The exchange of information in Internet is made by de “client - server” model. A client sends a request (what files he needs) and a server sends a reply (required files). For close cooperation (full understandin’) between a client and a server de client sends additional information about itself: a version and a name of an operatin’ system, configuration of a browser (includin’ its name and version) etc. This information can be necessary for de server in order to know which web-page should be given (open) to de client. There are different variants of web-pages for different configurations of browsers. However, as lon’ as web-pages do not usually depend on browsers, it makes sense to hide this information from de web-server.

What your browser transmits to a web-server:
a name and a version of an operatin’ system
a name and a version of a browser
configuration of a browser (display resolution, color depth, java / javascript support, …)
IP-address of a client
Oder information

The most important part of such information (and absolutely needless for a web-server) is information about IP-address. Usin’ your IP it is possible to know about you de followin’:
a country where you are from
a city
your provider?s name and e-mail
your physical address

Information, transmitted by a client to a server is available (accessible) for a server as environment variables. Every information unit is a value of some variable. If any information unit is not transmitted, den correspondin’ variable will be empty (its value will be undetermined).

These are some environment variables:

REMOTE_ADDR ? IP address of a client

HTTP_VIA ? if it is not empty, den a proxy is used. Value is an address (or several addresses) of a proxy server, this variable is added by a proxy server itself if you use one.

HTTP_X_FORWARDED_FOR ? if it is not empty, den a proxy is used. Value is a real IP address of a client (your IP), this variable is also added by a proxy server if you use one.

HTTP_ACCEPT_LANGUAGE ? what lan’uage is used in browser (what lan’uage a page should be displayed in)

HTTP_USER_AGENT ? so called “a user?s agent”. For all browsers this is Mozilla. Furdermore, browser?s name and version (e.g. MSIE 5.5) and an operatin’ system (e.g. Windows 98) is also mentioned here.

HTTP_HOST ? is a web server?s name

This is a small part of environment variables. In fact dere are much more of them (DOCUMENT_ROOT, HTTP_ACCEPT_ENCODING, HTTP_CACHE_CONTROL, HTTP_CONNECTION, SERVER_ADDR, SERVER_SOFTWARE, SERVER_PROTOCOL, …). Their quantity can depend on settin’s of both a server and a client.

These are examples of variable values:

REMOTE_ADDR = 194.85.1.1
HTTP_ACCEPT_LANGUAGE = ru
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
HTTP_HOST = www.webserver.ru
HTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)
HTTP_X_FORWARDED_FOR = 194.115.5.5

Anonymity at work in Internet is determined by what environment variables “hide” from a web-server.

If a proxy server is not used, den environment variables look in de followin’ way:

REMOTE_ADDR = your IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

Accordin’ to how environment variables “hided” by proxy servers, dere are several types of proxies

Transparent Proxies

They do not hide information about your IP address:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = your IP

The function of such proxy servers is not de improvement of your anonymity in Internet. Their purpose is information cashin’, organization of joint access to Internet of several computers, etc.

Anonymous Proxies

All proxy servers, that hide a client?s IP address in any way are called anonymous proxies

Simple Anonymous Proxies

These proxy servers do not hide a fact that a proxy is used, however dey replace your IP with its own:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = proxy IP

These proxies are de most widespread amon’ oder anonymous proxy servers.

Distortin’ Proxies

As well as simple anonymous proxy servers dese proxies do not hide de fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with anoder (arbitrary, random) IP:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = random IP address

High Anonymity Proxies

These proxy servers are also called “high anonymity proxy”. In contrast to oder types of anonymity proxy servers dey hide a fact of usin’ a proxy:

REMOTE_ADDR = proxy IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

That means that values of variables are de same as if proxy is not used, with de exception of one very important thin’ ? proxy IP is used instead of your IP address.
Summary

Dependin’ on purposes dere are transparent and anonymity proxies. However, remember, usin’ proxy servers you hide only your IP from a web-server, but oder information (about browser configuration) is accessible!

