From dd6a2cb48b2d0acf5a03398d534fa198d82de54f Mon Sep 17 00:00:00 2001 From: OPSXCQ Date: Mon, 12 Feb 2018 08:16:27 -0300 Subject: [PATCH] update --- textfiles.com/piracy/APPLICATIONS/generic.app | 61 + textfiles.com/piracy/APPLICATIONS/info.beg | 421 + textfiles.com/piracy/APPLICATIONS/kortapp.nfo | 102 + textfiles.com/piracy/APPLICATIONS/modreq.txt | 58 + textfiles.com/piracy/APPLICATIONS/mrgcour.app | 121 + textfiles.com/piracy/APPLICATIONS/mrgsite.app | 112 + textfiles.com/piracy/APPLICATIONS/mrgwrit.app | 136 + textfiles.com/piracy/APPLICATIONS/paw.app | 54 + textfiles.com/piracy/APPLICATIONS/planet.app | 78 + .../piracy/APPLICATIONS/reviewer.app | 68 + textfiles.com/piracy/APPLICATIONS/rodapp.txt | 63 + textfiles.com/piracy/APPLICATIONS/rotbapp.txt | 33 + textfiles.com/piracy/APPLICATIONS/rotuapp.txt | 53 + textfiles.com/piracy/APPLICATIONS/site.rul | 83 + .../piracy/APPLICATIONS/siteappt.txt | 71 + .../piracy/APPLICATIONS/slaveapp.txt | 101 + textfiles.com/piracy/APPLICATIONS/tasd.app | 139 + textfiles.com/piracy/APPLICATIONS/usacour.app | 93 + textfiles.com/piracy/APPLICATIONS/wizapp.txt | 112 + textfiles.com/piracy/COURIERS.1 | 66 + textfiles.com/piracy/COURIERS/.windex.html | 66 + textfiles.com/piracy/COURIERS/9kc0195.nfo | 79 + textfiles.com/piracy/COURIERS/9kc0594.nfo | 82 + textfiles.com/piracy/COURIERS/9kc1094.nfo | 57 + textfiles.com/piracy/COURIERS/9kc1294.nfo | 86 + textfiles.com/piracy/COURIERS/alpha.txt | 42 + textfiles.com/piracy/COURIERS/ambition.nfo | 84 + textfiles.com/piracy/COURIERS/cocaine.nfo | 61 + textfiles.com/piracy/COURIERS/cod.nfo | 64 + textfiles.com/piracy/COURIERS/courier.app | 138 + textfiles.com/piracy/COURIERS/devo0193.nfo | 26 + textfiles.com/piracy/COURIERS/devo0195.nfo | 68 + textfiles.com/piracy/COURIERS/devo0294.nfo | 12 + textfiles.com/piracy/COURIERS/devo0893.nfo | 65 + textfiles.com/piracy/COURIERS/fuck.it | 14 + textfiles.com/piracy/COURIERS/htc-rel.nfo | 41 + textfiles.com/piracy/COURIERS/htc1095.nfo | 147 + textfiles.com/piracy/COURIERS/iit'94.nfo | 77 + textfiles.com/piracy/COURIERS/inc604.txt | 20 + textfiles.com/piracy/COURIERS/menace.asc | 74 + textfiles.com/piracy/COURIERS/risc'is | 19 + textfiles.com/piracy/COURIERS/risc0295.nfo | 98 + textfiles.com/piracy/COURIERS/risc0296.nfo | 110 + textfiles.com/piracy/COURIERS/risc0394.nfo | 131 + textfiles.com/piracy/COURIERS/risc0595.nfo | 103 + textfiles.com/piracy/COURIERS/risc0795.nfo | 107 + textfiles.com/piracy/COURIERS/risc0996.nfo | 105 + textfiles.com/piracy/COURIERS/risc1.nfo | 105 + textfiles.com/piracy/COURIERS/risc1293.nfo | 115 + textfiles.com/piracy/COURIERS/risc94.nfo | 130 + textfiles.com/piracy/COURIERS/rsc0595.nfo | 104 + textfiles.com/piracy/COURIERS/stealth.nfo | 92 + textfiles.com/piracy/COURIERS/t4d.nfo | 86 + textfiles.com/piracy/COURIERS/tca.nfo | 110 + textfiles.com/piracy/COURIERS/therapy.nfo | 96 + textfiles.com/piracy/COURIERS/uc.nfo | 123 + textfiles.com/piracy/COURIERS/uc1092.nfo | 53 + textfiles.com/piracy/COURIERS/uc1093.nfo | 122 + textfiles.com/piracy/COURIERS/uc1094.nfo | 115 + textfiles.com/piracy/COURIERS/wwc93.nfo | 123 + textfiles.com/piracy/CRACKING.1 | 112 + textfiles.com/piracy/CRACKING/.windex.html | 112 + textfiles.com/piracy/CRACKING/acrpatch.nfo | Bin 0 -> 36217 bytes textfiles.com/piracy/CRACKING/act-13.txt | 1696 +++ textfiles.com/piracy/CRACKING/act.txt | 1696 +++ textfiles.com/piracy/CRACKING/asm_for_.txt | 184 + textfiles.com/piracy/CRACKING/asmtut.txt | 389 + textfiles.com/piracy/CRACKING/begcrck.txt | 1616 +++ textfiles.com/piracy/CRACKING/budget.txt | 254 + textfiles.com/piracy/CRACKING/bytecatcher.txt | 86 + textfiles.com/piracy/CRACKING/c1.txt | 412 + textfiles.com/piracy/CRACKING/c101-90.000 | 79 + textfiles.com/piracy/CRACKING/c101-90.002 | 642 ++ textfiles.com/piracy/CRACKING/c101-90.003 | 399 + textfiles.com/piracy/CRACKING/c101-90.004 | 1172 +++ textfiles.com/piracy/CRACKING/c2.txt | 495 + textfiles.com/piracy/CRACKING/c3.txt | 1512 +++ textfiles.com/piracy/CRACKING/c4.txt | 1747 ++++ textfiles.com/piracy/CRACKING/c5.txt | 488 + textfiles.com/piracy/CRACKING/c6.txt | 456 + textfiles.com/piracy/CRACKING/c8a.txt | 326 + textfiles.com/piracy/CRACKING/c8b.txt | 449 + textfiles.com/piracy/CRACKING/caligo.nfo | 81 + textfiles.com/piracy/CRACKING/cbd-tut01.txt | 192 + textfiles.com/piracy/CRACKING/cbd-tut02.txt | 156 + textfiles.com/piracy/CRACKING/cbd-tut03.txt | 273 + textfiles.com/piracy/CRACKING/cbd-tut04.txt | 204 + textfiles.com/piracy/CRACKING/cbd-tut05.txt | 117 + textfiles.com/piracy/CRACKING/cbd-tut06.txt | 190 + textfiles.com/piracy/CRACKING/cdwizzard.txt | 234 + textfiles.com/piracy/CRACKING/ch2-doc | 422 + textfiles.com/piracy/CRACKING/check.txt | 199 + textfiles.com/piracy/CRACKING/copyprot.pro | 175 + textfiles.com/piracy/CRACKING/copyprot.txt | 337 + textfiles.com/piracy/CRACKING/crack-1.txt | 254 + textfiles.com/piracy/CRACKING/crack-2.txt | Bin 0 -> 3840 bytes textfiles.com/piracy/CRACKING/crack.txt | 2310 +++++ textfiles.com/piracy/CRACKING/crack1 | 274 + textfiles.com/piracy/CRACKING/crack1.txt | 252 + textfiles.com/piracy/CRACKING/crack2.txt | 1575 +++ textfiles.com/piracy/CRACKING/crack3.txt | 596 ++ textfiles.com/piracy/CRACKING/crackam2.txt | 630 ++ textfiles.com/piracy/CRACKING/crackist.hac | 1697 +++ textfiles.com/piracy/CRACKING/cracklog.txt | 136 + textfiles.com/piracy/CRACKING/crackman.txt | 2266 ++++ textfiles.com/piracy/CRACKING/crak1.txt | 436 + textfiles.com/piracy/CRACKING/crak2.txt | 510 + textfiles.com/piracy/CRACKING/crak4.txt | 287 + textfiles.com/piracy/CRACKING/crakhand.txt | 635 ++ textfiles.com/piracy/CRACKING/crkibms2.hac | 67 + textfiles.com/piracy/CRACKING/crkibmsw.hac | 164 + textfiles.com/piracy/CRACKING/diswin.txt | 648 ++ textfiles.com/piracy/CRACKING/diswin2.txt | 723 ++ textfiles.com/piracy/CRACKING/drlan.txt | 107 + textfiles.com/piracy/CRACKING/dumpexe.txt | 665 ++ textfiles.com/piracy/CRACKING/exact-in.txt | 672 ++ textfiles.com/piracy/CRACKING/firstwin.txt | 31 + textfiles.com/piracy/CRACKING/hotchil2.txt | 51 + textfiles.com/piracy/CRACKING/howto1.txt | 306 + textfiles.com/piracy/CRACKING/howto2.txt | 466 + textfiles.com/piracy/CRACKING/howto3a.txt | 113 + textfiles.com/piracy/CRACKING/howto3b.txt | 208 + textfiles.com/piracy/CRACKING/howto5.txt | 487 + textfiles.com/piracy/CRACKING/howto6.txt | 455 + textfiles.com/piracy/CRACKING/howto8a.txt | 325 + textfiles.com/piracy/CRACKING/howto8b.txt | 448 + textfiles.com/piracy/CRACKING/howto9a.txt | 610 ++ textfiles.com/piracy/CRACKING/howtoa.txt | 336 + textfiles.com/piracy/CRACKING/howtoca.txt | 410 + textfiles.com/piracy/CRACKING/howtocb.txt | 494 + textfiles.com/piracy/CRACKING/howtocp2 | 73 + textfiles.com/piracy/CRACKING/howtocrk.txt | 9216 +++++++++++++++++ textfiles.com/piracy/CRACKING/htc.txt | 3672 +++++++ textfiles.com/piracy/CRACKING/hwoodtut.txt | 205 + .../piracy/CRACKING/krakerscorner.txt | 301 + textfiles.com/piracy/CRACKING/krakman.txt | 431 + textfiles.com/piracy/CRACKING/lomt-tsr.txt | 63 + textfiles.com/piracy/CRACKING/max1.crk | 353 + textfiles.com/piracy/CRACKING/methods.txt | 636 ++ textfiles.com/piracy/CRACKING/mex-c4n.nfo | 141 + textfiles.com/piracy/CRACKING/mhpcnws1.txt | 427 + textfiles.com/piracy/CRACKING/mhpcnws2.txt | 450 + textfiles.com/piracy/CRACKING/mhpcnws5.txt | 344 + textfiles.com/piracy/CRACKING/nags.txt | 212 + textfiles.com/piracy/CRACKING/od-crk1.txt | 482 + textfiles.com/piracy/CRACKING/owl-ice.txt | 697 ++ textfiles.com/piracy/CRACKING/pp2t-t&l.txt | 89 + textfiles.com/piracy/CRACKING/psp.nfo | 356 + textfiles.com/piracy/CRACKING/razzia.nfo | 20 + textfiles.com/piracy/CRACKING/romeod4c.txt | 157 + textfiles.com/piracy/CRACKING/scanf.dox | 197 + textfiles.com/piracy/CRACKING/shareman.txt | 80 + textfiles.com/piracy/CRACKING/sice3.qrf | 336 + textfiles.com/piracy/CRACKING/sigma-4f.nfo | 75 + textfiles.com/piracy/CRACKING/t!tutor.txt | 697 ++ textfiles.com/piracy/CRACKING/timetrial.txt | 422 + textfiles.com/piracy/CRACKING/tsrcrack.txt | 91 + textfiles.com/piracy/CRACKING/tt-unt.txt | 2614 +++++ textfiles.com/piracy/CRACKING/unp.txt | 685 ++ textfiles.com/piracy/CRACKING/vbtutori.txt | 534 + textfiles.com/piracy/CRACKING/wincrack.txt | 315 + textfiles.com/piracy/DREAMTEAM.1 | 66 + textfiles.com/piracy/DREAMTEAM/.windex.html | 66 + textfiles.com/piracy/DREAMTEAM/armor.nfo | 121 + textfiles.com/piracy/DREAMTEAM/bloodnet.nfo | 108 + textfiles.com/piracy/DREAMTEAM/bwing.nfo | 85 + textfiles.com/piracy/DREAMTEAM/candd.nfo | 106 + textfiles.com/piracy/DREAMTEAM/crack.nfo | 70 + textfiles.com/piracy/DREAMTEAM/dinotrn.nfo | 80 + textfiles.com/piracy/DREAMTEAM/dr3.nfo | 127 + textfiles.com/piracy/DREAMTEAM/dream.nfo | 72 + textfiles.com/piracy/DREAMTEAM/dream12.nfo | 99 + textfiles.com/piracy/DREAMTEAM/dream2.nfo | 92 + textfiles.com/piracy/DREAMTEAM/dream7.nfo | 73 + textfiles.com/piracy/DREAMTEAM/dream9.nfo | 102 + textfiles.com/piracy/DREAMTEAM/euros.nfo | 115 + textfiles.com/piracy/DREAMTEAM/fireice.nfo | 118 + textfiles.com/piracy/DREAMTEAM/goblins3.nfo | 83 + textfiles.com/piracy/DREAMTEAM/golf.nfo | 71 + textfiles.com/piracy/DREAMTEAM/harrier.nfo | 103 + textfiles.com/piracy/DREAMTEAM/kohan.nfo | 102 + textfiles.com/piracy/DREAMTEAM/laura.nfo | 89 + textfiles.com/piracy/DREAMTEAM/lost.nfo | 98 + textfiles.com/piracy/DREAMTEAM/msfs5.nfo | 76 + textfiles.com/piracy/DREAMTEAM/pinball.nfo | 108 + textfiles.com/piracy/DREAMTEAM/premiere.nfo | 89 + textfiles.com/piracy/DREAMTEAM/riders.nfo | 117 + textfiles.com/piracy/DREAMTEAM/samurai.nfo | 113 + textfiles.com/piracy/DREAMTEAM/sextris.nfo | 107 + textfiles.com/piracy/DREAMTEAM/simphson.nfo | 71 + textfiles.com/piracy/DREAMTEAM/spectre.nfo | 100 + textfiles.com/piracy/DREAMTEAM/sq5.nfo | 112 + textfiles.com/piracy/DREAMTEAM/tdt0192.nfo | 73 + textfiles.com/piracy/DREAMTEAM/tdt0195.nfo | 107 + textfiles.com/piracy/DREAMTEAM/tdt0292.nfo | 72 + textfiles.com/piracy/DREAMTEAM/tdt0491.nfo | 67 + textfiles.com/piracy/DREAMTEAM/tdt0592.nfo | 88 + textfiles.com/piracy/DREAMTEAM/tdt0593.nfo | 92 + textfiles.com/piracy/DREAMTEAM/tdt0792.nfo | 98 + textfiles.com/piracy/DREAMTEAM/tdt0793.nfo | 73 + textfiles.com/piracy/DREAMTEAM/tdt0895.nfo | 59 + textfiles.com/piracy/DREAMTEAM/tdt089~1.nfo | 101 + textfiles.com/piracy/DREAMTEAM/tdt0993.nfo | 73 + textfiles.com/piracy/DREAMTEAM/tdt1092.nfo | 108 + textfiles.com/piracy/DREAMTEAM/tdt1192.nfo | 97 + textfiles.com/piracy/DREAMTEAM/tdt1291.nfo | 74 + textfiles.com/piracy/DREAMTEAM/tdt1292.nfo | 106 + textfiles.com/piracy/DREAMTEAM/tdt1293.nfo | 89 + textfiles.com/piracy/DREAMTEAM/tdtrain.nfo | 106 + textfiles.com/piracy/DREAMTEAM/term2029.nfo | 94 + textfiles.com/piracy/DREAMTEAM/tony3.nfo | 102 + textfiles.com/piracy/DREAMTEAM/triviap.nfo | 91 + textfiles.com/piracy/DREAMTEAM/trodd.nfo | 96 + textfiles.com/piracy/DREAMTEAM/zack.nfo | 104 + textfiles.com/piracy/FAIRLIGHT.1 | 62 + textfiles.com/piracy/FAIRLIGHT/.windex.html | 62 + textfiles.com/piracy/FAIRLIGHT/big22.nfo | 146 + textfiles.com/piracy/FAIRLIGHT/elitetrn.nfo | 190 + textfiles.com/piracy/FAIRLIGHT/eob2edit.nfo | 160 + textfiles.com/piracy/FAIRLIGHT/flash100.nfo | 76 + textfiles.com/piracy/FAIRLIGHT/flt.nf1 | 105 + textfiles.com/piracy/FAIRLIGHT/flt.nfo | 185 + textfiles.com/piracy/FAIRLIGHT/flt0592.nfo | 113 + textfiles.com/piracy/FAIRLIGHT/flt059~1.nfo | 125 + textfiles.com/piracy/FAIRLIGHT/flt1.nfo | 174 + textfiles.com/piracy/FAIRLIGHT/flt1092.nfo | 130 + textfiles.com/piracy/FAIRLIGHT/flt1093.nfo | 122 + textfiles.com/piracy/FAIRLIGHT/flt1291.nfo | 176 + textfiles.com/piracy/FAIRLIGHT/flt3.nfo | 130 + textfiles.com/piracy/FAIRLIGHT/flt4.nfo | 188 + textfiles.com/piracy/FAIRLIGHT/flt5.nfo | 109 + textfiles.com/piracy/FAIRLIGHT/fltpc.nfo | 181 + textfiles.com/piracy/FAIRLIGHT/global.nfo | 111 + textfiles.com/piracy/FAIRLIGHT/gnb.nfo | 132 + textfiles.com/piracy/FAIRLIGHT/goblins.nfo | 167 + textfiles.com/piracy/FAIRLIGHT/hoy3vga.nfo | 159 + textfiles.com/piracy/FAIRLIGHT/hunt.nfo | 103 + textfiles.com/piracy/FAIRLIGHT/infernal.nfo | 141 + textfiles.com/piracy/FAIRLIGHT/luigi.nfo | 144 + textfiles.com/piracy/FAIRLIGHT/mael.nfo | 141 + textfiles.com/piracy/FAIRLIGHT/obitus.nfo | 136 + textfiles.com/piracy/FAIRLIGHT/obitusdx.nfo | 128 + textfiles.com/piracy/FAIRLIGHT/pq3-dox.nfo | 101 + textfiles.com/piracy/FAIRLIGHT/pq3hints.nfo | 106 + textfiles.com/piracy/FAIRLIGHT/shadow.nfo | 104 + textfiles.com/piracy/FAIRLIGHT/shadow2.nfo | 195 + textfiles.com/piracy/FAIRLIGHT/siege.nfo | 105 + textfiles.com/piracy/FAIRLIGHT/simparc.nfo | 180 + textfiles.com/piracy/FAIRLIGHT/steel.nfo | 144 + textfiles.com/piracy/FAIRLIGHT/steel2.nfo | 116 + textfiles.com/piracy/FAIRLIGHT/trn.nfo | 129 + textfiles.com/piracy/FAIRLIGHT/vegas.nfo | 225 + textfiles.com/piracy/FAIRLIGHT/vegas2.nfo | 108 + textfiles.com/piracy/FAIRLIGHT/vrs-dox.nfo | 156 + textfiles.com/piracy/FAIRLIGHT/willhnts.nfo | 184 + textfiles.com/piracy/FAIRLIGHT/word-dox.nfo | 76 + textfiles.com/piracy/FAIRLIGHT/wordtris.nfo | 110 + textfiles.com/piracy/HUMBLE.1 | 138 + textfiles.com/piracy/HUMBLE/.windex.html | 138 + textfiles.com/piracy/HUMBLE/aces.nfo | 59 + textfiles.com/piracy/HUMBLE/alley.nfo | 88 + textfiles.com/piracy/HUMBLE/arachna.nfo | 91 + textfiles.com/piracy/HUMBLE/arborea.nfo | 83 + textfiles.com/piracy/HUMBLE/atf.nfo | 130 + textfiles.com/piracy/HUMBLE/atf2.nfo | 55 + textfiles.com/piracy/HUMBLE/bards3.nfo | 85 + textfiles.com/piracy/HUMBLE/batman.nfo | 137 + textfiles.com/piracy/HUMBLE/batman2.nfo | 61 + textfiles.com/piracy/HUMBLE/bchess2.nfo | 56 + textfiles.com/piracy/HUMBLE/beasty.nfo | 67 + textfiles.com/piracy/HUMBLE/benc.nfo | 90 + textfiles.com/piracy/HUMBLE/billy.nfo | 91 + textfiles.com/piracy/HUMBLE/blades.nfo | 64 + textfiles.com/piracy/HUMBLE/bladewar.nfo | 77 + textfiles.com/piracy/HUMBLE/blitz.nfo | 55 + textfiles.com/piracy/HUMBLE/blow.nfo | 103 + textfiles.com/piracy/HUMBLE/bodyblow.nfo | 125 + textfiles.com/piracy/HUMBLE/btechii.nfo | 56 + textfiles.com/piracy/HUMBLE/bubble.nfo | 20 + textfiles.com/piracy/HUMBLE/califor2.nfo | 75 + textfiles.com/piracy/HUMBLE/ceasar.nfo | 52 + textfiles.com/piracy/HUMBLE/checkit.nfo | 113 + textfiles.com/piracy/HUMBLE/combat.nfo | 95 + textfiles.com/piracy/HUMBLE/commanch.nfo | 126 + textfiles.com/piracy/HUMBLE/continum.nfo | 84 + textfiles.com/piracy/HUMBLE/covert.nfo | 80 + 286 files changed, 79530 insertions(+) create mode 100644 textfiles.com/piracy/APPLICATIONS/generic.app create mode 100644 textfiles.com/piracy/APPLICATIONS/info.beg create mode 100644 textfiles.com/piracy/APPLICATIONS/kortapp.nfo create mode 100644 textfiles.com/piracy/APPLICATIONS/modreq.txt create mode 100644 textfiles.com/piracy/APPLICATIONS/mrgcour.app create mode 100644 textfiles.com/piracy/APPLICATIONS/mrgsite.app create mode 100644 textfiles.com/piracy/APPLICATIONS/mrgwrit.app create mode 100644 textfiles.com/piracy/APPLICATIONS/paw.app create mode 100644 textfiles.com/piracy/APPLICATIONS/planet.app create mode 100644 textfiles.com/piracy/APPLICATIONS/reviewer.app create mode 100644 textfiles.com/piracy/APPLICATIONS/rodapp.txt create mode 100644 textfiles.com/piracy/APPLICATIONS/rotbapp.txt create mode 100644 textfiles.com/piracy/APPLICATIONS/rotuapp.txt create mode 100644 textfiles.com/piracy/APPLICATIONS/site.rul create mode 100644 textfiles.com/piracy/APPLICATIONS/siteappt.txt create mode 100644 textfiles.com/piracy/APPLICATIONS/slaveapp.txt create mode 100644 textfiles.com/piracy/APPLICATIONS/tasd.app create mode 100644 textfiles.com/piracy/APPLICATIONS/usacour.app create mode 100644 textfiles.com/piracy/APPLICATIONS/wizapp.txt create mode 100644 textfiles.com/piracy/COURIERS.1 create mode 100644 textfiles.com/piracy/COURIERS/.windex.html create mode 100644 textfiles.com/piracy/COURIERS/9kc0195.nfo create mode 100644 textfiles.com/piracy/COURIERS/9kc0594.nfo create mode 100644 textfiles.com/piracy/COURIERS/9kc1094.nfo create mode 100644 textfiles.com/piracy/COURIERS/9kc1294.nfo create mode 100644 textfiles.com/piracy/COURIERS/alpha.txt create mode 100644 textfiles.com/piracy/COURIERS/ambition.nfo create mode 100644 textfiles.com/piracy/COURIERS/cocaine.nfo create mode 100644 textfiles.com/piracy/COURIERS/cod.nfo create mode 100644 textfiles.com/piracy/COURIERS/courier.app create mode 100644 textfiles.com/piracy/COURIERS/devo0193.nfo create mode 100644 textfiles.com/piracy/COURIERS/devo0195.nfo create mode 100644 textfiles.com/piracy/COURIERS/devo0294.nfo create mode 100644 textfiles.com/piracy/COURIERS/devo0893.nfo create mode 100644 textfiles.com/piracy/COURIERS/fuck.it create mode 100644 textfiles.com/piracy/COURIERS/htc-rel.nfo create mode 100644 textfiles.com/piracy/COURIERS/htc1095.nfo create mode 100644 textfiles.com/piracy/COURIERS/iit'94.nfo create mode 100644 textfiles.com/piracy/COURIERS/inc604.txt create mode 100644 textfiles.com/piracy/COURIERS/menace.asc create mode 100644 textfiles.com/piracy/COURIERS/risc'is create mode 100644 textfiles.com/piracy/COURIERS/risc0295.nfo create mode 100644 textfiles.com/piracy/COURIERS/risc0296.nfo create mode 100644 textfiles.com/piracy/COURIERS/risc0394.nfo create mode 100644 textfiles.com/piracy/COURIERS/risc0595.nfo create mode 100644 textfiles.com/piracy/COURIERS/risc0795.nfo create mode 100644 textfiles.com/piracy/COURIERS/risc0996.nfo create mode 100644 textfiles.com/piracy/COURIERS/risc1.nfo create mode 100644 textfiles.com/piracy/COURIERS/risc1293.nfo create mode 100644 textfiles.com/piracy/COURIERS/risc94.nfo create mode 100644 textfiles.com/piracy/COURIERS/rsc0595.nfo create mode 100644 textfiles.com/piracy/COURIERS/stealth.nfo create mode 100644 textfiles.com/piracy/COURIERS/t4d.nfo create mode 100644 textfiles.com/piracy/COURIERS/tca.nfo create mode 100644 textfiles.com/piracy/COURIERS/therapy.nfo create mode 100644 textfiles.com/piracy/COURIERS/uc.nfo create mode 100644 textfiles.com/piracy/COURIERS/uc1092.nfo create mode 100644 textfiles.com/piracy/COURIERS/uc1093.nfo create mode 100644 textfiles.com/piracy/COURIERS/uc1094.nfo create mode 100644 textfiles.com/piracy/COURIERS/wwc93.nfo create mode 100644 textfiles.com/piracy/CRACKING.1 create mode 100644 textfiles.com/piracy/CRACKING/.windex.html create mode 100644 textfiles.com/piracy/CRACKING/acrpatch.nfo create mode 100644 textfiles.com/piracy/CRACKING/act-13.txt create mode 100644 textfiles.com/piracy/CRACKING/act.txt create mode 100644 textfiles.com/piracy/CRACKING/asm_for_.txt create mode 100644 textfiles.com/piracy/CRACKING/asmtut.txt create mode 100644 textfiles.com/piracy/CRACKING/begcrck.txt create mode 100644 textfiles.com/piracy/CRACKING/budget.txt create mode 100644 textfiles.com/piracy/CRACKING/bytecatcher.txt create mode 100644 textfiles.com/piracy/CRACKING/c1.txt create mode 100644 textfiles.com/piracy/CRACKING/c101-90.000 create mode 100644 textfiles.com/piracy/CRACKING/c101-90.002 create mode 100644 textfiles.com/piracy/CRACKING/c101-90.003 create mode 100644 textfiles.com/piracy/CRACKING/c101-90.004 create mode 100644 textfiles.com/piracy/CRACKING/c2.txt create mode 100644 textfiles.com/piracy/CRACKING/c3.txt create mode 100644 textfiles.com/piracy/CRACKING/c4.txt create mode 100644 textfiles.com/piracy/CRACKING/c5.txt create mode 100644 textfiles.com/piracy/CRACKING/c6.txt create mode 100644 textfiles.com/piracy/CRACKING/c8a.txt create mode 100644 textfiles.com/piracy/CRACKING/c8b.txt create mode 100644 textfiles.com/piracy/CRACKING/caligo.nfo create mode 100644 textfiles.com/piracy/CRACKING/cbd-tut01.txt create mode 100644 textfiles.com/piracy/CRACKING/cbd-tut02.txt create mode 100644 textfiles.com/piracy/CRACKING/cbd-tut03.txt create mode 100644 textfiles.com/piracy/CRACKING/cbd-tut04.txt create mode 100644 textfiles.com/piracy/CRACKING/cbd-tut05.txt create mode 100644 textfiles.com/piracy/CRACKING/cbd-tut06.txt create mode 100644 textfiles.com/piracy/CRACKING/cdwizzard.txt create mode 100644 textfiles.com/piracy/CRACKING/ch2-doc create mode 100644 textfiles.com/piracy/CRACKING/check.txt create mode 100644 textfiles.com/piracy/CRACKING/copyprot.pro create mode 100644 textfiles.com/piracy/CRACKING/copyprot.txt create mode 100644 textfiles.com/piracy/CRACKING/crack-1.txt create mode 100644 textfiles.com/piracy/CRACKING/crack-2.txt create mode 100644 textfiles.com/piracy/CRACKING/crack.txt create mode 100644 textfiles.com/piracy/CRACKING/crack1 create mode 100644 textfiles.com/piracy/CRACKING/crack1.txt create mode 100644 textfiles.com/piracy/CRACKING/crack2.txt create mode 100644 textfiles.com/piracy/CRACKING/crack3.txt create mode 100644 textfiles.com/piracy/CRACKING/crackam2.txt create mode 100644 textfiles.com/piracy/CRACKING/crackist.hac create mode 100644 textfiles.com/piracy/CRACKING/cracklog.txt create mode 100644 textfiles.com/piracy/CRACKING/crackman.txt create mode 100644 textfiles.com/piracy/CRACKING/crak1.txt create mode 100644 textfiles.com/piracy/CRACKING/crak2.txt create mode 100644 textfiles.com/piracy/CRACKING/crak4.txt create mode 100644 textfiles.com/piracy/CRACKING/crakhand.txt create mode 100644 textfiles.com/piracy/CRACKING/crkibms2.hac create mode 100644 textfiles.com/piracy/CRACKING/crkibmsw.hac create mode 100644 textfiles.com/piracy/CRACKING/diswin.txt create mode 100644 textfiles.com/piracy/CRACKING/diswin2.txt create mode 100644 textfiles.com/piracy/CRACKING/drlan.txt create mode 100644 textfiles.com/piracy/CRACKING/dumpexe.txt create mode 100644 textfiles.com/piracy/CRACKING/exact-in.txt create mode 100644 textfiles.com/piracy/CRACKING/firstwin.txt create mode 100644 textfiles.com/piracy/CRACKING/hotchil2.txt create mode 100644 textfiles.com/piracy/CRACKING/howto1.txt create mode 100644 textfiles.com/piracy/CRACKING/howto2.txt create mode 100644 textfiles.com/piracy/CRACKING/howto3a.txt create mode 100644 textfiles.com/piracy/CRACKING/howto3b.txt create mode 100644 textfiles.com/piracy/CRACKING/howto5.txt create mode 100644 textfiles.com/piracy/CRACKING/howto6.txt create mode 100644 textfiles.com/piracy/CRACKING/howto8a.txt create mode 100644 textfiles.com/piracy/CRACKING/howto8b.txt create mode 100644 textfiles.com/piracy/CRACKING/howto9a.txt create mode 100644 textfiles.com/piracy/CRACKING/howtoa.txt create mode 100644 textfiles.com/piracy/CRACKING/howtoca.txt create mode 100644 textfiles.com/piracy/CRACKING/howtocb.txt create mode 100644 textfiles.com/piracy/CRACKING/howtocp2 create mode 100644 textfiles.com/piracy/CRACKING/howtocrk.txt create mode 100644 textfiles.com/piracy/CRACKING/htc.txt create mode 100644 textfiles.com/piracy/CRACKING/hwoodtut.txt create mode 100644 textfiles.com/piracy/CRACKING/krakerscorner.txt create mode 100644 textfiles.com/piracy/CRACKING/krakman.txt create mode 100644 textfiles.com/piracy/CRACKING/lomt-tsr.txt create mode 100644 textfiles.com/piracy/CRACKING/max1.crk create mode 100644 textfiles.com/piracy/CRACKING/methods.txt create mode 100644 textfiles.com/piracy/CRACKING/mex-c4n.nfo create mode 100644 textfiles.com/piracy/CRACKING/mhpcnws1.txt create mode 100644 textfiles.com/piracy/CRACKING/mhpcnws2.txt create mode 100644 textfiles.com/piracy/CRACKING/mhpcnws5.txt create mode 100644 textfiles.com/piracy/CRACKING/nags.txt create mode 100644 textfiles.com/piracy/CRACKING/od-crk1.txt create mode 100644 textfiles.com/piracy/CRACKING/owl-ice.txt create mode 100644 textfiles.com/piracy/CRACKING/pp2t-t&l.txt create mode 100644 textfiles.com/piracy/CRACKING/psp.nfo create mode 100644 textfiles.com/piracy/CRACKING/razzia.nfo create mode 100644 textfiles.com/piracy/CRACKING/romeod4c.txt create mode 100644 textfiles.com/piracy/CRACKING/scanf.dox create mode 100644 textfiles.com/piracy/CRACKING/shareman.txt create mode 100644 textfiles.com/piracy/CRACKING/sice3.qrf create mode 100644 textfiles.com/piracy/CRACKING/sigma-4f.nfo create mode 100644 textfiles.com/piracy/CRACKING/t!tutor.txt create mode 100644 textfiles.com/piracy/CRACKING/timetrial.txt create mode 100644 textfiles.com/piracy/CRACKING/tsrcrack.txt create mode 100644 textfiles.com/piracy/CRACKING/tt-unt.txt create mode 100644 textfiles.com/piracy/CRACKING/unp.txt create mode 100644 textfiles.com/piracy/CRACKING/vbtutori.txt create mode 100644 textfiles.com/piracy/CRACKING/wincrack.txt create mode 100644 textfiles.com/piracy/DREAMTEAM.1 create mode 100644 textfiles.com/piracy/DREAMTEAM/.windex.html create mode 100644 textfiles.com/piracy/DREAMTEAM/armor.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/bloodnet.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/bwing.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/candd.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/crack.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/dinotrn.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/dr3.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/dream.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/dream12.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/dream2.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/dream7.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/dream9.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/euros.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/fireice.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/goblins3.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/golf.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/harrier.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/kohan.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/laura.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/lost.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/msfs5.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/pinball.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/premiere.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/riders.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/samurai.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/sextris.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/simphson.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/spectre.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/sq5.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt0192.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt0195.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt0292.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt0491.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt0592.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt0593.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt0792.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt0793.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt0895.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt089~1.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt0993.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt1092.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt1192.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt1291.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt1292.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdt1293.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tdtrain.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/term2029.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/tony3.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/triviap.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/trodd.nfo create mode 100644 textfiles.com/piracy/DREAMTEAM/zack.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT.1 create mode 100644 textfiles.com/piracy/FAIRLIGHT/.windex.html create mode 100644 textfiles.com/piracy/FAIRLIGHT/big22.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/elitetrn.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/eob2edit.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/flash100.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/flt.nf1 create mode 100644 textfiles.com/piracy/FAIRLIGHT/flt.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/flt0592.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/flt059~1.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/flt1.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/flt1092.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/flt1093.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/flt1291.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/flt3.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/flt4.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/flt5.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/fltpc.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/global.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/gnb.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/goblins.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/hoy3vga.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/hunt.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/infernal.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/luigi.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/mael.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/obitus.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/obitusdx.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/pq3-dox.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/pq3hints.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/shadow.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/shadow2.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/siege.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/simparc.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/steel.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/steel2.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/trn.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/vegas.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/vegas2.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/vrs-dox.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/willhnts.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/word-dox.nfo create mode 100644 textfiles.com/piracy/FAIRLIGHT/wordtris.nfo create mode 100644 textfiles.com/piracy/HUMBLE.1 create mode 100644 textfiles.com/piracy/HUMBLE/.windex.html create mode 100644 textfiles.com/piracy/HUMBLE/aces.nfo create mode 100644 textfiles.com/piracy/HUMBLE/alley.nfo create mode 100644 textfiles.com/piracy/HUMBLE/arachna.nfo create mode 100644 textfiles.com/piracy/HUMBLE/arborea.nfo create mode 100644 textfiles.com/piracy/HUMBLE/atf.nfo create mode 100644 textfiles.com/piracy/HUMBLE/atf2.nfo create mode 100644 textfiles.com/piracy/HUMBLE/bards3.nfo create mode 100644 textfiles.com/piracy/HUMBLE/batman.nfo create mode 100644 textfiles.com/piracy/HUMBLE/batman2.nfo create mode 100644 textfiles.com/piracy/HUMBLE/bchess2.nfo create mode 100644 textfiles.com/piracy/HUMBLE/beasty.nfo create mode 100644 textfiles.com/piracy/HUMBLE/benc.nfo create mode 100644 textfiles.com/piracy/HUMBLE/billy.nfo create mode 100644 textfiles.com/piracy/HUMBLE/blades.nfo create mode 100644 textfiles.com/piracy/HUMBLE/bladewar.nfo create mode 100644 textfiles.com/piracy/HUMBLE/blitz.nfo create mode 100644 textfiles.com/piracy/HUMBLE/blow.nfo create mode 100644 textfiles.com/piracy/HUMBLE/bodyblow.nfo create mode 100644 textfiles.com/piracy/HUMBLE/btechii.nfo create mode 100644 textfiles.com/piracy/HUMBLE/bubble.nfo create mode 100644 textfiles.com/piracy/HUMBLE/califor2.nfo create mode 100644 textfiles.com/piracy/HUMBLE/ceasar.nfo create mode 100644 textfiles.com/piracy/HUMBLE/checkit.nfo create mode 100644 textfiles.com/piracy/HUMBLE/combat.nfo create mode 100644 textfiles.com/piracy/HUMBLE/commanch.nfo create mode 100644 textfiles.com/piracy/HUMBLE/continum.nfo create mode 100644 textfiles.com/piracy/HUMBLE/covert.nfo diff --git a/textfiles.com/piracy/APPLICATIONS/generic.app b/textfiles.com/piracy/APPLICATIONS/generic.app new file mode 100644 index 00000000..1e261c93 --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/generic.app @@ -0,0 +1,61 @@ + Pirates Analyze Warez (PAW) Reviewer Application + +To apply, fill out the required information below and attach a review of +any new warez (preferably using the style of those already in the mag). +Upload this application to the Apocalyptic Teacup BBS at (416) 527-8852. +Other input (ie - new ideas, other articles, art, whatever) can also be +submitted. References are required for permanent BBS membership. + +We are also taking applications for formal distribution sites. Again, +fill out the below application and submit it to A. T. B. with a brief +note detailing what you have to offer instead of a review. Call back +in approximately 24-48 hours for additional information. + +Finally, we are in need of dedicated couriers both to distribute the +magazine and to assist in obtaining the warez in the first place. Again, +interested parties should fill out this application. +__________________________________________________________________________ + +POSITION APPLIED FOR: [_] Reviewer [_] Site + [_] Courier [_] Other ________ + +PERSONAL INFORMATION: + + Alias: ________________________________ + Real Name: ________________________________ + Group Affiliations: ________________________________ + ________________________________ + City, Province: ________________________, ______ + Voice Phone #: (___) ___-____ + Data Phone #: (___) ___-____ + + Source of Warez: ________________________________ + ________________________________ + + Game Types Preferred: 1. _____________________________ + (if reviewer app) 2. _____________________________ + 3. _____________________________ + + References: ________________________________ + ________________________________ + ________________________________ + ________________________________ + + +BBSING INFORMATION: + + Board Name (if any): ________________________________ + Board Number (if any): (___) ___-____ + Board Affiliations: ________________________________ + ________________________________ + Modem Type: ________________________________ + Computer Type: ________________________________ + Meggage: ________________________________ + Software/Mailer: ________________________________ + ________________________________ + + Years BBSing: ________________________________ + + +Attach Sample Review or BBS Information Below +-------------------------------------------------------------------------- diff --git a/textfiles.com/piracy/APPLICATIONS/info.beg b/textfiles.com/piracy/APPLICATIONS/info.beg new file mode 100644 index 00000000..6750051c --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/info.beg @@ -0,0 +1,421 @@ + + <<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>> + <> <> + <> [< ACiD ALLiANCE >] <> + <> <> + <> MOTTO: BEiNG ELiTE SUXS <> + <> <> + <<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>> + + PHiLE: iNFO BEG FORM + + + Ok, so you decided to download the iNFO BEG FORM. Here are the rules of +filling out this form. YOU MUST LEAVE THiS FORM iN THE CONDiTiON iT WAS iN, +the only editing i will except are when you fill in the blanks, if you change, +or upload something else then please delete this phile from your directory +now. YOU MUST ANSWER ALL QUESTiONS TRUTHFULLY OR TO THE BEST OF YOUR +KNOWLEDGE, that's all i ask for. Now here's how you'll get validated(maybe), +we will take you information into account, if all the information is complete +and truthful and correct, you have a pretty good chance. Then i, $ector Not +Found, and White Fang will discuss the possiblity of validating you. + +Off Hand here are the Access Levels of the ACiD ALLiANCE. + + -=ACCESS LEVELS=- + - PREZ - PRESiDENT - + - PHRiER - PREFERED MEMBER - + - SNARF - NORMAL MEMBER - + - LEECH - NEW MEMBER - + + +if you get validated you will recieve LEECH status, at this status you will +have some access to stuff. in order to gain SNARF status, you must prove +yourself to us, by suppling us with with information that is useful to the +rest of us. Such as Text Philes you write, Text Philes you obtain, info on +Ma Bell, any programming ability you have and other of such nature. To become +a prefered user, you must provide us with an outstanding participation toward +the ACiD ALLiANCE. ok this intro is long enuf already. + + Oh yea, one more thing, all information that you release to us will be + Keep confidental from all users except users with PHRiER Status. + ++------------------------------------------------------------------------+ + +1/27/91 + +[< ACiD ALLiANCE >] + iNFO FORM: + + + 1. WHAT iS YOUR HANDLE YOU GO BY MOST + + 2. WHAT iS YOUR REAL NAME (FULL), ADDRESS, STATE, ZiP, VOiCE NUMBER + + + + + + + + 3. WHAT'S YOUR BiRTHDATE 00/00/00 + + + 4. WHAT KiND OF COMPUTER DO YOU OWN + + + 5. WHAT COMPUTERS DO YOU HAVE EXPERiENCE WiTH + + + + 6. DO YOU PROGRAM, AND iF YES, iN WHAT LANGUAGES DO YOU PROGRAM iN + + + + + 7. AND iF YOU PROGRAM, WHAT ARE SOME OF THE PROGRAMS THAT YOU HAVE WRiTTEN + + + + 8. ARE YOU AFFiLATED WiTH ANY LAW ENFORCEMENT AGENCiES, SOFTWARE COMPANiES, + TELEFONE COMPANiES. + + + 9. DO YOU PHREAK, iF YES THEN WHAT DO YOU PHREAK WiTH + + + + 10. DO YOU HACK, WHAT SiSTEMS DO YOU HACK ON + + + + + 11. ARE YOU WiLLiNG TO SHARE iNFORMATiON YOU LEARNED WiTH THE OTHER MEMBERS + + + 12. ARE YOU A LEECH + + + + 13. ARE YOU ELiTE + + + + 14. WHAT DO YOU THiNK OF WAREZ + + + + + 15. DO YOU RUN A BOARD, iF YES PUT YOUR BOARD # DOWN HERE AND NUP. + + + + 16. iF YOU RUN A BOARD, DO YOU WiSH TO HELP DiSTRiBUTE OUT MATERiAL + + + + + 17. ARE YOU iN ANY OTHER GROUPS(Phela, Phrack, NARC, CHiNA) + + + + 18. ARE YOU WiLLiNG TO CONTRiBUTE TO THE GROUP + + + + 19. DO YOU HAVE ANY ARTiSTiC ABiLiTiES + + + 20. NAME SOME THiNGS THAT YOU DO ON YOUR COMPUTER(iF YOU BEAT YERSELF WHiLE + WATCHiNG ANiMATED GiF'S THEN GO TALK TO THG) + + + + + + 21. HAVE PHREAK/HACK MAGS DO YOU READ + + + + 23. NAME SOME TEXT PHiLES YOU HAVE WRiTTEN + + + + + 24. HOW CAN YOU BENiFiT US + + + + + + + + 25. NAME AT LEAST 10 PHRACK BOARDZ THAT YOU ARE ON + + + + + + + + + + + 26. NAME AT LEAST 10 OTHER PHREAKERS, CRACKERS, HACKERS THAT YOU KNOW + + + + + + + + + 27. DO YOU CRASH BOARDZ + + + + + 28. DO YOU CARD + + + + 29. DO YOU HAVE ELECTRONiC ABiLiTY + + + + + + 30. DO YOU PROGRAM ViRii, iF YES WiLL YOU UPLOAD YOUR SOURCE TO US AND NAME + A FEW THAT YOU HAVE WRiTTEN. + + + + + + + 31. DO YOU HAVE A VMB, iF YES PUT iT DOWN HERE + + + + + 32. NOW PUT DOWN ANYTHiNG ELSE THAT i MiGHT OF MiSSED THAT CAN HELP YOU + OBTAiN MEMBERSHiP. + + + + + + + + + + + + + +-========================================- + +OK NOW FOR THE VOCABULARY QUiZ(AND YOU THOUGHT THiS iS PHOR ONLY ENGLiSH) + + + DEFiNE THE FOLLOWiNG: + + 1. CHiNA + + 2. NARC + + 3. PHRACK + + 4. PHREAK + + 5. PHREAKiNG + + 6. HACKiNG + + 7. HACKER + + 8. ELiTE + + 9. ESS + + 10. CNA + + 11. BLUE BOX + + 12. BLACK BOX + + 13. SiLVER BOX + + 14. RED BOXiNG + + 15. GREEN BOXiNG + + 16. CAPTAiN CRUNCH + + 17. 2600 MAG + + 18. 2600 HZ + + 19. MF TONES + + 20. TROJAN + + 21. ViRii + + 22. ANSi BOMB + + 23. VMB + + 24. VMS + + 25. UNiX + + 26. LoD + + 27. CODE THiEF + + 28. TiMNET + + 29. TELENET + + 30. CARDiNG + + 31. CARDER + + 32. LEECH + + 33. LOOP + + 34. PBX + + 35. 950 + + 36. WHAT iS THE PURPOSE OF PHREAKiNG TO YOU + + 37. THG + + 38. iNC + + 39. PE + + 40. BRiDGE + + 41. NUA + + 42. NUi + + 43. OD + + 44. GOD + + 46. CiS + + 47. VAX + + 48. HP 3000 + + 49. HP 2000 + + 50. BOUNCE SiSTEM + + 51. TRW + + 52. CBi + + 53. NUP + + 54. MSC + + 55. WAT + + 56. SWEEP + + 57. EXTENDER + + 58. CODE + + 59. TRUNK + + 60. WHiTE BOX + + 61. YELLOW BOX + + 62. SCARLET BOX + + 63. BUD BOX + + 64. LUNCH BOX + + 65. LUTZiFER + + 66. QSD + + 67. PAD + + 68. PSN + + 69. CHEESE BOX + + 70. BREWER ASSOCiATES + + 71. EASiEST WAY TO CRASH TELEGAURD 2.5i + + + + 72. EASiEST WAY TO CARSH WWiV 4.10 - 4.12 + + + 73. AFTERSHOCK + + 74. ANi + + 75. COSMO + + 76. CYBER SYSTEM + + 77. ACD + + 78. CAMA + + 79. CCiS + + 80. FAST BUSY + + 81. CO + + 82. ETS + + 83. NPA + + 84. SF + + 85. KP + + 86. CLEAR BOX + + 87. BEiGE BOX + + 88. PURPLE BOX + + OK THAT'S ENUF DEFiNiTiONS GOT LOTS MORE BUT iF YOU KNOW THiS MUCH MAYBE YOU + MiGHT MAKE iT. EH? + + + WELL GUYS HERE YOU HAVE COMPLETED THiS iNFO BEG FORM. NOW UPLOAD THiS BACK + TO THE WOLF'S DEN AT 602-241-1898 AND WE'LL GET TO YOU AS SOON AS POSSiBLE JUST KEEP CALLiNG. + + + ]>amaged $ectorz + + +-=EOF=- + + + + + + + + + + \ No newline at end of file diff --git a/textfiles.com/piracy/APPLICATIONS/kortapp.nfo b/textfiles.com/piracy/APPLICATIONS/kortapp.nfo new file mode 100644 index 00000000..0a046739 --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/kortapp.nfo @@ -0,0 +1,102 @@ + ܱ + ܱ ܰ ߰߰ ߰߰ + ۲۰ ܰ ߲ ߲ + ޱ ް ޱ ޱ + ܱ ޲ ߱ + ۲޲ ۲ ۲ + ۲ + + + K N I G H T S O F T H E R O U N D T A B L E + + /\pplication Form + + + User Handle...................| + Real First and Last name......| + Adress........................| + Zipcode.......................| + Country.......................| + Home/Voice Number.............| + Group Affiliations............| + Modem Type and Max. Baud Rate.| + Age...........................| + Sex...........................| + + Where are you applying for? + + Courier [ ] Memberboard [ ] Dist. Board [ ] + Cracker [ ] Supplier [ ] + + Board References + ---------------- + + Board 1.......................| + Board 2.......................| + Board 3.......................| + Board 4.......................| + Board 5.......................| + + User References + --------------- + + User 1........................| + User 2........................| + User 3........................| + User 4........................| + User 5........................| + + Sysop References + --------------- + + Sysop 1.......................| + Sysop 2.......................| + Sysop 3.......................| + Sysop 4.......................| + Sysop 5.......................| + + Do you have any contact with Software Companies..........[Y/N] + Do you have any contact with Telecommunicaton Companies..[Y/N] + + Any comments to the Staff before we call you voice and discuss + your application..............................................| + + + + + + + + + + Upload this application with your own NAME.APP Private to + The Gravestone + [CHQ] or to Bedlam [WHQ/313-699-2718]. + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/textfiles.com/piracy/APPLICATIONS/modreq.txt b/textfiles.com/piracy/APPLICATIONS/modreq.txt new file mode 100644 index 00000000..73b32bec --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/modreq.txt @@ -0,0 +1,58 @@ +R + + +[ 6/ 6]: Here is the [MoD] application...fill it out... +From : Spider Man #1 @2110 [Fair Lawn, NJ] +Date : Saturday, July 13, 1991 at 2:28 pm +Origin: The Spider Web [201-797-3166] + [Newark, New Jersey] +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Ŀ + + + REGISTRATION FORM + + + [MoD] is an acronym for Modders on Drugs, a modding group formed by Spider + Man. [MoD] membership allows you to use the [MoD] acronym after your name + or your BBS name. Also, there are two mod subs which your board will have + access to through the net (If you are not a sysop, there will be an + arrangement on a [MoD] board to give you access to these two subs. + These subs are "Sub on Drugs" which is the discussion sub, and + "[MoD] Official Releases" where all [MoD] mods are released. + + This is not a way to get an acronym after your name, and if that is all you + want, then [MoD] is not for you. This is a modders group, which means you + must be able to mod WWIV and be able to write your own mods. + Once we have reached 10 members, [MoD] will require an applicant to write + at least one of their own mods to join. + + In order to get into [MoD] you must either extract or somehow capture this + message (If you can't please ask a [MoD] member to put it up and download it) + and fill out the below. Then send the filled out message to one of the [MoD] + members and they will put it up for voting purposes. If you have any reason + to believe the person who you sent the message to will not post it, then + please send me a copy at 1@2110 + +[ Fill out the Bottom Part +] + +What is your BBS handle and number : +What is your real name : +What is your address : +What is your age : +What version WWIV are you running : +Which version of Turbo C do you use : +Describe your modding abilites in the space below.... + +1] +2] +3] +4] +5] +6] +7] +8] +9] + +Electronic Mail (?=Help): \ No newline at end of file diff --git a/textfiles.com/piracy/APPLICATIONS/mrgcour.app b/textfiles.com/piracy/APPLICATIONS/mrgcour.app new file mode 100644 index 00000000..dced581b --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/mrgcour.app @@ -0,0 +1,121 @@ + Ŀ + ij + ij + ڳĿĿĿڿڿĿ + ijڿĿ + ijٳٳ + + ij['93] + ij + + Courier Application + + + + Introduction: + + + Morgue is a textfile writing group dedicated to free speech, and the + support of everything that is illegal. We're basically out to Fuck the + system. Discussion of hacking, phreaking, carding, and virii is typical. + We are always looking for new writers, and new ideas. For site applications, + please fill out the enclosed file MRGSITE.APP and upload it to one of the + boards at the end of this file. + + + Before applying to be a courier, ask yourself these questions: + + 1. Will I be able to call one of the morgue sites every other day? + 2. Will I upload the MoRGUE files to all applicable systems I am on? + 3. Will I courier large files as well as Tfiles? (up to 1m) + + if you answered no to any of the above, forget it.. if not, carry on. + + + Part I. + + +Handle..............................: +Other Aliases.......................: +Legal FULL name.....................: +HOME Phone Number...................: +DATA Number.........................: +Birthdate (MM/DD/YR)................: +Age.................................: +Race................................: +State/City..........................: +Are you a legal U.S. CITIZEN........: +Marital Status......................: +Where are You Currently Employed....: + + + Part II. + + +Modem Brand/Speed...: +Hard Drive Capacity.: + + Part III. + + +Couriering Experience.: + .: + .: + +Current Group Status..: + .: + .: + +Times/Days You can Courier.: + + + + + Comments: + + + + + + Why should we accept this Application and give you status? + + + + + + Take this completed Application and upload it to one of the following boards +renamed to COURIER.APP, with the description "'s Application" + + Morgue Distribution Sites + + + Board Number Modem Status SysOp + + Ionic Destruction 215.722.4534 16.8k DUAL World HQ Phatal Error + The Eastern Alliance 717.BAK.JUNE 16.8k HST! Distro 1 Acidic Nature + Villa StrayLight 215.BAK.SOON 14.4k DUAL Distro 2 Anonymous Caller + Chromatic Death 215.755.9051 16.8k DUAL Distro 3 Emanon + Underworld Legacy 717.566.5750 14.4k v32b Distro 4 Corruptor + + + Morgue Member List + + Senior Members + + Phatal Error - President Acidic Nature - Vice President + Anonymous Caller - Vice President + + + Writers/Staff + + Phatal Error, Acidic Nature, Anonymous Caller, Social Distortion + ASCII Express, MalHavoc + Manifest Destiny + + Couriers + + Social Distortion - Head Courier + + + + \ No newline at end of file diff --git a/textfiles.com/piracy/APPLICATIONS/mrgsite.app b/textfiles.com/piracy/APPLICATIONS/mrgsite.app new file mode 100644 index 00000000..125a4dfb --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/mrgsite.app @@ -0,0 +1,112 @@ + Ŀ + ij + ij + ڳĿĿĿڿڿĿ + ijڿĿ + ijٳٳ + + ij['93] + ij + + Distro Site Application + + + + Introduction: + + + Morgue is a textfile writing group dedicated to free speech, and the + support of everything that is illegal. We're basically out to Fuck the + system. Discussion of hacking, phreaking, carding, and virii is typical. + We are always looking for new writers, and new ideas. + + + Part I. + + +AREA CODE: [xxx] + +Handle..............................: +Other Aliases.......................: +Legal FULL name.....................: +HOME Phone Number...................: +DATA Number.........................: +Birthdate (MM/DD/YR)................: +Age.................................: +State/City..........................: + + Part II. + +Computer Speed/CPU.....: +OS Type and Version....: +Years of Computer Exp..: +Years of Modeming Exp..: + + + Part III. + + +BBS Software......: +Operation Hours...: +Nodes.............: +Megs ONLINE!......: +Modem Type/Speed..: +Number of Users...: + + +Does your board have H/P File/Msg Bases? + +Does your system support virii/Trojans? + +Will you devote a message AND file area for MoRGUE? + +Will you poll NETMail from MoRGUE WHQ or another site, should +we develop it? + + + Comments: + + + + + + Why should we accept this Application and give you status? + + + + Take this completed Application and upload it to one of the following boards +renamed to DISTSITE.APP, with the description "'s Application" + + Morgue Distribution Sites + + + Board Number Modem Status SysOp + + Ionic Destruction 215.722.4534 16.8k DUAL World HQ Phatal Error + The Eastern Alliance 717.BAK.JUNE 16.8k HST! Distro 1 Acidic Nature + Villa StrayLight 215.BAK.SOON 14.4k DUAL Distro 2 Anonymous Caller + Chromatic Death 215.755.9051 16.8k DUAL Distro 3 Emanon + Underworld Legacy 717.566.5750 14.4k v32b Distro 4 Corruptor + + + Morgue Member List + + Senior Members + + Phatal Error - President Acidic Nature - Vice President + Anonymous Caller - Vice President + + + Writers/Staff + + Phatal Error, Acidic Nature, Anonymous Caller, Social Distortion + ASCII Express, MalHavoc + Manifest Destiny + + Couriers + + Social Distortion - Head Courier + + + + \ No newline at end of file diff --git a/textfiles.com/piracy/APPLICATIONS/mrgwrit.app b/textfiles.com/piracy/APPLICATIONS/mrgwrit.app new file mode 100644 index 00000000..91944b51 --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/mrgwrit.app @@ -0,0 +1,136 @@ + Ŀ + ij + ij + ڳĿĿĿڿڿĿ + ijڿĿ + ijٳٳ + + ij['93] + ij + + TextWriters Application + + + + Introduction: + + + Morgue is a textfile writing group dedicated to free speech, and the + support of everything that is illegal. We're basically out to Fuck the + system. Discussion of hacking, phreaking, carding, and virii is typical. + We are always looking for new writers, and new ideas. For site applications, + please fill out the enclosed file MRGSITE.APP and upload it to one of the + boards at the end of this file. + + + + Part I. + + +Handle..............................: +Other Aliases.......................: +Legal FULL name.....................: +HOME Phone Number...................: +DATA Number.........................: +Birthdate (MM/DD/YR)................: +Age.................................: +Race................................: +State/City..........................: +Are you a legal U.S. CITIZEN........: +Marital Status......................: +Where are You Currently Employed....: + + Part II. + +Computer Speed/CPU.....: +Modem Type/Brand/Speed.: +Fixed Disk Capacity....: +OS Type and Version....: +Years of Computer Exp..: +Years of Modeming Exp..: +Current Text Editor....: + + Part III. + +# of Languages you can Program in........: +List All Languages you are adequate in...: + 1. + 2. + 3. + 4. + 5. +What have you written?...................: +Can you code Graphics/Music?.............: +Are you interested in ANSi Artist Status?: +Are you interested in VGA Artist Status?.: + + Part IV. + +Do you write Virii?......................: +Do you write Trojans/Bombs?..............: +Do you own any Electro-Boxes?............: +Do you use them?.........................: +What is a PBX?...........................: + +What is a Diverter?......................: + +What is an Extender?.....................: + +What does a Beige box do?................: + +What does a Blue box do?.................: + +What does a Red box do?..................: + +What is a VMB?...........................: + +Do you hack VMBs?........................: +What have you ever hacked?...............: + + + Comments: + + + + + + Why should we accept this Application and give you status? + + + + Take this completed Application and upload it to one of the following boards +renamed to WRITER.APP, with the description "'s Application" + + Morgue Distribution Sites + + + Board Number Modem Status SysOp + + Ionic Destruction 215.722.4534 16.8k DUAL World HQ Phatal Error + The Eastern Alliance 717.BAK.JUNE 16.8k HST! Distro 1 Acidic Nature + Villa StrayLight 215.BAK.SOON 14.4k DUAL Distro 2 Anonymous Caller + Chromatic Death 215.755.9051 16.8k DUAL Distro 3 Emanon + Underworld Legacy 717.566.5750 14.4k v32b Distro 4 Corruptor + + + Morgue Member List + + Senior Members + + Phatal Error - President Acidic Nature - Vice President + Anonymous Caller - Vice President + + + Writers/Staff + + Phatal Error, Acidic Nature, Anonymous Caller, Social Distortion + ASCII Express, MalHavoc + Manifest Destiny + + Couriers + + Social Distortion - Head Courier + + + + \ No newline at end of file diff --git a/textfiles.com/piracy/APPLICATIONS/paw.app b/textfiles.com/piracy/APPLICATIONS/paw.app new file mode 100644 index 00000000..9dc86dd9 --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/paw.app @@ -0,0 +1,54 @@ + Pirates Analyze Warez (PAW) Generic Application + +Now on to our fifth issue, PAW continues to grow and, as always, more +staff will always be welcome. Individuals with some degree of writing +skill may wish to apply as Reviewers, those with some bucks as couriers +and any SysOps as sites. To do all this (and much more), simply fill +out the application below and submit it to the Apocalyptic Teacup BBS or +any of our sites. + +__________________________________________________________________________ + +POSITION APPLIED FOR: [_] Reviewer [_] Site + [_] Courier [_] Other ________ + +PERSONAL INFORMATION: + + Alias: ________________________________ + Real Name: ________________________________ + Group Affiliations: ________________________________ + ________________________________ + City, Province: ________________________, ______ + Voice Phone #: (___) ___-____ + Data Phone #: (___) ___-____ + + Source of Warez: ________________________________ + ________________________________ + + Game Types Preferred: 1. _____________________________ + (if reviewer app) 2. _____________________________ + 3. _____________________________ + + References: ________________________________ + ________________________________ + ________________________________ + ________________________________ + + +BBSING INFORMATION: + + Board Name (if any): ________________________________ + Board Number (if any): (___) ___-____ + Board Affiliations: ________________________________ + ________________________________ + Modem Type: ________________________________ + Computer Type: ________________________________ + Meggage: ________________________________ + Software/Mailer: ________________________________ + ________________________________ + + Years BBSing: ________________________________ + + +Attach Sample Review or BBS Information Below +-------------------------------------------------------------------------- diff --git a/textfiles.com/piracy/APPLICATIONS/planet.app b/textfiles.com/piracy/APPLICATIONS/planet.app new file mode 100644 index 00000000..a34a9de0 --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/planet.app @@ -0,0 +1,78 @@ + Ŀ + Ŀ Ŀ + o ÿ Ĵ Ŀ + ٳ o + Ĵ o + + The 0fficial NetW3rk of The Phreaks 0f the Industry + +Personal Inf0 + +Real FULL Name: +Handle: +Age: +Home Phone: + +In 5 lines or less, briefly describe yourself, and interests. +1) +2) +3) +4) +5) + + +Bulletin Board Inf0 + +BBS Name: +BBS Phone: +Online Storage: +Specialties (ie. H/P, Warez etc.): + +In 5 lines or less, briefly describe the atmosphere of your board, +and the overall attitude of your users. +1) +2) +3) +4) +5) + + +Network Setup Inf0 + +BBS Software: +Mailer Software: +Modem type: +Modem Speed: + +The Zone Coordinator sends mail between 4 and 5 am, daily. +Is this okay with you?: + +If you are long distance, can you poll at least 3 times a week +between 3 and 4 am?: + +------------------------- + +That's it! rename this file to the first eight letters of your bbs name. +for example, Joe runs Joe's place BBS, so joe calls his .app file + +JOESPLAC.APP + +now zip it up, and name the zip file the same thing. + +Call 4o5.72o.1666 and login as the following: + +UserId: planet +Pass: planet +phone: 6565 + +if asked for Birthday, 01/01/01 + +you will be taken directly to a file base to which you may upload your +application. You can do NOTHING else, so don't waste your time if +you're not serious. + +Thanks for applying to PlaNet. We will contact you voice or data +within 48 hours of reciveing your application. + + -U, Zone Coordinator + POi/PlaNet diff --git a/textfiles.com/piracy/APPLICATIONS/reviewer.app b/textfiles.com/piracy/APPLICATIONS/reviewer.app new file mode 100644 index 00000000..8b5a087b --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/reviewer.app @@ -0,0 +1,68 @@ + Pirates Analyze Warez (PAW) Reviewer Application + +As a new magazine, we are in need of additional reviewers to add to our +current staff. Potential reviewers should have access to the newest warez +(or be willing to call long distance to get them from us), a fair amount +of spare time and a decent amount of writing skill. Group affiliation, +while not a necessity, would be an asset as we are looking for input from +a wide, non-partisan cross-section of the pirate world. + +To apply, fill out the required information below and attach a review of +any new warez (preferably using the style of those already in the mag). +Upload this application to the Apocalyptic Teacup BBS at (416) 527-8852. +Other input (ie - new ideas, other articles, art, whatever) can also be +submitted. References are required for permanent BBS membership. + +We are also taking applications for formal distribution sites. Again, +fill out the below application and submit it to A. T. B. with a brief +note detailing what you have to offer instead of a review. Call back +in approximately 24-48 hours for additional information. + +Finally, we are in need of dedicated couriers both to distribute the +magazine and to assist in obtaining the warez in the first place. Again, +interested parties should fill out this application. +__________________________________________________________________________ + +POSITION APPLIED FOR: [_] Reviewer [_] Site + [_] Courier [_] Other ________ + +PERSONAL INFORMATION: + + Alias: ________________________________ + Real Name: ________________________________ + Group Affiliations: ________________________________ + ________________________________ + City, Province: ________________________, ______ + Voice Phone #: (___) ___-____ + Data Phone #: (___) ___-____ + + Source of Warez: ________________________________ + ________________________________ + + Game Types Preferred: 1. _____________________________ + (if reviewer app) 2. _____________________________ + 3. _____________________________ + + References: ________________________________ + ________________________________ + ________________________________ + ________________________________ + + +BBSING INFORMATION: + + Board Name (if any): ________________________________ + Board Number (if any): (___) ___-____ + Board Affiliations: ________________________________ + ________________________________ + Modem Type: ________________________________ + Computer Type: ________________________________ + Meggage: ________________________________ + Software/Mailer: ________________________________ + ________________________________ + + Years BBSing: ________________________________ + + +Attach Sample Review or BBS Information Below +-------------------------------------------------------------------------- diff --git a/textfiles.com/piracy/APPLICATIONS/rodapp.txt b/textfiles.com/piracy/APPLICATIONS/rodapp.txt new file mode 100644 index 00000000..baf4cd88 --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/rodapp.txt @@ -0,0 +1,63 @@ + Riders of Death Application Form +/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ + +Please edit this form with your favorite editor program and upload it to +the RoD home site at 305-885-0409. If you dont have access there,.just +leave me a message saying that you have something to upload me, and that +you are applying for RoD. And just apply for access.. you will get access +as soon as i can get to my computer and validate you! + +Answer these questions truthfully and to the best of your knowledge. + +/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ + +What is the handle you want to use? +: +What is your *REAL* name +: +Do you have anything to do with the FBI, police, cia, or any government +agencies? +: +If yes, which one? +: +Are you into h/p/a? +: +What can you contribute to us that will benefit the RoD? +: +If you are into h/p, please give me an example of an x.25 packet system, +and list 1 company that serves the needs for x.25 packet communications. +: +: +What is your home phone number? (for verification purposes only) +: +We dont need to know your address, but it is better for our records. +please put it here if you want to. +: +Name some people that could vouch for you? +: +: +Please tell me what is a CBI, UNIX system, and Telenet. +: +: +: +What do you like doing in your spare time with your computer +: +what kind of computer do you have? +: +Do you know how to access a board through tymnet/telenet +: + +Okay, that's pretty much it. If you have any questions or comments, feel +free to leave me, Sarah Connor, a message on any of the following boards + +&TOTSE (510) +Rat Head Systems (510) +Reality Check (415) +L I E S U N L I M I T E D +Crunchy Frog (305) + +Untill Next time.. I'll be back! + +Sarah Connor and the rest here at RoD! + + \ No newline at end of file diff --git a/textfiles.com/piracy/APPLICATIONS/rotbapp.txt b/textfiles.com/piracy/APPLICATIONS/rotbapp.txt new file mode 100644 index 00000000..d9c7fa5f --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/rotbapp.txt @@ -0,0 +1,33 @@ + THE + [R o T] + Reign of Terror + SiTE Application Form +============================================================================== +City BBS Located In: +State/Province/Region BBS Located In: +Country BBS Located In: +BBS Name: BBS Number: +NUP/General Password(if needed): +Sysop's Handle: +CoSysop/Sponsor's handles: +Number of Nodes + Modem Types/Speeds: + + +BBS Affiliations: +BBS Mail Nets: +Number of Active Users: +Total Hard Drive Space: +BBS Specialty(eg: H/P, W, etc..): +Other stats(LD users, files online, etc..): +------------------------------------------------------------------------------ + Submit to: + [R o T] [R o T] + WHQ US HQ + 6 T DR The Cellar + [604] 824-0317 [401] PRI-VATE +------------------------------------------------------------------------------ +Your application will be reviewed by the RoT Senior Executives and a RoT +representative will be sent to review your BBS. You will be notified after +a vote of the result. If accepted, the site's status will be discussed (ie: +Dist. Site, Member Board, Regional HQ) + diff --git a/textfiles.com/piracy/APPLICATIONS/rotuapp.txt b/textfiles.com/piracy/APPLICATIONS/rotuapp.txt new file mode 100644 index 00000000..6e668134 --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/rotuapp.txt @@ -0,0 +1,53 @@ + THE + [ R o T ] + Reign of Terror + Member Application Form +============================================================================== + [ R o T ] is always looking for membership candidates in the following areas: +Hacking, Phreaking, Programming/Virii Production, ANSI artists, Crackers, +0 Day Suppliers, and Couriers(specify H/P, W, or Both). + If you think you have considerable skill/experience in any of these +categories and would like to join the RoT team, then fill this form out and +return it to one of the HQ's listed after the application form. +============================================================================== +Handle: First Name: +Voice #(NO VMB's): +3 BBS's where we can:1: +contact you, plus :2: +numbers :3: +Specify which form of contact(BBS/Voice) is preferable: +If BBS, inform the sysops of our possible arrival. +------------------------------------------------------------------------------ +Which position/positions are you applying for: +How long have you participated in that activity: +On a 1 to 10 scale how would you rate your skill in that activity: +What affiliations do you have currently: +What speed/type are your modem(s): +Are you now or have you ever been a member of or affiliated with any +goverment agency, software company, or telephone company?: +If Yes, you must now specify exactly how you were affiliated with the afore +mentioned: +------------------------------------------------------------------------------ +<<>> +<<>> +<<>> + + + + + + + + +============================================================================== + SUBMIT THIS TO: + 6 T DR The Cellar + [R o T] [R o T] + WHQ US HQ + [604] 824-0317 [401] PRI-VATE +============================================================================== +Your application will be reviewed, if you are deemed a suitable candidate +an RoT member will contact you in the afore specified manner and an interview +at our WHQ will be set up between you and a RoT Senior Executive. You will +be voted on and notified of the result. Thank you. + diff --git a/textfiles.com/piracy/APPLICATIONS/site.rul b/textfiles.com/piracy/APPLICATIONS/site.rul new file mode 100644 index 00000000..c4779012 --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/site.rul @@ -0,0 +1,83 @@ + + +To Become a MoRGUE Distribution Site, you must follow the following guides. + + + +HD Capacity: Hard drive space is not an option. We know not everyone can + afford a gigabyte HD with a 98mb caching EISA/VLB controller, + so there really is no emphasis on HD size. + +Modem Speed: We would prefer all sites to be high speed, but it is not a + prerequisite. We know that 24oo boards have alot to offer, + for example, most H/P boards are 24oo these days. Again, not + everyone can afford a v.fast 28.8k HST Dual. Having a 14.4k + v32bis, 14.4k HST/DUAL, or a 16.8k HST/DUAL would be great. + If you are 96oo+ your chances are good. + +Software: BBS Software may not sound like much to you, but we really + don't want any RBBS sites. If you run PD garbage software, + chances are, you won't get accepted. Renegade, Telegard, + Paragon, Revelation, RiP-X, ViSiON(-X), or any Forum hack + for that matter are acceptable. Don't expect to have a + Searchlight BBS Distro-ing for MoRGUE. + +Operation Hours: This is a biggie. If you don't run a 24/7 bbs, forget it. + I don't need a corny little 10pm-9am board with your parents + picking up every 5 minutes killing an Xfer. + + + + +User Base: We're looking for a board with good, quality users. No PD + shit users. A board with 40 users won't work. One with 140 + is alot more reasonable. + +Files: Boards with warez aren't always bad. We don't want ]<-Ra]) + \/\/arez ])00])s with 9000gig boards. A simple system with + new stuff is adequate. H/P boards really are a first choice + though. + A MoRGUE File area with NO-RATIO Downloads will be required. + +Messages: A MoRGUE Message Base will be a prerequisite. + +NETMail: A Board with HackNET, PhreakNET, ShitNET, etc will probably + get status before Tom's Diner BBS with 3 local bases. In the + future, there may be a MoRGUE Related NET. All sites will be + REQUIRED to poll it from the nearest site, or the WHQ. + +SysOps: Only the respected sysop who's not on every blacklist in the + nation will be given status. SysOps must agree to give all + MoRGUE Members user status on their board, as well as our + courier. If there are any problems here, the status will be + terminated along with the courier feed. + + + + + All sysops will have to set up an account with full access for one of the + two reigning v.p.'s or the president to evaluate it. This will be discussed + on the phone. + + All Boards must display the MoRGUE Distro Status in their advertisements, + zip blurbs etc. + + All Boards must provide basic information to us for the Tfile Member Lists. + Phone Numbers NEED NOT be included. (i.e. The BBS XXX-XXX-XXXX 14.4 HST...) + + All boards must display the morgue logo ansi at logon, or somewhere on the + system. This is not much to ask. + + Only quality users must be given access to the MoRGUE Bases. + + + + + This file should be read thoroughly before you attempt to apply. If you think +you have a chance, apply! We are more or less looking for a few good sites. + + +-Acidic Nature + + + \ No newline at end of file diff --git a/textfiles.com/piracy/APPLICATIONS/siteappt.txt b/textfiles.com/piracy/APPLICATIONS/siteappt.txt new file mode 100644 index 00000000..79511283 --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/siteappt.txt @@ -0,0 +1,71 @@ + + + -=[** Ultra Tech **]=- + -=[** The Ultimate Group **]=- + + + Ultra Tech is now taking applications for Ultra Tech BBS'S + The fee is 100 dollars including LSD BBS software and 50 + dollars without LSD software. Among other things you will + recieve for your fee is toll free net-mail rights as well + as 0 day waresuploaded by our ultra baby couriers. + And of course you will part of the most prestiges group in + the Pirate world today + + If you can commit to making this effort successful, then + fill in the application and leave it on Ultra Tech BBS or + Twin Peaks. Starwolf and Captain Tom will be coordinating + things so upload this appt. to either the Ultra Tech BBS + or Twin Peaks BBS + + ****=[ Ultra Tech BBS Application ]=**** + + + Handle........: + + Real 1st Name.: + + Voice Phone #.: + + Time to call..: + + Your BBS Name.: + + Your BBS Num..: + + BBS BAud RAte.: + + BBS NUP:......: + + BBS Reference.: Board Name Number + + 1. + 2. + 3. + + Sysop Reference: (These guys will vouch for me) + + 1. + 2. + 3. + + Groups ........: (I am in the following groups) + + 1. + 2. + 3. + + Remarks........: (Why should we select you????) + + 1. + 2. + 3. + + Ok, that does it. If you are selected you will be contacted + voice by either starwolf or myself. Thanks for supporting + Ultra Tech. + + + + + \ No newline at end of file diff --git a/textfiles.com/piracy/APPLICATIONS/slaveapp.txt b/textfiles.com/piracy/APPLICATIONS/slaveapp.txt new file mode 100644 index 00000000..4ece4af2 --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/slaveapp.txt @@ -0,0 +1,101 @@ + +Feb. 24th, 1990 + + TL Here. First off, I want it known, I am not longer TL or The Timelord, but +rather The Slavelord. Good, got it? Great. You can also call me master. Why +the handle change you ask? Well I am now the Slave Driver for The Humble Guys. +If you are reading this, then you are reading an application to be a Slave +for THG. Got it? Good. Let's continue. + + First off, being a THG slave is very simple, prestigious, and alot of +fun. How can being a slave be prestigious? Well simple, slaves will have THG +wares FIRST. And since THG puts out ALL WARES FIRST, then you of course will +have first dibs on the wares. Also, being a slave is an Anonymous job. Your +handle will be simply Humble Slave#xx (where xx is the slave number). However, +like the marines, we are looking for a few good slaves. There are also a few +basic rules to being a THG slave. Most important, remember that myself and ALL +THG members are to be treated as God's. We are your patron diety. Number 2, +you will do anything we ask. If that means name your first born son after us, +then do it. As a matter of fact, I want you all to name your first born son +SL. Got it? Good. Now, how do you become a THG slave? This is the easy part. +Just fill out the application here and send it to either one of these fine +boards: + + The Slave Den + [9O4] 376 1117 + SysOp: The Slavelord + + Candyland \ The Humble Guys / Tye Die Control Center + [615] 333 6561 / World Headquarters \ [615] 832 9277 + + + All of these boards runs at 9600 HST speeds (lock in at 38.4 if you have a +16550 UART chip and a 14.4 or DS). Now, lets get to the application. + + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + Application to be bonded into SLAVERY +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +What is your handle :_________________________ + +What is your REAL NAME :_________________________ + +What is your home phone #:_________________________ + +What is your date of birth:__/__/__ + +What is the make and model of your modem:_____________________________ + +List the top boards you are on and their phone numbers (5 lines) + + Board Name Board Number SysOp + +1) ________________________ (___)___-____ _____________________ + +2) ________________________ (___)___-____ _____________________ + +3) ________________________ (___)___-____ _____________________ + +4) ________________________ (___)___-____ _____________________ + +5) ________________________ (___)___-____ _____________________ + +Now we have some personal questions to ask you to make sure that you are +slave quality. + +1) If I asked you to jump, what would your reply be? ________________________ + +2) Do you believe in the use of K-Y jelly, or do you like it straight up? ___ + +3) As a slave, would you be willing to sell your mother into prostitution +if I told you to do so? ___ + +4) As a slave, if I told you to send me your computer, would you? ___ + +Now it is essay times kiddies, this essay is real simple. Just go ahead +and tell me WHY I should even go and consider you as a slave. + +Subject:____________________________________ +To :The Slavelord + +______________________________________________________________________ +______________________________________________________________________ +______________________________________________________________________ +______________________________________________________________________ +______________________________________________________________________ +______________________________________________________________________ +______________________________________________________________________ +______________________________________________________________________ + + +Good, now that you have successfully finished filling out this application, +make sure to send it to one of the 3 boards listed above. Make sure to +leave it for The Slavelord. + + The Slavelord + + + + + diff --git a/textfiles.com/piracy/APPLICATIONS/tasd.app b/textfiles.com/piracy/APPLICATIONS/tasd.app new file mode 100644 index 00000000..5334ef1a --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/tasd.app @@ -0,0 +1,139 @@ + + + .ijĿij Ŀ ij . + ij Ŀ ij. Ŀ + ڳ ij ij + ij + ٳ Ŀ . ijĿ Ĵ + . ij ij. + . ó . + ۰ . ܰ + .۱ . ߱ ۰ . . + . . + . + . . + + - The Association of Social Disorder - + +[ APPLICATIONS FOR DISTRO/COURIER/WRITER ] + + The following form is to be filled out and returned in email to Wilco on any +of the following boards : + +͸ + Realm of Warriors (201) 728.0941 NUP:Darkness + Countdownt to Extinction (212) 765.1701 + Lineman's Lair (417) 883-1137 NUP:Betatest +; + +NOTE : You can also return this to any TASD member and it will be taken to + me for review. + +Real name [.....................................] +Handle(s) [.....................................] +Voice phone number [............] +Address [.......................................] + [.......................................] +Country [............] +Zip code [......] +Modem speed [......] + +If you run a board please fill in the following info + +Board name [..............................................] +Board number [............] +Board BPS speed [......] +NUP [....................] + + Network Name - Zone:Host/Node.Point # +Specify network [.............................................] +affiliations [.............................................] + [.............................................] + + +What posistion in TASD are you applying for? +[..........................................] + +Are you a member of any other HPA related groups? ( If so, list ) +[............................................................................] + +If Answer to above question was yes, what is your posistion(s)? +[............................................................................] + +What do you have to offer TASD in your posistion? +[............................................................................] +[............................................................................] + +Name some of the best HPA boards that you frequent - + + Name Number NUP +[...........................] [............] [...........] +[...........................] [............] [...........] +[...........................] [............] [...........] + +-[ Knowledge questions ]- + + In the following listing of subjects please place an number between 1 and +4 by each one with a 1 representing no knowledge of a subject to a 4 being an +expert on the topic. + +1 = Know nothing about it +2 = Aware of the basic ideas and concepts +3 = Fairly good, but could be better +4 = Pretty much know it all + +PBX/CBX computer hacking [.] +General micro computer BBS hacking [.] +General mini computer hacking [.] +General mainframe computer hacking [.] +General electronic circuitry [.] +Cellular phone phreaking [.] +Virus/Trojan writing-information [.] +General scams for money [.] +Carding [.] +Phreaking via non-PBX/950 ways [.] +Chemistry in terror/fun [.] +Legal issues concerning computers [.] +General computer programming [.] +Assembler programming [.] +C programming [.] +TP programming [.] +Music programming/writing [.] +VGA/MCGA/Mode X programming [.] +Radio/Ham/Scanners [.] +Presonal information dbases [.] +Packet radio [.] +General info on telco systems [.] +Drug production [.] +Other drug information [.] +Encryption/Decryption [.] +Audio survailiance [.] +Burglery [.] +Shoplifting [.] +Personal property destruction [.] +Trashing [.] +Cable phreaking [.] +Stealth covert operations [.] +COCOT phones [.] + + If there is any other 'special' area of expertise you have please list on +the next few lines... + +[1.] +[2.] +[3.] +[4.] +[5.] + + How should I get in contact with you to explain the status of your membership? + +[1.] +[2.] + +Note - Not a good idea to make me call boards I am not on to get in response + with you. This takes way too much of my time up. + + This concludes the application procedure, now just call, find a TASD board or +member and give this to them. (Refer to the opening statements) + [ May 25 1993 ] + [ Wilco -Founder of TASD ] diff --git a/textfiles.com/piracy/APPLICATIONS/usacour.app b/textfiles.com/piracy/APPLICATIONS/usacour.app new file mode 100644 index 00000000..e95296e6 --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/usacour.app @@ -0,0 +1,93 @@ + + USA Courier Application + + + So, you're thinking of becoming a courier? + Before you bother to fill out this application, + and possibly waste my time and yours, let me + fill you in on what we're looking for in our + couriers. When you become a USA courier, it + means that you are donating your time(and this + job is very time consuming) to USA in exchange + for the privelage of being associated with a + highly respected national level group. It will + be required that you are available to courier + at all hours of the night and be able to be + reached regularly in the afternoon and evenings + usually from 3pm to 10pm. If you have a daily + engagement such as a job or school, this must + be specified upfront, and you will be required + to call one of several pre-specified boards to + check on any new wares several times a day. + Feel free to fill out this application, and if + you think you are worthy of being a USA courier, + then send the application up to The BBS-A-Holic + or Enterprize Elite in the form: YOURNAME.APP + + + + Enter your full legal name: ................................. + Home Voice Phone: (...) ...-.... Data Phone (...) ...-.... + Office Voice Phone: (...) ...-.... + Street Address: ....................................... + City, State ZIP: ....................................... + Birthday: (../../..) Age: .. + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + Please list the USA affiliated boards that you have already recieved full + validation on: .......................................................... + .............................................................. + List the 10 best boards that are not affiliated with USA that you have full + access on: + Board Name Sysop Phone Number Group affiliation + 1> + 2> + 3> + 4> + 5> + 6> + 7> + 8> + 9> + 10> + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + Do you have the means of making multiple long distance calls at extended + lengths of time at least 4 days out of every week? (Y/N) + + Do you have any form of employment? If so, what is your current job? + ...................................................................... + + If you are a student, what grade or level are you at, and at what time + do you arrive home? + ...................................................................... + + What other computer oriented groups(if any) have you been affiliated + with in the past? + ..................................................................... + + How often do you call out by means of modem? + ................................... + + When are you usually available? (Please fill in times of the day) + Monday - Tuesday - Wednesday - + Thursday - Friday - + Weekends - + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + And finally, please leave any additional comments as to what expierience + you have, and anything that may sway my decision towards making you a + USA courier: + ........................................................................ + ........................................................................ + ........................................................................ + ........................................................................ + ........................................................................ + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + Thank you for supporting USA, we will try to get back to you as soon as + possible. + -Suicidal + -USA Member + + + + + diff --git a/textfiles.com/piracy/APPLICATIONS/wizapp.txt b/textfiles.com/piracy/APPLICATIONS/wizapp.txt new file mode 100644 index 00000000..dacb7d74 --- /dev/null +++ b/textfiles.com/piracy/APPLICATIONS/wizapp.txt @@ -0,0 +1,112 @@ + + _--_|\ + WizNet / \ WizNet : 237:1313/1 + Roleplaying is \/--\__/ OPEN : 37:300/100 + our speciality! \/ NuitNet : 666:4310/0 + VampNet : 300:6103/18 + FidoNet : 3:632/362 + Phone : 613-882-1217 + + NEW NODE APPLICATION + + + + The answers given will remain STRICTLY confidential and will not be + made public. The information is sought in order for the network to + streamline the flow of mail. It is MANDATORY to return this form + by way of netmail in order to prove that your system is able to + send and receive netmail, since this ability is a pre-requisite for + your participation in the network. + + I look forward to having you in the network! + Morticia + + + + Please crash mail the completed form to 237:1313/1. You should use + the WizNet address 237:1313/999 to send it, no session password is + necessary. You are required to crash mail this as a file attach to + prove you have mailer capabilities. + + + + + Tear off here! - - + +SysOp Real Name : + +SysOp Alias : + +Home Phone : + +9am-5pm phone : +(not compulsary) + +BBS Phone(s) : + +Postal Address : + : + +BBS Name : + +BBS Location : + +Computer type/ +operating system : + +BBS Software : + (SBBS, RA, Ezycomm, etc) + +Average daily volume of mail (if known): (in Kb or messages) + +Other private network(s) or other BBSs with which you are currently +exchanging mail. Please also supply other node number(s): + + + + +Where do you currently get/deliver mail (if applicable): + + + + +Frontdoor 2.02 (Used by Wizard's Tower) . . .[ ] +Other (specify) . . .[ ] .............. + +Does it support WaZOO file requests? Y/N . . .[ ] + +What is your maximum baud rate: + + 1200 . . .[ ] 2400 . . .[ ] + 9600 . . .[ ] 12000 . . .[ ] + 14400 . . .[ ] 19200 . . .[ ] + 24400 . . .[ ] 28800 . . .[ ] + +Modem Protocol(s): + + v21 . . .[ ] v22 . . .[ ] + v22bis . . .[ ] v23 . . .[ ] + v32 . . .[ ] v32bis . . .[ ] + v42 . . .[ ] v42bis . . .[ ] + Hayes v9600 . . .[ ] HST . . .[ ] + PEP . . .[ ] MNP4 . . .[ ] + MNP5 . . .[ ] V.FC . . .[ ] + Other . . .[ ] ................ + +Operational detail(s): + +Mail Only (No human callers) . . .[ ] +Continuous Mail . . .[ ] +Limited Hours (please specify) . . .[ ] ................ + +Any other information you'd like to tell me? + + + + + + + End of the questionnaire - Thanks! + + +Copyright (c) WizNet, 1994. All rights reserved. diff --git a/textfiles.com/piracy/COURIERS.1 b/textfiles.com/piracy/COURIERS.1 new file mode 100644 index 00000000..1e6517df --- /dev/null +++ b/textfiles.com/piracy/COURIERS.1 @@ -0,0 +1,66 @@ + +T E X T F I L E S + +

