Jump to content
Tuts 4 You

# Blogs

## One More Time for fun...flash backs

So in my adventures to track down the elusive Phrozencrew ( last 2yrs), its come to my attention that they all grown up.. Not in a bad way of course, but just done with the scene...moved on....among other peeps from my love of 98...some great crackers of the day...just done. .  So now in this day and age who is active anymore? I went to the almighty ICU website...gone..maybe im out of the loop but the page is gone...FFF..not sure, SnD..nope efnet  is nearly closed..mostly bots ...what happen to ARTEAM..they had a bad ass e-magazine....C-YA ugh..Im lost. I tried to re-energize myself with OLLY, and like a bum i downloaded crackerskit 2.0  (so fresh in the day) where are the new packages? I find myself even more lazier then trying to do my own thing with OLLY and find a All In One ( AIO)..   oh well I miss those days..im back trying to find it..let me know...Im out here looking to get connected again!!   Peace, Overkill^

## Immdbg - scripting

It has been a while since this good debugger is available for download at immunity's homepage. Such debugger has a lot of improvements over his older brother - odbgr. One of such improvements is the ability of coding scripts on python integrated interface that runs over completely the obsolete odbgr scripting. It has got endless potential and I advice you to look elsewhere for more information on the use of immdbg's integrated APIs. Today I am posting a small script I coded to unpack upx code - keep in mind that no iat reconstruction will be preformed as this is merely an ilustrative script that may help you to get started at coding scripts over immunity if you feel interested. __VERSION__ = '1.0'import immlib import getoptimport immutilsfrom immutils import *imm = immlib.Debugger() #init debugger#functions#maindef main(args): imm.log("Started search for jmp at oep...") imm.updateLog() regtable = imm.getRegs() # gets all register table-like patt = "\x00\x00\x00\x00\x00\x00\x00\x00" #UPX-Target pattern count = 0 eip_curr = regtable["EIP"] #retrives current ep while (count < 768): mem = imm.readMemory(eip_curr+count, 8) if (mem == patt): imm.log("match: %08x" % (eip_curr+count)) break count = count + 1 if (mem != patt): imm.log( "No pattern found: YOU NEED TO BE AT OEP!" ) return "failure" imm.setBreakpoint(eip_curr+count-5) imm.run() imm.stepIn() imm.log( "code ep sucessfully found" ) return "success" Check the help file for the list of all Immunity API, keep in mind that this list does not describe the behaviour of the APIs - it just lists them. Also the unpacker seems to be working fine - report otherwise

## IsUserAnAdministrator()

I needed some code in PureBasic to check if the logged in user and/or running process is a member of the Administrator group. There is IsUserAnAdmin function, it works and is easy to include in your code...   If IsUserAnAdmin_() Debug "Running as an Adminstrator" Else Debug "Running as a Limited User" EndIf   Unfortunately as Microsoft states on MSDN it's a wrapper on a short lifespan, support for it ended with Windows Vista but the function still works in Windows 8.1. Microsoft suggests using the CheckTokenMembership function with the SID identifier NtAthority which, requires a little bit more code to be backward and future proof. Fortunately Microsoft provides example C++ code on MSDN, porting it to PureBasic requires a bit more work, the code below is a translation of this code...   ; ------------------------------------------------------------------ ; ; PureBasic IsUserAnAdministrator() function to check if the callers process ; is a member of the Administrators group. Code taken from Microsofts ; example shown at CheckTokenMembership function. ; ; Return Value: ; ; TRUE - Caller has Administrators local group. ; FALSE - Caller does not have Administrators local group. ; ; http://msdn.microsoft.com/en-us/library/windows/desktop/aa376389%28v=vs.85%29.aspx ; ; See SID structures: ; ; http://msdn.microsoft.com/en-us/library/cc980032.aspx ; http://technet.microsoft.com/en-us/library/cc778824%28v=WS.10%29.aspx ; ; By Teddy Rogers / PureBasic 5.24 LTS ; ; ------------------------------------------------------------------ Prototype.i CheckTokenMembership(TokenHandle, SidToCheck, IsMember) Global CheckTokenMembership.CheckTokenMembership Prototype.i AllocateAndInitializeSid(pIdentifierAuthority, nSubAuthorityCount, dwSubAuthority0, dwSubAuthority1, dwSubAuthority2, dwSubAuthority3, dwSubAuthority4, dwSubAuthority5, dwSubAuthority6, dwSubAuthority7, pSid) Global AllocateAndInitializeSid.AllocateAndInitializeSid Prototype.i FreeSid(pSid) Global FreeSid.FreeSid Procedure IsUserAnAdministrator() Protected IsMember, *AdministratorsGroup Structure NtAuthority NtAuthority.b[6] EndStructure Define SECURITY_NT_AUTHORITY.NtAuthority If OpenLibrary(advapi32, "advapi32.dll") CheckTokenMembership = GetFunction(advapi32, "CheckTokenMembership") If CheckTokenMembership AllocateAndInitializeSid = GetFunction(advapi32, "AllocateAndInitializeSid") If AllocateAndInitializeSid FreeSid = GetFunction(advapi32, "FreeSid") If FreeSid SECURITY_NT_AUTHORITY\NtAuthority[5]=5 ; The AllocateAndInitializeSid function allocates and initializes a security identifier (SID) with up to eight subauthorities. If AllocateAndInitializeSid(SECURITY_NT_AUTHORITY, 2, #SECURITY_BUILTIN_DOMAIN_RID, #DOMAIN_ALIAS_RID_ADMINS, #Null, #Null, #Null, #Null, #Null, #Null, @*AdministratorsGroup) CheckTokenMembership(#Null, *AdministratorsGroup, @IsMember) EndIf FreeSid(*AdministratorsGroup) EndIf EndIf EndIf CloseLibrary(advapi32) EndIf ProcedureReturn IsMember EndProcedure Debug IsUserAnAdministrator()   Ted.

