Land Of The Free #2

eZine lover (@eZine)

Published in 

Land of the free

 · 5 Dec 2022

Summary

1. Editorial
2. Recover documents on a PC
3. Fuck the shit up on a site
4. Cracking Tutorial #1
5. Little trick with telnet and Linux
6. Cracking Tutorial #2
7. Song text
8. Conclusion

Editorial

Oh!!! Happiness is as simple as a Rancid album!! Well yeah you still don't think that I write bullshit in silence!! Rancid is a good punk, so I listen to their album "... and out come the wolves", it is considered by many as their best song and it's true that frankly it's cool !!

Well here's some news: my PC finally healed (if you had read N°1) so that's cool. Otherwise still not touched my site... I'll have to get started!! Otherwise, small problem: multimania has apparently been eaten by lycos, and my email address has apparently mutated to lotfree@lycos.fr unfortunately I can't access it (what a bunch of dummies) and the same for the address of my site which must be www.members.lycos.fr/lotfree but I think that my old address (www.multimania.com/lotfree) still exists... anyway, it's not possible shit. Otherwise I realized that I had made a lot of mistakes (spelling and typing), indeed I was rather in a hurry to put my mag online once done and I did not pay attention to mistakes, henceforth I would be mistaken. If you have any questions, please send them toniicolas@caramail.com .

Otherwise, as I said, this number is mainly cracking oriented, and more precisely for newbies. There are a few articles on things that I noticed... Well, I think I said it all! Oh no !!! I found a way to distribute my mag since the webmaster of NewsHackers (the site address has the same name with a com at the end) agreed to put it online so it's super cool (thanks to you).

SiriusBlack

Retrieval of interesting documents

Well, we assume that you are on a PC that is used by several users (or that you have hacked). What would be interesting is to recover documents that could serve us for totally personal and illegal purposes! We think for two seconds and then we look for where we can find interesting docs... Personal files ... In the "My Documents" directory of Windows of course, as well as in the directories with names such as "lost", "sylvain" (if the guy's name is sylvain)... Collect everything that seems interesting to you, what we're looking for is information about the user, and more specifically things such as bank numbers.. Well with that we get some pretty good stuff. But I discovered something more interesting not long ago: when you surf on certain sites, they put cookies on your hard drive in order to identify you, know your tastes, your habits. A good example is the microsoft site which changes according to the attitude of the visitor (a real pro thing:). Anyway what I discovered is that some sites do not secure their cookies. Let me explain: when you go to certain sites where you are registered, you enter your login, your password and boom you are logged in, if you go back there later, no need to relog in because the site has identified you thanks to the cookie of the last visit and in which there is the login and the password !!! Of course many sites encrypt their cookies (don't expect to find caramail passwords) but some don't. Indeed I went to see in my cookies and there I saw clearly, on a line, the name of a site on which I go, followed by my login and my password. The worst is that it's a site that allows me to earn money (when you put an ad on a personal site).

Later I did the same but on my father's computer, just out of curiosity of course, and there what I see: the address of an online stock market site followed closely by the login and more away the password. In short, this is still a site where you make money. All I had to do was connect to this site with the right name and password, go to the "my info" or "my profile" section and retrieve the interesting info such as the real name of the user, his address, his credit card number with the validity date and boom!! Shopping on the Internet and Minitel, and then I would order a pizza too!!!

Under Windows and with Internet Explorer, cookies are located in /windows/cookies/, they are in several files. On Linux, with Netscape, they are in a single file, in /.netscape/, the file is called in the cookies folder. It even seems that there is software that allows you to connect with cookies, in this case, even encrypted cookies can be used, that's great, isn't it? Search the hard drives in your school, in the local network games room... And have fun!!

Mess up a site

/!\ This is not hacking!!!

No disclaimer!! They just had to secure their sites!! Indeed we are going to tackle the vulnerabilities of the web and more precisely the forums, guestbook...

How it works: The forums and guestbook services use scripts in high-level languages ​​that run on the server side. That is to say that unlike javascripts (which we saw in the first issue and which are client-side), the latter run on the site you are visiting. In fact the languages ​​in question can be cgi, php, perl or even asp. Very often it is impossible to see the source of this language, in fact, remember that a browser only understands html. So how is it that sometimes we are on index.php? Well in fact when the visitor connects to the site, his request (we say his request) says to the server "Hey !! I would like to visit your site", the server will therefore send him his home page.