Piracy Textfiles: Courier Membership Lists and Introductions

+

+Of of the more intruiging aspects of the microcomputer piracy subculture has +been the rise of "Courier Groups", which are dedicated to the sole purpose of +transporting pirated games from the groups that pirate to high-traffic web +sites and BBSes, often available with a membership fee. This more shark-like +piracy approach rose in the early 1990s with the PC world, and by the +middle of the decade, it was an established near-industry. +

+ + + + + +
+
Filename
Size
Description of the Textfile
9kc0195.nfo 6123
 9000 COURIERS: Introduction, Cast List, BBS List, Ad +
9kc0594.nfo 5991
 9000 COURIERS: Staff List, BBS List, Ad +
9kc1094.nfo 3540
 9000 COURIERS: Staff List, BBS List, Fresh Warez Guaranteed! +
9kc1294.nfo 6754
 9000 COURIERS: Member List, BBS List +
alpha.txt 2566
 ALPHA: Courier Spreader Identifier +
ambition.nfo 5583
 AMBITION: Courier and Trader List, January 1997 +
cocaine.nfo 4344
 COCAINE: Courier List, Members, Greets, Boards +
cod.nfo 3409
 COURIERS OF DARKNESS: Member and BBS List +
courier.app 2370
 PE: Public Enemy Courier Application +
devo0193.nfo 1830
 DEVO Couriers, January 5, 1993 +
devo0195.nfo 4362
 DEVO Couriers, April 1, 1995 +
devo0294.nfo 759
 DEVO Couriers, February, 1994 +
devo0893.nfo 4553
 DEVO Couroiers: AxiS The Movie, Final Release, August 25, 1993 +
fuck.it 248
 Gravity's Pull Courier File from Lightnin Hopkins +
htc-rel.nfo 2948
 HTC: High Tech Couriers, 1995 +
htc1095.nfo 11292
 HTC: High Tech Couriers 10 1995 Member List and Board List +
iit'94.nfo 5354
 IIT: Israel's Internet Traders Courier List +
inc604.txt 1085
 Tag File for the Incarcerated Scarfaces Courier Group +
menace.asc 3774
 MENACE: Courier List +
risc'is 1141
 The Tag for Rise in Superior Couriering +
risc0295.nfo 4864
 RISC: Rise in Superior Couriering 2/1995 +
risc0296.nfo 5841
 RISC: Rise in Superior Couriering 2/1996 +
risc0394.nfo 8484
 RISC: Rise in Superior Couriering 3/1994 +
risc0595.nfo 5327
 RISC: Rise in Superior Couriering 5/1995 +
risc0795.nfo 5742
 RISC: Rise in Superior Couriering 7/1995 +
risc0996.nfo 5593
 RISC: Rise in Superior Couriering 9/1996 +
risc1.nfo 5399
 RISC: Rise in Superior Couriering Member and Board Lists +
risc1293.nfo 7186
 RISC: Rise in Superior Couriering 12/1993 +
risc94.nfo 8423
 RISC: Rise in Superior Couriering, Welcome Alpha Couriering! +
rsc0595.nfo 5326
 RISC: Rise in Superior Couriering 5/1995 +
stealth.nfo 5762
 STEALTH: Stealth Couriers Member and Board List +
t4d.nfo 5666
 GENESIS: Courier/Board List +
tca.nfo 5326
 TCA: The Courier Associated Board and Member List +
therapy.nfo 7169
 THERAPY: Courier and Member List 1995 +
uc.nfo 8548
 UC: United Couriers Third Year Anniversary +
uc1092.nfo 4218
 UC: Uniter Couriers Member and Board List, October 1992 +
uc1093.nfo 6787
 UC: Uniter Couriers, Member and Board List +
uc1094.nfo 8042
 UC: Uniter Couriers Member and Board List 1994 +
wwc93.nfo 7840
 WWC: World Wide Couriers: Member List +
lsd.nfo 9344
 LSD: Light Speed Distributors, the Official Courors of Vision +

There are 40 files for a total of 208,913 bytes.

+Important Credit: A portion of these files came from a site called the +Defacto2 Scene Archive, +and were acquired and saved by the folks of that group. They've done a +wonderful job on the site, and it is highly reccommended that you check +it out. + + diff --git a/textfiles.com/piracy/COURIERS/.windex.html b/textfiles.com/piracy/COURIERS/.windex.html new file mode 100644 index 00000000..73784364 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/.windex.html @@ -0,0 +1,66 @@ + +T E X T F I L E S + +

Piracy Textfiles: Courier Membership Lists and Introductions

+

+Of of the more intruiging aspects of the microcomputer piracy subculture has +been the rise of "Courier Groups", which are dedicated to the sole purpose of +transporting pirated games from the groups that pirate to high-traffic web +sites and BBSes, often available with a membership fee. This more shark-like +piracy approach rose in the early 1990s with the PC world, and by the +middle of the decade, it was an established near-industry. +

+ + + + + +
+
Filename
Size
Description of the Textfile
9kc0195.nfo 6123
 9000 COURIERS: Introduction, Cast List, BBS List, Ad +
9kc0594.nfo 5991
 9000 COURIERS: Staff List, BBS List, Ad +
9kc1094.nfo 3540
 9000 COURIERS: Staff List, BBS List, Fresh Warez Guaranteed! +
9kc1294.nfo 6754
 9000 COURIERS: Member List, BBS List +
alpha.txt 2566
 ALPHA: Courier Spreader Identifier +
ambition.nfo 5583
 AMBITION: Courier and Trader List, January 1997 +
cocaine.nfo 4344
 COCAINE: Courier List, Members, Greets, Boards +
cod.nfo 3409
 COURIERS OF DARKNESS: Member and BBS List +
courier.app 2370
 PE: Public Enemy Courier Application +
devo0193.nfo 1830
 DEVO Couriers, January 5, 1993 +
devo0195.nfo 4362
 DEVO Couriers, April 1, 1995 +
devo0294.nfo 759
 DEVO Couriers, February, 1994 +
devo0893.nfo 4553
 DEVO Couroiers: AxiS The Movie, Final Release, August 25, 1993 +
fuck.it 248
 Gravity's Pull Courier File from Lightnin Hopkins +
htc-rel.nfo 2948
 HTC: High Tech Couriers, 1995 +
htc1095.nfo 11292
 HTC: High Tech Couriers 10 1995 Member List and Board List +
iit'94.nfo 5354
 IIT: Israel's Internet Traders Courier List +
inc604.txt 1085
 Tag File for the Incarcerated Scarfaces Courier Group +
menace.asc 3774
 MENACE: Courier List +
risc'is 1141
 The Tag for Rise in Superior Couriering +
risc0295.nfo 4864
 RISC: Rise in Superior Couriering 2/1995 +
risc0296.nfo 5841
 RISC: Rise in Superior Couriering 2/1996 +
risc0394.nfo 8484
 RISC: Rise in Superior Couriering 3/1994 +
risc0595.nfo 5327
 RISC: Rise in Superior Couriering 5/1995 +
risc0795.nfo 5742
 RISC: Rise in Superior Couriering 7/1995 +
risc0996.nfo 5593
 RISC: Rise in Superior Couriering 9/1996 +
risc1.nfo 5399
 RISC: Rise in Superior Couriering Member and Board Lists +
risc1293.nfo 7186
 RISC: Rise in Superior Couriering 12/1993 +
risc94.nfo 8423
 RISC: Rise in Superior Couriering, Welcome Alpha Couriering! +
rsc0595.nfo 5326
 RISC: Rise in Superior Couriering 5/1995 +
stealth.nfo 5762
 STEALTH: Stealth Couriers Member and Board List +
t4d.nfo 5666
 GENESIS: Courier/Board List +
tca.nfo 5326
 TCA: The Courier Associated Board and Member List +
therapy.nfo 7169
 THERAPY: Courier and Member List 1995 +
uc.nfo 8548
 UC: United Couriers Third Year Anniversary +
uc1092.nfo 4218
 UC: Uniter Couriers Member and Board List, October 1992 +
uc1093.nfo 6787
 UC: Uniter Couriers, Member and Board List +
uc1094.nfo 8042
 UC: Uniter Couriers Member and Board List 1994 +
wwc93.nfo 7840
 WWC: World Wide Couriers: Member List +
lsd.nfo 9344
 LSD: Light Speed Distributors, the Official Courors of Vision +

There are 40 files for a total of 208,913 bytes.