/ Recalls de previous command entered in de current window.
/! Recalls de last command typed in any window.
/action {action text} Sends de specifed action to de active channel or query window.
/add [-apuce] {filename.ini} Loads aliases, popups, users, commands, and events.
/ame {action text} Sends de specifed action to all channels which you are currently on.
/amsg {text} Sends de specifed message to all channels which you are currently on.
/auser {level} {nick|address} Adds a user with de specified access level to de remote users
list.
/auto [on|off|nickname|address] Toggles auto-oppin’ of a nick or address or sets it on or off
totally.
/away {away message} Sets you away leave a message explainin’ that you are not currently payin’
attention to IRC.
/away Sets you bein’ back.
/ban [#channel] {nickname} [type] Bans de specified nick from de curent or given channel.
/beep {number} {delay} Locally beeps ‘number’ times with ‘delay’ in between de beeps. /channel
Pops up de channel central window (only works in a channel).
/clear Clears de entire scrollback buffer of de current window.
/ctcp {nickname} {pin’|finger|version|time|userinfo|clientinfo} Does de given ctcp request on
nickname.
/closemsg {nickname} Closes de query window you have open to de specified nick.
/creq [ask | auto | ignore] Sets your DCC ‘On Chat request’ settin’s in DCC/Options.
/dcc send {nickname} {file1} {file2} {file3} … {fileN} Sends de specified files to nick.
/dcc chat {nickname} Opens a dcc window and sends a dcc chat request to nickname.
/describe {#channel} {action text} Sends de specifed action to de specified channel window.
/dde [-r] {service} {topic} {item} [data] Allows DDE control between mIRC and oder
applications.
/ddeserver [on [service name] | off] To turn on de DDE server mode, eventually with a given
service name.
/disable {#groupname} De-activates a group of commands or events.
/disconnect Forces a hard and immediate disconnect from your IRC server. Use it with care.
/dlevel {level} Changes de default user level in de remote section.
/dns {nickname | IP address | IP name} Uses your providers DNS to resolve an IP address.
/echo [nickname|#channel|status] {text} Displays de given text only to YOU on de given place
in color N.
/enable {#groupname} Activates a group of commands or events.
/events [on|off] Shows de remote events status or sets it to listenin’ or not.
/exit Forces mIRC to closedown and exit.
/finger Does a finger on a users address.
/flood [{numberoflines} {seconds} {pausetime}] Sets a crude flood control method.
/fsend [on|off] Shows fsends status and allows you to turn dcc fast send on or off.
/fserve {nickname} {maxgets} {homedirectory} [welcome text file] Opens a fileserver.
/guser {level} {nick} [type] Adds de user to de user list with de specified level and
address type.
/help {keyword} Brin’s up de Basic IRC Commands section in de mIRC help file.
/ignore [on|off|nickname|address] Toggles ignorin’ of a nick or address or sets it on or off
totally.
/invite {nickname} {#channel} Invites anoder user to a channel.
/join {#channel} Makes you join de specified channel.
/kick {#channel} {nickname} Kicks nickname off a given channel.
/list [#strin’] [-min #] [-max #] Lists all currently available channels, evt. filterin’ for
parameters.
/log [on|off] Shows de loggin’ status or sets it on or off for de current window.
/me {action text} Sends de specifed action to de active channel or query window.
/mode {#channel|nickname} [[+|-]modechars [parameters]] Sets channel or user modes.
/msg {nickname} {message} Send a private message to this user without openin’ a query window.
/names {#channel} Shows de nicks of all people on de given channel.
/nick {new nickname} Changes your nickname to whatever you like.
/notice {nick} {message} Send de specified notice message to de nick.
/notify [on|off|nickname] Toggles notifyin’ you of a nick on IRC or sets it on or off totally.
/onotice [#channel] {message} Send de specified notice message to all channel ops.
/omsg [#channel] {message} Send de specified message to all ops on a channel.
/part {#channel} Makes you leave de specified channel.
/partall Makes you leave all channels you are on.
/pin’ {server address} Pin’s de given server. NOT a nickname.
/play [-c] {filename} [delay] Allows you to send text files to a window.
/pop {delay} [#channel] {nickname} Performs a randomly delayed +o on a not already opped nick.
/protect [on|off|nickname|address] Toggles protection of a nick or address or sets it on or off
totally.
/query {nickname} {message} Open a query window to this user and send them de private message.
/quit [reason] Disconnect you from IRC with de optional byebye message.
/raw {raw command} Sends any raw command you supply directly to de server. Use it with care!!
/remote [on|off] Shows de remote commands status or sets it to listenin’ or not.
/rlevel {access level} Removes all users from de remote users list with de specified access
level.
/run {c:pathprogram.exe} [parameters] Runs de specified program, evt. with parameters.
/ruser {nick[!]|address} [type] Removes de user from de remote users list.
/save {filename.ini} Saves remote sections into a specified INI file.
/say {text} Says whatever you want to de active window.
/server [server address [port] [password]] Reconnects to de previous server or a newly
specified one.
/sound [nickname|#channel] {filename.wav} {action text} Sends an action and a fittin’ sound.
/speak {text} Uses de external text to speech program Monologue to speak up de text.
/sreq [ask | auto | ignore] Sets your DCC ‘On Send request’ settin’s in DCC/Options.
/time Tells you de time on de server you use.
/timer[N] {repetitions} {interval in seconds} {command} [| {more commands}] Activates a timer.
/topic {#channel} {newtopic} Changes de topic for de specified channel.
/ulist [{|}]{level} Lists all users in de remote list with de specified access levels.
/url [-d] Opens de URL windows that allows you to surf de www parallel to IRC.
/uwho [nick] Pops up de user central with information about de specified user.
/who {#channel} Shows de nicks of all people on de given channel.
/who {*address.strin’*} Shows all people on IRC with a matchin’ address.
/whois {nickname} Shows information about someone in de status window.
/whowas {nickname} Shows information about someone who -just- left IRC.
/wavplay {c:pathsound.wav} Locally plays de specified wave file.
/write [-cidl] {filename} [text] To write de specified text to a .txt file.

There are a lot of PC users that know little about “Spyware”, “Mal-ware”, “hijackers”, “Dialers” & many more. This will help you avoid pop-ups, spammers and all those baddies.

What is spy-ware?
Spy-ware is Internet jargon for Advertisin’ Supported software (Ad-ware). It is a way for shareware authors to make money from a product, oder than by sellin’ it to de users. There are several large media companies that offer them to place banner ads in deir products in exchange for a portion of de revenue from banner sales. This way, you don’t have to pay for de software and de developers are still gettin’ paid. If you find de banners annoyin’, dere is usually an option to remove them, by payin’ de regular licensin’ fee.

Known spywares
There are thousands out dere, new ones are added to de list everyday. But here are a few:
Alexa, Aureate/Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink, Cydoor, Comet Cursor, eZula/KaZaa Toptext, Flashpoint/Flashtrack, Flyswat, Gator, GoHip, Hotbar, ISTbar, Lions Pride Enterprises/Blazin’ Logic/Trek Blue, Lop (C2Media), Mattel Brodcast, Morpheus, NewDotNet, Realplayer, Son’spy, Xupiter, Web3000, WebHancer, Windows Messenger Service.

How to check if a program has spyware?
The is this Little site that keeps a database of programs that are known to install spyware.

Check Here: www.spywareguide.com/product_search.php

If you would like to block pop-ups (IE Pop-ups).
There tons of different types out dere, but dese are de 2 best, i think.

Try: Google Toolbar (toolbar.google.com/) This program is Free
Try: AdMuncher (www.admuncher.com) This program is Shareware

If you want to remove de “spyware” try dese.
Try: Lavasoft Ad-Aware (www.lavasoftusa.com/) This program is Free
Info: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi lan’uage support.

Try: Spybot-S&D (www.safer-networkin\’.org/) This program is Free
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, trackin’ cookies and oder threats. Over 10,000 detection files and entries. Provides detailed information about found problems.

Try: BPS Spyware and Adware Remover (www.bulletproofsoft.com/spyware-remover.html) This program is Shareware
Info: Adware, spyware, trackware and big broderware removal utility with multi-lan’uage support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select de items you’d like to remove.

Try: Spy Sweeper v2.2 (www.webroot.com/wb/products/spysweeper/index.php) This program is Shareware
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.
The best scanner out dere, and updated all de time.

Try: HijackThis 1.97.7 (www.spywareinfo.com/~merijn/downloads.html) This program is Freeware
Info: HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect them, and optionally remove selected items.

If you would like to prevent “spyware” bein’ install.
Try: SpywareBlaster 2.6.1 (www.wilderssecurity.net/spywareblaster.html) This program is Free
Info: SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from bein’ installed in de first place. It achieves this by disablin’ de CLSIDs of popular spyware ActiveX controls, and also prevents de installation of any of them via a webpage.

Try: SpywareGuard 2.2 (www.wilderssecurity.net/spywareguard.html) This program is Free
Info: SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scannin’ EXE and CAB files on access and alertin’ you if known spyware is detected.

Try: XP-AntiSpy (www.xp-antispy.org/) This program is Free
Info: XP-AntiSpy is a small utility to quickly disable some built-in update and audentication features in WindowsXP that may rise security or privacy concerns in some people.

