¤F¸Ñ¥L­Ìªº«OÅ@¤èªk¡C

• Defeating Encryption
• Anti-Debugging Tricks
• Anti-Anti-Debugging Tricks
• Anti-SoftIce Tricks
• Anti-debugger FAQ: Over 100 files, ALL anti-debugger tricks you can imagine.
• Pascal Anti-debugging code 1 2 3 4 5

We are Crackers Hackers