+Important Credit: A portion of these files came from a site called the +Defacto2 Scene Archive, +and were acquired and saved by the folks of that group. They've done a +wonderful job on the site, and it is highly reccommended that you check +it out. + + diff --git a/textfiles.com/piracy/COURIERS/9kc0195.nfo b/textfiles.com/piracy/COURIERS/9kc0195.nfo new file mode 100644 index 00000000..6f3183a5 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/9kc0195.nfo @@ -0,0 +1,79 @@ + 9 0 0 0 c + + DM + + + + + + + + + + + + + + + +< 9 0 0 0 C o U R i E R S >ķ + + -/- HiGH CoUNCiL -\- + + -/\- ToAST -/\- + RAiSTLiN - LiTHIuM - USTASA + + -/- MEMBERS -\- + + FATAL ERRoR - REVANANT + CoRPSE - SWiTCH BLADE - CARNAGE + + -/- ART AND CoDiNG -\- + + KiNSLAYER - FoRD PREFECT - RoSCo - GRiFTER + - DADDYMAC - + + -/- 9000C BoARDS -\- + + CiTADEL OF CHAoS 3 NoDEZ/5.5 iTS-NoT-LAME SWiTCH BLADE WoRLD HQ + MEDUSA'S DoMAiN 7 NoDEZ/9.0 iTS-NoT-LAME MEDUSA CoURiER HQ + + MAXiMUM CARNAGE 2 NoDEZ/3.1 iTS-NoT-LAME CARNAGE AFFiLiATED + + THE NEiTHERWoRLDS 1 NoDE /1.5 iTS-NoT-LAME LiTHIUM MBR BoARD + BEYoND THE CEMETARY 2 NoDEZ/1.0 iTS-NoT-LAME CoRPSE MBR BoARD + ALTERED iNSANiTY 1 NoDE /1.8 iTS-NoT LAME RoSCo MBR BoARD + + THE ToXiC DUMP 2 NoDEZ/1.2 XXX-iTS-9000 DARKWiNG DiSTRo! + BACKSTAGE 2 NoDE /345 XXX-iTS-9000 BLACK FRiDAY DiSTRo! + ACCESS DENiED 2 NoDE /1.2 XXX-iTS-9000 PHANTASM DiSTRo! + CENSoRY ASSAULT 2 NoDEZ/1.2 XXX-iTS-9000 FATAL ERRoR DiSTRo! + THE SUB-ETHA NET 3 NoDEZ/2.0 XXX-iTS-9000 FoRD PREFECT DiSTRo! + + + -/- GRoUP NEWS -\- + + + + + + iNTERESTED iN JoiNiNG 9000 CoURiERS? + + CALL: 905-333-1430 + LoGIN: 9000c + PWoRD: CHiCKEN + + AND UPLoAD ToAST A MESSAGE ABoUT WHAT YoU CAN oFFER 9000C. + + + -/- GREETiNGS Go oUT To -\- + + + + + + AND THE WHoLE ENTiRE SCENE! --- ESPECiALLY THOSE WHo GoT BUSTED! + + -/- THE SCENE WiLL NEVER DiE -\- + -!TWH!- +< TRADING GAME WAREZ ONLY >Ľ diff --git a/textfiles.com/piracy/COURIERS/9kc0594.nfo b/textfiles.com/piracy/COURIERS/9kc0594.nfo new file mode 100644 index 00000000..4419958a --- /dev/null +++ b/textfiles.com/piracy/COURIERS/9kc0594.nfo @@ -0,0 +1,82 @@ + + + ܱ ܱ ܱ ܱ ܱ ܱ +۲ ۲ ۲ ۲ + ۲ ۲ ۲ ۲ + ۲ ۲ ۲ ߲ ߲ ߲ ߲ + m + + ۲ El President ۲ + + THE PREDATOR + + + ۲ Senior Staff ۲ + + + Newton P. Forgery - Gorguts - Rawhead Rex - Wolvy + + + ۲ 9000 Couriering Crew ۲ + + Alternative - Anonymous - Fatal Error - Ford Prefect + Hurricane - Death's Head - Masala - The Overlord - Wiseguy + + ۲۲ + + Greetz to cool 9000c members and our friends! + + ۲۲ + + + ۲ 9000c Bulletin Boards ۲ + + Chronic Addiction 2 NODE/1.0 GIG 905.388.4326 THE PREDATOR WORLD HQ! + + ۲۲ + + Unlimited Power 3 NODE/7.2 GIG 905.XXX.XXXX Raider COURIERHQ + Apocalyptic Teacup 2 NODE/3.1 GIG 905.XXX.XXXX Mad Hatter COURIERHQ + Cryptic Ville 1 NODE/550 MEG 905.XXX.XXXX Rawhead Rex COURIERHQ + + ۲۲ + + The Nocternal Tower 1 NODE/500 MEG 905.XXX.XXXX The Overlord AFFILIATE + Twist of Cain 1 NODE/300 MEG 905.XXX.XXXX Gorguts AFFILIATE + + ۲۲ + + Infinity INC. 2 NODE/500 MEG 905.XXX.XXXX Orion DIST SITE + African Relaxation 1 NODE/210 MEG 905.XXX.XXXX Hipe DIST SITE + Another Dimension 1 NODE/850 MEG 905.XXX.XXXX Jazz DIST SITE + Midnight Sun 1 NODE/500 MEG 905.XXX.XXXX Zarathos DIST SITE + Splendor Solis 1 NODE/1.4 GIG 905.XXX.XXXX Dark Lord DIST SITE + The Collective 2 NODE/625 MEG 905.639.3819 Picard DIST SITE + Armegeddon 1 NODE/450 MEG 905.648.8383 Mac DIST SITE + Order & Chaos 1 NODE/500 MEG 905.XXX.XXXX Devine Chaos DIST SITE + + YOUR BOARD ? NODE/??? ??? ???.???.???? YOUR NAME WILL SEE + + ۲۲ + + SYSOPS: If your board info is incorrect, contact a senior member + + ۲ TRADING GAME WAREZ ONLY ۲ + + 9000 Couriers are dedicated to trading game warez only! + + ۲۲ + + To get in on the 9000 action as a Courier or Distribution Site, + contact one of our Senior Members or get on the horn and dial up + Chronic Addiction for information. + + ۲ Group Greetings: ۲ + + + + ۲ Personal Greetings: ۲ + + Rawhead Rex - Newton P. Forgery + + ۲۲ diff --git a/textfiles.com/piracy/COURIERS/9kc1094.nfo b/textfiles.com/piracy/COURIERS/9kc1094.nfo new file mode 100644 index 00000000..cba80069 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/9kc1094.nfo @@ -0,0 +1,57 @@ + +< 9 0 0 0 C O U R I E R S >ķ + + El President + + Wolvy + + Senior Staff + + Switch Blade - Newton P. Forgery - Raider + + Courier Co-Ordinators + + THE PREDATOR - Rawhead Rex + + Couriers + + Alternative - Anonymous - Fatal Error - Toast - Wiseguy + Raistlin - Ford Prefect - Lithium + + 9000 HEADQUARTERS + + Unlimited Power 4 NODE/10.5 905-XXX-XXXX Raider 9000C WHQ! + + Citadel of Chaos 2 NODE/1.6 GIG 905-XXX-XXXX Switch Blade COURIER HQ + The Sub-Etha Net 2 NODE/2.0 GIG 905-XXX-XXXX Ford Prefect LOCAL HQ + + Maximum Carnage 2 NODE/3.1 GIG 905-XXX-XXXX Carnage AFFILIATED + Cryptic Ville 1 NODE/550 MEG 905-XXX-XXXX Rawhead Rex AFFILIATED + + The Toxic Dump 2 NODE/1.2 GIG 905-XXX-XXXX Darkwing DISTRO! +< TRADING GAME WAREZ ONLY >Ľ + + 9000 Couriers are dedicated to trading game warez only! + + `Fresh Warez GUARANTEED!' + + Need to contact 9000 Couriers? Call ANY 9000 Couriers + board and leave E-Mail to THE PREDATOR! We're looking + for Distribution Sites at the moment, 2 more sites are + availale at this time! + + Greetings & Such: + + Wiseguy - Thats it! YOUR OUT! + Rawhead Rex - BRE cheat! + Newton P. - Coolness as usual.. :) + Raider - Grab your 28.8's today!! + Toast - Welcome to the group. + Lithium - Ditto. + Switch Blade - Thanks for the support. + Wolvy - Excellent job, as usual.. + Wiseguy - OK, your back in.. + *Nine Continents* - Go back to Toronto, lamer.. + + + THE PREDATOR diff --git a/textfiles.com/piracy/COURIERS/9kc1294.nfo b/textfiles.com/piracy/COURIERS/9kc1294.nfo new file mode 100644 index 00000000..9f9deb38 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/9kc1294.nfo @@ -0,0 +1,86 @@ + 9 0 0 0 c + + DM + + + + + + + + + + + + + + +< 9 0 0 0 C O U R i E R S >ķ + + -/- MEMBERS -\- + + RAiSTLiN -/\- TOAST -/\- USTASA + WiSEGUY - LiTHiUM - FATAL ERROR - KiNSLAYER + ViOLENT FURY - REVENANT - DESTROYER - RAiDER + SWiTCH BLADE - FORD PREFECT - CARNAGE + + -/- ART AND CODiNG -\- + + KiNSLAYER - FORD PREFECT - ROSCO - GRiFTER + - DADDYMAC - + + -/- UPLOAD YOUR APPLiCATiON TODAY! -\- + + -/- GROUP AFFiLiATiONS -\- + + - NARC - + + -/- 9000C BOARDS -\- + + UNLiMiTED POWER 5 NODEZ/10.5 V34 iTS-TOO-COOL RAiDER W H Q! + + CiTADEL OF CHAOS 4 NODEZ/5.5 V34 iTS-NOT-LAME SWiTCH BLADE COURiER HQ + THE SUB-ETHA NET 3 NODEZ/2.0 VFC iTS-NOT-LAME FORD PREFECT LOCAL HQ + + MEDUSA'S DOMAiN 7 NODEZ/9.0 V34 iTS-NOT-LAME MEDUSA AFFiLiATED + MAXiMUM CARNAGE 4 NODEZ/3.1 VFC iTS-NOT-LAME CARNAGE AFFiLiATED + + DESTROYER'S REALM 2 NODEZ/500 V32 iTS-NOT-LAME DESTROYER MBR BOARD + KiLLER iNSTiNCT 1 NODE /450 V32 iTS-NOT-LAME iMPACT MBR BOARD + + THE TOXiC DUMP 2 NODEZ/1.2 V32 XXX-iTS-9000 DARKWiNG DiSTRO! + ELECTRiFiED 1 NODE /340 VFC XXX-iTS-9000 HiGH VOLTAGE DiSTRO! + HALLUCiNATiONS 1 NODE /350 V32 905-525-6236 FLASHBACK DiSTRO! + CRiME SYNDROME 1 NODE /1.6 VFC 519-iTS-9000 SYNDYCOMM DiSTRO! + TERROR iNC. 1 NODE /250 V32 XXX-iTS-9000 GENOCiDE DiSTRO! + TOXiC POiSON 1 NODE /400 V32 XXX-iTS-9000 TiMBER WOLF DiSTRO! + BACKSTAGE 1 NODE /345 V34 905-332-9013 BLACK FRiDAY DiSTRO! + iNSOMNiA 1 NODE /3.3 V34 XXX-XXX-XXXX MASS MURDERER DiSTRO! + + + -/- GROUP NEWS -\- + 9000C NOW SPORTS A NEW DiViSiON! 9000C ART AND CODiNG! + SUPPORTiNG ALL 9000C BOARDS WiTH ANY TYPE OF ART OR CODiNG + RELATED DATA! ALL THiS ADDED ON TO OUR REPUTATiON OF DELiVERiNG + FAST WAREZ TO ALL OUR SiTES! ..COULD YOU ASK FOR ANYTHiNG MORE? + + iNTERESTED iN JOiNiNG 9000 COURiERS? + + CALL: 905-546-0597 + LOGIN: 9000c + PWORD: CHiCKEN + + AND UPLOAD TOAST A MESSAGE ABOUT WHAT YOU CAN OFFER 9000C. + iF YOU ARE APPLYiNG FOR ART, UPLOAD A ZiP OF SAMPLES WiTH THE MESSAGE. + + -/- GREETiNGS GO OUT TO -\- + + THE PREDATOR, WOLVY, BERSERKER, RAiDER, NEWTON P. FORGERY, SHARDiK, + SCORPiON, COLOR CRiMSON, MASS MURDERER, DEATH JESTER, USTASA, ELF, PSYCHO, + LiQUiD PLUMBER, TiM iTHY, LiViNG SACRiFiCE, RAWHEAD REX, NiNE CONTiNENTS! + + AND THE WHOLE ENTiRE SCENE! --- ESPECiALLY THOSE WHO GOT BUSTED! + + -/- THE SCENE WiLL NEVER DiE -\- + -!TWH!- +< TRADING GAME WAREZ ONLY >Ľ diff --git a/textfiles.com/piracy/COURIERS/alpha.txt b/textfiles.com/piracy/COURIERS/alpha.txt new file mode 100644 index 00000000..376799fc --- /dev/null +++ b/textfiles.com/piracy/COURIERS/alpha.txt @@ -0,0 +1,42 @@ + + + + + + + + + + + ۲ ۲ ۲ ۲ ۲ ۲ ۲ + ۲ ۲ ۲ ۲ ۲ ۲ ۲ + ۲ ۲ ۲ ۲ ۲ ۲ ۲ ۲ + ۲ Atxs + + + this file was SPREAD by a + ܱ + ۲ + ۲ ۲ + + ۲ ۲ + ۲ + + S P R E A D E R + + + + +X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X + Another file downloaded from: The NIRVANAnet(tm) Seven + + & the Temple of the Screaming Electron Taipan Enigma 510/935-5845 + Burn This Flag Zardoz 408/363-9766 + realitycheck Poindexter Fortran 510/527-1662 + Lies Unlimited Mick Freen 801/278-2699 + The New Dork Sublime Biffnix 415/864-DORK + The Shrine Rif Raf 206/794-6674 + Planet Mirth Simon Jester 510/786-6560 + + "Raw Data for Raw Nerves" +X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X diff --git a/textfiles.com/piracy/COURIERS/ambition.nfo b/textfiles.com/piracy/COURIERS/ambition.nfo new file mode 100644 index 00000000..88773912 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/ambition.nfo @@ -0,0 +1,84 @@ + + + + ܲ + ܲ ߲ܲ + ۲ ۲ + ߲ ߲ + ޲ ܲ + ۲ ۲ ۲۲ ۲ݲ + ݰ ۲ ۲ ۲ ۲ ۲ +۲ ۲ ۲ ۲ ۲ ۲ ۲ ۲ + ۲ ۲ ۲ ۲ ۲۲ +۲ ۲߲ ߲ ۲۲ ۲ ۲۲ ۲ ۲߲ ߲ + ߲ ߲ ߲ ߲߲ ߲߲ ߲ ߲߲߲ ߲߲ ߲ ߲ + D!S + ߲ܲ ߲߲ + ܲ + + "Ambition Trading - January 13, 1997" + + + + [ COUNCIL ] [ COUNCIL ] + + + ..darkman..marbitoz..the wicked one.. + + + [ EXECUTIVES ] [ EXECUTIVES ] + + + ..darkwave..johnny lennon..shiffie.. + + + [ TRADERS ] [ TRADERS ] + + + ..akasha..bassmaster..claw finger..davey jones..drax.. + ..maverick..mr saint..night..night crawler..ones wally.. + ..paradyme..rockman..self destruct..the fiend..the jerk.. + ..the terminator..toothpaste..uncle john..white lightning.. + + + [ MEMBERS ] [ MEMBERS ] + + + ..bishop..dark rebellion..mario..nite owl.. + + ķ +Ľ + Ľ + + [ AMBITION BOARDS ]͸ + ͸ + ALL SYSOPS ARE FULL MEMBERS OF AMBITION TRADERS +͸ + < BOARD NAME > < NUMBER > < SYSOP(s) > < POSITION > +͵ + OPEN................. WHQ-PRI-VATE ............. WORLD HQ +͵ + Maximum Security..... CHQ-PRI-VATE MS Staff..... Canadian HQ +͵ + Southern Comfort..... USA-PRI-VATE Cobra/Staff.. USA HQ +; +; + ; + + [ AMBITION FTP SITES ]͸ + ͸ + ALL SITEOPS ARE FULL MEMBERS OF AMBITION TRADERS +͸ + < SITE NAME > < IP > < SITEOP(s) > < POSITION > +͵ + Sxxxx Ox Hxxxxx...... xxx-xxx-xxxx Vxxxx./.Cxxxxx AMBITION HQ +͵ + Sxxxxx Pxxxxxxx ..... xxx-xxx-xxxx Bxxxxxxxxx AMBITION HQ +͵ +; + ; + + UPDATED 04/11/97 by Marbitoz ķ +Ľ + Ľ + - AMBITION TRADERS 1997 - diff --git a/textfiles.com/piracy/COURIERS/cocaine.nfo b/textfiles.com/piracy/COURIERS/cocaine.nfo new file mode 100644 index 00000000..53711354 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/cocaine.nfo @@ -0,0 +1,61 @@ + + Ck + + + + + + + + + + + C O U R I E R S + + Ķ M E M B E R S Ŀ + Ŀ + ڳ + DEVIL'S EYE + + CRACK - PAPA - SOUNDWAVE - TEQUILA - TRIANGLE - WIDGET + + + + + Ķ G R E E T S Ŀ + Ŀ + ڳ + LOST - PARTNERS IN CRIME - RAGE 1995 - STONEHENGE + + + + + Ķ B O A R D S Ŀ + Ŀ + ڳ + Ķ HEADQUARTERS Ŀ + + THE WIZARDS GUILD DEVIL'S EYE ITS-PRI-VATE 1 NODE WORLD HQ + CENTRAL STATION WIDGET ITS-PRI-VATE 2 NODES EURO HQ + BERMUDA HOLLAND TRIANGLE ITS-PRI-VATE 2 NODES DUTCH HQ + + Ķ MEMBERBOARDS Ŀ + + INACCESSIBLE TEQUILA +31-NOT-4YOU 1 NODE + THE WILDERNESS SOUNDWAVE +31-NOT-4YOU 1 NODE + + + + + + Ķ I N F O Ŀ + Ŀ + ڳ + WANT TO JOIN US? CALL +31-70-3988665 AND LOGIN WITH THE ACCOUNT: + NAME : COCAINE + PW : CC + AND LEAVE THERE A MESSAGE TO DEVIL'S EYE WITH AS MUCH INFO ABOUT + YOURSELF AS POSSIBLE. + + + diff --git a/textfiles.com/piracy/COURIERS/cod.nfo b/textfiles.com/piracy/COURIERS/cod.nfo new file mode 100644 index 00000000..2c589c92 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/cod.nfo @@ -0,0 +1,64 @@ + +This file was brought to you by - + + + ۲ + ۲ + ۲۰ + ۲۰ ۲ + ۲۱ ۲ +۲ ۲ +۲ ۲ + ۲ ۲ + ۰ ۲۰ + ۰ ۲ + ݰ + ۰ ۰ ۰ + ߱ ۰ + ۲ ۰ ۰ + ߱ ۱ ۰ +۱ ۱ ۱ + ۲ ۲ ۲ + ۲ ߰ ۲ ۲ + ۲ ۲ ۲ + + [C]ouriers [O]f [D]arkness + + + COD Presidents + + Satanic Catalyst Razor + + + COD Vice Pres. + + The Mortician + + + COD Members Couriers + + Assassin Ghost Rider Jack Crack Silencer Mr.Spock Sentinels + Rustic Albino Hacker Rush Shocker Nazarene Wayne Campell + Always Dangerous Flaming Torch + Wolfman + + Board Status SysOp Phone # + + Razor's Edge World HQ Razor 805-PRI-VATE + The Burning Church Canadian HQ Always Dangerous 416-HEL-LNO! + Banshee Island Dist Site Rustic Albino 818-YOU-WISH + Pandemonium Courier HQ Hacker 609-GET-REAL + The Towering Inferno Dist Site Flaming Torch 805-GET-LOST + Inhumanity Dist Site Nazarene 908-NO!-WAY! + Wayne's World Dist Site Wayne Campbell TRY-2FI-NDIT + Bladestorm Dist Site Darksider 310-HAH-AHAH + + +Do you want to be a COD courier or a dist site? D/L a COD Application from any +of the boards listed above or any other board that has it. Then, U/L it to the +WHQ, which is Razor's Edge. Or you can try to contact Satanic Catalyst, Razor, +or The Mortician. + + Greets go out to: XPReSS Jester FLT Raging Bull + + \ No newline at end of file diff --git a/textfiles.com/piracy/COURIERS/courier.app b/textfiles.com/piracy/COURIERS/courier.app new file mode 100644 index 00000000..95420b98 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/courier.app @@ -0,0 +1,138 @@ + Public Enemy Courier Application + + We need help sending the games around. If you can help us send the stuff + around, fill this application out and upload it to your nearest PE site. + Just rename this file to a short abbreviation of your handle. Have fun and + good luck! + +Handle -->_________________________________________________________ + + +First Name -->_________________________________________________________ + + +Phone Number -->_________________________________________________________ + + +5 Boards you call often: + + +___________________________________ + + +___________________________________ + + +___________________________________ + + +___________________________________ + + +___________________________________ + + +3 Modem Users You Know: + + +__________________________ + + + +__________________________ + + + +__________________________ + + +Why do you want to be a PE courier? + + +__________________________ + + + +__________________________ + + + +__________________________ + + + +How long have you been modeming? + +__________________________ + + +What Kind of Computer do you have? + + +__________________________________ + + +What Kind/brand of Modem(s) do you have? + + +___________________________________ + + +When are you availible? + + +_______________________ + + + +Can you supply new uncracked games? + + +________________________ + + +What do you do for a living? + + +________________________ + +Are you affiliated with any other groups? + +__________ + +if so, who? + +_______________________________________ + + + + + +Becoming a PE courier does not mean you get treated like a slave . +Your name is shown on all the cracks, and get all the free downloads you +want. There is a chance to move up to member status, I started as a +courier and am now a member. We are always changing the group around, +so it's not hard to move up. There is no official leader, so everyone gets +a say in what goes on. We appreciate your help. Be honest! you don't +have to be perfect to be a courier! + + + +Alexis Machine/[PE] + + + + +You can send this file filled out to the following boards: + +Theatre of Pain (PE WHQ) 514-661-3077 + +High Intensity (site & my main hang) 512-338-9369 + +The Watchtower (courier's new hang) 514-655-1665 + +C.O.P.S. 416-833-6940 or 416-833-3304 + + +Thanks! + diff --git a/textfiles.com/piracy/COURIERS/devo0193.nfo b/textfiles.com/piracy/COURIERS/devo0193.nfo new file mode 100644 index 00000000..6e97ffe4 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/devo0193.nfo @@ -0,0 +1,26 @@ + + + ߰ + + + + + + + + + + SoI + TRNiTY/DEVO + COURIERS + + + Date: January 05, 1993 + + + + ۲߰ + RCMP, go find out the Members & our AWESOME boards yourself! + ۲ܰ + + \ No newline at end of file diff --git a/textfiles.com/piracy/COURIERS/devo0195.nfo b/textfiles.com/piracy/COURIERS/devo0195.nfo new file mode 100644 index 00000000..2db733d0 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/devo0195.nfo @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + +soi +[acid] + + Ŀ + - D E V o c o u r i e r s ' 9 5 - + Ĵ + + Ŀ + Ŀ-- w e a r e D E V o --Ĵ + president ....... Dr. Death + Ŀ--- -- + senior staff .... Cyberkinetic, iCeFlame + Ŀ--- -- + members ......... Blood Scream, Flamethrower, Wizard + Ŀ--- -- + the DEVo ........ Coolmax, D'Artagnan, Feanor, Headhunter(JCL), Aqueous, + courier ......... Jaw, Perfect Courier, Scorpion, Formula One + team ........... Tetsuo, The Irish One, Zardoz, Pirate Pete + ij--- -- + Ŀ + --- D E V o s i t e l i s t i n g -- + Bulletin Board Name Status Nodes System Operator + ijij + Flatliners World HQ [4] Cyberkinetic + -ijij-- + The Castle Member Board [7] Wizard + The Darker Image Member Board [2] Blood Scream + Distilled Bleach Member Board [2] Spirit of Illusion + -ijij-- + Chernobyl Distribution [1] Atomic + Desert Moon Distribution [1] Moon Shot + Shades of a Shade Distribution [1] Ghost Writer + Utopian Revolt Distribution [2] Kropotkin + The Warlord's Fortress.. Distribution .. [1] The Warlord ........... + ijij + Ŀ + c o n t a c t i n g u s + If you wish to support DEVo as a courier, please contact any DEVo member + on any board you wish. If you would like to become a distribution site + for DEVo, please contact Dr. Death or any senior staff member. + + c l o s i n g n o t e s Ŀ + + Please support the software companies! If you enjoy using a program or + using a utility, please consider buying it! Someone's got to make it worth + the programmers efforts to keep up the high standards... They made it, so + they DESERVE it! + + April 1/95 + \ No newline at end of file diff --git a/textfiles.com/piracy/COURIERS/devo0294.nfo b/textfiles.com/piracy/COURIERS/devo0294.nfo new file mode 100644 index 00000000..82f2b5fd --- /dev/null +++ b/textfiles.com/piracy/COURIERS/devo0294.nfo @@ -0,0 +1,12 @@ + + ߲ ߲ܰ ߲۰ + ___߲۰_________߲____________ܲ_________߰ ___ + : ߰ ߰ ޲ ߲ ; + : ߲ ıı Ŀ ޱ ; + : ޱ ޱ ڰݳ ۰ ; + : ۰İ ܰ ްޱ ۰ ; + ޱ ۰ޱ ܳ İݳ ް ; + : ްIJ ܰ߰ ܿ ; + : ܰ ܰ ܰ ߲ ܰ ; + :______ܰ_______߰_____________߰_____SiDE___߰_______; + ߰ diff --git a/textfiles.com/piracy/COURIERS/devo0893.nfo b/textfiles.com/piracy/COURIERS/devo0893.nfo new file mode 100644 index 00000000..9d3dd06b --- /dev/null +++ b/textfiles.com/piracy/COURIERS/devo0893.nfo @@ -0,0 +1,65 @@ + + + + + + ۱ + ۱ + ۱ + ߱ ۱ + ߱ ۱ + ߱ ۱ + ߱ + ߱ + ߱ Flamethrower + + + + COURIERS + + + + AXiS: The Movie -Final Release- + + + + Released By: ???????? Date: AUGUST 25, 1993 + + Notes: + + + Prince of Death + + + + he >eVo SpReaDing eam + + Bone Crusher Leader Flamethrower Courer Head + Dope Man SpReaD /\/\aster Crzy Joe PC GaMeZ + ShyLocK ConSoleZ The Great One On \/acation + Fusion ce Courer Magma ce Courer + Hellraiser ce Courer Nuclear Fallout /\/\r Phreak + Jaw ce Courer Dark Wizard /\/\eMBeR + Side Swiper PanTeR Jinks /\/\eMBeR + Prince of Death ce Courer + + + + he >eVo /\/\eMbeR Boards + + Physical Damage WHQ Bone Crusher ITS-PRI-VATE + The Ultimate Courier HQ Flamethrower (2 Nodes) 6o4-PRI-VATE + + Phone Henge Member Jinks (2 Nodes) 4o7-PRI-VATE + Liquid Radiation Member Nuclear Fallout 2o3-PRI-VATE + The Depths of Hell Member Dark Wizard ITS-PRI-VATE + + The Castle Afflate The Wizard (3 Nodes) ALL-PRI-VATE + + + + + If you are looking to be a >eVo Courer or Site, please contact any + >eVo Member ASAP! We support IBM PC (Games/Utilities) and SNES + Console warez. + diff --git a/textfiles.com/piracy/COURIERS/fuck.it b/textfiles.com/piracy/COURIERS/fuck.it new file mode 100644 index 00000000..80c0da3f --- /dev/null +++ b/textfiles.com/piracy/COURIERS/fuck.it @@ -0,0 +1,14 @@ + + + + G R A V I T Y ' S P U L L + + + + SysOp: Lightnin Hopkins + + + I couriered this file so fuck you all. + + + diff --git a/textfiles.com/piracy/COURIERS/htc-rel.nfo b/textfiles.com/piracy/COURIERS/htc-rel.nfo new file mode 100644 index 00000000..295b95b4 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/htc-rel.nfo @@ -0,0 +1,41 @@ + + + + + + ݲ + + + + ݲ ݲ ݰ + + + + + ݰ ݱ ݱ + ݲ ݲ + + ݰ + + + + + + + + + [HiGH TeCH CouRieRS/CoDeRS 1995]Ŀ + Ŀ + Ŀ + Title : Login ppe For Pcb 15.21 + Release Date : 07/30/95 + Supplied By : Firet + Cracked By : None + Packaged By : Charger & Ratz +Ŀ + + + +RELEASE NOTES: This is A great ppe for pcb.. has Alterable Board +and handle configuration.. Thanxs Firet..... + diff --git a/textfiles.com/piracy/COURIERS/htc1095.nfo b/textfiles.com/piracy/COURIERS/htc1095.nfo new file mode 100644 index 00000000..023f249d --- /dev/null +++ b/textfiles.com/piracy/COURIERS/htc1095.nfo @@ -0,0 +1,147 @@ + + + + + + + ۲ + + 95' + + + + + + + +[HtC Seniorz]ij[HtC Council]Ŀ + White Cracker Rats Blooodd Ratphour Spyder-X Lightning +ij +[HtC Senior Courierz]Ŀ + Wreaking - Havok + +[Site Crew]Ŀ + Site Crew Cheifs - Cray Flatliner + + Distortion Racjam Devaste Ssilence Distortion *Pascal + +[HTC Traderz]Ŀ + + Rats Blooodd Racjam Liquid Metal Simage Riot White Cracker + Fahrenheit Ratphour Violent CCx Devaste Mr.-X Drapper + The Hydra Alien Son Tech Xyo SpaceAce Mafia Ktulu Dupree + Gunga Fat Trance - 10 Rejector Toxic Avenger The Violator + Suspicious Image Havok _ERASER_ Juno Ssilence Space Cadet + Serenity Lighting Formula MoonChild Mercury Deviator Ravy + Wreaking Speedoman Fulgore Drake Thunder Dragon Mudslush + -45 Active HtC Traderz + Inactive Courier's For HtC below... + + *Nero *Unconvicted Felon *Doomed Testicle *Tanis *Formerly Known + *Baby Giant *Gloom *Akira *Ash *Nardo + -10 Inactive HtC Traderz + +[HtC Memberz]Ŀ + + Digivamp Alien Son Bane Casper Dark Angel Escher ICJ RI-X + Raptor Mantis The Captain Zoola Black Guardian Zeus + Mindreader Cbk Stratocaster Blazing Shadow Tanis Mach One + Dr. Death Anubis Third Son Starmaster Rejector Technician + Ravimx SilverB Liquid Metal MacDaddy Bitchin Crew Rats Blooodd + Paracelsius Crazy Horse + +[HtC Artists/Coderz]Ŀ + Mad Max Digivamp White Cracker The Complicator Satan's Creator + SpaceAce Liquid Metal Code Zero Spyder-X Twister + -10 Active Coderz + + *Epidemic *Disorted Silence *Black Acid *Pagan *Blitz + *Hectic *Wave Rider *Firet *Absolute *Wiz + -10 Inactive Coderz + +[We Welcome...]Ŀ + Mad Max Violent Mercury Serenity Ktulu + MoonChild Paracelsius Digivamp Mindreader Toxic Avenger +[To HtC...] +[Trial]Ŀ + Alchemist NightHawk *Einstein *DarkEvil *Jackrip + Parac Vertigox The Finn *Whispering Death *Fightin Cow *Fur + + +[HtC Newz]Ŀ + + - Better then ever and keep getting stronger...1 year + 4 month Achivment and growing... + -[*] = People who need to start couriering or coding in HtC...If you do + not courier and sit on yer ass like you are doing now then you will be + *DROPED* from htc. We are cleaning out deadweight in the group..When we see + that you have gotten off yer ass and started doing something the * will be + taken off your handle. If you dont show activity by the next time the nfo + is done again or the next meeting on irc you will be dismissed from the + group. *Sysop's are exemped from this note* + + - We greet Havok who has come along way by couriering to the sites and + supplying #HTC people with files to [HTC] SENiOR COURiER.. He is now in + charge of couriers and to check up on them to make sure they are moving + files. + + - PPE Coder's Needed for HtC .. Intrested? Well just join IRC and go to + #htc and we will take your app...Or E-Mail cracker@magg.net + + - The HtC Coderz wanted... + + -We also greet Lightning and Spyder-X to HTC SENiORS... + -Send Questions/Comments to lightnin@garlic.com + + -News Section done by: Lightning and White Cracker -=[HTC]=- + + + +[HtC HQ's Members and Distro Boardz]Ŀ +[Board][Sysop][AC!][Nodes][Rank]Ĵ + + Da Crazy House MacDaddy 415 07 USA World HQ + The Ghostship The Captain 613 10 Canada HQ + Shadowdy Decent Blazing Shadow 615 04 Central USA HQ + The Rock Third Son 305 03 Eastern HQ + + Twisted System MoonChild 972 04 Isreal HQ + System One Rejector +46 03 Sweden HQ + Flip Fantasia Ravimx 617 02 Australian HQ + + Software Evoloution SilverB 718 17 Distribution Site + Rat Hole Rats Blooodd 407 03 Distribution Site + The Vault ][ Technician 503 04 Distribution Site + Serenity Tanis 904 02 Distribution Site + The New Order Mack Daddy 305 02 Distribution Site + Big Bobbers Alien Son 305 02 Distribution Site + Helium Highgrounds RI-x 515 03 Distribution Site + The Silver Bullet Mantis 702 03 Distribution Site + Zoola's Resort Zoola 972 02 Distribution Site + Carnel Influxation Stratocaster 713 05 Distribution Site + The Colisevm The Dragon 201 05 Distribution Site + Shot Glass Cobra 803 06 Distribution Site + The Sanitarium The Sage 303 02 Distribution Site + Aesir Crazy Horse 404 05 Distribution Site + Galaxy Alliance Starmaster 403 06 Distribution Site + Bitch-X Bitchin Crew 514 03 Distribution Site + LightStorm Zeus 414 04 Distribution Site + Nuclear Insemination Drake 508 04 Distribution Site + Aryan Alliance Toxic Avenger 908 02 Distribution Site + Flatliner Dr. Death 604 05 Distribution Site + State Of Mind Mind Reader +46 02 Distribution Site + Digital Deluisons Digivamp 315 04 Distribution Site + The Dead End Liquid Metal 972 03 Distribution Site + Synthetic Zone Paracelsius +41 02 Distribution Site + + + "Death Before Dishonor..." [UPDATED BY]: White Cracker DATE: [10/15/95] + + If You Like It Buy it! + If You hate Delete it! + Support Software that works.... + + HtC is not a profitable group.. Merly just a bunch of lad's couriering + 0-Day. We do not accept money nor donations in any which way.......... +==EOF=================================================================EOF===== + diff --git a/textfiles.com/piracy/COURIERS/iit'94.nfo b/textfiles.com/piracy/COURIERS/iit'94.nfo new file mode 100644 index 00000000..c58403f4 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/iit'94.nfo @@ -0,0 +1,77 @@ + + + + + + + + + + + + + + + (Created by : + DoLittle (tm)) + + + I.I.T. - Israel's InterNet Traders + + + + + Supplied : [Couriering ONLY] + Packed : DoLittle + + + + + + Senior Staff + + DoLittle Nightfall + + Members Staff + + Sgt. Slat ZedZap Iron Man Zino Raiden + + + + + + Escape from Reality [972]-Israel-HQ DoLittle + Sea of Tears [972]-Dist-Site Zino + Horror Pit [972]-Dist-Site Iron Man / Pro Man + Eternal Darkness [972]-Dist-Site Sgt. Slaughter + + iiT Site netvision.net.il iiT FTP site + + iiTBot IRC - iiT channel iiT IRC files spreding BOT + + + + + + Greets : Stubborn , DragonM , J-Jamez , Jebadiah , VGM , Shaw , Plugh , + Ordnance , BGI , Raiden + + Group greets : RTS , DoD , Entropy , Fatal , Legend , Razor , Scum + Trsi + + + + + + I would like to welcome Raiden to iiT , may he serve the group well. + I would like to thank DragonM for the BOT, Cris-DD for the moral support, + VGM for some of the files he offered me and SinjinS for the huge release. + + + + + + If you are interstead in joining this growning group I can be contacted + trough InterNet on IRC or by e-mail an123015@anon.penet.fi + + diff --git a/textfiles.com/piracy/COURIERS/inc604.txt b/textfiles.com/piracy/COURIERS/inc604.txt new file mode 100644 index 00000000..bb44aa58 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/inc604.txt @@ -0,0 +1,20 @@ + + + i n c a r c e r a t e d + ____________________________________________________________________________ + \___ _____ ___/______ \_ _____/ _________ \_ ____/_ ________ ____/ + _\___ \ / / / \_ _ \ __/ / \_ / / ___/_\____ \ + _/ / \_ / _/ / / \_ \_ _/ / / / / / \_ + \__________/____/____\____/___/______/____/__\_____/______/_________/________/ + ---------------------------------------------------------------------(feral)-- + incarcerated scarfaces - ops; lethal injection, ghost and keyser soze + ------------------------------------------------------------------------------ + + Reflux Member Board (RLX) Really Into Spreading Elite (RiSE) + Warez On Demand Member Board (W0D) Creators of Intense Art (CiA) + Magical Force Distro (MF) Pinnacle Releasers Member (PNC) + Next Generation Traders Member (NGT) Affinity Emag Member (AFT) + Flava Hip Hop Magazine (FLV) Rapid Distrobuters Member (RPD) +. + + \ No newline at end of file diff --git a/textfiles.com/piracy/COURIERS/menace.asc b/textfiles.com/piracy/COURIERS/menace.asc new file mode 100644 index 00000000..80be8580 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/menace.asc @@ -0,0 +1,74 @@ + + ܰ ܰ + ۲ ۲ ۲ ۲ ܲ ۲ ۲ + ۱ ۱ ۱ ۱ ܱް ۱ ۱ + ۰ ۰ ۰ ܰ ۰ ۰ ܰ ۰ ܰ + ܰ ۰ ܰ ܰ + + ViO + + [MENACE COURIERS '94] + + BRiNGiNG THE BEST iN NEW WAREZ TO EUROPE AND THE U.S. + + NoTe! Menace is looking FOR GOOD quality traders, + + +GreetZ to : GeN-X - ACE - DVS Project - LeGeND - FLC - PWA - SLA - PNX - CcC + +Personal Greetz: CAiN - Evil Ernie - T/E - Hell Spawn - Strider + + +  + SENiOR STAFF +  + + CAiN ~ Classic ~ Mr. Menor + +  + AFFiLATESMEMBERS +  + + Hellcat ~ Analyzer ~ OffRoader + Evil Ernie ~ Rage ~ Thorn + Ixcalthar ~ Rigor Mortis ~ Gee + The Exorcist ~ Tae + +  + COURiER TEAM +  + + CAiN ~ Mr. Menor + + Kaana ~ Rawhide + Magic ~ Klipsch ~ Chronic + ~ Legion ~ Bad Influence + + + THE HEADQUARTER BOARDS + + NaMe PoSiTiOn NuMBeR SyZo NoDeS + + Menace ][ World HQ +31206411370 CAiN 2 + CyberCrime Courier HQ +31.25.1011157 Mr. Menor 1 + ThunderDome Dutch HQ +31.50.416221 Gee 5 + BrainStorm Latin HQ +55217144697 Classic 1 + Skully Bros U.S East HQ +12o3857o459 Rage/Thorn 2 + Shelter Swiss HQ +41.1.371.3443 Kaana 2 + + MEMBER/DiSTSiTE BOARDS + + NaMe PoSiTiOn NuMBeR SyZo NoDeS + + Phantom Member +31KeePWiSHinG Hellcat 1 + Safari Member +31NoLaMeRs! OffRoader 1 + The Kaoz Landz Member +31.4120.52026 Rigor Mortis 1 + Da Underground U.S. DiST +1XxXXxXxxXx The Exorcist 1 + The Lost Temple U.S. DiST +18o12555251 T/E 1 + Fatal Error U.S. DiST +19143443830 Evil Ernie 1 + The Falcons Eye U.S. DiST +14145NoDeS! Ixcalthar 5 + Traders OutPost U.S. DiST +1.201.SCuMWHQ Liquidator 6 + + + iNFOFORM DESiGN BY: Pr0ZaC ADDiCt +  94! diff --git a/textfiles.com/piracy/COURIERS/risc'is b/textfiles.com/piracy/COURIERS/risc'is new file mode 100644 index 00000000..943f54f0 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/risc'is @@ -0,0 +1,19 @@ + + ߲ + + ܲ ܲ + + ߲ + ߲ + + + + + ߲ + + + + =/\/\= RiSE iN SUPERiOR COURiERiNG =/\/\= + + -= RiSC '94 =- + \ No newline at end of file diff --git a/textfiles.com/piracy/COURIERS/risc0295.nfo b/textfiles.com/piracy/COURIERS/risc0295.nfo new file mode 100644 index 00000000..8b29aa5c --- /dev/null +++ b/textfiles.com/piracy/COURIERS/risc0295.nfo @@ -0,0 +1,98 @@ + + ߲ + + ܲ ܲ + + ߲ + ߲ + + + + + ߲ + + + + /\/ RiSE iN SUPERiOR COURiERiNG \/\ + + /\/ O-12 HOUR WAREZ \/\ + + + -----/\/ SENiOR STAFF \/\------ + + Crackpot Eagle 1 Mikeysoft + + -----/\/ COORDiNATORS \/\------ + + Bball Oyl Patch Star Gazor + + -----/\/ TRADERS \/\------ + + Alexis Machine Big Dumper Black Mantle Beelzebub Chaft + Dark Soul Colt Python Cruger Disk Killer Elvin Nox . Faldo + Hellhound Jopiter Legion Lunatic Genius Maverick Myst + Shawn Skybum Stingray6 The Dutchmen The Dreamer The Outlaws + + -----/\/ MEMBERS \/\------ + + Beachboy CaStero Chronus G-Man Messenger of Death + Milo Minderbinder Ragnarok Rude Boy ShadowFax + Sigh Technomancer Wayward + + * NOTE: All Sysops of RiSC boards are full members. * + + -----/\/ GROUP NOTES \/\------ + + + We welcome our most recent additons to our World Class Trading Team: + + DARK SOUL, MAVERICK, SHAWN, and THE DUTCHMEN! + + We also welcome our new Western Headquarters, RiP! + + + -----/\/ GREETS \/\------ + + GENESiS, NTA, and SiLiCON! + + -----/\/ HEADQUARTER BOARDS \/\------ + + Final Frontier World HQ 6 Nodes MikeySoft + Park Central U.S.A HQ 15 Nodes Silver V & Crackpot + X-Factor Courier HQ 10 Nodes Blaster + Rest In Peace Western HQ 15 Nodes RiP Staff + Twenty One Twelve Eastern HQ 7 Nodes Analog Kid + Akira Canada HQ 10 Nodes Pharoah + + -----/\/ MEMBER BOARDS \/\------ + + Dark Angel 2 Nodes [+32] XXXXXXX Felix + Gangland Chicago 8 Nodes [305] XXXXXXX The Untimed + Silverado 3 Nodes [+31] XXXXXXX Blue Sky + Southern Wastelands 4 Nodes [XXX] XXXXXXX Legion + The Eclipse 6 Nodes [805] XXXXXXX The Mustang + The General 6 Nodes [713] XXXXXXX OylPatch / General + Touchdown 4+ISDN [+49] XXXXXXX Ask Hellhound! + + -----/\/ AFFiLiATE BOARDS \/\------ + + Cocanut Bungalo 3 Nodes [313] XXXXXXX Moongola + Ground Zero 3 Nodes [801] XXXXXXX Nitro + Hangar 18 2 Nodes [602] XXXXXXX Royce + The Shallow Grave 4 Nodes [804] XXXXXXX Lord Rook / Grady + The Hacked Root 3 Nodes [317] XXXXXXX The G-Man + Zen 6 Nodes [410] XXXXXXX Sigh + + -----/\/ PLEASE NOTE \/\------ + + If you are interested in joining RiSC, either as a TRADER + or as an AFFiLiATE BOARD, contact one of our people. + We are only accepting a very small percentage of those interested in + joining, so please make sure you have something to offer the group. + + RiSC does not take donations of any sort for our services. + We work on merit alone, the way the scene should be run. + + --/\/ (1995)(C) RiSE iN SUPERiOR COURiERiNG (C)(1995) \/\-- + -----/\/ FEBRUARY 27TH 1995 \/\------ + \ No newline at end of file diff --git a/textfiles.com/piracy/COURIERS/risc0296.nfo b/textfiles.com/piracy/COURIERS/risc0296.nfo new file mode 100644 index 00000000..065caf68 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/risc0296.nfo @@ -0,0 +1,110 @@ + ߲ + + ܲ ܲ + + ߲ + ߲ + + + + + ߲ + + + + /\/ RiSE iN SUPERiOR COURiERiNG \/\ + + /\/ O-12 HOUR WAREZ \/\ + + + -----/\/ SENiOR STAFF \/\------ + + Crackpot Eagle 1 + + -----/\/ COORDiNATORS \/\------ + + Darkhosis Oyl Patch + + -----/\/ TRADERS \/\------ + + Aeon & Flux Anthrax Bababoey Beelzebub Bleeding Bluewater + Chaft Chainsaw Massacre Cruger Darkside + Darth Vador Demon Lord Duro Elvin Nox Frank Rizzo + Immortal LoLo Maverick Phat Prophet Rage Shatter Star + Skybum Stingray 6 Studster Suspicious Image + The Dutchmen The Outlaws The Punisher Toast Tornado + Ustasa White Knight + + -----/\/ MEMBERS \/\------ + + Analog Kid Bball Beachboy Celestial Wizard Chronus + Dark Star Darkforce Daviolator Dream G-Man Ice Jex Mann + Lenon Lunatic Genius Mach One Milo Minderbinder + Mr. Blazer & Yum Yum Myst Photon Torpedo Processor + Shadowfax Spoonman Technomancer The Druid + Viper Krynn Warblade Yazoo + + * NOTE: All Sysops of RiSC boards are Full Members. * + + -----/\/ GROUP NOTES \/\------ + + RiSC continues it's long time tradition of dominating the scene with + it's superior couriering and unique attitude! + + Time for some winter cleaning! If you still think you should be a part + of our Killer Crew then email one of our people and explain why! + + We have removed quite a few inactive members, if these members become + active again then please feel free to reapply and we will consider + reactivating your membership. + + We welcome our most recent additions to our World Class Trading Team: + IMMORTAL, PHOTON TORPEDO, RAGE, THE DUTCHMAN, AND WHITE KNIGHT! + + -----/\/ GREETS \/\------ + + HYBRiD, PWA, CoRP, DoD, ROR, RAZOR 1911, and X-FORCE! + + -----/\/ HEADQUARTER BOARDS \/\------ + + Park Central World HQ 16 Nodes Crackpot / SV + Twenty One Twelve U.S. HQ 7 Nodes Analog Kid + X-Factor Courier HQ 10 Nodes Longshot + The Wall Eastern HQ 7 Nodes Roland + Beyond Akira Canadian HQ 10 Nodes Pharaoh + + -----/\/ MEMBER BOARDS \/\------ + + Chronic Disorder 2 Nodes [XXX] XXXXXXX Beelzebub + CoC 6 Nodes [XXX] XXXXXXX CoC STAFF + Dead Pirates Soc. 3 Nodes [XXX] XXXXXXX Corpse + Druids^Keep 7 Nodes [+61] XXXXXXX The Druid + The Eclipse 6 Nodes [805] XXXXXXX The Mustang + Manifest Destiny 3 Nodes [XXX] XXXXXXX Tornado + Spellbound 7+ISDN [XXX] XXXXXXX Cruger + System 75 7 Nodes [202] XXXXXXX Dark Star + Touchdown 4+ISDN [+49] XXXXXXX Ask Hellhound! + Undergrnd Insanity 5 Nodes [XXX] XXXXXXX Duro + + -----/\/ AFFiLiATE BOARDS \/\------ + + Acheron 3 Nodes [214] XXXXXXX Bababoey + Cheap Talk 3 Nodes [770] XXXXXXX Brad Carlton + Coconut Bungalo 3 Nodes [313] XXXXXXX Mongoola + The Shallow Grave 4 Nodes [804] XXXXXXX Lord Rook / Grady + The Hacked Root 3 Nodes [XXX] XXXXXXX The G-Man + The General 6 Nodes [713] XXXXXXX General + Zen 6 Nodes [410] XXXXXXX Sigh + + -----/\/ PLEASE NOTE \/\------ + + If you are interested in joining RiSC, either as a TRADER + or as an AFFiLiATE BOARD, contact one of our people. + We are only accepting a very small percentage of those interested in + joining, so please make sure you have something to offer the group. + + RiSC does not take donations of any sort for our services. + We work on merit alone, the way the scene should be run. + + --/\/ (1996)(C) RiSE iN SUPERiOR COURiERiNG (C)(1996) \/\-- + -----/\/ FEBRUARY 12TH 1996 \/\-----  diff --git a/textfiles.com/piracy/COURIERS/risc0394.nfo b/textfiles.com/piracy/COURIERS/risc0394.nfo new file mode 100644 index 00000000..37b8f9f7 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/risc0394.nfo @@ -0,0 +1,131 @@ +RiSC COURiERiNG and Alpha Couriering have merged to form a NEW and IMPROVED +RiSC! RiSC welcomes all its new members to the #1 Courier group! + + WK [iCE] 8/2/93 + ߲ + + ܲ ܲ + + ߲ + ߲ + + + + + ߲ + + + + =/\/\= RiSE iN SUPERiOR COURiERiNG =/\/\= + The Official Couriers of NTA & Pentagram! + + -*- 0-12 HOUR WAREZ -*- + + + Senior Staff + + CHESSKiNG  Eagle 1  The Enforcer  Prophet  WiLKiNS + + + Regional Coordinators + + Chronus  Fatal Spirit  Fiona  King Lear + Ningauble  Oyl Patch  Prince of Thieves  The Drunkard  WayWard + + + Elite Traders + + Akira  Bitmaster  Black Jack  Digital Interface  Dizzy + Jopiter  Felix  Fozzy  Hell Hound  LoLo  MooN  Mr Axxess + Royal Knight  SkyBum  The Master  Techno J  Timebuster  YaZoO + + + Members + + Analog Kid  Broker  Chainsaw  Count Hackula  Dalamar  Darion + Dr. Insanity  G-Man  Hades  Hurricane  K0mrad + Milo MinderBinder  Messenger of Death  Red Bear  RetsaM ehT + RifleMan  Sector9  Stingray  The TechnoMancer + + + Console + + Bball  Butch  Moebius  Nostromo  Sigmund Freud  Wolverine + + + Couriers + + Alexis Machine  Chuckle Bunny  Crackpot + Factory  The Gnostic  Ixcalthar  Primal Scream  Ragnarok  Raven + Seoman  Shadowfax  Skywalker  The WildCard + + + RiSC GREETiNGS Major Theft, Big Boss, Butcher + GO OUT + TO: NTA, Pentagram, Razor 1911, TRSi, Nexus, TMM + + + --------------------------------------------------------------- + | If you are interested in joining RiSC, either as a COURiER or | + | as a DiSTRiBUTiON SiTE, call our Application Headquarters, | + | Twenty One Twelve (518) 272-8753 | + | | + | LOGiN: RiSC | + | PASSWORD: RiSC | + | Download the file RiSCAPPS.ZIP, fill out the appropriate | + | application, and Upload it to the RiSC Conference. | + | Or email the app to Enforcer on any major bbs. | + --------------------------------------------------------------- + + /=HEADQUARTER BOARDS=\ķ + The Final Frontier World HQ 4 Node ...-...-.... MikeySoft + Moral Decay U.S. HQ 6 Node ...-...-.... Corrupt + Eleventh Hour Courier HQ 10Node ...-...-.... MKo! + Unlawful Entry HQ 10Node ...-...-.... Major Theft + Digital Underground Eastern HQ 5 Node ...-...-.... Dr. Insanity + Dawn of Eternity Central HQ 7 Node ...-...-.... Skeleton + Manhattan Project Western HQ 4 Node ...-...-.... Rifleman + Ľ + /=MEMBER BOARDS=\ķ + Silverado 3 Node +(31) ...-.... Blue Sky + Dark Angel 2 Node +(32) ...-.... Felix + At the Beach! 3+ISDN +(49) ASK-FiONA FiONA + The Haunted House 4 Node +(49) ...-.... The Master + City Of Chaos 1 Node (212) ...-.... Prophet + Twenty One Twelve 3 Node (518) 272-8753 Analog Kid + Fractal Mode 2 Node (619) ...-.... Chronus + The General 6 Node (713) ...-.... OylPatch + Orion's Belt 1 Node (718) ...-.... The Drunkard + Ľ + /=iNTERNATiONAL SiTES=\ķ + Flying Saucer Belgium 4 Node +32-ASK-Fozzy ULi + Extasy World Spain 4 Node +34-1345-5208 Quasar + MadMan's Sanktuary Germany 3 Node +49-ASK-WiLK STB + Oceanary Germany 4+ISDN +49-...-.... Ask Hellhound! + Beyond Akira Canada 5 Node 416-...-.... Pharaoh + Ľ + ķ/=AFFiLiATE BOARDS=\ķ + Dimention XXX 2 Node (215) ...-.... Dr. Anarchy + The Sanitarium BBS 2 Node (317) ...-.... The G-Man + Street Spyders 5 Node (713) ...-.... Maverick + Joshua 3 Node (716) ...-.... Abuse + New World Order 1 Node (908) ...-.... Polaris + Ľ + /=DiSTRiBUTiON SiTES=\ķ + The AfterMath 2 Node (206) ...-.... Paradigm + Brotherhood of Thieves 2 Node (215) ...-.... The WildCard + Dimension Hatrss II 2 Node (216) ...-.... Dalamar Do'Urden + Gangland Chicago 3 Node (305) ...-.... Untouchable + Coconut Bungalo 1 Node (313) ...-.... Mongoola + The Falcon's Eye 3 Node (414) ...-.... Ixcalthar + Zero Gravity 1 Node (415) ...-.... Velocity + Skitzo BBS 2 Node (512) ...-.... Waysted + Hangar 18 2 Node (602) ...-.... Royce + Park Central 8 Node (708) ...-.... Silver V + Community Blowtorch 4 Node (716) ...-.... Quadrant + The Temples of Syrinx 4 Node (813) ...-.... Urick + Ľ + -*- No Previews/Demos -*- No Non-English Shit -*- + -*- Games  Utiliites  Applications  Console Warez -*- + + -= RiSC '94 =- \ No newline at end of file diff --git a/textfiles.com/piracy/COURIERS/risc0595.nfo b/textfiles.com/piracy/COURIERS/risc0595.nfo new file mode 100644 index 00000000..dd0689c0 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/risc0595.nfo @@ -0,0 +1,103 @@ + + ߲ + + ܲ ܲ + + ߲ + ߲ + + + + + ߲ + + + + /\/ RiSE iN SUPERiOR COURiERiNG \/\ + + /\/ O-12 HOUR WAREZ \/\ + + + -----/\/ SENiOR STAFF \/\------ + + Crackpot Eagle 1 Mikeysoft + + -----/\/ COORDiNATORS \/\------ + + Bball Oyl Patch Star Gazor + + -----/\/ TRADERS \/\------ + + Alexis Machine Beelzebub Big Dumper Corpse Chaft Criminal Overlord + Critical Mass Cruger Dark Soul Disk Killer Dr. Death + Elvin Nox Faldo Hellhound Jopiter Kid Creole Lunatic Genius + Maverick Maverick TG Myst Pharaoh Processor Rift Shawn Skybum +Stingray 6 The Dutchmen The Outlaws The Punisher Toast Tomas Ustasa + + -----/\/ MEMBERS \/\------ + + Baked Potato Beachboy CaStero Chronus Colt Python Demon + Demon Lord G-Man Glacius 1 Liquidater Messenger of Death + Milo Minderbinder Rude Boy Rygar ShadowFax Sigh + Supernaut Technomancer Uncle John Wayward + + * NOTE: All Sysops of RiSC boards are Full Members. * + + -----/\/ GROUP NOTES \/\------ + + Park Central is now officially RiSC World Headquarters! + + We welcome our most recent additons to our World Class Trading Team: + + SUPERNAUT and THE PUNISHER! + + + -----/\/ GREETS \/\------ + + SCUM, GNSiS, PROPHECY, RAZOR 1911, NTA, and ZILLIONZ! + + -----/\/ HEADQUARTER BOARDS \/\------ + + Park Central World HQ 15 Nodes Silver V / Crackpot + Final Frontier U.S. HQ 6 Nodes MikeySoft + X-Factor Courier HQ 10 Nodes Blaster + Twenty One Twelve Eastern HQ 7 Nodes Analog Kid + Akira Canada HQ 10 Nodes Pharaoh + + -----/\/ MEMBER BOARDS \/\------ + + BBS to Nowhere 2 Nodes [XXX] XXXXXXX Baked Potato + Dark Angel 2 Nodes [+32] XXXXXXX Felix + Hellraiser 7 Nodes [819] XXXXXXX Rift + Silverado 3 Nodes [+31] XXXXXXX Blue Sky + Southern Wastelands 4 Nodes [XXX] XXXXXXX Legion + The Eclipse 6 Nodes [805] XXXXXXX The Mustang + The General 6 Nodes [713] XXXXXXX OylPatch / General + Touchdown 4+ISDN [+49] XXXXXXX Ask Hellhound! + Trader's Outpost 3 Nodes [201] XXXXXXX Liquidater + + -----/\/ AFFiLiATE BOARDS \/\------ + + Beyond the Cemetery 3 Nodes [905] XXXXXXX Corpse + Cocanut Bungalo 3 Nodes [313] XXXXXXX Moongola + Ground Zero 3 Nodes [801] XXXXXXX Nitro + Hangar 18 2 Nodes [602] XXXXXXX Royce + Temperal Flux 4 Nodes [416] XXXXXXX Critical Mass + The Shallow Grave 4 Nodes [804] XXXXXXX Lord Rook / Grady + The Hacked Root 3 Nodes [XXX] XXXXXXX The G-Man + The Belfry 2 Nodes [+44] XXXXXXX Faldo + The Toxic Dump 2 Nodes [905] XXXXXXX Toast + Zen 6 Nodes [410] XXXXXXX Sigh + + -----/\/ PLEASE NOTE \/\------ + + If you are interested in joining RiSC, either as a TRADER + or as an AFFiLiATE BOARD, contact one of our people. + We are only accepting a very small percentage of those interested in + joining, so please make sure you have something to offer the group. + + RiSC does not take donations of any sort for our services. + We work on merit alone, the way the scene should be run. + + --/\/ (1995)(C) RiSE iN SUPERiOR COURiERiNG (C)(1995) \/\-- + -----/\/ MAY 08TH 1995 \/\------ diff --git a/textfiles.com/piracy/COURIERS/risc0795.nfo b/textfiles.com/piracy/COURIERS/risc0795.nfo new file mode 100644 index 00000000..990d10ad --- /dev/null +++ b/textfiles.com/piracy/COURIERS/risc0795.nfo @@ -0,0 +1,107 @@ + ߲ + + ܲ ܲ + + ߲ + ߲ + + + + + ߲ + + + + /\/ RiSE iN SUPERiOR COURiERiNG \/\ + + /\/ O-12 HOUR WAREZ \/\ + + + -----/\/ SENiOR STAFF \/\------ + + Crackpot Eagle 1 Mikeysoft + + -----/\/ COORDiNATORS \/\------ + + Bball Dark Soul Oyl Patch Star Gazor + + -----/\/ TRADERS \/\------ + + Beelzebub Bluewater Chaft Chainsaw Massacre Criminal Overlord + Cruger Darkhosis Darkside Daviolator Demon Lord Dr. Death + Elvin Nox Flamer Flyer Frank Rizzo Hellhound Jopiter Kid Creole + Lunatic Genius Malicious Intent Maverick Maverick TG Processor + Scorpion Shawn Skybum Stingray 6 The Dutchmen The Outlaws + The Druid Tomas + + -----/\/ MEMBERS \/\------ + + Analog Kid Baked Potato Beachboy Big Dumper CaStero Chronus + Colt Python Critical Mass Disk Killer Faldo G-Man + Kronos Liquidater Milo Minderbinder Myst Prophet Rift Rude Boy + Rygar ShadowFax Sigh Speed Master Studster Supernaut + Mr. Blazer and Yum Yum Technomancer Wayward + + * NOTE: All Sysops of RiSC boards are Full Members. * + + -----/\/ GROUP NOTES \/\------ + + RiSC continues it's long time tradition of dominating the scene with + it's superior couriering and unique attitude! + Time for some spring cleaning! If you still think you should be a part + of our Killer Crew then email one of our people and explain why! + + We welcome our most recent additons to our World Class Trading Team: + + SPEED MASTER and STUDSTER! + + -----/\/ GREETS \/\------ + + PROPHECY, GNSiS, SCuM, ECLiPSE, RAZOR 1911, DYNAMiX, NTA, + PWA, FSW, X-FORCE and ZiLLiONZ! + + -----/\/ HEADQUARTER BOARDS \/\------ + + Park Central World HQ 16 Nodes Silver V / Crackpot + Twenty One Twelve U.S. HQ 7 Nodes Analog Kid + X-Factor Eastern HQ 10 Nodes X-Factor Staff + The Final Frontier Western HQ 4 Nodes Mikeysoft + + -----/\/ MEMBER BOARDS \/\------ + + BBS to Nowhere 2 Nodes [XXX] XXXXXXX Baked Potato + Dark Angel 2 Nodes [+32] XXXXXXX Felix + Druids^Keep 7 Nodes [+61] XXX-XXXX The Druid + Hellraiser 7 Nodes [819] XXXXXXX Rift + Point Blank 3 Nodes [416] XXXXXXX Critical Mass + Silverado 3 Nodes [+31] XXXXXXX Blue Sky + Southern Wastelands 4 Nodes [XXX] XXXXXXX Legion + Speed & Ecstasy 5 Nodes [+49] XXX-XXXX Darkside + The Eclipse 6 Nodes [805] XXXXXXX The Mustang + Touchdown 4+ISDN [+49] XXXXXXX Ask Hellhound! + Trader's Outpost 3 Nodes [201] XXXXXXX Liquidater + + -----/\/ AFFiLiATE BOARDS \/\------ + + Acheron 3 Nodes [214] XXX-XXXX Bababooey + Coconut Bungalo 3 Nodes [313] XXXXXXX Mongoola + Ground Zero 3 Nodes [801] XXXXXXX Nitro + Hangar 18 2 Nodes [602] XXXXXXX Royce + The Shallow Grave 4 Nodes [804] XXXXXXX Lord Rook / Grady + The Hacked Root 3 Nodes [XXX] XXXXXXX The G-Man + The Belfry 2 Nodes [+44] XXXXXXX Faldo + The General 6 Nodes [713] XXXXXXX General + Zen 6 Nodes [410] XXXXXXX Sigh + + -----/\/ PLEASE NOTE \/\------ + + If you are interested in joining RiSC, either as a TRADER + or as an AFFiLiATE BOARD, contact one of our people. + We are only accepting a very small percentage of those interested in + joining, so please make sure you have something to offer the group. + + RiSC does not take donations of any sort for our services. + We work on merit alone, the way the scene should be run. + + --/\/ (1995)(C) RiSE iN SUPERiOR COURiERiNG (C)(1995) \/\-- + -----/\/ JULY 16TH 1995 \/\------  \ No newline at end of file diff --git a/textfiles.com/piracy/COURIERS/risc0996.nfo b/textfiles.com/piracy/COURIERS/risc0996.nfo new file mode 100644 index 00000000..992dc2e9 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/risc0996.nfo @@ -0,0 +1,105 @@ + ߲ + + ܲ ܲ + + ߲ + ߲ + + + + + ߲ + + + + /\/ RiSE iN SUPERiOR COURiERiNG \/\ + + /\/ O-12 HOUR WAREZ \/\ + + + -----/\/ SENiOR STAFF \/\------ + + Eagle 1 Enforcer Prophet + + -----/\/ COORDiNATORS \/\------ + + Arch-Vile Darkside Suspicious Image + + -----/\/ TRADERS \/\------ + + Bababoey Beelzebub Bizzy Corpse Crazy Cruger Cyberjack + Digivamp Fronthead G-Bit Gremlin Legion Lunatic Genius + Maverick Ones Wally Oyl Patch Razor Sharp Skybum + Slain Stingray 6 Terminator The Comet The Outlaws Xwing + + -----/\/ MEMBERS \/\------ + + Analog Kid Beachboy Bleachboy Captain Haywood Chronus Cirion + Crackpot Daviolator Deepmind Hemp Hoodlum Ice Mach One Marlboro + Milo Minderbinder Mr. Blazer & Yum Yum Shadowfax Scorpion & Subzero + Speedmaster Stingray Technomancer Tornado Widget + + * NOTE: All Sysops of RiSC boards are Full Members. * + + -----/\/ GROUP NOTES \/\------ + + RiSC is the longest lasting courier grp by far, and continues to bring + honor and respect to the courier scene as only RiSC can. + To our supporters we can only say, that YOU are what keeps the group going. + And to our competitors we say, keep trying guys, you can only aspire. + + RiSC wishes to bid a very affectionate and heartfelt farewell to one of + our most loyal and dedicated members, Pharaoh and his awesome bbs, + Beyond Akira, you will be dearly missed. We wish you the best + of luck with your future projects and we hope that everything goes well + for you. + + We have removed quite a few inactive members, if you become active again + then please feel free to reapply and we will consider reactivating + your membership ASAP. + We welcome the most recent additions to our World Class Trading Team: + + CRAZY, LEGION, CAPTAIN HAYWOOD, TERMINATOR, DEEPMIND, AND MARLBORO + + -----/\/ GREETS \/\------ + + RAZOR 1911/RCD, PWA, MTY, DoD, PSG, NAPALM and X-FORCE! + + -----/\/ HEADQUARTER BOARDS \/\------ + + Park Central World HQ 16 Nodes Crackpot / SV + Twenty One Twelve U.S. HQ 7 Nodes Analog Kid + X-Factor Courier HQ 10 Nodes Longshot + + -----/\/ MEMBER BOARDS \/\------ + + Acheron 3 Nodes [214] XXXXXXX Bababoey + Chronic Disorder 2 Nodes [XXX] XXXXXXX Beelzebub + Darklands BBS 6 Nodes [XXX] XXXXXXX Deathwalker + Dead Pirates Soc. 3 Nodes [XXX] XXXXXXX Corpse + The Eclipse 6 Nodes [805] XXXXXXX The Mustang + Spellbound 7+ISDN [XXX] XXXXXXX Cruger + Touch Down 9 Nodes [+XX] XXXXXXX Palladin + Undergrnd Insanity 5 Nodes [XXX] XXXXXXX UI Staff + + -----/\/ AFFiLiATE BOARDS \/\------ + + Cheap Talk 3 Nodes [770] XXXXXXX Brad Carlton + Coconut Bungalo 3 Nodes [313] XXXXXXX Mongoola + Drug Shop 4 Nodes [+XX] XXXXXXX Parker Lewis + The Shallow Grave 6 Nodes [804] XXXXXXX Grady + The General 6 Nodes [713] XXXXXXX General + Zen 6 Nodes [410] XXXXXXX Sigh + + -----/\/ PLEASE NOTE \/\------ + + If you are interested in joining RiSC, either as a TRADER + or as an AFFiLiATE BOARD, contact one of our people. + We are only accepting a very small percentage of those interested in + joining, so please make sure you have something to offer the group. + + RiSC does not take donations of any sort for our services. + We work on merit alone, the way the scene should be run. + + --/\/ (1996)(C) RiSE iN SUPERiOR COURiERiNG (C)(1996) \/\-- + -----/\/ SEPTEMBER 22ND 1996 \/\-----  \ No newline at end of file diff --git a/textfiles.com/piracy/COURIERS/risc1.nfo b/textfiles.com/piracy/COURIERS/risc1.nfo new file mode 100644 index 00000000..5879927d --- /dev/null +++ b/textfiles.com/piracy/COURIERS/risc1.nfo @@ -0,0 +1,105 @@ + + ߲ + + ܲ ܲ + + ߲ + ߲ + + + + + ߲ + + + + /\/ RiSE iN SUPERiOR COURiERiNG \/\ + + /\/ O-12 HOUR WAREZ \/\ + + + -----/\/ SENiOR STAFF \/\------ + + Crackpot Eagle 1 Mikeysoft + + -----/\/ COORDiNATORS \/\------ + + Bball Oyl Patch Star Gazor + + -----/\/ TRADERS \/\------ + + Alexis Machine Beelzebub Big Dumper Corpse Chaft Colt Python + Criminal Overlord Cruger Dark Soul Disk Killer Dr. Death + Elvin Nox Faldo Hellhound Jopiter Kid Creole Lunatic Genius + Maverick Maverick TG Myst Pharaoh Processor Rift Shawn Skybum + Stingray 6 The Dutchmen The Outlaws Toast Tomas Ustasa + + -----/\/ MEMBERS \/\------ + + Baked Potato Beachboy CaStero Chronus Critical Mass Demon + Demon Lord G-Man Glacius 1 Liquidater Messenger of Death + Milo Minderbinder Ragnarok Rude Boy Rygar ShadowFax Sigh + Technomancer Uncle John Wayward + + * NOTE: All Sysops of RiSC boards are Full Members. * + + -----/\/ GROUP NOTES \/\------ + + Park Central is now officially RiSC World Headquarters! + + We welcome our most recent additons to our World Class Trading Team: + + CORPSE, CRITICAL MASS, RIFT, TOAST, TOMAS and USTASA! + + + -----/\/ GREETS \/\------ + + SCuM, GNSiS, RAZOR 1911, NTA and ZiLLiONZ! + + -----/\/ HEADQUARTER BOARDS \/\------ + + Park Central World HQ 15 Nodes Silver V / Crackpot + Final Frontier U.S. HQ 6 Nodes MikeySoft + X-Factor Courier HQ 10 Nodes Blaster + Twenty One Twelve Eastern HQ 7 Nodes Analog Kid + Akira Canada HQ 10 Nodes Pharaoh + + -----/\/ MEMBER BOARDS \/\------ + + BBS to Nowhere 2 Nodes [XXX] XXXXXXX Baked Potato + Dark Angel 2 Nodes [+32] XXXXXXX Felix + Gargoyle's Peak 5 Nodes [216] XXXXXXX Uncle John + Hellraiser 7 Nodes [819] XXXXXXX Rift + Silverado 3 Nodes [+31] XXXXXXX Blue Sky + Southern Wastelands 4 Nodes [XXX] XXXXXXX Legion + The Eclipse 6 Nodes [805] XXXXXXX The Mustang + The General 6 Nodes [713] XXXXXXX OylPatch / General + Touchdown 4+ISDN [+49] XXXXXXX Ask Hellhound! + Trader's Outpost 3 Nodes [201] XXXXXXX Liquidater + + -----/\/ AFFiLiATE BOARDS \/\------ + + Beyond the Cemetery 3 Nodes [905] XXXXXXX Corpse + Cocanut Bungalo 3 Nodes [313] XXXXXXX Moongola + Ground Zero 3 Nodes [801] XXXXXXX Nitro + Hangar 18 2 Nodes [602] XXXXXXX Royce + Temperal Flux 4 Nodes [416] XXXXXXX Critical Mass + The Shallow Grave 4 Nodes [804] XXXXXXX Lord Rook / Grady + The Hacked Root 3 Nodes [XXX] XXXXXXX The G-Man + The Belfry 2 Nodes [+44] XXXXXXX Faldo + The Toxic Dump 2 Nodes [905] XXXXXXX Toast + Zen 6 Nodes [410] XXXXXXX Sigh + + -----/\/ PLEASE NOTE \/\------ + + If you are interested in joining RiSC, either as a TRADER + or as an AFFiLiATE BOARD, contact one of our people. + We are only accepting a very small percentage of those interested in + joining, so please make sure you have something to offer the group. + + RiSC does not take donations of any sort for our services. + We work on merit alone, the way the scene should be run. + + --/\/ (1995)(C) RiSE iN SUPERiOR COURiERiNG (C)(1995) \/\-- + -----/\/ APRIL 19TH 1995 \/\------ + \ No newline at end of file diff --git a/textfiles.com/piracy/COURIERS/risc1293.nfo b/textfiles.com/piracy/COURIERS/risc1293.nfo new file mode 100644 index 00000000..e9d9eef2 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/risc1293.nfo @@ -0,0 +1,115 @@ + WK [iCE] 8/2/93 + ߲ + + ܲ ܲ + + ߲ + ߲ + + + + + ߲ + + + + =/\/\= RiSE iN SUPERiOR COURiERiNG =/\/\= + The Official Couriers of iCE & NTA! + The Official Affiliate Couriers of Pentagram! + + -*- 0-12 HOUR WAREZ -*- + + + Senior Staff + + CHESSKiNG  The Drunkard  Eagle 1  The Enforcer  WayWard + + + Senior Members + + Analog Kid  Dr. Insanity  Folksinger  Fiona + Rifleman  Stingray + + + Staff + + Baal Le'Klorin  Bball  Darion  Hurricane + Hades  K0mrad  Prince of Thieves  Red Bear  Red Wizard + Sector 9  Syntax Error + + + Members + + Chronus  Chuckle Bunny  Count Hackula  CRS  Dalamar  DoD + Ice  Jabbah  Marauder  Messenger of Death  Oyl Patch  Polarbear + RetsaM ehT  Skybum  SLAiN  Venom + + + Console + + King Lear  Sigmund Freud  Wolverine + + + Couriers + + Alexis Machine  Chainsaw  Crackpot  DJ-Pain + Elektrik ][ce  The G-Man  Ixcalthar  iNFiLTRaToR  Lord Valgamon + Primal Scream  Ragnarok  Seoman  Shadowfax  Skywalker + Two Gun Mojo  Trickster + + + RiSC GREETiNGS Major Theft, The Skeleton, Mikeysoft, Phone Stud + GO OUT + TO: NTA, Razor 1911, Alpha, Nexus, TRSi + + + --------------------------------------------------------------- + | If you are interested in joining RiSC, either as a COURiER or | + | as a DiSTRiBUTiON SiTE, call our Eastern Headquarters, | + | Twenty One Twelve (518) 272-8753 | + | | + | LOGiN: RiSC | + | PASSWORD: RiSC | + | Download the file RiSCAPPS.ZIP, fill out the appropriate | + | application, and email it to RiSCman. | + --------------------------------------------------------------- + + /=HEADQUARTER BOARDS=\ķ + The Final Frontier World HQ 4 Node ...-...-.... MikeySoft + Dawn of Eternity U.S. HQ 6 Node ...-...-.... Skeleton + Unlawful Entry Courier HQ 8 Node ...-...-.... Major Theft + Manhattan Project Western HQ 3 Node ...-...-.... Rifleman + Twenty One Twelve Eastern HQ 3 Node 518-272-8753 Analog Kid + Ľ + /=MEMBER BOARDS=\ķ + At the Beach! 1 Node +(49) ...-.... BeachBoy + Digital Underground 3 Node (301) ...-.... Dr. Insanity + State of Devolution 4 Node (305) ...-.... Marauder + Fractal Mode 2 Node (619) ...-.... Chronus + Orion's Belt 1 Node (718) ...-.... The Drunkard + Ľ + ķ/=AFFiLiATE BOARDS=\ķ + The Sanitarium BBS 2 Node (317) ...-.... The G-Man + Joshua 3 Node (716) ...-.... Abuse + Ľ + /=DiSTRiBUTiON SiTES=\ķ + The STAR BBS 1 Node +61(9)349-6535 The DUDE + Shadow Realm 1 Node (203) ...-.... Shadow Hawk + Black Unicorn Systems 2 Node (204) ...-.... The Alchemist + The AfterMath 2 Node (206) ...-.... Paradigm + Gangland Chicago 3 Node (305) ...-.... Untouchable + The Rapture 1 Node (306) ...-.... Trickster + Coconut Bungalo 1 Node (313) ...-.... Mongoola + The Falcon's Eye 3 Node (414) ...-.... Ixcalthar + Zero Gravity 1 Node (415) ...-.... Velocity + Skitzo BBS 2 Node (512) 353-0429 Waysted + Hangar 18 1 Node (602) ...-.... Royce + Midwest File Exchange 6 Node (708) ...-.... Silver V + Community Blowtorch 4 Node (716) ...-.... Quadrant + The Temples of Syrinx 2 Node (813) ...-.... Urick + VoiD oF REALItY 1 Node (902) 445-5561 The VoiDMASter + Ľ + -*- No Previews/Demos -*- No Non-English Shit -*- + -*- Games  Utiliites  Applications  Console Warez -*- + + -= RiSC '93 =- diff --git a/textfiles.com/piracy/COURIERS/risc94.nfo b/textfiles.com/piracy/COURIERS/risc94.nfo new file mode 100644 index 00000000..13eaa4fa --- /dev/null +++ b/textfiles.com/piracy/COURIERS/risc94.nfo @@ -0,0 +1,130 @@ +RiSC COURiERiNG and Alpha Couriering have merged to form a NEW and IMPROVED +RiSC! RiSC welcomes all its new members to the #1 Courier group! + + WK [iCE] 8/2/93 + ߲ + + ܲ ܲ + + ߲ + ߲ + + + + + ߲ + + + + =/\/\= RiSE iN SUPERiOR COURiERiNG =/\/\= + The Official Couriers of NTA & Pentagram! + + -*- 0-12 HOUR WAREZ -*- + + + Senior Staff + + CHESSKiNG  Eagle 1  The Enforcer  Prophet  WiLKiNS + + + Regional Coordinators + + Chronus  Fatal Spirit  Fiona  King Lear + Prince of Thieves  Oyl Patch  The Drunkard  WayWard + + + Elite Traders + + Akira  Bitmaster  Black Jack  Dizzy  Jopiter  Felix + Fozzy  Hell Hound  MooN  Mr Axxess  Ningauble + Royal Knight  SkyBum  The Master  Timebuster  YaZoO + + + Members + + Analog Kid  Broker  Count Hackula  Dalamar  Darion + Dr. Insanity  G-Man  Hades  Hurricane  K0mrad + Kid Capri  Messenger of Death  Mr Lamer  Red Bear  RetsaM ehT + RifleMan  Sector9  Stingray + + + Console + + Bball  Butch  Moebius  Nostromo  Sigmund Freud  Wolverine + + + Couriers + + Alexis Machine  Chuckle Bunny  Chainsaw  Crackpot + Factory  The Gnostic  Ixcalthar  Primal Scream  Ragnarok  Seoman + Shadowfax  Skywalker  Surfin Cow  The WildCard + + + RiSC GREETiNGS Major Theft, The Skeleton, Big Boss, Butcher + GO OUT + TO: NTA, Pentagram,Razor 1911, TRSi, Nexus, TMM + + + --------------------------------------------------------------- + | If you are interested in joining RiSC, either as a COURiER or | + | as a DiSTRiBUTiON SiTE, call our Application Headquarters, | + | Twenty One Twelve (518) 272-8753 | + | | + | LOGiN: RiSC | + | PASSWORD: RiSC | + | Download the file RiSCAPPS.ZIP, fill out the appropriate | + | application, and Upload it to the RiSC Conference. | + | Or email the app to Enforcer or Prophet on any major bbs. | + --------------------------------------------------------------- + + /=HEADQUARTER BOARDS=\ķ + The Final Frontier World HQ 4 Node ...-...-.... MikeySoft + Moral Decay U.S. HQ 6 Node ...-...-.... Corrupt + Road Runner Courier HQ 8 Node ...-...-.... Coyote Member + Dawn of Eternity Central HQ 6 Node ...-...-.... Skeleton + Manhattan Project Western HQ 4 Node ...-...-.... Rifleman + Digital Underground Eastern HQ 5 Node ...-...-.... Dr. Insanity + Ľ + /=iNTERNATiONAL HQ's=\ķ + Beyond Akira Canadian HQ 5 Node 416-...-.... Pharaoh + Flying Saucer Belgium HQ 4 Node +32-...-.... ULi + MadMan's Sanktuary German HQ 7 Node +49-...-.... STB + Ľ + /=MEMBER BOARDS=\ķ + Silverado 3 Node +(31) ...-.... Blue Sky + Dark Angel 2 Node +(32) ...-.... Felix + At the Beach! 1 Node +(49) ...-.... BeachBoy + City Of Chaos 1 Node (212) ...-.... Prophet + Twenty One Twelve 3 Node (518) 272-8753 Analog Kid + Fractal Mode 2 Node (619) ...-.... Chronus + The General 6 Node (713) ...-.... OylPatch + Orion's Belt 1 Node (718) ...-.... The Drunkard + The Ghetto 1 node (914) ...-.... Kid Capri + Ľ + ķ/=AFFiLiATE BOARDS=\ķ + Dimention XXX 2 Node (215) ...-.... Dr. Anarchy + The Sanitarium BBS 2 Node (317) ...-.... The G-Man + The Argosy 2 Node (603) ...-.... SpyGlass + Street Spydrs 5 Node (713) ...-.... Maverick + Joshua 3 Node (716) ...-.... Abuse + The Fatal Edge 2 Node (805) ...-.... Mixer + New World Order 1 Node (908) ...-.... Polaris + Ľ + /=DiSTRiBUTiON SiTES=\ķ + The AfterMath 2 Node (206) ...-.... Paradigm + Brotherhood of Thieves 2 Node (215) ...-.... The WildCard + Dimension Hatrss II 2 Node (216) ...-.... Dalamar Do'Urden + Gangland Chicago 3 Node (305) ...-.... Untouchable + Coconut Bungalo 1 Node (313) ...-.... Mongoola + The Falcon's Eye 3 Node (414) ...-.... Ixcalthar + Zero Gravity 1 Node (415) ...-.... Velocity + Skitzo BBS 2 Node (512) ...-.... Waysted + Hangar 18 2 Node (602) ...-.... Royce + Central Park 8 Node (708) ...-.... Silver V + Community Blowtorch 4 Node (716) ...-.... Quadrant + The Temples of Syrinx 4 Node (813) ...-.... Urick + Ľ + -*- No Previews/Demos -*- No Non-English Shit -*- + -*- Games  Utiliites  Applications  Console Warez -*- + + -= RiSC '94 =- diff --git a/textfiles.com/piracy/COURIERS/rsc0595.nfo b/textfiles.com/piracy/COURIERS/rsc0595.nfo new file mode 100644 index 00000000..20c1d9b7 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/rsc0595.nfo @@ -0,0 +1,104 @@ + + ߲ + + ܲ ܲ + + ߲ + ߲ + + + + + ߲ + + + + /\/ RiSE iN SUPERiOR COURiERiNG \/\ + + /\/ O-12 HOUR WAREZ \/\ + + + -----/\/ SENiOR STAFF \/\------ + + Crackpot Eagle 1 Mikeysoft + + -----/\/ COORDiNATORS \/\------ + + Bball Oyl Patch Star Gazor + + -----/\/ TRADERS \/\------ + + Alexis Machine Beelzebub Big Dumper Corpse Chaft Criminal Overlord + Critical Mass Cruger Dark Soul Disk Killer Dr. Death + Elvin Nox Faldo Hellhound Jopiter Kid Creole Lunatic Genius + Maverick Maverick TG Myst Pharaoh Processor Rift Shawn Skybum + Stingray 6 The Outlaws The Punisher Toast Tomas Ustasa + + -----/\/ MEMBERS \/\------ + + Baked Potato Beachboy CaStero Chronus Colt Python Demon + Demon Lord Flyer G-Man Glacius 1 Liquidater Messenger of Death + Milo Minderbinder Rude Boy Rygar ShadowFax Sigh + Supernaut Technomancer Uncle John Wayward + + * NOTE: All Sysops of RiSC boards are Full Members. * + + -----/\/ GROUP NOTES \/\------ + + Park Central is now officially RiSC World Headquarters! + + We welcome our most recent additons to our World Class Trading Team: + + SUPERNAUT and THE PUNISHER! + + + -----/\/ GREETS \/\------ + + SCUM, GNSiS, PROPHECY, RAZOR 1911, NTA, and ZILLIONZ! + + -----/\/ HEADQUARTER BOARDS \/\------ + + Park Central World HQ 15 Nodes Silver V / Crackpot + Final Frontier U.S. HQ 6 Nodes MikeySoft + X-Factor Courier HQ 10 Nodes Blaster + Twenty One Twelve Eastern HQ 7 Nodes Analog Kid + Akira Canada HQ 10 Nodes Pharaoh + + -----/\/ MEMBER BOARDS \/\------ + + BBS to Nowhere 2 Nodes [XXX] XXXXXXX Baked Potato + Dark Angel 2 Nodes [+32] XXXXXXX Felix + Hellraiser 7 Nodes [819] XXXXXXX Rift + Silverado 3 Nodes [+31] XXXXXXX Blue Sky + Southern Wastelands 4 Nodes [XXX] XXXXXXX Legion + The Eclipse 6 Nodes [805] XXXXXXX The Mustang + The General 6 Nodes [713] XXXXXXX OylPatch / General + Touchdown 4+ISDN [+49] XXXXXXX Ask Hellhound! + Trader's Outpost 3 Nodes [201] XXXXXXX Liquidater + + -----/\/ AFFiLiATE BOARDS \/\------ + + Beyond the Cemetery 3 Nodes [905] XXXXXXX Corpse + Cocanut Bungalo 3 Nodes [313] XXXXXXX Moongola + Ground Zero 3 Nodes [801] XXXXXXX Nitro + Hangar 18 2 Nodes [602] XXXXXXX Royce + Temperal Flux 4 Nodes [416] XXXXXXX Critical Mass + The Shallow Grave 4 Nodes [804] XXXXXXX Lord Rook / Grady + The Hacked Root 3 Nodes [XXX] XXXXXXX The G-Man + The Belfry 2 Nodes [+44] XXXXXXX Faldo + The Toxic Dump 2 Nodes [905] XXXXXXX Toast + Zen 6 Nodes [410] XXXXXXX Sigh + + -----/\/ PLEASE NOTE \/\------ + + If you are interested in joining RiSC, either as a TRADER + or as an AFFiLiATE BOARD, contact one of our people. + We are only accepting a very small percentage of those interested in + joining, so please make sure you have something to offer the group. + + RiSC does not take donations of any sort for our services. + We work on merit alone, the way the scene should be run. + + --/\/ (1995)(C) RiSE iN SUPERiOR COURiERiNG (C)(1995) \/\-- + -----/\/ MAY 13TH 1995 \/\------ + \ No newline at end of file diff --git a/textfiles.com/piracy/COURIERS/stealth.nfo b/textfiles.com/piracy/COURIERS/stealth.nfo new file mode 100644 index 00000000..355c67bf --- /dev/null +++ b/textfiles.com/piracy/COURIERS/stealth.nfo @@ -0,0 +1,92 @@ + + + + + + + C O U R I E R S + + + ޱ + ޲ݲ޲ + ݰް + ۲ܲܰ ܲ + ޲ ߰ + +ް ܱ߰ + ߰ ߲ܰ߱ ܲ + ߰ ߰ ߲ + ߱ ߱ + + + ܲ + + + ܱ ޲ ܱ + ۱ + + + + ޲ + ۱ + ۰ + + + ޲ + ޲ + ۱ + ۱ + ۰ + + + + SENIOR MEMBERS + + + -Shadowhawk-- -Vixon-- + MEMBERS + + -Lighting Lord-- + -The General-- -Slayer-- + COURIERS + + -Dream Master-- + -Jimi Hendrix-- -Specs-- -Fletch-- + -D'elagance-- -The Guild Master-- + + STEALTH BOARDS NODES POSITION + + -/The General\- XXX-XXX-XXXX The General 5 World H Q + + -/The Wormhole\- XXX-XXX-XXXX Lightning Lord 1 Member Board + + -/Distant Lands\- 613-NOT-4YOU General Protocal 1 Distro Site + + -/Ride The Lightning\- 713-DIE-KIWI Stringray 1 Distro Site + + -/The Pirates Cove\- 615-GET-LOST The Guardian 1 Distro Site + + -/VMF-214\- 215-EAT-KIWI Pappy Boyington 1 Distro Site + + -/T.H.O.T\- XXX-XXX-XXXX Explorer 1 Distro Site + + We are looking for MORE DISTRIBUTION SITES + and MORE QUALITY COURIERS + contact Shadowhawk on FelonyNet or CelerityNet or + Call 713-728-0380 and log on as STEALTH PW:STEALTH + + STEALTH NOTES + ͸ + Name: [ .....Terminator 2029 disk add ons..........] + + Group: [.Public Enemy...........] Disks: [.. 2 ..] + + Company: [ Bethesda .....................] Rating: [8/10] + + Notes: 1st part kicked ass this should too + + ; + Greets: UNT, RAZOR, PE, VertigoVixon + GothmogDEViLThe GuardianGreyBeard + + ...Shadowhawk diff --git a/textfiles.com/piracy/COURIERS/t4d.nfo b/textfiles.com/piracy/COURIERS/t4d.nfo new file mode 100644 index 00000000..319661f3 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/t4d.nfo @@ -0,0 +1,86 @@ + + + + + + <1993> + "Putting the base back in 404" + + + + "The Beginning of the End of Couriers as We know it" + + + GENESiS HQ Boards + + TheCrazyWorldBBS(WHQ)404-GEN-ESiS1.0Gigs2NodesCrazyHorse + StratoFortress(DistroHQ)404-565-05951.3Gigs16.8D/SBomber + ExaltedDeath(Mid-WestHQ)314-966-86341.0Gigs2NodesDead Goon + Purgatory(CourierHQ)404-518-64800.7Gigs2NodesBrutalC + MetalWorks(SouthEasternHQ)318-PRI-VATE2.8Gigs2NodesHeavy Metal + + Support Boards + + MetalWorks(SupportSite)318-YOU-WISH2.8Gigs2NodesHeavyMetal + MoonCrowsAeryie(SupportSite)206-NOT-EVER2.5Gigs4NodesMoonCrow + Fate'sWarning(SupportSite)214-864-27331.0Gigs1NodesStiletto + DataDump(SupportSite)DIE-FED-SCUM3.4Gigs3NodesRISC + ExaltedDeath(SupportSite)314-966-68341.0Gigs2NodesDeadGoon + TheFalcon'sEye(SupportSite)414-347-19763.6Gigs3.NodesIxcalthar + + + MEMBER BOARDS + + Hemispheres404-642-95161.3Gigs 2NodesRadaR + Times1&2309-698-14671.2Gigs2NodesDocWho + JaggedEdge305-362-73151.2Gigs1Node JagOne + FileCabinet815-399-89783.6Gigs6NodesFileClerk + + + Distribution Sites + + SurrealisticUnderground404-971-88691.2Gigs1NodeDali + DeepSpaceNine404-432-12621.5Gigs1Node ShadowLord! + Equinox201-670-40321.2Gigs2NodesRexHacker + 4thDimension303-932-90281.0Gigs1Nodepsilon + PhoenixBBS916-487-04171.2Gigs2NodesKiller + LesInnocentsElite404-421-92340.7Gigs1NodeSilk + Deodand404-631-95300.4Gigs1NodeDarkRider + OracleofIllusions404-426-03170.4Gigs1NodeHallusionist + WetWorks404-233-15130.5Gigs1NodeSenna + + + GENESiS' SENIOR STAFF + + Crazy Horse, Nueromage, RadaR(T), Hermes(T) + + Courier/Distro CoOrdinater(s) + + Sonoma + + GENESiS' WAREZ TEAM + + Xenocide(Lead Courier), Proctor(Euro Courier), Raiden, MadMan(LD), + Danse Macabre*, Biofeedback(DS9), Rex Hacker(LD), Falchion(SU), Slasher* + Digital Infiltrator(LIE), Death Weilder(LD), Shinobi(ANSi), Hermes(Scout) + ShadowLord!(Programmer), Stygian One(SU), Chaz(Deo-T), StarDrake(WW), + Identity Crisis(LD), Knighthawk(SU-T), Shock Wave(LD-T), BlackJack(Euro-T) + Sagent(LD-T) * Special Member + + GENESiS Distro Site Sysops + + Rex Hacker, Dali, Bomber, ShadowLord!, Senna, Heavy Metal, Hallusionist, + Brutal C., Doc Who, Jag One, The File Clerk, Silk, Dark Rider, MoonCrow + Killer, Dead Goon, Ixcalthar, Risc, Stiletto, Killer, psilon + + + Special Thanks to: NDN, RAZOR, SKillion, Metal Works, MoonCrow's + Aeryie, ShadowLord!, Friendship, TDT, LEGEND, + MaLaFaCtoR, AND CSC + + "Think GENESiS is great now? Remember, it's only the beginning." + + -Slasher/GENESiS- + +IF You wish to join -=GENESiS=-, Call one of the Boards listed above, +And Leave Mail to Nueromage or Crazy Horse for information. diff --git a/textfiles.com/piracy/COURIERS/tca.nfo b/textfiles.com/piracy/COURIERS/tca.nfo new file mode 100644 index 00000000..d4a85b28 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/tca.nfo @@ -0,0 +1,110 @@ + + _______________ _______ ______ + |-O: -*- // -++\ \ \ + | | \: // :// / \ + |_._ ,// . ./ / | \ + ./ |\__/// |\___/ /. _ \ + /. | /. |_____ // | \ + // | /O+ | \/O- | -O\ + \_____ | \ __________\_____ |______:/[CCa] + \| \| \| . + + -*- KiCKiN' youR aSS '93 -*- + + aRTiST NoTe: NoW oNLy SuPPoRTiN' MoDe 80 50 oR DRoP DeaD! + +Ŀ + THe CouRieR aSSoCiaTioN iS PRouD To CouRieR THiS WaRe +; + + + + + - THe SeNioR STaFF - + + [/] THe BiG oRGaSM - aSHToN - WoNDeRBoY [\] + [/] HaWKeYe - LioN [\] + + + - TCa MeMBeRS - + + [-] AFTeRLiFe - FaiRyLoRD - NiGHTSHaDe - DoC LeCTeR [-] + [-] SPaRKLiNG FLaSH - PaNTHeR - ZoRLaC - FoRD KNoX - CaPT HaRLoCK [-] + [-] GRiM - PoSeiDoN - JeTSTReaM - FRaNKie [-] + [-] ACiD - MiNDBeNDeR [-] + [-] DeaDLy AVeNGeR [-] + + + - INTeRNaTioNaL CouRieRS! - + + [-] HaMLeT - X-BoW NiGHT - THuNDeR [-] + [-] GaNG$Ta - HiTMaN - RaVe DuDe [-] + [-] NiK FieND - MaRauDeR GoBLiN [-] + [-] GLooMy SKy! [-] + + - NaTioNaL CouRieRS - + + [-] FiRST PRiNCe! [-] + + + - CoDiN / GFx / MuSiC - + + [-] THe BRaiN - SouRCeReR CC [-] + + + - CRaCKiNG TeAM - + + * WaReZ/RoI TeAM: * + + [-] SHaDoWLoRD - BLaDeMaN - MaNGy CaT [-] + [-] SPaRKLiNG FLaSH [-] + + + ========================================== + WeLCoMe To Our New Utilities Cracking Team + ========================================== + + Grtx: RAZOR 1911 - SKN - TDT - THG - TPC - UNT - INC + + Ŀ + BoARD NAMe SySoP NuMBeR(s) NoDe(s) + + ERoGeNiC ZoNe [WHQ] THe BiG OrGaSM +31-72-644476 #3 16k8 DS + LiTHiUM [UHQ] PoSEiDoN 313-671-1301 #5 16k8 DS + R.o.I. [UWHQ] SPaRKLiN FLaSH 415-992-1929 #3 16k8 DS + HaDeS [UMHQ] AFTeRLiFe 913-894-1795 #3 16k8 DS + PLaNeT GRooVe [EHQ] ASHToN/PaNTHeR +31-838040916 #2 16k8 DS + WaYNe'S WorLD [DHQ] WoNDeRBoY +31-220744113 #3 14k4 v32 + DeaTH RoW [AHQ] GRiM +61-375-12094 #2 16k8 DS + FaTaL FuTuRe [SHQ] MiNDBeNDeR +46-GUE-SS... #2 14k8 DS + DaRK SiDe [GHQ] DoC LeCTeR +49.GUE-SS... #3 16k8 DS + HouSe oF WaReZ [DST] FRaNKie +61.NoT-YeT.. #2 14k8 v32 + RiGeL IV [DST] DeaDLy AVeNGeR +61.NoT-YeT.. #1 14k4 DS + BoRN iN SiLeNCe [MBR] FAiRYLoRD +31-40--ELiTE #1 14k4 DS + FoRD KNoX [MBR] FoRD KNoX +31-53-323054 #1 19k2 ZxL + TRaNS CeNTRaL [MBR] NiGHtSHaDe +31-43-652085 #1 14k4 DS + IMPeRiuM [DST] ZoRLaC +31-XxX.ELITE #1 14k4 v32 + + + MoRe CHaNGeS CoMMiN' uP! + +Ŀ + WaNNa BeCoMe a TCa CouRieR/DiST SiTe? +; + + DoWNLoaD aN aPPLiCaTioN FRoM : THe ERoGeNiC ZoNe, LiTHiuM, + DeaTH RoW... + FiLL iN THe aPPLiCaTioN aND ReTuRN THiS aT youR CoNViNieNCe To + ONe oF THoSe BoaRDS + +Ŀ + FiNaL NoTe +; + + iF you LiKe aND uSe THe SoFTWaRe THaT iS SPReaD By uS, PLeaSe TaKe + iT uPoN youRSeLF To Buy iT. SuPPoRTiNG QuaLiTy PRoGRaMMeRS iS iN + aLL oF ouR iNTeReST. + + + -*- TCa, THe oNe aND oNLy! -*- + diff --git a/textfiles.com/piracy/COURIERS/therapy.nfo b/textfiles.com/piracy/COURIERS/therapy.nfo new file mode 100644 index 00000000..def3907d --- /dev/null +++ b/textfiles.com/piracy/COURIERS/therapy.nfo @@ -0,0 +1,96 @@ + + ܲ ܱ ܱ ߲ + ܱ ߰ + + + ޲ + ޱ ޱ ޲ ޲ + ް ް ޱ ޲ ޲ ۲ + ܰ ް ޱ ް ޱޱ ޱ + ޱ ް ް ް ް + ޲ ޱ ߰ ޱ ް ް ް ް + ޲ ޲ ް ޲ܱ ޱ ޱ ޱ ޱ + ۲ܰ ۲߱޲ ޱ۲ ޲ ߲ ޱ + ޲ ߰ ޲ܲ ۲ ޲ ޲ ۲ + ۲ + ߲߱ ߱ ߱ + + + [ T HERAPY COURIERING 1 9 9 5 ] + +Ŀ -\/News And Notes\/- ķ +-\/\/-ٺ + + THERAPY is always looking some active members on 90 area. If you're +| interested, just contact Hunter or Mr. death on any HQ Board. | + NOTE: We will not take inactive members, we're require quality + +ڿ ڿ + ٺ +ͼ + +ͻ +Ŀ Ŀ + ٳ + .Founders.of.THERAPY. + -\/\/- + +| Mr. Death And Hunter | + + .Senior.Member.Team!. + -\/\/- + + Impulse + +| .....Member.Team..... | + -\/\/- + + Sector Migrain, Ratter + + .....PPE.Section..... + -\/\/- +| | + Conrad + + - + + .....Our.Boards!..... + -\/\/- +| | + Name Sysop Nodes Status Area Speed + Xtacy Lines Mr.Death [02] WHQ +358-90- 2x28.8k + + Angel Dust Ratter [03] Member +358-90- 2x28.8k+ISDN + +| Crime Wave Brias [01] Dist. +358-90- 28.8k | + 4th Dimension Merlin [02] Dist. +358-14- 28.8k+ISDN + Rainfall Center Jackrip [01] Dist. +358-XX- 28.8k + The Church The God [01] Dist. +358-90- 28.8k + + Magic Node Conrad [01] Coder hq +358-90- 28.8k + +ڿ ڿ + -ٺ +ͼ + +ͻ +Ŀ -Ŀ + ........Greets....... ٳ + + Personal Greets: Cyborg, Hawkeye, Hell Flyer, Contrast and Jackrip +| | + Group Greets: Jihad, Raid, Bsa, Damage, Bytephobia and Lts + + +ڿ ڿ +-------------------------Updated 12.17.95-Ľ + + _________________ ______________ _________________________________ .______ + \____ _____ | / ____/ \ _ ___ / _______________ /____| / + _/ \__\_ /_\ __/_____\ ___/ _/_\ \__ /_ \___/\ | /_ + .:\_______/\_____| ______ /____| /____| /_____| _ _\_____ / + .. ..... |____/ wG!|_____/ |____/ |____/ .._ ___________/ + .:...:: :::::. .......:::. .....:: :: + ...: ::. .:::: :::::. .:::: + :::::: :::::: + diff --git a/textfiles.com/piracy/COURIERS/uc.nfo b/textfiles.com/piracy/COURIERS/uc.nfo new file mode 100644 index 00000000..2e6ee5db --- /dev/null +++ b/textfiles.com/piracy/COURIERS/uc.nfo @@ -0,0 +1,123 @@ + AsciiIcy[iCE] + + ۲ + ۲ ۲ + ۰ ۱ + ۱ ۱ + ۲ ۲ ۰۱ + ۲ ۲ + ۲ ۲ + ۰ ۲ ۲ + ۲ ۲ + ۰ + + + ۰ ۰ + ۲۱ + ۱۰ ۰ + ۰۱ ۱ ۱ + ۲ ۲ ۲۲ + ۲ ۲ ۱ + ۲ ۲ ۲ + + + + -*- THIRD YEAR ANNIVERSARY -*- + -o> UNiTED COURiERS SPREADING TEAM BBS< Spreading Team + Ĵ + Call (718)940-7554 - USER: UNITED COURIERS + PASS: APPLY + + Download UC-APP.EXE, Fill it out, rename it to HANDLE.APP, upload it + and leave a message to GALVATRON and you will be contacted ASAP. + Ĵ + United Couriers >INTERNET< Spreading Team + Ĵ + On Summer Hiatus + + + Don't choose a second rate operation for your courier needs. Go + with the OLDEST and most RESPECTED group in the business. UC '94! + + [ UNITED COURIERS 1994 ] + "In Warez We Trust" for there is always "The Need For Speed" diff --git a/textfiles.com/piracy/COURIERS/uc1092.nfo b/textfiles.com/piracy/COURIERS/uc1092.nfo new file mode 100644 index 00000000..590ef23e --- /dev/null +++ b/textfiles.com/piracy/COURIERS/uc1092.nfo @@ -0,0 +1,53 @@ + ۲ ۲ Icy[MiRAGE] + ۲ ۲ + ܱ۲ + ܰ ۲ + ۲ ۲ + ۰ ۱ + ۱ ۱ + ۲ ۲ ۰۱ + ۲ ߲ + ۲ ۲ + ۰ ۲ ۲ + ۲ + ۰ + ۲ + ۲ + ۰ ۰ ۲ + ۲۱ ܱ + ۱۰ ۰ +۰۱ ۱ ۱ + ۲ ۲ ۲ +۲ ۲ ۲ ߰ +۲ ۲ ۲ + + + U N I T E D C O U R I E R S +ķ + United Couriers Boards +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + Ghost Shadow II (3 Nodes) West HQ 213/227.4838 Ghost Master + Imperial City (2 Nodes) Dist Site 818/241.4582 Mara Jade + Beyond the Realm of Reality Dist Site 310/869.9484 Legend Master + The Burrows Dist Site 310/431.8318 Weasel + The Jungle Dist Site 615/758.2876 The Warelord + 4 A.D. Dist Site 818/832.8911 Lord DCD +Ķ + MEMBER POSITION NOTES +Ķ + Speculum PRESIDENT If you are interested in + Venom COORDINATOR becoming a United Courier + Lord DCD MEMBER or want to be a Dist Site, + Legend Master MEMBER contact anyone in the + Ghost Master MEMBER group on any high quality + Mara Jade MEMBER board you see us on. + Galvatron COURIER + Gemini COURIER Greets: FLT TDT INC AN RZR + Dreamevil COURIER EX $YN PiL DRG TRSI + High Density COURIER + Zool COURIER + Havok COURIER +Ľ + UC '92 diff --git a/textfiles.com/piracy/COURIERS/uc1093.nfo b/textfiles.com/piracy/COURIERS/uc1093.nfo new file mode 100644 index 00000000..c66aa6f4 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/uc1093.nfo @@ -0,0 +1,122 @@ + [United Couriers INFOFile, September 15, 1993] + AsciiIcy[iCE] + + ۲ + ۲ ۲ + ۰ ۱ + ۱ ۱ + ۲ ۲ ۰۱ + ۲ ۲ + ۲ ۲ + ۰ ۲ ۲ + ۲ ۲ + ۰ + + + ۰ ۰ + ۲۱ + ۱۰ ۰ + ۰۱ ۱ ۱ + ۲ ۲ ۲۲ + ۲ ۲ ۱ + ۲ ۲ ۲ + + + + + S E N I O R M E M B E R S + + GalvaTron, General Protocol, Havok, + Serpico, Wooly, Sherlock Ohms + + + C O O R D I N A T O R S + + Gemini, The Paladin + + + S E N I O R C O U R I E R S + + Talia, Xuse + + + C O U R I E R S + + Sentinels, Hsing, Digital Wizard, High Density, The Jester, + Lucifer, Rush, Deathrider, Icebreaker, Wild Willie, Assassin, + Venom, Silencer, Partsch, Clint Eastwood, Brimstone, Grim Reeper, + Stinger, Finker, Nocturne, Barbarian, Stone, Wolfman, Joker, + Delta, Two Face, Black Ranger, Genocide, The Undertaker, Biggunn, + The Grim Reaper, Luxor, Phraktal, Elvis, Shaggy, Sampo, Dr. Rat, + Silhouette of Death, Elijah, Ivanhoe, Viper, Trickster, Flagg, + John Lennon, Milamber Condoin, Remote Controlled, Shakattack + + +ķ + H E A D Q U A R T E R S +Ķ + The Eclipse (3 Nodes) XXX The Mustang WORLD + Celtic Path (5 Nodes) +49 Dark Star EUROPEAN + Distant Lands (2 Nodes) 613 General Protocol CANADIAN + Depeche's Violations (3 Nodes) XXX Depeche WESTERN + Wooly's World (4 Nodes) 614 Wooly EASTERN +Ķ + C O U R I E R H E A D Q U A R T E R S +Ķ + Midpoint Void (2 Nodes) 303 Holy Ward WESTERN + The Twilight Zone (3 Nodes) 504 Jack Flash CENTRAL + Hell BBS (3 Nodes) 313 Asmodeus EASTERN + The Relm (2 Nodes) +39 Black Ranger EUROPEAN +Ķ + D I S T R I B U T I O N S I T E S +Ķ + The Battlefield (4 Nodes) 706 Buck Blazer + Red Hot Chilli Peppers (4 Nodes) 203 Salty + Complex Corrosion (5 Nodes) 612 White IC + The Burning Church (2 Nodes) 416 Always Dangerous + Disaster Area (2 Nodes) 818 Aceking + Zero Vector 216 HellSpawn + Beyond the Realm of Reality 310 Legend Master + The Lexicon (2 Nodes) 818 The Byter + Pandemonium BBS 914 Hacker + The Crime Cartel (2 Nodes) 714 Sledge Hammer + Fort Knox 508 The Ninja + 5th Dimension 614 The Warrior + Arrested Development (5 Nodes) 914 Criminal Justice + The Thieves Guild XXX Highlander +Ķ + To Contact United Couriers: + + Phone: (818)799-2129 (USA) / (613)241-7506 (CANADA) + User : 'APPLY' + Pass : 'UC' + + Via Internet: 'eaeu324@orion.oac.uci.edu' +Ľ + + P O S T S C R I P T + + Don't choose a second rate operation for your couriering needs. Go with + the OLDEST and BIGGEST group in the business. United Couriers 1993! + + Special greetings go out to UC Random, RAZOR 1911, Pentagram, THG, + NTA, and all those who work to improve the scene. + +[EOF] + + + + + + + + + + + + + + + + + diff --git a/textfiles.com/piracy/COURIERS/uc1094.nfo b/textfiles.com/piracy/COURIERS/uc1094.nfo new file mode 100644 index 00000000..bed2ab01 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/uc1094.nfo @@ -0,0 +1,115 @@ + ܰ Lord Drakul [/iM Productions 1994] + ߰ ߲ + ܰ ۰۰ ߱۰ ޱ ߰ + ް ܱ ܱ ߰ ߲۲޲ ߰ + ܰ ߲ ۲ + ߱ ۲ ۲ ۲ ܲ۲ ۲ + ۲ ۲޲ݲ ۱ ߱ ۲ ۲ + ۲ ޱݱ ۲ ۲ + ޱ ۰ ߲ LL + ۱ ۰ ۰޲ܲ ܱ + ߰ ܱ ۰ + ܰ + ۰ + ߱ ܲ + ܲ߱ ۰ ߰ ߱ ߰ ߲ܲ + ߲ ۰ޱ ޲ ߱ ߲ + ޱ޲ ۲ޱ ߲۲ ۲ + ܱ ۲ ۲ ۲ + ۲޲ ߱޲ ܲ ߱ ޲ + ۰ ޱ ܲ ߱ ߲ + ް ޱݲ ܱ ܲ + ߰ ܰ ۰ ۰ ܲ ߱ ܰ + + [ UNITED COURIERS TRADING TEAM - 3 YEARS STRONG & GROWING ] + + United Couriers would like to welcome WWC couriers to the family! + More proof that United Couriers continues to grow and flourish in 1994. + + On that note, we'd like to note the many changes in the group, if you're + not in this .NFO then you have been dropped from the group for one reason + or another, remember United Couriers only has room for the best. + + We are always on the lookout for new couriers and systems, if you run a + 2+ node PCE/PCB system, or can spread fast, come and see all the benefits + of being part of the United Couriers spreading team! + +Ŀ + S E N I O R M E M B E R S + ---------------------------- + GalvaTron, Havok, Wooly +Ĵ + C O O R D I N A T O R S + ------------------------- + Chener, Elvis, Scimitar +Ĵ + S T A F F + ----------- + General Protocol, Killerette, Sonny, Split Second + Hsing, Darksider +Ĵ + C O U R I E R S + ----------------- + Storm Master, Lord Styaric, The Jester, Dendybar, The Master, Talia + Digital Wizard, Technoman, Zouk, The Eternal, Vendetta, Shark, + Sandman, Ciez, Biggunn, Ace, Daffy, The Adept, Junkman, Sassy, Tyrant + Nervous Rex, Poker, Magik Man, Homey Clown, Inferno, Novastein, + The Shadow, Alpher, Archmage, Artiface, Bullet, Cthulhu, Pericles, + Shaggy, Shai'Tan, Triton, Woody, Tagger, Death Morrison, Jack Fledsing +Ĵ + T R I A L C O U R I E R S + ---------------------------- + Star, String, Fume, Slane, Phantasm, Roland of Gilead, Shang Tsung + +Ŀ + UNiTED COURiERS BOARD LIST + -------------------------- +Ĵ + CONCEPT ELITE (XXX) 8 NODES WORLD HQ + MASTURBATION STATION (305) 9 NODES COUIRER HQ + DEPECHE'S VIOLATION (XXX) 5 NODES WESTERN HQ + WOOLY'S WORLD (XXX) 5 NODES EASTERN HQ +Ĵ + CELTIC PATH (+XX) 5 NODES EUROPEAN HQ + THE HOOD (XXX) 9 NODES CANADIAN HQ + DRUID'S KEEP (+XX) 4 NODES AUSTRLN HQ +Ĵ + R.I.P. (XXX) 10 NODES MEMBER + DISTANT LANDS (613) 2 NODES MEMBER + LEGATO TIMES (702) 2 NODES MEMBER + THE HAUNTED HOUSE (+49) 4 NODES MEMBER +Ĵ + ARRESTED DEVELOPMENT (914) 3 NODES DISTRIBUTION SITE + THE LEXICON OF THE CABAL (818) 2 NODES DISTRIBUTION SITE + FALSE INTENSIONS (609) 5 NODES DISTRIBUTION SITE + HIGHER GROUND (614) 3 NODES DISTRIBUTION SITE + FORT KNOX (508) 1 NODE DISTRIBUTION SITE + BLADESTORM (310) 2 NODES DISTRIBUTION SITE + THE GRAVE YARD (714) 1 NODE DISTRIBUTION SITE + DEAD MAN'S BLUFF (310) 2 NODES DISTRIBUTION SITE + GRAVESITE (214) 2 NODES DISTRIBUTION SITE + GROUND ZERO (707) 4 NODES DISTRIBUTION SITE + THE MIRAGE (612) 2 NODES DISTRIBUTION SITE + THE SILICON PHALANX (510) 2 NODES DISTRIBUTION SITE + THE VAULT (503) 3 NODES DISTRIBUTION SITE +Ĵ + CYBORG ZONE (514) 2 NODES AFFILIATE + ALTERED STATE (818) 2 NODES AFFILIATE + THE HEAVANS (201) 2 NODES AFFILIATE + THE WARP ZONE (909) 4 NODES AFFILIATE + + + INTERESTED IN JOINING THE BEST COURIERING GROUP TODAY? HERE'S HOW... +Ŀ + Call (718)940-7554 - USER: UNITED COURIERS - PASS: APPLY + + Greetings... + + PWA - UCID - UC Random - KLF - High Voltage - RiSC - TGB + + LoverMan, Depeche, Serpico, Speculum, Quackers, Sherlock Ohms + + -*- + + Don't choose a second rate operation for your courier needs. Go + with the OLDEST and most RESPECTED group in the business. UC '94! diff --git a/textfiles.com/piracy/COURIERS/wwc93.nfo b/textfiles.com/piracy/COURIERS/wwc93.nfo new file mode 100644 index 00000000..93db73d2 --- /dev/null +++ b/textfiles.com/piracy/COURIERS/wwc93.nfo @@ -0,0 +1,123 @@ + + ߱ ߲߱ ߲ ߰ + ߱ + ۲ ۲ ۲ + ܰ + ݰ۲ ݰݰ۲ ݰ ݰ + ۲ ۲ ۲ ۲ + ۱ݲ۲޲ ۱ݲ۲޲ ݲ + ۱ ۰ ۱ ۰ ݱ + ݰ޲ް۲ݰ ݰ޲ް۲ݰݰް ް + ޱܱܱ߱ ޱܱܱ߱ ޱ ߱ + ۲޲޲ ۲޲޲ ޲ܲ + ޱ ޱ ߰ ED + ߲ iCE + + - ] W O R L D W I D E C O U R I E R S [ - + " Join the rising force in PC Couriering " + + + + + + ۱ܰ E M B E R S ۲۲ + ߲ ۲ + + + ۰ + + S E N I O R S T A F F + \ + COOKIE MONSTER THE FOREMAN SHADOWKEEPER RADIATION ۰ + + + S E N I O R C O U R I E R S + \ + EXTRA CREDiT + ۰ + + M E M B E R S + \ + NOMADD SHADOW HUNTER EDUCATED HORMONE + + ۰ ۰ + S Y S O P S + \ + THE WEASEL + Hi Fi DEL TOiLET BOWL + WAYNE ROGUE THE ARMORED SAiNT + ۰ + ۰ + C O U R I E R S + \ + iMAGE + THE PROWLER + RAVEN CRYPT MASTER ۰ + POLARIS MR.EMT LiTTLE T + AGENT-X ZONE MASTER GROUCHO + ۰ + + ۱ܰ WWC Headquarters ۲۲ + ߲ ۲ + + + H E A D Q U A R T E R S + + The Grave Yard (World) (xXx)XxX-xXxX Shadowkeeper + Predatory Nature (West) (206)352-2479 The Foreman + Sessame St. (U.S.A) (714)828-0214 Cookie Monster + ޲ The Back Door (East) (615)245-6617 Nomadd ޲ + Shadow Lands (Canadian) (905)432-7556 Shadow Hunter + + + + + ۱ܰ WWC Distribution ۲۲ + ߲ ۲ + + Intoxiforniaction (713)492-1082 Hi Fi Del + X Marks the Spot (909)681-2385 The Armored Saint + Cable Access Ch.10 (513)321-5171 Wayne + The Burrows (310)597-9666 Weasel + Sea of Hate (319)xXx-XxXx Toilet Bowl + Kiss Of Death (518)xXx-XxXx Rogue + Temple Of Beer +39-(744)xXx-xXxX Kris Of TCB + + Only one per area code, so hurry up! + + + + + + + + + LogaN/iCE + ۲ ۲ + ۱ ۱ + ۰ ۰ + + W o r l d W i d e C o u r i e r s + + NEWS/INFORMATION + +Thanks to iCE for the kick ass ansi/asciis.. you guys rule! + + Shots go out to our brothers in G0D, Global Overdose! + Greets to PTG - Pentagram, kicking major ass in the Cracking Scene! + Special Greets to the fastest spreader in the U.S.: R/\d/\R + Special Thanks to COOKIE MONSTER for his extra hard work! + + Props: UC, SpectruM, QuantuM, CrimsoN, RiSC + THG, iNC, TDT, TRSI, PTG, RZR, FLT, PiL, PE, NX, MGK, and you! + + We Need GOOD Couriers + call: +7i4-999-5556 (USA) + or + call: +905-432-7556 (CAN) + + + "Seasons Greetings" + (c) WWC '93 + + diff --git a/textfiles.com/piracy/CRACKING.1 b/textfiles.com/piracy/CRACKING.1 new file mode 100644 index 00000000..68cceee0 --- /dev/null +++ b/textfiles.com/piracy/CRACKING.1 @@ -0,0 +1,112 @@ + +T E X T F I L E S + +

Piracy: The Art of Cracking

+

+ + + + + +
+
Filename
Size
Description of the Textfile
acrpatch.nfo 36217
 The Acura Members Patch List (July 1996) +
act-13.txt 63156
 The Amateur Crackist Tutorial Version 1.3 by Specular Vision of the PTL +
act.txt 63155
 The Amateur Crackist Tutorial Version 1.3 by Specular Vision +
asm_for_.txt 6400
 Assembly for Crackers, by Corn2 +
asmtut.txt 16651
 XLogic's Assembly KeyGen Tutorial +
begcrck.txt 85615
 A Beginner's Guide to Cracking (For the IBM PC) +
budget.txt 12692
 The Association of Software Professionals presents Budget Minder +
bytecatcher.txt 3920
 Tutorial for Using Byte Catcher by Mansion69 (1997) +
c1.txt 22187
 How To Crack pretty Much Anything, by +ORC +
c101-90.000 3938
 Cracking 101: 1990 Edition by Buckaroo Banzai +
c101-90.002 31676
 Cracking 101: 1990 Edition by Buckaroo Banzai (Lesson 2) +
c101-90.003 15105
 Cracking 101: 1990 Edition by Buckaroo Banzai (Lesson 3) +
c101-90.004 56228
 Cracking 101: 1990 Edition by Buckaroo Banzai (Lesson 4) +
c2.txt 26483
 How to Crack Pretty Much Everything Part II, by +ORC +
c3.txt 59665
 How to Crack Pretty Much Anything (Windows) by +ORC +
c4.txt 77364
 How to Crack Just About Anything #4 by +ORC +
c5.txt 24086
 How to Crack Just About Anything, by +ORC (Part 5) +
c6.txt 23418
 How to Crack by +ORC (#6) +
c8a.txt 17636
 How to Crack Windows, by +ORC (Part 8) +
c8b.txt 23927
 How to Crack Windows, by =ORC +
caligo.nfo 3045
 NFO: The Lord KCaligo Univeral Improved Patcher (June 4, 1997) +
cbd-tut01.txt 10041
 _CbD_ vs. Ultisoft, Inc.: Cracking Ultisoft Games, by CbD (1997) +
cbd-tut02.txt 10010
 Cracking Rummy 500, by CbD (1997) +
cbd-tut03.txt 17107
 Function Disabled Protections Defeated by CbD (July 28, 1997) +
cbd-tut04.txt 9835
 Cracking Business Cards 32 v4.18 by CbD (1997) +
cbd-tut05.txt 6136
 A General Cracking Tutorial by CbD (Visual Basic Programs) (1997) +
cbd-tut06.txt 8578
 Modifying DLLs to Give Real Registration Codes by CbD (1997) +
cdwizzard.txt 12453
 A Tutorial on Cracking CD Wizzard by Niabi (July 8, 1997) +
ch2-doc 27212
 CrackerHack Verison 2.0 by No Means No (December 1, 1992) +
check.txt 11394
 Megaton Man Teaches Cracking: Doc Check Protection (May 26, 1989) +
copyprot.pro 11218
 Copy Protection, a History and Overview +
copyprot.txt 11735
 Cracking on the IBMpc Part I by Buckaroo Banzai/Reset Vector +
crack-1.txt 8192
 Cracking on the IBM Pc Part I by Buckaroo Banzai aka the Reset Vector +
crack-2.txt 3840
 Cracking on the IBM Pc Part II by Buckaroo Banzai +
crack.txt 90759
 How to Crack an Amiga Game +
crack1 8736
 Cracking on the Edge, by Buckaroo Banzai/The Reset Vector +
crack1.txt 7850
 Cracking 101, by Buckaroo Banzai (1990) +
crack2.txt 77178
 Cracking 101, by Buckaroo Banzai (1990) Lesson 3 +
crack3.txt 29919
 The Official Unprotection Scheme Library by The PaperBoy and the CopyCats (February 6, 1989) +
crackam2.txt 29030
 Cracking the Amiga Part II +
crackist.hac 63158
 The Amateur Crackist Tutorial by Specular Vision (Version 1.3) +
cracklog.txt 3997
 Some Examples of Cracking by DrLAN (1997) +
crackman.txt 90671
 The Cracking Manual, by the Cyborg (April 3, 1992) +
crak1.txt 15364
 How to Crack by Charles Petzold +
crak2.txt 22182
 Examples of IBM PC Cracks: Mean-18 Golf by Accolade +
crak4.txt 11608
 Chapter 4: Cracking a Self-Booter +
crakhand.txt 17114
 The Cracker Handbook, by Darth Vader, Lord of the Sith +
crkibms2.hac 3465
 Cracking on the IBM PC Part II +
crkibmsw.hac 7479
 Cracking on the IBM PC Part I +
diswin.txt 32497
 How to Disassemble a Windows Program +
diswin2.txt 32979
 How to Disassemble a Windows Program part II +
drlan.txt 4970
 A Tutorial on Cracking TICKLE.EXE using Hmemcpy and Memory Breakpoints by Dr. Lan of Mexelite +
dumpexe.txt 34371
 DOCUMENTATION: EXE-Dumper Version 2.2 by Bugsy (1997) +
exact-in.txt 34372
 An Introduction to Windows 95 Cracking +
firstwin.txt 4447
 Your First Windows Crack by YOSHi of Mexelite (1997) +
hotchil2.txt 1888
 How to Crack Hot Chilli v2.0, by Pain (1997) +
howto1.txt 17336
 How to Crack Lesson 1 By the old Red Cracker +
howto2.txt 24786
 How to Crack Lesson 2 by the old Red Cracker (Tools of the Trade) +
howto3a.txt 5787
 How to Crack Lesson 3a by the Old Red Cracker (Hands-On Cracking) +
howto3b.txt 10626
 How to Crack Lesson 3b by the old Red Cracker (Passwords and Passletters) +
howto5.txt 24084
 How to Crack Lesson 5 by The Old Red Cracker (Handling Disk/CDROM Access) +
howto6.txt 23416
 How to Crack Lesson 6 by Old Red Cracker (Funny Tricks) +
howto8a.txt 17634
 How to Crack Lesson 8.1 by Old Red Cracker (How to Crack Windows) +
howto8b.txt 23925
 How to Crack Lesson 8b by the Old Red Cracker (How to Crack Windows, a Deeper Approach) +
howto9a.txt 30168
 How to Crack Lesson 9a by the Old Red Cracker (Some Tricks) +
howtoa.txt 18595
 How to Crack Advanced Lessons by the Old Red Cracker (Internet Cracking) +
howtoca.txt 22183
 How to Crack As an Art by the Old Red Cracker (Barcodes and Instant Access) +
howtocb.txt 26479
 How to Crack as an Art by the Old Red Cracker (Strainer for the HCU) +
howtocp2 3702
 IBM Disk Cracking Made Simple by Phobos +
howtocrk.txt 299115
 How to Crack by +ORC: A Tutorial +
htc.txt 216684
 A Beginner's Guide to Cracking +
hwoodtut.txt 11853
 How to Crack Hardwood Solitare by JosephCo +
krakerscorner.txt 6827
 The Kraker's Corner, by Mr. Krac-Man (August 1, 1982) +
krakman.txt 5649
 Krak-Man's Parameters: Parameters for Copying Various Apple Disks +
lomt-tsr.txt 1825
 DOCUMENTATION: Legend of Myra Interactive TSR Trainer +
max1.crk 13176
 Max's Cracking Tutorial for the Poor (Registering PCXDump 9.2) +
methods.txt 31520
 Techniques in Cracking by TOP (Tired of Potection) +
mex-c4n.nfo 10049
 An Introduction to Mexelite, a New Cracking Group (July 28, 1997) +
mhpcnws1.txt 20193
 A Cracking Guide for Beginners, by The Psychopath of the Midnight Hackers Private Club +
mhpcnws2.txt 19997
 A Cracking Guide for Advanced Amateurs by The Psychopath of the Midnight Hackers Private Club +
mhpcnws5.txt 16027
 A Cracking Guide for Advanced Amateurs Part II by The Psychopath of Midnight Hackers Private Club +
nags.txt 8155
 How to use Nag Screens (August 24, 1997) +
od-crk1.txt 18170
 Cracking/Patching Softart's Deskey v1.02.010 +
owl-ice.txt 31929
 Cracking: Now More Annoying WinIce, or How to Improve Winice +
pp2t-t&l.txt 3924
 SOFTDOCS: Prince of Persia II Interactive TSR and LOADER Trainer Example Documentation +
psp.nfo 28660
 NFO: The Information File Revision III by Plate Steel Productions (August 1995) +
razzia.nfo 1193
 NFO: Razzia by Kenetic +
romeod4c.txt 6227
 Software Re-Engineering For Dummies: An Overview by Romeo (1997) +
scanf.dox 7679
 DOCUMENTATION: Scanfile 4.0 by Marquis De Soire (July 1996) +
shareman.txt 6208
 How to Crack Shareman 1.6 by pain of Mexelite (July 13, 1997) +
sice3.qrf 14249
 SOFTDOCS: The Softice 3.0 Quick Reference by ZeroDay (February 7, 1997) +
sigma-4f.nfo 2985
 The Universal Improved Patcher Volume by 4Fun +
t!tutor.txt 20259
 An ASM Keygen Tutorial by Teraphy (1997) +
timetrial.txt 18864
 Cracking Tutorial: Wintar Remote (August 24, 1997) +
tsrcrack.txt 2130
 SOFTDOCS: TSR Crack v3.0 by Wong Wing Kin (1994) +
tt-unt.txt 103968
 The Training Tutorial for the PC by Dr. Detergent of UNT (1993) +
unp.txt 31148
 Documentation fo UNP v4.11 by Ben Castricum (May 30, 1995) +
vbtutori.txt 22696
 Razzia's Tutorial for Visual Basic Cracking +
wincrack.txt 13080
 Qapla's Cracking Tutorial Version 0.1 (February 9, 1997) +
cal!go.nfo 284
 NFO: Caligo Cracking (July 9, 1997) +

There are 100 files for a total of 2,687,793 bytes.
\ No newline at end of file diff --git a/textfiles.com/piracy/CRACKING/.windex.html b/textfiles.com/piracy/CRACKING/.windex.html new file mode 100644 index 00000000..bde6f3e3 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/.windex.html @@ -0,0 +1,112 @@ + +T E X T F I L E S + +

Piracy: The Art of Cracking

+

+ + + + + +
+
Filename
Size
Description of the Textfile
acrpatch.nfo 36217
 The Acura Members Patch List (July 1996) +
act-13.txt 63156
 The Amateur Crackist Tutorial Version 1.3 by Specular Vision of the PTL +
act.txt 63155
 The Amateur Crackist Tutorial Version 1.3 by Specular Vision +
asm_for_.txt 6400
 Assembly for Crackers, by Corn2 +
asmtut.txt 16651
 XLogic's Assembly KeyGen Tutorial +
begcrck.txt 85615
 A Beginner's Guide to Cracking (For the IBM PC) +
budget.txt 12692
 The Association of Software Professionals presents Budget Minder +
bytecatcher.txt 3920
 Tutorial for Using Byte Catcher by Mansion69 (1997) +
c1.txt 22187
 How To Crack pretty Much Anything, by +ORC +
c101-90.000 3938
 Cracking 101: 1990 Edition by Buckaroo Banzai +
c101-90.002 31676
 Cracking 101: 1990 Edition by Buckaroo Banzai (Lesson 2) +
c101-90.003 15105
 Cracking 101: 1990 Edition by Buckaroo Banzai (Lesson 3) +
c101-90.004 56228
 Cracking 101: 1990 Edition by Buckaroo Banzai (Lesson 4) +
c2.txt 26483
 How to Crack Pretty Much Everything Part II, by +ORC +
c3.txt 59665
 How to Crack Pretty Much Anything (Windows) by +ORC +
c4.txt 77364
 How to Crack Just About Anything #4 by +ORC +
c5.txt 24086
 How to Crack Just About Anything, by +ORC (Part 5) +
c6.txt 23418
 How to Crack by +ORC (#6) +
c8a.txt 17636
 How to Crack Windows, by +ORC (Part 8) +
c8b.txt 23927
 How to Crack Windows, by =ORC +
caligo.nfo 3045
 NFO: The Lord KCaligo Univeral Improved Patcher (June 4, 1997) +
cbd-tut01.txt 10041
 _CbD_ vs. Ultisoft, Inc.: Cracking Ultisoft Games, by CbD (1997) +
cbd-tut02.txt 10010
 Cracking Rummy 500, by CbD (1997) +
cbd-tut03.txt 17107
 Function Disabled Protections Defeated by CbD (July 28, 1997) +
cbd-tut04.txt 9835
 Cracking Business Cards 32 v4.18 by CbD (1997) +
cbd-tut05.txt 6136
 A General Cracking Tutorial by CbD (Visual Basic Programs) (1997) +
cbd-tut06.txt 8578
 Modifying DLLs to Give Real Registration Codes by CbD (1997) +
cdwizzard.txt 12453
 A Tutorial on Cracking CD Wizzard by Niabi (July 8, 1997) +
ch2-doc 27212
 CrackerHack Verison 2.0 by No Means No (December 1, 1992) +
check.txt 11394
 Megaton Man Teaches Cracking: Doc Check Protection (May 26, 1989) +
copyprot.pro 11218
 Copy Protection, a History and Overview +
copyprot.txt 11735
 Cracking on the IBMpc Part I by Buckaroo Banzai/Reset Vector +
crack-1.txt 8192
 Cracking on the IBM Pc Part I by Buckaroo Banzai aka the Reset Vector +
crack-2.txt 3840
 Cracking on the IBM Pc Part II by Buckaroo Banzai +
crack.txt 90759
 How to Crack an Amiga Game +
crack1 8736
 Cracking on the Edge, by Buckaroo Banzai/The Reset Vector +
crack1.txt 7850
 Cracking 101, by Buckaroo Banzai (1990) +
crack2.txt 77178
 Cracking 101, by Buckaroo Banzai (1990) Lesson 3 +
crack3.txt 29919
 The Official Unprotection Scheme Library by The PaperBoy and the CopyCats (February 6, 1989) +
crackam2.txt 29030
 Cracking the Amiga Part II +
crackist.hac 63158
 The Amateur Crackist Tutorial by Specular Vision (Version 1.3) +
cracklog.txt 3997
 Some Examples of Cracking by DrLAN (1997) +
crackman.txt 90671
 The Cracking Manual, by the Cyborg (April 3, 1992) +
crak1.txt 15364
 How to Crack by Charles Petzold +
crak2.txt 22182
 Examples of IBM PC Cracks: Mean-18 Golf by Accolade +
crak4.txt 11608
 Chapter 4: Cracking a Self-Booter +
crakhand.txt 17114
 The Cracker Handbook, by Darth Vader, Lord of the Sith +
crkibms2.hac 3465
 Cracking on the IBM PC Part II +
crkibmsw.hac 7479
 Cracking on the IBM PC Part I +
diswin.txt 32497
 How to Disassemble a Windows Program +
diswin2.txt 32979
 How to Disassemble a Windows Program part II +
drlan.txt 4970
 A Tutorial on Cracking TICKLE.EXE using Hmemcpy and Memory Breakpoints by Dr. Lan of Mexelite +
dumpexe.txt 34371
 DOCUMENTATION: EXE-Dumper Version 2.2 by Bugsy (1997) +
exact-in.txt 34372
 An Introduction to Windows 95 Cracking +
firstwin.txt 4447
 Your First Windows Crack by YOSHi of Mexelite (1997) +
hotchil2.txt 1888
 How to Crack Hot Chilli v2.0, by Pain (1997) +
howto1.txt 17336
 How to Crack Lesson 1 By the old Red Cracker +
howto2.txt 24786
 How to Crack Lesson 2 by the old Red Cracker (Tools of the Trade) +
howto3a.txt 5787
 How to Crack Lesson 3a by the Old Red Cracker (Hands-On Cracking) +
howto3b.txt 10626
 How to Crack Lesson 3b by the old Red Cracker (Passwords and Passletters) +
howto5.txt 24084
 How to Crack Lesson 5 by The Old Red Cracker (Handling Disk/CDROM Access) +
howto6.txt 23416
 How to Crack Lesson 6 by Old Red Cracker (Funny Tricks) +
howto8a.txt 17634
 How to Crack Lesson 8.1 by Old Red Cracker (How to Crack Windows) +
howto8b.txt 23925
 How to Crack Lesson 8b by the Old Red Cracker (How to Crack Windows, a Deeper Approach) +
howto9a.txt 30168
 How to Crack Lesson 9a by the Old Red Cracker (Some Tricks) +
howtoa.txt 18595
 How to Crack Advanced Lessons by the Old Red Cracker (Internet Cracking) +
howtoca.txt 22183
 How to Crack As an Art by the Old Red Cracker (Barcodes and Instant Access) +
howtocb.txt 26479
 How to Crack as an Art by the Old Red Cracker (Strainer for the HCU) +
howtocp2 3702
 IBM Disk Cracking Made Simple by Phobos +
howtocrk.txt 299115
 How to Crack by +ORC: A Tutorial +
htc.txt 216684
 A Beginner's Guide to Cracking +
hwoodtut.txt 11853
 How to Crack Hardwood Solitare by JosephCo +
krakerscorner.txt 6827
 The Kraker's Corner, by Mr. Krac-Man (August 1, 1982) +
krakman.txt 5649
 Krak-Man's Parameters: Parameters for Copying Various Apple Disks +
lomt-tsr.txt 1825
 DOCUMENTATION: Legend of Myra Interactive TSR Trainer +
max1.crk 13176
 Max's Cracking Tutorial for the Poor (Registering PCXDump 9.2) +
methods.txt 31520
 Techniques in Cracking by TOP (Tired of Potection) +
mex-c4n.nfo 10049
 An Introduction to Mexelite, a New Cracking Group (July 28, 1997) +
mhpcnws1.txt 20193
 A Cracking Guide for Beginners, by The Psychopath of the Midnight Hackers Private Club +
mhpcnws2.txt 19997
 A Cracking Guide for Advanced Amateurs by The Psychopath of the Midnight Hackers Private Club +
mhpcnws5.txt 16027
 A Cracking Guide for Advanced Amateurs Part II by The Psychopath of Midnight Hackers Private Club +
nags.txt 8155
 How to use Nag Screens (August 24, 1997) +
od-crk1.txt 18170
 Cracking/Patching Softart's Deskey v1.02.010 +
owl-ice.txt 31929
 Cracking: Now More Annoying WinIce, or How to Improve Winice +
pp2t-t&l.txt 3924
 SOFTDOCS: Prince of Persia II Interactive TSR and LOADER Trainer Example Documentation +
psp.nfo 28660
 NFO: The Information File Revision III by Plate Steel Productions (August 1995) +
razzia.nfo 1193
 NFO: Razzia by Kenetic +
romeod4c.txt 6227
 Software Re-Engineering For Dummies: An Overview by Romeo (1997) +
scanf.dox 7679
 DOCUMENTATION: Scanfile 4.0 by Marquis De Soire (July 1996) +
shareman.txt 6208
 How to Crack Shareman 1.6 by pain of Mexelite (July 13, 1997) +
sice3.qrf 14249
 SOFTDOCS: The Softice 3.0 Quick Reference by ZeroDay (February 7, 1997) +
sigma-4f.nfo 2985
 The Universal Improved Patcher Volume by 4Fun +
t!tutor.txt 20259
 An ASM Keygen Tutorial by Teraphy (1997) +
timetrial.txt 18864
 Cracking Tutorial: Wintar Remote (August 24, 1997) +
tsrcrack.txt 2130
 SOFTDOCS: TSR Crack v3.0 by Wong Wing Kin (1994) +
tt-unt.txt 103968
 The Training Tutorial for the PC by Dr. Detergent of UNT (1993) +
unp.txt 31148
 Documentation fo UNP v4.11 by Ben Castricum (May 30, 1995) +
vbtutori.txt 22696
 Razzia's Tutorial for Visual Basic Cracking +
wincrack.txt 13080
 Qapla's Cracking Tutorial Version 0.1 (February 9, 1997) +
cal!go.nfo 284
 NFO: Caligo Cracking (July 9, 1997) +