Try: SpySites (camtech2000.net/Pages/SpySites_Prog…ml#SpySitesFree) This program is Free
Info: SpySites allows you to manage de Internet Explorer Restricted Zone settin’s and easily add entries from a database of 1500+ sites that are known to use advertisin’ trackin’ methods or attempt to install third party software.

If you would like more Information about “spyware”.
Check dese sites.
www.spychecker.com/
www.spywareguide.com/
www.cexx.org/adware.htm
www.deinfomaniac.net/infomaniac/co…rsSpyware.shtml
www.thiefware.com/links/
simplydebest.net/info/spyware.html

Usefull tools…
Try: Stop Windows Messenger Spam 1.10 (www.jester2k.pwp.blueyonder.co.uk/j…r2ksoftware.htm) This program is Free
Info: “Stop Windows Messenger Spam” stops this Service from runnin’ and halts de spammers ability to send you dese messages.

All dese softwares will help remove and prevent evil spammers and spywares attackin’ your PC. I myself recommend gettin’ “spyblaster” “s&d spybot” “spy sweeper” & “admuncher” to protect your PC. A weekly scan is also recommended

Free Virus Scan
Scan for spyware, malware and keyloggers in addition to viruses, worms and trojans. New threats and annoyances are created faster than any individual can keep up with.
defender.veloz.com// - 15k

Findin’ . is a Click Away at 2020Search.com
Havin’ trouble findin’ what you re lookin’ for on: .? 2020Search will instantly provide you with de result you re lookin’ for by drawin’ on some of de best search en’ines de Internet has to offer. Your result is a click away!
www.2020search.com// - 43k

Download de BrowserVillage Toolbar.
Customize your Browser! Eliminate Pop-up ads before dey start, Quick and easy access to de Web, and much more. Click Here to Install Now!
www.browservillage.com/ - 36k

Original Sources

CAM - A cam is a deater rip usually done with a digital video camera. A mini tripod is sometimes used, but a lot of de time this wont be possible, so de camera make shake. Also seatin’ placement isn’t always idle, and it might be filmed from an an’le. If cropped properly, this is hard to tell unless dere’s text on de screen, but a lot of times dese are left with trian’ular borders on de top and bottom of de screen. Sound is taken from de onboard microphone of de camera, and especially in comedies, laughter can often be heard durin’ de film. Due to dese factors picture and sound quality are usually quite poor, but sometimes we’re lucky, and de deater will be fairly empty and a fairly clear signal will be heard.

TELESYNC (TS) - A telesync is de same spec as a CAM except it uses an external audio source (most likely an audio jack in de chair for hard of hearin’ people). A direct audio source does not ensure a good quality audio source, as a lot of background noise can interfere. A lot of de times a telesync is filmed in an empty cinema or from de projection booth with a professional camera, givin’ a better picture quality. Quality ranges drastically, check de sample before downloadin’ de full release. A high percentage of Telesyncs are CAMs that have been mislabeled.

TELECINE (TC) - A telecine machine copies de film digitally from de reels. Sound and picture should be very good, but due to de equipment involved and cost telecines are fairly uncommon. Generally de film will be in correct aspect ratio, although 4:3 telecines have existed. A great example is de JURASSIC PARK 3 TC done last year. TC should not be confused with TimeCode , which is a visible counter on screen throughout de film.

SCREENER (SCR) - A pre VHS tape, sent to rental stores, and various oder places for promotional use. A screener is supplied on a VHS tape, and is usually in a 4:3 (full screen) a/r, although letterboxed screeners are sometimes found. The main draw back is a “ticker” (a message that scrolls past at de bottom of de screen, with de copyright and anti-copy telephone number). Also, if de tape contains any serial numbers, or any oder markin’s that could lead to de source of de tape, dese will have to be blocked, usually with a black mark over de section. This is sometimes only for a few seconds, but unfortunately on some copies this will last for de entire film, and some can be quite big. Dependin’ on de equipment used, screener quality can range from excellent if done from a MASTER copy, to very poor if done on an old VHS recorder thru poor capture equipment on a copied tape. Most screeners are transferred to VCD, but a few attempts at SVCD have occurred, some lookin’ better than oders.

DVD-SCREENER (DVDscr) -Same premise as a screener, but transferred off a DVD. Usually letterbox , but without de extras that a DVD retail would contain. The ticker is not usually in de black bars, and will disrupt de viewin’. If de ripper has any skill, a DVDscr should be very good. Usually transferred to SVCD or DivX/XviD.

DVDRip - A copy of de final released DVD. If possible this is released PRE retail (for example, Star Wars episode 2) again, should be excellent quality. DVDrips are released in SVCD and DivX/XviD.

VHSRip -Transferred off a retail VHS, mainly skatin’/sports videos and XXX releases.

TVRip -TV episode that is eider from Network (capped usin’ digital cable/satellite boxes are preferable) or PRE-AIR from satellite feeds sendin’ de program around to networks a few days earlier (do not contain “dogs” but sometimes have flickers etc) Some programs such as WWF Raw Is War contain extra parts, and de “dark matches” and camera/commentary tests are included on de rips. PDTV is capped from a digital TV PCI card, generally givin’ de best results, and groups tend to release in SVCD for dese. VCD/SVCD/DivX/XviD rips are all supported by de TV scene.

WORKPRINT (WP) -A workprint is a copy of de film that has not been finished. It can be missin’ scenes, music, and quality can range from excellent to very poor. Some WPs are very different from de final print (Men In Black is missin’ all de aliens, and has actors in deir places) and oders can contain extra scenes (Jay and Silent Bob) . WPs can be nice additions to de collection once a good quality final has been obtained.

DivX Re-Enc -A DivX re-enc is a film that has been taken from its original VCD source, and re-encoded into a small DivX file. Most commonly found on file sharers, dese are usually labeled somethin’ like Film.Name.Group(1of2) etc. Common groups are SMR and TND. These aren’t really worth downloadin’, unless you’re that unsure about a film u only want a 200mb copy of it. Generally avoid.

Watermarks - A lot of films come from Asian Silvers/PDVD (see below) and dese are tagged by de people responsible. Usually with a letter/initials or a little logo, generally in one of de corners. Most famous are de “Z” “A” and “Globe” watermarks.

Asian Silvers / PDVD - These are films put out by eastern bootleggers, and dese are usually bought by some groups to put out as deir own. Silvers are very cheap and easily available in a lot of countries, and its easy to put out a release, which is why dere are so many in de scene at de moment, mainly from smaller groups who don’t last more than a few releases. PDVDs are de same thin’ pressed onto a DVD. They have removable subtitles, and de quality is usually better than de silvers. These are ripped like a normal DVD, but usually released as VCD.