## PureBasic Adventures...

Last year a friend of mine was talking about PureBasic and how easy and good it was for coding and how much he liked working with it. I didn't really take much notice of it - it was just another Basic language, right?! Earlier this year he started showing off some of his remade old school crack intro's and demos from way back in the early 80's and 90's from the Amiga scene including some general effects so I decided to download a copy of PureBasic and tried out some of the features of the language. I liked it so much that I ended up purchasing a licence for PureBasic and have been using it ever since when I've needed to quickly code some tool or another. Why do I like it? Simply because of the ease in which I can get something done with minimal fuss and time. I can access all Windows API's and code can be natively compiled (and switched) between 32 and 64 bit with a couple of mouse clicks and PureBasics own command set is extensive. It's a very good basic language. I don't normally do blogs, it's not my thing. I certainly don't have the time but I want to help spread the language. I'm likely not going to be posting amazing demo effects as I don't have the time to be spending on such things but I will post some snippets of code I needed to come up with in PureBasic for applications or tools. I can't promise you will be wowed or amazed by any of the samples I'm really just going to be posting things I've worked on and included in some programs or just code snippets to better understand how PureBasic works. The first PureBasic sample I am going to post is some test code for a tool I coded where I needed multiple animated tray icons to be displayed to provide various information to the user. I hadn't found any similar code in PureBasic either in the example or archived code libraries or in the PureBasic forums. This example creates two tray icons that cycles through imageres.dll via threads. Imageres.dll is basically an image library that comes with Windows, I believe its on Vista and later and its similar to shell32.dll but with nicer icons and a larger library. The example also listens out for the TaskbarCreated Windows message, if the taskbar crashes and has to reload and your application does not listen for the TaskbarCreated message your trayicon will not reappear. Cycling through the icons was a cheap way to get some "animation" to show up in the example. A callback is created to listen for events happening over the tray icons such as mouse clicks and mouse hover. Normally if you have only one icon in your program you don't have to use callbacks, I needed the callbacks because it was the only way I could get multiple icons working affectively in PureBasic. The threads are used to stop the trayicons locking up once the cycling of the icons is started. I have added some comments but if you have any particular questions about the example please ask... ; ; ------------------------------------------------------------------ ; ; Dual SysTray, Threaded & "Animated" "imageres.dll" System Icons ; "imageres.dll" is available on Window 7 & 8 (Vista??) ; ; By Teddy Rogers / PureBasic 5.22 ; ; ------------------------------------------------------------------ ; ; Declare our procedures Declare WinCallback_Icon1(WindowID, uMsg, wParam, lParam) Declare WinCallback_Icon2(WindowID, uMsg, wParam, lParam) Declare SetImage(Icon) Declare ChangeIcon(void) ; Declare some global variables... Global Num1 = 100 ; Set our default "imageres.dll" tray icon 1 Global Num2 = 101 ; Set our default "imageres.dll" tray icon 2 Global ThreadID ; This is used to end the thread Global IconNum = ExtractIconEx_("imageres.dll", -1, #Null, #Null, #Null) ; Register a message with the "TaskbarCreated" string Global TaskbarRestart = RegisterWindowMessage_("TaskbarCreated") ; Define two windows for seperate icons/menu's and callbacks If OpenWindow(1, 0, 0, 0, 0, "", #PB_Window_Invisible) If OpenWindow(2, 0, 0, 0, 0, "", #PB_Window_Invisible) ; These are the callbacks to watch for events on each of the icons SetWindowCallback(@WinCallback_Icon1(), 1) SetWindowCallback(@WinCallback_Icon2(), 