There are 100 files for a total of 2,687,793 bytes.
diff --git a/textfiles.com/piracy/CRACKING/acrpatch.nfo b/textfiles.com/piracy/CRACKING/acrpatch.nfo new file mode 100644 index 0000000000000000000000000000000000000000..4c3d0aab616355d571f598fca47bf34d3dc71ae6 GIT binary patch literal 36217 zcmcg#>vr45cIIDsEx*I0XEjGT4k3}c#CCsCq$DfWg%&Bvwb%Ipk&uWA1Xx@oGf&l? zXXslbZPs}V|7rW}Ju|=n1PIuvi^QZz;+s8}J$v?T2G5^~|GVqCEbLc({q`Hm{u?g- zf9ocY-S={!M+N zvVKiJ$=~#y@;CJz!{CQOPl?tM-+P6{Lo`mhy@?^6Lu*#3r`eGUK z=KpAR$(xI1NEsx0{j1Af`^=f&I$R8F*QM5%rv?mYIH)ufT<^HRd>Q?iu)3LU@)~kK< zJNo-$1P-{zxcv3`v+nNpw&+;{tChd2^OMy9b}#=euoG$pfI9>6X1Q=eF?9V~+w+7f zpu1B8+>K}AdkiMAqe--u;_jziadCHd8Q9bIr9E-|dkL=v?!SB~dU1?;i&1i`D=I`S zus40Q{Rt+?z>OZnneE%Mo3?iZ|&70Q{+j?+)y#IPij?Aa6uXk3N5PV0*Msv7Qw? zp;r~<2EaJ>9LO6?7BLQ@nJe4eh3c?hR@;dd!9vD zWPeR*cGgysY-WQ1-RiG@7M|-8bofh5n zHTBz}9$qPL_p8g>rSjZBoMC!S94>~c#uo$%Y3QrmXlVBb9x1&vW-W!1Z#2D2v6%=| z_ix^X!CXX6oGhp=UV!p~Bq!N$XQe`%l?QMzU6Ocv%BlTp)J!c>4}!&?eQ^_lg*>wp zYDVb!v%c*_(1-q-&S2H3Z76V1ir02s-}cJ=#{fn071C7rl4K1K)!Kxaf)x#tzVlCT5hy*nZ|BPE{*m%%h84=| zh~P`=hgQ_p?+=uh)eoi~##*mMG-f+;hE>_Xbc=Ci5=ypLm8az-?);kaR_Z5(6Vv^g z@<>AUVPYgQZoiam1|z!qtJ5S;!2tBFL zkqTI+KQPu3ffZZgH1O|lgD0**Bc&B!nC5&x*H*vOcQXu?$Poi4a__avfxwkiwP@~# zaB%55YI1n5r+7JT8TY4uc43~Cisp>sGK%31?8Ap;E+pM5XN9pG_LEy1&4emsDV0;w zC5|W`7^SiHxqEm}dcP#0BMzi!u5acNzTY$Z-dwhbCRucK)&MyUpw>^#RuZD!)RGl(-4|8imt{r1NU~CuIoibg-kVXU7ff5(O z7|Clg^(`eJ`e%jx!0>fWkbw)2f-gGOt~TtrzCt@esmCm zO01{ACA&Q+)^*^_GK-s*uC-M?Y7fI87SQp6}0D%VSshXAIi$32(< z*3u^4rKE&Eq1HWgWYaQzX#{HIxK;*;a)e#SoAQh~_JVL}G9U@sEiB;MrqE2oQb%yt zi?bkH%y?vX28!!RVO-A+A(SUXDeoOr(}+k=$fjIAvu+^Ul)h%t=V+xoDS*DFJd!>~ z*AT_qVsw-Cg(O-zK@__lyLX459IC&cn^XFuW={*RYX@gV06B1p-PtUGe$y@c6T=F2qVXml)Bcw+^~AXRDxZaaGQGgTok$ z#@h3|1yL#a4eTk|9c1O72BFEGwFcp-9YX8ticKGihwaJbf+}1Wz&3!ClM)6BS`T#Q zbNCZ-Q=hwNuVVV^_4rf+hlsPsBm`Q7Tf@4F8%`-|{Z{)h7{f1cE0zyvIssoyC@h3I z>;?A-o+{mAnz=-QubRVZ_MZlDq*Jh-J?Y4#PQ%_028OmF!XYe ztP1sn?gEvC3gF(6|9h zbhAwP#K=^wSt-zk$_kYQekMP2*`kf$g;K$g0Vz%6dqAm^v^;5Mr=Ptoo1v)fdiNpv z^)1;+t5+l7NeL2bGrFi`-OXdqgWpks%4wZ)F4*AQiD7F$hMUz-o9=Yj^kv|VXW28+alK9C|*mA4!CEMQq-(E)E39By5xg5|@PX(Pbu z5IUtK*t!DsTpBGWvq0y;wbCBOq$*zy(w1I(ZcK{7e%`}E6icO*9{Ouwc6ZnwgNsHj zl$ga;wz94#iEQOcr+Wu3 zK`%tEpBOJEL7LCDMpjh-#nk)6ya{G-V7C89ZS616lr{azzN0PJ0Yk@oh)=GFNR zrx*RVs))*Irac)7n60mhB!nF;T&n?DLlq`0WaPH^d&ktGNnNAKvV}P2OS1?wu`0vv z_lKITWKEAi!!xP#&Jr&o7m)~(ek@JMuX$#93oUl5H%*Z0+UfJZ# zGg@(>X?{n;1&@%r7>B$w9u0swq)T}Iuc z_9Q4$+E%%$Vbs=jre4vtPgqRg^|h726;-8DJ{pGB2mv?Gz74{dlpY=<}I*`2u_+-N>Bb#DxOsbUaAa=YQc;!iZj9vL2WWL!ExB_m9XlpB#ITx!N4Jo!!}d#g7b#77gkFVN zN8V^Mxl-M!k_F8r8esUA$akKva-~&}HZ{40nHFJo?d6s@_&C>VKBHt|FFdCx7wRnn z0HK^cxLFIiZyR(F0d;I?6TuKAJSi|ys%zys=qZTPP=+MPuN3z)xn2LHywUt|vjfAK zJFE>UHVdYZ z*!S!xat-aac8-r{&L;|VrPD?AUK1cp*?W7UE2)5uyvCp^&Jmtx_YdTg-d;d~5mpN@ zdvc15Rw%}Z=IR-q#bS6VChciYRU&=+X!0=mi|#R`U_1ZbU^|H33hApv%NSB~5eD~I zqF%MqvO%@VeW|Pl2v0krTnPl(Miz%d7+&dVmQ0D^MEEyGh39*GS=a>La+$z z>`P{-m19?447)MsYT}00E{7U;Vs;FmHEra=@v=E`oiMc97d|2%4g`ZLugH%L%iDyT z?VeKSks;&EqpZA_GTNBAsn8?kg2q^jR9!SSRZp5@!EA+`PxMPUT|M@?LyaY#JF9*q zeE0g`Q0!S9yTu6gLgBVj`EF?VSH26w?F?I|u;wpmvsS`o)QloF`Z=!0x&`uP;BQRT zsal4+zJ$^?fzqbKC91Y0cuH%l`{xE;H}=b4LMP@*N@R^m`TQ9)_e@B}h^#+s5i+O|%}UL}U?E`1Rek18p;!w}NZ?ZHiS}QUJB`9EXKoZ(T0)bZh`8^n zq)Yn;IR}(JQmAa*1VaBH;}#y{>tIO{;A{d`u0Ccn5kA0BO5J1;APgzV*EiGkKOiCU zao<9~WT%@-Wtw8SB>??Rmub@8xY*E(te{6nc^c&{oSsvPP4kK11%M=93EecJ{Rby%= z(0ke)Ie9>@Q(LkSHT4|Uh&|dVWqJeB{DAju7|v?rD7R0&R06;-LMME2I(l zgAMbCf}AqDKy0fkbkf}q~$`*}^F*!`B@-DF-95}45d>Gucb7Ue-QDV|kOGoRb zSVQId+Z9{LtI{-i&r~T;X^C)2lP~+W=**_QR=}-F`V}1H7!Em@DdAa%yL1wt!nehX zCdU)K=eyoCO&dM;rcWp@`cV^1@;r@K}X{uc}!dB&sae7qmce$4#&}1?;NGf9K!3Dj2mRWewRUrL8oyA;`xJ-b$;*3rj;RhK(5T?~*9hw*lSG%bk^W z5_K}NOX=!0|Jd=#h=a0`U-qkk*#ea1X6#~zz|=v|s>MX1h?NpG*>8Wl$hDkvv<{b} zXXJvAa4N+a19SCeL_E~VQaP!n=pf9^Qmm@$2ODP>Ao9-(rXk)dafUz~aE`T1m6p`x zYbDlPE=}+ztrlvIR)UQcr5KHCDe9HjI6aeqMamvDDx@o#;W6?7uj{82mzOB)J6?y& z#xx(8sHA6%sfjh%kA2STX!dc!K+#D^Jw(3hQk+3^;J}=Zoe6x6V#i>nO04E1H3Y>s zT33kX7P<8e;<;_HCnx8}-?fTRL9q}6lK!4^UA)H`I{s@Y7E>Sk;+b`$9F>*ej2CXO z#oV#T_hCu((z3V`l~65IZtNwFa6oEd{L8}kbqUWuEEWmMWYk$TfZZ$=d7w4_y2L3xH$^@~e~* zG{j=2!M4l}VyAZ<*3j|x%>XlbpX#vJ$35`jVkyW|Wsug`EpmDoMvtiKg6X?r9K(AZo<@WI5sORxwa84S_}DY$y#L7k|ov+m?WJ6iTB4Bg4=Yqh}Z!G##k z5FImGNj0Peq_mfq;tRzT2iOcFE(46Ixg!PWs63@!(n9J-dBHcaa1afAbMkr7FyjlV6X1q+SbajWy# z>;!Y%(uD=^M&QGX1FS|gV9?|w(e;$|xN((7iHVWG;?5EN);QPf+`bnF2`8??&dVaA zkaXp3RqUzumiCe<&TDu-rs>G_t;D5){4_FyNri@PLH(3Sq;r+_uCWFV`|sO>WWEru ztQ`ia=5%)2Fn?Czyh(5Cg(3Fdxc;==gS8J%x>`)rpkFB*rJGt^FS!gZapn+Yd)867 zrxL6CYS2D|p8=aG!Nl^i2wSAj9Ekltrrxv$uBr=-tF1JyoC;G=w5TS0>FUyA)Zu`G%)Qm|no69x z4Bp&uW&fMA`gX|x`0o~#PV0lA-7!IWF;%r*6yXqAJ z0V0L@9j=^bQc6?zFFN-EXHl_wap}0`Sy7cV4Q!uM(q#@`D{T<|KxND8YhbZO_Rf8v z6E_!_G!)BLBD98=a1sT0;jwEKyok_B%W0}UI!JD5*E!B5y1g|kTiH%SfcE^zl>!)K z4KO@EYiSO#hsSf=_!oNyyL)qZ`a!Z1&F<21(eq5rmc#dlTYc=Zhvv&v>u_g?PXj~p z2RR2fnr~T}tfM!uA?R@oS|kSW-enDh%3WU1%<C$~s(MBC*{YnyV9$X%Nx>9LxxmM5prmzB49h=YiO5ap2uP0r>VF?>K|ieite z+HhJwI+|IgK8oWcOj=n9)mYY4;Oxk!FQ&+9VCLi=S;)UpnSos~PH-wQlSVd8d4)~6 zWq^T2e!C^JaT>AUSGr4!toLqE}M1yLxrhwh4 zAx^nA%r{zEN(YIi*o%yRPv*!2m{PiR)?d`=mG}o|c?abUl2aZZcpv)H*FEf-aAI4g z%T_`S{y2gX2=ki!X`ml+Uolze3#HZ8_Rdkevj>$SbP>Kgw6R%L$UY-6Rthx7__TLE zb;x-M?a)co8j}3HF(TrT;=UNq}Rb zRpPezi)=eQHx*+g4J?FU;BCN0JPmL6!v~1aLmVRp|LMT-5}ZwtUGO)TmuGTos-*5zQedcIxK=^J2~9a70Jk+LAKN}MrxSV7%jV`GDsFPcsp8y}Udcp=kJ zjn4Wo?5mRVZ;+Ujyzo>0+q^}6)b4i0DamRd87AW7MBPjd%(d7p*zY)9KAB^*PJGIn z!kolh?!I~u$zr+zZwnWIisO(4oXp{6n*oBmSg^c<>W}c^pE_HA>Tb}+MWP4*&-N{2 z8t@bvEs)qrA$o@H*9^3kiPI4@f$yR8BGcyt=LKLtSG0kS)CfsIZ;l?i zzx-m8Z{CN)3c-4=iz-`79+>8B=RG|spnbA+L7L6>1_j*IZAN7g)VLFU+LyV7q&MhY zVYER`uR>+fZy958aumGP8@P*hxlpSV7ae#BiJngz8<6Mvx2&O9;N1{rJkkMiQ~;g- zEH8cY>foydUhAPyLm|Ags}h*eq@&Ov8pPH8tnDo^wI)(Gsf6lIr1Oyj1jZIfeDo=S z2Q!tfN}xeAw10tij=soW4WJhujzb8+4ip}sq$qV&LUna6QHsonzU;;H@ zHRq#AJBNIn@&JdR=381@Sq^6DrWx<+fyR^>(mq(yy*maPf37b8Z2T^PKmTybcH*{y ztppmA<Qwe_Nt!7HJnh~<<%F|ww zxq;$8YiXX)LWv{6e@3*%snnMUGS`dY{%+Xs4|&ucxnm!fCyN7SOP4o z>^3?VWE#xn*;O32SeD&J8|ipaqWsnF#s>8C6@u7!p_WQsD+~2GyEs1~kD1t13;GYT z)6_n*)h;xq`RHLu`D`l}R(y=`n(j|C!*;~QXbbhG1(Fb0AkFeAi9to05SAxrB-26@ z*O$-P4+ik&6NV0}be^1zx*hoM5}skn9QLss+A% zdp4;0` z(K_O3vdT*rNqlNQMQApx9o=k0HNS!OquiqV2jD|QFVee|Zl$=kL;KZ-KZt|v(P)FV z$*vMJ?u1jW;hj`w&&4@dbm?;WgYjZcj{=o1!e;52q^V~FDEeO7;pw!@?iHJ%9a^;g z5PAP;x+lu(X7@BNZ}Z9ZE6S5XoeOPRo+|Cto~j@DSY@yfk|wJjrzw=SH`UV}_b$Oh z6JSqWVhzJCGFcBbcZ{O=PcyE00Ozd2zWD=Krn|rQ_N(cB88&#jLmsr)dATnh!Q2~^ zQ>r*z^$C(H9}(asS1>#~^pqL4nTpe3L-kD-U|j)r8vrSi+B-RyR&${y_?~L9a#1qJ zx>04^cm>Ak80&CZq={Bc#JN=wmGle&qmE5+#OKcK5_yy117s$c5gQu}yO4MP$lzih zM@gX_5Wy>VX|amb%kFD|^XQ;NkXTb?<=h>X==NeK+QKm}`mov<^o4C?Z%9=Q@a^llQ7qDq&JJIyyP(Q6wHtW2D$LhS9h|t;8v9bP^q; z)hG*q!e_PWQ&(I9W~7t-Fc1+%LUGO{SF_SZD`CUqAvyx_NhUWV z=kuk+D3!0gCsQp1p{#x%?fQf~N%hn;h*J`mD^>)i*$ue@aX&z*6biy&6;Xn=pWnkeq4>|jInr>SO013Ynp)|s7c={-^Uf>D-!GU5x#Ke~%} zgIB3SV_?6%vazc-X41ir-$K{OpU2-yn@@WzN|$jR4jCkf>7L^SlO7MFOp&#~EKI}0 zh;hM$RbdZZxbg()8#1ocH+=h^-_t#h0CXhtmft$dIVFgGi*Z2A8i|(Ht5@0vP$NMe zi#j%>9_7$67#)$a^lF0T2pgT9OFEKqHNn2c;RNn9zy>2cT*0`SU{9GQW!io@-7`8* zmy&?6T7flE%1!7(wX1JJM!&CGz;P_=p?}7q(ON#!SbGn1?`9cGOKbU zx>s=S#-Lfen$W#*Ze%R|w~fNcL)i z{kDRCf*kG{3I1Fn_c7B5<9ljqTPpmgSxj29Q4T}FL6%NJRcm#{U6D4f1pnaAxMypMa zZo^4+q@K~p;&GMO=0q{Z+oiY~K7W>(b+U}MSOy79_86r=ljP@fqX2|F=y}tWwuawB zfeiHf(4GTN>T^n-Di9&)A2SJ$(&}u)run%WJ~rJsp`<8vX-zRAIc!IQ%fbz$+UJUt zz7c41RKjZ%Da-m1w2*9#j0UPRJ&Rq%^h5wUMhWUq-5%C zj+_~U8;~skymm{fBHH2}Zm)=YGr{3%bDXn16*%P0`B6~ziNvv8!%T3GapM-~r*?2T zD{V$19roV&aL;VPQ=8CnH!>fEyn6H_^s{9fJsDG-WK=nARGY{3miS2b?T`37b@|eV z9D@

