Install Trick

Did you know how much stuff you can do with an ip address?

There is a plenty of tutorials  that go into how to get an IP Address from the preferred mark of your choice. Now I will not go into that subject. Alright so say we got the targets IP Address finally. What do we do with this IP Address. Well first you should ping the IP Address to make sure that its alive or how we say online. Now at the bottom I will include some links where you can get some key tools that may help on your journey through the electronic jungle. So we need to find places to get inside of the computer so we can start trying to find a way to "hack" that. Port Scanners are used to identify the open ports on a machine thats running on a network, whether its a router, or a desktop computer, they all have ports. Protocols use these ports to communicate with other services and resources on the network.  Well Blues Port Scanner will scan the IP address that you chose and identify open ports that are on the target box. 

Blues Port Scaner you can download from here:

PluesPortScaner

For example:
Idlescan using Zombie <Domain Name> (192.150.13.111:80); Class: Incremental
Interesting ports on 208.225.90.120:
(The 65522 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
25/tcp open smtp
80/tcp open http
111/tcp open sunrpc
135/tcp open loc-srv
443/tcp open https 1027/tcp open IIS
1030/tcp open iad1
2306/tcp open unknown
5631/tcp open pcanywheredata
7937/tcp open unknown
7938/tcp open unknown
36890/tcp open unknown

In example we see that there are a variety of ports open on this box. Take note of all the ports that you see listed before you. Most of them will be paired up with the type of protocol that uses that port (IE. 80-HTTP 25-SMTP Etc.). Take all that information and paste it into notepad or the editor of your choice. This is the beginning of your targets record. So now we know what ports are open. These are all theoretical points of entry where we could wiggle into the computer system. But we all know its not that easy. Alright so we dont even know what type of software or what operating system that this system is running.

NMAP the Port Scanner has unique OS fingerprinting methods so when the program sees a certain series of ports open it uses its best judgement to guess what operating system its running.

NMAP you can download here:

NMAP5.51

So we have to figure out what type of software this box is running if we are gonna start hacking the thing right? Many of you have used TELNET for your MUDS and MOOS and weird multiplayer text dungeons and many of you havent even heard of it before period. TELNET is used to open a remote connection to an IP Address through a Port. So this means is we are accessing their computer from across the internet, all we need is their IP address and a port number. With that record you are starting to compile, open a TELNET connection to the IP Address and enter one of the open ports that you found on the target.
So say we typed 'TELNET -o xxx.xxx.xxx.xxx 25' This command will open up a connection through port 25 to the IP xxx.xxx.xxx.xxx. Now you may see some text at the very top of the screen. You may think how is text going to help me. Well It will. Get that list you are starting to write, and copy the banners into your compilation of the information youve gathered on your target. Banners/Headers are what you get when you TELNET to the open ports. Heres an example of a banner from port 25.

220 jesus.gha.chartermi.net ESMTP Sendmail 8.12.8/8.12.8; Fri, 7 Oct 2005 01:22:29 -0400

Now this is a very important part in the enumeration process. You notice it says 'Sendmail 8.12.8/8.12.8' Well what do you know, we now have discovered a version number. This is where we can start identifying the programs running on the machine. There are some instances in which companies will try and falsify their headers/banners so hackers are unable to find out what programs are truly installed. Now just copy all the banners from all the open ports *Some Ports May Have No Bannners* and organize them in the little record we have of the target. Now we have all the open ports, and a list of the programs running and their version numbers. This is some of the most sensitive information you can come across in the networking world. Other points of interest may be the DNS server, that contains lots of information and if you are able to manipulate it than you can pretend to hotmail, and steal a bunch of peoples email. Well now back to the task. Apart from actual company secrets and secret configurations of the network hardware, you got some good juicy info. http://www.securityfocus.com is a very good resource for looking up software vulnerabilities. If you cant find any vulnerabilities there, search on google. There are many, many, many other sites that post vulnerabilities that their groups find and their affiliates.

