1. Forum
  2. SciNet
  3. SCIWAREZ

  • Re: My first crack => keygen

    From Analog@77:1/131 to Jokker on Fri Feb 21 09:00:02 2020
    Anyone else dig into that kind of thing? Got any stories, tips, tricks
    for reverse engineering?

    Jokker,

    Fun stuff. I do this often enough. Have you tried the IDA + Bochs debugger setup? You can actually debug in Bochs while updating IDA as you step through the program. One thing you'll find is some of the old DOS apps are fairly sophisticated in their packing and execution mechanisms, breaking IDAs
    ability to follow the decompiled code or symbols (even if unpacked). A good example is The Pit or Lunatix 4.X. I was able to crack Lunatixes
    configuration serial number code but could not follow the routines to generate a keygen.

    It's tough and to be honest much easier nowadays with PE tools in windows
    than it is with some DOS apps. I think one of the things that would get you some clout in this area would be to Keygen The Pit bbs door.

    |20|15ÚÄ|16|08´ |08De|07ad|15be|07a|08tz b|07b|15s
    |08ÀÄÙÃÄ¿ |08:>.|07A|08rk |0710|08:|07101|08/|0714|08.
    |04þ |08À|20|15Ä|16|08Ù |08:>.|10A|02gn |1046|08:|101|08/|10123|08.
    |04A|07n|15al|07o|08g |08:>.|12F|04sx |1221|08:|122|08/|12123|08. |04.p|08HENOM|04. |08:>.|15S|07ci |1577|08:|151|08/|15131|08. |04°±°|08±ÛÛÜÝ|08:>.|11T|03qw |111337|08:|113|08/|1113|08.

    --- Mystic BBS v1.12 A45 2020/02/09 (Linux/64)
    * Origin: deadbeatz.org (77:1/131)
  • From jokker@77:1/100 to Analog on Fri Feb 21 19:18:38 2020
    Fun stuff. I do this often enough. Have you tried the IDA + Bochs
    debugger setup? You can actually debug in Bochs while updating IDA as

    I haven't tried Bochs but I probably should. I found dosbox-x to be pretty
    good for that. I've hooked qemu up to GDB in the past and it wasn't too bad. Good to know all the tools since they have their strengths and weaknesses.

    It's tough and to be honest much easier nowadays with PE tools in windows than it is with some DOS apps. I think one of the things that would get you some clout in this area would be to Keygen The Pit bbs door.

    So I did take a quick glance at The Pit, it's got an obfuscated payload I
    think so you'd probably have to dump it once it's loaded. Although I did hear speak elsewhere that it may have been a compiled registration and not shareware/unlocked with key.

    --- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
    * Origin: % disksh0p!bbs % bbs.diskshop.ca % SciNet ftn hq % (77:1/100)
  • From ryan@77:1/128 to jokker on Fri Feb 21 20:15:56 2020
    So I did take a quick glance at The Pit, it's got an obfuscated payload I think so you'd probably have to dump it once it's loaded. Although I did hear speak elsewhere that it may have been a compiled registration and
    not shareware/unlocked with key.

    This is my understanding as well. Each registered copy of Pit is a custom compiled executable.

    --- Mystic BBS v1.12 A44 2020/02/04 (Linux/64)
    * Origin: monterey bbs (77:1/128)
  • From Dumas Walker@77:1/115 to JOKKER on Sat Feb 22 19:14:00 2020
    So I did take a quick glance at The Pit, it's got an obfuscated payload I think so you'd probably have to dump it once it's loaded. Although I did hear speak elsewhere that it may have been a compiled registration and not shareware/unlocked with key.

    Which version are you working with? I have the Pit 3.60 and it does not require registration.


    * SLMR 2.1a * On the other hand, you have different fingers.
    --- SBBSecho 3.10-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (77:1/115)
  • From Analog@77:1/131 to Dumas Walker on Sat Feb 22 21:05:18 2020
    Which version are you working with? I have the Pit 3.60 and it does not

    I think 4.17 ...

    |20|15ÚÄ|16|08´ |08De|07ad|15be|07a|08tz b|07b|15s
    |08ÀÄÙÃÄ¿ |08:>.|07A|08rk |0710|08:|07101|08/|0714|08.
    |04þ |08À|20|15Ä|16|08Ù |08:>.|10A|02gn |1046|08:|101|08/|10123|08.
    |04A|07n|15al|07o|08g |08:>.|12F|04sx |1221|08:|122|08/|12123|08. |04.p|08HENOM|04. |08:>.|15S|07ci |1577|08:|151|08/|15131|08. |04°±°|08±ÛÛÜÝ|08:>.|11T|03qw |111337|08:|113|08/|1113|08.