For a php script (or any other server-oriented language) to work, you need a server, and even a server on which php is installed. Indeed if you open a php file from home, it will have no effect because it will not be interpreted (it's like a program that has not been compiled, it's useless).

Now let's move on to forum commands... When you go to a page with one of these services, you have input boxes in which you save your message, your email... When you click on validate, what you typed is found, thanks to one of these scripts in a text file. When you display the forum, a script will read what is in this text file and incorporate it into the html.

When one of these services is misconfigured, it displays (the browser) verbatim what is in the file. And if it is html then the browser is responsible for interpreting it. You understand ? We then use one of the scripts that we saw in the previous issue. To test it you enter, for example in the message field of a guestbook, the following sentence:

<i>test</i>

or

<b>test</b>

The first displays test and the second test. If indeed it happens like this (so we don't see the tags) it means that no verification is done. So all you have to do is put a javascript script. The document.write('Hacked by Sirius Black'); is the best effect. I tried this on a site and now anyone who logs into a certain guestbook ends up with an error message and endless microsoft windows. Note that this is not hacking! Especially since it only modifies the page containing this service but with luck you will find a home page with a vulnerability.

So to fuck the shit you go for example on free.fr, you do a search for "golden book" in their personal sites (to have more chances), you give it a try and if it works you attack!

Cracking Tutorial #1

Well we will see in two crackme (the programs provided with the zine) how to crack software. Obviously, these are 2 tutorials for beginners, therefore are very easy. Let's start with the first one, I programmed it in C++

Here is the sourccodee:

#include <iostream.h> 
#include <stdlib.h> 

int main() 
{ 
char s[6]; 
cout<<"Enter password: "; 
cin>>s; 
if (strcmp(s,"crack")==0) cout<<"\nGood Guy"; 
else cout<<"\nBad Guy"; 
cout<<"\nYou have between: "<<s<<endl;; 
system("PAUSE"); << Attention because of this command the prog only works on Windows 
return 0; 
}

So if the password is 'crack' then it's good otherwise it's not good (it displays Bad Guy).

Here is the software we need:

• a disassembler (W32Dasm)
• a hexadecimal editor (HexWorkshop)
  

You will find these progs on //protools.cjb.net (if I remember correctly).

So we open the disassembler (we will do with W32Dasm). We do Disassemble > Open File to Disassemble and choose our program (crackme.exe). There we see the source code but in assembler (see the HexWorkshop tut to understand all that). We look at the String Data Ref button, shit, we don't see our error message (which is very practical for cracking software) !!!!

Indeed this program is not very advanced and does not use the Windows APIs, that is why we do not see all the character strings. It does not matter, this lesson has the objective of doing without. We then click on Goto Program Entry Point (second button with the flashlight) and we come across these lines:

//******************** Program Entry Point ******** 
:004011D4 55 push ebp

We click on the first line in assembler of the Program Entry Point and we look at the bottom.

We see:

Code Data @:004011D4 @Offset 000005D4h

in File:crackme1.exe

Which means that in W32Dasm the offset 5D4 corresponds to the address 4011D4. We take the windows calculator in scientific mode and we do 4011D4 - 5D4 and we get 400C00, this is the offset/address conversion figure.

You have to know what a program looks like in memory: it is made up of a part called code, another called data and above is the stack (at the very top in fact). We can represent it like this:

I know it's not very clear but hey... it's just to explain to you that the program itself does not start at the very beginning because at the beginning we find the description of the file: its type (executable), its date of creation, its size, its name... This explains why the instructions start at 4011D4 and not at 00000000.

