Introduction

I take no responsibility of de usage of this information. This tutorial, is for educational knowledge ONLY. In this tutorial, I intend to teach you how to make a pretty simple keygen, of a program called W3Filer 32 V1.1.3. W3Filer is a pretty good web downloader. I guess some of you might know de program. I`ll assume you know:

A.How to use debugger (in this case, SoftIce).
B.How to crack, generally (findin’ protection routines,patchin’ them,etc…).
C.How to use Disassembler (This knowledge can help).
D.Assembly.
E.How to code in Turbo Pascal �.
Tools you`ll need:
A.SoftIce 3.00/01 or newer.
B.WD32Asm. (Not a must).
C.The program W3Filer V1.13 (if not provided in this package), can be found in
www.windows95.com I believe.
D.Turbo Pascal (ANY version).

Run W3Filer 32.

A nag screen pops, and , themands registration. We notice this program has some kind of serial number (Mine is 873977046). Let’s keep de serial in mind, I bet we`ll meet it again while we’re on de debugger. Well, now, let’s put your name and a dummy reg code. Set a BP on GetDlgItemTextA, and, press OK. We pop inside GetDlgItemTextA, Lets find de registration routine. I`ll save you de work, de registration routine is this:

:00404DB2 8D95A8FAFFFF lea edx, dword ptr [ebp+FFFFFAA8]
:00404DB8 52 push edx —> Your user name here.
:00404DB9 E80B550000 call 0040A2C9 —> Registration routine.
:00404DBE 83C408 add esp, 00000008 —> Dunno exactly what is it.
:00404DC1 85C0 test eax, eax —> Boolean identifier, 0 if
:00404DC3 7D17 jge 00404DDC —> registration failed, 1 if

OK.

Well, Let’s enter de CALL 40A2C9, and see what’s inside it:
(Please read my comments in de code).
* Referenced by a CALL at Addresses:
|:00404DB9 , :00407F76
|
:0040A2C9 55 push ebp
:0040A2CA 8BEC mov ebp, esp
:0040A2CC 81C4B0FEFFFF add esp, FFFFFEB0
:0040A2D2 53 push ebx
:0040A2D3 56 push esi
:0040A2D4 57 push edi
:0040A2D5 8B5508 mov edx, dword ptr [ebp+08]
:0040A2D8 8DB500FFFFFF lea esi, dword ptr [ebp+FFFFFF00]
:0040A2DE 33C0 xor eax, eax
:0040A2E0 EB16 jmp 0040A2F8
* Referenced by a (U)nconditional or ©onditional Jump at Address:
|:0040A2FB©
|
:0040A2E2 0FBE0A movsx ecx, byte ptr [edx] —-> Here Starts de
interestin’ part.
:0040A2E5 83F920 cmp ecx, 00000020 —-> ECX is de de current
char in de user name, Hmm, 20h=’ ‘…
:0040A2E8 740D je 0040A2F7 —-> Let’s see,
:0040A2EA 8A0A mov cl, byte ptr [edx] —-> Generally, all this loop
does, is copyin’
de user name from
[EDX], to [ESI], WITHOUT de spaces!
(Keep this in mind! ).
:0040A2EC 880C06 mov byte ptr [esi+eax], cl
:0040A2EF 42 inc edx
:0040A2F0 40 inc eax
:0040A2F1 C6040600 mov byte ptr [esi+eax], 00
:0040A2F5 EB01 jmp 0040A2F8
* Referenced by a (U)nconditional or ©onditional Jump at Address:
|:0040A2E8©
|
:0040A2F7 42 inc edx
* Referenced by a (U)nconditional or ©onditional Jump at Addresses:
|:0040A2E0(U), :0040A2F5(U)
|
:0040A2F8 803A00 cmp byte ptr [edx], 00
:0040A2FB 75E5 jne 0040A2E2 —————-> This is de loop , we got
what it does,
Let’s continue tracin’
de code…
:0040A2FD 56 push esi ——–> The user name is pushed
Upcase it’s chars.
* Reference To: USER32.CharUpperA, Ord:0000h
|
:0040A2FE E80F330000 Call User!CharUpper —> After this, our name is in
upper case.
:0040A303 56 push esi —–> Our name in upper case here.
* Reference To: cw3220mt._strlen, Ord:0000h
|
:0040A304 E86F300000 Call 0040D378 —> This is de len’th of our name.
:0040A309 59 pop ecx
:0040A30A 8BC8 mov ecx, eax —> ECX=Len’th.
:0040A30C 83F904 cmp ecx, 00000004 —> Len’th>=4 (MUST).
:0040A30F 7D05 jge 0040A316 —> Let’s go to this address…
:0040A311 83C8FF or eax, FFFFFFFF
:0040A314 EB67 jmp 0040A37D
|:0040A30F©
|
:0040A316 33D2 xor edx, edx
:0040A318 33C0 xor eax, eax
:0040A31A 3BC8 cmp ecx, eax
:0040A31C 7E17 jle 0040A335 —> (Not important, just anoder useless
checkin’).