2) ; Add the system tray icons using icons from "imageres.dll" AddSysTrayIcon(1, WindowID(1), SetImage(Num1)) AddSysTrayIcon(2, WindowID(2), SetImage(Num2)) ; Setup some tooltips... SysTrayIconToolTip(1, "You are hovering over icon 1") SysTrayIconToolTip(2, "You are hovering over icon 2") ; Create icon 1 menu with PureBasic modern look (we use "imageres.dll" for menu icons) If CreatePopupImageMenu(1, #PB_Menu_ModernLook) MenuItem(01, "Open", SetImage(174)) MenuItem(02, "Save", SetImage(39)) MenuItem(03, "Save as", SetImage(23)) MenuItem(04, "Quit", SetImage(84)) MenuBar() OpenSubMenu("Recent files") MenuItem(05, "PureBasic.exe") MenuItem(06, "Test.txt") CloseSubMenu() EndIf ; Create icon 2 menu with standard look (we use "imageres.dll" for menu icons) If CreatePopupImageMenu(2, 0) MenuItem(07, "Open", SetImage(174)) MenuItem(08, "Save", SetImage(39)) MenuItem(09, "Save as", SetImage(23)) MenuItem(10, "Quit", SetImage(84)) MenuBar() OpenSubMenu("Recent files") MenuItem(11, "PureBasic.exe") MenuItem(12, "Test.txt") CloseSubMenu() EndIf ; Wait for a MenuItem to be selected... then do some stuff... Repeat Event = WaitWindowEvent() Select Event Case #PB_Event_Menu Select EventMenu() ; Icon 1 menu actions... Case 01 : Debug "Menu: Open (Icon 1)" Case 02 : Debug "Menu: Save (Icon 1)" Case 03 : Debug "Menu: Save as (Icon 1)" Case 04 : End Case 05 : Debug "Menu: PureBasic.exe (Icon 1)" Case 06 : Debug "Menu: Text.txt (Icon 1)" ; Icon 2 menu actions... Case 07 : Debug "Menu: Open (Icon 2)" Case 08 : Debug "Menu: Save (Icon 2)" Case 09 : Debug "Menu: Save as (Icon 2)" Case 10 : End Case 11 : Debug "Menu: PureBasic.exe (Icon 2)" Case 12 : Debug "Menu: Text.txt (Icon 2)" EndSelect EndSelect Until Event = #PB_Event_CloseWindow EndIf EndIf ; We will use the Windows default system icons for our own the menu options Procedure SetImage(Icon) ExtractIconEx_("imageres.dll", Icon, 0, @iIcon, 1) If CreateImage(MyImage, 16, 16 ,32) StartDrawing(ImageOutput(MyImage)) Box(0, 0, 16, 16, GetSysColor_(#COLOR_MENU)) DrawingMode(#PB_2DDrawing_AllChannels) DrawImage(iIcon, 0, 0, 16, 16) StopDrawing() EndIf DestroyIcon_(iIcon) ProcedureReturn ImageID(MyImage) EndProcedure ; Icon Number 1 (clicking left mouse button starts automatic cycling through the icons, clicking left again end the thread) Procedure WinCallback_Icon1(WindowID, uMsg, wParam, lParam) ; End the thread if it is already running or start it... Select lParam Case #WM_LBUTTONDOWN If ThreadID ThreadID = #Null Else ThreadID = CreateThread(@ChangeIcon(), 0) EndIf ; Display popup-menu 1 Case #WM_RBUTTONDOWN DisplayPopupMenu(1, WindowID(1)) EndSelect ; Listen for "TaskbarCreated" broadcast to be sent to all windows if the taskbar is recreated then... ; Recreate our tray icon including the tool tip... Select uMsg Case TaskbarRestart AddSysTrayIcon(1, WindowID(1), SetImage(Num1)) SysTrayIconToolTip(1, "You are hovering over icon 1") EndSelect ProcedureReturn #PB_ProcessPureBasicEvents EndProcedure ; Icon Number 2 (clicking left mouse button manually cycles through the icons one at a time) Procedure WinCallback_Icon2(WindowID, uMsg, wParam, lParam) ; Cycle through "imageres.dll" icons. Windows 7 has 218 and Window 8 has 384!!! Select lParam Case #WM_LBUTTONDOWN Num2 = Num2 + 1 If Num2 > IconNum Num2 = 0 EndIf ChangeSysTrayIcon(2, SetImage(Num2)) ; Display popup-menu 2 Case #WM_RBUTTONDOWN DisplayPopupMenu(2, WindowID(1)) EndSelect ; Listen for "TaskbarCreated" broadcast to be sent to all windows if the taskbar is recreated then... ; Recreate our tray icon including the tool tip... Select uMsg Case TaskbarRestart AddSysTrayIcon(2, WindowID(2), SetImage(Num2)) SysTrayIconToolTip(2, "You are hovering over icon 2") EndSelect ProcedureReturn #PB_ProcessPureBasicEvents EndProcedure ; Create a thread to cycle through the icons, creating a thread allows us to continue using tray menu(s) Procedure ChangeIcon(void) ; Cycle through "imageres.dll" icons. Windows 7 has 218 and Window 8 has 384!!! Repeat Num1 = Num1 + 1 If Num1 > IconNum Num1 = 0 EndIf Sleep_(500) ChangeSysTrayIcon(1, SetImage(Num1)) Until ThreadID = #Null EndProcedure Ted. Animated Tray Icon.zip