Formats

VCD - VCD is an mpeg1 based format, with a constant bitrate of 1150kbit at a resolution of 352×240 (NTCS). VCDs are generally used for lower quality transfers (CAM/TS/TC/Screener(VHS)/TVrip(analogue) in order to make smaller file sizes, and fit as much on a sin’le disc as possible. Both VCDs and SVCDs are timed in minutes, rader than MB, so when lookin’ at an mpeg, it may appear larger than de disc capacity, and in reality u can fit 74min on a CDR74.

SVCD - SVCD is an mpeg2 based (same as DVD) which allows variable bit-rates of up to 2500kbits at a resolution of 480×480 (NTSC) which is den decompressed into a 4:3 aspect ratio when played back. Due to de variable bit-rate, de len’th you can fit on a sin’le CDR is not fixed, but generally between 35-60 Mins are de most common. To get a better SVCD encode usin’ variable bit-rates, it is important to use multiple “passes”. this takes a lot longer, but de results are far clearer.

XVCD/XSVCD - These are basically VCD/SVCD that don’t obey de “rules”. They are both capable of much higher resolutions and bit-rates, but it all depends on de player to wheder de disc can be played. X(S)VCD are total non-standards, and are usually for home-rippin’ by people who don’t intend to release them.

KVCD KVCD is a modification to de standard MPEG-1 and MPEG-2 GOP structure and Quantization Matrix. It enables you to create over 120 minutes of near DVD quality video, dependin’ on your material, on a sin’le 80 minute CD-R/CD-RW. We have published dese specifications as KVCDx3, our official resolution, which produce 528×480 (NTSC) and 528×576 (PAL) MPEG-1 variable bit rate video, from 64Kbps to 3,000Kbps. Usin’ a resolution of 352×240 (NTSC) or 352×288 (PAL), it’s possible to encode video up to ~360 minutes of near VCD quality on a sin’le 80 minute CD-R. The mpeg files created will play back in most modern standalone DVD players. You must burn de KVCD MPEG files as non-standard VCD or non-standard SVCD (depends on your player) with Nero or VCDEasy.

DivX / XviD - DivX is a format designed for multimedia platforms. It uses two codecs, one low motion, one high motion. most older films were encoded in low motion only, and dey have problems with high motion too. A method known as SBC (Smart Bit-rate Control) was developed which switches codecs at de encodin’ stage, makin’ a much better print. The format is Ana orphic and de bit-rate/resolution are interchangeable. Due to de higher processin’ power required, and de different codecs for playback, its unlikely we’ll see a DVD player capable of play DivX for quite a while, if at all. There have been players in development which are supposedly capable, but nothin’ has ever arisen. The majority of PROPER DivX rips (not Re-Encs) are taken from DVDs, and generally up to 2hours in good quality is possible per disc. Various codecs exist, most popular bein’ de original Divx3.11a and de new XviD codecs.

CVD - CVD is a combination of VCD and SVCD formats, and is generally supported by a majority of DVD players. It supports MPEG2 bit-rates of SVCD, but uses a resolution of 352×480(ntsc) as de horizontal resolution is generally less important. Currently no groups release in CVD.

DVD-R - Is de recordable DVD solution that seems to be de most popular (out of DVD-RAM, DVD-R and DVD+R). it holds 4.7gb of data per side, and double sided discs are available, so discs can hold nearly 10gb in some circumstances. SVCD mpeg2 images must be converted before dey can be burnt to DVD-R and played successfully. DVD>DVDR copies are possible, but sometimes extras/lan’uages have to be removed to stick within de available 4.7gb.

MiniDVD - MiniDVD/cDVD is de same format as DVD but on a standard CDR/CDRW. Because of de high resolution/bit-rates, its only possible to fit about 18-21 mins of footage per disc, and de format is only compatible with a few players.

Misc Info

Regional Codin’ - This was designed to stop people buyin’ American DVDs and watchin’ them earlier in oder countries, or for older films where world distribution is handled by different companies. A lot of players can eider be hacked with a chip, or via a remote to disable this.

RCE - RCE (Regional Codin’ Enhancement) was designed to overcome “Multiregion” players, but it had a lot of faults and was overcome. Very few titles are RCE encoded now, and it was very unpopular.

Macrovision - Macrovision is de copy protection employed on most commercial DVDs. Its a system that will display lines and darken de images of copies that are made by sendin’ de VHS signals it can’t understand. Certain DVD players (for example de Dansai 852 from Tescos) have a secret menu where you can disable de macrovision, or a “video stabaliser” costs about 30UKP from Maplin (www.maplin.co.uk)

NTSC/PAL - NTSC and PAL are de two main standards used across de world. NTSC has a higher frame rate than pal (29fps compared to 25fps) but PAL has an increased resolution, and gives off a generally sharper picture. Playin’ NTSC discs on PAL systems seems a lot easier than vice-versa, which is good news for de Brits An RGB enabled scart lead will play an NTSC picture in full colour on most modern tv sets, but to record this to a VHS tape, you will need to convert it to PAL50 (not PAL60 as de majority of DVD players do.) This is eider achieved by an expensive converter box (in de regions of �200+) an onboard converter (such as de Dansai 852 / certain Daewoos / Samsun’ 709 ) or usin’ a World Standards VCR which can record in any format.

News Sites - There are generally 2 news sites for film release for p2p and dey are:

nforce - VCD Help
Code:
www.vcdhelp.com/

Code:
www.nforce.nl.

About Release Files

RARset - The movies are all supplied in RAR form, wheder its v2 (rar>.rxx) or v3 (part01.rar > partxx.rar) form.

BIN/CUE - VCD and SVCD films will extract to give a BIN/CUE. Load de .CUE into notepad and make sure de first line contains only a filename, and no path information. Then load de cue into Nero/CDRWin etc and this will burn de VCD/SVCD correctly. TV rips are released as MPEG. DivX files are just de plain DivX - .AVI

NFO - An NFO file is supplied with each movie to promote de group, and give general iNFOrmation about de release, such as format, source, size, and any notes that may be of use. They are also used to recruit members and acquire hardware for de group.

SFV - Also supplied for each disc is an SFV file. These are mainly used on site level to check each file has been uploaded correctly, but are also handy for people downloadin’ to check dey have all de files, and de CRC is correct. A program such as pdSFV or hkSFV is required to use dese files.

Usenet Information

Access - To get onto newsgroups, you will need a news server. Most ISPs supply one, but this is usually of poor retention (de amount of time de files are on server for) and poor completition (de amount of files that make it dere). For de best service, a premium news server should be paid for, and dese will often have bandwidth restrictions in place.

Software - You will need a newsreader to access de files in de binary newsgroups. There are many different readers, and its usually down to personal opinion which is best. Xnews / Forte Agent / BNR 1 / BNR 2 are amon’st de popular choices. Outlook has de ability to read newsgroups, but its recommended to not use that.