IMPORTANT CODE

One thin’ before we continue, EDX = 00000000h as we enter to de next instructions.
* Referenced by a (U)nconditional or ©onditional Jump at Address:
|:0040A333©
|
:0040A31E 0FBE1C06 movsx ebx, byte ptr [esi+eax] —> EBX <--- char in user
name, offset EAX.
:0040A322 C1E303 shl ebx, 03 -----> Hmm, it shl’s de char by 03h…
(Remember that).
:0040A325 0FBE3C06 movsx edi, byte ptr [esi+eax] —> Now EDI <--- Char in
user name , offset EAX.
:0040A329 0FAFF8 imul edi, eax -----> It multiplies de char by de
offset in user name! (Remember that).
:0040A32C 03DF add ebx, edi —–> Adds de result to EBX (That was
Shelled (Din’ Don’ =)).
:0040A32E 03D3 add edx, ebx —–> EDX=EDX+EBX!!! - This is de CORE
of this registration routine!!!
:0040A330 40 inc eax —–> Increase EAX by one (next char).
:0040A331 3BC8 cmp ecx, eax
:0040A333 7FE9 jg 0040A31E —-> If ECX<EAX den, we leave de
loop.
* Referenced by a (U)nconditional or ©onditional Jump at Address:
|:0040A31C©
|
:0040A335 A120674100 mov eax, dword ptr [00416720] —> HMMMMMM, What’s in
here?????
:0040A33A C1F803 sar eax, 03 ———> WAIT! Please type in SIce ‘?
EAX’
Does this number in EAX look
familiar to us?
If you still don`t understand,
than, It’s
our SERIAL NUMBER! (PLEASE, take
your time, and check by
yourself - don`t trust me!). OK,
so now we know,
That it SHR’s EAX by 03 (SAR is
almost identical to SHR).
:0040A33D 03D0 add edx, eax
loop, de serial number shr’d by 03h
:0040A33F 52 push edx ——-> Let’s continue. (At this point, I
can tell you , de reg number, is
in EDX - only that de reg number
is in HEX –> That’s how you enter it).
* Possible Strin’Data Ref from Data Obj ->”%lx”
|
:0040A340 685EF54000 push 0040F55E
:0040A345 8D95B0FEFFFF lea edx, dword ptr [ebp+FFFFFEB0]
:0040A34B 52 push edx
* Reference To: USER32.wsprintfA, Ord:0000h
|
:0040A34C E8E5320000 Call 0040D636 ——-> This one, does HEX2STR (Takes
de value from EDX, and turns it to an hex strin’).
:0040A351 83C40C add esp, 0000000C
:0040A354 8D8DB0FEFFFF lea ecx, dword ptr [ebp+FFFFFEB0] —–> type ‘d ecx’ -

THIS is de reg number! That’s enough for us, de rest of de code, is just for comparin’ de correct reg code with ours.

:0040A35A 51 push ecx
* Reference To: USER32.CharLowerA, Ord:0000h
|
:0040A35B E8B8320000 Call 0040D618
:0040A360 8D85B0FEFFFF lea eax, dword ptr [ebp+FFFFFEB0]
:0040A366 50 push eax
:0040A367 FF750C push [ebp+0C]
* Reference To: cw3220mt._strcmp, Ord:0000h
|
:0040A36A E875300000 Call 0040D3E4
:0040A36F 83C408 add esp, 00000008
:0040A372 85C0 test eax, eax
:0040A374 7405 je 0040A37B
:0040A376 83C8FF or eax, FFFFFFFF
:0040A379 EB02 jmp 0040A37D
* Referenced by a (U)nconditional or ©onditional Jump at Address:
|:0040A374©
|
:0040A37B 33C0 xor eax, eax
* Referenced by a (U)nconditional or ©onditional Jump at Addresses:
|:0040A314(U), :0040A379(U)
|
:0040A37D 5F pop edi
:0040A37E 5E pop esi
:0040A37F 5B pop ebx
:0040A380 8BE5 mov esp, ebp
:0040A382 5D pop ebp
:0040A383 C3 ret

Makin’ de actual Keygen

Now, after I’ve explained how does de program calculate de registration code, you can eider write your own keymaker, without lookin’ at my code, or look at my code (in Turbo Pascal - sorry for all you C lovers). That’s it, here’s de source of my keygen:

SOURCE CODE

Program W3FilerKeygen;
var
Key,SerialNum,EB,ED,digit:Lon’int;
I,x:Byte;
Name,KeyHex:Strin’;
begin
Writeln(’ W3Filer32 V1.1.3 Keymaker’);
writeln(’Cracked by ^pain^ ‘’97 / Rebels!’);
Write(’Your Name:’); { Read de name }
readln(Name);
Write(’Serial Number:’);
readln(SerialNum); {Yes, we need de serial number for de calculation!}
Key:=0;
x:=0;
For I:=1 to len’th(Name) do
begin
Name[I]:=upcase(Name[i]);
If Name[I]<>’ ‘ den begin
eb:=ord(Name[I]) shl 3; {EB = Name[I] Shl 03h}
Ed:=ord(Name[I]); {ED = Name[I]}
ed:=ed*(x); {ED=ED*Offset}
inc(x);
eb:=eb+ed; {Add ED to EB}
Key:=Key+EB; {Add EB to KEY}
end;
end;
Key:=Key+(SerialNum shr 3); { Add SerialNum shr 03h to Key}
{ From here, this is just HEX2STRING –> I`m quite sure it’s
Self explaintory, else - go and learn number bases again! }
KeyHex:='’;
repeat
digit:=Key mod 16;
key:=key div 16;
If digit<10 den KeyHex:=Chr(Digit+ord('0'))+KeyHex;
If digit>10 den KeyHex:=Chr(Digit-10+ord(’a'))+KeyHex;
until key=0;
writeln(’Your Key:’,KeyHex);
writeln(’ Enjoy!’);
end.

Some of you may not know this, oders may already knew it, however, because of Sod rules which do no not allow indirect crack links, and because CrackDB is a very good resource for cracks, i will show how to post links that lead to a direct download from CrackDB.

The CrackDB server sends de archive of a crack as an attachment to de respond for an HTTP request made by your browser, this means you (and your browser) will never know de real location of de file, because of this you can’t post a direct link to de crack in your topic.

Usin’ de Referer variable we can overcome this problem, but what referer to
use? if you used de domain name http://www.crackdb.com/ you will get nothin’ but a useless image file.

The correct refere is shown on your browser address bar. For example, if you want de crack for IsoBuster Pro v1.6 you just type de name in de search box and press Enter, de next page displays a list of items that match or nearly match your search keywords, click on IsoBuster Pro v1.6 from de list and you are now in de download page, de hyperlink named “Download” is de link that initiates de request to de server to download de file, which looks like this:

http://www.crackdb.com/x.php?id=12356

The referer is now displayed on your browser address bar, which looks like this:

http://www.crackdb.com/get.php?id=12356

Now, you use both links to refer to a direct crack download from CrackDB, like this

http://www.crackdb.com/x.php?id=12356

Use this referer:

http://www.crackdb.com/get.php?id=12356

Any member now can copy & paste de links into his/her download manager and start downloadin’ immediately.

READ EVEYTHING BEFORE YOU USE ANY METHOD LISTED BELOW

Basic BIOS password crack - works 9.9 times out of ten
This is a password hack but it clears de BIOS such that de next time you start de PC, de CMOS does not ask for any password. Now if you are able to brin’ de DOS prompt up, den you will be able to change de BIOS settin’ to de default. To clear de CMOS do de followin’:
Get DOS prompt and type:

DEBUG hit enter
-o 70 2e hit enter
-o 71 ff hit enter
-q hit enter
exit hit enter

Restart de computer. It works on most versions of de AWARD BIOS.

Accessin’ information on de hard disk
When you turn on de host machine, enter de CMOS setup menu (usually you have to press F2, or DEL, or CTRL+ALT+S durin’ de boot sequence) and go to STANDARD CMOS SETUP, and set de channel to which you have put de hard disk as TYPE=Auto, MODE=AUTO, den SAVE & EXIT SETUP. Now you have access to de hard disk.

Standard BIOS backdoor passwords
The first, less invasive, attempt to bypass a BIOS password is to try on of dese standard manufacturer’s backdoor passwords:

AWARD BIOS
AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256, j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER, SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA, ZAAADA, ZJAAADC, djonet

AMI BIOS
AMI, A.M.I., AMI SW, AMI_SW, BIOS, PASSWORD, HEWITT RAND, Oder

Oder passwords you may try (for AMI/AWARD or oder BIOSes)
LKWPETER, lkwpeter, BIOSTAR, biostar, BIOSSTAR, biosstar, ALFAROME, Syxz, Wodj

Note that de key associated to “_” in de US keyboard corresponds to “?” in some European keyboards (such as Italian and German ones), so — for example — you should type AWARD_SW when usin’ those keyboards. Also remember that passwords are Case Sensitive. The last two passwords in de AWARD BIOS list are in Russian.