HOW TO CRACK, by +ORC, A TUTORIAL +Lesson 9 (1): How to crack Windows, Hands on +[Winformant][Snap32] + + + THE [DATA_CONSTRAINT] TRICK - [WINFORMANT 4] + I have chosen an older windows application for Win 3.1. +(WIN4MANT.EXE, 562271 bytes, Version 1.10, by Joseph B. Albanese; +you'll find it searching the web with the usual tools, see how +to do it at the end of this lesson), in order to show you how to +use a nice little trick, at times really useful in cracking +password protected programs: [data_constraint]. Inside almost all +protection routines, as you have already learned, there is a +moment when on the stack the ECHO of the real, "correct" +passnumber or password appears. The location of this ECHO varies, +but most of the time it'll be in a range of +- 0x90 bytes from +one of the locations where the user input dwells. This is due to +datadump windows constraints inside the tools used by the +protectionists... but this use is bound to diminish... especially +after this lesson :=) + +[WINFORMANT CRACKING] + This application is -per se- crappy, I doubt you'll ever use +it... but its curious (and pretty rare) "deactivate" mode is +nevertheless very interesting for us: you can "unregister" +Winformant on the fly if you feel the need to. + This feature is pretty useful for scholars that like to +investigate password algorithms with valid and invalid codes +without having to reinstall every time to delete a valid code. +For your cracking exercises choose programs that have +"REVERSIBLE" protections (rare) or that can be re-registered a +billion times (more frequent). Programs that keep the valid +registration on *.ini or special files will also do the job: you +just change a couple of lines to "unregister" them. + The trick of this lesson: [data_constraint], or "password +proximity", bases on the protectionist's need to keep an eye on +the protection "working" when he assembles it. He must "see" the +relationships between USER INPUT NUMBER, USER INPUT TRANSFORMED +and the CORRECT NUMBER ANSWER (in our jargon: the "Bingo"). These +relationships must be constantly checked In order to debug the +protection code. Mostly they will dwell TOGETHER inside a small +stack area, allowing them to be "seen" in the SAME watchwindow. +Most of the time, therefore, the "ECHO" will "materialize" + +shortly not very far away from one of the locations of the USER +INPUT. Let's crack: + +* Fire Winice and then Winformant +* Choose HELP and then choose REGISTRATION +* Fill the registration fields with "+ORC+ORC" as "Registrant" +and "12121212" as "Activation" code (use whatever you fancy). +CTRL+D ;switch to Winice +:task ;let's see what's the name of this crap +TaskName SS:SP StackTop StackBot StackLow TaskDB hQueue Events +WINWORD 1AD7:85F2 4A52 8670 7532 1247 122F 0000 +PROGMAN 1737:200A 0936 2070 1392 066F 07F7 0000 +DISKOMAT *2C5F:6634 1D3C 6AC6 5192 2CB7 2C9F 0000 + +:hwnd DISKOMAT ;which window is getting the input? +WinHandle Hqueue QOwner Class Name Window Procedure +0EB4(0) 2C9F DISKOMAT #32769 04A7:9E6B + 0F34(1) 2C9F DISKOMAT #32768 USER!BEAR306 + 365C(1) 2C9F DISKOMAT #32770 2C3F:0BC6 + 36BC(2) 2C9F DISKOMAT Button 2C3F:1CEA + 3710(2) 2C9F DISKOMAT Edit 2C3F:24BE +... and many more irrelevant windows. + +Let's pinpoint the code, here the relevant window is the first +"Edit" one, for obvious reasons (more on this later). +:bmsg 3710 wm_gettext ;set breakpoint +CTRL+D ;run the babe until you get: +Break Due to BMSG 3710 WM_GETTEXT C=01 + Hwnd=3710 wParam=0050 lParam=2C5F629A msg=000D WM_GETTEXT +2C3F:000024BE B82F2C MOV AX,2C2F +So! Now we have "pinpointed" the babe (more on "pinpointing" +later). Let's snoop around a little: look at the stack to fetch +your babe's last call (if it does not show immediately, just keep +pinpointing, for instance on GetWindowText() or do a BPRW +diskomat (very useful), and then try and retry the stack... +should this too fail to work, search for your input in memory (in +the 30:0 lffffffff selector, as usual) and breakpoint range on +it with ReadWrite, and then stack, stack, stack... until you get +the "real" list of calls coming from your babe's protection. +:stack ; let's see +USER(19) at 073F:124C [?] through 073F:1239 +CTL3D(02) at 2C3F:0D53 [?] through 2C3F:0D53 +DISKOMAT(01) at 2C97:20B9 [?] through 2C97:20B9 +DISKOMAT(01) at 2C97:3D94 [?] through 2C97:3D94 +DISKOMAT(01) at 2C97:49E2 [?] through 2C97:4918 +DISKOMAT(04) at 2C7F:EA20 [?] through 2C7F:EA20 +USER(01) at 04A7:19BE [?] through USER!GETWINDOWTEXT +== CTL3D(02) at 2C3F:24BE [?] through 04A7:3A3C + + Beautiful stack fishing! Do immediately a BPX on babe:EA20. +2C7F:EA35 9A25ABA704 CALL USER!GETWINDOWTEXT +2C7F:EA3A 8D46AE LEA AX,[BP-52] ;load ptr "+ORC+ORC" +2C7F:EA3D 16 PUSH SS ;save pointer segment +2C7F:EA3E 50 PUSH AX ;save pointer offset +2C7F:EA3F 9A768D872C CALL 2C87:8D76; get strlen "ORC+ORC" +2C7F:EA44 83C404 ADD SP,+04 +2C7F:EA47 3D2800 CMP AX,0028 +2C7F:EA4A 762C JBE EA78 +... +2C7F:EA97 8D46AE LEA AX,[BP-52] ;load ptr "+ORC+ORC" +2C7F:EA9A 16 PUSH SS ;various algors on input +2C7F:EA9B 50 PUSH AX ;follow here, we do not +... ;need to care +2C7F:EAB2 0F851101 JNE EBC7 +2C7F:EAB6 8D8E5CFF LEA CX,[BP+FF5C] ;ptr "12121212" +2C7F:EABA 16 PUSH SS +2C7F:EABB 51 PUSH CX +2C7F:EABC 9A768D872C CALL 2C87:8D76 ;get strlen "12121212" +2C7F:EAC1 83C404 ADD SP,+04 +2C7F:EAC4 50 PUSH AX +2C7F:EAC5 8D865CFF LEA AX,[BP+FF5C] ;ptr "12121212" HERE! +2C7F:EAC9 16 PUSH SS +2C7F:EACA 50 PUSH AX +...etc, various algors on input follow here + + OK, it's enough: now obviously follows the code that +"algorithmize" the number string, and then, somewhere, you'll +have the hideous compare that divides good guys and bad crackers. +You could examine, and crack, and search... + BUT NOW IT'S THE "MAGIC MOMENT" OF THE ECHO! We know and *feel* +it: The echo must be somewhere... how do we find it? Searching +"12121212" in memory fishes at least 10 different locations... +:s 30:0 lffffffff '12121212' +Pattern Found at 0030:0005AD6A +.... (7 more) +Pattern Found at 0030:80509D6A +Pattern Found at 0030:8145AD6A + Should we look for all occurrences of string '12121212', +starting with the two at 80000000, dumping +-0x90 around it... +until we find the echo? We could, and it would work, but that's +not zen... that's boring! In other protections these locations +could proliferate on purpose, to deter the casual cracker. There +must be some other way... And lo and behold! YES! There is a +quicker way... THE LAST loading of the numeric input string in +the code (the one after the strlen count) is the "right" one for +our cracking purposes, coz protections follow (mostly) this +pattern (remember: we are inside a "stack-heavy" section of the +code... if you want to crack higher I suggest you read some good +literature about stack working, stack tricks and stack magics +with the Intel processors): + LOAD NAMEString - COUNT NAMEStringLen + + LOAD NAMEString - TRANSFORM NAMEString + LOAD CODEString - COUNT CODEStringLen + LOAD CODEString + *ECHO must be here* + TRANSFORM CODEString + *ECHO must be here* + COMPARE TRANSFORMED_NAMEString WITH TRANSFORMED_CODEString + + This means that at line +2C7F:EAC5 8D865CFF LEA AX,[BP+FF5C] ;ptr "12121212" +you'll already have your echo somewhere... just dump the memory +around the pointer [BP+FF5C]: +:d 2c5f:61e8 ;these numbers will differ in your computer +02 62 2F 06 02 00 26 2E-A3 4E A3 4E 01 00 38 30 .b/...&..N.N..80 +33 37 2D 36 34 36 2D 33-38 33 36 00 01 06 02 00 37-646-3836..... +2F 06 75 62 C3 2E B7 04-F2 24 2F 06 CE 6E 2F 06 /.ub.....$/..n/. +49 00 5A 00 01 00-04 2C 2F 06 AE 24 36 62 00 00 I.Z......,/..$6b +74 62 7A 2E B7 04 36 62-01 00 C2 62 2F 2C 26 2E tbz...6b...b/,&. +03 01 BA 0F AE 24 5F 02-C9 01 5E 02 BA 01 5F 02 .....$_...^..._. +31 32 31 32 31 32 31 32-00 0C 00 BC 02 00 00 00 12121212........ +00 49 00 BA 0F-AE 24 F2 24 2F 06 00 00 00 00 00 ....I....$.$/... +AF 17 00 E2 5F-7A 62 FE FF 79 1B BA 0F 00 00 00 ......._zb..y... +96 0B 01 00 02 4E 00-37 01 8A 62 D2 0F 8F 17 00 .....N..7..b.... +2F 06 00 37 01-98 62 20 10 16 03 2F 06 00 00 00 /.....7..b .../. +C2 62 2B 4F 52 43 2B 4F-52 43 00 0D AE 24 2F 06 .b+ORC+ORC...... + + Look at this dump: everybody is there! The stack pointers points +in the middle, at string "12121212". 0x50 bytes before it you'll +find our good old ECHO (i.e. the CORRECT passnumber) and 0x50 + +bytes afterwards you'll see your handle: here "+ORC+ORC". + It's cracked! The code for my "+ORC+ORC" is 8037-646-3836... +Now begin your assignments: if you rally want to learn cracking: +- "Unregister" and find anew your own code for your own + handle. *DO NOT* use serial numbers with any other name + that your own handle, that's miserable stealing, not + cracking. I'll begin to punish the serial#_aficionados on + the Web, coz I like real outlaws, but I detest stupid + pickpockets. +- Study the two coding algorithms, the one for the input name + and the one for the input number, this will be very useful + for your future cracking sessions. +- Find the "Compare", i.e. the code that sets the two usual + flags "good guy, you may move on" and "bad cracker, beggar + off", and +- Create a "real" crack for this protection, that will allow + anybody you think deserves it, with any name and any + password number, to get through. + +[CRACKING SNAP 32] + Snap 32 (SNAP32.EXE 356.352 bytes, 24/11/95, Version 2.54, +by Greg Kochaniak) is a "snapshot" shareware program for Windows +95, that allows users to save the screen, parts of it, or a +single window. It's a very common 'try before you buy' program, +limited to 30 days use. You'll find it everywhere on the Web. If +you do not know how to search the Web (poor guy!), learn at the +end of this lesson the correct procedure to find all the files +you need on the Net and get them automatically emailed to you +(that's something you should learn: SEARCHING! It's even more +important than cracking!). + Snap32 is not very interesting (I don't think I used it more +than a couple of times), but its protection is: in order to (try + +to) deter casual crackers it does not compare strings, it +compares a "magic" sum (from Namestring) with another magic sum +(from Numberstring). And: +* SUMS magics inside the GDI, not inside its own code; +* USES a look_up table for input validation instead of + "plain" code; +* COMPARES the "magic" manipulation from input NUMBER with + the "magic" manipulation from input NAME. + + + The cracking procedure for most of these windows programs is +pretty simple and relatively straightforward: + +1) SEE THE NAME OF YOUR BABE AND ITS QUEUE SELECTOR +:task ;This is the Winice95 command you type after firing +snap32 and getting at the "Enter License" nag window: + +TaskName SS:SP StckTp StckBt StckLw TaskDB Hqueue Events +Snap32 0000:0000 006 AC000 006B0000 270E D27 0000 + +OK, the babe is Snap32,it's HQUEUE is 0xD27, it's TaskDB is +0x27OE, orright. + +2) SEE THE MODULES OF YOUR BABE: +:map32 snap32 ;Your command +Owner Obj Name Obj# Address Size Type +SNAP32 .text 0001 0137:00401000 00043000 CODE RO +SNAP32 .rdata 0002 013F:00444000 00002E00 IDATA RO +SNAP32 .data 0003 013F:00447000 00009000 IDATA RW +SNAP32 .idata 0004 013F:00471000 00001C00 IDATA RW +SNAP32 .rsrc 0005 013F:00473000 00001600 IDATA RO +SNAP32 .reloc 0006 013F:00475000 00004C00 IDATA RO + +OK, so the code is in selector 137:(as usual), and you have there +43000 bytes of code from 401000 to 401000+43000; the DATA, +ReadWrite and ReadOnly, are in selector 13F: (as usual). + +3) SEE THE HANDLE OF THE PROTECTION "NAG" WINDOW +:hwnd snap32 ;Your command +Window Handle Hqueue SZ Qowner Class Name Window Procedure + 0350(1) 0D27 32 SNAP32 #02071 144F:0560 + 0354(2) 0D27 32 SNAP32 #02071 17CF:102E + ... and many more windows that we do not care of. + + OK, so, for our cracking purposes, it's Handle 0x350. Most of +the times the "nag" window you want to crack will be the first +one in the hwnd listing (coz it was the last one to appear). +Watch the number in parentheses that follows the Whandle: (1) is +a mother, (2) are "children" windows. At times you'll find under +"Class Name" something like "Edit" (see before the Winformant +cracking)... SNIFF THERE! At times the "Window Procedure" code +location in a list of more than twenty, will be slightly +different for one or two windows... SNIFF THERE! + +4) BREAKPOINT MESSAGE WM_GETTEXT (or any other WM_ that you can +think of in order to "pinpoint" the code of our babe). +"Pinpointing" the code is extremely important in windows +cracking... this idiotic OS moves code, data and stack out and +inside the pages all the time... so you'll keep getting on +"INVALID" sections without a correct pinpointing. Good +Pinpointing points are in general: + BMSG xxxx WM_GETTEXT (good for passwords) + BMSG xxxx WM_COMMAND (good fro OK buttons) + BPRW *your babe* TW (good for tracking) + u USER!GETWINDOWTEXT (u and then BPX inside the code) + u GETDLGITEM (for the Hwnd of an Item inside a + Dialog Box) + CSIP NOT GDI (if you have too many interferences) + u USER!SHOWWINDOW (bpx with counter occurrence to get to + the "right" window) + u GETSYSTEMTIME (for "time-crippled" software) +and many others pinpointing points you'll learn. If you are +really desperate for pinpointing, just do a BMSG xxxx WM_MOVE and +then move the nag window, this will always work. Let's go on: + +:bmsg 350 wm_gettext ;Your command +OK, so the code is ready to be pinpointed. + +5)RUN THE PROGRAM TO THE BREAKPOINT: +CTRL+D ;Your command to exit Winice and run + until it pops out at breakpoint +OK, now you pop out inside Winice somewhere... (look at the stack +to know where) so the code has been pinpointed. + +6) SEARCH THE DATA AREA for your input string (4 Gigabytes from +30:0... remember that DATA are *always* in 30:0 to 30:FFFFFFFF +and CODE is *always* in 28:0 to 28:FFFFFFFF). In most protection +the "registration_number" string must match the "username" +string, which cannot be constrained, in order to allow users to +choose whatever stupid name they fancy. Some protections requires +fixed symbols inside the "username" string, though... in these +rare eventualities, just apply to the "username" string what +we'll do here with the "registration_number" string. The point +to remember is: begin always with the protection fumbling your +number, crack only if necessary the protection that fumbles your +name. Let's search now. + +:s 30:0 lffffffff '12121212' ;Your command + Pattern Found at 0030:80308612 + +80000000 is good. Lower era videos, mirrors and BIOS, higher +(around C0000000) you have the OS dustbins... the point to +remember is: investigate always FIRST the 80000000 locations. + +7) BREAKPOINT ON MEMORY RANGE ON THIS STRING. +By the way: prepare a watch window dex 3 es:di, you'll soon see +how useful such an automated watchwindow is in password cracking. + +:bpr 30:80308612 30:80308612+8 RW ;Your command + +OK Now we'll begin to dig out the relevant parts of the code. +Remember that you must breakpoint *every* copy of the string that +protection generates. A typical copy routine, very frequently +used in windows copy protection schemes, dwells inside +KERNEL!HMEMCPY (+0076): + +0117:9E8E 66C1E902 SHR ECX,02 +0117:9E92 F36766A5 REPZ MOVSD ;makes a copy in es:di +0117:9E96 6659 POP ECX +0117:9E98 6683E103 AND ECX,+03 +0117:9E9C F367A4 REPZ MOVSB +0117:9E9F 33D2 XOR DX,DX + +In fact, this piece of copying code is so often used for password +verifications that sometimes you just need to bpx on 0117:9E92 +to get the correct stack sequence... but let's, for now, continue +without such little tricks: just keep on BPRring (Breakpoint on +memory range) all copies that protection makes. + +8) LET THE BABE RUN, it will breakpoint on all manipulations of +your input string. One of them will lead to the magic. +8.1.) VALIDATION phase +There are many routines that check and "validate" your inputs. +The most common ones check that your numbers ARE really numbers, +i.e. in the range 0x30-0x39. Usually this is done with: + CMP EAX,+30 + JB no_number + CMP EAX,+39 + JA no_number +At times the protectionists use TABLES instead... The number +itself is used as a pointer to a "ready made" table where the +relevant magic can be used as a protection. Imagine that a number +4 in your input points to a code section that throws you +immediately outside the validation routine... or imagine that a +number 7, if found in your input, fetches a magic code that +removes the whole program from your harddisk (or worse): "Ah, ah! +Stupid cracker will never know that he should not have used +number 4... and definitely not number 7! Next time he'll +learn..." Yes, tables have been used for such nasty tricks. +Here the relevant code for the "validation" part of our +protection (still checking my favourite input string '12121212'): +:check_if_valid +0137:4364AE 8A16 MOV DL,[ESI] ;load license number +0137:4364B0 33C0 XOR EAX,EAX ;zero AX +0137:4364B2 668B0451 MOV AX,[ECX+2*EDX] ;look table for 84 +0137:4364B6 83E008 AND EAX,+08 ;OK if AND'S TO zero +0137:4364B9 85C0 TEST EAX,EAX ;and therefore +0137:4364BB 7403 JZ 004364C0 ;go on +0137:4364BD 46 INC ESI ; ready for next number +0137:4364BE EBCD JMP 0043648D +:strip_-_&_+_signs +0137:4364C0 33DB XOR EBX,EBX ;clean BX +0137:4364C2 8A1E MOV BL,[ESI] ;load license number +0137:4364C4 46 INC ESI ;ready for next +0137:4364C5 8BFB MOV EDI,EBX ;save copy +0137:4364C7 83FB2D CMP EBX,+2D ;is it a "-"? +0137:4364CA 7405 JZ 004364D1 +0137:4364CC 83FB2B CMP EBX,+2B ;is it a "+"? + +8.2.) MANIPULATION (summing magic numbers) +Your wisely set breakpoints on memory range for the occurrence +of the string "12121212" will pop you out, inter alia, inside +following piece of code (note how this part of protection dwells +inside GDI, and NOT inside the code selector of snap32): +0557:11BD 33C0 XOR EAX,EAX ;zero AX +0557:11BF 66648B06 MOV AX,FS:[ESI] ;load number +0557:11C3 83C602 ADD ESI,+02 ;point to next + +0557:11C6 66833C4700 CMP WORD PTR [EDI+2*EAX],+00 +0557:11CB 0F8424010000 JE 000012F5 +0557:11D1 668B0442 MOV AX,[EDX+2*EAX] ;load from magic table +0557:11D5 03D8 ADD EBX,EAX ;save sum in EBX +0557:11D7 49 DEC ECX ;till we are done +0557:11D8 75E5 JNZ 000011BF ;loop along + +Interesting, isn't it? Protection is using this GDI routine to +create a SUM (through pointers to another table) that depends on +your very input numbers. We are now very near to the crack... can +you *feel* it? If not, prepare yourself a good Martini Vodka! +This is the correct way to do it: + * Get a "highball" glass; + * Put some ice cubes inside it (2 or 3); + * Add Martini Dry (From Martini & Rossi). Fill to 1/3; + * Add Moskowskaja Wodka (the only real Vodka). Fill to 2/3; + * Add a zest of lemon (From Malta or Southern France); + * Add a green "sound" olive (from Italy or Israel); + * Add Schweppes Indian Tonic. Fill to the brim. +Sit deeper and relax, sip slowly and *feel* where the code of the +protection scheme you are cracking "moves"... It's like a +current... a slow tide. If you still do not believe me, just try +it. + +We'll now find out where protection stores the "magic" sum (and +now you'll pop out inside the very own snap32 code, this is the +"real" protection part): + +8.3.) The ludicrous "HIDING" of the magic sum +0137:40437E 83C404 ADD ESP,+04 +0137:404381 8B4DE8 MOV ECX,[EBP-18] +0137:404384 8945F0 MOV [EBP-10],EAX ;***HERE!*** +0137:404387 68FF000000 PUSH 000000FF +0137:40438C 8D8574FBFFFF LEA EAX,[EBP+FFFFFB74] ;load string +0137:404392 50 PUSH EAX ;push it +0137:404393 E886410100 CALL 0041851E ;manipulate +0137:404398 8D8574FBFFFF LEA EAX,[EBP+FFFFFB74] ;load string +0137:40439E 50 PUSH EAX ;push it +0137:40439F E88C210300 CALL 00436530 ;manipulate + +As you can see, the protection is very simple: The "magic" sum +is hidden only two lines before the further manipulations of the +input string. We have found location 137:404384, here, in the +CORRECT way, through bprring of the string that has been +manipulated in the GDI, but actually, we could have found it +quickly just checking superficially what's happening "around" all +manipulations of the input string. Do we really need to follow +all manipulations of our registration_number and eventually also +all manipulation of our username? NO, not at all: we just set a +BPR on the stack location where protection hides the sum [EBP-10] +and we'll see what happens: 90% of these protections just create +two sums, a sum from your username and a sum from your +registration_number... somewhere there will be a compare that +must use this location (or a copy of it... we'll see). + +8.4.) COMPARING THE MAGICS FROM THE TWO INPUT STRING +Breakpoint on memory range on the sum location [EBP-10] that you +saw in the previous code and you'll land at this piece of code: +0137:404412 E82F050000 CALL 00404946 +0137:404417 83C40C ADD ESP,+0C +0137:40441A 3B45F0 CMP EAX,[EBP-10] ;comp AX & magicsum +0137:40441D 740F JZ 0040442E +0137:40441F 68C0874400 PUSH 004487C0 +0137:404424 E8149E0000 CALL 0040E23D +0137:404429 83C404 ADD ESP,+04 +0137:40442C EB5B JMP 00404489 +0137:40442E 893DA0714400 MOV [004471A0],EDI +0137:404434 85FF TEST EDI,EDI + +That's it, you have made it! We found the compare between the +"username" magic number (for my "+ORC+ORC" string that's here +0x7C25621B) in AX (we do not need to know how this landed +there... it's irrelevant!) and the "license_number" '12121212' +(whose magic is here 0x00B8F47C) stored in [pointer-10.] How do +we find now the correct INPUT number for +ORC+ORC? Well, it's +easy... the "magic number" must be the same... therefore: + +Cracked=Dec(0x7C25621B) +Cracked=2082824731 + + That was it. Old Snap32 has been cracked. You could now +prepare a crack in order to distribute this program around +without its simple protection. Good cracked applications should +be given free (i.e. cracked) to all the people that NEED them and +do not have the money to buy them. Don't forget that in this +intolerable society the 0,5% of the citizens own the 56% of the +industrial capital and the 63% of the propaganda machines (data + +from US researchers... therefore suspect... the real situation +is probably even worser) effectively conditioning the destiny of +millions of slaves, moronized by television watching. So crack +the applications and give them to the people you care and the +peolple that need them, but for the others... just EXPLAIN +everybody how you did it... this is real help: giving knowledge, +not wares. DO NOT use my handle and my codes to crack this +program, get yours, I gave you mine only as an help for this +cracking lesson. I have showed you the way enough... THIEFS, not +crackers, use the codes that others have found. You are (gonna +be) CRACKERS! Remember it, look straight ahead, crack accurately +and keep your tommy in. + +HOW TO SEARCH THE INTERNET FOR FILES WITHOUT MOVING A FINGER + It's amazing: most of the people roaming around inside Internet +DO NOT know how to use effectively the web. I'll be very +altruistic and explain how to fetch the very example of Snap32, +the babe we cracked in this lesson. + +1) Choose an archie from this list (I will not explain you what +an archie is, you should know it... if you do not, be ashamed): + archie.univie.ac.at 131.130.1.23 Austria + archie.belnet.be 193.190.248.18 Belgium + archie.funet.fi 128.214.6.102 Finland + archie.univ-rennes1.fr 129.20.254.2 France + archie.th-darmstadt.de 130.83.22.1 Germany + archie.ac.il 132.65.16.8 Israel + archie.unipi.it 131.114.21.10 Italy + archie.uninett.no 128.39.2.20 Norway + +2) Email a message to your archie: + To: archie.univie.ac.at (for instance) + Subject: (nothing on this field) + Body: set search sub (substrings too) + set maxhits 140 (max 140 hits) + set maxhitspm 9 (not the same file all over) + find snap32 (we want this) + +3) After a while you'll get (per email) your answer: Here the +answer from the Austrian archie + +Host ftp.wu-wien.ac.at (137.208.8.6) + Last updated 17:48 9 Aug 1995 + Location: /pub/systems/windows.32/misc + FILE -rw-r----- 128957 bytes 15:59 16 Jun 1995 snap32.zip +Host space.mit.edu (18.75.0.10) + Last updated 00:45 4 Mar 1996 + Location: /pub/mydir + FILE -rw-r--r-- 407040 bytes 11:55 28 Nov 1995 snap32.exe + +4) ftpmail your file (Browsing is no good: too busy and lame). +Again, I will not explain you what an FTPMAIL server is: learn +it by yourself... choose a good one from this list (there are +many more... you'll learn): + bitftp@vm.gmd.de (Germany) + ftpmail@ieunet.ie (Ireland) + bitftp@plearn.edu.pl (Poland) + ftpmail@ftp.sun.ac.za (South Africa) + + ftpmail@ftp.sunet.se (Sweden) + ftpmail@ftp.luth.se (Sweden) + ftpmail@src.doc.ic.ac.uk (United Kingdom) + +To: ftpmail@ftp.sun.ac.za. (for instance) +Subject: (leave blank) +Body: open space.mit.edu (the last occurrence that + the archie sent) + cd/pub/mydir (get the correct subdir) + bin (prepare for BINARY) + get snap32.exe (I want this) + quit (bye) + +5) Your FTPMAIL server will first notice you a receipt: + +FTP EMAIL response... +ftpmail has received the following job from you: + reply-to +ORC + open space.mit.edu +ORC@now.here + get snap32.exe +ftpmail has queued your job as: 1834131821.5514 +Your priority is 1 (0 = highest, 9 = lowest) +Requests to sunsite.doc.ic.ac.uk will be done before other jobs. +There are 14 jobs ahead of this one in the queue. +4 ftpmail handlers available. +To remove send a message to ftpmail containing just: +delete 1834131821.5514 + +After a while you'll get a second message, with your file +uuencoded inside... everything has been done. +YESSIR! there is absolutely no need to loose time on the WWW, +"surfing" idiotically from a junk site to the next or waiting +hours to download some slow file from an instable server! Wasting +time of your own LIFE, that you could use to read poetry, to make +love, to look at the stars, to sail slowly between the Aegean +islands or to start a nice cracking session. What's the point of +wasting your time when machines can perform all the searches you +need better, more productively and faster than you ever could... +YESSIR! You can get *everything* on the Web, and without paying +your Internet provider more than a couple of dimes... Nice, isn't +it? + +By now, if you have followed all my lessons, you should be able +to crack relatively quickly "normal" applications. There are some +new projects for 1997: a cracking "university", that will allow +us to prepare for the divine war against Microsoft repulsive +dominion. If you do not have already chosen your handle (your +"cracker" name, that's it), you may consider choosing an handle +with a "+" somewhere inside it or, eventually, add a "+" to your +handle. This sign is used by me and by friends that have studied +and/or contributed. But a "+" in your handle ("official +ORC +cracker") will mean even more: +1) allows support from me personally (on a "do ut des" basis) +2) allows pupils to identify each other (good for joining + forces) +3) will open you (eventually) the doors to the "higher" + cracking university I'll set up on the Web in 1997. +(I'm not getting megalomaniac... In reality I only need a "quick" +method to know on which (anonymous) people I can count on for the +next phase). + +Well, that's it for this lesson, reader. Not all lessons of my +tutorial are on the Web. + You 'll obtain the missing lessons IF AND ONLY IF you mail +me back (via anon.penet.fi) with some tricks of the trade I may +not know that YOU discovered. Mostly I'll actually know them +already, but if they are really new you'll be given full credit, +and even if they are not, should I judge that you "rediscovered" +them with your work, or that you actually did good work on them, +I'll send you the remaining lessons nevertheless. Your +suggestions and critics on the whole crap I wrote are also +welcomed. + + + ++ORC an526164@anon.penet.fi diff --git a/textfiles.com/piracy/CRACKING/howtoa.txt b/textfiles.com/piracy/CRACKING/howtoa.txt new file mode 100644 index 00000000..5fb6efb9 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/howtoa.txt @@ -0,0 +1,336 @@ + +HOW TO CRACK, by +ORC, A TUTORIAL + +Lesson A.1: Advanced Cracking: Internet Cracking (Unix) + +-------------> INTERNET CRACKING: FIREWALLS + With each new company that connects to the "Information +Superhighway" new frontiers are created for crackers to explore. +Site administrators (Siteads) have implemented various security +measures to protect their internal networks. One of these is +xinetd, covered later. A more general solution is to construct +a guarded gateway, called a [Firewall], that sits between a +site's internal network and the wild and woolly Internet where +we roam. In fact only one third of all Internet connected +machines are already behind firewalls. Most information services +have to deal with the same problem we have: getting OUT through +a local firewall or GETTING INTO a service through their +Firewall. There lays also the crack_solution. +------------> What is a Firewall? + The main purpose of a Firewall is to prevent unauthorized +access between networks. Generally this means protecting a site's +inner network from the Internet. If a site has a firewall, +decisions have been made as to what is allowed and disallowed +across the firewall. These decisions are always different and +always incomplete, given the multiplicity of Internet, there are +always loopholes where a cracker can capitalize on. + A firewall basically works by examining the IP packets that +travel between the server and the client. This provides a way to +control the information flow for each service by IP address, by +port and in each direction. + A firewall embodies a "stance". The stance of a firewall +describes the trade-off between security and ease-of-use. A +stance of the form "that which is not expressly permitted is +prohibited" requires that each new service be enabled +individually and is seldom used, coz very slow and annoying. +Conversely, the stance "that which is not expressly prohibited +is permitted" has traded a level of security for convenience. It +will be useful to guess the stance of the firewall you are +cracking when making probe decisions. + A firewall has some general responsibilities: +* First and foremost if a particular action is not allowed by +the policy of the site, the firewall must make sure that all +attempts to perform the action will fail. +* The firewall should log suspicious events +* The firewall should alert internal administration of all +cracking attempts +* Some firewall provide usage statistics as well. + +------------> Types of Firewall + In order to avoid head-scratching, it's a good idea to know +the TOPOLOGY of "your" firewall -and its limitations- before +attempting to get through it. Discussed below are two popular +firewall topologies. Although other types exist, the two below +represent the basic forms; most other firewalls employ the same +concepts and thus have -luckily- the same limitations. + 1) THE DUAL-HOMED GATEWAY + A dual-homed Gateway is a firewall composed of a single +system with at least two network interfaces. This system is +normally configured such that packets are not directly routed +from one network (the Internet) to the other (the internal net +you want to crack). Machines on the Internet can talk to the +gateway, as can machines on the internal network, but direct +traffic between nets is blocked. + In discussing firewalls, it's generally accepted that you +should think of the inner network as a medieval castle. The +"bastions" of a castle are the critical points where defence is +concentrated. In a dual-homed gateway topology, the dual-homed +host itself is called the [BASTION HOST]. + The main disadvantage of a dual-homed gateway, from the +viewpoints of the users of the network and us crackers alike, is +the fact that it blocks direct IP traffic in both directions. Any +programs running on the inner network that require a routed path +to external machines will not function in this environment. The +services on the internal network don't have a routed path to the +clients outside. To resolve these difficulties, dual-homed +gateways run programs called [PROXIES] to forward application +packets between nets. A proxy controls the conversation between +client and server processes in a firewalled environment. Rather +than communicating directly, the client and the server both talk +to the proxy, which is usually running on the bastion host +itself. Normally the proxy is transparent to the users. + A proxy on the bastion host does not just allow free rein +for certain services. Most proxy software can be configured to +allow or deny forwarding based on source or destination addresses +or ports. Proxies may also require authentication of the +requester using encryption- or password-based systems. + The use of proxy software on the bastion host means that the +firewall administrator has to provide replacements for the +standard networking clients, a nightmare in heterogeneous +environments (sites with many different operating systems +platforms, PC, Sun, IBM, DEC, HP...) and a great burden for +administrator and users alike. + 2) THE SCREENED HOST GATEWAY + A screened host gateway is a firewall consisting of at least +one router and a bastion host with a single network interface. +The router is typically configured to block (screen) all traffic +to the internal net such that the bastion host is the only +machine that can be reached from the outside. Unlike the dual- +homed gateway, a screened host gateway does not necessarily force +all traffic through the bastion host; through configuration of +the screening router, it's possible to open "holes" in the +firewall to the other machines on the internal net you want to +get into. + The bastion host in a screened host firewall is protected +from the outside net by the screening router. The router is +generally configured to only allow traffic FROM SPECIFIC PORTS +on the bastion host. Further, it may allow that traffic only FROM +SPECIFIC EXTERNAL HOSTS. For example the router may allow Usenet +news traffic to reach the bastion host ONLY if the traffic +originated from the site's news provider. This filtering can be +easily cracked: it is relying on the IP address of a remote +machine, which can be forged. + Most sites configure their router such that any connection +(or a set of allowed connections) initiated from the inside net +is allowed to pass. This is done by examining the SYN and ACK +bits of TCP packets. The "start of connection" packet will have +both bits set. If this packets source address is internal... or +seems to be internal :=) the packet is allowed to pass. This +allows users on the internal net to communicate with the internet +without a proxy service. + As mentioned, this design also allows "holes" to be opened +in the firewall for machines on the internal net. In this case +you can crack not only the bastion host, but also the inner +machine offering the service. Mostly this or these machine/s will +be far less secure than the bastion host. + New services, for instance recent WEB services, contain a +lot of back doors and bugs, that you'll find in the appropriate +usenet discussion groups, and that you could use at freedom to +crack inner machines with firewall holes. Sendmail is a good +example of how you could crack in this way, read the whole +related history... very instructive. The rule of thumb is "big +is good": the bigger the software package, the more chance that +we can find some security related bugs... and all packages are +huge nowadays, 'coz the lazy bunch of programmers uses +overbloated, buggy and fatty languages like Visual Basic or +Delphy! +Finally, remember that the logs are 'mostly) not on the bastion +host! Most administrators collect them on an internal machine not +accessible from the Internet. An automated process scan the logs +regularly and reports suspicious information. + + 3) OTHER FIREWALL TOPOLOGIES +The dual-homed gateway and the screened host are probably the +most popular, but by no mean the only firewall topologies. Other +configurations include the simple screening router (no bastion +host), the screened subnet (two screening routers and a bastion +host) as well as many commercial vendor solutions. + +------------> Which software should we study? +Three popular unix software solutions allow clients inside a +firewall to communicate with server outside: CERN Web server in +proxy mode, SOCKS and the TIS Firewall toolkit. +1) The CERN Web server handles not only HTTP but also the other +protocols that Web clients use and makes the remote connections, +passing the information back to the client transparently. X-based +Mosaic can be configured for proxy mode simply by setting a few +environment variables. +2) The SOCKS package (available free for anonymous ftp from +ftp.nec.com in the file + /pub/security/socks.cstc/socks.cstc.4.2.tar.gz +includes a proxy server that runs on the bastion host of a +firewall. The package includes replacements for standard IP +socket calls such as connect(), getsockname(), bind(), accept(), +listen() and select(). In the package there is a library which +can be used to SOCKSify your crack probes. +3) The Firewall Toolkit +The toolkit contains many useful tools for cracking firewall and +proxy server. netacl can be used in inetd.conf to conceal +incoming requests against an access table before spawning ftpd, +httpd or other inetd-capable daemons. Mail will be stored in a +chroot()ed area of the bastion for processing (mostly by +sendmail). +The Firewall toolkit is available for free, in anonymous ftp from +ftp.tis.com in the file + /pub/firewalls/toolkit/fwtk.tar.Z +The popular PC firewall solution is the "PC Socks Pack", for MS- +Windows, available from ftp.nec.com It includes a winsock.dll +file. + + The cracking attempts should concentrate on ftpd, normally +located on the bastion host. It's a huge application, necessary +to allow anonymous ftp on and from the inner net, and full of +bugs and back doors. Normally, on the bastion host, ftpd is +located in a chroot()ed area and runs as nonprivileged user. If +the protection is run from an internal machine (as opposing the +bastion host), you could take advantage of the special inner-net +privileges in hostp.equiv or .rhosts. If the internal machine +"trusts" the server machine, you'll be in pretty easily. + Another good method, that really works, is to locate your +PC physically somewhere along the route between network and +archie server and "spoof" the firewall into believing that you +are the archie server. You'll need the help of a fellow hacker +for this, though. + Remember that if you gain supervisor privileges on a machine +you can send packets from port 20, and that in a screened host +environment, unless FTP is being used in proxy mode, the access +filters allow often connections from any external host if the +source port is 20 and the destination port is greater than 1023! + remember that NCSA Mosaic uses several protocols, each on +a different port, and that -if on the firewall no proxy Web +server is operating- each protocol must be dealt with +individually, what lazy administrators seldom do. + Be careful for TRAPS: networking clients like telnet and ftp +are often viciously replaced with programs that APPEAR to execute +like their namesake, but actually email an administrator. A +fellow cracker was almost intercepted, once, by a command that +simulated network delays and spat out random error messages in +order to keep me interested long enough to catch me. Read the +(fictions) horror story from Bill Cheswick: "An evening with +Berferd in which a cracked is lured, endured and studied", +available from ftp.research.att.com in + /dist/internet_security/berferd.ps +As usual, all kind of traps can be located and uncovered by +correct zen-cracking: you must *FEEL* that some code (or that +some software behaviour) is not "genuine". Hope you believe me +and learn it before attempting this kind of cracks. + +------------> How do I crack Firewalls? + Some suggestions have been given above, but teaching you how +to crack firewalls would take at least six complete tutorial +lessons for a relatively unimportant cracking sector, and you +would almost surely get snatched immediately, 'coz you would +believe you can crack it without knowing nothing at all. So, for +your sake, I'll teach you HOW TO LEARN IT, not HOW TO DO IT +(quite a fascinating difference): First Text, then the software +above. For text, start with Marcus Ranum's paper "Thinking about +Firewalls", available from ftp.tis.com in the file/pub/firewalls/firewalls.ps.Z +and do an archie search for newer literature. +Join the firewall discussion list sending a message to +majordomo@greatcircle.com, you'll get a message with +instructions, as usual, lurk only... never show yourself to the +others. + You can find for free on the web quite a lot of early +versions of proxy software. Study it, study it and then study it +again. The cracking efforts on your copies, and your machines, +before attempting anything serious, are MANDATORY if you do not +want to be immediately busted on the Internet. When you feel +ready to try serious cracking, you must OBLIGATORY start with a +small BBS which uses a firewall version you already studied very +well (sysops are not firewall administrators, and many of them +do not know nothing about the software they use). As soon as you +gain access to the bastion host, remember to subvert entirely the +firewall itself before entering the inner net. +If you feel ready and everything went well so far, if your zen- +cracking abilities are working well... then take a moment for +yourself... prepare yourself a good Martini-Wodka (you should +only use Moskovskaia), take a deep breath and by all means go +ahead! You will then be able to try your luck on the Cyberspace +and get quickly busted (if you did not follow my admonitions and +if you cannot zen-crack) or, may be, fish quite a lot of +jewels... :=) + +-------------> INTERNET CRACKING: XINETD + [Xinetd] a freely available enhanced replacement for the +internet service daemon inetd, allows just those particular users +to have FTP or Telnet access, without opening up access to the +world. Xinetd can only protect the system from intrusion by +controlling INITIAL access to most system services and by logging +activities so that you can detect break-in attempts. However, +once a connection has been allowed to a service, xinetd is out +of the picture. It cannot protect against a server program that +has security problems internally. For example, the finger server +had a bug several years ago that allowed a particularly clever +person to overwrite part of its memory. This was used to gain +access to many systems. Even placing finger under the control of +xinetd wouldn't have helped. + Think of the secured firewall system as a fortress wall: +each service that is enabled for incoming connections can be +viewed as a door or window in the walls. Not all these doors have +secure and reliable locks. The more openings are available, the +more opportunities are open for us. +-------------> What xinetd does +Xinetd listens to all enabled service ports and permits only +those incoming connection request that meet authorization +criteria. +- Accept connections from only certain IP addresses +- Accept connections only from authorized users +- Reject connections outside of aithorized hours +- Log selected service when connections are accepted or + rejected, capturing following informations: + * Remote Host Address + * User ID of remote user (in some cases) + * Entry and Exit time + * Terminal type + Support login, shell, exec and finger + +-------------> SERVICES TO CRACK & + UNWITTING INSIDE COMPLICES +In this order the easy services: + FTP TELNET LOGIN (rlogin) SHELL (rcmd) EXEC +In this order the more difficult ones: + MOUNT TFT FINGER NFS(Network File System) + DNS(Domain Name Service) +Remember that sendmail (SMTP), by default, accepts a message from +any incoming connection. The "sender" of such a message can +appear to have originated anywhere, therefore your claim of +identity will be accepted! Thus you can forge a message's +originator. Most of the recipients inside the protected +(firewalled) net will take your claim at face value and send you +(to the "return address" you provide) all the sensitive +information you need to crack the system. Finding unwitting +inside complices is most of the time pretty easy. + By far the best method, for entering xinetd, is to get the +real version from panos@cs.colorado.edu, modify the system files +in order to have some backdoors, and then distribute them to the +mirror servers on the WEB. Each time a new administrator will +download "your" version of xinetd, you'll have an easy access to +the "protected" system. + On the Nets, it's important to conceal your identity (they +will find you out pretty quickly if you do not). The best method +is to obtain the IP address of a legitimate workstation during +normal hours. Then, late at night, when the workstation is known +to be powered-off or disconnected from a dialup PPP link, a +different node on the network can be configured to use the +counterfeit IP address. To everyone on the network, it will +appear that the "legitimate" user is active. If you follow this +strategy, you may want to crack somehow more negligently... the +search for the cracker will go on -later- in the false confidence +that a sloppy novice (the legitimate user) is at work, this will +muddle the waters a little more. + +Well, that's it for this lesson, reader. Not all lessons of my +tutorial are on the Web. + + You'll obtain the missing lessons IF AND ONLY IF you mail +me back (via anon.penet.fi) with some tricks of the trade I may +not know that YOU discovered. Mostly I'll actually know them +already, but if they are really new you'll be given full credit, +and even if they are not, should I judge that you "rediscovered" +them with your work, or that you actually did good work on them, +I'll send you the remaining lessons nevertheless. Your +suggestions and critics on the whole crap I wrote are also +welcomed. + ++ORC an526164@anon.penet.fi + diff --git a/textfiles.com/piracy/CRACKING/howtoca.txt b/textfiles.com/piracy/CRACKING/howtoca.txt new file mode 100644 index 00000000..b838fb6e --- /dev/null +++ b/textfiles.com/piracy/CRACKING/howtoca.txt @@ -0,0 +1,410 @@ +HOW TO CRACK, by +ORC, A TUTORIAL +LESSON C (1) - How to crack, Cracking as an art +[BARCODES] [INSTANT ACCESS] + +[BARCODES] + First of all, let me stress the importance of cracking in +our everyday life. Cracking it's not just about software, it's +about information, about all patterns of life. To crack is to +refuse to be controlled and used by others, to crack is to be +free. But you must also be yourself free from petty conventions +in order to crack properly. + You must learn to discerne cracking possibilities all around +yourself, and believe me, the development of this ghastly society +brings every day new codes, protections and concealing +mechanismes. + All around us grows a world of codes and secret and not so +secret patterns. Codes that are at times so familiar and common +that we do not even notice them any more... and yet they are +there to fool us, and yet they offer marvellous cracking +possibilities. + + Let's take as an striking example BARCODES... those little +lines that you see on any book you buy, on any bottle you get, +on any item around you... do you know how they work? If you do +not you may be excused, but you cannot be excused if you never +had the impulse to understand them... crackers are curious by +nature... heirs of an almost extinct race of researchers that has +nothing in common with the television slaves and the publicity +and trend zombies around us. Cracker should always be capable of +going beyond the obvious, seek knowledge where others do not see +and do not venture. + +[BARCODE HISTORY] + Let's begin with a little history. Universal Product Code +(UPC) was adopted for commercial use by the grocery industry in +the USA. Among the advantages were a rapid, accurate and reliable +way of entering stock information into a computer and the +possibility to sack a lot of workers and to do more profit. The +early success led to the development of the European Article +Numbering System (EAN), a symbology similar to UPC, that is +widely used in Europe and in the rest of the World. I'll teach +you to crack this one, since I do not -fortunately- live in the +States. Keep in mind, anyway, that there are different barcode +symbologies, each with its own particular pattern of bars. The +UPC/EAN code used on retail products is an all-numeric code; so +is the Interleaved 2 of 5 Code. Code 39 includes upper case +letters, digits, and a few symbols. Code 128 includes every +printable and unprintable ASCII character code. The most new one +is a 2-D code. These are special rectangular codes, called +stacked barcodes or matrix codes. They can store considerably +more information than a standard barcode. They require special +readers which cost more than a standard scanner. The practical +limit for a standard barcode depends on a number of factors, but +20 to 25 characters is an approximate maximum. For applications +that need more data, matrix codes are used. For example, the next +time you receive a package from United Parcel Service look for +a small square label with a pattern of dots and a small bullseye +in the centre. This is a MaxiCode label, and it is used by UPS +for automatic destination sortition. + The manufacturer's ID number on the barcode uniquely +identifies products. These numbers are managed by the Uniform +Code Council in Dayton, Ohio for the States and Canada and by the +EAN authority (Internationale Article Numbering Association) in +Bruxelles, for Europe and the rest of the World. The +manufacturer's ID number accounts for some digits of the code, +which leaves other digits to be assigned in any way the producer +wants. He provides retail outlets with a list of his products and +their assigned codes so that they can be entered in the cash +register system. Many codes are NOT on the products and are added +by the supermarkets on the fly, using an internal code schema +that may be non standard. Now it's enough... let's crack. + BARCODES are the only thing an automated casher needs to see +on a product to calculate its price and automatically catalogate +the sold merchandise... imagine (just imagine it :=) coz it would +be extremely illegal to act in this way) somebody would fasten +an adhesive home-made codebar label direct on the top of the +supermarket/mall/retail store label, say on a bottle of Pomerol +(that's a very good but unfortunately very expensive french +wine). + The new label would mean for the casher something like +"cheap wine from Bordeaux, France, cost so and so, everything +it's OK, do not worry"... do you think that anybody would come +to the idea that there is something wrong with the label, with +the bottle or with you? I have been codebaring for years and had +only once a problem, coz my printer was running out of ink and +the scanner in the supermarket could not read it... so what? Act +uninterested, always wear jackets of the utmost quality, shetland +pullovers and beautiful expensive shoes... (all articles that you +may codebar too, by the way), in this society appearance and look +count much more than substance and knowledge... LET'S USE THIS +TO OUR ADVANTAGE! Nobody will ever come to the idea that you may +actually really know the working of the scheme... coz codebar is +pretty complicated and not exactly exceptionally public. On the +Web there are a lot information about it, but most of them are +useless, unless you know how to search most of the time you'll +find only sentences like this one: + "The calculated check digit is the twelfth and final + digit in the U.P.C.code. It is calculated based on a + specific algorithm, and is necessary to ensure that + the number is read or key-entered correctly." + +But good +ORC will now explain you everything you need to crack: + +[THE 13 BAR "CODES"] +Each barcode label has 13 values, from #0 to #12 (that's the EAN +code, the UPC american one has only 12, from #0 to #11). + #0 and #1 indicate the origin of the product. + #2 to #11 give the article code + #12 (the last and 13th one) is a checksum value, that + verifies the validity of all the other numbers. +How is it calculated? #12 is calculated in 4 steps + VALUE A: You sum odd position numbers (#0+#2+#4+#6+#8+#10) + VALUE B: You sum even position numbers and multiply by 3 + ((#1+#3+#5+#7+#9+#11)*3) + VALUE C: You sum value A and value B + VALUE D: You mod value C (you divide by 10 and only keep + the remaining units, a very widespread checking scheme as + you'll see in the software part of this lesson) + If the result is not zero, you subtract it from 10. +Now look at a barcode label, get some books or other barcoded +items and *watch* it... +Bar codes are supposed to have "quiet zones" on either side of +the symbol. Quiet zones are blank areas, free of any printing or +marks,typically 10 times the width of the narrowest bar or space +in the bar code. Failure to allow adequate space on either side +of the symbol for quiet zones can make it impossible to read the +bar code. + +On the barcode there are two "borders", left and right, and a +"middle" longer line. These three lines are longer than the +others and are used to "regulate" the scanner to whatever +dimension has been used for the barcode. +#0 dwells left of the first (left) border and has a special +meaning, the other 12 numbers are written "inside" the code and +are divided in two "groups" by the middle bar. +Each value is coded through SEVEN bars: black=1 and White=0. +These form two couples of "optic" bars of different widths. +We come now to the "magic" part: In order to bluff the +simpletons, barcode uses three different SETS of characters to +represent the values 0-9. This should make it impossible for you +to understand what's going on, as usual, in this society, slaves +should not need to worry with the real functioning of things. + Here are the graphic codes of the three graphic sets: + + CODE A CODE B (XOR C) CODE C (NOT A) +0: 0001101 (13) 0100111 (39) 1110010 (114) +1: 0011001 (25) 0110011 (51) 1100110 (102) +2: 0010011 (19) 0011011 (27) 1101100 (108) +3: 0111101 (61) 0100001 (33) 1000010 (066) +4: 0100011 (35) 0011101 (29) 1011100 (092) +5: 0110001 (49) 0111001 (57) 1001110 (078) +6: 0101111 (47) 0000101 (05) 1010000 (080) +7: 0111011 (59) 0010001 (17) 1000100 (068) +8: 0110111 (55) 0001001 (09) 1001000 (072) + +9: 0001011 (11) 0010111 (23) 1110100 (116) + +Borders: 101 +Centre: 01010 + +- The C graphic set is a "NOT A" graphic set. +- The B graphic set is a "XOR C" graphic set. +- each value has two couples of bars with different widths + + Now watch some labels yourself... see the difference between the +numbers left and the numbers right? The first "half" of the +barcode is coded using sets A and B, the second "half" using set +C. As if that were not enough, A and B are used inside the first +"half" in a combination that varies and depends from value #0, +following 10 different patterns: + #1 #2 #3 #4 #5 #6 + 0 A A A A A A + 1 A A B A B B + 2 A A B B A B + 3 A A B B B A + 4 A B A A B B + 5 A B B A A B + 6 A B B B A A + 7 A B A B A B + 8 A B A B B A + 9 A B B A B A + +"Ah! Stupid buyer will never understand why the same values gives +different bars! Nothing is as reliable as barcodes!" :=) + +Let's take as example the codebar for Martini Dry: +BARCODE: 8 0 00570 00425 7 +Let's see: we have a 8 0 0 = booze +Then a 000570 as ABABBA and a 004257 as C +"Even" sum: 8+0+5+0+0+2 = 15 (even sum) +Then a 0+0+7+0+4+5= 16 and 16 *3 = 48 (odd sum) +Then a 15+48=63 +63 === 3 +10 - 3 = 7 = checksum +Pattern = 8 = ABABBA CCCCCC + +OK, one more example: Osborne Windows programming series Volume +2 General purpose API functions (always here on my table)... +BARCODE: 9 7 80078 81991 9 +Let's see: we have a 9 7 8 = book +Then a 780078 as ABBABA and a 819919 as C +"Even" sum: 9+8+5+8+8+4 = 42 (even sum) +Then a 7+1+5+2+4+4= 23 and 23 * 3 = 69 (odd sum) +Then a 42+69=111 +111 === 1 +10 - 1 = 9 = checksum +Pattern = 9 = ABBABA + +Well... what's the point of all this? +The point, my pupils, is that who DOES NOT KNOW is taken along +on a boat ride, who KNOWS and LEARNS can use his knowledge in +order to try to beat blue and black the loathsome consumistic +oligarchy where we are compelled to live. Try it out for +yourself... if you crack correctly and wisely your supermarket, +mall and library bills will be cut to almost zero. + Write a small program to print whichever codebar you fancy +(or whichever your mall uses) in whichever size on whichever sort +of label you (or better your targets) fancy... it's quickly done +with Visualbasic or Delphy... but you'll not find much on the Web +Alternatively you could also write, as I did long ago, a short +c program in dos, using a modified upper char set... and there +you are, have labels... see the world. + A small word of caution... crack only ONE item at time and +try it out first with the SAME label for the same product... i.e. +the correct code for that item, but on your own label. If it goes +through your program works good, if not, nobody will ever be able +to harm you. Anyway it never happens anything, never: the bar +code reading equipments have great tolerance, coz the scanners +must be able to recognize barcodes that have been printed on many +different medias. You should choose labels similar to the ones +effectively used only in order not to arise human suspects, coz +for all the scanner itself cares, your label could be pink with +green stripes and with orange hand-written, numbers. Mind you, +we are still just academically imagining hypothetical situations, +coz it would be extremely illegal to act in such an inconsiderate +manner. + CRACKING POWER! It's true for barcodes, for Telecom bills, +for Compuserve accounts, for Amexco cards, for banking cheques +(do you know what MICR is? Magnetic Ink Character Recognition... +the stylized little printing on the lower left of new cheques... +there is a whole cracking school working on it), for registration +numbers... you name it, they develope it, we crack it... + Begin with barcodes: it's easy, nice and pretty useful! Live +in opulence, with the dignity and affluence that should always +distinguish real crackers. Besides... you should see the +assortment of 'Pomerols' in my "Cave-a-vin" :=) + +[INSTANT ACCESS] + The (c) Instant access routines are a commercial protection +scheme used to "unlock" complete commercial applications that +have been encrypted on CD- +ROMs which are distributed (mostly) through reviews. + This is an ideal cracking target: it's commercial software, +complete, uncrippled and of (relatively) prominent quality, that +you can get in tons for the price of a coke. Obviously this kind +of protection represents an ideal subject for our lessons. This +fairly intricate protection scheme has not yet been cracked by +anybody that I am aware of, anyway not publicly, therefore it's +an ideal candidate for a "strainer" to my university. I'll teach +you here how to crack it in three lessons, C.1, C.2 and C.3. I warn +you... it's a difficult cracking session, and this protection +represents quite an intellectual challenge. But if you are +seriously interested in our trade you will enjoy these lessons +more than anything else. + This cracking is intended as an "assignment" for my +HCU +"cracking university": you'll find inside lessons C.1 and C.2 a +relatively deep "introduction" to Instant access cracking. This +will teach you a lot anyway, and spare you hours of useless +roaming around, bringing you straight to the cracking point. But +I'll release the third part of this session, with the complete +solution (lesson C.3) on the Web only in october 1996, not a day +before. All the students that would like to apply to the Higher +Cracking University, opening on the web 01/01/1997, should work +in July, August and September (three months is more than enough +time) on this assignment. They should crack completely the +instant access scheme and send me their solutions, with a good +documentation of their cracking sessions, before 30/09/1996 +(WATCH IT! You can crack this scheme in -at least- three +different paths, be careful and choose the *best* one. WATCH IT! +Some of the informations) in lesson C.1 and C.2 are slightly incorrect: +check it!). +There are four possibilities: +1) The candidate has not found the crack or his solution is + not enough documented or not enough viable... the candidate + is therefore not (yet) crack-able, he will not be admitted + to the +HCU 1997 curses, better luck in 1998; +2) The cracking solution proposed by the candidate is not as + good as mine (you'll judge for yourself in october) but it + works nevertheless... he'll be admitted at the 1997 + courses; +3) The cracking solution of the candidate is more or less + equal to mine, he'll be admitted, personally monitored, and + he'll get all the material he needs to crack on higher + paths; +4) The cracking solution of the candidate is better than mine, + he'll be admitted, get all the material he wishes and asked + to teach us as well as study with us: "homines, dum docent, + discunt". + +[Cracking Instant access] + The user that wants to "unlock" a software application +protected with (c) Instant Access must enter first of all a +REGISTRATION number string, which through a series of +mathematical manipulations gives birth to a special "product" +code. On the basis of this "product code" the user is asked to +phone the commercial protectors (and pay) in order to get a +special "unlock code" that will allow him to decrypt the relevant +software. + This kind of "passnumber" protection routines are widely +used for software unlocking, BBS access, server access, backdoor +opening and many other protection schemes. We have already seen +password cracks in different lessons of this tutorial (in +particular Lessons 3.1 and 3.2 for DOS and Lessons 8.1, 8.2 and +9.1 for WIN) albeit on a more simplistic scale: there it did +mostly not matter very much *HOW* you passed the protection: once +passed, you could have access to the application. This is not the +case with (c) Instant Access. Face it: it's a little boring, but +important that you learn how to defeat intricate protection +routines (you'll meet them often in the next years) and I believe +that the following example will give you a "feeling" for the +right cracking approach. + In this case we must not only "crack" this protection scheme +but also study it thoroughly in order to achieve our blessed +aims. This is a very good exercise: reverse disassembling will +teach you a lot of little tricks that you'll be able to use in +your other future cracking sessions. + Instant access (c) is a exceptionally widespread protection +scheme, and it should be relatively easy for you to gather some +encrypted software that has been protected with this method... +*DO IT QUICKLY!!* After the Web publishing of this lessons (I am +sending C.1 to 8 pages and 4 usenet groups on 25/06/1996) this +protection is obviously as dead as a Dodo. The "Accessors" guys +will have to conceive something smarter if they want to keep +selling "protections" to the lamer producers of "big" software. + BTW, if you are reading this and are working for some +commercial "protection" company, consider the possibility to +double cross your masters! Deliver me anonymously all the future +projects you are working on! That will amuse me, speed up the +advent of a true altruistic society and earn you the respect of +the better part of humanity. + As I said, many "huge" application are still protected with +this "Instant access" system. I have personally bought at least +7 or 8 "second hand" CD-ROMs packed full with Microsoft, Lotus, +Norton, Symantec, you name it, applications all "protected" +through this crap. The cost of this bunch of CD-ROMs was the +equivalent of a bottle of Dry Martini, maybe less. The same +software is sold, unlocked, to zombies and lusers for ludicrous +amounts of money. + Never buy CD-ROMs magazines when they appear! Be cool! Buy +them two or three months after the publishing date! Buy +"remainders" or "second hand" CD-ROM magazines "at kilo price"... +Come to think of it, never buy *anything* when it appears or when +some (paid) advertiser tells you to... remember that "trends", +"vogues", "fashions" and "modes" are only different names for the +whips that drill and chain the dull-witted slaves of this +loathsome society: "clever crackers consider cool, crack cheap, +cheat customary culture" (a rhetorical figure: an "Alliteration". +To defend yourself learn rhetoric... it's a more powerful and +more useful weapon than Kung-fu). + The "triple" password protection routine in (c) Instant +Access is very interesting from a cracker point of view. It's a +relatively complex scheme: I'll teach you to crack it in two +phases: First of all you must find the "allowed" registration +code, the one that "ignites" the "product code". We must crack +and understand this re_code first if we want to crack the rest. + Just for the records, I am cracking here (c) Action Instant +access version 1.0 (CD-ROM found on a old copy of "Personal +Computer World" of August 1994, packed full with encrypted Lotus, +Symantec, Claris and Wordperfect applications. Just to be sure +I crosschecked my results with another CD-ROM which also has +applications protected with (c) Instant Access: Paragon +Publishing's PC OFFICE: the protection scheme remains the same). + +I am focusing for this lesson on the cracking of the specific +protection for the encrypted Symantec's Norton Utilities v.8.0. + Please refer to the previous lessons for the basic +techniques used in order to find the protection routine inside +our babe... for "low" cracking purposes you -basically- type a +number (in this case, where the input gets 10 numbers, we'll use +"1212-1212-12"), do your search inside the memory (s 30:0 +lffffffff "your_string") and then set memory breakpoints on all +the relevant memory locations till winice pops (I know, I know, +buddies... there are more effective ways... but hold your mouth: +for now we'll keep them among us: let's make things a little +harder for the protectionists who read this... Besides: the old +approach works here flawlessly). After getting the Registration +window on screen the Winice standard procedure is: + :task ; how + :heap IABROWSE ; where & what + :hwnd IABROWSE ; get the Winhandle + :bpx [winhandle] WM_GETTEXT ; pinpoint code + :bpx GetProcAddress ; in case of funny routines + :dex 0 ds:dx ; let's see their name + :gdt ; sniff the selectors + :s 30:0 lffffffff "Your_input_string" ; search in 4 giga data + :bpr [all memory ranges for your string that are above 80000000] +and so on. (continued in lesson C.2) + +Well, that's it for this lesson, reader. Not all lessons of my +tutorial are on the Web. + You 'll obtain the missing lessons IF AND ONLY IF you mail +me back (via anon.penet.fi) with some tricks of the trade I may +not know that YOU discovered. Mostly I'll actually know them +already, but if they are really new you'll be given full credit, +and even if they are not, should I judge that you rediscovered them +with your work, or that you actually did good work on them, +I'll send you the remaining lessons nevertheless. Your +suggestions and critics on the whole crap I wrote are also +welcomed. ++ORC an526164@anon.penet.fi diff --git a/textfiles.com/piracy/CRACKING/howtocb.txt b/textfiles.com/piracy/CRACKING/howtocb.txt new file mode 100644 index 00000000..f089c0fa --- /dev/null +++ b/textfiles.com/piracy/CRACKING/howtocb.txt @@ -0,0 +1,494 @@ +HOW TO CRACK, by +ORC, A TUTORIAL +LESSON C (2) - How to crack, Cracking as an art +[INSTANT ACCESS] + + cracking Instant Access (2) - strainer for the +HCU + +[SEE LESSON C.1 for the first part of this cracking session] + Here follow the relevant protection routines for the first +(The "Registration") number_code of Instant Access, with my +comments: you have to investigate a little the following code. + Later, when you'll crack on your own, try to recognize the +many routines that fiddle with input BEFORE the relevant (real +protection) one. In this case, for instance, a routine checks the +correctness of the numbers of your input: + +This_loop_checks_that_numbers_are_numbers: +1B0F:2B00 C45E06 LES BX,[BP+06] ; set/reset pointer +1B0F:2B03 03DF ADD BX,DI +1B0F:2B05 268A07 MOV AL,ES:[BX] ; get number +1B0F:2B08 8846FD MOV [BP-03],AL ; store +1B0F:2B0B 807EFD30 CMP BYTE PTR [BP-03],30 +1B0F:2B0F 7C06 JL 2B17 ; less than zero? +1B0F:2B11 807EFD39 CMP BYTE PTR [BP-03],39 +1B0F:2B15 7E05 JLE 2B1C ; between 0 & 9? +1B0F:2B17 B80100 MOV AX,0001 ; no, set flag=1 +1B0F:2B1A EB02 JMP 2B1E ; keep flag +1B0F:2B1C 33C0 XOR AX,AX ; flag=0 +1B0F:2B1E 0BC0 OR AX,AX ; is it zero? +1B0F:2B20 7507 JNZ 2B29 ; flag NO jumps away +1B0F:2B22 8A46FD MOV AL,[BP-03] ; Ok, get number +1B0F:2B25 8842CC MOV [BP+SI-34],AL ; Ok, store number +1B0F:2B28 46 INC SI ; inc storespace +1B0F:2B29 47 INC DI ; inc counter +1B0F:2B2A C45E06 LES BX,[BP+06] ; reset pointer +1B0F:2B2D 03DF ADD BX,DI ; point next number +1B0F:2B2F 26803F00 CMP BYTE PTR ES:[BX],00 ; input end? +1B0F:2B33 75CB JNZ 2B00 ; no:loop next num + + You now obviously understand that the "real" string is +stored inside memory location [BP+SI-34]... set a memory +breakpoint on this area to get the next block of code that +fiddles with the transformed input. Notice how this routine +"normalizes" the input, strips the "-" off and puts the 10 +numbers together: +user input: 1 2 1 2 1 2 1 2 1 2 End + 1E7F:92E2 31 32 31 32 31 32 31 32 31 32 00 45 AF 1F 70 9B + Stack ptr: 0 1 2 3 4 5 6 7 8 9 A B C D E F + Let's now look at the "real" protection routine: the one + +that checks these numbers and throw you out if they are not +"sound". Please pay attention to the following block of code: + +check_if_sum_other_9_numbers_=_remainder_of_the_third_number: +:4B79 8CD0 MOV AX,SS ; we'll work inside the stack... +:4B7B 90 NOP +:4B7C 45 INC BP +:4B7D 55 PUSH BP ; save real BP +:4B7E 8BEC MOV BP,SP ; BP = stackpointer +:4B80 1E PUSH DS ; save real Datasegment +:4B81 8ED8 MOV DS,AX ; Datasegment = stacksegment +:4B83 83EC04 SUB SP,+04 +:4B86 C45E06 LES BX,[BP+06] ; BX points input_start +:4B89 268A07 MOV AL,ES:[BX] ; load first number +:4B8C 98 CBW ; care only for low +:4B8D C45E06 LES BX,[BP+06] ; reset pointer +:4B90 50 PUSH AX ; save 1st number +:4B91 268A4701 MOV AL,ES:[BX+01] ; load 2nd number +:4B95 98 CBW ; only low +:4B96 8BD0 MOV DX,AX ; 2nd number in DX +:4B98 58 POP AX ; get 1st number +:4B99 03C2 ADD AX,DX ; sum with second +:4B9B C45E06 LES BX,[BP+06] ; reset pointer +:4B9E 50 PUSH AX ; save sum +:4B9F 268A4707 MOV AL,ES:[BX+07] ; load 8th number +:4BA3 98 CBW ; only low +:4BA4 8BD0 MOV DX,AX ; 8th number in DX +:4BA6 58 POP AX ; old sum is back +:4BA7 03C2 ADD AX,DX ; sum 1+2+8 +:4BA9 C45E06 LES BX,[BP+06] ; reset pointer +:4BAC 50 PUSH AX ; save sum +:4BAD 268A4703 MOV AL,ES:[BX+03] ; load 4rd number +:4BB1 98 CBW ; only low +:4BB2 8BD0 MOV DX,AX ; #4 in DX +:4BB4 58 POP AX ; sum is back +:4BB5 03C2 ADD AX,DX ; sum 1+2+8+4 +:4BB7 C45E06 LES BX,[BP+06] ; reset pointer +:4BBA 50 PUSH AX ; save sum +:4BBB 268A4704 MOV AL,ES:[BX+04] ; load 5th number +:4BBF 98 CBW ; only low +:4BC0 8BD0 MOV DX,AX ; #5 in DX +:4BC2 58 POP AX ; sum is back +:4BC3 03C2 ADD AX,DX ; 1+2+8+4+5 +:4BC5 C45E06 LES BX,[BP+06] ; reset pointer +:4BC8 50 PUSH AX ; save sum +:4BC9 268A4705 MOV AL,ES:[BX+05] ; load 6th number +:4BCD 98 CBW ; only low + +:4BCE 8BD0 MOV DX,AX ; #6 in DX +:4BD0 58 POP AX ; sum is back +:4BD1 03C2 ADD AX,DX ; 1+2+8+4+5+6 +:4BD3 C45E06 LES BX,[BP+06] ; reset pointer +:4BD6 50 PUSH AX ; save sum +:4BD7 268A4706 MOV AL,ES:[BX+06] ; load 7th number +:4BDB 98 CBW ; only low +:4BDC 8BD0 MOV DX,AX ; #7 in DX +:4BDE 58 POP AX ; sum is back +:4BDF 03C2 ADD AX,DX ; 1+2+8+4+5+6+7 +:4BE1 C45E06 LES BX,[BP+06] ; reset pointer +:4BE4 50 PUSH AX ; save sum +:4BE5 268A4708 MOV AL,ES:[BX+08] ; load 9th number +:4BE9 98 CBW ; only low +:4BEA 8BD0 MOV DX,AX ; #9 in DX +:4BEC 58 POP AX ; sum is back +:4BED 03C2 ADD AX,DX ; 1+2+8+4+5+6+7+9 +:4BEF C45E06 LES BX,[BP+06] ; reset pointer +:4BF2 50 PUSH AX ; save sum +:4BF3 268A4709 MOV AL,ES:[BX+09] ; load 10th # +:4BF7 98 CBW ; only low +:4BF8 8BD0 MOV DX,AX ; #10 in DX +:4BFA 58 POP AX ; sum is back +:4BFB 03C2 ADD AX,DX ; 1+2+8+4+5+6+7+9+10 +:4BFD 0550FE ADD AX,FE50 ; clean sum to 0-51 +:4C00 BB0A00 MOV BX,000A ; BX holds 10 +:4C03 99 CWD ; only AL +:4C04 F7FB IDIV BX ; remainder in DX +:4C06 C45E06 LES BX,[BP+06] ; reset pointer +:4C09 268A4702 MOV AL,ES:[BX+02] ; load now # 3 +:4C0D 98 CBW ; only low +:4C0E 05D0FF ADD AX,FFD0 ; clean # 3 to 0-9 +:4C11 3BD0 CMP DX,AX ; remainder = pampered #3? + +:4C13 7407 JZ 4C1C ; yes, go on good guy +:4C15 33D2 XOR DX,DX ; no! beggar off! Zero DX +:4C17 33C0 XOR AX,AX ; and FLAG_AX = FALSE +:4C19 E91701 JMP 4D33 ; go to EXIT +let's_go_on_if_first_check_passed: +:4C1C C45E06 LES BX,[BP+06] ; reset pointer +:4C1F 268A4701 MOV AL,ES:[BX+01] ; now load #2 anew +:4C23 98 CBW ; only low +:4C24 05D7FF ADD AX,FFD7 ; pamper adding +3 +:4C27 A38D5E MOV [5E8D],AX ; save SEC_+3 +:4C2A 3D0900 CMP AX,0009 ; was it < 9? (no A-F) +:4C2D 7E05 JLE 4C34 ; ok, no 0xletter +:4C2F 832E8D5E0A SUB WORD PTR [5E8D],+0A ; 0-5 if A-F +:4C34 C45E06 LES BX,[BP+06] ; reset pointer +:4C37 268A07 MOV AL,ES:[BX] ; load 1st input number +:4C3A 98 CBW ; only low +:4C3B 05C9FF ADD AX,FFC9 ; pamper adding +7 +:4C3E A38F5E MOV [5E8F],AX ; save it in FIR_+7 +:4C41 0BC0 OR AX,AX ; if #1 > 7 +:4C43 7D05 JGE 4C4A ; no need to add 0xA +:4C45 83068F5E0A ADD WORD PTR [5E8F],+0A ; FIR_+7 + 0xA +now_we_have_the_sliders_let's_prepare_for_loop: + +:4C4A C45E0E LES BX,[BP+0E] ; Set pointer to E +:4C4D 26C747020000 MOV WORD PTR ES:[BX+02],0000 ; 0 flag +:4C53 26C7070000 MOV WORD PTR ES:[BX],0000 ; 0 flag +:4C58 C706975E0900 MOV WORD PTR [5E97],0009 ; counter=9 +:4C5E E99500 JMP 4CF6 ; Jmp check_counter +loop_8_times: +:4C61 C45E06 LES BX,[BP+06] ; reset pointer +:4C64 031E975E ADD BX,[5E97] ; add running counter +:4C68 268A07 MOV AL,ES:[BX] ; load # counter+1 +:4C6B 98 CBW ; only low +:4C6C 50 PUSH AX ; save 10th number +:4C6D A18D5E MOV AX,[5E8D] ; ld SEC_+3 down_slider +:4C70 BA0A00 MOV DX,000A ; BX holds 0xA +:4C73 F7EA IMUL DX ; SEC_+3 * 0xA +:4C75 03068F5E ADD AX,[5E8F] ; plus FIR_+7 up_slider +:4C79 BAA71E MOV DX,1EA7 ; fixed segment +:4C7C 8BD8 MOV BX,AX ; BX = Lkup_val=(SEC_+3*10+FIR_+7) +:4C7E 8EC2 MOV ES,DX ; ES = 1EA7 +:4C80 268A870000 MOV AL,ES:[BX+0000] ; ld 1EA7:[Lkup_val] +:4C85 98 CBW ; only low: KEY_PAR +:4C86 8BD0 MOV DX,AX ; save KEY_PAR in DX +:4C88 58 POP AX ; repops 10th number +:4C89 03C2 ADD AX,DX ; RE_SULT=KEY_PAR+#10 +:4C8B 05D0FF ADD AX,FFD0 ; polish RE_SULT +:4C8E 99 CWD ; only low: RE_SULT +:4C8F 8956FC MOV [BP-04],DX ; save here KEY_PAR [9548] +:4C92 8946FA MOV [BP-06],AX ; save here RE_SULT [9546] +:4C95 0BD2 OR DX,DX ; KEY_PAR < 0? +:4C97 7C0F JL 4CA8 ; yes: KEY_PAR < 0 +:4C99 7F05 JG 4CA0 ; no: KEY_PAR > 0 +:4C9B 3D0900 CMP AX,0009 ; KEY_PAR = 0 +:4C9E 7608 JBE 4CA8 ; no pampering if RE_SULT < 9 +:4CA0 836EFA0A SUB WORD PTR [BP-06],+0A ; else pamper +:4CA4 835EFC00 SBB WORD PTR [BP-04],+00 ; and SBB [9548] +:4CA8 C45E0E LES BX,[BP+0E] ; reset pointer to E +:4CAB 268B4F02 MOV CX,ES:[BX+02] ; charge CX [958C] +:4CAF 268B1F MOV BX,ES:[BX] ; charge BX slider [958A] +:4CB2 33D2 XOR DX,DX ; clear DX to zero +:4CB4 B80A00 MOV AX,000A ; 10 in AX +:4CB7 9A930D2720 CALL 2027:0D93 ; call following RO_routine + + This is the only routine called from our protection, inside the +loop (therefore 8 times), disassembly from WCB. Examining this +code please remember that we entered here with following +configuration: DX=0, AX=0xA, CX=[958C] and BX=[958A]... + 1.0D93 56 push si ; save si + 1.0D94 96 xchg ax, si ; ax=si, si=0xA + 1.0D95 92 xchg ax, dx ; dx=0xA ax=dx + 1.0D96 85C0 test ax, ax ; TEST this zero + 1.0D98 7402 je 0D9C ; zero only 1st time + 1.0D9A F7E3 mul bx ; BX slider! 0/9/5E/3B2... + 1.0D9C >E305 jcxz 0DA3 ; cx=0? don't multiply! + 1.0D9E 91 xchg ax, cx ; cx !=0? cx = ax & ax = cx + 1.0D9F F7E6 mul si ; ax*0xA in ax + 1.0DA1 03C1 add ax, cx ; ax= ax*0xA+cx = M_ULT + 1.0DA3 >96 xchg ax, si ; ax=0xA; si evtl. holds M_ULT + 1.0DA4 F7E3 mul bx ; ax= bx*0xA + 1.0DA6 03D6 add dx, si ; dx= dx_add + 1.0DA8 5E pop si ; restore si + 1.0DA9 CB retf ; back to caller with two + parameters: DX and AX +Back_to_main_protection_loop_from_RO_routine: +:4CBC C45E0E LES BX,[BP+0E] ; reset pointer +:4CBF 26895702 MOV ES:[BX+02],DX ; save R_DX par [958C] +:4CC3 268907 MOV ES:[BX],AX ; save R_AX par [958A] +:4CC6 0346FA ADD AX,[BP-06] ; add to AX RE_SULT [9546] +:4CC9 1356FC ADC DX,[BP-04] ; add to DX KEY_PAR [9548] +:4CCC C45E0E LES BX,[BP+0E] ; reset pointer +:4CCF 26895702 MOV ES:[BX+02],DX ; save R_DX+KEY_PAR [958C] + +:4CD3 268907 MOV ES:[BX],AX ; save R_AX+RE_SULT [958A] +:4CD6 FF0E8D5E DEC WORD PTR [5E8D] ; down_slide SEC_+3 +:4CDA 7D05 JGE 4CE1 ; no need to add +:4CDC 83068D5E0A ADD WORD PTR [5E8D],+0A ; pamper adding 10 +:4CE1 FF068F5E INC WORD PTR [5E8F] ; up_slide FIR_+7 +:4CE5 A18F5E MOV AX,[5E8F] ; save upslided FIR_+7 in AX +:4CE8 3D0900 CMP AX,0009 ; is it over 9? +:4CEB 7E05 JLE 4CF2 ; no, go on +:4CED 832E8F5E0A SUB WORD PTR [5E8F],+0A ; yes, pamper -10 +:4CF2 FF0E975E DEC WORD PTR [5E97] ; decrease loop counter +check_loop_counter: +:4CF6 833E975E03 CMP WORD PTR [5E97],+03 ; counter = 3? +:4CFB 7C03 JL 4D00 ; finish if counter under 3 +:4CFD E961FF JMP 4C61 ; not yet, loop_next_count +loop_is_ended: +:4D00 C45E06 LES BX,[BP+06] ; reset pointer to input +:4D03 268A4701 MOV AL,ES:[BX+01] ; load 2nd number (2) +:4D07 98 CBW ; only low +:4D08 05D0FF ADD AX,FFD0 ; clean it +:4D0B BA0A00 MOV DX,000A ; DX = 10 +:4D0E F7EA IMUL DX ; AX = SEC_*10 = 14 +:4D10 C45E06 LES BX,[BP+06] ; reset pointer +:4D13 50 PUSH AX ; save SEC_*10 +:4D14 268A07 MOV AL,ES:[BX] ; load 1st number (1) +:4D17 98 CBW ; only low +:4D18 8BD0 MOV DX,AX ; save in DX +:4D1A 58 POP AX ; get SEC_*10 +:4D1B 03C2 ADD AX,DX ; sum SEC_*10+1st number +:4D1D 05D0FF ADD AX,FFD0 ; clean it +:4D20 99 CWD ; only low +:4D21 C45E0A LES BX,[BP+0A] ; get pointer to [9582] +:4D24 26895702 MOV ES:[BX+02],DX ; save 1st (1) in [9584] +:4D28 268907 MOV ES:[BX],AX ; save FINAL_SUM (15) [9582] +:4D2B 33D2 XOR DX,DX ; DX = 0 +:4D2D B80100 MOV AX,0001 ; FLAG TRUE ! +:4D30 E9E6FE JMP 4C19 ; OK, you_are_a_nice_guy +EXIT: +:4D33 59 POP CX ; pop everything and +:4D34 59 POP CX ; return with flag +:4D35 1F POP DS ; AX=TRUE if RegNum OK +:4D36 5D POP BP ; with 1st # in [9584] +:4D37 4D DEC BP ; with FINAL_SUM in [9582] +:4D38 CB RETF + + Let's translate the preceding code: first of all the pointers: +At line :4B86 we have the first of a long list of stack ptrs: + LES BX,[BP+06] + This stack pointer points to the beginning of the input string, +which, once polished from the "-", has now a length of 10 bytes, +concluded by a 00 fence. At the beginning, before the main loop, +9 out of our 10 numbers are added, all but the third one. + Notice that protection has jumped # 3 (and added # 8 out of the +line). The rest is straightforward. Now, at line :4BFD we have +our first "cleaning" instruction. You see: the numbers are +hexadecimal represented by the codes 0x30 to 0x39. If you add +FE50 to the minimum sum you can get adding 9 numbers (0x30*9 = +0x160) You get 0. The maximum you could have adding 9 numbers, +on the contrary is (0x39*9=0x201), which, added to FE50 gives +0x51. So we'll have a "magic" number between 0x0 and 0x51 instead +of a number between 0x160 and 0x201. Protection pampers this +result, and retains only the last ciffer: 0-9. Then protection +divides this number through 0xA, and what happens? DX get's the +REMAINDER of it. + If we sum the hexcodes of our (1212-1212-12) we get 0x1BE (we +sum only 9 out of then numbers: the third "1" -i.e. "31"- does +not comes into our count); 0x1BE, cleaned and pampered gives E. +Therefore (0xE/0xA = 1) We get 1 with a remainder of 4. + You may observe that of all possible answers, only sums +finishing with A, B, C, D, E or F give 1 (and rem=0,1,2,3,4 or +5). Sums finishing 0 1 2 3 4 5 6 7 8 or 9 give 0 as result and +themselves as reminder. The chance of getting a 0,1,2,3 or 4 are +therefore bigger as the chance of getting a 5, 6, 7, 8 or 9. We +are just observing... we do not know yet if this should play a +role or not. + Now this remainder is compared at :4C11 with the third number +polished from 0x30-0x39 to 0-9. This is the only protection check +for the registration number input: If your third number does not +match with the remainder of the sum of all the 9 others numbers +of your input you are immediately thrown out with FLAG AX=FALSE +(i.e. zero). + To crack the protection you now have to MODIFY your input string +accordingly. Our new input string will from now on be "1242-1212- +12": we have changed our third number (originally a "2") to a "4" +to get through this first strainer in the correct way. Only now +protection starts its mathematical part (We do not know yet why +it does it... in order to seed the random product number? To +provide a check for the registration number you'll input at the +end? We'll see). +- Protection saves the second number of your input (cleaned + with FFD7) in SEC_+3 [5E8D], pampering it if it is bigger + than 9 (i.e. if it is 0xA-0xF). Here you'll have therefore + following correspondence: 0=7 1=8 2=9 3=0 4=1 5=2 6=3 7=4 + 8=5 9=6. The second number of your input has got added +3. + This is value SEC_+3. In (lengthy) C it would look like + this: + If (RegString(2)is lower than 7) RegString(2) = RegString(2)+3 + Else Regstring(2) = ((RegString(2)-10)+3) +- Protection saves your first number in FIR_+7 [5E8F] with a + different cleaning parameter (FFC9). The next pampering + adds 0xA if it was not 7/8/9 therefore you have here + following correspondence 7=0 8=1 9=2 0=3 1=4 2=5 3=6 4=7 + 5=8 6=9). This is value FIR_+7. In (lengthy) C it would + look like this: + If (RegString(1) is lower than 3) RegString(1) = RegString(1)+7 + Else Regstring(1) = ((RegString(1)-10)+7) + So protection has "transformed" and stored in [5E8D] and [5E8F] +the two numbers 1 and 2. In our RegString: 1242-1212-12 the first +two numbers "12" are now stored as "94". These will be used as +"slider" parameters inside the main loop, as you will see. + Only now does protection begin its main loop, starting from the +LAST number, because the counter has been set to 9 (i.e. the +tenth number of RegString). The loop, as you'll see, handles only +the numbers from 10 to 3: it's an 8-times loop that ends without +handling the first and second number. What happens in this +loop?... Well, quite a lot: Protection begins the loop loading +the number (counter+1) from the RegString. Protection then loads +the SEC_+3 down_slider parameter (which began its life as second +number "transformed"), multiplies it with 0xA and then adds the +up_slider parameter FIR_+7 (at the beginning it was the first +number transformed). + This sum is used as "lookup pointer" to find a parameter +inside a table of parameters in memory, which are all numbers +between 0 and 9. Let's call this value Lkup_val. +Protection looks for data in 1EA7:[Lkup_val]. In our case (we +entered 1242-1212-12, therefore the first SEC_+3 value is 9 and +the first FIR_+7 value is 4): [Lkup_val] = 9*0xA+4; 0x5A+4 = +0x5E. At line :4C80 therefore AL would load the byte at 1EA7:005E +(let's call it KEY_PAR), which now would be ADDED to the # +counter+1 of this loop. In our case KEY_PAR at 1EA7:005E it's a +"7" and is added to the pampered 0x32=2, giving 9. + Let's establish first of all which KEY_PAR can possibly get +fetched: the maximum is 0x63 and the minimum is 0x0. The possible +KEY_PARs do therefore dwell in memory between 1EA7: and +1EA7:0063. Let's have a look at the relative table in memory, +where these KEY_PARs are stored ("our" first 0x5Eth byte is +underlined): +1EA7:0000 01 03 03 01 09 02 03 00-09 00 04 03 08 07 04 04 +1EA7:0010 05 02 09 00 02 04 01 05-06 06 03 02 00 08 05 06 +1EA7:0020 08 09 05 00 04 06 07 07-02 00 08 00 06 02 04 07 +1EA7:0030 04 04 09 05 09 06 00 06-08 07 00 03 05 09 00 08 +1EA7:0040 03 07 07 06 08 09 01 05-07 04 06 01 04 02 07 01 +1EA7:0050 03 01 08 01 05 03 03 01-02 08 02 01 06 05 07 02 +1EA7:0060 05 09 09 08 02 09 03 00-00 04 05 01 01 03 08 06 +1EA7:0070 01 01 09 00 02 05 05 05-01 07 01 05 08 07 01 09 +1EA7:0080 08 07 07 04 04 08 03 00-06 01 09 08 08 04 09 09 +1EA7:0090 00 07 05 02 03 01 03 08-06 05 07 06 03 07 06 07 +1EA7:00A0 04 02 02 05 02 04 06 02-06 09 09 01 05 02 03 04 +1EA7:00B0 04 00 03 05 00 03 08 07-06 04 08 08 02 00 03 06 +1EA7:00C0 09 00 00 06 09 04 07 02-00 01 01 01 01 00 01 FF +1EA7:00D0 00 FF FF FF FF 00 FF 01-00 00 00 00 00 00 00 00 + + An interesting table, where all the correspondences are +between 0 and 9... are we getting some "secret" number here? But, +hey, look there... funny, isn't it? Instead of only 0-0x63 bytes +we have roughly the DOUBLE here: 0-0xC8 bytes (the 01 sequence +starting at CA "feels" like a fence). We'll see later how +important this is. At the moment you should only "perceive" that +something must be going on with a table that's two time what she +should be. + As I said the result of KEY_PAR + input number is polished +(with a FFDO) and pampered (subtracting, if necessary, 0xA). +Therefore the result will be the (counter+1) input number + +KEY_PAR (let's call it RE_SULT], in our case, (at the beginning +of the loop) a 9. Now (DX=0 because of the CWD instruction) DX +will be saved in [9548] and RE_SULT in [9546]. + Now Protection prepares for the RO_routine: resets its pointer +and charges CX and BX from [958C] and from [958A] respectively, +charges AX with 0xA and sets DX to zero. + The routine performs various operations on AX and DX and saves +the results in the above mentioned locations [958A] and [958C]. + Now KEY_PAR and RE_SULT are added respectively to the DX and AX +value we got back from the RO_routine call, and saved once more +in the last two locations: AX+RE_SULT in [958A] and DX+KEY_PAR +in [958C] + Now the value in SEC_+3 is diminished by 1 (if it was 9 it's now +8, if it was zero it will be pampered to 9). It's a "slider" +parameter (in this case a down_slider), typically used in +relatively complicated protections to give a "random" impression +to the casual observer. The value in FIR_+7, on the contrary, is +augmented by one, from 4 to 5... up_sliding also. + Protection now handles the next number of your input for the +loop. In our case this loop uses following protection +configuration with our "sliding" parameters: + Input # pamp_2nd pamp_1st Lookup value KEY_PAR # RE_SULT +# 10 = 2, SEC_+3= 9, FIR_+7= 4, Lkup_val = 0x5E, KEY=7 +2 = 9 +# 9 = 1, SEC_+3= 8, FIR_+7= 5, Lkup_val = 0x55, KEY=3 +1 = 4 +# 8 = 2, SEC_+3= 7, FIR_+7= 6, Lkup_val = 0x4C, KEY=4 +2 = 6 +# 7 = 1, SEC_+3= 6, FIR_+7= 7, Lkup_val = 0x43, KEY=7 +1 = 7 +# 6 = 2, SEC_+3= 5, FIR_+7= 8, Lkup_val = 0x3A, KEY=0 +2 = 2 +# 5 = 1, SEC_+3= 4, FIR_+7= 9, Lkup_val = 0x31, KEY=4 +1 = 5 +# 4 = 2, SEC_+3= 3, FIR_+7= 0, Lkup_val = 0x1E, KEY=5 +2 = 7 +# 3 = 4, SEC_+3= 2, FIR_+7= 1, Lkup_val = 0x15, KEY=2 +4 = 5 +Notice how our "regular" input 21212124 has given an "irregular" +94672575. + You may legitimately ask yourself what should all this mean: +what are these RE_SULTs used for? Well they are used to slide +another parameter: this one inside the called routine... this is +what happens to AX and DX inside the routine, and the lines after +the called routine: +:4CBF 26895702 MOV ES:[BX+02],DX ; save R_DX par [958C] +:4CC3 268907 MOV ES:[BX],AX ; save R_AX par [958A] +:4CC6 0346FA ADD AX,[BP-06] ; add to AX RE_SULT [9546] +:4CC9 1356FC ADC DX,[BP-04] ; add to DX KEY_PAR [9548] +:4CCC C45E0E LES BX,[BP+0E] ; reset pointer to E +:4CCF 26895702 MOV ES:[BX+02],DX ; save R_DX+KEY_PAR [958C] +:4CD3 268907 MOV ES:[BX],AX ; save R_AX+RE_SULT [958A] + + :4CC6 :4CC9 :4CCF Odd_DX :4CD3 slider_sum + RE_SULT [958A] [958C] [958C] [958A] + + 0 0 0 0 0 + 9 5A 0 0 9 + 4 3AC 0 0 5E + 6 24F4 0 0 3B2 + 7 71CE 1 1 24FB + 2 7220 4 E 71D0 + 5 7572 4 90 7225 + 7579 + +Now the loops ends, having handled the input numbers from tenth +to third. Protection loads the second number and multiplies it +by 10 (let's call this result SEC_*10), in our case 2*0xA=14. +Protection loads the first number and adds it to the +multiplication, in our case 1+0x14=0x15 (FINAL_SUM]. +Now everything will be added to FFDO to "clean" it. +Pointer will now be set to the end of the input number. +DX, zeroed by CDW, will be saved as parameter in [9584] and the +cleaned and pampered sum will be saved in [9582]. +FLAG is set to true and this routine is finished! No parameter +are passed and the only interesting thing is what actually +happens in the locations [9582], [9584], [958A] and [958C], i.e.: +FINAL_SUM, 0, slider_sum, odd_dx. + In the next lesson we'll crack everything, but I'll give you +already some hints here, in case you would like to go ahead on +your own: we'll see how the scheme used for the third (the +registration) number show analogies and differences with the +scheme we have studied (and cracked) here for the first number. +Our 3434-3434-3434-3434-34 input string for the registration +number will be transformed in the magic string +141593384841547431, but this will not work because the "magic" +12th number: "1" will not correspond to the remainder calculated +inside this check through the previous locations of the other +checks. + Here the things are more complicated because every little +change in your input string transforms COMPLETELY the "magic" +string... therefore in order to pass the strainer you'll have to +change 3434-3434-3434-3434-34 in (for instance) 7434-3434-3434- +3434-96. The "magic" string 219702960974498056 that this +registration input gives will go through the protection strainer. +Only then we'll be able to step over and finally crack the whole +protection... it's a pretty complicated one as I said. Now crack +it pupils... you have three months time. From this crack depends +your admission to the Uni, there will be no other admission text +till summer 1997 (it's a hell of work to prepare this crap)... +work well. + +Well, that's it for this lesson, reader. Not all lessons of my +tutorial are on the Web. + You 'll obtain the missing lessons IF AND ONLY IF you mail +me back (via anon.penet.fi) some tricks of the trade I may not +know but YOU've discovered. I'll probably know most of them +already, but if they are really new you'll be given full credit, +and even if they are not, should I judge that you "rediscovered" +them with your work, or that you actually did good work on them, +I'll send you the remaining lessons nevertheless. Your +suggestions and critics on the whole crap I wrote are also +welcomed. + + ++ORC an526164@anon.penet.fi \ No newline at end of file diff --git a/textfiles.com/piracy/CRACKING/howtocp2 b/textfiles.com/piracy/CRACKING/howtocp2 new file mode 100644 index 00000000..ee648f6d --- /dev/null +++ b/textfiles.com/piracy/CRACKING/howtocp2 @@ -0,0 +1,73 @@ + +---------------------------------------------------+ + + IBM Disk Cracking Made Simple + + + + + + By + + + Phobos + + + of the Lunatic Phringe BBS + + + 312-965-3677 300/1200 Baud + + +---------------------------------------------------+ + + This File is for Informational Purrposes only. The author + or the system operator of any bbs on which this might appear is not + responsible for the actions of others reading this file and maybe + using the information presented here. They have their own brains and + they can think for themselves, so there!! + + + This describes how to take games that are full disks (usually + the ones you get in a store) and turn them into a transferrable file. + You can change the disk into a file and archive it for later use, like + in case you blow the original disk or something like that. There are + basically two types of files that you canb turn the full disk game + into. There are files ending with .CP2 and .DSK We will first + discuss the CP2 files. + + CP2 Files + ---------------- + + You can create a CP2 file from a full disk game by using a + program called Snatchit.com and CopyIIpc.exe. You have to put the + game disk in drive a, and place Snatchit and CopyIIpc in the same + subdirectory on a hard drive. (If you have not got a hard drive, + you can use a RAM drive program.) You run the Snatchit program + and when it asks to read a Source File, or a Source Disk, you type + in a Source Disk. The program will then Read the disk, and turn it + into a file (You chose the name) ending in .CP2, and place it on + the hard drive. (Or on the RAM drive). + + You can then Archive the file and do with it what you want. + To change a .CP2 file, back into a full disk game, you place a blank + disk in drive a, and the .CP2 file, Snatchit, and Copyiipc on the + hard drive in the same directory (Or in the RAM drive). You run + the snatchit program, and type F where it says sourse file or + disk. (you are reading a source file). It will then read the file + and place it on the disk. When you re boot the disk, the game will + start. + + DSK Files + ----------------- + DSK files are created in much the same way as CP2 files, except + you use a program called Disksq to change the full disk game into a + file and diskunsq to change the file into a full disk game. There is + no copy program needed for disk squishing and unsquishing. Running + the programs gives complete instrictions. Depending on the program + size, you may or may not need a hard drive. But a hard drive is + always a good idea. + + CONCLUSION + ------------------- + Both type of files are easy to obtain. It seems to me that creating + the CP2 files is fatser then the DSK files. The Snatchit program along + with CopyIIpc will take care of almost any kind of full disk you may + encounter. These are very good Cracking programs and They have always + served me well. One thing is kind of strange, when you snatch a file + off of a copyrighted disk, it sometimes comes up to be around 400k, + even though the disk is only has 360 k storage space on it. This is + why a Hard drive is a good idea. You don't have to worry about running + out of space. + + Snatchit, Copyiipc, and the Disk Squishing programs are + avaliable on the Lunatic Phringe BBS at 312-965-3677. 