We close and we go to the hexadecimal editor, we open crackme.exe and we do a search on the error message (Bad Guy). You should know that in C a string of N characters is coded as follows: N bytes are used corresponding to the string; an extra byte is used to signal the end of the string; the latter is byte 00. We then find the string at offset 636

00000600 FFD0 E879 FFFF FFC9 C300 0000 0000 0000 ...y............ 
00000610 456E 7472 657A 206C 6520 7061 7373 776F Entrez le passwo 
00000620 7264 203A 2000 6372 6163 6B00 0A47 6F6F rd : .crack..Goo 
00000630 6420 4775 7900 0A42 6164 2047 7579 000A d Guy..Bad Guy.. 
00000640 566F 7573 2061 7665 7A20 656E 7472 6520 Vous avez entre

so it corresponds to the code 0A42 6164 2047 7579 00 in hexadecimal. Now we want to translate the offset into an address so with the windows's calculator we do: 400C00 + 636 = 401236 (don't forget to check Hex for the calculations :-).

Note this address and return to W32Dasm. We do Search > Find Text then we enter "push 00401236", we come across these lines:

* Reference To: msvcrt.strcmp, Ord:0282h << Check out our comparison function! 
| 
:0040129C E803E00000 Call 0040F2A4 
:004012A1 83C410 add esp, 00000010 
:004012A4 89C0 mov eax, eax 
:004012A6 85C0 test eax, eax << Password verification here!!! 
:004012A8 7517 jne 004012C1 << If eax is different from 0 we jump to 4012C1 to display Bad Guy 
:004012AA 83C4F8 add esp, FFFFFFF8 Otherwise we continue our way 
:004012AD 682C124000 push 0040122C << Here we display Good Guy 

* Possible Indirect StringData Ref from Data Obj ->"d0A" 
| 
:004012B2 6828204100 push 00412028 

* Referenced by a (U)nconditional or (C)onditional Jump at Address: 
|:00401242(C) 
| 
:004012B7 E8DC120000 call 00402598 
:004012BC 83C410 add esp, 00000010 
:004012BF EB15 jmp 004012D6 << Here we break (we will not display both Bad Guy and Good Guy!!) 

* Referenced by a (U)nconditional or (C)onditional Jump at Address: << We came here by a conditional jump in 004012A8 
|:004012A8(C) 
| 
:004012C1 83C4F8 add esp, FFFFFFF8 
:004012C4 6836124000 push 00401236 << Here we display Bad Guy

Well there are several ways to crack this thing to make the program display "Good Guy". We could make the program believe that eax is 0 so we would avoid the "Bad Guy". For that it's simple: rather than putting mov eax, eax (en004012A4) we could put xor eax, eax so eax takes the value 0. This would work because the instruction is the same number of bytes (2 bytes). Indeed mov eax, eax corresponds to 89C0 and xor eax, eax corresponds to 31C0. But we're going to do something more classic: we're going to modify the conditional jump.

The latter will display an error message if the password is bad, otherwise it continues. So we have 2 possibilities. We can reverse the condition of the jump so if a bad pass is entered the prog displays Good Guy but imagining that a guy enters the good password, the prog will insult him with "Bad Guy". The other possibility (and the one we are going to use) is to remove the jump; we then stupidly continue our way and we display Good Guy.

The line to modify is therefore:

: 004012A8 7517 jne 004012C1, the hex translation of this instruction is 7517. To reverse it, it would suffice to put 7417 instead but we use nop which does nothing hence their usefulness ;-) . A nop corresponds to 90 so a single byte so to take the necessary space we do 2 times nothing (9090). Still in W32Dasm, click on the jump line and look at the bottom of the window: Offset 000006A8h. So we note on a piece of paper: 6A8 and 7517 then we go to HexWorkshop and open the crackme.

You do Edit > Goto, you check Hex, From beginning of the file, and you enter 6A8. You fall just in front of the 7517 (finally the cursor is on the ascii translation next to it but c on the same line). So you type 9090 over it and you save, the prog offers to make a backup, it's more careful (if you get a magnifying glass the prog doesn't work anymore).

It works for me, so if it doesn't work for you, you've missed something. I launch the crackme, he asks me for the password, I tell him that I'm pissing him off and he tells me that I'm a nice boy: Mission accomplished!

Little trick with linux and telnet

To piss off guys (definitely we're going to believe that I do that!!) you can send them an X on their screen, those who have linux with an interface (I tried with kde) will understand. First possibility: telnet to the guy's pc followed by an x. Or an rlogin then a "startx --:2". Attention !! Respect the spaces otherwise it won't work. To close it you do Ctrl + C then you dislodge so as not to get caught in the flag. That's all!