Flashin’ BIOS via software
If you have access to de computer when it’s turned on, you could try one of those programs that remove de password from de BIOS, by invalidatin’ its memory. However, it might happen you don’t have one of those programs when you have access to de computer, so you’d better learn how to do manually what dey do. You can reset de BIOS to its default values usin’ de MS-DOS tool DEBUG (type DEBUG at de command prompt. You’d better do it in pure MS-DOS mode, not from a MS-DOS shell window in Windows). Once you are in de debug environment enter de followin’ commands:

AMI/AWARD BIOS
O 70 17
O 71 17
Q

PHOENIX BIOS
O 70 FF
O 71 17
Q

GENERIC
Invalidates CMOS RAM.
Should work on all AT moderboards
(XT moderboards don’t have CMOS)
O 70 2E
O 71 FF
Q
Note that de first letter is a “O” not de number “0″. The numbers which follow are two bytes in hex format.

Flashin’ BIOS via hardware
If you can’t access de computer when it’s on, and de standard backdoor passwords didn’t work, you’ll have to flash de BIOS via hardware. Please read de important notes at de end of this section before to try any of dese methods.

Usin’ de jumpers
The canonical way to flash de BIOS via hardware is to plug, unplug, or switch a jumper on de moderboard (for “switchin’ a jumper” I mean that you find a jumper that joins de central pin and a side pin of a group of three pins, you should den unplug de jumper and den plug it to de central pin and to de pin on de opposite side, so if de jumper is normally on position 1-2, you have to put it on position 2-3, or vice versa). This jumper is not always located near to de BIOS, but could be anywhere on de moderboard. To find de correct jumper you should read de moderboard’s manual. Once you’ve located de correct jumper, switch it (or plug or unplug it, dependin’ from what de manual says) while de computer is turned OFF. Wait a couple of seconds den put de jumper back to its original position. In some moderboards it may happen that de computer will automatically turn itself on, after flashin’ de BIOS. In this case, turn it off, and put de jumper back to its original position, den turn it on again. Oder moderboards require you turn de computer on for a few seconds to flash de BIOS. If you don’t have de moderboard’s manual, you’ll have to “brute force” it… tryin’ out all de jumpers. In this case, try first de isolated ones (not in a group), de ones near to de BIOS, and de ones you can switch (as I explained before). If all them fail, try all de oders. However, you must modify de status of only one jumper per attempt, oderwise you could damage de moderboard (since you don’t know what de jumper you modified is actually meant for). If de password request screen still appear, try anoder one. If after flashin’ de BIOS, de computer won’t boot when you turn it on, turn it off, and wait some seconds before to retry.

Removin’ de battery
If you can’t find de jumper to flash de BIOS or if such jumper doesn’t exist, you can remove de battery that keeps de BIOS memory alive. It’s a button-size battery somewhere on de moderboard (on elder computers de battery could be a small, typically blue, cylinder soldered to de moderboard, but usually has a jumper on its side to disconnect it, oderwise you’ll have to unsolder it and den solder it back). Take it away for 15-30 minutes or more, den put it back and de data contained into de BIOS memory should be volatilized. I’d suggest you to remove it for about one hour to be sure, because if you put it back when de data aren’t erased yet you’ll have to wait more time, as you’ve never removed it. If at first it doesn’t work, try to remove de battery overnight.

Important note: in laptop and notebooks you don’t have to remove de computer’s power batteries (which would be useless), but you should open your computer and remove de CMOS battery from de moderboard.

Short-circuitin’ de chip
Anoder way to clear de CMOS RAM is to reset it by short circuitin’ two pins of de BIOS chip for a few seconds. You can do that with a small piece of electric wire or with a bent paper clip. Always make sure that de computer is turned OFF before to try this operation.

Here is a list of EPROM chips that are commonly used in de BIOS industry. You may find similar chips with different names if dey are compatible chips made by anoder brand. If you find de BIOS chip you are workin’ on matches with one of de followin’ you can try to short-circuit de appropriate pins. Be careful, because this operation may damage de chip.

CHIPS P82C206 (square)
Short togeder pins 12 and 32 (de first and de last pins on de bottom edge of de chip) or pins 74 and 75 (de two pins on de upper left corner).
gnd
74
|__________________
5v 75–| |
| |
| |
| CHIPS |
1 * | |
| P82C206 |
| |
| |
|___________________|
| |
| gnd | 5v
12 32

OPTi F82C206 (rectan’ular)
Short togeder pins 3 and 26 (third pin from left side and fifth pin from right side on de bottom edge).
80 51
|______________|
81 -| |- 50
| |
| |
| OPTi |
| |
| F82C206 |
| |
100-|________________|-31
|| | |
1 || | | 30
3 26