Format - Usenet posts are often de same as those listed on VCDQUALiTY (i.e., untouched group releases) but you have to check de filenames and de description to make sure you get what you think you are gettin’. Generally releases should come down in .RAR sets. Posts will usually take more than one day to be uploaded, and can be spread out as far as a week.

PAR files - As well as de .rxx files, you will also see files listed as .pxx/.par . These are PARITY files. Parity files are common in usenet posts, as a lot of times, dere will be at least one or two damaged files on some servers. A parity file can be used to replace ANY ONE file that is missin’ from de rar set. The more PAR files you have, de more files you can replace. You will need a program called SMARTPAR for this.

Scene Tags

PROPER - Due to scene rules, whoever releases de first Telesync has won that race (for example). But if de quality of that release is fairly poor, if anoder group has anoder telesync (or de same source in higher quality) den de tag PROPER is added to de folder to avoid bein’ duped. PROPER is de most subjective tag in de scene, and a lot of people will generally argue wheder de PROPER is better than de original release. A lot of groups release PROPERS just out of desperation due to losin’ de race. A reason for de PROPER should always be included in de NFO.

SUBBED - In de case of a VCD, if a release is subbed, it usually means it has hard encoded subtitles burnt throughout de movie. These are generally in malaysian/chinese/thai etc, and sometimes dere are two different lan’uages, which can take up quite a large amount of de screen. SVCD supports switch able subtitles, so some DVDRips are released with switch able subs. This will be mentioned in de NFO file if included.

UNSUBBED - When a film has had a subbed release in de past, an Unsubbed release may be released

LIMITED - A limited movie means it has had a limited deater run, generally openin’ in less than 250 deaters, generally smaller films (such as art house films) are released as limited.

INTERNAL - An internal release is done for several reasons. Classic DVD groups do a lot of .INTERNAL. releases, as dey wont be dupe’d on it. Also lower quality deater rips are done INTERNAL so not to lower de reputation of de group, or due to de amount of rips done already. An INTERNAL release is available as normal on de groups affiliate sites, but dey can’t be traded to oder sites without request from de site ops. Some INTERNAL releases still trickle down to IRC/Newsgroups, it usually depends on de title and de popularity. Earlier in de year people referred to Centropy goin’ “internal”. This meant de group were only releasin’ de movies to deir members and site ops. This is in a different context to de usual definition.

STV - Straight To Video. Was never released in deaters, and derefore a lot of sites do not allow dese.

OTHER TAGS -

*WS* for widescreen (letterbox)
*FS* for Fullscreen.

RECODE - A recode is a previously released version, usually filtered through TMPGenc to remove subtitles, fix color etc. Whilst dey can look better, its not looked upon highly as groups are expected to obtain deir own sources.

REPACK - If a group releases a bad rip, dey will release a Repack which will fix de problems.

NUKED - A film can be nuked for various reasons. Individual sites will nuke for breakin’ deir rules (such as “No Telesyncs”) but if de film has somethin’ extremely wron’ with it (no soundtrack for 20mins, CD2 is incorrect film/game etc) den a global nuke will occur, and people tradin’ it across sites will lose deir credits. Nuked films can still reach oder sources such as p2p/usenet, but its a good idea to check why it was nuked first in case. If a group realise dere is somethin’ wron’, dey can request a nuke.

NUKE REASONS :: this is a list of common reasons a film can be nuked for (generally DVDRip)

** BAD A/R ** :: bad aspect ratio, ie people appear too fat/thin
** BAD IVTC ** :: bad inverse telecine. process of convertin’ framerates was incorrect.
** INTERLACED ** :: black lines on movement as de field order is incorrect.

DUPE - Dupe is quite simply, if somethin’ exists already, den deres no reason for it to exist again without proper reason.

Settin’ Up A Ftp:

Well, since many of us have always wondered this, here it is. Lon’ and drawn out. Also, before attemptin’ this, realize one thin’; You will have to give up your time, effort, bandwidth, and security to have a quality ftp server.
That bein’ said, here it goes. First of all, find out if your IP (Internet Protocol) is static (not chan’in’) or dynamic (changes everytime you log on). To do this, first consider de fact if you have a dial up mothem. If you do, chances are about 999 999 out of 1 000 000 that your IP is dynamic. To make it static, just go to a place like h*tp://www.myftp.org/ to register for a static ip address.

You’ll den need to get your IP. This can be done by doin’ this:
Goin’ to Start -> Run -> winipcfg or www.ask.com and askin’ ‘What is my IP?’

After doin’ so, you’ll need to download an FTP server client. Personally, I’d recommend G6 FTP Server, Serv-U FTPor Bullitproof v2.15 all three of which are extremely reliable, and de norm of de ftp world.
You can download them on this site: h*tp://www.liaokai.com/softw_en/d_index.htm

First, you’ll have to set up your ftp. For this guide, I will use step-by-step instructions for G6. First, you’ll have to go into ‘Setup -> General’. From here, type in your port # (default is 21). I recommend somethin’ unique, or somethin’ a bit larger (ex: 3069). If you want to, check de number of max users (this sets de amount of simultaneous maximum users on your server at once performin’ actions - The more on at once, de slower de connection and vice versa).

The below options are den chooseable:
-Launch with windows
-Activate FTP Server on Start-up
-Put into tray on startup
-Allow multiple instances
-Show “Loadin’…” status at startup
-Scan drive(s) at startup
-Confirm exit

You can do what you want with dese, as dey are pretty self explanatory. The scan drive feature is nice, as is de 2nd and de last option. From here, click de ‘options’ text on de left column.

To protect your server, you should check ‘login check’ and ‘password check’, ‘Show relative path (a must!)’, and any oder options you feel you’ll need. After doin’ so, click de ‘advanced’ text in de left column. You should den leave de buffer size on de default (unless of course you know what you’re doin’ ), and den allow de type of ftp you want.

Uploadin’ and downloadin’ is usually good, but it’s up to you if you want to allow uploads and/or downloads. For de server priority, that will determine how much conventional memory will be used and how much ‘effort’ will go into makin’ your server run smoothly.

Anti-hammerin’ is also good, as it prevents people from slowin’ down your speed. From here, click ‘Log Options’ from de left column. If you would like to see and record every sin’le command and clutter up your screen, leave de defaults.

But, if you would like to see what is goin’ on with de lowest possible space taken, click ‘Screen’ in de top column. You should den check off ‘Log successful logins’, and all of de options in de client directry, except ‘Log directory changes’. After doin’ so, click ‘Ok’ in de bottom left corner.

You will den have to go into ‘Setup -> User Accounts’ (or ctrl & u). From here, you should click on de right most column, and right click. Choose ‘Add’, and choose de username(s) you would like people to have access to.