Cracking Tutorial #2

This is the tutorial on how to crack HexWorkshop. I did it quite a while ago so I had a lot of difficulties. Now I think it would go faster, to get it you have to unzip crakme2.zip and everything is explained in it, even more general stuff on software protection and stuff on assembler so I advise you to read it if you don't didn't understand the previous tut.

Intro

Well, above all this course is intended for "newbies", understand by this the newbies in the underground field of computer hacking. In our case we will focus on one of the branches: cracking.

Cracking is the art of hijacking or even breaking the protections of a computer program. How to do it ? Quite simply by modifying the program.

Cracking is used most often (almost all the time) to transform a program limited in its use in order to access what was restricted to us. Most often we crack demo software, shareware, freeware. There are several types of protection:

1. Complete software limited to a period of use (for example macromedia products such as flash, dreamweaver and director which are offered as a demo limited to 30 days of use).
2. Software with cd protection (video games in most cases): it requires the presence of the cd to work, in fact it reads the information contained on one of the sectors of the cd (the first I believe), these are information that we cannot access (only the computer can read it).
   
3. Software for which we have "frozen" certain commands (they are inaccessible to us), I don't know any more.
   
4. Shareware / Freeware that you can use provided you register (otherwise you are an outlaw). One of the best known is Winzip, you are entitled to a so-called evaluation period, after this period the program does not work anymore and you are supposed to buy it.
   

Well I think I've covered all (there are also protections with Dongles that you plug in the computer, but that's for very large software). We said earlier that cracking consisted in modifying a program. If you have ever had the curiosity to open an executable file with a text editor, you have surely seen many incomprehensible characters (sometimes with a word or a readable name). There is software called disassembler or debugger (not quite the same) which allows you to edit an .exe in an understandable language (although quite difficult). In the field of programming, we speak of "language levels", the more a language has a high level the more it resembles that of humans (more evolved), on the other hand the lower it is the more it approaches the language of the machine (the sequence of zero and one). The disassembler opens programs in a language called assembler (asm for abbreviation) which is the lowest of the high-level languages ​​(the one that is both closest to the machine but still understandable by humans).

The problem is that the disassembler only reads the prog. If you have study programming you should know that when you write instructions whether in Pascal, C++, Java... you go through the compilation phase where the computer transforms your writing into machine language. It is impossible to recompile a program. This is why we use another type of utility: hexadecimal editors.

Representation of the data

This paragraph is for the dummies because it is bases to well know infos. Experts can by-pass it without problem. You all know that the computer calculates just with zeros and ones (this is the so-called binary base because there are only two choices), we humans use the decimal base (with 10 choices: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 with which we generate all the numbers). There are as many bases as you want (it's just the way of coding that changes) but only a few are used. One of the best known is the hexadecimal base (16 choices so more than what we use, we had to add letters to the numbers: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A , B, C, D, E, F). The F corresponds in decimal to the number 15, the E to the 14... The advantage of this base is the space it takes to represent it (the larger the base, the less space is needed). The space used in memory is the same regardless of how the data is coded. Thus the F is worth 15 in decimal but also 1111 in binary... A bit designates the smallest computer value: it can only take two values: zero or one. So a two-bit number can take the values ​​00, 01, 10, 11, on 4 bits 0000, 0001, 0010, 0011, 0100, 0101, 0110, 0111, 1000, 1001, 1010, 1011, 1100, 1101, 1110 and 1111. Sorry if I'm long but I try to explain as much as possible. An 8-bit cipher is called a byte (you know that) so min value = 0, max value = FF in hex, 255 in decimal and 1111 1111 in binary. The role of the hexadecimal editor is to open any file, in hexadecimal of course, but also in bytes.

That's it, the intro is closed. Time for the next step.

So here we are back, don't hesitate to take a break between these 2 pages (watch out for the overheating of the brain). If your eyes are tired don't forget that you can change the text size of the fonts with your browser (view>text size in explorer).