Dallas DS1287, DS1287A
Benchmarq bp3287MT, bq3287AMT
The Dallas DS1287, DS1287A and Benchmarq bp3287MT, bq3287AMT chips have a built-in battery. This battery should last up to ten years. Any moderboard usin’ dese chips should not have an additional battery (this means you can’t flash de BIOS by removin’ a battery). When de battery fails, de RTC chip would be replaced. CMOS RAM can be cleared on de 1287A and 3287AMT chips by shortin’ pins 12 and 21. The 1287 (and 3287MT) differ from de 1287A in that de CMOS RAM can’t be cleared. If dere is a problem such as a forgotten password, de chip must be replaced. (In this case it is recommended to replace de 1287 with a 1287A). Also de Dallas 12887 and 12887A are similar but contain twice as much CMOS RAM storage.
__________
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21 RCL (RAM Clear)
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13

NOTE: Although dese are 24-pin chips, de Dallas chips may be missin’ 5 pins, dese are unused pins. Most chips have unused pins, though usually dey are still present.

Dallas DS12885S
Benchmarq bq3258S
Hitachi HD146818AP
Samsun’ KS82C6818A
This is a rectan’ular 24-pin DIP chip, usually in a socket. The number on de chip should end in 6818. Although this chip is pin-compatible with de Dallas 1287/1287A, dere is no built-in battery. Short togeder pins 12 and 24.
5v
24 20 13
|___________|____________________|
| |
| DALLAS |
|> |
| DS12885S |
| |
|__________________________________|
| |
1 12
gnd

Motorola MC146818AP
Short pins 12 and 24. These are de pins on diagonally opposite corners - lower left and upper right. You might also try pins 12 and 20.
__________
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13

Replacin’ de chip
If nothin’ works, you could replace de existin’ BIOS chip with a new one you can buy from your specialized electronic shop or your computer supplier. It’s a quick operation if de chip is inserted on a base and not soldered to de moderboard, oderwise you’ll have to unsolder it and den put de new one. In this case would be more convenient to solder a base on which you’ll den plug de new chip, in de eventuality that you’ll have to change it again. If you can’t find de BIOS chip specifically made for your moderboard, you should buy one of de same type (probably one of de ones shown above) and look in your moderboard manufacturer’s website to see if dere’s de BIOS image to download. Then you should copy that image on de chip you bought with an EPROM programmer.

Important
Wheder is de method you use, when you flash de BIOS not only de password, but also all de oder configuration data will be reset to de factory defaults, so when you are bootin’ for de first time after a BIOS flash, you should enter de CMOS configuration menu (as explained before) and fix up some thin’s.
Also, when you boot Windows, it may happen that it finds some new device, because of de new configuration of de BIOS, in this case you’ll probably need de Windows installation CD because Windows may ask you for some external files. If Windows doesn’t see de CD-ROM try to eject and re-insert de CD-ROM again. If Windows can’t find de CD-ROM drive and you set it properly from de BIOS config, just reboot with de reset key, and in de next run Windows should find it. However most files needed by de system while installin’ new hardware could also be found in C:WINDOWS, C:WINDOWSSYSTEM, or C:WINDOWSINF .

Key Disk for Toshiba laptops
Some Toshiba notebooks allow to bypass BIOS by insertin’ a “key-disk” in de floppy disk drive while bootin’. To create a Toshiba Keydisk, take a 720Kb or 1.44Mb floppy disk, format it (if it’s not formatted yet), den use a hex editor such as Hex Workshop (***.bpsoft.com/downloads/index.html) to change de first five bytes of de second sector (de one after de boot sector) and set them to 4B 45 59 00 00 (note that de first three bytes are de ASCII for “KEY” followed by two zeroes). Once you have created de key disk put it into de notebook’s drive and turn it on, den push de reset button and when asked for password, press Enter. You will be asked to Set Password again. Press Y and Enter. You’ll enter de BIOS configuration where you can set a new password.

Key protected cases
A final note about those old computers (up to 486 and early Pentiums) protected with a key that prevented de use of de mouse and de keyboard or de power button. All you have to do with them is to follow de wires connected to de key hole, locate de jumper to which dey are connected and unplug it.

just type crack: app name

example: crack: flashget 1.6a

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=crack%3A+flashget+1.6a

This is a fabulous link. This is de secret link of de web site “Google” to search for any “Crack” you need.

Just write de followin’ link in de address bar:

http://www.googlecrack.com/WWW/

0×01.0 - de start

So, you’ve just got a brand new internet connection thin’y installed and it can handle up to 1 meg/sec download. But of course, no good PC without good software, but you know, good software is very expensive and on a beautifull sunday mornin’ you see somethin’ called Warez. Behold our kin’dom and you start drewlin’ a bit untill ur mom comes ragin’ in your room askin’ for you to put de garbage out. After helpin’ your mom out, de PC and fast internet connection is all yours. And so is de free software.