At SecurityFocus you can search through vendor and whatnot to try and find your peice of software, or you can use the search box. When i searched SecurityFocus i found a paper on how Sendmail 8.12.8 had a buffer overflow. There was proof of concept code where they wrote the shellcode and everything, so if you ran the code with the right syntax, a command prompt would just spawn. You should notice a (#) on the line where your code is being typed. That pound symbol means that the command prompt window thats currently open was opened as root. The highest privilage on a UNIX/Linux Box. You have just successfully hacked a box. Now that you have a command shell in front of you, you can start doing whatever you want, delete everything if you want to be a  jerk, however that is not recommended. Maybe leave a text file saying how you did it and that they should patch their system. Whoever they are. And many times the best thing you can do is just lay in the shadows, dont let anyone know what you did. More often than not this is the path you are going to want to take to avoid unwanted visits by the authorities.

There are many types of exploits out there, some are Denial of Service exploits, where you shut down a box, or render an application/process unusable. Called denial of service simply because you are denying a service on someones box to everyone trying to access it. Buffer Overflow exploits are involved when a variable inside some code doesnt have any input validation. Each letter you enter in for the string variable will be 1 byte long. Now where the variables are located at when they are in use by a program is called the buffer. Now what do you think overflowing the buffer means. We overflow the buffer so we can get to a totally different memory address. Then people write whats called shellcode in hex. This shellcode is what returns that command prompt when you run the exploit. That wasnt the best description of a buffer overflow, however all you need to remember is that garbage data fills up the data registers so then the buffer overflows and allows for remote execution of almost every command available. There are many, many other types of attacks that cannot all be described here, like man-in-the-middle attacks where you spoof who you are. Performed correctly, the slave will enter http://www.bank.com and his connection will be redirected to your site where you can make a username and password box, make the site look legit. And your poor mark will enter their credentials into your site, when they think its really http://www.bank.com. You need to have a small script set up so it will automatiically display like an error or something once they try and log in with their credentials. This makes it seem like the site is down and the slave doenst give it a second thought and will simply try again later.

So as a summary of how to own a box when you only have an IP Address
Method Works On both *Nix and Windoze

You can do the same with domain names (IE google.com) than what you can with IP Addresses. Run a whois Lookup or something along those lines. Or check up on InterNIC you should be able to resolve the domain name to an IP address.

- Port Scan The Address And Record Open Ports
- Telnet To Open Ports To Identify Software Running On Ports

netcat - Network swiss army knife. Like TELNET only better and with a lot more functionality. Both can be used when you are trying to fingerprint software on open ports

- Record Banners And Take Note Of The Application Running and The Version Number
- Take A Gander Online At SecurityFocus.com or Eeye.com. If you cant find any vulnerabilities then search google.
- Make a copy of some Proof-Of-Concept code for the vulnerability.

I will not teach you how to cover your track. This is prohibited and i put that here only for informational reasons.

Windows+F1 Open Windows Help

Windows+Tab Cycle through the Taskbar buttons

Windows+Break Open the System Properties dialog box

Acessability shortcuts

Right SHIFT for eight seconds........ Switch FilterKeys on and off.

Left ALT +left SHIFT +PRINT SCREEN....... Switch High Contrast on and off.

Left ALT +left SHIFT +NUM LOCK....... Switch MouseKeys on and off.

SHIFT....... five times Switch StickyKeys on and off.

NUM LOCK...... for five seconds Switch ToggleKeys on and off.

Explorer shortcuts

END....... Display the bottom of the active window.

HOME....... Display the top of the active window.

NUM LOCK+ASTERISK....... on numeric keypad (*) Display all subfolders under the selected folder.

NUM LOCK+PLUS SIGN....... on numeric keypad (+) Display the contents of the selected folder.

NUM LOCK+MINUS SIGN....... on numeric keypad (-) Collapse the selected folder.

LEFT ARROW...... Collapse current selection if it's expanded, or select parent folder.

RIGHT ARROW....... Display current selection if it's collapsed, or select first subfolder.