Now that we have seen the theory we will perhaps move on to the practice. I could have offered you the crack of winzip (I would do that another time, I already have a version that I have to redo) or of Easy Applet Builder (a software helping us to make java applets) that I have cracked in less than two minutes (let me explain: often the software asks for a login and a password, sometimes the pass is calculated according to the login, in EasyAppletBuilder there is a pass that works for everyone. In short I disassembled the software then I see: possible StringData Ref...->"987456321" so I note this code in case then finally I enter it and it was the right code. If you download this demo on the internet the pass it.

Well, the software we're going to be interested in is HexWorkshop (a hexadecimal editor, that's good). I took a while to find the location (I was in the right area of ​​the program but I didn't know what to change). Basically it took me a month from when I first disassembled it to when I cracked it. So I would ask you to respect my work (leave my signature). First of all, I would like to point out that I myself am a newbie (3 software to my credit as of September 13, 2001 at 7:51:12 p.m., time when I write these lines) so don't come and ask me to crack you this or that software (especially the time-limited ones, I'm still looking). Know that there are sites offering cracks (small programs that will modify software for you), go to //astanavista.box.sk (I believe) then enter the name of your software, it's as simple as that. But it's much more fun to do it yourself.

Equipment used

A PC (it should also be possible on Mac, just find useful software), a disassembler (I'm using W32Dasm), a hexadecimal editor (I'm using HexWorkshop) and the program to crack (it's still HexWorkshop )... I almost forgot, you need eyes to see, hands with at least one finger to type and click the mouse (you type on the keyboard not on the mouse, the poor beast did nothing to you : ) ) and also a brain to think and memorize.

Ok, I'm going to take a break (it's now 8 pm 2 mins and 11 secs, I have to think about eating) so see you later.

BREAK

That's it. I'm back (8:43 p.m.), good where we were... a yes, we have to crack the software. First of all make a copy of HWORKS32.EXE first because if you do something stupid you can fix it afterwards because you won't be able to edit a program that is running. Personally I create 2 directories in the hexworshop directory, one called original and one called crack, I put a copy in each and then I modify the one in the "crack" folder. When I cracked the exe I put it in place of the real one and I run it, if it works it's good otherwise I take the one in the "original" rep and I put it in place of the other two. That way I'm sure not to make any mistakes.

One important thing: check that the exe is not read-only when you modify it with HexWorkshop.

Well first we use the real HexWorkshop (we act as if we already had a password); we open it, we click on Demonstration Version (on the right) (I have version 2.53, 32 bits) it asks us for a serial number, we enter a random one (I always enter crack or fucker) we click on Register and there it shows us a message like: window called Registration Unsuccessful: "You have entered an invalid registration number. "Please confirm you entered a valid registration number...".

Then open the disassembler. With W32Dasm we do Disassembler>Open File to Disassemble>HWORKS32.EXE. Take a look at what the asm language looks like to get an idea. First you will see the menu info, click on the red flashlights (the buttons at the top) where it says Start and EP. This is assembly code.

The error message must be found in the program, this is our starting point. Sometimes it is enough to click on Strn Ref (the button circled in red).

W32Dasm menu bar

But in our case we won't find anything that way so we can either do Search>Find Text> and enter "You have entered" without putting the quotes of course where to go to page 1 (with the flashlight button circled in blue) that could work.

In all cases we come across a series of Name: DialogID_XXXX, # of Controls=XXX etc. We note those that interest us:

Name: DialogID_0064 , # of Controls=009, Caption:"About Hex Workshop - Unregistered", ClassName:"" 001 - ControlID:0412, Control Class:"STATIC" Control Text:"Hex Workshop Version 0.00" 002 - ControlID:0436 , Control Class:"STATIC" Control Text:"16/32 Bit Version" 003 - ControlID:FFFF, Control Class:"STATIC" Control Text:"Copyright © 1995-97 BreakPoint Software, Inc." 004 - ControlID:FFFF, Control Class:"STATIC" Control Text:"&Serial Number:" 005 - ControlID:0404, Control Class:"EDIT" Control Text:"" 006 - ControlID:03F6, Control Class:"BUTTON" Control Text:"

 
008 - ControlID:0400, Control Class:"BUTTON" Control Text:"&Help" 
009 - ControlID:FFFF, Control Class:"STATIC" Control Text:"E-Mail: info@bpsoft.com" 