300/1200 Baud. + Both Diskunsq and Disksq are Archived into one file for ease of + downloading. I hope this has been of help to you. + diff --git a/textfiles.com/piracy/CRACKING/howtocrk.txt b/textfiles.com/piracy/CRACKING/howtocrk.txt new file mode 100644 index 00000000..a026d0d6 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/howtocrk.txt @@ -0,0 +1,9216 @@ +HOW TO CRACK, by +ORC, A TUTORIAL + +-------------------------------------------------------------- + +(Htocrk10.txt) Lesson 1: an approach + +(Htocrk20.txt) Lesson 2: tools and tricks of the trade + +(Htocrk31.txt) Lesson 3.1: hands on, paper protections (1) + +(Htocrk32.txt) Lesson 3.2: hands on, paper protections (2) + +(Htocrk51.txt) Lesson 5.1: disk & CD-Rom access (basics) + +(Htocrk61.txt) Lesson 6.1: funny tricks + +(Htocrk81.txt) Lesson 8.1: how to crack Windows, an approach + +(Htocrk82.txt) Lesson 8.2: how to crack Windows, a deeper approach + +(Htocrk91.txt) Lesson 9.1: how to crack Windows, hands on + +(Htocrka1.txt) Lesson A.1: advanced cracking: internet cracking (Unix) + +(Htocrkc1.txt) Lesson C.1: how to crack, cracking as an art + +(Htocrkc2.txt) Lesson C.2: how to crack, cracking as an art HOW TO CRACK, by +ORC, A TUTORIAL + +--------------------------------------------------------------------------- + + Lesson 1: an approach + +--------------------------------------------------------------------------- + + [Pooldemo.exe] + + -------------------------------------- + + The best way to learn cracking (i.e. understanding, broadly + +individuating, locating exactly and eliminating or suspending or + +deferring one or more protection schemes inside a software + +application you do not possess the source code of) is to begin + +your tampering experiments using OLDER applications which have + +OLDER protection schemes. + + In this way you 'll quickly grasp the base techniques of the + +trade. Do not forget that the evolution of the protection schemes + +has not been a one way road... strictly speaking it's not even + +an evolution: you'll eventually find some very clever new tricks, + +but most of the time you 'll unearth only various trite + +repetitions of past (and well known) tricks. This is no wonder: + +the REAL knowledge of the "commercial" programmers themselves + +(the "protectionists") is often very limited indeed: they are + +inclined to use the old methods (albeit somehow changed, + +sometimes even improved) instead of conceiving new methods. This + +typical "commercial" degeneration happens every time people act + +for money instead of doing things for the sake of it or for + +pleasure. This "commercial" trend is blindly encouraged by the + +stupid, money-oriented society we are coerced to live in. + + So I'll begin the "hands on" part (-> starting from lesson + +3), using as examples, some "old" applications and some "old" + +tricks. We'll be able to come later over to the newest protection + +schemes in order to understand them, and you 'll learn how to + +defeat this kind of junk too. I'll also explain WHERE you can + +find a lot of programs to crack for next to no money at all, and + +HOW 'grossomodo', you should proceed in your work. + + This tutorial is for people who are getting started with + +cracking. Maybe you are just contemplating doing some cracking, + +maybe you have tried it with mixed success. If you are here to + +get aimed in the right direction, to get off to a good start with + +the cracking tricks and procedures, then you have come for the + +right reason. I can't promise you'll get what you want, but I'll + +do my best. On the other hand, if you have already turned out + +some working cracking code in assembler and already cracked many + +different protection schemes, then this tutorial is likely to be + +on the elementary side for you. (If you want to review a few + +basics and have no where else pressing to go, then by all means + +stay). + + In order to crack successfully you need four basic things: + +* A passing knowledge of assembler language (the more you + + know, the better and quicker you crack) + +* Some intuition + +* Some help from more experienced cracker + +* A non mercantile mind (more about this later) + +The applications you'll use to learn with can be divided into: + +1 - Password crippled applications (the easiest to crack) + +2 - applications crippled on how many times, or how many + + days, you use them (fairly easy to crack) + +3 - applications crippled on which date you use them before + + (easy to crack) + +4 - applications that have some functions present but + + disabled (sometimes easy, sometimes difficult) + +5 - applications crippled on Disk access (protections schemes + + that are now defined as "obsolete") and applications + +crippled on + + CD-ROM presence (more or less the same methods, but - + + somehow- not defined as "obsolete") (very easy to crack) + +6 - CRYPTOGRAFED ADDS ON (i.e. one of the previous protection + + schemes, but with some scrambled or self modifying code + + (XORring and SHRLing codes) (fairly easy to crack) + +7 - None of the above (sometimes difficult to crack) + +WHERE TO GET THE STUFF + + The recent widespread appearance of "Demo"-CDROM on magazine + +covers is a treasure for all crackers! A short time after their + +release you 'll get all the copies that remain unsold for next + +to free. The demos on CD-ROMs will permit you to gather quickly + +a lot of applications -old and new- that have somehow been + +crippled (at times with interesting schemes). Truly a wonderful + +world of cracking possibilities! Gee! For next to no money you + +can secure on one CDROM the whole of LOTUS applications (or + +Microsoft or Wordperfect, or you name them) on "trial for 30 + +days" or "try it 20 times" editions. You'll really enjoy to crack + +them, to use them for ever and ever and/or graciously donate them + +on the Web to the poor lamers that have no money and no brain. + + GAMES are definitely not to be frowned upon! They are + +very interesting from a cracker prospective coz they are often + +"overprotected". With this I mean that they possess protection + +schemes of a relatively HIGH level hidden inside files that are + +relatively small. Now, see, it is much more easy, and simple, to + +track down and eliminate protection schemes inside a single + +35.000 bytes long executable file than to locate them inside a + +collection of many lengthy DLLs and overlaids that could have + +swollen as long as 2.000.000 bytes each. The lazy bunch of + +"modern" programmers relies systematically for protection schemes + +on this "hide the sting in the wide desert" logic. As a matter + +of fact they are no longer able to program in assembler: they + +bank more and more on overbloated "fatty" atrocities like Visual + +Basic, Delphy or Visual C++. (Don't worry... I'll nevertheless + +teach you how to crack -and quickly- those huge applications + +too). + + There is another reason for employing games instead of + +applications as study material: often EXACTLY THE SAME protection + +schemes that you find in a simple (and short) shareware game will + +be used -without much improving- a little later in order to + +"protect" some huge and extremely expensive graphic application. + + For this reason in my tutorial we'll often crack games + +protection schemes, even if we'll later apply what we learn + +mainly in order to crack the protection schemes of commercial + +applications, or to crack the access protection routines to + +remote servers, or BBS, or even ATM (cash dispensers). + + Here follows an example cracking session, that will show you + +-I hope- the dos and donts of our art: let's crack together as + +introductory example a time crippled application. We'll learn + +later (-> LESSON 4) that all applications that are crippled on + +time (i.e. "how many times" you use them or "how long" you use + +them) rely on analogous protection schemes (albeit with a huge + +palette of small variations): + +1- they may have a counter which "clicks" every so often: FIND + + IT AND DISABLE IT! + +2- they may fetch the time_clock interrupts in your machine: + + INTERCEPT THEM YOURSELF! + +3- they may compare a random_seed with a variable: NOOP IT! + +4- they may check randomly the date of your other, unrelated, + + files on the hard disk: find this verification routine and + + INVERT the JUMPS! + +I wanted to start with a modern example of this "counter clicks" + +protection type, just to give you a feeling for cracking, and I + +have chosen a widely published demo: you should be able to find + +it pretty easily. In order to show you some of the problems you + +may encounter we'll crack this example "wrongly" (you'll learn + +how to crack effectively in the "HANDS ON" lessons). + + EXAMPLE: ARCADE POOL, Demonstration version, PC Conversion + +by East Point Software Ltd, (c) Team 17 Software Ltd 1994. This + +demo has been published by many magazines on their CDRom covers + +throughout 1995. + + What follows will be useful even if you do not have our + +example; nevertheless you should get a copy of this widespread + +demo in order to better grasp some of the following points. + + This nice demo of a billiard game is time-crippled. It is + +crippled on how long you use it: i.e., you can only play 2 + +minutes, afterwards a "nag" reminder of where and how you can buy + +the real version snaps: protectionist squalor at its best. + + So, how do you proceed? Where does the beginning begin? + +Here is what you could (but not necessarily should) do: + + Get [Soft-ice] and load it in your config.sys. See the TOOLS + +OF THE TRADE lesson (-> LESSON 2) about this debugger. Version + +2.6 of [Soft-Ice] has been cracked by MARQUIS DE SOIREE and can + +be found on the Web for free. + +- vecs s (save all the vectors before loading the babe) + +- start [pooldemo.exe] + +- vecs c (vector compare, save a printing of all hooked + + vectors) + +- enter and leave Soft-ice a few times to understand what's + + going on and where in [pooldemo.exe] are we roaming around + + (you should always check MORE THAN ONCE your findings when + + you snoop around: nothing moves and confuses pointers in a + + more frenzied way than good old "inactive" DOS). + +- have a good look at the map of memory usage ("map") + +- now "snap_save" the main memory regions where + + [pooldemo.exe] dwells... snapping saves "photographs" of + + memory areas. + +- do not do anything, let just the seconds go by. + +- "snap_compare" every two or three seconds without moving + + anything at all on the game board (no mouse_clicking, + + NOTHING), so that the only changes are (hopefully) the + + changes caused by the time counters. + +- snap_compare twice in a second. + +- snap_compare at second 00:59 and at second 1:01. + +- snap_compare just before and just after the time limit and + + the snapping of the nag screen. + +- Now collect carefully your printed "snaps" data: write + + clearly on the various sheets the occurrences of the snaps. + +- now comes the graceful "zen-cracking" moment: Sit down with + + a dry Martini and Wodka (obviously only russian Wodka will + + do) and contemplate the printing of the various mutant + + locations. Feel, perceive, empathize! Look closely at the + + locations that have changed in the snap compares. Analyze, + + interpretate, evaluate. + +- Mmm! Hey! Something fishy is changing there, and there, and + + there! (you are lucky, few do actually change in this case: + + only two dozen) + +- breakpoint on execute at the location that you believe act + + as a "continuous" counter, i.e. the location that triggers + + the "a second went by" event when it zeroes. + +- Now set the occurrence counter of BPX in order to break at + + the moment where the location "refills" and restarts from + + the beginning (the equivalent of "one second" went by, + + let's start anew). Use the occurrence counter in order not + + to single-step through the program your life long! + +- IN THIS CASE you 'll quickly locate the refill at location + + 3DD0. Here follows the "refill" line: + + xxxx:3DCC C706F1013C00 MOV WORD PTR [01F1], 003C + +The "3C" byte at xxxx:3DD0 represents a counter_byte... i.e. the + +program "charges" 3C in this location and then DECs it step by + +step to 3B, 3A, 39, 38 etc... till 0. When it reaches 0: bingo! + +Sucker user has lost one second more of his precious two minutes. + + Now, you would get a first wizard level if you searched + +further on for the exact point where you get the "nag screen" in + +order to eliminate the whole witless protection, but you may + +think you got it already and you remember anyway that the first + +principle in cracking is the following: "once you can eliminate + +the effects of a protection, do not look further!" + + Most of the time this is true: you do not always need to + +eliminate a "whole" protection scheme (unless you are just + +studying it for the joy of it). It's normally easier (and + +quicker) to eliminate the "effects" of a given protection scheme. + +Unfortunately this is not true in this case. + + Here you believe that you have already found the way: you + +got the counter that charges the reverse clock that triggers the + +particular protection scheme of [pooldemo.exe]. Now you may think + +that if you could modify the refill_value... say changing "3C" + +to "EE" (Yeah, the maximum would be FF... but it's always good + +practice to avoid such extreme values when cracking) you should + +get four times more playtime for your game... more than enough + +in order to make the protection scheme useless. + + So you change location xxxx:3DD0 from "3C" to "EE". To work + +on bytes you should use a good Hexeditor like PSEDIT (Parity + +solutions, [Psedit.exe], brilliant shareware: see the "tool of + +the trade" section) but you could also work with simpler + +debuggers like [debug] or [symdeb] (-> see lesson 2). If you do, + +remember to work on a "dead" copy of your crippled [*.exe] file, + +i.e.: + + ren POOLDEMO.EXE POOLDEMO.DED + + symdeb POOLDEMO.DED + + -s (cs+0000):0 Lffff C7 06 F1 01 C3 <- this string + + corresponds to the + + refill line). + + cs:3E85 <- symdeb gives you two locations as answer + + cs:3EEA + + -e cs:3E85+4 EE <- refill changed from C3 to EE + + -w + + ren POOLDEMO.DED POOLDEMO.EXE + +Now you run your tampered pooldemo. You think you cracked it, you + +glee with satisfaction... but loo! Nothing at all has changed, + +everything's as lame as before, you still have only 2 minutes + +playtime. How disappointing: how comez it didn't work? + + Well, for a start you have not been attentive enough! The + +search in debug gave you TWO locations, you moron, and not just + +the one you just tampered with. Check and you 'll see that the + +second location (cs:3EEA) is a MIRROR/CONTROL location (more on + +this later). Some times there exist "double" locations... coz at + +times it's quicker to use a double routine than to use a + +branching if or switch structure... some times the second + +locations do mirror the first ones and correct them on the fly + +if need be. + + So you need to modify this too... you act as said above but + +this time you enter in debug a + + -e cs:3EEA+4 EE + +before writing back the dead file and then renaming it to exe and + +then running it... and loo! Hoow sloow! THERE YOU ARE! Your + +crippled POOLDEMO.EXE is now (sort of) unprotected: You think + +that you can now play the stupid game up to 12 minutes real time, + +even if the protection scheme (and the counter) "believes" that + +it is playing only two minutes. + + So you begin to play, and the seconds look veeery sloow, and + +everything seems OK, but -alas- NO! At screen second 28 you get + +the irritating "two minutes are over" nag screen! Obviously you + +were dead wrong: the program "knows" the time directly from the + +timer... you only modified the stupid counter ON THE SCREEN. + + So it's back to cracking, and now you are angry, and forget + +the quiet ways of the zen-analyze and begin the heavy cracking + +you should reserve -if ever- for really complicated schemes. You + +now start to check the hooked vectors (you did your routinely + +VECS_save before loading pooldemo in [Soft-ice] and your + +VECS_compare afterwards) and you see some findings that you + +believe interesting: + + vecs c + + 08 1EFD:84C6 0CD1:17AC <- the clock + + 09 1EFD:85EC 136A:069C <- the keyboard + + 22 0BCE:02B1 0BCE:017E <- the terminate + + That's more like it -you think. Smack at the beginning: the + +first hooked vector does it! It's good old interrupt_08: the + +timer_clicker! + + Some basics for those of you that do not know anything: + +INT_08 controls indirectly the INT_1C timer interrupt. The 8253 + +clock chip generates an IRQ_0 hardware interrupt at a rate of + +18.2 interrupts per second. This gives control to the ISR + +(Interrupt Service Routine) that the INT_08 points to... and this + +should be at 0CD1:17AC, but has been hooked here, by pooldemo, + +to 1EFD:84C6. + + One of the actions taken by the INT_08 ISR within the BIOS + +is to issue a software interrupt call to INT_1C, just in case any + +software modules within the system have established an intercept. + +If no intercepts have been established, the default contents of + +the INT_1C vector point to an iret instruction within the BIOS, + +so that a null action results. + + Normally a protectionist would intercept INT_1C, coz at + +every ISR from INT_08 the CPU would fetch the contents of the + +corresponding interrupt vector and make an interrupt style call + +to the code at that address (which should contain the iret at + +address F000:9876 but can contain any trick they could think of). + + So -you think- the protectionist hooked here INT_08 directly + +(a pretty infrequently used protection scheme by the way): What + +now? + + A rather drastic measure would be, in such circumstances, + +to + +disable the IRQ_0 level timer interrupt, which is controlled by + +bit 0 of the mask register, at address I/O 0021h. When bit 0 + +within the mask register is set to 1, no further interrupts will + +be recognized for this IRQ level. This unfortunately won't work + +here, but it's an interesting technique per se, so you better + +learn it anyway, just in case you should need it elsewhere: + +--- Trick to disable the timer ("IRQ_0 masking" by +ORC) --- + +* prompt $t and hit ENTER a few times, see how the dos_clock + + is merrily ticking along? + +* enter DEBUG.COM + +* Assemble using the command 'a' + +- a + +in al,21 + +or al,1 + +out 21,al + +ret + +RETURN + +RETURN <- twice to exit immediate assembler + +- g 100 <- to run the tiny program. + +- q <- to quit debug. + +prompt $t is still on: hit ENTER a few times: + +whoa! The clock has stopped advancing! + + Compliments: you loaded the current mask register's contents + +into AL, you set the mask bit in the bit 0 position (which + +corresponds to IRQ_0) at then updated the value back to the mask + +register. + +When you are ready to activate IRQ_0 events again, reenter DEBUG, + +run the following and then reset the clock you stopped with DOS + +TIME command: + +- a + +in al,21 + +and al,fe + +out 21,al + +ret + +RETURN twice + +- g 100 + +- q + +A word of caution: with the timer click disabled some processes + +will not operate correctly: once you access the diskette drive, + +the motor will continue to run indefinitely afterwards, etcetera. + +------------------------------------------------------- + + Unfortunately the above technique cannot work with our + +[pooldemo.exe], where you now are looking closely to the INT_08 + +hook you found, believing that it hides the protection scheme: + +herein you find immediately the EoI (End_of_interrupt: MOV + +AL,20h... OUT 20h,AL). Both controllers have a second port + +address at 20h (or 0a0h), from which the instructions are given. + +The most important is the EoI command (20h). This instruction + +indicates the end of the interrupt handler and frees up the + +corresponding controller for the next interrupt. If somebody + +writes a new custom interrupt handler (as many protectionists + +do), it's up to him to see to it that at the end of the handler + +the EoI command (20h) is written to either port 20h or port 0a0h. + + After the EoI follow the usual pushes, then some CALLS then + +a call that issues some OUT 40,AL that look like timer refreshing + +(OUT transfers data to an output port and ports 40-42 correspond + +to the Timer/counter). Some do_maintenance follows, then a double + +CALL, one more conditional CALL and then a "mysterious" call FAR + +CS:[AA91] on which depends a byte PTR[970C] that decides another + +final CALL... then the routine pops all registers and irets away. + + Ah! You say, and begin disassembling, reverse engineering + +and looking inside each suspect call (the quicker method in + +these cases is to breakpoint calls on entrance and see if you + +find the one that's only called at the awakening of the time + +limit protection). + + You work, and work, and work... and eventually find nothing + +at all, coz the protection of this program is NOT HERE! + + Back to the zen-analyze of the snap printings... we forsake + +it too soon, as you will see. + + If you watch with more attention the compare locations for + +the range DS:0 DS:FFFF you 'll notice that one of them changes + +relatively slowly from 0 to 1 to 2 to 3 and so on... the + +precedent location changes very quickly, and runs the complete + +cycle 0...FF. That's a counter, at locations DS:0009 and DS:000A! + +How long will it tick along? Well, we saw above that the "charge" + +every second is 3C, so it will be x3C*x78=x1C20, coz x78 is 120 + +seconds, i.e. the two minutes time limit. + + Now search this 1C20 value around inside the code + +(protections are most of the time at the beginning of the + +CS:offset section), and you 'll find quickly what follows: + +The protection in [pooldemo.exe] is at code_locations + +CS:0A8A 813E20A7201C CMP WORD PTR [A720], 1C20 + + compare location A720 with limit 1C20 + +CS:0A90 7C07 JL okay_play_a_little_more + +CS:0A92 E834FD CALL beggar_off_time_is_up + + BINGO!: FOUND! + +Now let's quickly crack it: + +------------------------------------------------ + +CRACKING POOLDEMO.EXE (by +ORC, January 1996) + +ren pooldemo.exe pooldemo.ded + +symdeb pooldemo.ded + +- s cs:0 Lffff 81 3E 20 A7 20 1C + +xxxx:yyyy <- this is the answer of the debugger + +- e xxxx:yyyy+5 4C <- this time limit is much better + +- w + +- q + +ren pooldemo.ded pooldemo.exe + +------------------------------------------------- + + We have done here a "weak" crack: we limited ourselves to + +accept a (better) time limit, changing it from 1C20 to 4C20 (4 + +minutes instead of two). We could obviously have done a more + +radical crack if we had changed the JL (jump lower) instruction + +in a JMP (jump anyway) instruction. In this case it would have + +worked, but for reasons that will be explained in lesson 4, you + +should choose a rather delicate approach in cracking when you + +deal with time-limit protection schemes. + + As you have seen, in this artificial cracking session we + +found the protection scheme after a little snooping around. But, + +as you will see in the hands on part, there are always MANY ways + +to crack a single protection scheme. You could -for instance- + +have found this protection the other way round: set a trace on + +memory range for the program, restricting the trace to the first + +part of it (say CS:0 to CS:1000, if you do not fetch anything you + +can always try the other blocks). Breakpoint at the nag screen, + +have a look at the last 300-400 backtraced instructions, if you + +did not move anything, everything will follow a repetitive + +pattern, until the protection snaps on: + + ... + + JL 0A99 + + CMP BYTE PTR [A72A],01 + + ... + + JL 0A99 + + CMP BYTE PTR [A72A],01 + + ... + + for ages and ages and then... + + ... + + JL 0A99 + +E834FD CALL 0759 <- BINGO! (CALL beggar_off_time_is_up) + +... there it is, found the other way round. (But this apparently + +better method is unfortunately very unstable: it depends on your + +timing of the breaking in and on the distance between protection + +and nag screen, therefore the somehow more complicated, but more + +sure previous one should be favoured). + + The reason why "minimal" approaches in cracking are often + +more successful than heavy vector_cracking, is that the programs + +are hardly ever "overprotected", and therefore the protections + +are seldom difficult to find (and those that are really worth + +cracking for study reasons). + + Sometime you don't even need to crack anything at all! Some + +applications are fully functional -per se-, but have been + +crippled in a hurry in order to release them as demos. The + +commercial programmers want only money, do not even try to + +understand our zen ways, and do not care at all for a well done + +job. That means, among other things, that the hard disk of the + +user will be cluttered with files that the main program module + +never calls. A typical example of this sloppy method is the demo + +of [Panzer General] from SSI that appeared in the summer '95. + +This was in reality no less than the complete beta version of the + +game: you just had to substitute to one of the two "allowed" + +scenarios one of the 20 or more scenarios of the beta version in + +order to play them freely... you didn't ever need to crack! + + The pooldemo crack example above should not discourage you + +from cracking intuitively. Be careful! Perform a thoroughly + +zen_analyze before attempting deeper methods: do remember that + +you want to crack the protection scheme SOMEHOW, and not + +necessarily following the same line of thought that the + +programmer eventually WANTED YOU TO CRACK IT with. + +Well, that's it for this lesson, reader. Not all lessons of my + +tutorial are on the Web. + + You 'll obtain the missing lessons IF AND ONLY IF you mail + +me back (via anon.penet.fi) with some tricks of the trade I may + +not know that YOU discovered. Mostly I'll actually know them + +already, but if they are really new you'll be given full credit, + +and even if they are not, should I judge that you "rediscovered" + +them with your work, or that you actually did good work on them, + +I'll send you the remaining lessons nevertheless. Your + +suggestions and critics on the whole crap I wrote are also + +welcomed. + + E-mail +ORC + + +ORC an526164@anon.penet.fi + HOW TO CRACK, by +ORC, A TUTORIAL + +--------------------------------------------------------------------------- + + Lesson 2: tools and tricks of the trade + +--------------------------------------------------------------------------- + + [INDY.EXE] + + -------------------------------------- + +LOST IN THE DARK CODEWOODS + + When you break into a program you end up in portions of code + +that are unfamiliar to you. It is also not uncommon for the + +breakpoints to occur outside of the confines of the program you + +want to crack. Getting your bearings is, in these cases, very + +important. + + One of the handiest utilities is the memory dump tool -it + +tells you where all the device drivers and TSR are loaded, in + +which memory locations the program you are cracking dwells, how + +much memory is left and what the next program load point is. The + +tools you use should report on the following: + +- the contents of interrupt vectors + +- the state of the BIOS data area, beginning at address 40:0 + +- internal structures within DOS, such as the MCB chain, the + + SFT (System File Table) chain, the chain of installed + + device drivers, the PSPs and memory allocations associated + + with installed TSRs + +- memory allocation statistic from XMS and EMS drivers + + When seeking to understand a section of foreign code, you + +must be especially careful to seek the real intent of the code. + +Consider using a profiler prior to undertaking an analysis of an + +unfamiliar program. This will help you by ensuring that you don't + +waste time studying sections of the program that aren't even + +involved in the protection scheme you are chasing down. + + Using a utility that charts a program's calling hierarchy + +can give you an important perspective on how your babe conducts + +its internal operations. + +YOUR DEBUGGER: YOUR FAVOURITE TOOL + + First and foremost, your debugger must be designed for use + +with resident modules (or must be itself a resident module). + +Trying to crack with simplistic [debug.com] is a sure way to get + +absolutely nowhere. We recommend Softice.exe from Nu-Mega + +technologies (Version 2.6 [S-Ice.exe] has been cracked by MARQUIS + +DE SOIREE and its vastly available on the Web). You could also + +use [Periscope] or [Codeview] or Borland's Turbodebugger... all + +these programs have been boldly cracked and/or distributed and + +are now on the Web for free... learn how to use YAHOO and find + +them. In emergency cases you could fix some quick crack using + +[debug] or [symdeb], but, as said above, most of the time these + +older debuggers won't do. I'll nevertheless ALWAYS give the final + +crack procedure for [debug.com], in order to permit even lusers + +to crack programs. + + When you first smell a protection, it can be tempting to + +immediately begin your crack using invasive types of techniques. + +While there is certainly nothing wrong with this approach, + +provided that you are fairly familiar with the protection scheme + +used, going in too deep too soon can be a problem when you don't + +have a strong hunch. Most of the time you'll end up missing + +important details. So first of all sit down and ponder... that's + +the zen-way, the only one that really works. + + Single-stepping is expensive, not only because of the time + +it requires but also because of the amount of detail with which + +you must contend. Your immediate goal is to home in on the + +protection scheme through a series of successively refined traps, + +your broader aim is to get an overview idea of the program's + +action... the wise use of breakpoints will condense these + +minutiae into an understandable form. + + The first step is to try to identify the section of the + +program where the protection scheme is snapping. + + Once you are able to isolate a certain section of a program, + +breakpoints can be used to gather a trace history of the + +program's execution. If your debugger sports a backtrace buffer, + +logging window, or similar feature, by all means learn how to use + +it. The debugger it's your best weapon, you must know all the + +possibilities it offers and all the capabilities it possesses. + +Having a debugger's display output echoed to a printer is another + +possibility. + + Using breakpoints is beneficial for two basic reasons: speed + +and reduction of detail. Manual single-stepping is invaluable + +when you are close to the protection scheme, but too much of it + +will bore you to death. + + When selecting breakpoint locations and the types of + +breakpoint to use, it is important to step back once more, drink + +a cool Martini-Wodka (use only Moskovskaja: non-russian Wodkas + +are appalling) and ask yourself: "What is this going to tell me?" + +and "What else will I need to know once the break occurs?". MOST + +IMPORTANT OF ALL: "Is my current cracking approach the simplest + +and most direct?", coz you do not want to waste precious cracking + +time. + + When devising a set of breakpoints it is wise to consider + +how "a trail of bread crumbs" can be left. Not allowing for an + +execution chronicle from the start can mean having to restart a + +cracking session. + + Setting breakpoints on certain software interrupt calls is + +an excellent way to get an overview of a program's operations. + +The INT_21 DOS services interrupt is probably the most universal + +useful of these, with BIOS interrupts such as the INT_13 (BIOS + +Disk services) and INT_16 (BIOS keyboard services) useful for + +specific cracking. + + When working with a debugger, evaluative breakpoints are + +usually your best shot. To avoid having to deal with a plethora + +of calls, you would want to have a debugger capable of being told + +to "break on any INT_21 call except where AH == 2C or AH == 0B". + + A real understanding of the working of a program is surely + +important, but don't overdo it! To reverse-engineer even a small + +program can involve many hours of analysis and documentation + +work. If you'll not be able to use the zen-cracking techniques + +described in this tutorial (sadly not everybody can) pace + +yourself and make sure your chair is comfortable: you'll be + +sitting for quite a spell. + + Much of the work involved in reverse-engineering consist of + +chasing down tentacles. In order to understand the operations of + +one function, you must understand what happens within each of the + +functions it calls- its child functions. To understand these + +child functions you must study their children; and so on down the + +calling hierarchy tree. Then there is the data. Tracing tentacles + +based on a program's calling hierarchy is a directed process. + +Each function you encounter is basically a list of other + +functions you must reckon with. When it comes to analyzing a + +function's interrelationship with the program's data structure, + +no such list is provided. You must have instinct, feeling and + +luck. + + Data analysis requires more of a broad-based inquisition. + +For each memory variable you are interested in, you must survey + +all functions to determine which ones read and write that + +variable. The use of memory conditional breakpoints and of a + +disassembler that builds a cross-reference table can make this + +task a lot easier. (Use Sourcer! It's a fairly good tool and + +version 4.08 of [sr.exe] has been long ago cracked and + +distributed on the Web). + +ALL SYSTEM CALLS IN ONE LOCATION + + Remember that if the program you are cracking was written + +in assembler in the first place (very unlikely knowing the + +laziness of to_days programmers), system calls are probably made + +directly from the functions which need them. But when a program + +is developed in a high-level language, it is more likely that + +common library functions will be used for many operations + +involving system calls. When a program makes all of its INT_21 + +calls from the same location, you know that this is certainly the + +case. + + Now, what happens sometimes is that the programmers write + +the whole application in a overbloated language like C++, but are + +afterwards compelled to "speed up" critical sections of the code + +writing them in assembler. And loo! A section where you + +repeatedly find assembler crafted patches is precisely the + +protection scheme! So you could have a program with all INT_21 + +calls from the same location but for one or two calls which are + +coming out of the section where the morons have "hidden" their + +protection strategy. By just "looking" at the dead code of a + +program, you should be capable to tell wich parts have been + +"added on" in a later phase. They presents themselves as + +unevenness and irregularities, especially if you use an utility + +that represents graphicallly the code of a program. Protections + +are often added on at the end of the development. + + Should you determine that the system calls relevant to your + +cracking are made from common library functions, all is not lost. + +The specific function from which these library calls were made, + +the function you are seeking to locate, is executing at some + +point in between these calls. Break in with your debugger at the + +end of the first system call, just where it is returning to the + +point of call. From there, trace through the remainder of the + +common library routine until it returns to its caller. In short + +order, you should find yourself in the function you need to see. + +The trick is to be able to identify it for what it is. + +ASCIIZ IN CODE + + In the interest of gaining an overall familiarity with the + +program you want to crack, it can be enlightening to use a hex + +dump utility to examine the message strings contained within the + +program's binary modules. If the program happens to load its + +message strings from separate files, your search has just been + +simplified. + + Your debugger's memory-dumping feature is one tool that can + +be useful for this type of exploration. You could also construct + +a filtering program, which would read a binary file and output + +all sequences of bytes that are comprised of displayable + +characters and are over a certain minimum length (the best + +cracker tools are often the ones you write yourself). + + When a protection scheme is marked by the issuance of a + +specific message on the screen, you could go into the program and + +locate the code that emits this message, and then determine what + +triggers it. A good way to start the location process is to see + +if a system call is used to display the string. Interrupt INT_21, + +INT_10 or INT_29 are usually used to display text messages to the + +console. + + When the message's display is not a result of one of these + +system calls, direct video writing is probably being used. If you + +know the screen location used, and if that part of video memory + +is not used for anything else at the time (a big if), a memory + +write breakpoint could be set on the video buffer address + +corresponding to the first character's position. If this won't + +work, use the step-over/step-around tracing technique while + +watching for the message to appear. + + Now you found it: from a disassembled listing, you locate + +the address of the message string and then survey the reminder + +of the file for any instructions that reference this address. + +[Sourcer] can generate labels for specific memory locations and + +a cross-reference table showing where these labelled locations + +are referenced. Otherwise, load the disassembled listing file + +into your editor and use its search capabilities. Manually + +searching for such things in a listing will make you old before + +your time. + +CODE AND DATA + + When stepping through code at the assembler level, watch out + +for interrupt calls that are followed by data. Sometimes you will + +find an interrupt call, typically within the range INT_34 to + +INT_3F, where several bytes immediately following the interrupt + +instruction will be data rather than code. + + Be especially suspicious of this type of code-and-data + +mixture when your debugger's disassembly output of the + +instructions immediately following an interrupt call doesn't make + +sense. Sometimes you can determine the offset of the next true + +instruction by inspecting the following code and data. In other + +cases, you will have to trace through the interrupt call to see + +how it accesses the data following the interrupt call instruction + +and how it manipulates the return address on the stack. + +HOOKED VECTORS + + Seeing what interrupt intercepts already exist within a + +system before running the program you want to crack, as well as + +what interrupt handlers are established by the target program, + +can provide useful clues. For example, if a protection + +establishes an INT_09 intercept just before the snapping of a + +keyboard verification routine, your range of suspects has just + +been narrowed significantly. + + To study the interrupt vector activities of an application, + +a vector dump map utility is useless. It can't be run while + +running the application you want to crack. One solution is to run + +the program under a debugger and watch for system calls to INT_21 + +functions 25h (set interrupt vector) and 35h (get interrupt + +vector), but in the event that the program reads and writes + +interrupt vectors directly, this method will not give you a + +complete picture. Normally you'll use a spy, trace or "step" + +utility. + + APPLYING A MEMORY WRITE BREAKPOINT TO A SPECIFIC VECTOR OR + +TO THE ENTIRE TABLE is another way to deal with this. + + Note that some sort of direct vector writing must be + +occurring if a vector change is detected between system calls. + + If a vector change is detected during a system call but it + +isn't function 25h of INT_21, suspect that an IRQ handler may be + +effecting the change. + +LITTLE TRICKS OF THE TRADE: + +* determining interrupt vector addresses **************** + + How do you determine the interrupt vector addresses? As + +example let's find the address of the INT_21 interrupt vector. + +Since the interrupt vector table starts at address 0000:0000 + +(easy to remember, isn't it?) and there are four bytes per + +vector, the basic process is to multiply the interrupt number + +four times and use the result at the offset (on segment zero). + +21h + 21h = 42h 42h + 42h = 84h + +The int_21 vector is located at address 0000:0084 + +You could also use a calculator, for instance, the address of + +INT_63 is 63h*4=18ch -> 0000:018C + + + +* address conversion *************************************** + + After a painstaking cracking session, you have finally + +determined that a byte of memory at address 6049:891C is the + +trigger. But when you isolate the offending instruction, you find + +that the address it is generating when the protection occur is + +different, being 6109:7D1C instead! How can this be? + + An 80x86 type CPU, when running in real or VM86 mode, uses + +what is known as segment:offset type addressing. One side effect + +of this addressing method is that one physical address can be + +equivalent to many different segment:offset addresses. + + To find the PHYSICAL ADDRESS for a given segment:offset do + +the following: + +- convert the segment portion of the address to a 1-based number + +by multiplying it by 16 (x10)... it's easy: add 0 at the right + +end of the number!... + + 6049 -> 60490 + + 6109 -> 61090 + +now all you have to do is to add this value to the offset value + + 60490+891C -> 68DAC + + 61090+7D1C -> 68DAC <- Got it? + +And the other way round? If you have a physical address, say + +19AC3, and you want to obtain a segment:offset address you must + +first of all decide in which segment you want the address... if, + +say, you choose segment 16CC, you proceed as follows: + + 16CC -> 16CC0 + + 19AC3-16CC0 = 2E03 (offset) + + address for 19AC3 in segment 16CC = 16CC:2E03 + +TOOLS OF THE TRADE + +Before starting this section, for those of you that do not know + +anything, here is the ARCHIE way you get all the program that do + +EXIST on the planet: e-mail following + +1) (address) archie@archie.univ-rennes1.fr + +I use this french archie, but you can get a worldwide list using + +the metacommand "servers" + +2) (text) set search sub <- anywhere in string + + set maxhits 140 <- (100-1000) + + set maxhitspm 15 <- not just 1 file all over + + find stepdos <- search e.g. this file + +Wait two hours, get your post and ftp the file you wanted (and + +YES!, you 'll find also EVERYTHING else for free on the Web). + +You could, instead of using archie, also learn how to use YAHOO. + +[MEMSCAN.EXE] + + One of the most fascinating tools that I have ever seen is + +a (very old) program: MEMSCAN.EXE. + +This program was originally written in 1988 by Scott A. Mebust, + +running in CGA. It's a "visual" utility: it enables you to see + +graphically the 1-meg of PC memory in 8 kbyte chunks. It's a + +powerful tool in order to locate quickly bit mapped graphics and + +other 'objects' in memory, like program data tables, stack areas, + +code areas, available RAM, etc. I used this great idea to create + +(in C) my own tools: a "dead_programs scanner" and an ameliorate + +version of Memscan itself. Looking at the VISUAL STRUCTURE of a + +program it's a great help when you'll crack higher levels. + +[TRACKMEM.COM] + + A very good tool by James W.Birdsall, tracks memory usage + +of programs (EMS, XMS, conventional). + +[SCANCODE.COM] + + "THE" scancode lister, by the code_masters from clockwork + +software. The must utility for crackers that do not learn all + +scancodes by heart. + +[MAP.EXE] + + Actually "MAP2", THE memory mapper from the code_masters at + +clockwork software. It's a very good tool and an interesting one + +too, coz you get it with the "Nigel" nag screens. They are not + +difficult to remove (a "passletter" protection scheme, you'll + +learn how to find and remove it from [Map.exe] in LESSON 3.2). + +[FILEDUMP.COM] [HEXDUMP.COM] [TDUMP.EXE] [DUMP.EXE] + + There are hundred of file dump utilities, coz file dumping + +is one of the first exercise they learn you at C-school. + +Hexdump.com is 558 bytes long, Tdump.exe 120.704, pick the one + +you like better or write your own (even better). Filedump.com, + +by Daniel M.O'Brien, 1046 bytes long, it's nice. + +[SPRAY.COM] + + That's a good crack utility indeed! This 1989 program by + +Daniel M.O'Brien gives you a "post-mortem" picture of your + +memory. You redirect it to and study it at ease. It's + +difficult to say how many hours of cracking it did spare me (you + +should study the program, only 252 bytes long, and will have to + +modify it a bit, coz it's pretty primitive, in the original + +version, for instance, the redirection to the printer works only + +if there is NO SPACE between "spray" and ">"). + +[VEXE.EXE] + + A good EXE files analyzer, useful for windows programs too + +(see --> LESSON 7). Some of its functions are present in + +TDUMP.EXE too. This 1991 program by S.Krupa it's sometimes very + +useful. + +[SNOOP UTILITIES --> KGB.EXE INTMON.EXE INTRSPY.EXE etc...] + +[TRACE UTILITIES --> TRACE.EXE STEPDOS.EXE etc...] + + A must to study the "calling hierarchy" of an unknown + +program. KGB.EXE, a 1992 program by Petr Hork could easily be + +the best one, and comes with source code(!). I'll teach you how + +to crack without any of them (you do not need them if you zen- + +crack), but they can nevertheless be very useful in some + +situations. Stepdos.exe, by Mike Parker, is a excellent program: + +a pleasure to crack in order to use it for slightly different + +purposes :=) + + + +[SOURCERING UTILITIES] + + SR.EXE can be used for sourcering unknown programs. It's a + +fairly good sourcering tool. Version 4.08 has been cracked (it's + +a "ORIGINAL NUMBERCODE" protected program) and distributed on the + +Web, so you should easily find it. This said, you should NEVER + +use such a brute force approach, unless you are really desperate: + +I'll teach you how to crack without sourcering (you don't need + +to sourcer if you zen-crack). + + + +[HEXEDITORS] + +Every idiot has written at least one hexeditor, and you can find + +very bad tools everywhere (the SIMTEL collection, on the Web, + +lists at least 35 hexeditors). I suggest you write your own and + +contribute to the flood, or (better) get PSEDIT.EXE, a good 1990 + +program by Gary C. Crider (Parity Solutions, 1903 Pavia Ct. + +Arlington, TX 76006... sometimes even americans can write good + +programs). If you do use it (as you should) disapt the nag screen + +as small exercise in cracking. + +[DEBUGGER] + + Your best friend in cracking, your weapon, your hidecloak... + +I suggest [Softice.exe] from Nu-Mega technologies (Version 2.6 + +has been cracked by MARQUIS DE SOIREE and its vastly available + +on the Web). You could also use [Periscope] or [Codeview] or + +Borland's Turbodebugger... all these programs have been boldly + +cracked and/or distributed and are now on the Web for free... + +learn how to use ARCHIE and YAHOO in order to find them. Your + +debugger is the only tool you 'll REALLY need, believe me. So + +choose your weapon wisely and learn how to use backtrace ranges + +and (FOREMOST!) breakpoint on user written qualifications + +routines. You 'll be able to crack almost EVERYTHING using these + +features in the right way. + + You should get all the programs mentioned above (all the + +programs that EXIST for that matter) for free on the Web. Use + +them, but also modify them recklessly! REMEMBER THAT YOU ARE + +(GOING TO BE) A CRACKER! The first programs you should crack and + +modify are therefore your very tools! So steal the code of the + +best tools you find! Snatch the best routines and change them for + +the better! That's the whole point in cracking: a mission to + +IMPROVE the best accomplishments of humanity's genius :=) + +HOW TO CRACK, ZEN-CRACKING + + You 'll learn, beginning with next lesson, how to crack + +systematically the different protection schemes: paper & password + +protections, time protections, access protections. At the end of + +the "methodolocical" part, you'll be able to deprotect programs, + +but you still wont be a cracker. In order to crack higher you + +must use what I call (lacking a better definition) "zen- + +cracking". I 'll give you right now an example of this, so that + +you know what I'm talking about, but -unless you are already + +capable- you'll have to finish this tutorial part for "normal" + +cracking before attempting this techniques. Let's zen-crack + +together a password protection scheme (aka "paper protection", + +coz you need the original manual of the program in order to + +answer). This protection is based on the typing, at the nag + +screen, of the correct sequence of numbers. Our example is a game + +for the reasons explained in lesson 1, but you 'll find the SAME + +protection scheme in the access protection procedure of some old + +Tapestry networks... so do not frown upon games protections. + +INDIANAPOLIS 500, Papyrus software & Electronic Arts, 1989 + +It's a rather widespread program, you should therefore find it + +pretty easily. The nag screen asks for data based on the + +historical performances of race cars... that means that the + +answers will consist in two to three digits. + + Now, the normal way to crack such a program (described in + +-> lesson 3.1) embodyes following steps: + +- snap save program memory areas before typing your answer + +- snap compare after typing, say, "666" + +- search for the sequence 36,36,36 (i.e. 666) + +- breakpoint on memory range for reading + +- look at the program part fetching your data + +- find the snap procedure + +- disable it. + + The above crack it's relatively quick and should be most of + +the time fairly effective, but there is a better way: the "zen + +way", the only one that can really enable you to crack high + +protection schemes. + +- Run the program and break in at the nag screen + +- Answer consist of 2-3 digits? Search for "AC" (i.e. the + +instruction LODSB, load digit of answer in AL) in the area 500 + +bytes BEFORE and 500 bytes AFTER your position. You'll get some + +locations. (In the case of INDY 500 you get 6 such locations). + +- "feel" the locations (that's the tricky part). + +- OK, you already made it! Here is the protection strategy: + + 8BBF28A5 MOV DI,[BX+A528]<-- DI points to coded data area + +:compare_loop + + AC LODSB <-- load first digit of answer in AL + + B4FF MOV AH,FF <-- load mask in AH + + 2A25 SUB AH,[DI] <-- sub coded data from mask and get + + real answer + + 47 INC DI <-- ready to get next coded data + + 3AC4 CMP AL,AH <-- user answer = real answer ? + + 751A JNZ beggar_off_coz_false_answer + + 0AC0 OR AL,AL <-- more numbers? + + 75F2 JNZ compare_loop + + 59 POP CX <-- all OK, go on, nice guy + + ... + +And if the protection scheme had been more far away? And if you + +cannot "feel" the right one? And if my grandma had wheels? You'll + +learn it, believe me. + +Now let's quickly crack this crap. + +------------------------------------------------ + +CRACKING INDY.EXE (by +ORC, January 1996) + +ren indy.exe indy.ded + +symdeb indy.ded + +- s (cs+0000):0 Lffff B4 FF 2A 25 47 3A C4 75 1A + +xxxx:yyyy <-- this is the answer of the debugger + +- s (cs+1000):0 Lffff B4 FF 2A 25 47 3A C4 75 1A + +(nothing, but you must be sure there isn't a mirror) + +- e xxxx:yyyy+8 00 <-- "JNZ 1A ahead" changes to "JNZ 0" + +- w + +- q + +ren indy.ded indy.exe + +------------------------------------------------- + +Cracked: you just changed the JNZ beggar_off instruction in a JNZ + +go_ahead_anyway. Nice, isnt'it? + +WHY WE CRACK + + Strange as it may seem, the reasons for cracking are very + +important for the success of our task. We (at least we old + +crackers) crack AGAINST society, and OPPOSING laws and + +conventions. We usually DO NOT crack for money or for other + +"commercial" reasons (just sometimes, and we are expensive: I + +have plenty of money already and my services are VERY expensive + +if you need an aimed deprotection). But in general we don't care + +much for money and -as you can see- I am giving away the basis + +of what I know for free with this tutorial. The programs we crack + +should be made free for everybody, even if we spent some of our + +time deprotecting them. We could not care less of the commercial + +value of a given program, not to mention the holy work of the + +ethical programmers... we program ourselves, but only because we + +LIKE it... if somebody does something only in order to gain + +money, he does not deserve anything. It's the mind challenge that + +counts, NEVER the profit! (Even if you can make good use of the + +cracked programs and even if -as I said- there is at times a + +personal profit). + + This is an indispensable attitude! Only a non-mercantile + +mind can leap forward to the "satori" knowledge that you + +desperately need if you want to crack quickly and elegantly huge + +iperbloated monstruosities that somebody else wrote and + +protected, or if you want to gain access to some hidden + +information, data that you would like to snoop but that somebody + +declared "off limits", coz a stupid government, or useless + +industry sector, or money oriented programmer or dirty lobby of + +interest decided it. + + If you do accept the society where we are compelled to live, + +its awfully egoistic way of life and its dirty "profit" values, + +you may eventually learn how to disable some simple protections, + +but you'll never be able to crack in the "right" way. You must + +learn to despise money, governments, televisions, trends, + +opinion-makers, public opinion, newspapers and all this + +preposterous, asinine shit if you want to grasp the noble art, + +coz in order to be emphatic with the code you must be free from + +all trivial and petty conventions, strange as it may sound. So + +you better take a good look around you... you'll find plenty of + +reasons to hate society and act against it, plenty of sparks to + +crackle programs in the right way... Hope all this did not sound + +too cretin. + +Well, that's it for this lesson, reader. Not all lessons of my + +tutorial are on the Web. + + You 'll obtain the missing lessons IF AND ONLY IF you mail + +me back (via anon.penet.fi) with some tricks of the trade I may + +not know that YOU discovered. Mostly I'll actually know them + +already, but if they are really new you'll be given full credit, + +and even if they are not, should I judge that you "rediscovered" + +them with your work, or that you actually did good work on them, + +I'll send you the remaining lessons nevertheless. Your + +suggestions and critics on the whole crap I wrote are also + +welcomed. + + E-mail +ORC + + +ORC an526164@anon.penet.fi + HOW TO CRACK, by +ORC, A TUTORIAL + +--------------------------------------------------------------------------- + + Lesson 3.1: hands on, paper protections (1) + +--------------------------------------------------------------------------- + + [UMS.EXE] [LIGHTSPD.EXE] [GENERAL.EXE] + + -------------------------------------- + +SOME PROBLEMS WITH INTEL's INT + +The INT instruction is the source of a great deal of the + +flexibility in the PC architecture, because the ability to get + +and set interrupt vectors means that system services (included + +DOS itself) are infinitely extensible, replaceable and + +MONITORABLE. Yet the Int instruction is also remarkably + +inflexible in two key ways: + +- an interrupt handler DOES NOT KNOW which interrupt number + + invoked it. + +- the int instruction itself expects an IMMEDIATE operand: + + you cannot write MOV AX,x21, and then INT AX; you must + + write INT x21. + +That would be very good indeed for us cracker... unfortunately + +many high level language compilers compile interrupts into PUSHF + +and FAR CALL instruction sequences, rather than do an actual INT. + +Another method is to PUSH the address of the handler on the stack + +and do RETF to it. + + Some protection schemes attempt to disguise interrupt calls, + +1) camouflaging the code, 2) putting in substitute interrupt + +instructions which look harmless and modifying them "on the fly" + +or 3) replicating whole interrupt routines inside the code. This + +is particularly frequent in the various "disk access" protection + +schemes that utilize INT_13 (the "disk" interrupt) and will + +therefore be thoroughly explained in -> lesson 5. + +A LITTLE BASIC ASSEMBLER + +In order to understand the protection schemes and to defeat them, + +you must acquire a passing knowledge of assembler, the "machine + +language" code. You can find a lot of good, well explained code + +for free: viruses are one of the best sources for good "tight and + +tricky" assembler code. You can find the source code of almost + +all viruses on the web: oddly all the would be hackers seem to + +have an aberrant passion for this kind of stuff instead of + +studying cracking techniques. But there are millions of lines of + +good explained "commercial" assembler code on the net, just fish + +it out and study it: the more you know, the better you crack. + +I'll restrict myself to some observations, sprinkled throughout + +this tutorial. Let's start with some must_know: + +------------------------ STRINGS ---------------------------- + +The string instructions are quite powerful (and play a great role + +in password protection scheme). ALL of them have the property + +that: + +1) The source of data is described by the combination DS:SI + +2) The destination of data is described by the combination + + ES:DI + +3) As part of the operation, the SI and/or DI register(s) + + is(are) incremented or decremented so the operation can be + + repeated. + +------------------------- JUMPS ----------------------------- + +JZ ero means what it says + +JNZ ero means what it says + +JG reater means "if the SIGNED difference is positive" + +JA bove means "if the UNSIGNED difference is positive" + +JL ess means "if the SIGNED difference is negative" + +JB elow means "if the UNSIGNED difference is negative" + +JC arry assembles the same as JB, it's a matter of + + aesthetic choice + +CRACKING PASSWORD PROTECTED PROGRAMS + + Refer to lesson one in order to understand why we are using + +games instead of commercial applications as learn material: they + +offer the same protection used by the more "serious" applications + +(or BBS & servers) although inside files that are small enough + +to be cracked without loosing too much time. + + A whole series of programs employ copy protection schemes + +based upon the possess of the original manual or instructions. + +That's obviously not a very big protection -per se- coz everybody + +nowadays has access to a photocopier, but it's bothering enough + +to motivate our cracks and -besides- you'll find the same schemes + +lurking in many other password protected programs. + + Usually, at the beginning of the program, a "nag screen" + +requires a word that the user can find somewhere inside the + +original manual, something like: "please type in the first word + +of line 3 of point 3.3.2". Often, in order to avoid mistakes, the + +program indicates the first letter of the password... the user + +must therefore only fill the remaining letters. + +Some examples, some cracks: + +--------------------------------------------------- + +UMS (Universal Military Simulator) version 1 + +by Dr Ezra SIDRAN + +(c) 1987 Intergalactic Development + +European Union: Rainbird Software + +United States: Firebird Software + +--------------------------------------------------- + + This very old EGA program is one of the first I cracked in + +my youth, and it's very interesting coz it employs a very basilar + +protection scheme (a "PRIMITIVE"! More than 80% of the protection + +schemes used to day (January 1996) are directly derived from one + +of the 12 primitives. + + The nag screen snaps at the beginning and keeps indefinitely + +asking your answer, only the use of CTRL+C will bring you out of + +it, back to DOS. That's a clear sign of older protection schemes: + +newer schemes let you in for only 3 attempts or even only one, + +and pop out to the OS if you fail. In UMS, besides, there is no + +"first letter" aid, a later improvement. + + The cracking procedure for password protected programs is, + +first of all, to find out where are stored the letters that you + +type in. So examine your memory map, find out where the program + +dwells in memory, do a snap save of these memory areas and a + +series of snap compares as you type your password in. + + Strangely enough, in the case of UMS, as you type your + +password there seems to be no difference at all in the memory + +locations where this program dwells... yet the data must be + +somewhere... Usually such a situation is a clear sign that an + +hooked interrupt is used to hide the data. + + Checking the hooked vectors you find out the following: + +vecs 00, 02, 22 are hooked where needs be + +vecs 34-3D are hooked at xxxx:0 + +vec 3E is hooked at xxxx:00CA + + Ha! Let's have a closer look at this bizarre 3E hook. Let's + +search for some words used in the nag_screen and then let's dump + +the area where we find them (in UMS that will be at 3E_hook + +address + 7656) and loo! You'll see the content of the nag screen + +and, immediately afterwards, ALL the passwords "in extenso", i.e. + +not encoded, not scrambled, nothing at all... THERE THEY ARE + +(that's a very old protection scheme indeed). You could now, for + +instance, easily patch all the different passwords to (for + +instance) "PASS", and this would work... it's a very primitive + +protection, as we said, nevertheless the use of a hooked vector + +as hiding place for the protection code is not yet obsolete... + +we'll find it elsewhere, in many "more modern" programs. + + Now let's go deeper and examine the "compare" mechanism, we + +want to crack, here, not just to patch. + + Password protected programs (and access protection routines + +for server and BBS, for that matter) have quite a lot of weak + +points. The most obvious one (you 'll find out the other when + +you'll high crack) is that they MUST compare the password of the + +user with the original one(s). So you do not need to steal a + +password, you just need to "ear" the echo of the original one in + +the memory locations used for the compare, or, and that's more + +correct, to crack the compare mechanism itself so as to make it + +let you in even with a totally false password. + + The compare mechanism of UMS can be found setting a + +breakpoint on the memory range that covers the three locations + +where the password is stored (and you 'll find these with your + +search capabilities and with a pair of snap compares): + +ES:0F8E (here you 'll see a copy of the password that the + + program is asking) + +ES:0F5C (here you 'll see a copy of the password that the user + + types in) + +INT_3E hook_address + 7656 (here are all the possible passwords + + in extenso). + +Here is how the protection scheme looks out: + +MOV CX,FFFF Charge MAX in CX + +REPNZ SCASB Scan ES:DI (the user password) + +NOT CX Now CX holds the number of the + + character that the user typed in + +MOV DI,SI Real password offset to DI + +LDS SI,[BP+0A] User password offset in SI + +REPZ CMPSB Compares DS:SI with ES:DI (user + + password and real password) then snap + + out at CX=0 or at char_different, + + whichever comes first. + +Nice, we found the compare schema... how do we crack it now? + +There are many elegant solutions, but let's remain on a basic + +level... you look at the code that follows the CMPSB searching + +the "snapping schema"... here it is immediately afterwards + +(that's the case in most of the primitives). Remember: we sprung + +out of the CMPSB check at the first different char, OR at the end + +of the count of the user chars. Here it is what follows: + + MOV AL,[SI-01] loads in AL the before_different char + + of the user password (should be zero) + + SUB AL,ES:[DI-01] subs with the before_different char of + + the real password (should be zero) + + CBW zero flag set, "TRUE", if OK_match + +Well let's now look for the next JZ near (it's a "74" code) + + CS:IP 740D JZ location no_good + +Wait, let's continue a little... is there another check (often + +you have a double check on DI)... yes there is! + + CS:IP 7590 JNZ location no_good + +Cracking such a schema is very easy: you just need to substitute + +75 to 74 and 74 to 75: transform your JZ in a JNZ and the JNZ in + +a JZ... now you will always pass, no matter what you write, + +unless you exactly guess the password! + +Now let's quickly crack it: + +------------------------------------------------ + +CRACKING UMS.EXE (by +ORC, January 1996) + +ren ums.exe ums.ded + +symdeb ums.ded + +- s (cs+0000):0 Lffff 74 0D 1E B8 C2 3F + +(nothing) + +- s (cs+1000):0 Lffff 74 0D 1E B8 C2 3F + +(nothing) + +- s (cs+2000):0 lffff 74 0D 1E B8 C2 3F + +xxxx:yyyy (this is the answer of the debugger) + +- e xxxx:yyyy 75 + +- e xxxx:yyyy+17 74 + +- w + +- q + +ren ums.ded ums.exe + +------------------------------------------------- + + In the debug/symdeb crack above we use as search string the + +bytes comprising and following immediately the first JZ. + +I know, I know... we saw them in [Soft-ice] and we could have + +modified them there, but I'm teaching also pupils who may not + +have [Soft-ice]. + + Note that the program is x431A0 bytes long, and therefore + +has a BX=4 sectors adding to the CX=31A0 in the initial + +registers... that's the reason I wanted to examine all the + +sectors (even if I knew that the snap was in sector (cs+2000): + +that's good practice! If you do not find your string in the first + +sector you must search for it in the next sectors, till you find + +it, coz in many programs there may be MORE THAN ONE repetitions + +of the same schema (more about this double check later). + +That's it, pupils, that's the way to crack old [UMS.EXE]. + +Let's go over, now, to more elaborate and more modern password + +protection schemes. + +-------------------------------------------------------- + +LIGHTSPEED, from Microprose (we crack here version 461.01) + +-------------------------------------------------------- + + This program, released in 1990, operates a more "modern" + +variation of the previous scheme. You 'll find this variation in + +many access routines of remote servers (and this makes it very + +interesting indeed). + + Let's begin as usual, with our hooked vectors examination + +and our snap compares. + +Hooked vectors: 00, 08, 1B, 22, 23: nothing particular. + +The snap_comparisons of the main memory area -as you type the + +password in- gives more than six pages of changing locations... + +that's clearly much too much to examine. + +What now? + + Sit down, have a Martini Wodka (I'm afraid that only + +Moskovskaja 'll do) and meditate. Get the memory map of the + +program's layout. Start anew: snap_save (before typing anything + +in). Type as password "ABCDE". Get the print of the snap + +compares. Sit down, sip Martini Wodka, relax. You know that the + +code for A is x41, for B x42, for C x43 and so on... and in the + +snap_compares, that you made between letters, you 'll have only + +some locations with these values changing. Focus on these. + + You 'll soon enough find out that for LIGHTSPEED absolute + +location (in my computer) 404307, i.e.: relative locations (in + +my computer) 30BE:F857 or 4043:0007 evoke the characters you + +type, i.e. something like + +----------------------------------------------------- + +F855 F856 F857 F858 F859... + +41 3E first_ready_letter your_1st_letter your_2nd_one... + +----------------------------------------------------- + +Inspecting the same prints, you 'll find out that absolute + +location 30C64 (imc) or relative location 30BE:F83E evokes the + +LAST character you typed in. The relative code line is: + + CS:0097 MOV AX,[BP-08] where SS:F83E = 00+letter_code + + Now breakpoint at these locations and investigate what's + +going on (for instance, the instruction that follows is + + CS:009A MOV [BX], AX + +and this means that the code of the letter you just typed in will + +be now copied in BX=F85A. What else can you do? Time to use a + +little intuition: look for an instruction "CMP AX,000D", which + +is the typical "IF the user hits ENTER then" instruction, coz + +"x1D" its the ENTER keystroke. This must be somewhere around + +here. Ha! You 'll soon enough find the line + + CS:0073 3D0D00 CMP AX,000D + +And now the way is open to the crack. But YOU DO NOT NEED ALL + +THIS! Since the password protection schemes are -as I told you- + +all more or less the same, I would suggest that you use first of + +all following trick: in the largest part of the program (use + +memory map to see where the program dwells) search the "F3A6" + +sequence, that's instruction REPZ CMPSB. + + In the case of Lightspd you 'll get as answer FOUR addresses + +with this instruction: (pgsg=program main segment) + + pgsg:C6F9 + + pgsg:E5CA + + pgsg:E63E + + pgsg:EAB0 + +There you are! Only four... have a short look at each of them: + +you 'll see that the second one (pgsg:E5CA) is the "good" one. + +The compare mechanism in this program of 1990 it's more or less + +the same as in 1987'UMS (and do believe me: the same mechanism + +is still in use to day (1996)! + +B9FFFF MOV CX,FFFF charge Max in CX + +F2AE REPNZ SCASB this scans ES:DI (the original + + password) + +F7D1 NOT CX so many chars in the original pw + +2BF9 SUB DI,CX change DI for compare + +F3A6 REPZ CMPSB compares DS:SI with ES:DI (real + + pw with user pw) then snaps out + + at CX=0 or at char_differs + + See how easy? They all use the same old tricks the lazy + +bastards! Here the section is preceded by a small routine to + +lowercase the user password, coz the original muster is always + +lowercased. + + Now you would like, may be, to breakpoint at one of these + +locations, in order to stop the program "in the snap area" and + +inspect the snap mechanism... that WILL NOT DO with a "fixed" + +breakpoint, coz these locations are called by the snap with a + +different segment:offset numeration as the one you found (that's + +old dos magic). So you MUST first set a memory_read/write + +breakpoint on these locations, and then get at them at the snap. + +Now you can find out the segment:offset used by the snap and only + +now you'll be able to set a fixed breakpoint (for instance on the + +NOT CX instruction). + + Now run the program and breakpoint in: have a dump of the + +ES:DI and see the original password. How nice! We have now the + +original password in extenso in our memory dump window. That's + +the "echo". By the way, there is a whole school of cracking + +devoted to find and use these echoes... we work on different + +paths, nevertheless password fishing can be interesting: where + +are the password stored? From which locations do they come from? + +A common practice of the protectionists is to hide them in + +different files, far away, or in hooked vectors, or in SMC parts. + +This is a program of 1990, that differs in respect to UMS: the + +passwords are not "hidden" inside a hooked vector, coz that's a + +pretty stupid protection: any hexdump utility would still permit + +you to see them. Here the passwords are encoded (albeit in a very + +primitive manner): looking for them (with memory range + +breakpoints) you'll quickly find a section of the program code + +that looks like this: + +sg:0118 8C 91 9D 95 9B 8D 00 B8 EC 94 9B 8D 8F 8B 9B + +sg:0128 94 9B 8D 00 AE EC 9C 9B 8A 9B 86 00 A9 EC 91 + +This is a typical encoded matrix, with clear 00 fences between + +the encoded passwords. + +Ha! If all codes where so easy to crack! This is no better than + +children's crypt! It's a NEG matrix! And there is direct + +correspondence: 91=6F="o"; 92=6E="n"; 93=6D="m" and so on... Ha! + + Let's now leave the "hidden" passwords and proceed with our + +cracking... let's follow the snap procedure after the REPZ CMPSB + +instruction looking for the "jump to OK" instruction... + +F3A6 REPZ CMPSB ; compares DS:SI with ES:DI + +7405 JZ preserved_AX=0000 <--- Here the first JZ + +1BC0 SBB AX,AX + +ADFFFF SBB AX,FFFF + +:preserved_AX=0000 + +8BF3 MOV SI,BX + +8BFA MOV DI,DX + +5D POP BP + +CB RETF + +.... + +83C404 ADD SP,+04 + +0BC0 OR AX,AX + +7509 JNZ 0276 <------ And here it is! + + Now, remembering the UMS crack, you would probably want to + +change the JZ instruction in a JNZ instruction (you tried it on + +the fly INSIDE [Soft-Ice] and it did work!), the "74" with a + +"75" also. And then you would like to change the JNZ instruction + +in a JZ instruction... Please feel free to try it... it will NOT + +work! (You will not even find the second JNZ in the program + +code). You should always be aware of the SMC (self modifying + +code) protections: parts of the code my be decrypted "on the + +fly", as needs arise, by the program. The code you modify while + +the program is running may be different from the code of the + +"dead" program. + + Here we have a small "improvement" of the primitive: the + +same instruction is used as "muster" for manipulation of other + +parts of the program... if you do change it in a JNZ you get an + +overlay message and the program pops out with instability! You + +cannot easily modify the JNZ instruction either, coz the part + +after the RETF will be compiled "on the fly" by lightspeed, and + +you would therefore have to search the decryption mechanism and + +modify the original encrypted byte somewhere... and may be they + +do encrypt it twice... and then you must hack all night long... + +very annoying. + + So do the following: back to the snap, a sip of martini- + +Wodka and meditate: loo! The only thing that happens after the + +JZ, is the setting of the AX register to flag *FALSE* (AX=1... + +that's what the two SBB instructions do) if the snap went out + +with a non-zero flag... i.e. if you did not know the password. + +So let's nop the 5 bytes of the two SBB instructions, or, more + +elegantly, let's have a INC AX, DEC AX, NOP, INC AX, DEC AX + +sequence instead of the two SBB! There is a good reason to use + +a sequence of working instructions instead of a series of NOPs: + +recent protection schemes "smell" patched nops inside the program + +and trash everything if they find more than -say- three + +consecutive NOPs! You should always try to choose THE LESS + +INTRUSIVE and MORE "CAMOUFLAGED" solution when you crack! + + Eliminating the two SBBs we get our crack! No need to bother + +with the second JNZ either... the program will work as if you got + +the password if you have it AND if you do not (that's better as + +the previous type of crack -seen for UMS- when you crack computer + +accesses: hereby the legitimate user will not have any suspects + +'coz the system will not shut him out... everybody will access: + +the good guys and the bad ones... that's nice isn't it?). + + Now let's quickly crack LIGHTSPD: + +------------------------------------------------ + +CRACKING LIGHTSPEED.EXE (by +ORC, January 1996) + +ren lightspd.exe lightspd.ded + +symdeb lightspd.ded + +- s (cs+0000):0 Lffff 2B F9 F3 A6 74 + +xxxx:yyyy (this is the answer of the debugger) + +- s (cs+1000):0 Lffff 2B F9 F3 A6 74 + +(nothing, but do it nonetheless, just to be sure) + +- s (cs+2000):0 lffff 2B F9 F3 A6 74 + +(nothing, just to be sure, now it's enough) + +- e xxxx:yyyy+6 40 [SPACE] 48 [SP] 90 [SP] 40 [SP] 48 + +- w + +- q + +ren lightspd.ded lightspd.exe + +------------------------------------------------- + +All this CMPSB is very common. Some programs, nevertheless, + +utilize a password protection scheme that is slightly different, + +and does not rely on a F3A6 REPZ CMPSB instruction. Let's + +analyze, for instance, the protection scheme used in the first + +version of Perfect general I from QQP-White wolf, July 1992. + +When you break in, at the nag screen, you are in the middle of + +the BIOS procedures, coz the program expects your input (your + +password, that's is). You 'll quickly find out (MAP MEMORY + +USAGE!) that [General.exe] dwells in two main areas; Setting + +breakpoints on memory write you 'll find out that the memory area + +"queried" by the protection mechanism is + + xxxx:1180 to xxxx:11C0 + +where xxxx represents the second of the memory segments where the + +program dwells. Now do the following (a very common cracking + +procedure): + +* Breakpoint on memory range WRITE for the small memory area + + touched by the program in querying you for the password. + +* Breakpoint TRACE on the whole memory range of the MAIN + + CODE. + +* Run anew everything + +It's already done! Now it's your intuition that should work a + +little: Here the last 9 traces (traces [!], not instructions + +following on a line) before the calling of the procedure sniffing + +your memory area: + +-9 xxxx:0185 7425 JZ somewhere, not taken + +-8 xxxx:0187 2D1103 SUB AX,0311 + +-7 xxxx:018A 7430 JZ somewhere, not taken + +-6 xxxx:018C 2DFD04 SUB AX,04FD + +-5 xxxx:018F 7443 JZ next_trace, taken + +-4 xxxx:01D4 E85500 CALL funny_procedure + +-3 xxxx:022C 803E8F8C11 CMP BYTE PTR[8C8F],11 + +-2 xxxx:0231 750E JNZ somewhere, not taken + +-1 xxxx:0233 9A0A0AC33E CALL procedure_that_sniffs + + our_memory_area + +Well, the call to funny_procedure followed by a byte compare + +"feels" fishy from very far away, so let's immediately look at + +this part of the code of [General.exe] + +:funny_procedure + + 803E8F8C11 CMP BYTE PTR[8C8F],11 + + 750E JNZ compare_byte + + 9A0A0AC333 CALL procedure_that_sniffs + + 0AC0 OR AL,AL + + 7405 J2 compare_byte + + C6068F8C2A MOV BYTE PTR [8C8F],2A + +:compare_byte + + 803E8F8C2A CMP BYTE PTR [8C8F],2A + + 7504 JNZ after_ret + + B001 MOV AL,01 + + C3 RET + +You should be enough crack-able ;=), by this lesson, to notice + +immediately the inconsistency of the two successive instructions + +MOV 2A and CMP 2A, coz there would be no sense in comparing the + +"2A" in order to JNZ to after_ret if you just had the 2A set with + +the precedent MOV instruction... but the first JNZ jumps to the + +compare WITHOUT putting the "2A" inside. And "2A" is nothing else + +as the "*" symbol, commonly used by programmer as "OK"! This + +protection works in the following way (this is the above code + +explained): + +- compare holy_location with 11 + +- jump non zero to compare holy_loc with "*" + +- else call sniffing protection part + +- or al,al (al must be zero, else) + +- jump zero to compare holy_loc with "*" + +- if al was zero mov "*" inside holy_loc + +- compare holy_loc with "*" + +- if there is a difference then JNZ beggar_off_ugly_copier + +- else ret_ahead_nice_buyer + +Now let's quickly crack it: + +------------------------------------------------ + +CRACKING GENERAL.EXE (by +ORC, January 1996) + +ren general.exe general.ded + +symdeb general.ded + +- s (cs+0000):0 Lffff 8C 11 75 0E + +xxxx:yyyy (this is the answer of the debugger) + +- e xxxx:yyyy+2 EB [SPACE] 09 + +- w + +- q + +ren general.ded general.exe + +------------------------------------------------- + +And in this way you changed the JNZ to the cmp "*" instruction + +in a JMP to the mov "*" instruction. So no more nag screens, no + +more protections... serene, placid, untroubled [general.exe]. + +Well, that's it for this lesson, reader. Not all lessons of my + +tutorial are on the Web. + + You 'll obtain the missing lessons IF AND ONLY IF you mail + +me back (via anon.penet.fi) with some tricks of the trade I may + +not know that YOU discovered. Mostly I'll actually know them + +already, but if they are really new you'll be given full credit, + +and even if they are not, should I judge that you "rediscovered" + +them with your work, or that you actually did good work on them, + +I'll send you the remaining lessons nevertheless. Your + +suggestions and critics on the whole crap I wrote are also + +welcomed. + + E-mail +ORC + + +ORC an526164@anon.penet.fi + HOW TO CRACK, by +ORC, A TUTORIAL + +--------------------------------------------------------------------------- + + Lesson 3.2: hands on, paper protections (2) + +--------------------------------------------------------------------------- + + [TOP.EXE] [F19.EXE] [POPULOUS.EXE] [MAP.EXE] + + -------------------------------------- + +You have seen in the previous lesson that the use of a password + +protection, independently of the coding and hiding methods used + +to store them in memory, implies the use of a comparing procedure + +with the password that the user types in. You therefore have many + +options to begin your cracking work: + +- find the location of the user password + +- find the "echo" in memory of the real password + +- find the routine that compares both + +- find the passwords hideout and encryption type + +- find the go_ahead_nice_buyer exit or jump + +- find the beggar_off_ugly_copier exit or jump + +just to name the more obvious ones. In order to make things more + +difficult for us crackers, the protectionists have devised many + +counter-strategies, the more obvious ones being: + +- keeping the various part of the store/compare/hide routines + +well apart in code (no match for zen-cracking); + +- filling these routines with "bogus" compares, bogus jumps + +and bogus variables, in order to make things more difficult for + +the crack (no match for decent crackers); + +- disseminating the code with anti-debugger tricks, like INT_3 + +instructions or jumps in and out protected mode (no match for our + +beloved [Soft-Ice]); + +- trying to eliminate the need for passwords altogether + +letting the user input "one letter" or "one number" or "one + +image" as answer to some variable question. In this lesson I'll + +teach you how to crack these "passletters" protection techniques. + +Let's first resume the "uses" of a password protection: + +PASSWORDS AS PERMISSION TO ACCESS + +These passwords serve to acknowledge that a legitimate user is + +using the program. This is the type of password that you'll find, + +for example, protecting your user account on Compuserve, on + +Networks or even in ATM machines used by banks or corporations. + +These require a little hardwiring to crack: ATM passnumber + +protection schemes rely on an answer from the central computer + +(they do NOT verify only the three magnetic areas in the magnetic + +strip on the card). The lines between ATM's & their hosts are + +usually 'weak' in the sense that the information transmitted on + +them is generally not encrypted in any way. (Some banks use + +encrypted information, but this is fairly easy to crack too). + +So for ATMs you should do the following 1) cross over the + +dedicated line between the ATM and the host; 2) insert your + +computer between the ATM and the host; 3) Listen to the "normal" + +messages and DO NOT INTERFERE YET; 4) Try out some operations + +with a legal card, make some mistakes, take note of the various + +codes; 5) When you are ready insert a fraudulent card into the + +ATM. Now the following happens: + +- the ATM sends a signal to the host, saying "Hey! Can I give + +this guy money, or is he broke, or is this funny card invalid?"; + +- the microcomputer intercepts the signal from the host, + +discards it, sends on the "there's no one using the ATM" signal; + +- the host gets the "no one using" signal and sends back its + +"good, keep watching out if somebody comes by, and for God's sake + +don't spit out any money on the street!" signal to the ATM; + +- the microcomputer intercepts this signal (again), throws it + +away (again), and sends the "Wow! That guy is like TOO rich! Give + +him as much money as he wants. In fact, he's so loaded, give him + +ALL the cash we have! He is a really valued customer." signal. + +- the ATM obediently dispenses cash till the cows come home. + + All this should be possible, but as a matter of fact it has + +not much to do with cracking, unless there is a special software + +protection on the line... so if you want to work on ATMs contact + +our fellow phreakers/hackers and learn their trade... and + +please remember to hack only cash dispenser that DO NOT HAVE a + +control camera :=) + +PASSWORDS AS REGISTRATION + +This type of password is often used in shareware programs. When + +you register the shareware program, you are sent a password that + +you use to upgrade your shareware program to a complete and more + +powerful version. This method, used frequently for commercial + +applications, has recently been used quite a lot by many windows + +applications that come "crippled" on the magazines cover CD-roms, + +requiring you to telephone a hot line (and paying) in order to + +get the "unique key" to unlock the "special protection". It's all + +bullshit: we'll learn in the "how to crack windows" lessons how + +easy it is to disable the various routines that verify your + +entry. + +PASSWORDS AS COPY PROTECTIONS + +This type of password is often used for games and entertainment + +software. The password query does not usually appear any more at + +the start of the program, or as the program is loading. Instead, + +the password query appears after one or more levels are completed + +(this innovation was pioneered by "EOB I" and the "Ultima" + +series) or when the user reloads a saved game or session. + +DONGLE PASSWORDS + + A few extremely expensive programs use a dongle (also called + +an hardware key). A dongle is a small hardware device containing + +a password or checksum which plugs into either a parallel or a + +serial port. Some specially designed dongles even include + +complete program routines. Dongles can be cracked, but the amount + +of work involved is considerable and the trial and error + +procedure currently used to crack them via software is extremely + +tedious. It took me more than a week to crack MULTITERM, + +Luxembourger dongle protected program. The quickest method to + +crack dongle protected programs, involves the use of pretty + +complicated hardware devices that cannot be dealt with here. I + +myself have only seldom seen them, and do not like at all to + +crack dongles via software, coz it requires a huge amount of zen + +thinking and of luck and of time. If you want more information + +on the hardware way to crack dongles, try to contact the older + +ones on the appropriate web sites, they may even answer you if + +you are nice, humble and really technically interested. + + The obvious principle, that applies to the software password + +types mentioned above is the following: The better the password + +is hidden, and the better it is encrypted, the more secure the + +program will be. The password may be + +- encrypted and/or + +- in a hooked vector and/or + +- in an external file and/or + +- in a SMC (Self modifying code) part + + Let's finally inspect the common "ready_made" protection + +schemes (used by many programmers that do not program + +themselves): + +* password read in + +* letters added to a key to be entered + +* complement of the letters formed xoring with 255 + +* saved key (1 char) + +* saved password (256 chars) + +* saved checksum (1 char), as protection, against simple + + manipulations + +* generating file PASSWORD.DAT with password, to be inserted + + inside a different file than the one containing the calling + + routine + +Now the lazy programmer that wants to "protect" his program + +searches first the file where the password is stored, then loads + +the key, the password and the checksum. He uses a decrypt + +procedure to decrypt the password and a check_checksum procedure + +to check whether the password was modified. All this is obviously + +crackabe in few seconds. + +[PASSWORD ACCESS INSIDE THE SETUP] + + Some computers have a password protected access INSIDE the + +Setup (at the beginning), the protection scheme does not allow + +a boot with a floppy and does not allow a setup modify. In these + +cases the only possible crack is an old hack method: + +* open the PC + +* find on the motherboard a small jumper (bridge) with the + + words "Pw" + +* take it away + +* PC on + +* run the setup with F1 or Del (depending from the BIOS) (the + + protection will not work any more) + +* deactivate inside the setup the option password + +* PC off + +* put the small jumper (bridge) back again + +* close the PC + +* PC on, cracked (if you want to be nasty you could now use + + the setup to set YOUR password) + + If you want to know more about access refuse and access + +denying, encryption and locking of the FAT tables, get from the + +web, and study, the (very well written) code of a virus called + +"Monkey", that does exactly this kind of devastation. Virus + +studying is, in general, very useful for cracking purposes, coz + +the virus'code is at times + +- very well written (pure, tight assembly) + +- using concealing techniques not much different from the + + protection schemes (often far superior) + +- using the most recent and best SMC (self modifying code) + + tricks + + But, and this is very important, do not believe that the + +protection schemes are very complicated! Most of the time the + +protection used are incredibly ordinary: as a final example of + +our paper protection schemes, let's take a program released not + +long ago (1994), but with a ridiculous protection scheme: TOP + +(Tiger on the prowl) a simulation from HPS. + +Here the cracking is straightforward: + +- MAP(memory_usage) and find main_sector + +- type "AAAA" as password + +- (s)earch main_sector:0 lffff "AAAA" + +- dump L80 "AAAA" location -40 (gives you a "wide" dump), + + this gives you already the "echo" of the correct password + +- breakpoint on memory read & write to "AAAA" location and + + backtrace the complete main_sector + +it's done! Here the code_lines that do protect TOP: + + 8A841C12 MOV AL,[SI+121C] move in AL first user letter + + 3A840812 CMP AL,[SI+1208] compare with echo + + 7402 JZ go_ahead_nice_buyer + + EB13 JMP beggar_off_ugly_cracker + +Now let's quickly crack it: + +------------------------------------------------ + +CRACKING TOP.EXE (by +ORC, January 1996) + +ren top.exe top.ded + +symdeb top.ded + +- s (cs+0000):0 Lffff 8A 84 1C 12 3A 84 + +xxxx:yyyy (this is the answer of the debugger) + +- e xxxx:yyyy+2 08 (instead of 1C) + +- w + +- q + +ren top.ded top.exe + +------------------------------------------------- + +And you changed the MOV AL, [SI+121C] instruction in a MOV AL, + +[SI+1208] instruction... it is now reading the ECHO instead of + +the characters you typed in... no wonder that the ECHO does + +compare exactly with itself... and you pass! + +"SOMETHING FISHY UNDER COVERS" + +Back to the "Passletter" type of password protected programs. + +Let's take as an example the protection used in a game of 1990: + +"F19", where the protection scheme asks you to identify a + +particular plane's silhouette. This kind of protection is used + +in order to avoid the use of memory locations where the passwords + +are stored: we saw in the first part of our "passwords hands on" + +how easy it is to crack those schemes. + +To crack this kind of protection, you could try a technique know + +as "memory snuffing". The protected program, START.EXE, install + +itself first at location xxxx:0000 with a length of 6C62 bytes, + +but proceeds to a relocation of its modules (with some SMC, self + +modifying code parts) in different locations. What does all this + +mean? Well, this could mean quite many things... the most + +important one for crackers is that the protection code will + +probably snap way ahead of the actual user input phase. + +Now you 'll quickly find out that the routine determining + +(randomly) which plane is being chosen, leaves the progressive + +number of this plane in one memory location: (imc) 43CD:DADA. + +This brings us to the random triggering mechanism: + +E87FAF CALL random_seed + +83C402 ADD SP,02 + +8946E8 MOV [BP-18],AX and ds:(BP-18) is the location + + you are looking for + +Now, every time this random triggers, you get a different number + +(00-x14) in this location, corresponding to the different plane + +the user should choose. + +The random seed routine, evidently, comes back with the random + +seed in AX... what we now need is to zero it: the user will + +always have to choose the same plane: "plane 0", and he will have + +given the correct answer. Note how elegant all this is: we do not + +need to interfere with the whole mouse pointing routines, nor + +with the actual choosing of the planes... the random seed may + +choose whatever plane it wishes... the memory location for this + +choice will always report the (legitimate) choice of zero. + +So, let's quickly crack this program: + +--------------------------------------------------- + +CRACKING "F19" [START.EXE] (by +ORC, January 1996) + +ren start.exe start.ded <- let's have a dead file + +symdeb start.ded <- let's debug it + +- s cs:O lffff 83 C4 02 89 46 E8 <- search ADD SP,02 + +xxxx:yyyy <- debugger's answer + +- e xxxx:yyyy 58 [SPACE] 31 [SPACE] C0 [SPACE] + +- w <- write the crack + +- q <- back to the OS + +ren start.ded start.exe <- re-write the exe + +---------------------------------------------------- + +You just transformed the instruction you searched for + + 83C402 ADD SP,+02 + +in the following sequence: + + 58 POP AX <- respecting ADD SP,+02 + + 31C0 XOR AX,AX <- xoring to zero + +(the POP AX instruction increments the stack pointer by 2, in + +order to respect the previous ADD SP,+02). + +Well, nice. It's getting easier, isnt'it? Now let's take as + +example a protection that has no "echo" in memory. (At the + +beginning this was a smart idea: "the cracker won't find the + +correct password, 'coz it's not there, ah!". We'll now therefore + +crack one of the first programs that used this scheme: + +[Populous.exe], from Bullfrog. + +[POPULOUS.EXE] + + A old example of the protection scheme "password that is not + +a password" can be found in [Populous.exe], from Bullfrog. It's + +a very widespread program, and you'll surely be able to find a + +copy of it in order to follow this lesson. The program asks for + +the identification of a particular "shield", a combination of + +letters of various length: the memory location were the user + +password is stored is easily found, but there is (apparently) no + +"echo" of the correct password. You should be able, by now, to + +find by yourself the memory location were the user password is + +stored. Set a breakpoint memory read & write on this area, and + +you 'll soon come to the following section of code: + +F7AE4EFF IMUL WORD PTR [BP+FF4E] <- IMUL with magic_N + +40 INC AX + +3B460C CMP AX, [BP+0C] + +7509 JNZ beggar_off_ugly_copier + +8B460C MOV AX, [BP+0C] + +A3822A MOV [2A82], AX + +E930FE JMP nice_buyer + +817E0C7017CMP WORD PTR[BP+0C],1770 <- beggar_off + +I don't think that you need much more now... how do you prefer + +to crack this protection scheme? Would you choose to insert a MOV + +[BP+0C], AX and three NOPS (=6 bytes) after the IMUL instruction? + +Wouldn't you rather prefer the more elegant JMP to nice_buyer + +instruction at the place of the JNZ beggar_off? This solution has + +less nops: remember that newer protection schemes smell + +NOPs_patches!). Yeah, let's do it this way: + +--------------------------------------------------- + +CRACKING [Populous.exe] (by +ORC, January 1996) + +ren populous.exe populous.ded <- let's have a dead file + +symdeb populous.ded <- let's debug it + +- s cs:O lffff F7 AE 4E FF <- the imul magic_N + +xxxx:yyyy <- debugger's answer + +- e xxxx:yyyy+4 EB [SPACE] 03 <- JMP anyway + +- w <- modify ded + +- q <- back to the OS + +ren populous.ded populous.exe <- let's re-have the exe + +---------------------------------------------------- + +This time was easy, wasnt'it? + + Now you are almost ready with this course... let's crack a + +last application, a memory utility that is very widespread, very + +good (the programmers at Clockwork software are Codemasters), + +very useful for our purposes (you'll use it later to crack a lot + +of TSR) and, unfortunately for Clockworkers, very easy to crack + +at the level you are now. + +But, Hey! Do not forget that you would have never done it without + +this