Type the following commands in your Run Box (Windows Key + R) or Start Run

devmgmt.msc = Device Manager

msinfo32 = System Information

cleanmgr = Disk Cleanup

ntbackup = Backup or Restore Wizard (Windows Backup Utility)

mmc = Microsoft Management Console

excel = Microsoft Excel (If Installed)

msaccess = Microsoft Access (If Installed)

powerpnt = Microsoft PowerPoint (If Installed)

winword = Microsoft Word (If Installed)

frontpg = Microsoft FrontPage (If Installed)

notepad = Notepad

wordpad = WordPad

calc = Calculator

msmsgs = Windows Messenger

mspaint = Microsoft Paint

wmplayer = Windows Media Player

rstrui = System Restore

netscp6 = Netscape 6.x

netscp = Netscape 7.x

netscape = Netscape 4.x

waol = America Online

control = Opens the Control Panel

control printers = Opens the Printers Dialog

Internetbrowser

type in u're adress "google", then press [Right CTRL] and [Enter]

add www. and .com to word and go to it

For Windows XP( about 2% are not wirking for vista and 7)

Copy. CTRL+C

Cut. CTRL+X

Paste. CTRL+V

Undo. CTRL+Z

Delete. DELETE

Delete selected item permanently without placing the item in the Recycle Bin. SHIFT+DELETE

Copy selected item. CTRL while dragging an item

Create shortcut to selected item. CTRL+SHIFT while dragging an item

Rename selected item. F2

Move the insertion point to the beginning of the next word. CTRL+RIGHT ARROW

Move the insertion point to the beginning of the previous word. CTRL+LEFT ARROW

Move the insertion point to the beginning of the next paragraph. CTRL+DOWN ARROW

Move the insertion point to the beginning of the previous paragraph. CTRL+UP ARROW

Highlight a block of text. CTRL+SHIFT with any of the arrow keys

Select more than one item in a window or on the desktop, or select text within a document. SHIFT with any of the arrow keys

Select all. CTRL+A

Search for a file or folder. F3

View properties for the selected item. ALT+ENTER

Close the active item, or quit the active program. ALT+F4

Opens the shortcut menu for the active window. ALT+SPACEBAR

Close the active document in programs that allow you to have multiple documents open simultaneously. CTRL+F4

Switch between open items. ALT+TAB

Cycle through items in the order they were opened. ALT+ESC

Cycle through screen elements in a window or on the desktop. F6

Display the Address bar list in My Computer or Windows Explorer. F4

Display the shortcut menu for the selected item. SHIFT+F10

Display the System menu for the active window. ALT+SPACEBAR

Display the Start menu. CTRL+ESC

Display the corresponding menu. ALT+Underlined letter in a menu name

Carry out the corresponding command. Underlined letter in a command name on an open menu

Activate the menu bar in the active program. F10

Open the next menu to the right, or open a submenu. RIGHT ARROW

Open the next menu to the left, or close a submenu. LEFT ARROW

Refresh the active window. F5

View the folder one level up in My Computer or Windows Explorer. BACKSPACE

Cancel the current task. ESC

SHIFT when you insert a CD into the CD-ROM drive Prevent the CD from automatically playing.

Use these keyboard shortcuts for dialog boxes:

To Press

Move forward through tabs. CTRL+TAB

Move backward through tabs. CTRL+SHIFT+TAB

Move forward through options. TAB

Move backward through options. SHIFT+TAB

Carry out the corresponding command or select the corresponding option. ALT+Underlined letter

Carry out the command for the active option or button. ENTER

Select or clear the check box if the active option is a check box. SPACEBAR

Select a button if the active option is a group of option buttons. Arrow keys

Display Help. F1

Display the items in the active list. F4

Open a folder one level up if a folder is selected in the Save As or Open dialog box. BACKSPACE

If you have a Microsoft Natural Keyboard, or any other compatible keyboard that includes the Windows logo key and the Application key , you can use these keyboard shortcuts:

Display or hide the Start menu. WIN Key

Display the System Properties dialog box. WIN Key+BREAK

Show the desktop. WIN Key+D

Minimize all windows. WIN Key+M

Restores minimized windows. WIN Key+Shift+M

Open My Computer. WIN Key+E

Search for a file or folder. WIN Key+F

Search for computers. CTRL+WIN Key+F

Display Windows Help. WIN Key+F1

Lock your computer if you are connected to a network domain, or switch users if you are not connected to a network domain. WIN Key+ L

Open the Run dialog box. WIN Key+R

Open Utility Manager. WIN Key+U

accessibility keyboard shortcuts:

Switch FilterKeys on and off. Right SHIFT for eight seconds

Switch High Contrast on and off. Left ALT+left SHIFT+PRINT SCREEN

Switch MouseKeys on and off. Left ALT +left SHIFT +NUM LOCK

Switch StickyKeys on and off. SHIFT five times

Switch ToggleKeys on and off. NUM LOCK for five seconds

Open Utility Manager. WIN Key+U

shortcuts you can use with Windows Explorer:

Display the bottom of the active window. END

Display the top of the active window. HOME

Display all subfolders under the selected folder. NUM LOCK+ASTERISK on numeric keypad (*)

Display the contents of the selected folder. NUM LOCK+PLUS SIGN on numeric keypad (+)

Collapse the selected folder. NUM LOCK+MINUS SIGN on numeric keypad (-)

Collapse current selection if it's expanded, or select parent folder. LEFT ARROW

Display current selection if it's collapsed, or select first subfolder. RIGHT ARROW

First off in the bottom right hand corner of your computer if you see alot of icons start up there when you first start your computer then this is for you if you dont know already how to get rid of em.

Press your Start Button (bottom left) and go to "run"

now type in: msconfig

now you will get a box that pops up and will tell you bunch of stuff dont mess with anything else other than what I tell you otherwise you could do something really bad (possible) go to your "startup" tab on the top right of the screen where it usually is and click it.

Now you will have a closed in box with bunch of filenames n addresses and more boxes with checks in them. Now if your like me you dont want anything startin up when you start you computer up or while your even doing anything cause it slows you down. Now unless your like me right now 1 have 1 thing starting up when my computer starts up and thats my settings for my overclocked vid card. But other than that uncheck every box and then hit apply and ok. Then window you were jus in will now close and ask you if you want to restart or wait till later to restart.

Removing Items

A lot of programs you install will add themselves to the right-click menu of your files and/or folders. And most times, you have no choice in the matter and, as a result, your right-click menu can get very long with added items you don't even use. The last person I was helping with this had a right context menu so long that the Rename option was no longer visible!

Fortunately, you can easily remove those unwanted menu items, if you know the registry values to edit. And it's not at all difficult once you know the keys responsible for the additions.

For Files, the secret lies in the "context menu handlers" under the shellex subkey for "All Files" which, in the registry, is nothing but an asterisk - like a dos wildcard, which means the values entered apply to all files. It is at the very top of the Root key, right here:


Now run (windows + r) and type regedit:





HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

Click the the + sign next to the ContextMenuHandlers key, to expand it.
Now you will see some of the programs that have added items to your right-click menu. Simply delete the program keys you don't want.
Yup! It's that simple. If deleting makes you uneasy, just export the key before deleting it. Or, instead of deleting the values, disable them. Simply double click the default value for the program on the right hand pane and rename the clsid value by placing a period or dash in front of it.

ie; - {b5eedee0-c06e-11cf-8c56-444553540000}

Then exit the registry, refresh, and right click a file to see if the item was removed from the menu.
Some programs - like WinZip or WinRar - will add several items to your right click menu but all of them will be removed by deleting or disabling their one context menu handler.

Note that the above key only applies to the right click menu of files.
To remove entries from the right click context menu of folders, you need to navigate to the Folder and Drive keys:

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers

All you have to do is follow the same procedure as for Files - either disable or delete items you wish to remove.