Name: DialogID_0071 , # of Controls=010, Caption:"About Hex Workshop", ClassName:"" 
001 - ControlID:0412, Control Class:"STATIC" Control Text:"Hex Workshop Version 0.00" 
002 - ControlID:0001, Control Class:"BUTTON" Control Text:"&OK" 
003 - ControlID:FFFF, Control Class:"STATIC" Control Text:"Serial Number:" 
004 - ControlID:FFFF, Control Class:"STATIC" Control Text:"User Name: " 
005 - ControlID:0403, Control Class:"STATIC" Control Text:"" 
006 - ControlID:03FE, Control Class:"STATIC" Control Text:"" 
007 - ControlID:0436, Control Class:"STATIC" Control Text:"16/32 Bit Version" 
008 - ControlID:FFFF, Control Class:"STATIC" Control Text:"Copyright © 1995-97 BreakPoint Software, Inc." 
009 - ControlID:FFFF, Control Class:"STATIC" Control Text:"E-Mail: info@bpsoft.com" 
010 - ControlID:FFFF, Control Class:"BUTTON" Control Text:"" 

Name: DialogID_0074 , # of Controls=006, Caption:"Registration Successful", ClassName:"" 
001 - ControlID:FFFF, Control Class:"STATIC" Control Text:"Please enter your name and organization to complete the registration process." 
002 - ControlID:FFFF, Control Class:"STATIC" Control Text:"&User Name:" 
003 - ControlID:0403, Control Class:"EDIT" Control Text:"" 
004 - ControlID:FFFF, Control Class:"STATIC" Control Text:"&Organization:" 
005 - ControlID:0407, Control Class:"EDIT" Control Text:"" 
006 - ControlID:0001, Control Class:"BUTTON" Control Text:"& 

Name: DialogID_0075 , # of Controls=003, Caption:"Registration Unsuccessful", ClassName:"" 
001 - ControlID:FFFF, Control Class:"STATIC" Control Text:"You have entered an invalid registration number." 
002 - ControlID:FFFF, Control Class:"STATIC" Control Text:"Please confirm you entered a valid registration number or contact BreakPoint S" 
003 - ControlID:0001, Control Class:"BUTTON" Control Text:"&OK" 

Name: DialogID_0078 , # of Controls=002, Caption:"Registration Complete", ClassName:"" 
001 - ControlID:0001, Control Class:"BUTTON" Control Text:"&OK" 
002 - ControlID:FFFF, Control Class:"STATIC " Control Text:"You are now a registered user of Hex Workshop. You will receive free minor up"

In fact the DialogID_0064 is the box in which we entered our bogus pass, the 71 is the box we would have had if we had been registered, the 74 if we enter a good pass, the 75 if we enter a bad pass and the 78 if the pass is good and if we registered (through the 74), I see that in the different texts that define each box.

We will focus on DialogID_0075 (the error message). We then do Search>Find Text>"DialogID_0075" (pay attention to upper and lower case letters) by searching down the document. He finds one on line 17 774, we note the address which is close: 00409D63 and another on line 69 712 (near the address: 0042621D)

software Address

Framed in red is an address, in blue an assembly instruction and in green its correspondence in hexadecimal.

In each case (there are only 2, we're lucky) we go back a little until we come across a "Referenced by a (U)nconditionnal or (C)onditionnal Jump at Address:" followed by an address , they are noted: 00426133 (C) and 00409C79 (C). The (C) means that we have "jumped" so far by a jump (jump) carried out following a condition (C as condition).

The jump occurred at addresses 00409C79 and 00426133. So we click on the cd Loc flashlight (location code) and enter 409C79, we arrive here:

:00409C75 837DEC00 cmp dword ptr [ebp-14], 00000000 
:00409C79 0F8479000000 i 00409CF8

We can see that the jump condition is a comparison between dword ptr (ebp-14) and the value 0. If dword ptr (ebp-14) is equal to 0 then the jump is performed (je = jump if equal) otherwise it is not performed. We know that if it is carried out the program will display "You have entered an invalid..." so this jump should not take place.

The program sends us an error message because dword ptr (ebp-14) is equal to 0. If we compared it to 1 then the jump would not be made because the values ​​would not match.