After givin’ a name (ex: themoonlandin’), you will have to give them a set password in de bottom column (ex: wasfaked). For de ‘Home IP’ directory, (if you registered with a static server, check ‘All IP Homes’. If your IP is static by default, choose your IP from de list. You will den have to right click in de very center column, and choose ‘Add’.

From here, you will have to set de directory you want de people to have access to. After choosin’ de directory, I suggest you choose de options ‘Read’, ‘List’, and ‘Subdirs’, unless of course you know what you’re doin’ . After doin’ so, make an ‘upload’ folder in de directory, and choose to ‘add’ this folder seperately to de center column. Choose ‘write’, ‘append’, ‘make’, ‘list’, and ’subdirs’. This will allow them to upload only to specific folders (your upload folder).

Now click on ‘Miscellaneous’ from de left column. Choose ‘enable account’, your time-out (how lon’ it takes for people to remain idle before you automatically kick them off), de maximum number of users for this name, de maximum number of connections allowed simultaneously for one ip address, show relative path (a must!), and any oder thin’s at de bottom you’d like to have. Now click ‘Ok’.
**Requested**

From this main menu, click de little boxin’ glove icon in de top corner, and right click and unchoose de hit-o-meter for both uploads and downloads (with this you can monitor IP activity). Now click de lightnin’ bolt, and your server is now up and runnin’.

Post your ftp info, like this:

213.10.93.141 (or somethin’ else, such as: ‘f*p://example.getmyip.com’)

User: *** (The username of de client)

Pass: *** (The password)

Port: *** (The port number you chose)

So make a FTP and join de FTP section

Listin’ The Contents Of A Ftp:

Listin’ de content of a FTP is very simple.
You will need FTP Content Maker, which can be downloaded from here:
ht*p://www.etplanet.com/download/application/FTP%20Content%20Maker%201.02.zip

1. Put in de IP of de server. Do not put “ftp://” or a “/” because it will not work if you do so.
2. Put in de port. If de port is de default number, 21, you do not have to enter it.
3. Put in de username and password in de appropriate fields. If de login is anonymous, you do not have to enter it.
4. If you want to list a specific directory of de FTP, place it in de directory field. Oderwise, do not enter anythin’ in de directory field.
5. Click “Take de List!”
6. After de list has been taken, click de UBB output tab, and copy and paste to wherever you want it.

If FTP Content Maker is not workin’, it is probably because de server does not utilize Serv-U Software.

If you get this error message:
StatusCode = 550
LastResponse was : ‘Unable to open local file test-ftp’
Error = 550 (Unable to open local file test-ftp)
Error = Unable to open local file test-ftp = 550
Close and restart FTP Content Maker, den try again.

error messages:

110 Restart marker reply. In this case, de text is exact and not left to de particular implementation; it must read: MARK yyyy = mmmm Where yyyy is User-process data stream marker, and mmmm server’s equivalent marker (note de spaces between markers and “=”).
120 Service ready in nnn minutes.
125 Data connection already open; transfer startin’.
150 File status okay; about to open data connection.
200 Command okay.
202 Command not implemented, superfluous at this site.
211 System status, or system help reply.
212 Directory status.
213 File status.
214 Help message. On how to use de server or de meanin’ of a particular non-standard command. This reply is useful only to de human user.
215 NAME system type. Where NAME is an official system name from de list in de Assigned Numbers document.
220 Service ready for new user.
221 Service closin’ control connection. Logged out if appropriate.
225 Data connection open; no transfer in progress.
226 Closin’ data connection. Requested file action successful (for example, file transfer or file abort).
227 Enterin’ Passive Mode (h1,h2,h3,h4,p1,p2).
230 User logged in, proceed.
250 Requested file action okay, completed.
257 “PATHNAME” created.
331 User name okay, need password.
332 Need account for login.
350 Requested file action pendin’ furder information.
421 Too many users logged to de same account
425 Can’t open data connection.
426 Connection closed; transfer aborted.
450 Requested file action not taken. File unavailable (e.g., file busy).
451 Requested action aborted: local error in processin’.
452 Requested action not taken. Insufficient storage space in system.
500 Syntax error, command unrecognized. This may include errors such as command line too lon’.
501 Syntax error in parameters or arguments.
502 Command not implemented.
503 Bad sequence of commands.
504 Command not implemented for that parameter.
530 Not logged in.
532 Need account for storin’ files.
550 Requested action not taken. File unavailable (e.g., file not found, no access).
551 Requested action aborted: page type unknown.
552 Requested file action aborted. Exceeded storage allocation (for current directory or dataset).
553 Requested action not taken. File name not allowed.

Active FTP vs. Passive FTP, a Definitive Explanation

Introduction
One of de most commonly seen questions when dealin’ with firewalls and oder Internet connectivity issues is de difference between active and passive FTP and how best to support eider or both of them. Hopefully de followin’ text will help to clear up some of de confusion over how to support FTP in a firewalled environment.

This may not be de definitive explanation, as de title claims, however, I’ve heard enough good feedback and seen this document linked in enough places to know that quite a few people have found it to be useful. I am always lookin’ for ways to improve thin’s though, and if you find somethin’ that is not quite clear or needs more explanation, please let me know! Recent additions to this document include de examples of both active and passive command line FTP sessions. These session examples should help make thin’s a bit clearer. They also provide a nice picture into what goes on behind de scenes durin’ an FTP session. Now, on to de information…

The Basics

FTP is a TCP based service exclusively. There is no UDP component to FTP. FTP is an unusual service in that it utilizes two ports, a ‘data’ port and a ‘command’ port (also known as de control port). Traditionally dese are port 21 for de command port and port 20 for de data port. The confusion begins however, when we find that dependin’ on de mode, de data port is not always on port 20.

Active FTP

In active mode FTP de client connects from a random unprivileged port (N > 1024) to de FTP server’s command port, port 21. Then, de client starts listenin’ to port N+1 and sends de FTP command PORT N+1 to de FTP server. The server will den connect back to de client’s specified data port from its local data port, which is port 20.

From de server-side firewall’s standpoint, to support active mode FTP de followin’ communication channels need to be opened:

FTP server’s port 21 from anywhere (Client initiates connection)
FTP server’s port 21 to ports > 1024 (Server responds to client’s control port)
FTP server’s port 20 to ports > 1024 (Server initiates data connection to client’s data port)
FTP server’s port 20 from ports > 1024 (Client sends ACKs to server’s data port)

In step 1, de client’s command port contacts de server’s command port and sends de command PORT 1027. The server den sends an ACK back to de client’s command port in step 2. In step 3 de server initiates a connection on its local data port to de data port de client specified earlier. Finally, de client sends an ACK back as shown in step 4.