Adding Items

Adding Items to the right click menu of Files and Folders is also fairly simple using the Registry. It just involves the creation of a few new keys for each item you wish to add. You edit the same keys used for removing items. Let's use Notepad as an example of an item you'd like to add to the right click menu of all your files or folders.

For folders, go to this key:

HKEY_CLASSES_ROOT\Folder

Click the + sign next to Folder and expand it so that the Shell key is visible. Right click the Shell key and choose New>Key and name the key Notepad or whatever else you'd prefer (whatever the key is named is what will appear in the right-click menu). Now right click the new key you made and create another key named Command. Then, in the right hand pane, double click "Default" and enter Notepad.exe as the value.
Exit the registry, refresh, and right click any folder. Notepad should now be on the context menu.


For files, go here again:

HKEY_CLASSES_ROOT\*

Expand the * key and see if a Shell key exists. If it does exist, follow the same procedure as for folders. If it does not exist, you'll have to create a new Shell first. Just right click the * key and choose New>Key and name it Shell. Then right click the Shell key and continue on the same way you did for adding items to the right click menu of folders.

Note: This tutorial is for educational knowledge.

Hi there I will teach you how to make a prettysimple keygen, of a program called W3Filer 32 V1.1.3.W3Filer is a pretty good web downloader. I guess some of you might know the program.

I`ll assume you know:

A.How to use debugger (in this case, SoftIce).

B.How to crack, generally (finding protection routines,patching them,etc...).

C.How to use Disassembler (This knowledge can help).

D.Assembly.

E.How to code in Turbo Pascal ™.

Tools you`ll need:

A.SoftIce 3.00/01 or newer.

B.WD32Asm. (Not a must).

C.The program W3Filer V1.13.

D.Turbo Pascal (ANY version).

Run W3Filer 32.

A nag screen pops, and , demands registration (Hmm, this sux ;-)) Now,

We notice this program has some kind of serial number (Mine is 873977046),

Let's keep the serial in mind, I bet we`ll meet it again while we're on

the debugger.

Well, now, let's put your name and a dummy reg code. set a BP on GetDlgItemTextA, and, press OK.We pop inside GetDlgItemTextA, Lets find the registration routine...

I`ll save you the work, the registration routine is this:

:00404DB2 8D95A8FAFFFF lea edx, dword ptr [ebp+FFFFFAA8]

:00404DB8 52 push edx ---> Your user name here.

:00404DB9 E80B550000 call 0040A2C9 ---> Registration routine.

:00404DBE 83C408 add esp, 00000008 ---> Dunno exactly what is it.

:00404DC1 85C0 test eax, eax ---> Boolean identifier, 0 if

:00404DC3 7D17 jge 00404DDC ---> registration failed, 1 if

OK.

Well, Let's enter the CALL 40A2C9, and see what's inside it:

(Please read my comments in the code).

* Referenced by a CALL at Addresses:

|:00404DB9 , :00407F76

|

:0040A2C9 55 push ebp

:0040A2CA 8BEC mov ebp, esp

:0040A2CC 81C4B0FEFFFF add esp, FFFFFEB0

:0040A2D2 53 push ebx

:0040A2D3 56 push esi

:0040A2D4 57 push edi

:0040A2D5 8B5508 mov edx, dword ptr [ebp+08]

:0040A2D8 8DB500FFFFFF lea esi, dword ptr [ebp+FFFFFF00]

:0040A2DE 33C0 xor eax, eax

:0040A2E0 EB16 jmp 0040A2F8

* Referenced by a (U)nconditional or ©onditional Jump at Address:

|:0040A2FB©

|

:0040A2E2 0FBE0A movsx ecx, byte ptr [edx] ----> Here Starts the

interesting part.

:0040A2E5 83F920 cmp ecx, 00000020 ----> ECX is the the current

char in the user name, Hmm, 20h=' '...