tutorial, so do the following: look toward east from your + +window, sip a Martini-Wodka (Two blocks of ice first, 1/3 dry + +Martini from Martini & Rossi, 1/3 Moskovskaia Wodka, 1/3 + +Schweppes indian tonic) and say three times: Thank-you +ORC!. + +[MAP.EXE] + + Let's now go over to one of the best TOOLS for mapping your + +memory usage that exist: MAP.EXE (version 2) from the masters at + +Clockwork software. The usage of this tool has been recommended + +in Lesson 2, and you should learn how to crack it, coz it comes + +with an annoying nag-screen ("Nigel" screen). In [Map.exe] this + +ubiquitous "Nigel" screen appears at random waiting for a random + +amount of time before asking the user to press a key which varies + +every time and is also selected at random. + + The use of a single letter -mostly encrypted with some XOR + +or SHR- as "password" makes the individuation of the relevant + +locations using "snap compares" of memory much more difficult. + +But the crack technique is here pretty straightforward: just + +break in and have a good look around you. + + The INT_16 routine for keyboard reading is called just after + +the loading of the nag screen. You 'll quickly find the relative + +LODSB routine inside a routine that paints on screen the word + +"Press" and a box-edge after a given time delay: + + B95000 MOV CX,0050 + + 2EFF366601 PUSH CS:[0166] + + 07 POP ES + + AC LODSB + + ... + +You could already eliminate the delay and you could already force + +always the same passletter, in order to temperate the effects of + +the protection... but we crack deep!: let's do the job and track + +back the caller! The previous routine is called from the + +following section of the code: + + 91 XCHG AX,CX + + 6792 XCHG AX,DX + + 28939193 SUB [BP+DI+9391],DL + + 2394AA94 AND DX,[SI+94AA] + + 2EC7064B880100 MOV WORD PTR CS:[884B],0001 + + 2E803E5C0106 CMP BYTE PTR CS:[015C],06 + + 7416 JZ ret <- Ha! jumping PUSHa & POPa! + + 505351525756 PUSH the lot + + E882F3 CALL 8870 + + 2E3B064B88 CMP AX,CS:[884B] + + 7307 JAE after RET <- Ha! Not taking the RET! + + 5E5F5A595B58 POP the lot + + C3 RET + + ... <- some more instructions + + E86700 CALL delay_user + + BE9195 MOV SI,9591 + + 2E8B3E255C MOV DI,CS:[5C25] + + 83EF16 SUB DI,+16 + + 2E8A263D01 MOV AH,CS:[013D] + + 50 PUSH AH + + E892C7 CALL routine_LODSB <-- HERE! + + B42C MOV AH,2C + + CD21 INT 21 <- get seconds in DH + + 80E60F AND DH,0F + + 80C641 ADD DH,41 + + 58 POP AX + + 8AC6 MOV AL,DH + + 83EF04 SUB DI,+4 + + AB STOSW + + E85A00 CALL INT_16_AH=01 + + B400 MOV AH,00 + + CD16 INT 16 + + 24DF AND AL,DF <- code user's letter_answer + + 3AC6 CMP AL,DH <- pass_compare + + 75F3 JNZ CALL INT_16_AH=01 + + E807F3 go_ahead + + You just need to look at these instructions to feel it: I + +think that unnecessary code segments (in this case protections) + +are somehow like little snakes moving under a cover: you cannot + +easily say what's exactly going on yet, but you could bet that + +there is something fishy going on. Look at the code preceding + +your LODSB routine call: you find two JUMPS there: a JZ ret, that + +leaves a lot of pusha and popa aside, and a JAE after RET, that + +does not take the previous ret. If you did smell something here + +you are thoroughly right: The first JZ triggers the NIGEL screen + +protection, and the second JAE does THE SAME THING (as usual, + +there are always redundances, exactly as there are a lot of + +possibilities to disable a single protection). Now you know... + +you can disable this protection at different points: the two + +easiest blueprints being + +1) to change 7416 (JZ ret) in a EB16 (JMP ret anyway) + +2) to change 7307 (JAE after ret) in a 7306 (JAE ret). + + We have not terminated yet: if you try locating this part + +of the code in order to change it, you won't have any luck: it's + +a SMC (Self modifying code) part: it is loaded -partly- from + +other sections of the code (here without any encryption). You + +must therefore first of all set a breakpoint on memory range; + +find out the LODSW routine; find out the real area; dump that + +memory region; find out a search sequence for the "dead" code... + +and finally modify the "dead" program. + +Now let's quickly crack it: + +------------------------------------------------ + +CRACKING MEM.EXE (version 2) (by +ORC, January 1996) + +ren map.exe map.ded + +symdeb map.ded + +- s (cs+0000):0 Lffff 74 16 50 53 51 52 57 + +xxxx:yyyy <- this is the debugger's answer + +- e xxxx:yyyy EB + +- w + +- q + +ren map.ded map.exe + +------------------------------------------------- + +Now you have done it, NIGEL has been cracked! + +Well, that's it for this lesson, reader. Not all lessons of my + +tutorial are on the Web. + + You 'll obtain the missing lessons IF AND ONLY IF you mail + +me back (via anon.penet.fi) with some tricks of the trade I may + +not know that YOU discovered. Mostly I'll actually know them + +already, but if they are really new you'll be given full credit, + +and even if they are not, should I judge that you "rediscovered" + +them with your work, or that you actually did good work on them, + +I'll send you the remaining lessons nevertheless. Your + +suggestions and critics on the whole crap I wrote are also + +welcomed. + + E-mail +ORC + + +ORC an526164@anon.penet.fi + HOW TO CRACK, by +ORC, A TUTORIAL + +--------------------------------------------------------------------------- + + Lesson 5.1: Disk & CD-Rom access (basics) + +--------------------------------------------------------------------------- + + [MARIO ANDRETTI] [REACH FOR THE SKY] [FS v.2.12] + + -------------------------------------- + +LESSON 5 (1) - HOW TO CRACK, HANDS ON - Disk/CDROM access (plus + +bypasses "on the fly") + +Somewhere I have to put the bypasses (loader programs) in this + +tutorial, allow me to put them here: + +Preparing a loader to bypass a protection [MARIO ANDRETTI] + + At time the protectionists hook vectors in order to impose + +a particular protection. In this (and similar) cases a good + +crack-way is to prepare a "loader" program, that "de-hooks" the + +vector used for the protection. This kind of crack can be used + +also for internet cracking (on some firewall configurations, see + +lesson A.2). + + As example let's take "Mario andretti racing challenge", a + +stupid game that uses the SAME (!) protection scheme you'll still + +find to day on some access routines of military servers around + +the witlessly called "free" world. + +In order to crack this cram you would prepare a loader on the + +following lines: + +loc code instruction what's going on + +------------------------------------------------------- + +:0100 EB44 JMP 0146 + +... + +:0142 0000 <- storing for offset of INT_21 + +:0144 5887 <- storing for segment of INT_21 + +:0146 FA CLI + +:0147 0E PUSH CS + +:0148 1F POP DS + +:0149 BCB403 MOV SP,03B4 + +:014C FB STI + +:014D 8C1EA901 MOV [01A9],DS <- save DS + +:0151 8C1EAD01 MOV [01AD],DS three + +:0155 8C1EB101 MOV [01B1],DS times + +:0159 B82135 MOV AX,3521 <- get INT_21 + +:015C CD21 INT 21 in ES:BX + +:015E 891E4201 MOV [0142],BX <- store offset + +:0162 8C064401 MOV [0144],ES <- store segment + +:0166 BA0201 MOV DX,0102 + +:0169 B82125 MOV AX,2521 <- set INT_21 to + +:016C CD21 INT 21 DS:0102 + +:016E 0E PUSH CS + +:016F 07 POP ES <- ES= current CS + +:0170 BBB403 MOV BX,03B4 + +:0173 83C30F ADD BX,+0F + +:0176 B104 MOV CL,04 + +:0178 D3EB SHR BX,CL <- BX= 3C + +:017A B8004A MOV AX,4A00 <- Modify memory block + +:017D CD21 INT 21 to 3C paragraphs + +:017F BA9E01 MOV DX,019E <- ds:dx=program name + +:0182 BBA501 MOV BX,01A5 <- es:bx = param. block + +:0185 B8004B MOV AX,4B00 <- load ma.com + +:0188 CD21 INT 21 + +:018A 2E8B164201 MOV DX,CS:[0142] <- reset old int_21 + +:018F 2E8E1E4401 MOV DS,CS:[0144] + +:0194 B82125 MOV AX,2521 + +:0197 CD21 INT 21 + +:0199 B8004C MOV AX,4C00 <- terminate with return + +:019C CD21 INT 21 code + +:019E 6D612E636F6D00 "ma.com" + + 0000 fence + +:01A7 B2015887 + +:01AB B2015887 + +:O1AF B2015887 + + 0000 fence + +let's now prepare a routine that hooks INT_21: + +push all + +CMP AX,2500 <- go on if INT_21 service 25 + +JNZ ret + +CMP Word Ptr [0065], C00B <- go on if location 65 = C00B + +JNZ ret + +MOV Byte Ptr [0060], EB <- crack instructions + +MOV Byte Ptr [0061], 3C + +MOV Byte Ptr [0062], 40 <- INC AX + +MOV Byte Ptr [0063], 90 <- NOP + +MOV Byte Ptr [0064], 48 <- DEC AX + +pop all + +JMP FAR CS:[0142] <- JMP previous INT_21 + + From now on this loader will work every time that a program + +with location [0065] containing an 0R AX,AX instruction (0BC0: + +it's the case of ma.com) calls INT_21 service 25 (hook a vector), + +the target program will be modified on the fly and will get, at + +location [0060], the instruction JMP 3C locations ahead, despite + +the fact that it has routines capable of self checking in order + +to make sure it has not been modified. + + The most important thing is the routine that YOU write that + +will precede the call to INT_21 (or any other INT) service 25 (or + +any other service) in order to crack on the fly the offending + +program. I'll show you another one, this one for [Reach for the + +skies] (reach.com): + +push all + +CMP AH,3D <- is it service 3D? (open file) + +JNZ ret <- no, so ret + +CMP DX,13CE <- you wanna open file at 13CE? + +JNZ ret <- no, so ret + +MOV AX,[BP+04] <- in this case + +MOV DS,AX + +CMP Byte Ptr [B6DA],74 <- old instructions + +JNZ 015B + +CMP Byte Ptr [B6DB],0F <- ditto + +JNZ 015B + +CMP Byte Ptr [B6DC],80 <- ditto, now we now where we are + +JNZ 015B + +MOV Byte Ptr [B6DA],EB <- crack + +MOV Byte Ptr [B697],40 <- camouflaged no-opping + +MOV Byte Ptr [B698],48 <- cam nop + +MOV Byte Ptr [B699],90 <- cam nop + +MOV Byte Ptr [B69A],40 <- cam nop + +MOV Byte Ptr [B69B],48 <- cam nop + +MOV DX,CS:[0165] + +MOV DS,CS:[0167] + +MOV AX,2521 <- set hook + +INT 21 + +POP all + +JMP FAR CS:[0165] + +Here you did change the instruction 740F in the instruction EB0F, + +and you did "noop" the instructions at B697-B69B. (Well, more + +elegantly than "noop" them with "90" bytes, you choose a INC AX, + +DEC AX, NOP, INC AX, DEC AX sequence instead! There are sound + +reasons to use a sequence of "working" instructions instead of + +NOPs: recent protection schemes "smell" patched nops inside the + +program and trash everything if they find more than -say- three + +consecutive NOPs! You should always try to choose THE LESS + +INTRUSIVE and MORE "CAMOUFLAGED" solution when you crack!) + + You can apply this kind of crack, on the same lines, to many + +programs that perform self checking of the code and hook the + +vectors. + +REAL DISK ACCESS STUFF + + Now we may come to the subject of this lesson: + + As usual, let's begin from the beginning: history is always + +the key that allows an understanding of present and future, in + +cracking matters too. As the older 5 1/4 inch big black floppy + +disks were still used (the 320K/8 tracks or 360K/9 tracks ones, + +that were really "floppy" and have nowadays almost disappeared) + +one of the more common methods to protect a program, was to + +format the "master" (key) disk in a weird way. Old floppy disk + +for the PC did usually store 360K at 9 sectors per track. + + Some basics for those of you that do not know anything: in + +order to defeat this kind of cracks you need to know two things: + +the floppy disk parameter block (FDPB) and the interrupt routines + +dealing with format/read disk (basically INT_13). + + Most often, the protection scheme is to either format one + +or more sectors or tracks with sector sizes other than the + +standard 512 bytes, or to either give one of the sectors a wild + +sector number like 211 or just not format a whole track of + +eight/nine/15 sectors. If you, for instance, have got the same + +(very old) copy of VisiCalc master I do, you'll find that sector + +8 on track 39 is missing entirely. The interrogation with + +assembly or with an "ad hoc" utility (I use the tools I wrote + +myself, but you 'll be able to find many such utilities in public + +domain, the oldest one, from 1984 (!) being the seasoned [U-ZAP] + +an "Ultra utility" from the "Freesoft company") will tell you + +which sector numbers were altered, their size in bytes, and if + +they were formatted with a CRC error (another not so fancy + +trick). + + The floppy disk parameters are stored in the BIOS: interrupt + +vector 1E contains the address of the floppy disk parameter + +block. The FDPB's contents are the following: + +Offset Function crackworthy? Example + +0 Step rate & head unload no DF + +1 head load time no 02 + +2 Motor on delay no 25 + +3 Number of bytes per sector yes 02 + +4 Last sector number yes 12 + +5 Gap length yes 1B + +6 Data track length yes FF + +7 Format gap length yes 54 + +8 Format byte no F6 + +9 Head settle time no 0F + +A Motor start time no 02 + +0) Offset #0: the left "nybble" (single digit) of this value + + is the step rate time for the disk drive head. The right + + nybble is the disk head unload time. These values are best + + left alone. + +1) Offset #1: again, don't fool around with these values. The + + left nybble is the disk head load time, and the right + + nybble is the direct memory access mode select. + +2) Wait time until motor is turned off. Not normally of use. + +3) Bytes-per-sector value: AH-HAH! If you place a "0" in this + + value, the PC expects all sectors to be 128 bytes long. A + + "1" means a sector size of 256 bytes, a "2" means 512 + + bytes (this is the standard DOS value), and a "3" means + + 1024 bytes per sector. + +4) Highest sector number on a track: this is used for + + formatting and tells DOS how many sectors there are on each + + track. + +5) Gap length for diskette reads: this is what you fool around + + with if you keep getting CRC errors when you try to read a + + non-standard size sector. Normally, you can just leave this + + alone except when formatting with a U-Format tool. + +6) Data length: This contains the number of bytes in a sector + + when the value in table byte #4 doesn't contain a 0, 1, 2, + + or 3. + +7) Number of bytes in the gap between sectors: this is also + + only used when formatting special tracks. + +8) Format fill byte: When formatting, this is the + + initialization byte that will be placed in all new sectors. + +9) Head settle time: leave this alone. + +A) Motor start time: don't fool with this either. + +In order to modify globally the number of tracks on a given disk + +and the number of sectors per track you can always format with + +the DOS command switches "/t:" and "/n:" + + FORMAT /t:tracks /n:sectors + + If you want to find out what the existing parameters are, + +run [Debug.exe] or [Symdeb.exe] and enter the following commands: + +- d 0:78 l 4 <- get FDPB address + + 0000:0070 22 05 00 <- debugger's likely response + +- d 0:522 l a <- get 10 FDPB values + + 0000:520 DF 02 25 02 12 1B FF... <- see preceding table + + Remember that all standard disk formats under DOS support + +a sector size of 512 bytes, therefore, for one-sided 5.25 inch + +floppies: + + 40t*8s*512b=163.840 bytes (160Kb) + + 40t*9s*512b=184.320 bytes (180Kb) + +and for two-sided 5.25 inch floppies: + + 40t*8s*512b*2sides=327.680 bytes (320Kb) + + 40t*9s*512b*2sides=368.640 bytes (360Kb) + + Beginning with DOS version 3.0 (Yeah, more and more + +history!) a new floppy disk format has been supported: The IBM + +AT (80286 CPU) introduced the so called "high capacity" 5.25 u- + +inch floppy, capable of storing 1.2M at 15 sectors per track: + + 80t*15s*512b*2sides=1.228.800 bytes (1.2Mb) + + Later on were introduced the to-day universally used 3.5 + +inch floppies, the ones inside a rigid small plastic cartridge, + +and we have, similarly: + + 3.5-inch double sided/double density 720K + + 3.5-inch double sided/quad density (HD) 1440K + + 3.5-inch double sided/high density 2880K + +[INT_13, AH=18, Set media type for format] + + In order to create weird layouts, the protectionists use + +interrupt 13h, service 18h, that specifies to the formatting + +routines the number of tracks and sectors per track to be placed + +on the media: + +* Registers on entry: AH=18h; CH=N of tracks; CL= Sectors + + per track; DL= Drive number (A=0; B=1;C=2... bit 7 is set + + if the drive is an hard disk) + +* Registers on Return: DI: Offset address of 11-byte + + parameter table; ES: Segment address of 11-byte parameter + + table. + +[INT_13, AH=2, Read disk sectors] + +In order to read them, they have to use INT_13, service 2, read + +disk sectors, with following layout: + +* Registers on entry: AH=2h; AL= N of sectors; BX= Offset + + address of data buffer; CH=track; CL= Sector; DH= Head + + (side) number; DL= Drive number; ES: Segment address of + + data buffer. + +* Registers on Return: AH= return code. If the carry flag is + + not set, AH=0, therefore the weird sector has been read, if + + on the contrary the carry flag is set, AH reports the + + status byte as follows: + +76543210 HEX DEC Meaning + +1 80h 128 Time out - drive crazy + + 1 40h 064 Seek failure, could not move to track + + 1 20h 032 Controller kaputt + + 1 10h 016 Bad CRC on disk read + + 1 09h 009 DMA error - 64K boundary crossed + + 1 08h 008 DMA overrun + + 1 04h 004 Bad sector - sector not found + + 11 03h 003 Write protect! + + 1 02h 002 Bad sector ID (address mark + + 1 01h 001 Bad command + +[Return code AH=9: DMA boundary error] + + One of the possible errors should be explained, coz it is + +used in some protection schemes: AH=9 DMA boundary error, means + +that an illegal boundary was crossed when the in formation was + +placed into RAM. DMA (Direct memory access) is used by the disk + +service routines to place information into RAM. If a memory + +offset address ending in three zeros (ES:1000, ES: 2000...) falls + +in the middle of the area being overlaid by a sector, this error + +will occur. + +[INT_13, AH=4 Verify disk sectors] + + Another possible protection interrupt is interrupt 13H, + +service 4, Verify disk sectors. Disk verification takes place on + +the disk and DOES NOT involve verification of the data on the + +disk against data in memory! This function has no buffer + +specification, does not read or write a disk: it causes the + +system to read the data in the designated sector or sectors and + +to check its computed cyclic redundancy check (CRC) against data + +stored on the disk. See INT_13, AH=2 registers and error report. + +[CRC] + + The CRC is a checksum, that detects general errors. When a + +sector is written to disk, an original CRC is calculated AND + +WRITTEN ALONG with the sector data. The verification service + +reads the sector, recalculates the CRC, and compares the + +recalculated CRC with the original CRC. + + We saw that some protection schemes attempt to disguise + +interrupt calls. This is particularly frequent in the disk access + +protection schemes that utilize INT_13 (the "disk" interrupt). + + If you are attempting to crack such programs, the usual + +course of action is to search for occurrences of "CD13", which + +is machine language for interrupt 13. One way or another, the + +protection scheme has to use this interrupt to check for the + +special sectors of the disk. If you examine a cross section of + +the program, however, you'll find programs which do not have + +"CD13" in their machine code, but which clearly are checking the + +key disk for weird sectors. How comez? + + There are several techniques which can be used to camouflage + +the protection scheme from our nice prying eyes. I'll describe + +here the three such techniques that are more frequent: + +1) The following section of code is equivalent to issuing an + +INT 13 command to read one sector from drive A, side 0, track + +29h, sector ffh, and then checking for a status code of 10h: + + cs:1000 MOV AH,02 ;read operation + + cs:1002 MOV AL,01 ;1 sector to read + + cs:1004 MOV CH,29 ;track 29h + + cs:1006 MOV CL,FF ;sector ffh + + cs:1008 MOV DX,0000 ;side 0, drive A + + cs:100B XOR BX,BX ;move 0... + + cs:100D MOV DS,BX ;...to DS register + + cs:100F PUSHF ;pusha flags + + cs:1010 PUSH CS ;pusha CX + + cs:1011 CALL 1100 ;push address for next + + instruction onto stack and branch + + cs:1014 COMP AH,10 ;check CRC error + + cs:1017 ... rest of verification code + + ... + + ... + + cs:1100 PUSHF ;pusha flags + + cs:1101 MOV BX,004C ;address of INT_13 vector + + cs:1104 PUSH [BX+02] ;push CS of INT_13 routine + + cs:1107 PUSH [BX] ;push IP of INT_13 routine + + cs:1109 IRET ;pop IP,CS and flags + +Notice that there is no INT 13 command in the source code, so if + +you had simply used a debugger to search for "CD13" in the + +machine code, you would never have found the protection routine. + +2) Another technique is to put in a substitute interrupt + +instruction, such as INT 10, which looks harmless enough, and + +have the program change the "10" to "13 (and then back to "10") + +on the fly. A search for "CD13" would turn up nothing. + +3) The best camouflage method for interrupts I have ever + +cracked (albeit not on a INT 13) was a jump to a section of the + +PROGRAM code that reproduces in extenso the interrupt code. This + +elegant (if a little overbloated) disguise mocks every call to + +the replicated interrupt. + +LOADING ABSOLUTE DISK SECTORS + +Old good [debug.com] has been called the "swiss army knife" of + +the cracker. It allows a lot of nice things, inter alia the + +loading, reading, modifying and writing of absolute sectors of + +the disks. The sector count starts with the first sector of track + +0, next sector is track 0, second side (if double sided), then, + +back to the first side, track 1, and so on, until the end of the + +disk. Up to 80h (128) sectors can be loaded at one time. To use + +you must specify starting address, drive (0=A, 1=B, etc...), + +starting sector and number of sectors to load. + + - l 100 0 10 20 + +This instruction tells DEBUG to load, starting at DS:0100, from + +drive A, sector 10h for 20h sectors. This allows at times the + +retrieval of hidden and/or weird formatted data. If you get an + +error, check the memory location for that data. Often times, part + +of the data has been transferred before the error occurs, and the + +remainder can be manually entered or gathered through repetitive + +retries. + +Bear all this in mind learning the following cracks. + +Let's now crack an "oldie" primitive: + +MS Flight simulator (old version 2.12, from 1985!) + +This old program used -in 1985!- following beautiful protection + +scheme: on the disk you had only a "stub", called FS.COM with few + +bytes, which had following instructions: + +loc code instruction what's going on + +------------------------------------------------------- + +:0100 FA CLI ;why not? + +:0101 33C0 XOR AX,AX ;ax=0 + +:0103 8ED0 MOV SS,AX ;ss=0 + +:0105 BCB0C0 MOV SP,C0B0 ;SP=C0B0 + +:0108 8EC0 MOV ES,AX ;ES=0 + +:010A 26C70678003001 MOV Wptr ES:[0078],0130 ;Wp 0:78=130 + +:0111 268C0E7A00 MOV ES:[007A],CS ;0:7A=Segment + +:0116 BB0010 MOV BX,1000 ;BX=1000 + +:0119 8EC3 MOV ES,BX ;ES=1000 + +:011B 33DB XOR BX,BX ;BX=0 + +:011D B80102 MOV AX,0201 ;AH=2 AL=1 sector + +:0120 BA0000 MOV DX,0000 ;head=0 drive=0 + +:0123 B96501 MOV CX,0165 ;track=1 sector=65 (!) + +:0126 CD13 INT 13 ;INT 13/AH=2 + +:0128 B83412 MOV AX,1234 ;AX=1234 + +:012B EA00000010 JMP 1000:0000 ;JMP to data we just read + +:0130 CF IRET ;Pavlovian, useless ret + + You see what's happening in this old protection scheme, + +don't you? Herein you can watch the same snap that happens in + +more recent (much more recent) protection schemes (as you'll see + +in the next lesson): the protection searches for a weird + +formatted sector and/or for particular data. + + That should be no problem for you any more: you should just + +reverse engineer everything (and that goes on pretty quickly: + +just watch and break on the INT_13 calls), fetch the "weird" + +data, tamper the whole crap and have your soup as you like it. + + One more word about "old" protection schemes. Be careful not + +to spurn them! Some of them are + + -- CLEVER + + -- STILL USED + + -- DIFFICULT TO CRACK... I mean, this older DOS programs had + +nice protections... it's pretty annoying to crack windows + +programs that require a registration number: as you saw in Lesson + +3, you just type your name and a serial number of your choice in, + +say "666666666", break into the program with WINICE, search the + +"666666666" and search too, for good measure, your own name, set + +a memory read breakpoint where the number dwells and look at the + +code that manipulates your input. As [Chris] rightly pointed out, + +you can even rip the code straight out of the program and create + +a key generator which will produce a valid code. This code will + +work for any name you typed in only in the "pure maths + +manipulation" protection schemes, and will on the contrary be + +specific, following the name you typed in, the "alpha-maths + +manipulation" protection schemes (like MOD4WIN, see the Windows + +lessons), watch in this case the "pseudo-random xoring" of the + +letters that compose your name. + + -- STUNNING, coz new ideas have always been infrequent, and + +they are getting more and more rare in this objectionable world + +of lazy, incapable programmers patronizing us with ill-cooked + +outrages like Windows'95... yeah, as usual there is no + +"development" at all, quite the contrary, I would say. Take a + +step backward, sip a good Martini-Wodka (please remember that + +only Ice cubes, Dry Martini, Wodka Moskovskaja, Schweppes' + +"Indian tonic" a green olive from Tuskany and a maltese lemon + +zest will really be perfect) and watch from your balcony, with + +unsullied eyes, your town and the people around you: slaves + +everywhere, leaving home at 7.30 in the morning, stinking in a + +progression of identical cars, forced to interminably watch + +advertisement panels and endlessly listen to boorish publicity, + +happy to go to work (if they happen to have the "luck" to work, + +in this inequitable society) the whole day long in order to + +produce other cars in order to buy, one day, a new car with a + +different colour... + + Why people don't look at the stars, love each other, feel + +the winds, ban the stinking cars from the places where they live + +and eat, study colours... name yourself a not-consumistic + +activity? Why don't they read any poems any more? No poetry any + +more, in the grey society of the publicity-spots slaves...poetry + +will soon be forbidden, coz you cannot CONSUME as you read poems, + +and in this farce of a society you are BOUND to consume, that's + +the only thing they want you to do... you are CULTIVATED to + +consume... no books worth to read any more... stupid american + +conventional cram everywhere... boy, at times I'm missing some + +well placed neutron bombs, the ones that would kill all these + +useless zombies and leave noble books and good Wodka untouched. + +It's difficult to believe in democracy any more... if I ever + +did... all the useless zombie do -unfortunately- vote, and they + +do vote for "smiling semblances", for "conventionally minded + +idiots" that so act as if they would "really" be like what they + +"look" like and could not care less about anything else than + +making bucks and defend intolerant and petty patterns. The slaves + +choose the people they have "seen" on TV... as if the egyptians + +would VOTE for their pharaohs, exhilarated under the whips of + +publicity... sorry, at times I forget that you are here for the + +cracks, and could not care less about what I think... + + You 'll obtain the OTHER missing lessons IF AND ONLY IF you + +mail me back (via anon.penet.fi) with some tricks of the trade + +I may not know that YOU discovered. Mostly I'll actually know + +them already, but if they are really new you'll be given full + +credit, and even if they are not, should I judge that you + +"rediscovered" them with your work, or that you actually did good + +work on them, I'll send you the remaining lessons nevertheless. + +Your suggestions and critics on the whole crap I wrote are also + +welcomed. + + E-mail +ORC + + +ORC an526164@anon.penet.fi + HOW TO CRACK, by +ORC, A TUTORIAL + +--------------------------------------------------------------------------- + + Lesson 6.1: Funny tricks (1) + +--------------------------------------------------------------------------- + +LESSON 6 (1) - Funny tricks. Xoring, Junking, Sliding + +EXERCISE 01: [LARRY in search of the King] + + Before the next step let's resume what you have learned in + +the lessons 3-5, beginning with a very simple crack exercise + +(again, we'll use the protection scheme of a game, for the + +reasons explained in lesson 1): SEARCH FOR THE KING (Version + +1.1.). This old "Larry" protection sequence, is a "paper + +protection" primitive. It's a very widespread (and therefore easy + +to find) program, and one of the first programs that instead of + +asking meaningful passwords (which offer us the possibility to + +immediately track them down in memory) asked for a random number + +that the good buyer could find on the manual, whereby the bad + +cracker could not. (Here you choose -with the mouse- one number + +out of 5 possible for a "gadget" choosen at random). I don't need + +any more to teach you how to find the relevant section of code + +(-> see lesson 3). Once you find the protection, this is what you + +get: + +:protection_loop + + :C922 8E0614A3 MOV ES,[A314] + +... + + :C952 50 0E PUSH AX & CS + + :C954 E81BFF CALL C872 <- call protection scheme + + :C957 5B POP BX twice + + :C959 8B76FA MOV SI,[BP-06] <- prepare store_room + + :C95C D1E6 SHL SI,1 <- final prepare + + :C95E 8942FC MOV [BP+SI-04],AX <- store AX + + :C961 837EFA00 CMP Word Ptr [BP-06],+00 <- good_guy? + + :C965 75BB JNZ C922 <- loop, bad guy + + :C967 8E0614A3 MOV ES,[A314] + + :C96B 26F606BE3501 TEST Byte Ptr ES:[35BE],01 <- bad_guy? + + :C971 74AF JZ C922 <- loop, bad guy + + :C973 8B46FC MOV AX,[BP-04]... <- go on good guy + +Let's see now the protection scheme called from :C954 + + :C872 55 PUSH BP + +... + + :C8F7 90 NOP + + :C8F8 0E PUSH CS + + :C8F9 E87234 CALL FD6E <- call user input + + :C8FC 5B POP BX + + :C8FD 5B POP BX + + :C8FE 8B5E06 MOV BX,[BP+06] + + :C901 D1E3 SHL BX,1 + + :C903 39872266 CMP [BX+6622],AX <- right answer? + + :C907 7505 JNZ C90E <- no, beggar_off + + :C909 B80100 MOV AX,0001 <- yes, AX=1 + + :C90C EB02 JMP C910 + + :C90E 2BC0 SUB AX,AX <- beggar_off with AX=0 + + :C910 8BE5 MOV SP,BP + + :C912 5D POP BP + + :C913 CB RETF <- back to main + +Here follow 5 questions, please answer all of them: + +1) Where in memory (in which locations) are stored the "right" + + passnumbers? Where in memory is the SEGMENT of this + + locations stored? How does the scheme get the OFFSET? + +2) Would setting NOPs instructions at :C965 and :C971 crack? + + Would it be a good idea? + +3) Would changing :C907 to JZ crack? Would it be a good idea? + +4) Would changing :C907 to JNZ C909 crack? Would it be a good + + idea? + +5) Write down (and try) at least 7 OTHER different patches to + + crack this scheme in spades (without using any NOP!). + +Uff! By now you should be able to do the above 5 exercises in + +less than 15 minutes WITHOUT USING THE DEBUGGER! Just look at the + +data above and find the right answers feeling them... (you 'll + +now which one are the right one checking with your debugger... + +score as many points as you like for each correct answer and sip + +a good Martini-Wodka... do you know that the sequence should + +ALWAYS be 1) Ice cubes 2) Martini Dry 3) Wodka Moskovskaja 4) + +olive 5) lemon 6) Schweppes Indian tonic? + +Let's now come to the subject of this lesson: + +-----> [Xoring] (Simple encryption methods) + + One easy way to encrypt data is the XOR method. XOR is a bit + +manipulation instruction that can be used in order to cipher and + +decipher data with the same key: + + Byte to encrypt key result + + FF XOR A1 5E + + 5E XOR A1 FF + +As you can see XOR offers a very easy way to encrypt or to + +decrypt data, for instance using the following routine: + + encrypt_decrypt: + + mov bx, offset_where_encryption/decryption_starts + + xor_loop: + + mov ah, [bx] <- get current byte + + xor ah, encrypt_value <- engage/disengage xor + + mov [bx], ah <- back where you got it + + inc bx <- ahead one byte + + cmp bx, offset_start_+_size <- are we done? + + jle xor_loop <- no, then next cycle + + ret <- back where we came from + +The encrypt_value can be always the same (fixed) or chosen at + +random, for instance using INT_21, service 2Ch (get current time) + +and choosing as encrypt_value the value reported in DL (but + +remembering to discard the eventual value 0, coz otherwise it + +would not xor anything at all!) + + random_value: + + mov ah,2Ch + + int 21h + + cmp dl,0 + + je random_value + + mov encrypt_value,dl + + The problem with XORing (and with many other encryption + +methods), is that the part of the code that calls the encryption + +routine cannot be itself encrypted. You'll somewhere have, "in + +clear" the encryption key. + + The protectionist do at times their best to hide the + +decrypting routine, here are some common methods: + +-----> JUNK FILLING, SLIDING KEYS AND MUTATING DECRYPTORS + + These are the more common protection method for the small + +decryption part of the program code. This methods, originally + +devised to fool signature virus scanners, have been pinched from + +the polymorphic virus engines of our fellows viriwriters, and are + +still in use for many simple decryption protection schemes. For + +parts of the following many thanks go to the [Black Baron], it's + +a real pity that so many potential good crackers dedicate so much + +time to useless (and pretty repetitive) virus writing instead of + +helping in our work. This said, virus studying is VERY important + +for crackers coz the code of the viri is + +* ULTRAPROTECTED + +* TIGHT AND EFFECTIVE + +* CLOAKED AND CONCEALED. + +Let's show as example of the abovementioned protection tactics + +the following ultra-simple decryptor: + + MOV SI,jumbled_data ;Point to the jumbled data + + MOV CX,10 ;Ten bytes to decrypt + +mn_loop: XOR BYTE PTR [SI],44 ;XOR (un_scramble!) a byte + + INC SI ;Next byte + + LOOP mn_loop ;Loop the 9 other bytes + +This small program will XOR the ten bytes at the location pointed + +to by SI with the value 44. Providing the ten bytes were XORed + +with 44 prior to running this decryptor the ten bytes will be + +restored to their original state. + +In this very simple case the "key" is the value 44. But there are + +several tricks involving keys, the simplest one being the use of + +a "sliding" key: a key that will be increased, or decreased, or + +multiplied, or bit-shifted, or whatever, at every pass of the + +loop. + +A possible protection can also create a true "Polymorph" + +decryptor, a whole decryptor ROUTINE that looks completely + +different on each generation. The trick is to pepper totally + +random amounts of totally random instructions, including JUMPS + +and CALLS, that DO NOT AFFECT the registers that are used for the + +decryption. Also this kind of protection oft uses a different + +main decryptor (possibly from a selection of pre-coded ones) and + +oft alters on each generation also all the registers that the + +decryptor uses, invariably making sure that the JUNK code that + +it generates doesn't destroy any of the registers used by the + +real decryptor! So, with these rules in mind, here is our simple + +decryptor again: + + MOV DX,10 ;Real part of the decryptor! + + MOV SI,1234 ;junk + + AND AX,[SI+1234] ;junk + + CLD ;junk + + MOV DI,jumbled_data ;Real part of the decryptor! + + TEST [SI+1234],BL ;junk + + OR AL,CL ;junk + +mn_loop: ADD SI,SI ;junk instr, but real loop! + + XOR AX,1234 ;junk + + XOR BYTE PTR [DI],44 ;Real part of the decryptor! + + SUB SI,123 ;junk + + INC DI ;Real part of the decryptor! + + TEST DX,1234 ;junk + + AND AL,[BP+1234] ;junk + + DEC DX ;Real part of the decryptor! + + NOP ;junk + + XOR AX,DX ;junk + + SBB AX,[SI+1234] ;junk + + AND DX,DX ;Real part of the decryptor! + + JNZ mn_loop ;Real part of the decryptor! + +As you should be able to see, quite a mess! But still executable + +code. It is essential that any junk code generated by the + +Polymorph protection is executable, as it is going to be peppered + +throughout the decryptor. Note, in this example, that some of the + +junk instructions use registers that are actually used in the + +decryptor! This is fine, providing the values in these + +registers aren't destroyed. Also note, that now we have random + +registers and random instructions on each generation. So, a + +Polymorph protection Engine can be summed up into three major + +parts: + + 1 .. The random number generator. + + 2 .. The junk code generator. + + 3 .. The decryptor generator. + +There are other discrete parts but these three are the ones where + +most of the work goes on! + +How does it all work? Well a good protection would + +* choose a random selection of registers to use for the + +decryptor and leave the remaining registers as "junk" registers + +for the junk code generator. + +* choose one of the compressed pre-coded decryptors. + +* go into a loop generating the real decryptor, peppered with + +junk code. + +From the protectionist's point of view, the advantages of this + +kind of method are mainly: + +* the casual cracker will have to sweat to find the decryptor. + +* the casual cracker will not be able to prepare a "patch" for + +the lamers, unless he locates and patches the generators, (that + +may be compressed) coz otherwise the decryptor will vary every + +time. + +To defeat this kind of protection you need a little "zen" feeling + +and a moderate knowledge of assembler language... some of the + +junk instructions "feel" quite singular when you look at them + +(->see lesson B). Besides, you (now) know what may be going on + +and memory breakpoints will immediately trigger on decryption... + +the road is open and the rest is easy (->see lessons 3-5). + +-----> Starting point number magic + +For example, say the encrypted code started at address 10h, the + +following could be used to index this address: + + MOV SI,10h ;Start address + + MOV AL,[SI] ;Index from initial address + +But sometimes you'll instead find something like the following, + +again based on the encrypted code starting at address 10h: + + MOV DI,0BFAAh ;Indirect start address + + MOV AL,[DI+4066h) ;4066h + 0BFAAh = 10010h (and FFFF = 10h)!! + +The possible combinations are obviously infinite. + +[BIG KEYS] (Complicated encryption methods) + + Prime number factoring is the encryption used to protect + +sensible data and very expensive applications. Obviously for few + +digit keys the decoding is much easier than for, say, 129 or 250 + +digit keys. Nevertheless you can crack those huge encryption too, + +using distributed processing of quadratic sieve equations (which + +is far superior for cracking purpose to the sequential processing + +methods) in order to break the key into prime numbers. To teach + +you how to do this sort of "high" cracking is a little outside + +the scope of my tutorial: you'll have to write a specific short + +dedicated program, linking together more or less half a thousand + +PC for a couple of hours, for a 250 bit key, this kind of things + +have been done quite often on Internet, were you can also find + +many sites that do untangle the mysteries (and vagaries) of such + +techniques. + + As References I would advocate the works of Lai Xueejia, those + +swiss guys can crack *everything*. Begin with the following: + +Xuejia Lai, James Massey, Sean Murphy, "Markov Ciphers and + + Differential Cryptanalysis", Advances in Cryptology, + + Eurocrypt 1991. + +Xuejia Lai, "On the Design and Security of Block Ciphers", + + Institute for Signal and Information Processing, + + ETH-Zentrum, Zurich, Switzerland, 1992 + +Factoring and primality testing is obviously very important for + +this kind of crack. The most comprehensive work I know of is: + +(300 pages with lengthy bibliography!) + + W. Bosma & M. van der Hulst + + Primality Testing with Cyclotomy + + Thesis, University of Amsterdam Press. + +A very good old book you can incorporate in your probes to build + +very effective crack programs (not only for BBS accesses :=) is + +*the* "pomerance" catalog: + +Pomerance, Selfridge, & Wagstaff Jr. + + The pseudoprimes to 25*10^9 + + Math. Comp. Vol 35 1980 pp. 1003-1026 + +Anyway... make a good search with Lykos, and visit the relevant + +sites... if encryption really interests you, you'll be back in + +two or three (or thirty) years and you'll resume cracking with + +deeper erudite knowledge. + +[PATENTED PROTECTION SYSTEMS] + + The study of the patented enciphering methods is also *quite* + +interesting for our aims :=) Here are some interesting patents, + +if you want to walk these paths get the complete texts: + + [BEST] USPat 4168396 to Best discloses a microprocessor + +for executing enciphered programs. Computer programs which have + +been enciphered during manufacture to deter the execution of the + +programs in unauthorized computers, must be decrypted before + +execution. The disclosed microprocessor deciphers and executes + +an enciphered program one instruction at a time, instead of on + +a continuous basis, through a combination of substitutions, + +transpositions, and exclusive OR additions, in which the address + +of each instruction is combined with the instruction. Each unit + +may use a unique set of substitutions so that a program which can + +be executed on one microprocessor cannot be run on any other + +microprocessor. Further, Best cannot accommodate a mixture of + +encrypted and plain text programs. + + [JOHNSTONE] USPat 4120030 to Johnstone describes a + +computer in which the data portion of instructions are scrambled + +and in which the data is of necessity stored in a separate + +memory. There is no disclosure of operating with instructions + +which are completely encrypted with both the operation code and + +the data address portion being unreadable without a corresponding + +key kernel. + + [TWINPROGS] USPat 4183085 describes a technique for + +protecting software by providing two separate program storages. + +The first program storage is a secure storage and the second + +program storage is a free storage. Security logic is provided to + +check whether an output instruction has originated in the secure + +store and to prevent operation of an output unit which receives + +output instructions from the free storage. This makes it + +difficult to produce information by loading a program into free + +storage. + + [AUTHENTICATOR] USPat 3996449 entitled "Operating System + +Authenticator," discloses a technique for authenticating the + +validity of a plain text program read into a computer, by + +exclusive OR'ing the plain text of the program with a key to + +generate a code word which must be a standard recognizable code + +word which is successfully compared with a standard corresponding + +code word stored in the computer. If there is a successful + +compare, then the plain text program is considered to be + +authenticated and is allowed to run, otherwise the program + +is not allowed to run. + +ELEMENTS OF [PGP] CRACKING + +In order to try to crack PGP, you need to understand how these + +public/private keys systems work. Cracking PGP seems extremely + +difficult, though... I have a special dedicated "attack" computer + +that runs 24 hours on 24 only to this aim and yet have only begun + +to see the light at the famous other end of the tunnel. It's + +hard, but good crackers never resign! We'll see... I publish here + +the following only in the hope that somebody else will one day + +be able to help... + +In the public key cryptosystems, like PGP, each user has an + +associated encryption key E=(e,n) and decryption key D=(d,n), + +wherein the encryption keys for all users are available in a + +public file, while the decryption keys for the users are only + +known to the respective users. In order to maintain a high level + +of security a user's decoding key is not determinable in a + +practical manner from that user's encoding (public) key. Normally + +in such systems, since + + e.multidot.d.ident.1 (mod(1 cm((p-1),(q-1)))), + +(where "1 cm((p-1),(q-1))" is the least common multiple of the + +numbers p-1 and q-1) + +d can be determined from e provided p and q are also known. + +Accordingly, the security of the system is dependent upon the + +ability to determine p and q which are the prime factors of n. + +By selecting p and q to be large primes, the resultant composite + +number n is also large, and correspondingly difficult to factor. + +For example, using known computer-implemented factorization + +methods, on the order of 10.sup.9 years is required to factor a + +200 digit long number. Thus, as a practical matter, although a + +user's encryption key E=(e,n) is public, the prime factors p and + +q of n are effectively hidden from anyone due to the enormous + +difficulty in factoring n. These aspects are described more fully + +in the abundant publications on digital signatures and Public-Key + +Cryptosystems. Most public/private systems relies on a message- + +digest algorithm. + + A message-digest algorithm maps a message of arbitrary length + +to a "digest" of fixed length, and has three properties: + +Computing the digest is easy, finding a message with a given + +digest "inversion" is hard, and finding two messages with the + +same digest "collision" is also hard. Message-digest algorithms + +have many applications, not only digital signatures and message + +authentication. RSA Data Security's MD5 message-digest algorithm, + +developed by Ron Rivest, maps a message to a 128-bit message + +digest. Computing the digest of a one-megabyte message takes as + +little as a second. While no message-digest algorithm can yet + +be secure, MD5 is believed to be at least as good as any other + +that maps to a 128-bit digest. + + As a final gift, I'll tell you that PGP relies on MD5 for a + +secure one-way hash function. For PGP this is troublesome, to say + +the least, coz an approximate relation exists between any four + +consecutive additive constants. This means that one of the design + +principles behind MD4 (and MD5), namely to design a collision + +resistant function, is not satisfied. You can construct two + +chaining variables (that only differ in the most significant bit + +of every word) and a single message block that yield the same + +hashcode. The attack takes a few minutes on a PC. From here you + +should start, as I did. + +[DOS 4GW] cracking - This is only a very provisory part of this + +tutorial. DOS 4GW cracking will be much better described as soon + +as [Lost soul] sends his stuff, if he ever does. For (parts of) + +the following I thank [The Interrupt]. + + Most applications of every OS, and also of DOS 4GW, are + +written in C language, coz as you'll have already learned or, + +either, you'll learn, only C allows you to get the "guts" of a + +program, almost approaching the effectiveness of assembler + +language. + + C is therefore the LANGUAGE OF CHOICE for crackers, when you + +prepare your tools and do not directly use assembler routines. + +Besides... you'll be able to find VERY GOOD books about C for + +next to nothing in the second hand bookshops. All the lusers are + +throwing money away in spades buying huge, coloured and + +absolutely useless books on unproductive "bloated" languages like + +Visual basic, C++ and Delphy. Good C new books are now rare + +(books on assembler language have always been) and can be found + +almost exclusively on the second hand market. Find them, buy + +them, read them, use them for your/our aims. You can find a lot + +of C tutorials and of C material on the Web, by all means DO IT! + +Be a conscientious cracker... learn C! It's cheap, lean, mean and + +very productive (and creative) :=) + + Back to the point: most stuff is written in C and therefore + +you need to find the "main" sub-routine inside the asm. With + +DOS/4GW programs, search the exe file for "90 90 90 90", almost + +always it'll be at the start of the compiled code. Now search for + +an INT_21 executed with 4C in AH, the exec to dos code (if you + +cannot "BPINT 21 AH=4C" with your tool, then search for the + +sequence "b4 4c cd 21". This is the equivalent to [mov AH,4C & + +int 21]: it's the most direct call, but as you'll have already + +learned, there are half a dozen ways to put 4C in AX, try them + +all in the order of their frequency). + + A few bytes above the INT_21 service 4C, you'll find the + +call to the "main" subroutine: "E8 xx xx". Now place a "CC" byte + +a few bytes above the call in the exe and run the exe under a + +debugger. When the computer tries to execute the instruction + +you'll be throw back in the debugger coz the "CC" byte acts as + +INT_01 instruction. Then proceed as usual. + +[THE "STEGONATED" PASSWORD HIDEOUT] + + A last, very nice trick should be explained to every wannabe + +cracker, coz it would be embarrassing to search for passwords or + +protection routines that (apparently) are not there. They may be + +hidden INSIDE a picture (or a *.waw file for that matter). This + +is steganography, a method of disguising messages within other + +media. + + Depending on how many shades of grey or hues of colour you want + +to have, a pixel can be expressed using 8. 16, 32 or even more + +bits. If the least significant bit is changed. the shade of the + +pixel is altered only one-256th, one-65,OOOth or even less. No + +human eye could tell the difference. + + What the protectionist does, is hijack the least significant + +bit in each pixel of a picture. It uses that bit to store one bit + +of a protection, or of a password (or of a file, or of a secret + +message). Because digitized pictures have lots of pixels, it's + +possible to store lots of data in a single picture. A simple + +algorithm will transfer them to the relevant parts of the program + +when it needs be, and there we'll intercept them. You'll need to + +learn very well the zen-cracking techniques to smell this kind + +of stuff though (-> see lesson B). + +Well, that's it for this lesson, reader. Not all lessons of my + +tutorial are on the Web. + + You 'll obtain the OTHER missing lessons IF AND ONLY IF you + +mail me back (via anon.penet.fi) with some tricks of the trade + +I may not know that YOU discovered. Mostly I'll actually know + +them already, but if they are really new you'll be given full + +credit, and even if they are not, should I judge that you + +"rediscovered" them with your work, or that you actually did good + +work on them, I'll send you the remaining lessons nevertheless. + +Your suggestions and critics on the whole crap I wrote are also + +welcomed. + + E-mail +ORC + + an526164@anon.penet.fi (+ORC) + HOW TO CRACK, by +ORC, A TUTORIAL + +--------------------------------------------------------------------------- + + Lesson 8.1: How to crack Windows, an approach + +--------------------------------------------------------------------------- + + [WINPGP.EXE] + + -------------------------------------- + +-------------------------------------------------------- + + SPECIAL NOTE: Please excuse the somehow "unshaven" + + character of the windows lessons... I'm cracking the + + newest Windows '95 applications right now, therefore + + at times I had to add "on the fly" some corrections to + + the older Windows 3.1 and Windows NT findings. + + "homines, dum docent, discunt". + +--------------------------------------------------------- + +-> 1st THING TO REMEMBER + +The NE format does give every windows executable the equivalent + +of a debug symbol table: A CRACKER BLISS! + +-> UNDOCUMENTED DEBUGGING + +One of the many feature of Windows based on undocumented + +foundations is the "ability to debug". + +A word about undocumented functions in the MS-Operating Systems: + +Microsoft manipulates its rule and domination of the operating + +systems in use to day (MS-DOS, Windows, Windows '95) with two + +main wicked aims: + +1) getting the concurrence completely bankrupt (that's the + + scope of all the using of undocumented functions and + + CHANGING them as soon as the concurrence uses them). The + + battle against Borland was fought in this way. + +2) getting all future "programmers" to use windows as a "black + + box" that only Microsoft engineers (if ever) can master, so + + that everybody will have to sip the ill-cooked abominations + + from Microsoft without ever having a chance to alter or + + ameliorate them. + +Strange as it may seem, only the sublime cracker community fights + +against these intolerable plans. All stupid governments and + +lobbies -on the contrary- hide behind the fig-leaf of the + +"market" "freedom" in order to ALLOW such heinous developments + +(I'm speaking as if they were capable to opposing them even if + +they wanted, which they do not. Be assured, they couldn't anyway, + +"Governments" are deliberately MADE to serve Gates and all the + +remaining suckers, and lobbies are the shield of feudalism. You + +can forget "democracy", the only rule existing is a malevolent + +oligarchy based on money, personal connections, defect of + +culture, lack of knowledge and dictatorship of bad taste through + +television in order to keep the slaves tamed... enough now...) + +The windows situation is particularly reminiscent of the older + +situation in DOS, where for years the key "load but don't + +execute" function, used by debuggers, such as [DEBUG], [SYMDEB] + +and [CODEVIEW], was "reserved" by Microsoft. + + The windows debugging library, WINDEBUG.DLL, a number of + +undocumented functions and even the interface it provides are + +undocumented! The WinDebug() function is used by all available + +windows debuggers, including [CVW] (CodeView for Windows), [TDW] + +(TurboDebugger for Windows), [Multiscope] and [Quick C for + +Windows] (the last two are GUI, not text debuggers. The use of + +WinDebug() doesn't show up in MAPWIN output 'coz debuggers link + +to it at run-time via the amazing GetProcAddress() function. + + WinDebug() is a hacked 32-bit version, for the old Windows + +3.0, of the poorly documented DOSPTrace() function from OS/2 1.x + +(study these older Operating Systems! Studying the past you'll + +understand EVERYTHING! Sometime I think that the only way to hack + +and crack correctly is to be more a software historian than a + +programmer... fac sapias et liber eris!). DOSPTrace is, in turn, + +based on the ptrace() function in Unix. + + Like DosPTrace(), WinDebug() takes commands such as Go, + +Single-Step, Write&Read Registers, Write&Read Memory. It returns + +to its caller either when the command completes or when a + +breakpoint occurs (or a DLL load). These commands and + +notifications appear in a large structure whose address is passed + +in WinDebug(). + + WinDebug() was renamed CVWIN.DLL (and TDWIN.DLL) for Windows + +3.1., all crackers should study it and get the maximum possible + +documentation about it. As you will see in the following, it is + +worth to study also TOOLHELP.DLL (what Microsoft would like you + +to fiddle with) and INT_41h (the real debugging interface). + +Interrupt handling under Windows + + Interrupt handling under Windows can be tricky: you need to + +use Toolhelp (a rather scaring lobotomy for your programs) or to + +have special code for Standard vs. Enhanced modes, because the + +information on the stack of an interrupt or exception handler + +differs between the two windows modes. In addition, some handlers + +would be installed using INT_21h, while others are set up using + +DPMI services. Toolhelp has quite a bit of internal code that + +"cooks" the interrupts and sends them to you in an easily + +digestible form. + + Remember that Windows uses GP faults as a "hacker" method + +of doing ring transitions that are not allowed with legal 80x86 + +instructions: the virtual memory system of Enhanced mode is + +implemented via the page fault. + +Some tools for cracking windows (-> see lesson 9) + +----------------- DEBUGGERS + +CVW and TDW (you have to know the function's + + segment:offset address beforehand in order + + to crack a function) + +WCB [Windows Codeback] by Leslie Pusztai (it's + + a really cool tool!) + +WDEB386 Microsoft's WDEB386 (clumsy, and requires a + + second monitor) + +Soft-Ice/Windows best (BY FAR!) windows debugger! NuMega is + + so good I am at times really sorry to crack + + their products! [WINICE] is the single, + + absolutely essential debugger and snooping + + utility for windows crackers. Get it! + +----------------- POST MORTEM INSPECTORS + +CORONER, etc. (a lot of shareware) + +MS-DrWatson Old and clumsy + +Borland's Winspector THE BEST! It has the BUILDSYM utility + + that allows the creation of a debug + + .SYM file from an .EXE without debug + + information. + +----------------- INSPECTORS + +MS-Spy Old + +Borland's WinSight (Best one, select "Other") + +MicroQuill's Windows DeMystifiers (from Jeff Richter): + + VOYEUR (hold SHIFT picking Message Selection), COLONEL, + + MECHANIC and ECOLOGIST + +----------------- SNOOPERS + +[INFSPY.EXE], 231.424 bytes, version 2.05 28/8/1994 by Dean + +Software Design, may be the more complete one. + +[SUPERSPY.EXE], 24.576 bytes, 10,6,1994, quite handy for quick + +informations. + +[WINVIEW.EXE], 30.832 bytes, Version 3.00 by Scott McCraw, MS(c) + +1990-1992, this is the old MS-Spy, distributed by MS + +[TPWSPY.EXE], 9.472 bytes, quite primitive, but you get the + +pascal source code with it. + +-> INSIDE A WINDOWS '95 DEBUGGER + + You can debug a program at the assembly-language level + +without any debugging information. The DOS [DEBUG] program does + +that, allowing breakpoints and single-stepping, all of which + +implies that the hardware must be cooperating. Back in the time + +of the 4-MHz Z-80s, you used a debugger that plugged interrupt + +op codes into the instruction stream to generate breakpoints. + + Nothing has changed. That's how you debug a program on a + +80586 (=Pentium). The x86 architecture includes software + +interrupts. The 1-byte op code xCC is the INT_03 instruction, + +reserved for debuggers. You can put the INT_03 op code in place + +of the program instruction op code where the break is to occur + +and replace the original op code at the time of the interrupt. + +In the 80386 and later, you can set a register flag that tells + +the processor to generate a not-intrusive INT_01 instruction for + +every machine instruction executed. That device supports single + +stepping. + + The Win32SDK (Windows '95 software developer's kit) includes + +functions that allow one program to launch another program and + +debug it. The SDK's debug API takes care of how the interrupts + +and interrupt vectors get managed. The logical consequence of + +such an approach is that fewer and fewer people will be able to + +know what's going on inside an application. The bulk of the + +programmers -in few years time- will not be able any more to + +reverse engineer an application, unless the few that will still + +understand assembler-language do offer them the tools to do it. + +Microsoft -it is evident- would like the programmers to use a + +"black box" approach to programming, writing nice little "hallo + +world" application and leaving to the engineers in Microsoft + +alone the capacity to push forward (and sell) real programs that + +are not toy application. + + The Win32 documentation seems vast, almost luxurious, until + +you begin serious work and you discover its shortcomings, like + +the fact that extended error codes are not documented, and + +numerous APIs are documented either incorrectly or so poorly that + +you must burn precious time testing them. What we definitely need + +is to find some secret fellows inside Microsoft (like good old + +Prometeus) that smuggles to the outside the real documentation + +that the Microsoft engineers have reserved for themselves. If you + +are reading this and do work for Microsoft, consider the + +possibility of double-crossing your masters for the sake of + +humanity and smuggle us the secret information. + + In windows '95 a debugger program launches a program to be + +debugged by calling the _CreateProcess function, specifying in + +an argument that the program is to be debugged. Then the debugger + +program enters a loop to run the program. At the top of the loop + +the debugger calls _WaitForDebugEvent. + + Each time _WaitForDebugEvent returns it sets indicators that + +tell about the vent that suspended the program being debugged. + +This is where the debugger traps breakpoints and single-step + +exceptions. _WaitForDebugEvent fills in an event structure that + +contains among other things the address that was interrupted end + +the event that caused the interrupt. + + The debugger calls _GetThreadContext to get the running + +context of the debugged program, including the contents of the + +registers. The debugger can, as the result of cracker + +interaction, modify these values and the contents of the debugged + +program's memory. + + The debugger sets breakpoints by saving the op code at the + +instruction to be intercepted and putting the INT_03 op code at + +its place, it's always the same old marmalade. When the + +breakpoint occurs, the debugger replaces the original op code in + +the program's instruction memory, and decrements the interrupted + +program counter in the saved context so that execution resumes + +at the instruction that was broken. + + To single-step a program, the debugger sets a bit in the + +context's flags register that tells the processor to generate an + +INT_01 for every instruction cycle. When that interrupt occurs, + +the debugger checks to see if the interrupted address is at a new + +source-code line number. If not, the debugger continues + +execution. Otherwise, the debugger displays the new line in the + +IDE and waits for the cracker to take an action that resumes the + +program. + + While the debugged program is suspended, the debugger + +interacts with the cracker and provides full access to the + +debugged program's context and memory. This access permits the + +cracker to examine and modify part of the code. + + To resume the debugged program, the debugger resets the + +program's context by calling _SetThreadContext and calls + +_ContinueDebugEvent. Then, the debugger returns to the top of the + +loop to call _WaitForDebugEvent again. + + To extract debug information from a Win32 executable file, + +you must understand the format of that file (best thing to do, + +to practice yourself, would be to reverse engineer small + +programs). The executable file has two sections not found in + +other executable files: ".stab" and ".stabstr". How nice that + +they used names that suggest their purpose (nomen est omen). + +You'll find them inside a table of fixed-length entries that + +include entries for .text, .bss, .data and .idata. Inside these + +sections the compilers put different parts of a program. + + There are several different formats for encoding debug + +information in an executable file. Borland's Turbo Debugger one + +format. Microsoft's CodeView another. The gnu-win32 port from + +Cygnus the stab format, an acronym meaning "symbol table", + +although the table contains much more than just symbol + +information. + + The .stab section in a portable executable file is a table + +of fixed-length entries that represent debugging information in + +the stab format. The .stabstr section contains variable-length, + +null terminated strings into which the .stab table entries point. + + The documentation for the stab format is available in text + +format on the Cygnus ftp site (ftp.cygnus.com//pub/gnu-win32). + + Stabs contain, in a most cryptic format, the names and + +characteristics of all intrinsic and user-defined types, the + +memory address of every symbol in external memory and on the + +stack, the program counter address of every function, the program + +counter address where every brace-surrounded statement block + +starts and ends, the memory address of line numbers within + +source-code files, and anything else that a debugger needs. The + +format is complex and cryptic because it is intended to support + +any source-code language. It is the responsibility of a debugger + +program to translate the stab entries into something meaningful + +to the debugger in the language being debugged. + + Windows '95 invokes dozens of INT_21 services from 32-bit + +code, including KERNEL32.DLL and possess Krn32Mutex, which + +apparently controls access to certain parts of the kernel. Some + +of the functions in KERNEL32 can be blocked by the Win16Mutex, + +even though Microsoft says this isn't the case. + +SO, I WANNA CRACK, WHAT SHOULD I DO? + + I'll show you a simple windows crack, so easy it can be done + +without WINICE: let's take [WINPGP4.1.] (front-end for PGPing in + +windows, by Geib - I must thank "Q" for the idea to work on this + +crack). + + Using WCB you'll find out quickly that the "CONGRATULATIONS + +your registration number is OK" and the "SORRY, your registration + +number is not correct" data blocks are at the block starting at + +36.38B8 (respectively at 36.38D5 and 36.3937), that relocs to + +13.081B. + + Looking at 13.0000 and following code, you'll find a push + +38D5 (68D538) and a push 3937 (683739) at 13.064D and 13.06AE. + + The road to the crack is now open, you just need to find and + +"fool" the calling routines. You'll learn the exact procedures + +for this kind of WINcracks in part 2 and 3 of -> Lesson 8. Let's + +now have a look at the protection scheme (disassembly from WCB): + +... + +13.0E88 660FBF46F8 movsx eax, word ptr [bp-08] + +13.0E8D 668946F4 mov [bp-0C], eax + +13.0E91 668B46F4 mov eax, [bp-0C] + +13.0E95 6669C00A000300 imul eax, 0003000A + +13.0E9C 668946F0 mov [bp-10], eax + +13.0EA0 668B4606 mov eax, [bp+06] + +13.0EA4 663B46F0 cmp eax, [bp-10] + +13.0EA8 7505 jne 0EAF <- beggar_off + +13.0EAA B80100 mov ax, 0001 <- flag 1 = "Right!" + +13.0EAD EB04 jmp 0EB3 <- and go on + +beggar_off: + +13.0EAF 33C0 xor ax,ax <- flag 0 = "Nope!" + +13.0EB1 EB00 jmp 0EB3 <- and go on + + I want you to have a good look at this protection scheme. + +IT'S THE SAME OLD SOUP! You do remember lesson 3 and the + +protection schemes of the old DOS stupid games of the '80s, don't + +you? IT'S THE SAME OLD SOUP! In this "up-to-date" "new" windows + +application, in WINPGP version 4.1 of 1995/1996, exactly the same + +kind of protection is used to "conceal" the password! + +A) compare user input with memory echo + +B) beggar off if not equal with AX=0 + +C) go on if equal with AX=1... how boring! + + Besides, look at all the mov eax, and eax, moves preceding + +the compare! That's a typical pattern for these "number_password" + +protections! I wrote (years ago) a little crack utility that + +searches for code blocks with a "66" as first instruction_byte + +repeating in four or more consecutive instructions and it still + +allows me to crack more than half of these windows password smuts + +in less than three seconds flat. The IMUL instruction creates the + +"magic" number, and if you give a closer look at the mathematical + +part of the "conceal" routine, it could help you to crack + +analogous schemes used in order to protect the "Instant access" + +(c) & (tm) time_crippled software :=) + + Now you could crack the above code in 101 different ways, + +the most elegant one would probably substitute je 0EAF (or jZ + +0EAF, that's the same) to the jne 0EAF at 13.0EA8. You just write + +a 74 at the place of the 75, like you did for the cracks in + +1978... how boring: it's really the same old soup! (But you'll + +see some new tricks in the next lessons). + +Well, that's it for this lesson, reader. Not all lessons of my + +tutorial are on the Web. + + You 'll obtain the missing lessons IF AND ONLY IF you mail + +me back (via anon.penet.fi) with some tricks of the trade I may + +not know that YOU discovered. Mostly I'll actually know them + +already, but if they are really new you'll be given full credit, + +and even if they are not, should I judge that you "rediscovered" + +them with your work, or that you actually did good work on them, + +I'll send you the remaining lessons nevertheless. Your + +suggestions and critics on the whole crap I wrote are also + +welcomed. + + E-mail +ORC + + +ORC 526164@anon.penet.fi + HOW TO CRACK, by +ORC, A TUTORIAL + +--------------------------------------------------------------------------- + + Lesson 8.2: How to crack Windows, a deepr approach + +--------------------------------------------------------------------------- + + [SNAP95] [WINZIP] [WINCAT] + + -------------------------------------- + + SPECIAL NOTE: Please excuse the somehow "unshaven" + + character of the windows lessons... I'm cracking the + + newest Windows '95 applications right now, therefore + + at times I had to add "on the fly" some corrections to + + the older Windows 3.1 and Windows NT findings. + + "homines, dum docent, discunt". + +--------------------------------------------------------- + +-> 1st THING TO REMEMBER + +If you thought that DOS was a mess, please notice that windows + +3.1 is a ghastly chaos, and windows 95 a gruesome nightmare of + +ill-cooked spaghetti code. Old Basic "GOTO" abominations were + +quite elegant in comparison with this concoction... One thing is + +sure: This OS will not last... it's way too messy organised, + +impossible to consolidate, slow and neurotic (but I must warn + +you... I thought exactly the same things about DOS in 1981). + + The most striking thing about windows 95 is that it is neither + +meat not fish: neither 16 nor 32... you could call it a "24 bit" + +operating system. + + We'll never damage Microsoft interests enough to compensate for + +this moronic situation... where you have to wait three minutes + +to get on screen a wordprocessor that older OS (and even old DOS) + +kick up in 5 seconds. I decide therefore, hic et nunc, to add an + +ADDENDUM to this tutorial: Addendum 1 will be dedicated to teach + +everybody how to crack ALL Microsoft programs that do exist on + +this planet. I'll write it this sommer and give it away between + +the "allowed" lessons. + + Anyway you can rely on good WINICE to crack everything, you'll + +find it on the web for free, I use version 1.95, cracked by [The + +Lexicon] (do not bother me for Warez, learn how to use the search + +engines on the web and fish them out yourself). Learn how to use + +this tool... read the whole manual! Resist the temptation to + +crack immediatly everything in sight... you 'll regret pretty + +soon that you did not wanted to learn how to use it properly. + +A little tip: as Winice is intended more for software developers + +than for crackers, we have to adapt it a little to our purposes, + +in order to make it even more effective: a good idea is to have + +in the *.DAT initialization file following lines: + + INIT = "CODE ON; watchd es:di; watchd ds:si;" + + TRA = 92 + +This way you'll always have the hexadecimal notation on, two very + +useful watch windows for passwords deprotection and enough buffer + +for your traces. + +WINDOWS 3.1. basic cracking: [ALGEBRAIC PROTECTIONS] + + The most used windows protections are "registration codes", + +these must follow a special pattern: have a "-" or a "+" in a + +predetermined position, have a particular number in particular + +position... and so on. + +For the program [SHEZ], for instance, the pattern is to have a + +14 bytes long alphanumeric sequence containing CDCE1357 in the + +first 8 bytes. + + The second level of protection is to "connect" such a + +pattern to the alphanumeric contents of the NAME of the user... + +every user name will give a different "access key". This is the + +most commonly used system. + + As most of these protections have a "-" inside the answering + +code, you do not need to go through the normal cracking procedure + +(described in the next lesson): + +* load WINICE + +* hwnd [name_of_the_crackanda_module] + +* choose the window Handle of the snap, i.e, the exact + + "FIELD" where the code number input arrives... say 091C(2) + +* BMSG 091C WM_GETTEXT + +* Run anew + +* Look at the memory location(s) + +* Do the same for the "Username" input FIELD. (Sometimes + + linked, sometimes not, does not change much, though) + +* BPR (eventually with TRACE) on the memory locations (these + + will be most of the time FOUR: two NUMBERCODES and two + + USERNAMES). The two "mirrored" ones are the most important + + for your crack. At times there will be a "5th" location, + + where the algebraic play will go on... + +* Look at the code that performs algebraic manipulations on + + these locations and understand what it does... + +* Disable the routine or jump over it, or reverse it, or + + defeat it with your own code... there are thousand + + possibilities... + +* Reassemble everything. + +Uff... quite a long cracking work just to crack some miserable + +program... isn'there a quicker way? OF COURSE THERE IS! Actually + +there are quite a lot of them (see also the crack of Wincat Pro + +below): Look at the following code (taken from SNAP32, a screen + +capture utility for Windows 95, that uses a pretty recent + +protection scheme): + + XOR EBX,EBX ; make sure EBX is zeroed + + MOV BL, [ESI] ; load input char in BL + + INC ESI ; point at the next character + + MOV EDI,EBX ; save the input character in EDI + + CMP EBX,+2D ; input char is a "-" ? + + JZ ok_it's_a_+_or_a_- + + CMP EBX,+2B ; input char is a "+" ? + + JNZ Jesus_it's_neither_a_minus_nor_a_plus_let's_check_it + +:ok_it's_a_+_or_a_- + + XOR EBX,EBX ; EBX is zeroed + + MOV BL,[ESI] ; recharge BL + + INC ESI ; point to next char (do not check - or +) + +:Jesus_it's_neither_a_minus_nor_a_plus_let's_check_it + + XOR EBP,EBP ; zero EBP + + CMP DWORD PTR [boguschecker], +01 + + ... + +even if you did not read all my precedent lessons, you do not + +need much more explications... this is a part of the algebraic + +check_procedure inside the SNAP32 module... you could also get + +here through the usual + + USER!BOZOSLIVEHERE + + KERNEL!HMEMCPY + + USER!GLOBALGETATOMNAME + +Windows wretched and detestable APIs used for copy protections, + +as usual with WINICE cracking, and as described elsewhere in my + +tutorial. + + The above code is the part of the routine that checks for the + +presence of a "+" or a "-" inside the registration number (many + +protections scheme requires them at a given position, other need + +to jump over them). + + Now sit down, make yourself comfortable and sip a good Martini- + +Wodka (invariably very useful in order to crack... but be aware + +that only Moskowskaia russian Wodka and a correct "Tumball" glass + +will do, do not forget the lemon)... what does this "-" stuff + +mean for us little crackers? + + It means that we can search directly for the CMP EBX,+2B + +sequence inside any file protected with these schemes... and + +we'll land smack in the middle of the protection scheme! That's + +amazing... but you will never underrate enough the commercial + +programmers... the only really amazing thing is how simpleton the + +protectionists are! You don't believe me? Try it... you 'll get + +your crack at least 4 out of 5 times. + + Yes I know, to find this code is not yet to crack it... but for + +this kind of copy protection (that's the reason it is so + +widespread) there is no single solution... each makes a slightly + +different algebraic manipulation of the alphanumeric and of the + +numeric data. It's up to you to crack the various schemes... here + +you can only learn how to find them and circumvene them. I'll not + +give you therefore a "debug" crack solution. You'll find it + +yourself using my indications (see the crack of the Wincat Pro + +program below). + +WHERE ARE THE CODES? WHERE ARE THE MODIFIED FILES? WHERE DO THE + +PROTECTIONS KEEP COUNT OF THE PASSING DAYS? + +Most of the time the protection schemes use their own *.ini files + +in the c:\WINDOWS directory for registration purposes... at time + +they even use the "garbage sammler" win.ini file. Let's take as + +example WINZIP (versions 5 and 5.5), a very widespread program, + +you'll surely have one shareware copy of it somewhere between + +your files. + + In theory, winzip should be registered per post, in order to + +get a "NEW" copy of it, a "registered" copy. + + This scares most newby crackers, since if the copy you have + +it's not full, there is no way to crack it and make it work, + +unless you get the REAL stuff. The youngest among us do not + +realize that the production of a real "downsized" demo copy is + +a very expensive nightmare for the money-infatuated commercial + +programmers, and that therefore almost nobody does it really... + +nearly all "demos" and "trywares" are therefore CRIPPLED COMPLETE + +PROGRAMS, and not "downsized" demos, independently of what the + +programmers and the protectionists have written inside them. + + Back to Winzip... all you need, to crack winzip, is to add a + +few lines inside the win.ini file, under the heading [WinZip], + +that has already been created with the demo version, before the + +line with "version=5.0". + + I will not help you any further with this... I'll leave it to + +you to experiment with the correct sequences... inside win.ini + +you must have following sequence (these are only template to + +substitute for your tries inside WINICE... you'll get it, believe + +me): + + [WinZip] + + name=Azert Qwerty + + sn=######## + + version=5.5 + + The *important* thing is that this means that you DO NOT NEED + +to have a "new registered version" shipped to you in order to + +make it work, as the protectionist sellers would like you to + +believe. The same applies most of the time... never believe what + +you read in the read.me or in the registration files... + + This brings me to a broader question: NEVER believe the + +information they give you... never believe what television and/or + +newspapers tell you... you can be sure that the only reason they + +are notifying you something is to hinder you to read or + +understand something else... this stupid_slaves_society can only + +subsist if nobody thinks... if you are really interested in what + +is going on, real information can be gathered, but surely not + +through the "conventional" newspapers and/or news_agencies (and + +definitely NEVER through television, that's really only for the + +stupid slaves)... yes, some bit of information can be + +(laboriously) gathered... it's a cracking work, though. + +HOW TO CRACK INFORMATION [WHERE WHAT] + +* INTERNET + + In the middle of the hugest junk collection of the planet, some + +real information can be laboriously gathered if you do learn how + +to use well the search engines (or if you do build your ones... + +my spiders are doing most of the work for me... get your robots + +templates from "Harvest" or "Verify" and start your "spider + +building" activity beginning from Martijn Koster's page). As + +usual in our society, in the Internet the real point is exactly + +the same point you'll have to confront all your life long: HOW + +TO THROW AWAY TONS OF JUNK, HOW TO SECLUDE MYRIADS OF USELESS + +INFORMATION and HOW TO FISH RARE USEFUL INFORMATION, a very + +difficult art to learn per se. Internet offers some information, + +though, mainly BECAUSE it's (still) unregulated. You want a + +proof? You are reading it. + +* SOME (RARE) NEWSPAPERS. + + The newspaper of the real enemies, the economic powers that + +rule this slaves world, are paradoxically most of the time the + +only ones worth studying... somewhere even the real rulers have + +to pass each other some bits of real information. The "Neue + +Zuercher Zeitung", a newspaper of the Swiss industrials from + +Zuerich, is possibly the best "not_conformist trend analyzer" + +around that you can easily find (even on the web). These + +swissuckers do not give a shit for ideology, nor preconcerted + +petty ideas, the only thing they really want is to sell + +everywhere their ubiquitous watches and their chocolates... in + +order to do it, a land like Switzerland, with very high salaries + +and a good (and expensive) social system, must use something + +brilliant... they found it: a clear vision of the world... as a + +consequence this newspaper is very often "against" the trend of + +all the other medias in the world, the ones that are used only + +in order to tame the slaves... If the only language you know is + +english (poor guy) you could try your luck with the weekly + +"Economist"... you'll have to work a lot with it, coz it has been + +tailored for the "new riches" of the Tatcher disaster, but you + +can (at times) fish something out of it... they do a lot of + +idiotic propaganda, but are nevertheless compelled to write some + +truth. American newspapers (at least the ones you can get here + +in Europe) are absolute shit... one wonders where the hell do the + +americans hyde the real information. + + On the "non-capitalistic" side of information there is a + +spanish newspaper "El Pais" that seems to know about what's going + +on in South America, but it's so full of useless propaganda about + +irrelevant Spanish politics that it's not really worth reading. + +The monthly "Le Monde diplomatique" offers something too... this + +one exaggerates a little on the pauperistic "third world" side, + +but has a lot of useful information. See what you can do with all + +this information (or disinformation?) + +[BELIEVE THE COUNTRARY] + + Another good rule of thumb in choosing your medias is the + +following... if all medias around you assure, for instance, that + +"the Serbians are evil"... the only logical consequence is that + +the Serbians are not so evil at all and that "the Croats" or some + +other Yugoslavian shits are the real culprits. This does not mean + +at all that the Serbians are good, I warn you, it means only what + +I say: something is surely hidden behind the concerted propaganda + +you hear, the best reaction is to exaggerate in the other + +direction and believe the few bit of information that do say the + +countrary of the trend. This rule of thumb may be puerile, but + +it works somehow most of the time... if somewhere everybody + +writes that the commies are bad then THERE the commies must not + +be so bad at all and, conversely, if everybody in another place + +writes that the commies are all good and nice and perfect (like + +the Soviet propaganda did) then THERE the commies are surely not + +so good... it's a matter of perspective, much depends on where + +you are, i.e. whose interests are really at stake. There is NEVER + +real information in this society, only propaganda... if you still + +do not believe me do yourself a little experiment... just read + +the media description of a past event (say the Vietnam war) as + +written AT THE MOMENT of the event and (say) as described 10 + +years later. You'll quickly realize how untrustworthy all + +newspapers and medias are. + +* SEMIOTICS You'll have to study it (as soon as you can) to + +interpret what they let you believe, in order to get your + +bearings. A passing knowledge of ancient RHETORIC can help quite + +a lot. Rhetoric is the "Softice" debugger you need to read + +through the propaganda medias: concentrate on Periphrasis, + +Synecdoche, Antonomasia, Emphasis, Litotes and Hyperbole at the + +beginning... you'll later crack higher with Annominatio, + +Polyptoton, Isocolon and all the other lovely "figurae + +sententiae". + +Enough, back to software cracking. + +HOW A REGISTRATION CODE WORKS [WINCAT] + + Let's take as an example for the next crack, a Username- + +algebraic registration code, WINCAT Pro, version 3.4., a 1994 + +shareware program by Mart Heubel. It's a good program, pretty + +useful to catalogue the millions of files that you have on all + +your cd-roms (and to find them when you need them). + +The kind of protection Wincat Pro uses is the most utilized + +around: the username string is manipulated with particular + +algorithms, and the registration key will be made "ad hoc" and + +depends on the name_string. It's a protection incredibly easy to + +crack when you learn how the relevant procedures work. + + [WINCAT Pro] is a good choice for cracking studies, coz you + +can register "over your registration" one thousand times, and you + +can herefore try for this crack different user_names to see all + +the algebrical correspondences you may need to understand the + +protection code. + + In this program, when you select the option "register", you + +get a window where you can input your name and your registration + +number (that's what you would get, emailed, after registering + +your copy). If you load winice and do your routinely hwnd to + +individuate the nag window, and then breakpoint on the + +appropriate memory ranges you'll peep in the working of the whole + +bazaar (this is completely useless in order to crack these + +schemes, but it'll teach you a lot for higher cracking, so you + +better do it also with two or three other programs, even if it + +is a little boring): a series of routines act on the input (the + +name) of the user: the User_name_string (usn). First of all the + +usn_length will be calculated (with a REPNZ SCASB and a following + +STOSB). Then various routines store and move in memory the usn + +and the registration_number (rn) and their relative lengths. In + +order to compare their lengths and to check the correct + +alphanumeric correspondence between usn and rn, the program first + +uppercases the usn and strips all eventual spaces away. + + Here the relevant code (when you see an instruction like + +SUB AL,20 you should immediately realize that you are in a + +uppercasing routine, which is important for us, since these are + +mostly used for password comparisons)... here the relevant Winice + +unassemble and my comments: + +253F:00000260 AC LODSB <- get the usn chars + +253F:00000261 08C0 OR AL,AL <- check if zero + +253F:00000263 740F JZ 0274 <- 0: so usn finished + +253F:00000265 3C61 CMP AL,61 <- x61 is "a", man + +253F:00000267 72F7 JB 0260 <- not a lower, so loop + +253F:00000269 3C7A CMP AL,7A <- x7A is "z", what else? + +253F:0000026B 77F3 JA 0260 <- not a lower, so loop + +253F:0000026D 2C20 SUB AL,20 <- upper it if it's lower + +253F:0000026F 8844FF MOV [SI-01],AL<- and hyde it away + +253F:00000272 EBEC JMP 0260 <- loop to next char + +253F:00000274 93 XCHG AX,BX + +... + +The instruction MOV [SI-01],AL that you see here is important + +at times, coz it points to the location of the "pre-digested" + +usn, i.e. the usn formatted as it should be for the number + +comparison that will happen later. In some more complicated + +protection schemes the reasoning behind this formatting is the + +following: "Stupid cracker will never get the relation algorhitm + +usn <-> rn, coz he does not know that usn AND rn are slightly + +changed before comparing, ah ah... no direct guessing is + +possible". Here is only "polishing": you have to "polish" a + +string before comparing it in order to concede some mistakes to + +the legitimate user (too many spaces in the name, upper-lower + +case mismatch, foreign accents in the name etc.) You just need + +to know, for now, that this checking is usually still 5 or 6 + +calls ahead of the real checking (it's what we call a "green + +light"). + + You should in general realize that the real checking of the + +algebrical correspondence follows after a whole series of memory + +operations, i.e.: cancelling (and erasing) the previous (if ever) + +attempts; reduplicating the usn and the rn somewhere else in + +memory; double checking the string lengths (and saving all these + +values somewhere... be particularly attentive when you meet stack + +pointers (for instance [BP+05]): most of the programs you'll find + +have been written in C (what else?). C uses the stack (SS:SP) to + +pass parameters or to create local variables for his procedures. + +The passwords, in particular, are most of the time compared to + +data contained within the stack. If inside a protection a BP + +register points to the stack you have most of the time fished + +something... remember it pupils: it will spare you hours of + +useless cracking inside irrelevant routines. Back to our CATWIN: + +another little check is about the "minimal" length allowed for + +a user name, in our babe, for instance, the usn must have at + +least 6 chars: + + 230F:00003483 3D0600 CMP AX,0006 + + 230F:00003486 730F JAE 3497 <- go to nice_name + +:too_short + + 230F:00003488 BF9245 MOV DI,4592 <- no good: short + + After a lot of other winicing you'll finally come across + +following section of the code: + +2467:00000CA3 B90100 MOV CX,0001 + +2467:00000CA6 03F1 ADD SI,CX + +2467:00000CA8 2BC1 SUB AX,CX + +2467:00000CAA 7213 JB 0CBF + +2467:00000CAC 40 INC AX + +2467:00000CAD 368B4F04 MOV CX,SS:[BX+04] <- here + +2467:00000CB1 0BC9 0R CX,CX + +2467:00000CB3 7D02 JGE 0CB7 + +2467:00000CB5 33C9 XOR CX,CX + +2467:00000CB7 3BC1 CMP AX,CX + +2467:00000CB9 7606 JBE 0CC1 + +2467:00000CBB 8BC1 MOV AX,CX + +2467:00000CBD EB02 JMP 0CC1 + +2467:00000CBF 33C0 XOR AX,AX + +2467:00000CC1 AA STOSB <- and here + +2467:00000CC2 8BC8 MOV CX,AX + +2467:00000CC4 F3A4 REPZ MOVSB <- and here! + +2467:00000CC6 8EDA MOV DS,DX + +2467:00000CC8 FC RETF 0008 + + This is obviously the last part of the checking routine + +(I'll not delve here with the mathematical tampering of it, if + +you want to check its workings, by all means, go ahead, it's + +quite interesting, albeit such study is NOT necessary to crack + +these schemes). The important lines are obviously the MOV + +CX,SS:[BX+04], the STOSB and the REPZ MOVSB (as usual in password + +protection schemes, you do remember lesson 3, don't you?). + + You should be enough crack-able :=) by now (if you have read + +all the precedent lessons of my tutorial), to find out easily, + +with these hints, how the working of the protection goes and + +where dwells in memory the ECHO of the correct rn (passkey) that + +matches the name you typed in. Remember that in these kind of + +cracks the ECHO is present somewhere (90% of the cases). There + +are obviously one thousand way to find such ECHOs directly, + +without going through the verificayions routines... for instance + +you could also find them with a couple of well placed + +snap_compares, it's a "5 minutes" cracking, once you get the + +working of it. I leave you to find, as interesting exercise, the + +routine that checks for a "-" inside the rn, a very common + +protection element. + + In order to help you understand the working of the protection + +code in [Wincat Pro] I'll give you another hint, though: if you + +type "+ORC+ORC+ORC" as usn, you'll have to type 38108-37864 as + +rn, if you usn as usn "+ORC+ORC" then the relative rn will be + +14055-87593. But these are my personal cracks... I have offered + +this information only to let you better explore the mathematical + +tampering of this specific program... you'll better see the + +snapping mechanism trying them out (going through the routines + +inside Winice) alternatively with a correct and with a false + +password. Do not crack Wincat with my combination! If you use a + +different usn than your own name to crack a program you only show + +that you are a miserable lamer... no better than the lamers that + +believe to "crack" software using huge lists of serial numbers... + +that is really software that they have stolen (Yeah: stolen, not + +cracked). You should crack your programs, not steal them... + +"Warez_kids" and "serial#_aficionados" are only useless zombies. + +I bomb them as soon as I spot them. YOU ARE (gonna be) A CRACKER! + +It makes a lot of a difference, believe me. + +Well, that's it for this lesson, reader. Not all lessons of my + +tutorial are on the Web. + + You 'll obtain the missing lessons IF AND ONLY IF you mail + +me back (via anon.penet.fi) with some tricks of the trade I may + +not know that YOU discovered. Mostly I'll actually know them + +already, but if they are really new you'll be given full credit, + +and even if they are not, should I judge that you "rediscovered" + +them with your work, or that you actually did good work on them, + +I'll send you the remaining lessons nevertheless. Your + +suggestions and critics on the whole crap I wrote are also + +welcomed. + + "If you give a man a crack he'll be hungry again + + tomorrow, but if you teach him how to crack, he'll + + never be hungry again" + + E-mail +ORC + + an526164@anon.penet.fi + HOW TO CRACK, by +ORC, A TUTORIAL + +--------------------------------------------------------------------------- + + Lesson 9 (1): How to crack Windows, Hands on + +--------------------------------------------------------------------------- + + [Winformant][Snap32] + + -------------------------------------- + + THE [DATA_CONSTRAINT] TRICK - [WINFORMANT 4] + I have chosen an older windows application for Win 3.1. +(WIN4MANT.EXE, 562271 bytes, Version 1.10, by Joseph B. Albanese; +you'll find it searching the web with the usual tools, see how +to do it at the end of this lesson), in order to show you how to +use a nice little trick, at times really useful in cracking +password protected programs: [data_constraint]. Inside almost all +protection routines, as you have already learned, there is a +moment when on the stack the ECHO of the real, "correct" +passnumber or password appears. The location of this ECHO varies, +but most of the time it'll be in a range of +- 0x90 bytes from +one of the locations where the user input dwells. This is due to +datadump windows constraints inside the tools used by the +protectionists... but this use is bound to diminish... especially +after this lesson :=) + +[WINFORMANT CRACKING] + This application is -per se- crappy, I doubt you'll ever use +it... but its curious (and pretty rare) "deactivate" mode is +nevertheless very interesting for us: you can "unregister" +Winformant on the fly if you feel the need to. + This feature is pretty useful for scholars that like to +investigate password algorithms with valid and invalid codes +without having to reinstall every time to delete a valid code. +For your cracking exercises choose programs that have +"REVERSIBLE" protections (rare) or that can be re-registered a +billion times (more frequent). Programs that keep the valid +registration on *.ini or special files will also do the job: you +just change a couple of lines to "unregister" them. + The trick of this lesson: [data_constraint], or "password +proximity", bases on the protectionist's need to keep an eye on +the protection "working" when he assembles it. He must "see" the +relationships between USER INPUT NUMBER, USER INPUT TRANSFORMED +and the CORRECT NUMBER ANSWER (in our jargon: the "Bingo"). These +relationships must be constantly checked In order to debug the +protection code. Mostly they will dwell TOGETHER inside a small +stack area, allowing them to be "seen" in the SAME watchwindow. +Most of the time, therefore, the "ECHO" will "materialize" +shortly not very far away from one of the locations of the USER +INPUT. Let's crack: + +* Fire Winice and then Winformant +* Choose HELP and then choose REGISTRATION +* Fill the registration fields with "+ORC+ORC" as "Registrant" +and "12121212" as "Activation" code (use whatever you fancy). +CTRL+D ;switch to Winice +:task ;let's see what's the name of this crap +TaskName SS:SP StackTop StackBot StackLow TaskDB hQueue Events +WINWORD 1AD7:85F2 4A52 8670 7532 1247 122F 0000 +PROGMAN 1737:200A 0936 2070 1392 066F 07F7 0000 +DISKOMAT *2C5F:6634 1D3C 6AC6 5192 2CB7 2C9F 0000 + +:hwnd DISKOMAT ;which window is getting the input? +WinHandle Hqueue QOwner Class Name Window Procedure +0EB4(0) 2C9F DISKOMAT #32769 04A7:9E6B + 0F34(1) 2C9F DISKOMAT #32768 USER!BEAR306 + 365C(1) 2C9F DISKOMAT #32770 2C3F:0BC6 + 36BC(2) 2C9F DISKOMAT Button 2C3F:1CEA + 3710(2) 2C9F DISKOMAT Edit 2C3F:24BE +... and many more irrelevant windows. + +Let's pinpoint the code, here the relevant window is the first +"Edit" one, for obvious reasons (more on this later). +:bmsg 3710 wm_gettext ;set breakpoint +CTRL+D ;run the babe until you get: +Break Due to BMSG 3710 WM_GETTEXT C=01 + Hwnd=3710 wParam=0050 lParam=2C5F629A msg=000D WM_GETTEXT +2C3F:000024BE B82F2C MOV AX,2C2F +So! Now we have "pinpointed" the babe (more on "pinpointing" +later). Let's snoop around a little: look at the stack to fetch +your babe's last call (if it does not show immediately, just keep +pinpointing, for instance on GetWindowText() or do a BPRW +diskomat (very useful), and then try and retry the stack... +should this too fail to work, search for your input in memory (in +the 30:0 lffffffff selector, as usual) and breakpoint range on +it with ReadWrite, and then stack, stack, stack... until you get +the "real" list of calls coming from your babe's protection. +:stack ; let's see +USER(19) at 073F:124C [?] through 073F:1239 +CTL3D(02) at 2C3F:0D53 [?] through 2C3F:0D53 +DISKOMAT(01) at 2C97:20B9 [?] through 2C97:20B9 +DISKOMAT(01) at 2C97:3D94 [?] through 2C97:3D94 +DISKOMAT(01) at 2C97:49E2 [?] through 2C97:4918 +DISKOMAT(04) at 2C7F:EA20 [?] through 2C7F:EA20 +USER(01) at 04A7:19BE [?] through USER!GETWINDOWTEXT +== CTL3D(02) at 2C3F:24BE [?] through 04A7:3A3C + + Beautiful stack fishing! Do immediately a BPX on babe:EA20. +2C7F:EA35 9A25ABA704 CALL USER!GETWINDOWTEXT +2C7F:EA3A 8D46AE LEA AX,[BP-52] ;load ptr "+ORC+ORC" +2C7F:EA3D 16 PUSH SS ;save pointer segment +2C7F:EA3E 50 PUSH AX ;save pointer offset +2C7F:EA3F 9A768D872C CALL 2C87:8D76; get strlen "ORC+ORC" +2C7F:EA44 83C404 ADD SP,+04 +2C7F:EA47 3D2800 CMP AX,0028 +2C7F:EA4A 762C JBE EA78 +... +2C7F:EA97 8D46AE LEA AX,[BP-52] ;load ptr "+ORC+ORC" +2C7F:EA9A 16 PUSH SS ;various algors on input +2C7F:EA9B 50 PUSH AX ;follow here, we do not +... ;need to care +2C7F:EAB2 0F851101 JNE EBC7 +2C7F:EAB6 8D8E5CFF LEA CX,[BP+FF5C] ;ptr "12121212" +2C7F:EABA 16 PUSH SS +2C7F:EABB 51 PUSH CX +2C7F:EABC 9A768D872C CALL 2C87:8D76 ;get strlen "12121212" +2C7F:EAC1 83C404 ADD SP,+04 +2C7F:EAC4 50 PUSH AX +2C7F:EAC5 8D865CFF LEA AX,[BP+FF5C] ;ptr "12121212" HERE! +2C7F:EAC9 16 PUSH SS +2C7F:EACA 50 PUSH AX +...etc, various algors on input follow here + + OK, it's enough: now obviously follows the code that +"algorithmize" the number string, and then, somewhere, you'll +have the hideous compare that divides good guys and bad crackers. +You could examine, and crack, and search... + BUT NOW IT'S THE "MAGIC MOMENT" OF THE ECHO! We know and *feel* +it: The echo must be somewhere... how do we find it? Searching +"12121212" in memory fishes at least 10 different locations... +:s 30:0 lffffffff '12121212' +Pattern Found at 0030:0005AD6A +.... (7 more) +Pattern Found at 0030:80509D6A +Pattern Found at 0030:8145AD6A + Should we look for all occurrences of string '12121212', +starting with the two at 80000000, dumping +-0x90 around it... +until we find the echo? We could, and it would work, but that's +not zen... that's boring! In other protections these locations +could proliferate on purpose, to deter the casual cracker. There +must be some other way... And lo and behold! YES! There is a +quicker way... THE LAST loading of the numeric input string in +the code (the one after the strlen count) is the "right" one for +our cracking purposes, coz protections follow (mostly) this +pattern (remember: we are inside a "stack-heavy" section of the +code... if you want to crack higher I suggest you read some good +literature about stack working, stack tricks and stack magics +with the Intel processors): + LOAD NAMEString - COUNT NAMEStringLen + LOAD NAMEString - TRANSFORM NAMEString + LOAD CODEString - COUNT CODEStringLen + LOAD CODEString + *ECHO must be here* + TRANSFORM CODEString + *ECHO must be here* + COMPARE TRANSFORMED_NAMEString WITH TRANSFORMED_CODEString + + This means that at line +2C7F:EAC5 8D865CFF LEA AX,[BP+FF5C] ;ptr "12121212" +you'll already have your echo somewhere... just dump the memory +around the pointer [BP+FF5C]: +:d 2c5f:61e8 ;these numbers will differ in your computer +02 62 2F 06 02 00 26 2E-A3 4E A3 4E 01 00 38 30 .b/...