## Attacking Armadillo's Stolen Keys feature

Hello everyone, Lately I thought it would be good to share some of the stuff I did with Armadillo to the general public, this time it will be about Armadillo’s Stolen Keys feature. When I have some time available, I will update this blog, but in general I don’t like typing long essays so don’t expect too much from that promise. What are stolen keys? Quite obvious, stolen keys are stolen (or otherwise illegally obtained) serials for an Armadillo project. The project developer can maintain a list of these stolen keys and when one of them is entered in the registration dialog it will not be accepted. Very briefly, in Armadillo you have various types of keys and also various key levels. Except unsigned keys (level 0), all keys consist of two parts: [KEYBYTES][sIGNATURE] The signature is the digital signature of the keybytes, this is just to verify the integrity of a key. For this post, only it’s size is of importance. The keybytes also have a variable length. Every serial in Armadillo can store 5 so-called ‘otherinfo’ WORD, 1 date WORD, 1 DWORD (symmetric key) and optionally a keystring. The symmetric key is the key we are looking for when dealing with Armadillo. It is (together with some other constant values) used to decrypt certificate descriptors. These are used to decrypt the program code an optionally the secured sections. Here is a the outline of a key: [ [OTHERINFO][DATE][sYM][KEYSTRING] ][sIGNATURE] As you can see, our target is somewhere near the middle of a key that is fully filled. Luckily, with the correct info, we can strip out the signature, leaving us 1-6 WORDS (otherinfo+encoded date value) and possible a keystring. Before I continue I would like to point out that the stolenkeys are not stored unencrypted in the target file. Every key is encrypted using a simple XOR-encryption with the name bound to the key as seed. Encryption/Decryption goes as follows: char tmp[2048]="";CookText(tmp, name); //UPPERCASE and strip bad charactersunsigned int seed=crc32(tmp, strlen(tmp), NewCRC32); //CRC32 of nameInitRandomGenerator(seed); //Initialize random number generatorfor(int i=0; i<keylength; i++) keybytes[i]^= NextRandomRange(256); NextRandomRange gets a pseudo-random byte in the provided range, in this case a byte. Here is the source code from the random number generator: /* source start */#define m 100000000L#define m1 10000L#define b 31415821L unsigned long a; unsigned long mult(long p, long q){ unsigned long p1=p/m1, p0=p%m1, q1=q/m1, q0=q%m1; return (((p0*q1+p1*q0) % m1) * m1+p0*q0) % m;} void InitRandomGenerator(unsigned long seed){ a=seed;} void NextRandomSeed(){ a=(mult( a, b )+1) % m;} unsigned long NextRandomRange(long range){ NextRandomSeed(); return (((a/m1)*range)/m1);}/* source end */ Attacking Our goal is to find the decryption key of the stolen key. Let’s take a close look at the random number generator. Actually, when we look at NextRandomSeed, we can see one very easily: the final seed is divided by m (100000000) and the remainder becomes the actual new seed. This means that every seed is limited to 99999999 and that is a fairly small amount of brute force attempts! Our goal for today is to write a function, that returns a possible symmetric key from a seed and a piece of data collected from any stolen key (specifically the encrypted symmetric key). Before I start with that I would like to point out that the first two bytes of a stolen key can always be considered junk. This is because either the date, or various otherinfo parameters are always before the symmetric key. In