:0040A2E8 740D je 0040A2F7 ----> Let's see,

:0040A2EA 8A0A mov cl, byte ptr [edx] ----> Generally, all this loop

does, is copying

the user name from

[EDX], to [ESI], WITHOUT the spaces!

(Keep this in mind! ).

:0040A2EC 880C06 mov byte ptr [esi+eax], cl

:0040A2EF 42 inc edx

:0040A2F0 40 inc eax

:0040A2F1 C6040600 mov byte ptr [esi+eax], 00

:0040A2F5 EB01 jmp 0040A2F8

* Referenced by a (U)nconditional or ©onditional Jump at Address:

|:0040A2E8©

|

:0040A2F7 42 inc edx

* Referenced by a (U)nconditional or ©onditional Jump at Addresses:

|:0040A2E0(U), :0040A2F5(U)

|

:0040A2F8 803A00 cmp byte ptr [edx], 00

:0040A2FB 75E5 jne 0040A2E2 ----------------> This is the loop , we got

what it does,

Let's continue tracing

the code...

:0040A2FD 56 push esi --------> The user name is pushed, in order

to

Upcase it's chars.

* Reference To: USER32.CharUpperA, Ord:0000h

|

:0040A2FE E80F330000 Call User!CharUpper ---> After this, our name is in

upper case.

:0040A303 56 push esi -----> Our name in upper case here.

* Reference To: cw3220mt._strlen, Ord:0000h

|

:0040A304 E86F300000 Call 0040D378 ---> This is the length of our name.

:0040A309 59 pop ecx

:0040A30A 8BC8 mov ecx, eax ---> ECX=Length.

:0040A30C 83F904 cmp ecx, 00000004 ---> Length>=4 (MUST).

:0040A30F 7D05 jge 0040A316 ---> Let's go to this address...

:0040A311 83C8FF or eax, FFFFFFFF

:0040A314 EB67 jmp 0040A37D

* Referenced by a (U)nconditional or ©onditional Jump at Address:

|:0040A30F©

|

:0040A316 33D2 xor edx, edx

:0040A318 33C0 xor eax, eax

:0040A31A 3BC8 cmp ecx, eax

:0040A31C 7E17 jle 0040A335 ---> (Not important, just another useless

checking).

One thing before we continue, EDX = 00000000h as we enter to the next instructions.

* Referenced by a (U)nconditional or ©onditional Jump at Address:

|:0040A333©

|

:0040A31E 0FBE1C06 movsx ebx, byte ptr [esi+eax] ---> EBX <--- char in user

name, offset EAX.

:0040A322 C1E303 shl ebx, 03 -----> Hmm, it shl's the char by 03h...

(Remember that).

:0040A325 0FBE3C06 movsx edi, byte ptr [esi+eax] ---> Now EDI <--- Char in

user name , offset EAX.

:0040A329 0FAFF8 imul edi, eax -----> It multiplies the char by the

offset in user name! (Remember that).

:0040A32C 03DF add ebx, edi -----> Adds the result to EBX (That was

Shelled (Ding Dong =)).

:0040A32E 03D3 add edx, ebx -----> EDX=EDX+EBX!!! - This is the CORE

of this registration routine!!!

:0040A330 40 inc eax -----> Increase EAX by one (next char).

:0040A331 3BC8 cmp ecx, eax

:0040A333 7FE9 jg 0040A31E ----> If ECX<EAX then, we leave the

loop.

* Referenced by a (U)nconditional or ©onditional Jump at Address:

|:0040A31C©

|

:0040A335 A120674100 mov eax, dword ptr [00416720] ---> HMMMMMM, What's in

here?????

:0040A33A C1F803 sar eax, 03 ---------> WAIT! Please type in SIce '?

EAX'

Does this number in EAX look

familiar to us? ;-)

If you still don`t understand,

than, It'sour SERIAL NUMBER! (PLEASE, take

your time, and check byyourself - don`t trust me!). OK,so now we know,

That it SHR's EAX by 03 (SAR isalmost identical to SHR).