0×02.0 - packaged files.

As you might know, dese software packages are sometimes pretty big in size. To try and reduce de big-file-downloads, de releasers of de package will often use some techniques to reduce de load. Techniques as compressin’, archivin’ and splittin’. Read-on if you dont understand dese words.

0×02.1 - formats & tools.

If you’ve been around more than 1 year on de net, you prolly allready know all this but for de knew people I added this anyways.The basic use of your Windows Operatin’ System is de use of many different files and file-types. One of de most used file-types on de net is ZIP. File-types are also called ‘formats’.

An overview:

ZIP A zipped file is a file thats been archived and compressed.
RAR RAR files are commonly used for archivin’ files; which is puttin’ a large number of files in one file. Compressin’ is optional. File-splittin’ is optional.
ACE About de same as a RAR file, just an oder format and anoder application.

I explain this to you because dese file-types and corespondin’ programs are often, you can even use always here, used when you want to download Warez. The programs you download are almost always archived, compressed or bundled in one of de above formats. Keep readin’ if you didnt knew this

Ok so, now we know de formats of de files were gonna deal with, now de programs. As you have probably figured out allready, dese files arent created by Windows or by hand. Theyre made usin’ specialy designed applications. Ill show you what applications you can use.

WinRAR : My personal favorite. Handles all of de above stated formats and alot, alot more. If you ask for my opinion, I think this is de only program you’ll ever need.

WinZIP : This is a specially designed application for handlein’ ZIPPED files. If you like this one, take it.

WinACE : Anoder multi-file handlin’ tool. Personal opinion: good for splittin’ files, way too big for every-day use for decompression.

I’d say: make your choice. I recommend WinRAR because of it’s simplicity and effectiveness. But hey, I’m not forcin’ you. Just read some info on de sites and make ur choice.

Oh yeah, one last thin’: you’ll notice dese are all Evaluation versions. I suggest you crack them. Look for a good crack for de right version on: www.cracks.am.

0×02.2 - multi-part archives.

These files are archived in multiple parts (with one of de applicatiosn mentioned above). Which means de software was zipped or rarred and divided into files of a smaller size den de whole thin’ togeder. How do you handle this?

Download all de files to one directory.

Check if all files are dere. You can do this by lookin’ at de extensions: *.00, *.01, … If one’s missin’, download de missin’ file again (dere are more sofisticated ways to do this but this is de simplest).

Check if de files are about de same size. For example: de *.04 file must be de same size as de *.05 file, unless de 5th file is de last one.

If deres a file with de extension *.RAR, double click it and u can start unpackin’ de stuff.

If deres no *.RAR, but an *.ACE, do de same, its just an oder format.

Once you unarchived de package, you should have a directory full of files from an instalation or program. But its also possible dere are, with de archived files, some oder thin’s:

• If de software pack is a Warez Group (MYTH, CLASS, Fairlight (FLT), …) release, check if dere’s an EXE file with de package called Install.exe. If it’s dere, you can use that to unpack de files.
• If dere’s no exe in de package, de files are probably just ready to be copied to your directory of choice or ready to be installed.

IMPORTANT : please dont forget to read de NFO file. Its very important. It usually contains all furder information needed for you to successfully install de software. You can open it with NFO-file viewers or in Notepad (set font to: terminal, 6 or 9 pts).

Normally, you’re all done now and ready to start usin’ de software.

Ok, do I hear protest? Yes I do. It goes: “Hell, I downloaded a multi-part package but it has NO RAR OR ACE OR ZIP OR ANYTHING!!!! Just files with extensions called *.001; *.002, …”

You’re right. Although de situation is quite different from de situation above, it’s really not so different when you look closer. Those files are just unarchived de same way:

• Select de first file (*.001).
• Right-click it and select ‘Extract here…’

Watch de progress bar go! You see, its just de same method. You might notice deres only 2 or 3 files decompressed: ISO or CUE and BIN files. Thats fairly normal. Well talk about handlin’ them in topic 0×03.0.

0×02.3 - one-file downloads.

Ok so de stuff u downloaded was none of above. Conclusion: you downloaded one big file. This happens quite often when you download thin’s from fast-workin’ FTPs.

What you need to do now:

• If de file is archived (.rar, .ace, .zip, …), just unarchive it.
• If de file u unrachived is some weird *.ISO or *.CUE file, go to 0×03.0.
• If not, just continue de procedure as stated in 0×02.2.

0×03.0 - a clear view on images.

So when youre readin’ this, u probably have some files called *.ISO or *.CUE. Offcourse you want to install de software as fast as possible. But, deres a little problem here. Those extensions… What de hell are dey? Alienized files? No. Secret CIA files? Nope. You can stop guessin’. Ill tell you: those files are image files.