reality, only a maximum of 4 otherinfo parameters is possible (the SoftwarePassport GUI does not have a use for the 5th otherinfo parameter). This means that we would only have to try a maximum of 5 times before we actually find the symmetric key. /* source start */unsigned long NextRandomRangeMod(unsigned int seed){ return (((a/m1)*256)/m1);} unsigned int NextRandomSeed(unsigned int seed){ return (mult( seed, b )+1) % m;} unsigned int decrypt_data(unsigned int seed, unsigned int data){ int next=seed; int res=NextRandomRangeMod(next)<<24; //no little edian next=NextRandomSeed(next); res|=NextRandomRangeMod(next)<<16; next=NextRandomSeed(next); res|=NextRandomRangeMod(next)<<8; next=NextRandomSeed(next); res|=NextRandomRangeMod(next); return res^data;} int main(){ stolen_data=0x????????; for(int i=0; i<m; i++) { unsigned int sym=decrypt_data(i, stolen_data); if(VerifySym(sym)) //imaginary function that checks the sym { printf(“found: %.8X”, sym); break; } }}/* end of code */ Conclusion When implemented in CUDA, brute forcing Armadillo v3-v7.2 goes from ~20 to less than a second. Armadillo v7.4 and higher goes from 2.5-3 hours to 4 minutes! Little tool I created for testing my theories, it actually works! In the attachment I included a DLL that implements the algorithm (and various other Armadillo-related algorithms) with multi-threaded support. I decided not to include the tool because this post is about how it works, not all the tools I created in my life. Last but not least, a hint to the guys at SiliconRealms: do not store (encrypted) keys in a protected file, just store a list of hashes I hope you learned something from this! Greetings, Mr. eXoDia PS If you have any remarks or found a mistake (not related to grammar please), feel free to PM me.

## A simple way to make animations with Delphi.

I've made ​​more simple, I include source manually code with different code as well, Example + Source Code. This time I just use my 4-layer stacking horizontally so easy to understand, [120x80] [120x80] [120x80] [120x80] = [480 x 80] may can help. Download Source Code + Example ----------> ZNP Easy.zip Have Fun.

## Bruteforcing Armadillo Encryption Template

I'm not really used to the whole 'blog' thing so bear with me while i simply spill some thoughts, Anybody who has seen the Keymaker.c source code for Armadillo keygenerating can see how the keys are built and put together, i'm not going to be explaining how i came to any conclusions aside from referring back to that document. The single most important thing to make genuine Level 10 Short V3 keys is the Encryption Template, from it the symmetric key is made as well as the private key being generated from it for ECDSA signing. People have already successfully attacked the signature verification as well as symmetric key verification, so this post isn't revealing anything new. The string is uppercased in a function called 'CookText' before it is hashed with the MD5 algorithm. Looking at the source code, we can see that the BasePointInit value for the elliptic curve used is also taken from the Encryption Template, the first unsigned long of the MD5 hash to be precise. So, what do we have at the moment?
// Hypothetical variables
unsigned long MD5Hash[4];
char temp[256];
unsigned long BasePointInit;
unsigned long Symmetric;

// Get the hash of the uppercased string
CookText(temp, EncryptionTemplate);
md5(MD5Hash, temp, strlen(temp));

// Set BasePointInit and Symmetric values
BasePointInit = MD5Hash[0];
Symmetric = MD5Hash[0] ^ MD5Hash[1];

// Remembering the ECDSAPrivateKey is derived from EncryptionTemplate.