:0040A33D 03D0 add edx, eax ---------> Hmm, it adds the result from the

loop, the serial number shr'd by 03h

:0040A33F 52 push edx -------> Let's continue. (At this point, I

can tell you , the reg number, is

in EDX - only that the reg number

is in HEX --> That's how you enter it).

* Possible StringData Ref from Data Obj ->"%lx"

|

:0040A340 685EF54000 push 0040F55E

:0040A345 8D95B0FEFFFF lea edx, dword ptr [ebp+FFFFFEB0]

:0040A34B 52 push edx

* Reference To: USER32.wsprintfA, Ord:0000h

|

:0040A34C E8E5320000 Call 0040D636 -------> This one, does HEX2STR (Takes

the value from EDX, and turns it to an hex string).

:0040A351 83C40C add esp, 0000000C

:0040A354 8D8DB0FEFFFF lea ecx, dword ptr [ebp+FFFFFEB0] -----> type 'd ecx' -

THIS is the reg number! That's enough for us, the rest ofthe code, is just for comparing the correct reg code with ours.

:0040A35A 51 push ecx

* Reference To: USER32.CharLowerA, Ord:0000h

|

:0040A35B E8B8320000 Call 0040D618

:0040A360 8D85B0FEFFFF lea eax, dword ptr [ebp+FFFFFEB0]

:0040A366 50 push eax

:0040A367 FF750C push [ebp+0C]

* Reference To: cw3220mt._strcmp, Ord:0000h

|

:0040A36A E875300000 Call 0040D3E4

:0040A36F 83C408 add esp, 00000008

:0040A372 85C0 test eax, eax

:0040A374 7405 je 0040A37B

:0040A376 83C8FF or eax, FFFFFFFF

:0040A379 EB02 jmp 0040A37D

* Referenced by a (U)nconditional or ©onditional Jump at Address:

|:0040A374©

|

:0040A37B 33C0 xor eax, eax

* Referenced by a (U)nconditional or ©onditional Jump at Addresses:

|:0040A314(U), :0040A379(U)

|

:0040A37D 5F pop edi

:0040A37E 5E pop esi

:0040A37F 5B pop ebx

:0040A380 8BE5 mov esp, ebp

:0040A382 5D pop ebp

:0040A383 C3 ret

Making the actual Keygen

Now, after I've explained how does the program calculate the registration

code, you can either write your own keymaker, without looking at my code, or

look at my code (in Turbo Pascal - sorry for all you C lovers ;-) Next time).

That's it, here's the source of my keygen:

Program W3FilerKeygen;

var

Key,SerialNum,EB,ED,digit:Longint;

I,x:Byte;

Name,KeyHex:String;

begin

Writeln(' W3Filer32 V1.1.3 Keymaker');

writeln('Cracked by ^pain^ ''97 / Rebels!');

Write('Your Name:'); { Read the name }

readln(Name);

Write('Serial Number:');

readln(SerialNum); {Yes, we need the serial number for the calculation!}

Key:=0;

x:=0;

For I:=1 to length(Name) do

begin

Name[I]:=upcase(Name[i]);

If Name[I]<>' ' then begin

eb:=ord(Name[I]) shl 3; {EB = Name[I] Shl 03h}

Ed:=ord(Name[I]); {ED = Name[I]}

ed:=ed*(x); {ED=ED*Offset}

inc(x);

eb:=eb+ed; {Add ED to EB}

Key:=Key+EB; {Add EB to KEY}

end;

end;

Key:=Key+(SerialNum shr 3); { Add SerialNum shr 03h to Key}

{ From here, this is just HEX2STRING --> I`m quite sure it's

Self explaintory, else - go and learn number bases again! ;-)}

KeyHex:='';

repeat

digit:=Key mod 16;

key:=key div 16;

If digit<10 then KeyHex:=Chr(Digit+ord('0'))+KeyHex;

If digit>10 then KeyHex:=Chr(Digit-10+ord('a'))+KeyHex;

until key=0;

writeln('Your Key:',KeyHex);

writeln(' Enjoy!');