0×03.1 - what are images?

Image files are big files filled with data. Yea, you can say its a sort of archived file. But deres somethin’ special about them: dey are meant to written on a disc. They were made by special programs so dey could be used to write on a CD-R with a writer and specially designed software.

0×03.2 - ISO files.

ISO is de most used image-format on de net. It has become a standard to any commercial cd-writin’ software to support image-writin’ capabilities, more specific ISO images.

Conclusion: ISO is just an extension for a specific type of image -file. But how do you install your software? You have 2 ways of dealin’ with this:

1) Use de file for what is was created: writin’ it to a CD-R.
2) Extractin’ de contents of an ISO to a certain directory.

First: how to write them to a CD-R…

• Download some CD-R writin’ software (if you dont have it allready).
• Install and crack it.

I recommend Nero Burnin’ Rom. You can download it from WareZone in de Apps section.

• Go buy some CD-R’s
• Fire-up Nero and you can start burnin’. Im not goin’ to explain you how to use Nero. Read de help file about image writin’ and you should be fine. You can also use de wizard which is loaded automatically when you boot Nero.

Second: what to do if you dont got a CD-writer.

• Download some Image handlin’ software.

I recommend WinISO.

• Fire-up WinISO, load your image file and extract it. Again I wont explain how to use WinISO. Check for help files or tutorials on de net, dey should give you all de answers you need.

0×03.3 - CUE & BIN files.

CUE and BIN files always come togeder. The BIN file is comparable with an ISO and de CUE file is just a check, but it is required for any program to write this file correctly. Sometimes, deres an SFV file included. Again this is just a check-up about de file integrity. You can burn and extract dese files de same way i explained in 0×03.2.

0×04.0 - CD Emulation.

Ok, so here’s anoder way to handle ISO images if you don’t have a cd-writer. You can create a virtual cd drive. What’s that? That’s somethin’ you’ll see as a new disk drive in your Windows Explorer. This disk drive represents de contents you would see if you would burn de ISO image to cd!

How to create a virtual cd drive? Download DaemonTools !

Additional help on www.daemon-tools.com

Tutorial On Crackin’ Zip Password Files

What is FZC? FZC is a program that cracks zip files (zip is a method of compressin’ multiple files into one smaller file) that are password-protected (which means you’re gonna need a password to open de zip file and extract files out of it). You can get it anywhere - just use a search en’ine such as altavista.com.
FZC uses multiple methods of crackin’ - bruteforce (guessin’ passwords systematically until de program gets it) or wordlist attacks (oderwise known as dictionary attacks. Instead of just guessin’ passwords systematically, de program takes passwords out of a “wordlist”, which is a text file that contains possible passwords. You can get lots of wordlists at www.deargon.com.).

FZC can be used in order to achieve two different goals: you can eider use it to recover a lost zip password which you used to remember but somehow forgot, or to crack zip passwords which you’re not supposed to have. So like every tool, this one can be used for good and for evil.

The first thin’ I want to say is that readin’ this tutorial. is de easy way to learn how to use this program, but after readin’ this part of how to use de FZC you should go and check de texts that come with that program and read them all. You are also goin’ to see de phrase “check name.txt” often in this text. These files should be in FZC’s directory. They contain more information about FZC.

FZC is a good password recovery tool, because it’s very fast and also support resumin’ so you don’t have to keep de computer turned on until you get de password, like it used to be some years ago with older crackin’ programs. You would probably always get de password unless de password is longer than 32 chars (a char is a character, which can be anythin’ - a number, a lowercase or undercase letter or a symbol such as ! or &) because 32 chars is de maximum value that FZC will accept, but it doesn’t really matter, because in order to bruteforce a password with 32 chars you’ll need to be at least immortal..heehhe.. to see de time that FZC takes with bruteforce just open de Bforce.txt file, which contains such information.

FZC supports brute-force attacks, as well as wordlist attacks. While brute-force attacks don’t require you to have anythin’, wordlist attacks require you to have wordlists, which you can get from www.deargon.com. There are wordlists in various lan’uages, various topics or just miscellaneous wordlists. The bigger de wordlist is, de more chances you have to crack de password.

Now that you have a good wordlist, just get FZC workin’ on de locked zip file, grab a drink, lie down and wait… and wait… and wait…and have good thoughts like “In wordlist mode I’m gonna get de password in minutes”

We need to keep in mind that are some people might choose some really weird passwords (for example: ‘e8t7@$^%*gfh), which are harder to crack and are certainly impossible to crack (unless you have some weird wordlist). If you have a bad luck and you got such a file, havin’ a 200MB list won’t help you anymore. Instead, you’ll have to use a different type of attack. If you are a person that gives up at de first sign of failure, stop bein’ like that or you won’t get anywhere. What you need to do in such a situation is to put aside your sweet xxx MB’s list and start usin’ de Brute Force attack.