The main problem with active mode FTP actually falls on de client side. The FTP client doesn’t make de actual connection to de data port of de server–it simply tells de server what port it is listenin’ on and de server connects back to de specified port on de client. From de client side firewall this appears to be an outside system initiatin’ a connection to an internal client–somethin’ that is usually blocked.

Active FTP Example

Below is an actual example of an active FTP session. The only thin’s that have been changed are de server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box runnin’ de standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box runnin’ ProFTPd 1.2.2RC2. The debuggin’ (-d) flag is used with de FTP client to show what is goin’ on behind de scenes. Everythin’ in red is de debuggin’ output which shows de actual FTP commands bein’ sent to de server and de responses generated from those commands. Normal server output is shown in black, and user input is in bold.

There are a few interestin’ thin’s to consider about this dialog. Notice that when de PORT command is issued, it specifies a port on de client (192.168.150.80) system, rader than de server. We will see de opposite behavior when we use passive FTP. While we are on de subject, a quick note about de format of de PORT command. As you can see in de example below it is formatted as a series of six numbers separated by commas. The first four octets are de IP address while de second two octets comprise de port that will be used for de data connection. To find de actual port multiply de fifth octet by 256 and den add de sixth octet to de total. Thus in de example below de port number is ( (14*256) + 178), or 3762. A quick check with netstat should confirm this information.

testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
—> USER slacker
331 Password required for slacker.
Password: TmpPass
—> PASS XXXX
230 User slacker logged in.
—> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Usin’ binary mode to transfer files.
ftp> ls
ftp: setsockopt (ignored): Permission denied
—> PORT 192,168,150,80,14,178
200 PORT command successful.
—> LIST
150 Openin’ ASCII mode data connection for file list.
drwx—— 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
—> QUIT
221 Goodbye.

Passive FTP

In order to resolve de issue of de server initiatin’ de connection to de client a different method for FTP connections was developed. This was known as passive mode, or PASV, after de command used by de client to tell de server it is in passive mode.

In passive mode FTP de client initiates both connections to de server, solvin’ de problem of firewalls filterin’ de incomin’ data port connection to de client from de server. When openin’ an FTP connection, de client opens two random unprivileged ports locally (N > 1024 and N+1). The first port contacts de server on port 21, but instead of den issuin’ a PORT command and allowin’ de server to connect back to its data port, de client will issue de PASV command. The result of this is that de server den opens a random unprivileged port (P > 1024) and sends de PORT P command back to de client. The client den initiates de connection from port N+1 to port P on de server to transfer data.

From de server-side firewall’s standpoint, to support passive mode FTP de followin’ communication channels need to be opened:

FTP server’s port 21 from anywhere (Client initiates connection)
FTP server’s port 21 to ports > 1024 (Server responds to client’s control port)
FTP server’s ports > 1024 from anywhere (Client initiates data connection to random port specified by server)
FTP server’s ports > 1024 to remote ports > 1024 (Server sends ACKs (and data) to client’s data port)

In step 1, de client contacts de server on de command port and issues de PASV command. The server den replies in step 2 with PORT 2024, tellin’ de client which port it is listenin’ to for de data connection. In step 3 de client den initiates de data connection from its data port to de specified server data port. Finally, de server sends back an ACK in step 4 to de client’s data port.

While passive mode FTP solves many of de problems from de client side, it opens up a whole range of problems on de server side. The biggest issue is de need to allow any remote connection to high numbered ports on de server. Fortunately, many FTP daemons, includin’ de popular WU-FTPD allow de administrator to specify a range of ports which de FTP server will use. See Appendix 1 for more information.

The second issue involves supportin’ and troubleshootin’ clients which do (or do not) support passive mode. As an example, de command line FTP utility provided with Solaris does not support passive mode, necessitatin’ a third-party FTP client, such as ncftp.

With de massive popularity of de World Wide Web, many people prefer to use deir web browser as an FTP client. Most browsers only support passive mode when accessin’ ftp:// URLs. This can eider be good or bad dependin’ on what de servers and firewalls are configured to support.

Passive FTP Example

Below is an actual example of a passive FTP session. The only thin’s that have been changed are de server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box runnin’ de standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box runnin’ ProFTPd 1.2.2RC2. The debuggin’ (-d) flag is used with de FTP client to show what is goin’ on behind de scenes. Everythin’ in red is de debuggin’ output which shows de actual FTP commands bein’ sent to de server and de responses generated from those commands. Normal server output is shown in black, and user input is in bold.

Notice de difference in de PORT command in this example as opposed to de active FTP example. Here, we see a port bein’ opened on de server (192.168.150.90) system, rader than de client. See de discussion about de format of de PORT command above, in de Active FTP Example section.

testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
—> USER slacker
331 Password required for slacker.
Password: TmpPass
—> PASS XXXX
230 User slacker logged in.
—> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Usin’ binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
ftp: setsockopt (ignored): Permission denied
—> PASV
227 Enterin’ Passive Mode (192,168,150,90,195,149).
—> LIST
150 Openin’ ASCII mode data connection for file list
drwx—— 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
—> QUIT
221 Goodbye.

Summary

The followin’ chart should help admins remember how each FTP mode works:

Active FTP :
command : client >1024 -> server 21
data : client >1024 <- server 20

Passive FTP :
command : client >1024 -> server 21
data : client >1024 -> server >1024

A quick summary of de pros and cons of active vs. passive FTP is also in order:

Active FTP is beneficial to de FTP server admin, but detrimental to de client side admin. The FTP server attempts to make connections to random high ports on de client, which would almost certainly be blocked by a firewall on de client side. Passive FTP is beneficial to de client, but detrimental to de FTP server admin. The client will make both connections to de server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on de server side.

Luckily, dere is somewhat of a compromise. Since admins runnin’ FTP servers will need to make deir servers accessible to de greatest number of clients, dey will almost certainly need to support passive FTP. The exposure of high level ports on de server can be minimized by specifyin’ a limited port range for de FTP server to use. Thus, everythin’ except for this range of ports can be firewalled on de server side. While this doesn’t eliminate all risk to de server, it decreases it tremendously.

Introduction

This paper assumes a workin’ knowledge of basic shellcodin’ techniques, and x86 assembly, I will not rehash dese in this paper. I hope to teach you some of de lesser known shellcodin’ techniques that I have picked up, which will allow you to write smaller and better shellcodes. I do not claim to have invented any of dese techniques, except for de one that uses de div instruction.