We will therefore modify this comparison, for this we note the offset at the bottom of the W32Dasm window: 9075 (the h means hexadecimal) as well as the hexadecimal code written in black: 837DEC00

Offset

Now we are redoing the operation with the address 00426133, again we have to deal with a

:0042612F 837DEC00 cmp dword ptr [ebp-14], 00000000 
:00426133 0F8479000000 i 004261B2

Similarly, note the offset: 2552F and the hex code (it's the same): 837DEC00.

We will change the "cmp dword ptr (ebp-14), 00000000" to "cmp dword ptr (ebp-14), 00000001" which will give us in hex: 83DEC01 instead of 83DEC00.

So we quit W32Dasm, we run HexWorkshop, we do File>Open and we open HWORKS32.EXE which is in the "crack" rep (it must not be read-only) then we do Edit>Goto and we enter the offset 9075, we come across the 837DEC00, we just have to change it to 837DEC01 and the same by going to the offset 2552F. We save the prog (no need for *.BAK because we have everything planned) we leave HexWorkshop, we replace the real one with the one found in "crack", we relaunch it, we click on Demonstration version, we enter a bogus pass and there MIRACLE !!! it no longer displays an error message, so we enter an erroneous User Name and Serial Number and it accepts them! We cracked it!!!

Hex Workshop cracked

Lyrics

Remember the mp3 that came with LOTFree issue 1? It was Bad Religion with Supersonic. And here are the lyrics:

Supersonic
Well, am I making haste or could it be haste is making me what's time but a thing to kill or keep or buy or lose or live in I gotta go faster keep up the pace just to stay in the human race I could go supersonic , the condition's chronic …tell me does life exit beyond it? when I need to sate, I just accelerate into oblivion into oblivion well here I go again, everything is alien how does it feel to be outstripped by the pace of cultural change my deeds are senseless and rendered meaningless when measured in that vein I won' t lie, it's exciting when I try to decide things … I just want to live decently, meaningfully.
I'm in misery
I could go supersonic, the problem's chronic …tell me life does exist beyond it? when I need to state, I just accelerate into oblivion pace setters go getters rat racers forget hers researchers berserkers strategies to help the workers new time saving devices quick vices short splices brevity dependency chemical efficiency.

The mp3: Randy, a Swedish group, rather extreme left, but super cool, the song is crazy, just look at the lyrics:

I Don't Need Love
I was broke so I sold my time
They got me working on the production line
Five days a week from 8 - 5
I had to struggle hard just to stay alive
I sold my time
I had no faith so I sold my soul
And all it left me was this big black hole
Now my souls is gone and I don't care
I never even noticed that it was there
I sold my soul
I even sold my family
Just to get prosperity
And a safe economy and I don't need no love
I don't need love
No I don't need no love
I felt alone so I sold my heart
I bought a friend and thought
Hey this might be a start
But he was too much so I sold him too
Now I'm alone and I don't know what to do
I sold my heart
I even sold my family
Just to get prosperity
And a safe economy and I don't need no love
I Don't need love
No I don't need no love

The album is called The Human Atom Bomb.

Conclusion

To conclude, this issue is interesting for cracking, also because apart from that there is not much. By the way another thing to do when you are on a pc and someone has left it before: open word and select Edit > Paste (if possible) and the same for windows otherwise you do Start > Documents and all the stuff what the guy did is displayed. Moreover to remove it you click on the start bar (not on the start button, on the bar) with the right button, you do properties > Advanced and then you click on Delete and then poof !! You weren't on the pc! As for the next issue, it may take time to come, the time I find ideas. That's why I need your articles.

www.multimania.com/lotfree (if it still works grrrmmmfff!!!)

By the way I discovered an internet password crack challenge, it's on www.try2hack.nl and it's excellent. I'm at level 7, if you get there send me an email because I'm stuck there. It's really worth it, it allows you to learn (without really realizing it) a lot of cool stuff!!!

At the time of writing these lines (March 12, 2002, this mag was written over 2 days), the forum is inaccessible but it is very useful for finding help. So independently of what your level is, come and try, and then I won't be the only Frenchman ;-)