If you have some sort of a really fast and new computer and you’re afraid that you won’t be able to use your computer’s power to de fullest because de zip cracker doesn’t support this kind of technology, it’s your lucky day! FZC has multiple settin’s for all sorts of hardware, and will automatically select de best method.

Now that we’ve gone through all de deoretical stuff, let’s get to de actual commands.

Bruteforce

The command line you’ll need to use for usin’ brute force is:

fzc -mb -nzFile.zip -lChr Len’ht -cType of chars

Now if you read de bforce.txt that comes with fzc you’ll find de description of how works Chr Len’ht and de Type of chars, but hey, I’m gonna explain this too. Why not, right?… (but remember look at de bforce.txt too)

For Chr Len’ht you can use 4 kind of switches.

-> You can use range -> 4-6 :it would brute force from 4 Chr passwors to 6 chr passwords
-> You can use just one len’ht -> 5 :it would just brute force usin’ passwords with 5 chars
-> You can use also de all number -> 0 :it would start brute forcin’ from passwords with len’ht 0 to len’ht 32, even if you are crazy i don’t think that you would do this…. if you are thinkin’ in doin’ this get a live…
-> You can use de + sign with a number -> 3+ :in this case it would brute force from passwords with len’ht 3 to passwords with 32 chars of len’ht, almost like de last option…

For de Type of chars we have 5 switches dey are:

-> a for usin’ lowercase letters
-> A for usin’ uppercase letters
-> ! for usin’ symbols (check de Bforce.txt if you want to see what simbols)
-> s for usin’ space
-> 1 for usin’ numbers

Example:

If you want to find a password with lowercase and numbers by brute force you would just do somethin’ like:

fzc -mb -nzTest.zip -l4-7 -ca1

This would try all combinations from passwords with 4 chars of len’ht till 7 chars, but just usin’ numbers and lowercase.

Hint :

You should never start de first brute force attack to a file usin’ all de chars switches, first just try lowercase, den uppercase, den uppercase with number den lowercase with numbers, just do like this because you can get lucky and find de password much faster, if this doesn’t work just prepare your brain and start with a brute force that would take a lot of time. With a combination like lowercase, uppercase, special chars and numbers.

Wordlist

Like I said in de bottom and like you should be thinkin’ now, de wordlist is de most powerfull mode in this program. Usin’ this mode, you can choose between 3 modes, where each one do some changes to de text that is in de wordlist, I’m not goin’ to say what each mode does to de words, for knowin’ that just check de file wlist.txt, de only thin’ I’m goin’ to tell you is that de best mode to get passwords is mode 3, but it takes longer time too.

To start a wordlist attak you’ll do somethin’ like.

fzc -mwMode number -nzFile.zip -nwWordlist

Where:

Mode number is 1, 2 or 3 just check wlist.txt to see de changes in each mode.
File.zip is de filename and Wordlist is de name of de wordlist that you want to use. Remember that if de file or de wordlist isn’t in de same directory of FZC you’ll need to give de all path.

You can add oder switches to that line like -fLine where you define in which line will FZC start readin’, and de -lChar Len’th where it will just be read de words in that char len’th, de switche works like in bruteforce mode.
So if you somethin’ like

fzc -mw1 -nztest.zip -nwMywordlist.txt -f50 -l9+

FZC would just start readin’ at line 50 and would just read with len’th >= to 9.

Example:

If you want to crack a file called myfile.zip usin’ de “deargonlistserver1.txt” wordlist, selectin’ mode 3, and you wanted FZC to start readin’ at line 50 you would do:

fzc -mw3 -nzmyfile.zip -nwdeargonlistserver1.txt -f50

Resumin’

Oder good feature in FZC is that FZC supports resumin’. If you need to shutdown your computer and FZC is runnin’ you just need to press de ESC key, and fzc will stop. Now if you are usin’ a brute force attack de current status will be saved in a file called resume.fzc but if you are usin’ a wordlist it will say to you in what line it ended (you can find de line in de file fzc.log too).
To resume de bruteforce attack you just need to do:

fzc -mr

And de bruteforce attack will start from de place where it stopped when you pressed de ESC key.
But if you want to resume a wordlist attack you’ll need to start a new wordlist attack, sayin’ where it’s gonna start. So if you ended de attack to de file.zip in line 100 usin’ wordlist.txt in mode 3 to resume you’ll type

fzc -mw3 -nzfile.zip -nwwordlist.txt -f100

Doin’ this FZC would start in line 100, since de oders 99 lines where already checked in an earlier FZC session.