Okay, not a lot to look at to begin with but with the BasePointInit, we have the first dword of the MD5 hash and we can perform a bruteforce lookup for any hashes that begin with that value. On its own, this would be totally useless because it returns a lot of false positives so incorporating a check to see whether or not the generated symmetric key will yield a matching checksum when passed through the symmetric checksum function was necessary. Now, using CUDA and the symmetric check plus a large charset, it finds a 6 character encryption template in 80 seconds. Nothing to jump up and down about but the main thing is it works at all! There would most likely be a way to speed it up more but i'm not sure where to start, it is only a PoC and i'm sharing the theory only so please don't ask me for a copy. I also had the brainwave idea of bruteforcing the 128 bit value which is the private key for ECDSA signing but couldn't find a way that was fast enough using my limited math experience, hehe. My conclusion from this little experiment is that although it is possible to recover the encryption template, the character set and probable length of the strings used by Armadillo's users will prevent it from becoming an attack vector for keygenning, especially when the ECDSA_Verify and symmetrickey can both be defeated with faster means. HR, Ghandi

## Played 6 File [*. Xm] with Delphi.

Not for the Expert, just for amateur programmers. ~~~~~~~~~~~~~~~~~~~~~~~~~~BeGiN~~~~~~~~~~~~~~~~~~~~~~~~~~~ unit Unit1; interface uses Forms, uFMOD, Sfx, Sfx2, Sfx3, Sfx4, Sfx5, Sfx6, Classes, Controls, StdCtrls; type TForm1 = class(TForm) Label1: TLabel; procedure FormActivate(Sender: TObject); procedure FormDestroy(Sender: TObject); procedure FormKeyPress(Sender: TObject; var Key: Char); procedure FormCreate(Sender: TObject); private { By : X-88 } public { hmm.... } end; var Form1: TForm1; implementation {\$R *.dfm} procedure TForm1.FormActivate(Sender: TObject); begin uFMOD_SetVolume(256); uFMOD_PlaySong(@SfxData, SfxSize, XM_MEMORY); Label1.Caption := 'Title : '+uFMOD.uFMOD_GetTitle; end; procedure TForm1.FormDestroy(Sender: TObject); begin uFMOD_StopSong; end; procedure TForm1.FormKeyPress(Sender: TObject; var Key: Char); begin if (Key = '1') then begin uFMOD_StopSong; uFMOD_PlaySong(@SfxData, SfxSize, XM_MEMORY); Label1.Caption := 'Title : '+uFMOD.uFMOD_GetTitle; end else if (Key = '2') then begin uFMOD_StopSong; uFMOD_PlaySong(@Sfx2Data, Sfx2Size, XM_MEMORY); Label1.Caption := 'Title : '+uFMOD.uFMOD_GetTitle; end else if (Key = '3') then begin uFMOD_StopSong; uFMOD_PlaySong(@Sfx3Data, Sfx3Size, XM_MEMORY); Label1.Caption := 'Title : '+uFMOD.uFMOD_GetTitle; end else if (Key = '4') then begin uFMOD_StopSong; uFMOD_PlaySong(@Sfx4Data, Sfx4Size, XM_MEMORY); Label1.Caption := 'Title : '+uFMOD.uFMOD_GetTitle; end else if (Key = '5') then begin uFMOD_StopSong; uFMOD_PlaySong(@Sfx5Data, Sfx5Size, XM_MEMORY); Label1.Caption := 'Title : '+uFMOD.uFMOD_GetTitle; end else if (Key = '6') then begin uFMOD_StopSong; uFMOD_PlaySong(@Sfx6Data, Sfx6Size, XM_MEMORY); Label1.Caption := 'Title : '+uFMOD.uFMOD_GetTitle; end else if (Key = '7') then begin uFMOD_StopSong; Label1.Caption := 'Press 1-6 to Change Sfx' +#13#10+ '7 = Stop'; end; end; procedure TForm1.FormCreate(Sender: TObject); begin Application.Title := 'Test'; end; end. ~~~~~~~~~~~~~~~~~~~~~~~~~~EnD~~~~~~~~~~~~~~~~~~~~~~~~~~ NB : Uses Sfx, Sfx2, Sfx3, Sfx4, Sfx5, Sfx6 if (Key = '1') then begin uFMOD_StopSong; uFMOD_PlaySong(@SfxData, SfxSize, XM_MEMORY); Label1.Caption := 'Title : '+uFMOD.uFMOD_GetTitle; end else if (Key = '2') then begin uFMOD_StopSong; uFMOD_PlaySong(@Sfx2Data, Sfx2Size, XM_MEMORY); Label1.Caption := 'Title : '+uFMOD.uFMOD_GetTitle; end else if (Key = '3') then begin uFMOD_StopSong; uFMOD_PlaySong(@Sfx3Data, Sfx3Size, XM_MEMORY); Label1.Caption := 'Title : '+uFMOD.uFMOD_GetTitle; end else if (Key = '4') then begin uFMOD_StopSong; uFMOD_PlaySong(@Sfx4Data, Sfx4Size, XM_MEMORY); Label1.Caption := 'Title : '+uFMOD.uFMOD_GetTitle; end else if (Key = '5') then begin uFMOD_StopSong; uFMOD_PlaySong(@Sfx5Data, Sfx5Size, XM_MEMORY); Label1.Caption := 'Title : '+uFMOD.uFMOD_GetTitle; end else if (Key = '6') then begin uFMOD_StopSong; uFMOD_PlaySong(@Sfx6Data, Sfx6Size, XM_MEMORY); Label1.Caption := 'Title : '+uFMOD.uFMOD_GetTitle; end ----------------------------------------------------------------> Unit Sfx2; Interface Const Sfx2Size = 268215; Sfx2Data : Array[1..Sfx2Size] of Byte = ( 69,120,116,101,110,100,101,100,32,77,111, .., .., .., .., .., .., .., .., .., .., .., .., .., .., .., .., .., Etc Done.