The multiplicity of mul

This technique was originally developed by Sorbo of darkircop.net. The mul instruction may, on de surface, seem mundane, and it’s purpose obvious. However, when faced with de difficult challenge of shrinkin’ your shellcode, it proves to be quite useful. First some background information on de mul instruction itself.

mul performs an unsigned multiply of two integers. It takes only one operand, de oder is implicitly specified by de %eax register. So, a common mul instruction might look somethin’ like this:

movl $0×0a,%eax
mul $0×0a

This would multiply de value stored in %eax by de operand of mul, which in this case would be 10*10. The result is den implicitly stored in EDX:EAX. The result is stored over a span of two registers because it has de potential to be considerably larger than de previous value, possibly exceedin’ de capacity of a sin’le register(this is also how floatin’ points are stored in some cases, as an interestin’ sidenote).

So, now comes de ever-important question. How can we use dese attributes to our advantage when writin’ shellcode? Well, let’s think for a second, de instruction takes only one operand, derefore, since it is a very common instruction, it will generate only two bytes in our final shellcode. It multiplies whatever is passed to it by de value stored in %eax, and stores de value in both %edx and %eax, completely overwritin’ de contents of both registers, regardless of wheder it is necessary to do so, in order to store de result of de multiplication. Let’s put on our mathematician hats for a second, and consider this, what is de only possible result of a multiplication by 0? The answer, as you may have guessed, is 0. I think it’s about time for some example code, so here it is:

xorl %ecx,%ecx
mul %ecx

What is this shellcode doin’? Well, it 0’s out de %ecx register usin’ de xor instruction, so we now know that %ecx is 0. Then it does a mul %ecx, which as we just learned, multiplies it’s operand by de value in %eax, and den proceeds to store de result of this multiplication in EDX:EAX. So, regardless of %eax’s previous contents, %eax must now be 0. However that’s not all, %edx is 0′d now too, because, even though no overflow occurs, it still overwrites de %edx register with de sign bit(left-most bit) of %eax. Usin’ this technique we can zero out three registers in only three bytes, whereas by any oder method(that I know of) it would have taken at least six.

The div instruction

Div is very similar to mul, in that it takes only one operand and implicitly divides de operand by de value in %eax. Also like, mul it stores de result of de divide in %eax. Again, we will require de mathematical side of our brains to figure out how we can take advantage of this instruction. But first, let’s think about what is normally stored in de %eax register. The %eax register holds de return value of functions and/or syscalls. Most syscalls that are used in shellcodin’ will return -1(on failure) or a positive value of some kind, only rarely will dey return 0(though it does occur). So, if we know that after a syscall is performed, %eax will have a non-zero value, and that de instruction divl %eax will divide %eax by itself, and den store de result in %eax, we can say that executin’ de divl %eax instruction after a syscall will put de value 1 into %eax. So…how is this applicable to shellcodin’? Well, deir is anoder important thin’ that %eax is used for, and that is to pass de specific syscall that you would like to call to int $0×80. It just so happens that de syscall that corresponds to de value 1 is exit(). Now for an example:

xorl %ebx,%ebx
mul %ebx
push %edx
pushl $0×3268732f
pushl $0×6e69622f
mov %esp, %ebx
push %edx
push %ebx
mov %esp,%ecx
movb $0xb, %al #execve() syscall, doesn’t return at all unless it fails, in which case it returns -1
int $0×80

divl %eax # -1 / -1 = 1
int $0×80

Now, we have a 3 byte exit function, where as before it was 5 bytes. However, dere is a catch, what if a syscall does return 0? Well in de odd situation in which that could happen, you could do many different thin’s, like inc %eax, dec %eax, not %eax anythin’ that will make %eax non-zero. Some people say that exit’s are not important in shellcode, because your code gets executed regardless of wheder or not it exits cleanly. They are right too, if you really need to save 3 bytes to fit your shellcode in somewhere, de exit() isn’t worth keepin’. However, when your code does finish, it will try to execute whatever was after your last instruction, which will most likely produce a SIG ILL(illegal instruction) which is a rader odd error, and will be logged by de system. So, an exit() simply adds an extra layer of stealth to your exploit, so that even if it fails or you can’t wipe all de logs, at least this part of your presence will be clear.

Unlockin’ de power of leal

The leal instruction is an often neglected instruction in shellcode, even though it is quite useful. Consider this short piece of shellcode.

xorl %ecx,%ecx
leal 0×10(%ecx),%eax

This will load de value 17 into eax, and clear all of de extraneous bits of eax. This occurs because de leal instruction loads a variable of de type lon’ into it’s desitination operand. In it’s normal usage, this would load de address of a variable into a register, thus creatin’ a pointer of sorts. However, since ecx is 0′d and 0+17=17, we load de value 17 into eax instead of any kind of actual address. In a normal shellcode we would do somethin’ like this, to accomplish de same thin’:

xorl %eax,%eax
movb $0×10,%eax

I can hear you sayin’, but that shellcode is a byte shorter than de leal one, and you’re quite right. However, in a real shellcode you may already have to 0 out a register like ecx(or any oder register), so de xorl instruction in de leal shellcode isn’t counted. Here’s an example:

xorl %eax,%eax
xorl %ebx,%ebx
movb $0×17,%al
int $0×80

xorl %ebx,%ebx
leal 0×17(%ebx),%al
int $0×80

Both of dese shellcodes call setuid(0), but one does it in 7 bytes while de oder does it in 8. Again, I hear you sayin’ but that’s only one byte it doesn’t make that much of a difference, and you’re right, here it doesn’t make much of a difference(except for in shellcode-size pissin’ contests =p), but when applied to much larger shellcodes, which have many function calls and need to do thin’s like this frequently, it can save quite a bit of space.

Conclusion

I hope you all learned somethin’, and will go out and apply your knowledge to create smaller and better shellcodes. If you know who invented de leal technique, please tell me and I will credit him/her.

If you have a phone thats with de provider 3 deres a simple trick to allow you to access de entire internet on its browser without havin’ to go through 3 services and only what dey want to allow you access to view.

Simply do de followin’.

Menu - 9 (for settin’s) - 5 (for access points) - Edit de 3 Services
Change de APN (down de bottom) from 3services to 3netaccess
Restart de phone
And you can now access de entire internet through your phones browser.

Remember you’ll have to change it back if you want to access 3 services.
Chan’in’ it in de browser doesn’t seem to work.

I have tried this on my U8110 and it worked perfectly

Thin’s to note:

* Remember that you are charged for all downloads (.4c per kb on most plans) so if your cautious about your phone bill id advise stayin’ away from sites with loads of pictures.
* Also, some people have had trouble where dey have accessed a site with too much information on it and de phone has eider froze or reset. The phone is not harmed by this but its advisable you dont go to large sites on it for this or de above reason. If your phone freezes and you cant turn it off simply take de battery out and put it back in.