    --- Mystic BBS v1.12 A45 2020/02/09 (Linux/64)
    * Origin: deadbeatz.org (77:1/131)
  • From Embalmed@77:1/133 to Dumas Walker on Sat Feb 22 20:24:44 2020
    So I did take a quick glance at The Pit, it's got an obfuscated payload think so you'd probably have to dump it once it's loaded. Although I did speak elsewhere that it may have been a compiled registration and not shareware/unlocked with key.

    Which version are you working with? I have the Pit 3.60 and it does not require registration.
    Pretty sure you have the bbsfiles.com version that is 'cracked/reg'd to bbsfiles.com'

    They were talking about a keygen so it can be reg'd to whatever board name
    you like.

    |07E|10m|07b|10a|07l|10m|07e|10d |12-----------------------------------------------------
    |09Black Lodge Research BBS |11blacklodgeresearch.org:4022
    |11fsx|08Net: |0721:4/166 |11sci|08Net: |0777:1/133

    --- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
    * Origin: Black Lodge Research BBS (77:1/133)
  • From Dumas Walker@77:1/115 to EMBALMED on Sun Feb 23 18:22:00 2020
    Pretty sure you have the bbsfiles.com version that is 'cracked/reg'd to bbsfiles.com'

    They were talking about a keygen so it can be reg'd to whatever board name you like.

    hmmm, that could very well be! The registration txt file says it does not require registration so I just took it at its word. :O :D


    * SLMR 2.1a * "Silence. Music's original alternative. Roots-grunge!"
    --- SBBSecho 3.10-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (77:1/115)
  • From jokker@77:1/100 to Dumas Walker on Sun Feb 23 22:12:44 2020
    Pretty sure you have the bbsfiles.com version that is 'cracked/reg'd to bbsfiles.com'

    They were talking about a keygen so it can be reg'd to whatever board na you like.

    hmmm, that could very well be! The registration txt file says it does
    not require registration so I just took it at its word. :O :D

    Well once I finish porting Opendoors to DJGPP, then I might have another
    glance at The Pit and see if it is an obfuscated payload and try and dump it out under a VM or something. If we can get to the real code then there is always something that can be done. :)

    --- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
    * Origin: % disksh0p!bbs % bbs.diskshop.ca % SciNet ftn hq % (77:1/100)
  • From Dumas Walker@77:1/115 to JOKKER on Mon Feb 24 19:21:00 2020
    Well once I finish porting Opendoors to DJGPP, then I might have another glance at The Pit and see if it is an obfuscated payload and try and dump it out under a VM or something. If we can get to the real code then there is always something that can be done. :)

    Well if all else fails, maybe a talented door programmer could be talked
    into writing an open source clone of it... call it The Pot or The Hole or
    The Mosh Pit or Mud Pit or Olive Pit or something. LOL!


    * SLMR 2.1a * Misspelled? Impossible. My modem is error correcting.
    --- SBBSecho 3.10-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (77:1/115)
  • From Analog@77:1/131 to Dumas Walker on Wed Feb 26 18:28:42 2020
    into writing an open source clone of it... call it The Pot or The Hole or The Mosh Pit or Mud Pit or Olive Pit or something. LOL!

    DaPit

    |20|15ÚÄ|16|08´ |08De|07ad|15be|07a|08tz b|07b|15s
    |08ÀÄÙÃÄ¿ |08:>.|07A|08rk |0710|08:|07101|08/|0714|08.
    |04þ |08À|20|15Ä|16|08Ù |08:>.|10A|02gn |1046|08:|101|08/|10123|08.
    |04A|07n|15al|07o|08g |08:>.|12F|04sx |1221|08:|122|08/|12123|08.
    |04.|08dPR|04. |08:>.|15S|07ci |1577|08:|151|08/|15131|08. |04°±°|08±ÛÛÜÝ|08:>.|11T|03qw |111337|08:|113|08/|1113|08.

    --- Mystic BBS v1.12 A45 2020/02/09 (Linux/64)
    * Origin: deadbeatz.org (77:1/131)