## XM on x64

This is the result of trying to play back xm music on 64-bit Windows. I wrote a simple wrapper around libmodplug that reads its raw PCM output and writes it to the standard wave output. All you have to do is create an instance of ModPlay which needs a buffer + size of the xm file to be played. Then just call the play() function and voila I have to say that it roughly adds 40kb of code to your binaries, you have to decide if that is worth it for you. Personally I don't care, especially because you can compress the **** out of it with UPX Attached are the wrapper C++ files, WINMM import libraries from the Windows SDK and 2 static libraries of libmodplug (compiled with VS 2008, you might need to build libmodplug yourself for other compilers/configs, see below for tips) Any problems, questions, suggestions, let me know. PS: If you want/need to compile libmodplug, just make sure you define these to keep the library size as small as possible: MODPLUG_BASIC_SUPPORT MODPLUG_FASTSOUNDLIB MODPLUG_NO_FILESAVE NO_PACKING For VC++ I added this version of stdint.h, added the libmodplug subfolder to the include dirs and it pretty much compiled out of the box.

## From: [ARTeam] ActiveMark "dismembered"

Hi all, guess what, we again targeted activemark new version and this time we are releasing an updated tool for inlining the protection beside of course a tutorial which explains the technique. You can grab them all from here: tutorial: http://www.accessroo...ad.php?view.324 tool: http://www.accessroo...ad.php?view.325 thanks to SSlEviN for his great work. Beside this is the first tool he coded on his own! Veery nice beginning Source: [ARTeam] ActiveMark "dismembered"

## MTCT Dup Skin v.0.1

This is my first Dup Skin ...

## MTCT Nfo Maker

Master Turkish Crack Team Nfo Maker Coded By TreaxeR

• ### Blog Comments

• To Someone likes to solve crossword, somebody likes to play chess.
I like RE because I need to strain my brain like when I solve a crossword, think and analyze like when I play chess. After every cracking, I get a moral satisfaction, I'm happy with my success, success in cracking my friends.
I'm glad when I receive a message from the developers, where they are grateful for cracking  of their program and promise to eliminate the hole in the protection of the program in the next release.
I thank everyone who writes articles about RE, makes tutorials, new tools, shares my knowledge with others.
• am just a beginner , and believe me... Reverse Engineering is taking a huge part in my personal life
i wanna be that professional cracker ! programmer , i need to learn more and more
i won't stop what am doing because i love it ! from deep of my heart
this is not just a hobby for me , its a way of thinking .
• CriticalError  ==> this is the password
• time factor maybe...I got an interest on reversing sometime 6 yrs ago but work schedule is pushing me away. I still remember the old days where a good site (astatalk) emerge and helping each other. Yes, reversing is a long process, if you put space on the process then you'll be lost just like me, been idle in re for so many years..
• ### Blog Statistics

• Total Blogs
24
• Total Entries
50
×