&..N.N..80 +33 37 2D 36 34 36 2D 33-38 33 36 00 01 06 02 00 37-646-3836..... +2F 06 75 62 C3 2E B7 04-F2 24 2F 06 CE 6E 2F 06 /.ub.....$/..n/. +49 00 5A 00 01 00-04 2C 2F 06 AE 24 36 62 00 00 I.Z......,/..$6b +74 62 7A 2E B7 04 36 62-01 00 C2 62 2F 2C 26 2E tbz...6b...b/,&. +03 01 BA 0F AE 24 5F 02-C9 01 5E 02 BA 01 5F 02 .....$_...^..._. +31 32 31 32 31 32 31 32-00 0C 00 BC 02 00 00 00 12121212........ +00 49 00 BA 0F-AE 24 F2 24 2F 06 00 00 00 00 00 ....I....$.$/... +AF 17 00 E2 5F-7A 62 FE FF 79 1B BA 0F 00 00 00 ......._zb..y... +96 0B 01 00 02 4E 00-37 01 8A 62 D2 0F 8F 17 00 .....N..7..b.... +2F 06 00 37 01-98 62 20 10 16 03 2F 06 00 00 00 /.....7..b .../. +C2 62 2B 4F 52 43 2B 4F-52 43 00 0D AE 24 2F 06 .b+ORC+ORC...... + + Look at this dump: everybody is there! The stack pointers points +in the middle, at string "12121212". 0x50 bytes before it you'll +find our good old ECHO (i.e. the CORRECT passnumber) and 0x50 +bytes afterwards you'll see your handle: here "+ORC+ORC". + It's cracked! The code for my "+ORC+ORC" is 8037-646-3836... +Now begin your assignments: if you rally want to learn cracking: +- "Unregister" and find anew your own code for your own + handle. *DO NOT* use serial numbers with any other name + that your own handle, that's miserable stealing, not + cracking. I'll begin to punish the serial#_aficionados on + the Web, coz I like real outlaws, but I detest stupid + pickpockets. +- Study the two coding algorithms, the one for the input name + and the one for the input number, this will be very useful + for your future cracking sessions. +- Find the "Compare", i.e. the code that sets the two usual + flags "good guy, you may move on" and "bad cracker, beggar + off", and +- Create a "real" crack for this protection, that will allow + anybody you think deserves it, with any name and any + password number, to get through. + +[CRACKING SNAP 32] + Snap 32 (SNAP32.EXE 356.352 bytes, 24/11/95, Version 2.54, +by Greg Kochaniak) is a "snapshot" shareware program for Windows +95, that allows users to save the screen, parts of it, or a +single window. It's a very common 'try before you buy' program, +limited to 30 days use. You'll find it everywhere on the Web. If +you do not know how to search the Web (poor guy!), learn at the +end of this lesson the correct procedure to find all the files +you need on the Net and get them automatically emailed to you +(that's something you should learn: SEARCHING! It's even more +important than cracking!). + Snap32 is not very interesting (I don't think I used it more +than a couple of times), but its protection is: in order to (try +to) deter casual crackers it does not compare strings, it +compares a "magic" sum (from Namestring) with another magic sum +(from Numberstring). And: +* SUMS magics inside the GDI, not inside its own code; +* USES a look_up table for input validation instead of + "plain" code; +* COMPARES the "magic" manipulation from input NUMBER with + the "magic" manipulation from input NAME. + + The cracking procedure for most of these windows programs is +pretty simple and relatively straightforward: + +1) SEE THE NAME OF YOUR BABE AND ITS QUEUE SELECTOR +:task ;This is the Winice95 command you type after firing +snap32 and getting at the "Enter License" nag window: + +TaskName SS:SP StckTp StckBt StckLw TaskDB Hqueue Events +Snap32 0000:0000 006 AC000 006B0000 270E D27 0000 + +OK, the babe is Snap32,it's HQUEUE is 0xD27, it's TaskDB is +0x27OE, orright. + +2) SEE THE MODULES OF YOUR BABE: +:map32 snap32 ;Your command +Owner Obj Name Obj# Address Size Type +SNAP32 .text 0001 0137:00401000 00043000 CODE RO +SNAP32 .rdata 0002 013F:00444000 00002E00 IDATA RO +SNAP32 .data 0003 013F:00447000 00009000 IDATA RW +SNAP32 .idata 0004 013F:00471000 00001C00 IDATA RW +SNAP32 .rsrc 0005 013F:00473000 00001600 IDATA RO +SNAP32 .reloc 0006 013F:00475000 00004C00 IDATA RO + +OK, so the code is in selector 137:(as usual), and you have there +43000 bytes of code from 401000 to 401000+43000; the DATA, +ReadWrite and ReadOnly, are in selector 13F: (as usual). + +3) SEE THE HANDLE OF THE PROTECTION "NAG" WINDOW +:hwnd snap32 ;Your command +Window Handle Hqueue SZ Qowner Class Name Window Procedure + 0350(1) 0D27 32 SNAP32 #02071 144F:0560 + 0354(2) 0D27 32 SNAP32 #02071 17CF:102E + ... and many more windows that we do not care of. + + OK, so, for our cracking purposes, it's Handle 0x350. Most of +the times the "nag" window you want to crack will be the first +one in the hwnd listing (coz it was the last one to appear). +Watch the number in parentheses that follows the Whandle: (1) is +a mother, (2) are "children" windows. At times you'll find under +"Class Name" something like "Edit" (see before the Winformant +cracking)... SNIFF THERE! At times the "Window Procedure" code +location in a list of more than twenty, will be slightly +different for one or two windows... SNIFF THERE! + +4) BREAKPOINT MESSAGE WM_GETTEXT (or any other WM_ that you can +think of in order to "pinpoint" the code of our babe). +"Pinpointing" the code is extremely important in windows +cracking... this idiotic OS moves code, data and stack out and +inside the pages all the time... so you'll keep getting on +"INVALID" sections without a correct pinpointing. Good +Pinpointing points are in general: + BMSG xxxx WM_GETTEXT (good for passwords) + BMSG xxxx WM_COMMAND (good fro OK buttons) + BPRW *your babe* TW (good for tracking) + u USER!GETWINDOWTEXT (u and then BPX inside the code) + u GETDLGITEM (for the Hwnd of an Item inside a + Dialog Box) + CSIP NOT GDI (if you have too many interferences) + u USER!SHOWWINDOW (bpx with counter occurrence to get to + the "right" window) + u GETSYSTEMTIME (for "time-crippled" software) +and many others pinpointing points you'll learn. If you are +really desperate for pinpointing, just do a BMSG xxxx WM_MOVE and +then move the nag window, this will always work. Let's go on: + +:bmsg 350 wm_gettext ;Your command +OK, so the code is ready to be pinpointed. + +5)RUN THE PROGRAM TO THE BREAKPOINT: +CTRL+D ;Your command to exit Winice and run + until it pops out at breakpoint +OK, now you pop out inside Winice somewhere... (look at the stack +to know where) so the code has been pinpointed. + +6) SEARCH THE DATA AREA for your input string (4 Gigabytes from +30:0... remember that DATA are *always* in 30:0 to 30:FFFFFFFF +and CODE is *always* in 28:0 to 28:FFFFFFFF). In most protection +the "registration_number" string must match the "username" +string, which cannot be constrained, in order to allow users to +choose whatever stupid name they fancy. Some protections requires +fixed symbols inside the "username" string, though... in these +rare eventualities, just apply to the "username" string what +we'll do here with the "registration_number" string. The point +to remember is: begin always with the protection fumbling your +number, crack only if necessary the protection that fumbles your +name. Let's search now. + +:s 30:0 lffffffff '12121212' ;Your command + Pattern Found at 0030:80308612 + +80000000 is good. Lower era videos, mirrors and BIOS, higher +(around C0000000) you have the OS dustbins... the point to +remember is: investigate always FIRST the 80000000 locations. + +7) BREAKPOINT ON MEMORY RANGE ON THIS STRING. +By the way: prepare a watch window dex 3 es:di, you'll soon see +how useful such an automated watchwindow is in password cracking. + +:bpr 30:80308612 30:80308612+8 RW ;Your command + +OK Now we'll begin to dig out the relevant parts of the code. +Remember that you must breakpoint *every* copy of the string that +protection generates. A typical copy routine, very frequently +used in windows copy protection schemes, dwells inside +KERNEL!HMEMCPY (+0076): + +0117:9E8E 66C1E902 SHR ECX,02 +0117:9E92 F36766A5 REPZ MOVSD ;makes a copy in es:di +0117:9E96 6659 POP ECX +0117:9E98 6683E103 AND ECX,+03 +0117:9E9C F367A4 REPZ MOVSB +0117:9E9F 33D2 XOR DX,DX + +In fact, this piece of copying code is so often used for password +verifications that sometimes you just need to bpx on 0117:9E92 +to get the correct stack sequence... but let's, for now, continue +without such little tricks: just keep on BPRring (Breakpoint on +memory range) all copies that protection makes. + +8) LET THE BABE RUN, it will breakpoint on all manipulations of +your input string. One of them will lead to the magic. +8.1.) VALIDATION phase +There are many routines that check and "validate" your inputs. +The most common ones check that your numbers ARE really numbers, +i.e. in the range 0x30-0x39. Usually this is done with: + CMP EAX,+30 + JB no_number + CMP EAX,+39 + JA no_number +At times the protectionists use TABLES instead... The number +itself is used as a pointer to a "ready made" table where the +relevant magic can be used as a protection. Imagine that a number +4 in your input points to a code section that throws you +immediately outside the validation routine... or imagine that a +number 7, if found in your input, fetches a magic code that +removes the whole program from your harddisk (or worse): "Ah, ah! +Stupid cracker will never know that he should not have used +number 4... and definitely not number 7! Next time he'll +learn..." Yes, tables have been used for such nasty tricks. +Here the relevant code for the "validation" part of our +protection (still checking my favourite input string '12121212'): +:check_if_valid +0137:4364AE 8A16 MOV DL,[ESI] ;load license number +0137:4364B0 33C0 XOR EAX,EAX ;zero AX +0137:4364B2 668B0451 MOV AX,[ECX+2*EDX] ;look table for 84 +0137:4364B6 83E008 AND EAX,+08 ;OK if AND'S TO zero +0137:4364B9 85C0 TEST EAX,EAX ;and therefore +0137:4364BB 7403 JZ 004364C0 ;go on +0137:4364BD 46 INC ESI ; ready for next number +0137:4364BE EBCD JMP 0043648D +:strip_-_&_+_signs +0137:4364C0 33DB XOR EBX,EBX ;clean BX +0137:4364C2 8A1E MOV BL,[ESI] ;load license number +0137:4364C4 46 INC ESI ;ready for next +0137:4364C5 8BFB MOV EDI,EBX ;save copy +0137:4364C7 83FB2D CMP EBX,+2D ;is it a "-"? +0137:4364CA 7405 JZ 004364D1 +0137:4364CC 83FB2B CMP EBX,+2B ;is it a "+"? + +8.2.) MANIPULATION (summing magic numbers) +Your wisely set breakpoints on memory range for the occurrence +of the string "12121212" will pop you out, inter alia, inside +following piece of code (note how this part of protection dwells +inside GDI, and NOT inside the code selector of snap32): +0557:11BD 33C0 XOR EAX,EAX ;zero AX +0557:11BF 66648B06 MOV AX,FS:[ESI] ;load number +0557:11C3 83C602 ADD ESI,+02 ;point to next +0557:11C6 66833C4700 CMP WORD PTR [EDI+2*EAX],+00 +0557:11CB 0F8424010000 JE 000012F5 +0557:11D1 668B0442 MOV AX,[EDX+2*EAX] ;load from magic table +0557:11D5 03D8 ADD EBX,EAX ;save sum in EBX +0557:11D7 49 DEC ECX ;till we are done +0557:11D8 75E5 JNZ 000011BF ;loop along + +Interesting, isn't it? Protection is using this GDI routine to +create a SUM (through pointers to another table) that depends on +your very input numbers. We are now very near to the crack... can +you *feel* it? If not, prepare yourself a good Martini Vodka! +This is the correct way to do it: + * Get a "highball" glass; + * Put some ice cubes inside it (2 or 3); + * Add Martini Dry (From Martini & Rossi). Fill to 1/3; + * Add Moskowskaja Wodka (the only real Vodka). Fill to 2/3; + * Add a zest of lemon (From Malta or Southern France); + * Add a green "sound" olive (from Italy or Israel); + * Add Schweppes Indian Tonic. Fill to the brim. +Sit deeper and relax, sip slowly and *feel* where the code of the +protection scheme you are cracking "moves"... It's like a +current... a slow tide. If you still do not believe me, just try +it. + +We'll now find out where protection stores the "magic" sum (and +now you'll pop out inside the very own snap32 code, this is the +"real" protection part): + +8.3.) The ludicrous "HIDING" of the magic sum +0137:40437E 83C404 ADD ESP,+04 +0137:404381 8B4DE8 MOV ECX,[EBP-18] +0137:404384 8945F0 MOV [EBP-10],EAX ;***HERE!*** +0137:404387 68FF000000 PUSH 000000FF +0137:40438C 8D8574FBFFFF LEA EAX,[EBP+FFFFFB74] ;load string +0137:404392 50 PUSH EAX ;push it +0137:404393 E886410100 CALL 0041851E ;manipulate +0137:404398 8D8574FBFFFF LEA EAX,[EBP+FFFFFB74] ;load string +0137:40439E 50 PUSH EAX ;push it +0137:40439F E88C210300 CALL 00436530 ;manipulate + +As you can see, the protection is very simple: The "magic" sum +is hidden only two lines before the further manipulations of the +input string. We have found location 137:404384, here, in the +CORRECT way, through bprring of the string that has been +manipulated in the GDI, but actually, we could have found it +quickly just checking superficially what's happening "around" all +manipulations of the input string. Do we really need to follow +all manipulations of our registration_number and eventually also +all manipulation of our username? NO, not at all: we just set a +BPR on the stack location where protection hides the sum [EBP-10] +and we'll see what happens: 90% of these protections just create +two sums, a sum from your username and a sum from your +registration_number... somewhere there will be a compare that +must use this location (or a copy of it... we'll see). + +8.4.) COMPARING THE MAGICS FROM THE TWO INPUT STRING +Breakpoint on memory range on the sum location [EBP-10] that you +saw in the previous code and you'll land at this piece of code: +0137:404412 E82F050000 CALL 00404946 +0137:404417 83C40C ADD ESP,+0C +0137:40441A 3B45F0 CMP EAX,[EBP-10] ;comp AX & magicsum +0137:40441D 740F JZ 0040442E +0137:40441F 68C0874400 PUSH 004487C0 +0137:404424 E8149E0000 CALL 0040E23D +0137:404429 83C404 ADD ESP,+04 +0137:40442C EB5B JMP 00404489 +0137:40442E 893DA0714400 MOV [004471A0],EDI +0137:404434 85FF TEST EDI,EDI + +That's it, you have made it! We found the compare between the +"username" magic number (for my "+ORC+ORC" string that's here +0x7C25621B) in AX (we do not need to know how this landed +there... it's irrelevant!) and the "license_number" '12121212' +(whose magic is here 0x00B8F47C) stored in [pointer-10.] How do +we find now the correct INPUT number for +ORC+ORC? Well, it's +easy... the "magic number" must be the same... therefore: + +Cracked=Dec(0x7C25621B) +Cracked=2082824731 + + That was it. Old Snap32 has been cracked. You could now +prepare a crack in order to distribute this program around +without its simple protection. Good cracked applications should +be given free (i.e. cracked) to all the people that NEED them and +do not have the money to buy them. Don't forget that in this +intolerable society the 0,5% of the citizens own the 56% of the +industrial capital and the 63% of the propaganda machines (data +from US researchers... therefore suspect... the real situation +is probably even worser) effectively conditioning the destiny of +millions of slaves, moronized by television watching. So crack +the applications and give them to the people you care and the +peolple that need them, but for the others... just EXPLAIN +everybody how you did it... this is real help: giving knowledge, +not wares. DO NOT use my handle and my codes to crack this +program, get yours, I gave you mine only as an help for this +cracking lesson. I have showed you the way enough... THIEFS, not +crackers, use the codes that others have found. You are (gonna +be) CRACKERS! Remember it, look straight ahead, crack accurately +and keep your tommy in. + +HOW TO SEARCH THE INTERNET FOR FILES WITHOUT MOVING A FINGER + It's amazing: most of the people roaming around inside Internet +DO NOT know how to use effectively the web. I'll be very +altruistic and explain how to fetch the very example of Snap32, +the babe we cracked in this lesson. + +1) Choose an archie from this list (I will not explain you what +an archie is, you should know it... if you do not, be ashamed): + archie.univie.ac.at 131.130.1.23 Austria + archie.belnet.be 193.190.248.18 Belgium + archie.funet.fi 128.214.6.102 Finland + archie.univ-rennes1.fr 129.20.254.2 France + archie.th-darmstadt.de 130.83.22.1 Germany + archie.ac.il 132.65.16.8 Israel + archie.unipi.it 131.114.21.10 Italy + archie.uninett.no 128.39.2.20 Norway + +2) Email a message to your archie: + To: archie.univie.ac.at (for instance) + Subject: (nothing on this field) + Body: set search sub (substrings too) + set maxhits 140 (max 140 hits) + set maxhitspm 9 (not the same file all over) + find snap32 (we want this) + +3) After a while you'll get (per email) your answer: Here the +answer from the Austrian archie + +Host ftp.wu-wien.ac.at (137.208.8.6) + Last updated 17:48 9 Aug 1995 + Location: /pub/systems/windows.32/misc + FILE -rw-r----- 128957 bytes 15:59 16 Jun 1995 snap32.zip +Host space.mit.edu (18.75.0.10) + Last updated 00:45 4 Mar 1996 + Location: /pub/mydir + FILE -rw-r--r-- 407040 bytes 11:55 28 Nov 1995 snap32.exe + +4) ftpmail your file (Browsing is no good: too busy and lame). +Again, I will not explain you what an FTPMAIL server is: learn +it by yourself... choose a good one from this list (there are +many more... you'll learn): + bitftp@vm.gmd.de (Germany) + ftpmail@ieunet.ie (Ireland) + bitftp@plearn.edu.pl (Poland) + ftpmail@ftp.sun.ac.za (South Africa) + ftpmail@ftp.sunet.se (Sweden) + ftpmail@ftp.luth.se (Sweden) + ftpmail@src.doc.ic.ac.uk (United Kingdom) + +To: ftpmail@ftp.sun.ac.za. (for instance) +Subject: (leave blank) +Body: open space.mit.edu (the last occurrence that + the archie sent) + cd/pub/mydir (get the correct subdir) + bin (prepare for BINARY) + get snap32.exe (I want this) + quit (bye) + +5) Your FTPMAIL server will first notice you a receipt: + +FTP EMAIL response... +ftpmail has received the following job from you: + reply-to +ORC + open space.mit.edu +ORC@now.here + get snap32.exe +ftpmail has queued your job as: 1834131821.5514 +Your priority is 1 (0 = highest, 9 = lowest) +Requests to sunsite.doc.ic.ac.uk will be done before other jobs. +There are 14 jobs ahead of this one in the queue. +4 ftpmail handlers available. +To remove send a message to ftpmail containing just: +delete 1834131821.5514 + +After a while you'll get a second message, with your file +uuencoded inside... everything has been done. +YESSIR! there is absolutely no need to loose time on the WWW, +"surfing" idiotically from a junk site to the next or waiting +hours to download some slow file from an instable server! Wasting +time of your own LIFE, that you could use to read poetry, to make +love, to look at the stars, to sail slowly between the Aegean +islands or to start a nice cracking session. What's the point of +wasting your time when machines can perform all the searches you +need better, more productively and faster than you ever could... +YESSIR! You can get *everything* on the Web, and without paying +your Internet provider more than a couple of dimes... Nice, isn't +it? + +By now, if you have followed all my lessons, you should be able +to crack relatively quickly "normal" applications. There are some +new projects for 1997: a cracking "university", that will allow +us to prepare for the divine war against Microsoft repulsive +dominion. If you do not have already chosen your handle (your +"cracker" name, that's it), you may consider choosing an handle +with a "+" somewhere inside it or, eventually, add a "+" to your +handle. This sign is used by me and by friends that have studied +and/or contributed. But a "+" in your handle ("official +ORC +cracker") will mean even more: +1) allows support from me personally (on a "do ut des" basis) +2) allows pupils to identify each other (good for joining + forces) +3) will open you (eventually) the doors to the "higher" + cracking university I'll set up on the Web in 1997. +(I'm not getting megalomaniac... In reality I only need a "quick" +method to know on which (anonymous) people I can count on for the +next phase). + +Well, that's it for this lesson, reader. Not all lessons of my +tutorial are on the Web. + You 'll obtain the missing lessons IF AND ONLY IF you mail +me back (via anon.penet.fi) with some tricks of the trade I may +not know that YOU discovered. Mostly I'll actually know them +already, but if they are really new you'll be given full credit, +and even if they are not, should I judge that you "rediscovered" +them with your work, or that you actually did good work on them, +I'll send you the remaining lessons nevertheless. Your +suggestions and critics on the whole crap I wrote are also +welcomed. + + E-mail +ORC + + +ORC an526164@anon.penet.fi + HOW TO CRACK, by +ORC, A TUTORIAL + +--------------------------------------------------------------------------- + + Lesson A.1: Advanced Cracking: Internet Cracking (Unix) + +--------------------------------------------------------------------------- + +-------------> INTERNET CRACKING: FIREWALLS + + With each new company that connects to the "Information + +Superhighway" new frontiers are created for crackers to explore. + +Site administrators (Siteads) have implemented various security + +measures to protect their internal networks. One of these is + +xinetd, covered later. A more general solution is to construct + +a guarded gateway, called a [Firewall], that sits between a + +site's internal network and the wild and woolly Internet where + +we roam. In fact only one third of all Internet connected + +machines are already behind firewalls. Most information services + +have to deal with the same problem we have: getting OUT through + +a local firewall or GETTING INTO a service through their + +Firewall. There lays also the crack_solution. + +------------> What is a Firewall? + + The main purpose of a Firewall is to prevent unauthorized + +access between networks. Generally this means protecting a site's + +inner network from the Internet. If a site has a firewall, + +decisions have been made as to what is allowed and disallowed + +across the firewall. These decisions are always different and + +always incomplete, given the multiplicity of Internet, there are + +always loopholes where a cracker can capitalize on. + + A firewall basically works by examining the IP packets that + +travel between the server and the client. This provides a way to + +control the information flow for each service by IP address, by + +port and in each direction. + + A firewall embodies a "stance". The stance of a firewall + +describes the trade-off between security and ease-of-use. A + +stance of the form "that which is not expressly permitted is + +prohibited" requires that each new service be enabled + +individually and is seldom used, coz very slow and annoying. + +Conversely, the stance "that which is not expressly prohibited + +is permitted" has traded a level of security for convenience. It + +will be useful to guess the stance of the firewall you are + +cracking when making probe decisions. + + A firewall has some general responsibilities: + +* First and foremost if a particular action is not allowed by + +the policy of the site, the firewall must make sure that all + +attempts to perform the action will fail. + +* The firewall should log suspicious events + +* The firewall should alert internal administration of all + +cracking attempts + +* Some firewall provide usage statistics as well. + +------------> Types of Firewall + + In order to avoid head-scratching, it's a good idea to know + +the TOPOLOGY of "your" firewall -and its limitations- before + +attempting to get through it. Discussed below are two popular + +firewall topologies. Although other types exist, the two below + +represent the basic forms; most other firewalls employ the same + +concepts and thus have -luckily- the same limitations. + + 1) THE DUAL-HOMED GATEWAY + + A dual-homed Gateway is a firewall composed of a single + +system with at least two network interfaces. This system is + +normally configured such that packets are not directly routed + +from one network (the Internet) to the other (the internal net + +you want to crack). Machines on the Internet can talk to the + +gateway, as can machines on the internal network, but direct + +traffic between nets is blocked. + + In discussing firewalls, it's generally accepted that you + +should think of the inner network as a medieval castle. The + +"bastions" of a castle are the critical points where defence is + +concentrated. In a dual-homed gateway topology, the dual-homed + +host itself is called the [BASTION HOST]. + + The main disadvantage of a dual-homed gateway, from the + +viewpoints of the users of the network and us crackers alike, is + +the fact that it blocks direct IP traffic in both directions. Any + +programs running on the inner network that require a routed path + +to external machines will not function in this environment. The + +services on the internal network don't have a routed path to the + +clients outside. To resolve these difficulties, dual-homed + +gateways run programs called [PROXIES] to forward application + +packets between nets. A proxy controls the conversation between + +client and server processes in a firewalled environment. Rather + +than communicating directly, the client and the server both talk + +to the proxy, which is usually running on the bastion host + +itself. Normally the proxy is transparent to the users. + + A proxy on the bastion host does not just allow free rein + +for certain services. Most proxy software can be configured to + +allow or deny forwarding based on source or destination addresses + +or ports. Proxies may also require authentication of the + +requester using encryption- or password-based systems. + + The use of proxy software on the bastion host means that the + +firewall administrator has to provide replacements for the + +standard networking clients, a nightmare in heterogeneous + +environments (sites with many different operating systems + +platforms, PC, Sun, IBM, DEC, HP...) and a great burden for + +administrator and users alike. + + 2) THE SCREENED HOST GATEWAY + + A screened host gateway is a firewall consisting of at least + +one router and a bastion host with a single network interface. + +The router is typically configured to block (screen) all traffic + +to the internal net such that the bastion host is the only + +machine that can be reached from the outside. Unlike the dual- + +homed gateway, a screened host gateway does not necessarily force + +all traffic through the bastion host; through configuration of + +the screening router, it's possible to open "holes" in the + +firewall to the other machines on the internal net you want to + +get into. + + The bastion host in a screened host firewall is protected + +from the outside net by the screening router. The router is + +generally configured to only allow traffic FROM SPECIFIC PORTS + +on the bastion host. Further, it may allow that traffic only FROM + +SPECIFIC EXTERNAL HOSTS. For example the router may allow Usenet + +news traffic to reach the bastion host ONLY if the traffic + +originated from the site's news provider. This filtering can be + +easily cracked: it is relying on the IP address of a remote + +machine, which can be forged. + + Most sites configure their router such that any connection + +(or a set of allowed connections) initiated from the inside net + +is allowed to pass. This is done by examining the SYN and ACK + +bits of TCP packets. The "start of connection" packet will have + +both bits set. If this packets source address is internal... or + +seems to be internal :=) the packet is allowed to pass. This + +allows users on the internal net to communicate with the internet + +without a proxy service. + + As mentioned, this design also allows "holes" to be opened + +in the firewall for machines on the internal net. In this case + +you can crack not only the bastion host, but also the inner + +machine offering the service. Mostly this or these machine/s will + +be far less secure than the bastion host. + + New services, for instance recent WEB services, contain a + +lot of back doors and bugs, that you'll find in the appropriate + +usenet discussion groups, and that you could use at freedom to + +crack inner machines with firewall holes. Sendmail is a good + +example of how you could crack in this way, read the whole + +related history... very instructive. The rule of thumb is "big + +is good": the bigger the software package, the more chance that + +we can find some security related bugs... and all packages are + +huge nowadays, 'coz the lazy bunch of programmers uses + +overbloated, buggy and fatty languages like Visual Basic or + +Delphy! + +Finally, remember that the logs are 'mostly) not on the bastion + +host! Most administrators collect them on an internal machine not + +accessible from the Internet. An automated process scan the logs + +regularly and reports suspicious information. + + + + 3) OTHER FIREWALL TOPOLOGIES + +The dual-homed gateway and the screened host are probably the + +most popular, but by no mean the only firewall topologies. Other + +configurations include the simple screening router (no bastion + +host), the screened subnet (two screening routers and a bastion + +host) as well as many commercial vendor solutions. + +------------> Which software should we study? + +Three popular unix software solutions allow clients inside a + +firewall to communicate with server outside: CERN Web server in + +proxy mode, SOCKS and the TIS Firewall toolkit. + +1) The CERN Web server handles not only HTTP but also the other + +protocols that Web clients use and makes the remote connections, + +passing the information back to the client transparently. X-based + +Mosaic can be configured for proxy mode simply by setting a few + +environment variables. + +2) The SOCKS package (available free for anonymous ftp from + +ftp.nec.com in the file + + /pub/security/socks.cstc/socks.cstc.4.2.tar.gz + +includes a proxy server that runs on the bastion host of a + +firewall. The package includes replacements for standard IP + +socket calls such as connect(), getsockname(), bind(), accept(), + +listen() and select(). In the package there is a library which + +can be used to SOCKSify your crack probes. + +3) The Firewall Toolkit + +The toolkit contains many useful tools for cracking firewall and + +proxy server. netacl can be used in inetd.conf to conceal + +incoming requests against an access table before spawning ftpd, + +httpd or other inetd-capable daemons. Mail will be stored in a + +chroot()ed area of the bastion for processing (mostly by + +sendmail). + +The Firewall toolkit is available for free, in anonymous ftp from + +ftp.tis.com in the file + + /pub/firewalls/toolkit/fwtk.tar.Z + +The popular PC firewall solution is the "PC Socks Pack", for MS- + +Windows, available from ftp.nec.com It includes a winsock.dll + +file. + + The cracking attempts should concentrate on ftpd, normally + +located on the bastion host. It's a huge application, necessary + +to allow anonymous ftp on and from the inner net, and full of + +bugs and back doors. Normally, on the bastion host, ftpd is + +located in a chroot()ed area and runs as nonprivileged user. If + +the protection is run from an internal machine (as opposing the + +bastion host), you could take advantage of the special inner-net + +privileges in hostp.equiv or .rhosts. If the internal machine + +"trusts" the server machine, you'll be in pretty easily. + + Another good method, that really works, is to locate your + +PC physically somewhere along the route between network and + +archie server and "spoof" the firewall into believing that you + +are the archie server. You'll need the help of a fellow hacker + +for this, though. + + Remember that if you gain supervisor privileges on a machine + +you can send packets from port 20, and that in a screened host + +environment, unless FTP is being used in proxy mode, the access + +filters allow often connections from any external host if the + +source port is 20 and the destination port is greater than 1023! + + remember that NCSA Mosaic uses several protocols, each on + +a different port, and that -if on the firewall no proxy Web + +server is operating- each protocol must be dealt with + +individually, what lazy administrators seldom do. + + Be careful for TRAPS: networking clients like telnet and ftp + +are often viciously replaced with programs that APPEAR to execute + +like their namesake, but actually email an administrator. A + +fellow cracker was almost intercepted, once, by a command that + +simulated network delays and spat out random error messages in + +order to keep me interested long enough to catch me. Read the + +(fictions) horror story from Bill Cheswick: "An evening with + +Berferd in which a cracked is lured, endured and studied", + +available from ftp.research.att.com in + + /dist/internet_security/berferd.ps + +As usual, all kind of traps can be located and uncovered by + +correct zen-cracking: you must *FEEL* that some code (or that + +some software behaviour) is not "genuine". Hope you believe me + +and learn it before attempting this kind of cracks. + +------------> How do I crack Firewalls? + + Some suggestions have been given above, but teaching you how + +to crack firewalls would take at least six complete tutorial + +lessons for a relatively unimportant cracking sector, and you + +would almost surely get snatched immediately, 'coz you would + +believe you can crack it without knowing nothing at all. So, for + +your sake, I'll teach you HOW TO LEARN IT, not HOW TO DO IT + +(quite a fascinating difference): First Text, then the software + +above. For text, start with Marcus Ranum's paper "Thinking about + +Firewalls", available from ftp.tis.com in the file/pub/firewalls/firewalls.ps.Z + +and do an archie search for newer literature. + +Join the firewall discussion list sending a message to + +majordomo@greatcircle.com, you'll get a message with + +instructions, as usual, lurk only... never show yourself to the + +others. + + You can find for free on the web quite a lot of early + +versions of proxy software. Study it, study it and then study it + +again. The cracking efforts on your copies, and your machines, + +before attempting anything serious, are MANDATORY if you do not + +want to be immediately busted on the Internet. When you feel + +ready to try serious cracking, you must OBLIGATORY start with a + +small BBS which uses a firewall version you already studied very + +well (sysops are not firewall administrators, and many of them + +do not know nothing about the software they use). As soon as you + +gain access to the bastion host, remember to subvert entirely the + +firewall itself before entering the inner net. + +If you feel ready and everything went well so far, if your zen- + +cracking abilities are working well... then take a moment for + +yourself... prepare yourself a good Martini-Wodka (you should + +only use Moskovskaia), take a deep breath and by all means go + +ahead! You will then be able to try your luck on the Cyberspace + +and get quickly busted (if you did not follow my admonitions and + +if you cannot zen-crack) or, may be, fish quite a lot of + +jewels... :=) + +-------------> INTERNET CRACKING: XINETD + + [Xinetd] a freely available enhanced replacement for the + +internet service daemon inetd, allows just those particular users + +to have FTP or Telnet access, without opening up access to the + +world. Xinetd can only protect the system from intrusion by + +controlling INITIAL access to most system services and by logging + +activities so that you can detect break-in attempts. However, + +once a connection has been allowed to a service, xinetd is out + +of the picture. It cannot protect against a server program that + +has security problems internally. For example, the finger server + +had a bug several years ago that allowed a particularly clever + +person to overwrite part of its memory. This was used to gain + +access to many systems. Even placing finger under the control of + +xinetd wouldn't have helped. + + Think of the secured firewall system as a fortress wall: + +each service that is enabled for incoming connections can be + +viewed as a door or window in the walls. Not all these doors have + +secure and reliable locks. The more openings are available, the + +more opportunities are open for us. + +-------------> What xinetd does + +Xinetd listens to all enabled service ports and permits only + +those incoming connection request that meet authorization + +criteria. + +- Accept connections from only certain IP addresses + +- Accept connections only from authorized users + +- Reject connections outside of aithorized hours + +- Log selected service when connections are accepted or + + rejected, capturing following informations: + + * Remote Host Address + + * User ID of remote user (in some cases) + + * Entry and Exit time + + * Terminal type + + Support login, shell, exec and finger + +-------------> SERVICES TO CRACK & + + UNWITTING INSIDE COMPLICES + +In this order the easy services: + + FTP TELNET LOGIN (rlogin) SHELL (rcmd) EXEC + +In this order the more difficult ones: + + MOUNT TFT FINGER NFS(Network File System) + + DNS(Domain Name Service) + +Remember that sendmail (SMTP), by default, accepts a message from + +any incoming connection. The "sender" of such a message can + +appear to have originated anywhere, therefore your claim of + +identity will be accepted! Thus you can forge a message's + +originator. Most of the recipients inside the protected + +(firewalled) net will take your claim at face value and send you + +(to the "return address" you provide) all the sensitive + +information you need to crack the system. Finding unwitting + +inside complices is most of the time pretty easy. + + By far the best method, for entering xinetd, is to get the + +real version from panos@cs.colorado.edu, modify the system files + +in order to have some backdoors, and then distribute them to the + +mirror servers on the WEB. Each time a new administrator will + +download "your" version of xinetd, you'll have an easy access to + +the "protected" system. + + On the Nets, it's important to conceal your identity (they + +will find you out pretty quickly if you do not). The best method + +is to obtain the IP address of a legitimate workstation during + +normal hours. Then, late at night, when the workstation is known + +to be powered-off or disconnected from a dialup PPP link, a + +different node on the network can be configured to use the + +counterfeit IP address. To everyone on the network, it will + +appear that the "legitimate" user is active. If you follow this + +strategy, you may want to crack somehow more negligently... the + +search for the cracker will go on -later- in the false confidence + +that a sloppy novice (the legitimate user) is at work, this will + +muddle the waters a little more. + +Well, that's it for this lesson, reader. Not all lessons of my + +tutorial are on the Web. + + You 'll obtain the missing lessons IF AND ONLY IF you mail + +me back (via anon.penet.fi) with some tricks of the trade I may + +not know that YOU discovered. Mostly I'll actually know them + +already, but if they are really new you'll be given full credit, + +and even if they are not, should I judge that you "rediscovered" + +them with your work, or that you actually did good work on them, + +I'll send you the remaining lessons nevertheless. Your + +suggestions and critics on the whole crap I wrote are also + +welcomed. + + E-mail +ORC + + +ORC an526164@anon.penet.fi + HOW TO CRACK, by +ORC, A TUTORIAL + +--------------------------------------------------------------------------- + + LESSON C (1) - How to crack, Cracking as an art + +--------------------------------------------------------------------------- + + [BARCODES] [INSTANT ACCESS] + + -------------------------------------- + +[BARCODES] + First of all, let me stress the importance of cracking in +our everyday life. Cracking it's not just about software, it's +about information, about all patterns of life. To crack is to +refuse to be controlled and used by others, to crack is to be +free. But you must also be yourself free from petty conventions +in order to crack properly. + You must learn to discerne cracking possibilities all around +yourself, and believe me, the development of this ghastly society +brings every day new codes, protections and concealing +mechanismes. + All around us grows a world of codes and secret and not so +secret patterns. Codes that are at times so familiar and common +that we do not even notice them any more... and yet they are +there to fool us, and yet they offer marvellous cracking +possibilities. + Let's take as an striking example BARCODES... those little +lines that you see on any book you buy, on any bottle you get, +on any item around you... do you know how they work? If you do +not you may be excused, but you cannot be excused if you never +had the impulse to understand them... crackers are curious by +nature... heirs of an almost extinct race of researchers that has +nothing in common with the television slaves and the publicity +and trend zombies around us. Cracker should always be capable of +going beyond the obvious, seek knowledge where others do not see +and do not venture. + +[BARCODE HISTORY] + Let's begin with a little history. Universal Product Code +(UPC) was adopted for commercial use by the grocery industry in +the USA. Among the advantages were a rapid, accurate and reliable +way of entering stock information into a computer and the +possibility to sack a lot of workers and to do more profit. The +early success led to the development of the European Article +Numbering System (EAN), a symbology similar to UPC, that is +widely used in Europe and in the rest of the World. I'll teach +you to crack this one, since I do not -fortunately- live in the +States. Keep in mind, anyway, that there are different barcode +symbologies, each with its own particular pattern of bars. The +UPC/EAN code used on retail products is an all-numeric code; so +is the Interleaved 2 of 5 Code. Code 39 includes upper case +letters, digits, and a few symbols. Code 128 includes every +printable and unprintable ASCII character code. The most new one +is a 2-D code. These are special rectangular codes, called +stacked barcodes or matrix codes. They can store considerably +more information than a standard barcode. They require special +readers which cost more than a standard scanner. The practical +limit for a standard barcode depends on a number of factors, but +20 to 25 characters is an approximate maximum. For applications +that need more data, matrix codes are used. For example, the next +time you receive a package from United Parcel Service look for +a small square label with a pattern of dots and a small bullseye +in the centre. This is a MaxiCode label, and it is used by UPS +for automatic destination sortition. + The manufacturer's ID number on the barcode uniquely +identifies products. These numbers are managed by the Uniform +Code Council in Dayton, Ohio for the States and Canada and by the +EAN authority (Internationale Article Numbering Association) in +Bruxelles, for Europe and the rest of the World. The +manufacturer's ID number accounts for some digits of the code, +which leaves other digits to be assigned in any way the producer +wants. He provides retail outlets with a list of his products and +their assigned codes so that they can be entered in the cash +register system. Many codes are NOT on the products and are added +by the supermarkets on the fly, using an internal code schema +that may be non standard. Now it's enough... let's crack. + BARCODES are the only thing an automated casher needs to see +on a product to calculate its price and automatically catalogate +the sold merchandise... imagine (just imagine it :=) coz it would +be extremely illegal to act in this way) somebody would fasten +an adhesive home-made codebar label direct on the top of the +supermarket/mall/retail store label, say on a bottle of Pomerol +(that's a very good but unfortunately very expensive french +wine). + The new label would mean for the casher something like +"cheap wine from Bordeaux, France, cost so and so, everything +it's OK, do not worry"... do you think that anybody would come +to the idea that there is something wrong with the label, with +the bottle or with you? I have been codebaring for years and had +only once a problem, coz my printer was running out of ink and +the scanner in the supermarket could not read it... so what? Act +uninterested, always wear jackets of the utmost quality, shetland +pullovers and beautiful expensive shoes... (all articles that you +may codebar too, by the way), in this society appearance and look +count much more than substance and knowledge... LET'S USE THIS +TO OUR ADVANTAGE! Nobody will ever come to the idea that you may +actually really know the working of the scheme... coz codebar is +pretty complicated and not exactly exceptionally public. On the +Web there are a lot information about it, but most of them are +useless, unless you know how to search most of the time you'll +find only sentences like this one: + "The calculated check digit is the twelfth and final + digit in the U.P.C.code. It is calculated based on a + specific algorithm, and is necessary to ensure that + the number is read or key-entered correctly." + +But good +ORC will now explain you everything you need to crack: + +[THE 13 BAR "CODES"] +Each barcode label has 13 values, from #0 to #12 (that's the EAN +code, the UPC american one has only 12, from #0 to #11). + #0 and #1 indicate the origin of the product. + #2 to #11 give the article code + #12 (the last and 13th one) is a checksum value, that + verifies the validity of all the other numbers. +How is it calculated? #12 is calculated in 4 steps + VALUE A: You sum odd position numbers (#0+#2+#4+#6+#8+#10) + VALUE B: You sum even position numbers and multiply by 3 + ((#1+#3+#5+#7+#9+#11)*3) + VALUE C: You sum value A and value B + VALUE D: You mod value C (you divide by 10 and only keep + the remaining units, a very widespread checking scheme as + you'll see in the software part of this lesson) + If the result is not zero, you subtract it from 10. +Now look at a barcode label, get some books or other barcoded +items and *watch* it... +Bar codes are supposed to have "quiet zones" on either side of +the symbol. Quiet zones are blank areas, free of any printing or +marks,typically 10 times the width of the narrowest bar or space +in the bar code. Failure to allow adequate space on either side +of the symbol for quiet zones can make it impossible to read the +bar code. +On the barcode there are two "borders", left and right, and a +"middle" longer line. These three lines are longer than the +others and are used to "regulate" the scanner to whatever +dimension has been used for the barcode. +#0 dwells left of the first (left) border and has a special +meaning, the other 12 numbers are written "inside" the code and +are divided in two "groups" by the middle bar. +Each value is coded through SEVEN bars: black=1 and White=0. +These form two couples of "optic" bars of different widths. +We come now to the "magic" part: In order to bluff the +simpletons, barcode uses three different SETS of characters to +represent the values 0-9. This should make it impossible for you +to understand what's going on, as usual, in this society, slaves +should not need to worry with the real functioning of things. + Here are the graphic codes of the three graphic sets: + + CODE A CODE B (XOR C) CODE C (NOT A) +0: 0001101 (13) 0100111 (39) 1110010 (114) +1: 0011001 (25) 0110011 (51) 1100110 (102) +2: 0010011 (19) 0011011 (27) 1101100 (108) +3: 0111101 (61) 0100001 (33) 1000010 (066) +4: 0100011 (35) 0011101 (29) 1011100 (092) +5: 0110001 (49) 0111001 (57) 1001110 (078) +6: 0101111 (47) 0000101 (05) 1010000 (080) +7: 0111011 (59) 0010001 (17) 1000100 (068) +8: 0110111 (55) 0001001 (09) 1001000 (072) +9: 0001011 (11) 0010111 (23) 1110100 (116) + +Borders: 101 +Centre: 01010 + +- The C graphic set is a "NOT A" graphic set. +- The B graphic set is a "XOR C" graphic set. +- each value has two couples of bars with different widths + + Now watch some labels yourself... see the difference between the +numbers left and the numbers right? The first "half" of the +barcode is coded using sets A and B, the second "half" using set +C. As if that were not enough, A and B are used inside the first +"half" in a combination that varies and depends from value #0, +following 10 different patterns: + #1 #2 #3 #4 #5 #6 + 0 A A A A A A + 1 A A B A B B + 2 A A B B A B + 3 A A B B B A + 4 A B A A B B + 5 A B B A A B + 6 A B B B A A + 7 A B A B A B + 8 A B A B B A + 9 A B B A B A + +"Ah! Stupid buyer will never understand why the same values gives +different bars! Nothing is as reliable as barcodes!" :=) + +Let's take as example the codebar for Martini Dry: +BARCODE: 8 0 00570 00425 7 +Let's see: we have a 8 0 0 = booze +Then a 000570 as ABABBA and a 004257 as C +"Even" sum: 8+0+5+0+0+2 = 15 (even sum) +Then a 0+0+7+0+4+5= 16 and 16 *3 = 48 (odd sum) +Then a 15+48=63 +63 === 3 +10 - 3 = 7 = checksum +Pattern = 8 = ABABBA CCCCCC + +OK, one more example: Osborne Windows programming series Volume +2 General purpose API functions (always here on my table)... +BARCODE: 9 7 80078 81991 9 +Let's see: we have a 9 7 8 = book +Then a 780078 as ABBABA and a 819919 as C +"Even" sum: 9+8+5+8+8+4 = 42 (even sum) +Then a 7+1+5+2+4+4= 23 and 23 * 3 = 69 (odd sum) +Then a 42+69=111 +111 === 1 +10 - 1 = 9 = checksum +Pattern = 9 = ABBABA + +Well... what's the point of all this? +The point, my pupils, is that who DOES NOT KNOW is taken along +on a boat ride, who KNOWS and LEARNS can use his knowledge in +order to try to beat blue and black the loathsome consumistic +oligarchy where we are compelled to live. Try it out for +yourself... if you crack correctly and wisely your supermarket, +mall and library bills will be cut to almost zero. + Write a small program to print whichever codebar you fancy +(or whichever your mall uses) in whichever size on whichever sort +of label you (or better your targets) fancy... it's quickly done +with Visualbasic or Delphy... but you'll not find much on the Web +Alternatively you could also write, as I did long ago, a short +c program in dos, using a modified upper char set... and there +you are, have labels... see the world. + A small word of caution... crack only ONE item at time and +try it out first with the SAME label for the same product... i.e. +the correct code for that item, but on your own label. If it goes +through your program works good, if not, nobody will ever be able +to harm you. Anyway it never happens anything, never: the bar +code reading equipments have great tolerance, coz the scanners +must be able to recognize barcodes that have been printed on many +different medias. You should choose labels similar to the ones +effectively used only in order not to arise human suspects, coz +for all the scanner itself cares, your label could be pink with +green stripes and with orange hand-written, numbers. Mind you, +we are still just academically imagining hypothetical situations, +coz it would be extremely illegal to act in such an inconsiderate +manner. + CRACKING POWER! It's true for barcodes, for Telecom bills, +for Compuserve accounts, for Amexco cards, for banking cheques +(do you know what MICR is? Magnetic Ink Character Recognition... +the stylized little printing on the lower left of new cheques... +there is a whole cracking school working on it), for registration +numbers... you name it, they develope it, we crack it... + Begin with barcodes: it's easy, nice and pretty useful! Live +in opulence, with the dignity and affluence that should always +distinguish real crackers. Besides... you should see the +assortment of 'Pomerols' in my "Cave-a-vin" :=) + +[INSTANT ACCESS] + The (c) Instant access routines are a commercial protection +scheme used to "unlock" complete commercial applications that +have been encrypted on CD- +ROMs which are distributed (mostly) through reviews. + This is an ideal cracking target: it's commercial software, +complete, uncrippled and of (relatively) prominent quality, that +you can get in tons for the price of a coke. Obviously this kind +of protection represents an ideal subject for our lessons. This +fairly intricate protection scheme has not yet been cracked by +anybody that I am aware of, anyway not publicly, therefore it's +an ideal candidate for a "strainer" to my university. I'll teach +you here how to crack it in three lessons, C.1, C.2 and C.3. I warn +you... it's a difficult cracking session, and this protection +represents quite an intellectual challenge. But if you are +seriously interested in our trade you will enjoy these lessons +more than anything else. + This cracking is intended as an "assignment" for my +HCU +"cracking university": you'll find inside lessons C.1 and C.2 a +relatively deep "introduction" to Instant access cracking. This +will teach you a lot anyway, and spare you hours of useless +roaming around, bringing you straight to the cracking point. But +I'll release the third part of this session, with the complete +solution (lesson C.3) on the Web only in october 1996, not a day +before. All the students that would like to apply to the Higher +Cracking University, opening on the web 01/01/1997, should work +in July, August and September (three months is more than enough +time) on this assignment. They should crack completely the +instant access scheme and send me their solutions, with a good +documentation of their cracking sessions, before 30/09/1996 +(WATCH IT! You can crack this scheme in -at least- three +different paths, be careful and choose the *best* one. WATCH IT! +Some of the informations) in lesson C.1 and C.2 are slightly incorrect: +check it!). +There are four possibilities: +1) The candidate has not found the crack or his solution is + not enough documented or not enough viable... the candidate + is therefore not (yet) crack-able, he will not be admitted + to the +HCU 1997 curses, better luck in 1998; +2) The cracking solution proposed by the candidate is not as + good as mine (you'll judge for yourself in october) but it + works nevertheless... he'll be admitted at the 1997 + courses; +3) The cracking solution of the candidate is more or less + equal to mine, he'll be admitted, personally monitored, and + he'll get all the material he needs to crack on higher + paths; +4) The cracking solution of the candidate is better than mine, + he'll be admitted, get all the material he wishes and asked + to teach us as well as study with us: "homines, dum docent, + discunt". + +[Cracking Instant access] + The user that wants to "unlock" a software application +protected with (c) Instant Access must enter first of all a +REGISTRATION number string, which through a series of +mathematical manipulations gives birth to a special "product" +code. On the basis of this "product code" the user is asked to +phone the commercial protectors (and pay) in order to get a +special "unlock code" that will allow him to decrypt the relevant +software. + This kind of "passnumber" protection routines are widely +used for software unlocking, BBS access, server access, backdoor +opening and many other protection schemes. We have already seen +password cracks in different lessons of this tutorial (in +particular Lessons 3.1 and 3.2 for DOS and Lessons 8.1, 8.2 and +9.1 for WIN) albeit on a more simplistic scale: there it did +mostly not matter very much *HOW* you passed the protection: once +passed, you could have access to the application. This is not the +case with (c) Instant Access. Face it: it's a little boring, but +important that you learn how to defeat intricate protection +routines (you'll meet them often in the next years) and I believe +that the following example will give you a "feeling" for the +right cracking approach. + In this case we must not only "crack" this protection scheme +but also study it thoroughly in order to achieve our blessed +aims. This is a very good exercise: reverse disassembling will +teach you a lot of little tricks that you'll be able to use in +your other future cracking sessions. + Instant access (c) is a exceptionally widespread protection +scheme, and it should be relatively easy for you to gather some +encrypted software that has been protected with this method... +*DO IT QUICKLY!!* After the Web publishing of this lessons (I am +sending C.1 to 8 pages and 4 usenet groups on 25/06/1996) this +protection is obviously as dead as a Dodo. The "Accessors" guys +will have to conceive something smarter if they want to keep +selling "protections" to the lamer producers of "big" software. + BTW, if you are reading this and are working for some +commercial "protection" company, consider the possibility to +double cross your masters! Deliver me anonymously all the future +projects you are working on! That will amuse me, speed up the +advent of a true altruistic society and earn you the respect of +the better part of humanity. + As I said, many "huge" application are still protected with +this "Instant access" system. I have personally bought at least +7 or 8 "second hand" CD-ROMs packed full with Microsoft, Lotus, +Norton, Symantec, you name it, applications all "protected" +through this crap. The cost of this bunch of CD-ROMs was the +equivalent of a bottle of Dry Martini, maybe less. The same +software is sold, unlocked, to zombies and lusers for ludicrous +amounts of money. + Never buy CD-ROMs magazines when they appear! Be cool! Buy +them two or three months after the publishing date! Buy +"remainders" or "second hand" CD-ROM magazines "at kilo price"... +Come to think of it, never buy *anything* when it appears or when +some (paid) advertiser tells you to... remember that "trends", +"vogues", "fashions" and "modes" are only different names for the +whips that drill and chain the dull-witted slaves of this +loathsome society: "clever crackers consider cool, crack cheap, +cheat customary culture" (a rhetorical figure: an "Alliteration". +To defend yourself learn rhetoric... it's a more powerful and +more useful weapon than Kung-fu). + The "triple" password protection routine in (c) Instant +Access is very interesting from a cracker point of view. It's a +relatively complex scheme: I'll teach you to crack it in two +phases: First of all you must find the "allowed" registration +code, the one that "ignites" the "product code". We must crack +and understand this re_code first if we want to crack the rest. + Just for the records, I am cracking here (c) Action Instant +access version 1.0 (CD-ROM found on a old copy of "Personal +Computer World" of August 1994, packed full with encrypted Lotus, +Symantec, Claris and Wordperfect applications. Just to be sure +I crosschecked my results with another CD-ROM which also has +applications protected with (c) Instant Access: Paragon +Publishing's PC OFFICE: the protection scheme remains the same). +I am focusing for this lesson on the cracking of the specific +protection for the encrypted Symantec's Norton Utilities v.8.0. + Please refer to the previous lessons for the basic +techniques used in order to find the protection routine inside +our babe... for "low" cracking purposes you -basically- type a +number (in this case, where the input gets 10 numbers, we'll use +"1212-1212-12"), do your search inside the memory (s 30:0 +lffffffff "your_string") and then set memory breakpoints on all +the relevant memory locations till winice pops (I know, I know, +buddies... there are more effective ways... but hold your mouth: +for now we'll keep them among us: let's make things a little +harder for the protectionists who read this... Besides: the old +approach works here flawlessly). After getting the Registration +window on screen the Winice standard procedure is: + :task ; how + :heap IABROWSE ; where & what + :hwnd IABROWSE ; get the Winhandle + :bpx [winhandle] WM_GETTEXT ; pinpoint code + :bpx GetProcAddress ; in case of funny routines + :dex 0 ds:dx ; let's see their name + :gdt ; sniff the selectors + :s 30:0 lffffffff "Your_input_string" ; search in 4 giga data + :bpr [all memory ranges for your string that are above 80000000] +and so on. (continued in lesson C.2) + +Well, that's it for this lesson, reader. Not all lessons of my +tutorial are on the Web. + You 'll obtain the missing lessons IF AND ONLY IF you mail +me back (via anon.penet.fi) with some tricks of the trade I may +not know that YOU discovered. Mostly I'll actually know them +already, but if they are really new you'll be given full credit, +and even if they are not, should I judge that you rediscovered them +with your work, or that you actually did good work on them, +I'll send you the remaining lessons nevertheless. Your +suggestions and critics on the whole crap I wrote are also +welcomed. + + E-mail +ORC + + +ORC an526164@anon.penet.fi + HOW TO CRACK, by +ORC, A TUTORIAL + +--------------------------------------------------------------------------- + + LESSON C (2) - How to crack, Cracking as an art + +--------------------------------------------------------------------------- + + [INSTANT ACCESS] + + -------------------------------------- + + cracking Instant Access (2) - strainer for the +HCU + +[SEE LESSON C.1 for the first part of this cracking session] + Here follow the relevant protection routines for the first +(The "Registration") number_code of Instant Access, with my +comments: you have to investigate a little the following code. + Later, when you'll crack on your own, try to recognize the +many routines that fiddle with input BEFORE the relevant (real +protection) one. In this case, for instance, a routine checks the +correctness of the numbers of your input: + +This_loop_checks_that_numbers_are_numbers: +1B0F:2B00 C45E06 LES BX,[BP+06] ; set/reset pointer +1B0F:2B03 03DF ADD BX,DI +1B0F:2B05 268A07 MOV AL,ES:[BX] ; get number +1B0F:2B08 8846FD MOV [BP-03],AL ; store +1B0F:2B0B 807EFD30 CMP BYTE PTR [BP-03],30 +1B0F:2B0F 7C06 JL 2B17 ; less than zero? +1B0F:2B11 807EFD39 CMP BYTE PTR [BP-03],39 +1B0F:2B15 7E05 JLE 2B1C ; between 0 & 9? +1B0F:2B17 B80100 MOV AX,0001 ; no, set flag=1 +1B0F:2B1A EB02 JMP 2B1E ; keep flag +1B0F:2B1C 33C0 XOR AX,AX ; flag=0 +1B0F:2B1E 0BC0 OR AX,AX ; is it zero? +1B0F:2B20 7507 JNZ 2B29 ; flag NO jumps away +1B0F:2B22 8A46FD MOV AL,[BP-03] ; Ok, get number +1B0F:2B25 8842CC MOV [BP+SI-34],AL ; Ok, store number +1B0F:2B28 46 INC SI ; inc storespace +1B0F:2B29 47 INC DI ; inc counter +1B0F:2B2A C45E06 LES BX,[BP+06] ; reset pointer +1B0F:2B2D 03DF ADD BX,DI ; point next number +1B0F:2B2F 26803F00 CMP BYTE PTR ES:[BX],00 ; input end? +1B0F:2B33 75CB JNZ 2B00 ; no:loop next num + + You now obviously understand that the "real" string is +stored inside memory location [BP+SI-34]... set a memory +breakpoint on this area to get the next block of code that +fiddles with the transformed input. Notice how this routine +"normalizes" the input, strips the "-" off and puts the 10 +numbers together: +user input: 1 2 1 2 1 2 1 2 1 2 End + 1E7F:92E2 31 32 31 32 31 32 31 32 31 32 00 45 AF 1F 70 9B + Stack ptr: 0 1 2 3 4 5 6 7 8 9 A B C D E F + Let's now look at the "real" protection routine: the one +that checks these numbers and throw you out if they are not +"sound". Please pay attention to the following block of code: + +check_if_sum_other_9_numbers_=_remainder_of_the_third_number: +:4B79 8CD0 MOV AX,SS ; we'll work inside the stack... +:4B7B 90 NOP +:4B7C 45 INC BP +:4B7D 55 PUSH BP ; save real BP +:4B7E 8BEC MOV BP,SP ; BP = stackpointer +:4B80 1E PUSH DS ; save real Datasegment +:4B81 8ED8 MOV DS,AX ; Datasegment = stacksegment +:4B83 83EC04 SUB SP,+04 +:4B86 C45E06 LES BX,[BP+06] ; BX points input_start +:4B89 268A07 MOV AL,ES:[BX] ; load first number +:4B8C 98 CBW ; care only for low +:4B8D C45E06 LES BX,[BP+06] ; reset pointer +:4B90 50 PUSH AX ; save 1st number +:4B91 268A4701 MOV AL,ES:[BX+01] ; load 2nd number +:4B95 98 CBW ; only low +:4B96 8BD0 MOV DX,AX ; 2nd number in DX +:4B98 58 POP AX ; get 1st number +:4B99 03C2 ADD AX,DX ; sum with second +:4B9B C45E06 LES BX,[BP+06] ; reset pointer +:4B9E 50 PUSH AX ; save sum +:4B9F 268A4707 MOV AL,ES:[BX+07] ; load 8th number +:4BA3 98 CBW ; only low +:4BA4 8BD0 MOV DX,AX ; 8th number in DX +:4BA6 58 POP AX ; old sum is back +:4BA7 03C2 ADD AX,DX ; sum 1+2+8 +:4BA9 C45E06 LES BX,[BP+06] ; reset pointer +:4BAC 50 PUSH AX ; save sum +:4BAD 268A4703 MOV AL,ES:[BX+03] ; load 4rd number +:4BB1 98 CBW ; only low +:4BB2 8BD0 MOV DX,AX ; #4 in DX +:4BB4 58 POP AX ; sum is back +:4BB5 03C2 ADD AX,DX ; sum 1+2+8+4 +:4BB7 C45E06 LES BX,[BP+06] ; reset pointer +:4BBA 50 PUSH AX ; save sum +:4BBB 268A4704 MOV AL,ES:[BX+04] ; load 5th number +:4BBF 98 CBW ; only low +:4BC0 8BD0 MOV DX,AX ; #5 in DX +:4BC2 58 POP AX ; sum is back +:4BC3 03C2 ADD AX,DX ; 1+2+8+4+5 +:4BC5 C45E06 LES BX,[BP+06] ; reset pointer +:4BC8 50 PUSH AX ; save sum +:4BC9 268A4705 MOV AL,ES:[BX+05] ; load 6th number +:4BCD 98 CBW ; only low +:4BCE 8BD0 MOV DX,AX ; #6 in DX +:4BD0 58 POP AX ; sum is back +:4BD1 03C2 ADD AX,DX ; 1+2+8+4+5+6 +:4BD3 C45E06 LES BX,[BP+06] ; reset pointer +:4BD6 50 PUSH AX ; save sum +:4BD7 268A4706 MOV AL,ES:[BX+06] ; load 7th number +:4BDB 98 CBW ; only low +:4BDC 8BD0 MOV DX,AX ; #7 in DX +:4BDE 58 POP AX ; sum is back +:4BDF 03C2 ADD AX,DX ; 1+2+8+4+5+6+7 +:4BE1 C45E06 LES BX,[BP+06] ; reset pointer +:4BE4 50 PUSH AX ; save sum +:4BE5 268A4708 MOV AL,ES:[BX+08] ; load 9th number +:4BE9 98 CBW ; only low +:4BEA 8BD0 MOV DX,AX ; #9 in DX +:4BEC 58 POP AX ; sum is back +:4BED 03C2 ADD AX,DX ; 1+2+8+4+5+6+7+9 +:4BEF C45E06 LES BX,[BP+06] ; reset pointer +:4BF2 50 PUSH AX ; save sum +:4BF3 268A4709 MOV AL,ES:[BX+09] ; load 10th # +:4BF7 98 CBW ; only low +:4BF8 8BD0 MOV DX,AX ; #10 in DX +:4BFA 58 POP AX ; sum is back +:4BFB 03C2 ADD AX,DX ; 1+2+8+4+5+6+7+9+10 +:4BFD 0550FE ADD AX,FE50 ; clean sum to 0-51 +:4C00 BB0A00 MOV BX,000A ; BX holds 10 +:4C03 99 CWD ; only AL +:4C04 F7FB IDIV BX ; remainder in DX +:4C06 C45E06 LES BX,[BP+06] ; reset pointer +:4C09 268A4702 MOV AL,ES:[BX+02] ; load now # 3 +:4C0D 98 CBW ; only low +:4C0E 05D0FF ADD AX,FFD0 ; clean # 3 to 0-9 +:4C11 3BD0 CMP DX,AX ; remainder = pampered #3? +:4C13 7407 JZ 4C1C ; yes, go on good guy +:4C15 33D2 XOR DX,DX ; no! beggar off! Zero DX +:4C17 33C0 XOR AX,AX ; and FLAG_AX = FALSE +:4C19 E91701 JMP 4D33 ; go to EXIT +let's_go_on_if_first_check_passed: +:4C1C C45E06 LES BX,[BP+06] ; reset pointer +:4C1F 268A4701 MOV AL,ES:[BX+01] ; now load #2 anew +:4C23 98 CBW ; only low +:4C24 05D7FF ADD AX,FFD7 ; pamper adding +3 +:4C27 A38D5E MOV [5E8D],AX ; save SEC_+3 +:4C2A 3D0900 CMP AX,0009 ; was it < 9? (no A-F) +:4C2D 7E05 JLE 4C34 ; ok, no 0xletter +:4C2F 832E8D5E0A SUB WORD PTR [5E8D],+0A ; 0-5 if A-F +:4C34 C45E06 LES BX,[BP+06] ; reset pointer +:4C37 268A07 MOV AL,ES:[BX] ; load 1st input number +:4C3A 98 CBW ; only low +:4C3B 05C9FF ADD AX,FFC9 ; pamper adding +7 +:4C3E A38F5E MOV [5E8F],AX ; save it in FIR_+7 +:4C41 0BC0 OR AX,AX ; if #1 > 7 +:4C43 7D05 JGE 4C4A ; no need to add 0xA +:4C45 83068F5E0A ADD WORD PTR [5E8F],+0A ; FIR_+7 + 0xA +now_we_have_the_sliders_let's_prepare_for_loop: +:4C4A C45E0E LES BX,[BP+0E] ; Set pointer to E +:4C4D 26C747020000 MOV WORD PTR ES:[BX+02],0000 ; 0 flag +:4C53 26C7070000 MOV WORD PTR ES:[BX],0000 ; 0 flag +:4C58 C706975E0900 MOV WORD PTR [5E97],0009 ; counter=9 +:4C5E E99500 JMP 4CF6 ; Jmp check_counter +loop_8_times: +:4C61 C45E06 LES BX,[BP+06] ; reset pointer +:4C64 031E975E ADD BX,[5E97] ; add running counter +:4C68 268A07 MOV AL,ES:[BX] ; load # counter+1 +:4C6B 98 CBW ; only low +:4C6C 50 PUSH AX ; save 10th number +:4C6D A18D5E MOV AX,[5E8D] ; ld SEC_+3 down_slider +:4C70 BA0A00 MOV DX,000A ; BX holds 0xA +:4C73 F7EA IMUL DX ; SEC_+3 * 0xA +:4C75 03068F5E ADD AX,[5E8F] ; plus FIR_+7 up_slider +:4C79 BAA71E MOV DX,1EA7 ; fixed segment +:4C7C 8BD8 MOV BX,AX ; BX = Lkup_val=(SEC_+3*10+FIR_+7) +:4C7E 8EC2 MOV ES,DX ; ES = 1EA7 +:4C80 268A870000 MOV AL,ES:[BX+0000] ; ld 1EA7:[Lkup_val] +:4C85 98 CBW ; only low: KEY_PAR +:4C86 8BD0 MOV DX,AX ; save KEY_PAR in DX +:4C88 58 POP AX ; repops 10th number +:4C89 03C2 ADD AX,DX ; RE_SULT=KEY_PAR+#10 +:4C8B 05D0FF ADD AX,FFD0 ; polish RE_SULT +:4C8E 99 CWD ; only low: RE_SULT +:4C8F 8956FC MOV [BP-04],DX ; save here KEY_PAR [9548] +:4C92 8946FA MOV [BP-06],AX ; save here RE_SULT [9546] +:4C95 0BD2 OR DX,DX ; KEY_PAR < 0? +:4C97 7C0F JL 4CA8 ; yes: KEY_PAR < 0 +:4C99 7F05 JG 4CA0 ; no: KEY_PAR > 0 +:4C9B 3D0900 CMP AX,0009 ; KEY_PAR = 0 +:4C9E 7608 JBE 4CA8 ; no pampering if RE_SULT < 9 +:4CA0 836EFA0A SUB WORD PTR [BP-06],+0A ; else pamper +:4CA4 835EFC00 SBB WORD PTR [BP-04],+00 ; and SBB [9548] +:4CA8 C45E0E LES BX,[BP+0E] ; reset pointer to E +:4CAB 268B4F02 MOV CX,ES:[BX+02] ; charge CX [958C] +:4CAF 268B1F MOV BX,ES:[BX] ; charge BX slider [958A] +:4CB2 33D2 XOR DX,DX ; clear DX to zero +:4CB4 B80A00 MOV AX,000A ; 10 in AX +:4CB7 9A930D2720 CALL 2027:0D93 ; call following RO_routine + + This is the only routine called from our protection, inside the +loop (therefore 8 times), disassembly from WCB. Examining this +code please remember that we entered here with following +configuration: DX=0, AX=0xA, CX=[958C] and BX=[958A]... + 1.0D93 56 push si ; save si + 1.0D94 96 xchg ax, si ; ax=si, si=0xA + 1.0D95 92 xchg ax, dx ; dx=0xA ax=dx + 1.0D96 85C0 test ax, ax ; TEST this zero + 1.0D98 7402 je 0D9C ; zero only 1st time + 1.0D9A F7E3 mul bx ; BX slider! 0/9/5E/3B2... + 1.0D9C >E305 jcxz 0DA3 ; cx=0? don't multiply! + 1.0D9E 91 xchg ax, cx ; cx !=0? cx = ax & ax = cx + 1.0D9F F7E6 mul si ; ax*0xA in ax + 1.0DA1 03C1 add ax, cx ; ax= ax*0xA+cx = M_ULT + 1.0DA3 >96 xchg ax, si ; ax=0xA; si evtl. holds M_ULT + 1.0DA4 F7E3 mul bx ; ax= bx*0xA + 1.0DA6 03D6 add dx, si ; dx= dx_add + 1.0DA8 5E pop si ; restore si + 1.0DA9 CB retf ; back to caller with two + parameters: DX and AX +Back_to_main_protection_loop_from_RO_routine: +:4CBC C45E0E LES BX,[BP+0E] ; reset pointer +:4CBF 26895702 MOV ES:[BX+02],DX ; save R_DX par [958C] +:4CC3 268907 MOV ES:[BX],AX ; save R_AX par [958A] +:4CC6 0346FA ADD AX,[BP-06] ; add to AX RE_SULT [9546] +:4CC9 1356FC ADC DX,[BP-04] ; add to DX KEY_PAR [9548] +:4CCC C45E0E LES BX,[BP+0E] ; reset pointer +:4CCF 26895702 MOV ES:[BX+02],DX ; save R_DX+KEY_PAR [958C] +:4CD3 268907 MOV ES:[BX],AX ; save R_AX+RE_SULT [958A] +:4CD6 FF0E8D5E DEC WORD PTR [5E8D] ; down_slide SEC_+3 +:4CDA 7D05 JGE 4CE1 ; no need to add +:4CDC 83068D5E0A ADD WORD PTR [5E8D],+0A ; pamper adding 10 +:4CE1 FF068F5E INC WORD PTR [5E8F] ; up_slide FIR_+7 +:4CE5 A18F5E MOV AX,[5E8F] ; save upslided FIR_+7 in AX +:4CE8 3D0900 CMP AX,0009 ; is it over 9? +:4CEB 7E05 JLE 4CF2 ; no, go on +:4CED 832E8F5E0A SUB WORD PTR [5E8F],+0A ; yes, pamper -10 +:4CF2 FF0E975E DEC WORD PTR [5E97] ; decrease loop counter +check_loop_counter: +:4CF6 833E975E03 CMP WORD PTR [5E97],+03 ; counter = 3? +:4CFB 7C03 JL 4D00 ; finish if counter under 3 +:4CFD E961FF JMP 4C61 ; not yet, loop_next_count +loop_is_ended: +:4D00 C45E06 LES BX,[BP+06] ; reset pointer to input +:4D03 268A4701 MOV AL,ES:[BX+01] ; load 2nd number (2) +:4D07 98 CBW ; only low +:4D08 05D0FF ADD AX,FFD0 ; clean it +:4D0B BA0A00 MOV DX,000A ; DX = 10 +:4D0E F7EA IMUL DX ; AX = SEC_*10 = 14 +:4D10 C45E06 LES BX,[BP+06] ; reset pointer +:4D13 50 PUSH AX ; save SEC_*10 +:4D14 268A07 MOV AL,ES:[BX] ; load 1st number (1) +:4D17 98 CBW ; only low +:4D18 8BD0 MOV DX,AX ; save in DX +:4D1A 58 POP AX ; get SEC_*10 +:4D1B 03C2 ADD AX,DX ; sum SEC_*10+1st number +:4D1D 05D0FF ADD AX,FFD0 ; clean it +:4D20 99 CWD ; only low +:4D21 C45E0A LES BX,[BP+0A] ; get pointer to [9582] +:4D24 26895702 MOV ES:[BX+02],DX ; save 1st (1) in [9584] +:4D28 268907 MOV ES:[BX],AX ; save FINAL_SUM (15) [9582] +:4D2B 33D2 XOR DX,DX ; DX = 0 +:4D2D B80100 MOV AX,0001 ; FLAG TRUE ! +:4D30 E9E6FE JMP 4C19 ; OK, you_are_a_nice_guy +EXIT: +:4D33 59 POP CX ; pop everything and +:4D34 59 POP CX ; return with flag +:4D35 1F POP DS ; AX=TRUE if RegNum OK +:4D36 5D POP BP ; with 1st # in [9584] +:4D37 4D DEC BP ; with FINAL_SUM in [9582] +:4D38 CB RETF + + Let's translate the preceding code: first of all the pointers: +At line :4B86 we have the first of a long list of stack ptrs: + LES BX,[BP+06] + This stack pointer points to the beginning of the input string, +which, once polished from the "-", has now a length of 10 bytes, +concluded by a 00 fence. At the beginning, before the main loop, +9 out of our 10 numbers are added, all but the third one. + Notice that protection has jumped # 3 (and added # 8 out of the +line). The rest is straightforward. Now, at line :4BFD we have +our first "cleaning" instruction. You see: the numbers are +hexadecimal represented by the codes 0x30 to 0x39. If you add +FE50 to the minimum sum you can get adding 9 numbers (0x30*9 = +0x160) You get 0. The maximum you could have adding 9 numbers, +on the contrary is (0x39*9=0x201), which, added to FE50 gives +0x51. So we'll have a "magic" number between 0x0 and 0x51 instead +of a number between 0x160 and 0x201. Protection pampers this +result, and retains only the last ciffer: 0-9. Then protection +divides this number through 0xA, and what happens? DX get's the +REMAINDER of it. + If we sum the hexcodes of our (1212-1212-12) we get 0x1BE (we +sum only 9 out of then numbers: the third "1" -i.e. "31"- does +not comes into our count); 0x1BE, cleaned and pampered gives E. +Therefore (0xE/0xA = 1) We get 1 with a remainder of 4. + You may observe that of all possible answers, only sums +finishing with A, B, C, D, E or F give 1 (and rem=0,1,2,3,4 or +5). Sums finishing 0 1 2 3 4 5 6 7 8 or 9 give 0 as result and +themselves as reminder. The chance of getting a 0,1,2,3 or 4 are +therefore bigger as the chance of getting a 5, 6, 7, 8 or 9. We +are just observing... we do not know yet if this should play a +role or not. + Now this remainder is compared at :4C11 with the third number +polished from 0x30-0x39 to 0-9. This is the only protection check +for the registration number input: If your third number does not +match with the remainder of the sum of all the 9 others numbers +of your input you are immediately thrown out with FLAG AX=FALSE +(i.e. zero). + To crack the protection you now have to MODIFY your input string +accordingly. Our new input string will from now on be "1242-1212- +12": we have changed our third number (originally a "2") to a "4" +to get through this first strainer in the correct way. Only now +protection starts its mathematical part (We do not know yet why +it does it... in order to seed the random product number? To +provide a check for the registration number you'll input at the +end? We'll see). +- Protection saves the second number of your input (cleaned + with FFD7) in SEC_+3 [5E8D], pampering it if it is bigger + than 9 (i.e. if it is 0xA-0xF). Here you'll have therefore + following correspondence: 0=7 1=8 2=9 3=0 4=1 5=2 6=3 7=4 + 8=5 9=6. The second number of your input has got added +3. + This is value SEC_+3. In (lengthy) C it would look like + this: + If (RegString(2)is lower than 7) RegString(2) = RegString(2)+3 + Else Regstring(2) = ((RegString(2)-10)+3) +- Protection saves your first number in FIR_+7 [5E8F] with a + different cleaning parameter (FFC9). The next pampering + adds 0xA if it was not 7/8/9 therefore you have here + following correspondence 7=0 8=1 9=2 0=3 1=4 2=5 3=6 4=7 + 5=8 6=9). This is value FIR_+7. In (lengthy) C it would + look like this: + If (RegString(1) is lower than 3) RegString(1) = RegString(1)+7 + Else Regstring(1) = ((RegString(1)-10)+7) + So protection has "transformed" and stored in [5E8D] and [5E8F] +the two numbers 1 and 2. In our RegString: 1242-1212-12 the first +two numbers "12" are now stored as "94". These will be used as +"slider" parameters inside the main loop, as you will see. + Only now does protection begin its main loop, starting from the +LAST number, because the counter has been set to 9 (i.e. the +tenth number of RegString). The loop, as you'll see, handles only +the numbers from 10 to 3: it's an 8-times loop that ends without +handling the first and second number. What happens in this +loop?... Well, quite a lot: Protection begins the loop loading +the number (counter+1) from the RegString. Protection then loads +the SEC_+3 down_slider parameter (which began its life as second +number "transformed"), multiplies it with 0xA and then adds the +up_slider parameter FIR_+7 (at the beginning it was the first +number transformed). + This sum is used as "lookup pointer" to find a parameter +inside a table of parameters in memory, which are all numbers +between 0 and 9. Let's call this value Lkup_val. +Protection looks for data in 1EA7:[Lkup_val]. In our case (we +entered 1242-1212-12, therefore the first SEC_+3 value is 9 and +the first FIR_+7 value is 4): [Lkup_val] = 9*0xA+4; 0x5A+4 = +0x5E. At line :4C80 therefore AL would load the byte at 1EA7:005E +(let's call it KEY_PAR), which now would be ADDED to the # +counter+1 of this loop. In our case KEY_PAR at 1EA7:005E it's a +"7" and is added to the pampered 0x32=2, giving 9. + Let's establish first of all which KEY_PAR can possibly get +fetched: the maximum is 0x63 and the minimum is 0x0. The possible +KEY_PARs do therefore dwell in memory between 1EA7: and +1EA7:0063. Let's have a look at the relative table in memory, +where these KEY_PARs are stored ("our" first 0x5Eth byte is +underlined): +1EA7:0000 01 03 03 01 09 02 03 00-09 00 04 03 08 07 04 04 +1EA7:0010 05 02 09 00 02 04 01 05-06 06 03 02 00 08 05 06 +1EA7:0020 08 09 05 00 04 06 07 07-02 00 08 00 06 02 04 07 +1EA7:0030 04 04 09 05 09 06 00 06-08 07 00 03 05 09 00 08 +1EA7:0040 03 07 07 06 08 09 01 05-07 04 06 01 04 02 07 01 +1EA7:0050 03 01 08 01 05 03 03 01-02 08 02 01 06 05 07 02 +1EA7:0060 05 09 09 08 02 09 03 00-00 04 05 01 01 03 08 06 +1EA7:0070 01 01 09 00 02 05 05 05-01 07 01 05 08 07 01 09 +1EA7:0080 08 07 07 04 04 08 03 00-06 01 09 08 08 04 09 09 +1EA7:0090 00 07 05 02 03 01 03 08-06 05 07 06 03 07 06 07 +1EA7:00A0 04 02 02 05 02 04 06 02-06 09 09 01 05 02 03 04 +1EA7:00B0 04 00 03 05 00 03 08 07-06 04 08 08 02 00 03 06 +1EA7:00C0 09 00 00 06 09 04 07 02-00 01 01 01 01 00 01 FF +1EA7:00D0 00 FF FF FF FF 00 FF 01-00 00 00 00 00 00 00 00 + + An interesting table, where all the correspondences are +between 0 and 9... are we getting some "secret" number here? But, +hey, look there... funny, isn't it? Instead of only 0-0x63 bytes +we have roughly the DOUBLE here: 0-0xC8 bytes (the 01 sequence +starting at CA "feels" like a fence). We'll see later how +important this is. At the moment you should only "perceive" that +something must be going on with a table that's two time what she +should be. + As I said the result of KEY_PAR + input number is polished +(with a FFDO) and pampered (subtracting, if necessary, 0xA). +Therefore the result will be the (counter+1) input number + +KEY_PAR (let's call it RE_SULT], in our case, (at the beginning +of the loop) a 9. Now (DX=0 because of the CWD instruction) DX +will be saved in [9548] and RE_SULT in [9546]. + Now Protection prepares for the RO_routine: resets its pointer +and charges CX and BX from [958C] and from [958A] respectively, +charges AX with 0xA and sets DX to zero. + The routine performs various operations on AX and DX and saves +the results in the above mentioned locations [958A] and [958C]. + Now KEY_PAR and RE_SULT are added respectively to the DX and AX +value we got back from the RO_routine call, and saved once more +in the last two locations: AX+RE_SULT in [958A] and DX+KEY_PAR +in [958C] + Now the value in SEC_+3 is diminished by 1 (if it was 9 it's now +8, if it was zero it will be pampered to 9). It's a "slider" +parameter (in this case a down_slider), typically used in +relatively complicated protections to give a "random" impression +to the casual observer. The value in FIR_+7, on the contrary, is +augmented by one, from 4 to 5... up_sliding also. + Protection now handles the next number of your input for the +loop. In our case this loop uses following protection +configuration with our "sliding" parameters: + Input # pamp_2nd pamp_1st Lookup value KEY_PAR # RE_SULT +# 10 = 2, SEC_+3= 9, FIR_+7= 4, Lkup_val = 0x5E, KEY=7 +2 = 9 +# 9 = 1, SEC_+3= 8, FIR_+7= 5, Lkup_val = 0x55, KEY=3 +1 = 4 +# 8 = 2, SEC_+3= 7, FIR_+7= 6, Lkup_val = 0x4C, KEY=4 +2 = 6 +# 7 = 1, SEC_+3= 6, FIR_+7= 7, Lkup_val = 0x43, KEY=7 +1 = 7 +# 6 = 2, SEC_+3= 5, FIR_+7= 8, Lkup_val = 0x3A, KEY=0 +2 = 2 +# 5 = 1, SEC_+3= 4, FIR_+7= 9, Lkup_val = 0x31, KEY=4 +1 = 5 +# 4 = 2, SEC_+3= 3, FIR_+7= 0, Lkup_val = 0x1E, KEY=5 +2 = 7 +# 3 = 4, SEC_+3= 2, FIR_+7= 1, Lkup_val = 0x15, KEY=2 +4 = 5 +Notice how our "regular" input 21212124 has given an "irregular" +94672575. + You may legitimately ask yourself what should all this mean: +what are these RE_SULTs used for? Well they are used to slide +another parameter: this one inside the called routine... this is +what happens to AX and DX inside the routine, and the lines after +the called routine: +:4CBF 26895702 MOV ES:[BX+02],DX ; save R_DX par [958C] +:4CC3 268907 MOV ES:[BX],AX ; save R_AX par [958A] +:4CC6 0346FA ADD AX,[BP-06] ; add to AX RE_SULT [9546] +:4CC9 1356FC ADC DX,[BP-04] ; add to DX KEY_PAR [9548] +:4CCC C45E0E LES BX,[BP+0E] ; reset pointer to E +:4CCF 26895702 MOV ES:[BX+02],DX ; save R_DX+KEY_PAR [958C] +:4CD3 268907 MOV ES:[BX],AX ; save R_AX+RE_SULT [958A] + + :4CC6 :4CC9 :4CCF Odd_DX :4CD3 slider_sum + RE_SULT [958A] [958C] [958C] [958A] + 0 0 0 0 0 + 9 5A 0 0 9 + 4 3AC 0 0 5E + 6 24F4 0 0 3B2 + 7 71CE 1 1 24FB + 2 7220 4 E 71D0 + 5 7572 4 90 7225 + 7579 + +Now the loops ends, having handled the input numbers from tenth +to third. Protection loads the second number and multiplies it +by 10 (let's call this result SEC_*10), in our case 2*0xA=14. +Protection loads the first number and adds it to the +multiplication, in our case 1+0x14=0x15 (FINAL_SUM]. +Now everything will be added to FFDO to "clean" it. +Pointer will now be set to the end of the input number. +DX, zeroed by CDW, will be saved as parameter in [9584] and the +cleaned and pampered sum will be saved in [9582]. +FLAG is set to true and this routine is finished! No parameter +are passed and the only interesting thing is what actually +happens in the locations [9582], [9584], [958A] and [958C], i.e.: +FINAL_SUM, 0, slider_sum, odd_dx. + In the next lesson we'll crack everything, but I'll give you +already some hints here, in case you would like to go ahead on +your own: we'll see how the scheme used for the third (the +registration) number show analogies and differences with the +scheme we have studied (and cracked) here for the first number. +Our 3434-3434-3434-3434-34 input string for the registration +number will be transformed in the magic string +141593384841547431, but this will not work because the "magic" +12th number: "1" will not correspond to the remainder calculated +inside this check through the previous locations of the other +checks. + Here the things are more complicated because every little +change in your input string transforms COMPLETELY the "magic" +string... therefore in order to pass the strainer you'll have to +change 3434-3434-3434-3434-34 in (for instance) 7434-3434-3434- +3434-96. The "magic" string 219702960974498056 that this +registration input gives will go through the protection strainer. +Only then we'll be able to step over and finally crack the whole +protection... it's a pretty complicated one as I said. Now crack +it pupils... you have three months time. From this crack depends +your admission to the Uni, there will be no other admission text +till summer 1997 (it's a hell of work to prepare this crap)... +work well. + +Well, that's it for this lesson, reader. Not all lessons of my +tutorial are on the Web. + You 'll obtain the missing lessons IF AND ONLY IF you mail +me back (via anon.penet.fi) some tricks of the trade I may not +know but YOU've discovered. I'll probably know most of them +already, but if they are really new you'll be given full credit, +and even if they are not, should I judge that you "rediscovered" +them with your work, or that you actually did good work on them, +I'll send you the remaining lessons nevertheless. Your +suggestions and critics on the whole crap I wrote are also +welcomed. + + E-mail +ORC + + +ORC an526164@anon.penet.fi diff --git a/textfiles.com/piracy/CRACKING/htc.txt b/textfiles.com/piracy/CRACKING/htc.txt new file mode 100644 index 00000000..28de8864 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/htc.txt @@ -0,0 +1,3672 @@ + A beginners Guide to Cracking + + + + Chapter 1 overview + + Chapter 2 some tips on how to use the debugger + + Chapter 3 some basic cracking techniques + + Chapter 4 walk through of an easy crack + + Chapter 5 how to use the disk editor + + Chapter 6 other cracking tools + + Chapter 7 source code to a simple byte patcher + + Chapter 8 conclusion + + + Programs included at the end of this guide + + + Section 1 uuencoded cracking tool + + Section 2 another uuencoded cracking tool + + Section 3 uuencoded program to crack for the walk through + + + + +CHAPTER 1 OVERVIEW +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +You might be wondering what type of programming skills you need to become a +cracker. Knowing a higher level language such as Basic, Pascal, or C++ will +help you somewhat in that you will have an understanding of what's involved in +the process of writing a program and how certain aspects of a program +function. If you don't have any programming skills at all, you have a long +road ahead of you. But even if you can program in a high level language, in +order to crack you have to know assembly... + +It really doesn't matter what language a program was written in in order to +crack it, because all programs do the same thing. And that is issue commands +to the microprocessor. And all programs when broken down to their simplest +form are nothing more than a collection of 80XXX instructions and program +specific data. This is the level of assembly language. In assembly you have +total control of the system. This is also the level that the debugger operates +at. + +You don't have to become a master at assembly to crack a program, but it +helps. You do need to learn some rudimentary principles, and you absolutely +have to become familiar with the registers of the cpu and how the 8088 +instruction set uses them. There is no way around this. + +How proficient you are at assembly will determine how good of a cracker you +become. You can get by on learning a few basic instructions, how to use a +debugger, and one or two simple techniques. This will allow you to remove a +few shareware nag screens, and maybe you'll luck out and remove the copy +protection from a game or two, but that's it. + +As soon as a programmer throws some anti-debugging code into a program or +starts revectoring interrupts, you'll be whining for someone to post a crack +for this or that... And you can forget about ever learning to crack windows +programs. + +It's much much easier to learn to crack in DOS than windows. DOS is the +easiest environment to debug in. This guide will focus on DOS programs as +cracking windows apps is a little bit overwhelming unless you are already an +experienced cracker. And if you are, your wasting your time by reading this. +This manual is geared towards the raw beginner who has no clue as to where to +start and needs a little hand holding in order to get going. + +There are several good beginners manuals out there, but most of them assume a +person has at least some experience in cracking or knows how to use the +different tools of the cracker, and the raw beginner usually becomes +frustrated with them very quickly because they don't understand the concepts +contained in them. + +I wrote this guide as sort of a primer for the beginner to read before reading +the more comprehensive guides. I tried to keep it as simple as possible and +left a great deal of information out so as not to overwhelm anyone with too +much information at once. Hopefully after reading this guide it will be easier +for the beginner to understand the concepts of the more arcane guides out +there. So if you are reading this and it seems a little bit remedial, +remember, at one time you didn't know what a debugger was used for either. + +Now in case your not familiar with the debugger and disk editor and what their +different roles in cracking are, I'll give a brief explanation of each. As +these are the crackers most used tools. + +The debugger is what you will use to actually crack the program. When you load +a program you wish to crack into the debugger, it will load the program and +stop at the first instruction to be executed within the code segment. Or, you +can also optionally break into an already running program and it will halt the +program at the instruction you broke into it at and await further input from +you. At this point, you are in control of the program. + +You can then dynamically interact with the program and run it one line of code +at a time, and see exactly what the program is doing in real time as each line +of code is executed. You will also be able to re-assemble instructions (in +memory only), edit the contents of memory locations, manipulate the cpu's +registers, and see the effects your modifications have on the program as it's +running. This is also where all your system crashes will occur... There is a +lot of trial and error involved in cracking. + +As stated above, the debugger will only modify the program while it's up and +running in memory. In order to make permanent changes, you need to load the +program file to be patched into the disk editor and permanently write the +changes you've made to disk. A detailed explanation of how to do this will be +made in chapter 5. + +So, with this in mind, you need a few essential tools... The first one is a +good debugger. The original draft of this guide gave explicit instructions on +how to use my favorite debugger. After considerable deliberation, I decided to +re-write it and make the instructions more generic so you could apply them to +most any debugger. You will also need a disk editor, it doesn't matter which +one you use as long as it will load the program file, search for and edit the +bytes you want to change. + +I uuencoded a few cracking tools that you will find indespensible and placed +them at the end of this guide. I won't go into the use of the cracking tools +right now. But believe me, you absolutely need one of them, and the other one +will save you a lot of effort. I also uuencoded the program that we will crack +in the walk through and included it in this guide as well. + +As you get better, you'll have to write programs that will implement your +patches if you decide to distribute them. The patches themselves don't have to +be written in assembly. + +The source code I included in this manual for the byte patcher is the first +patcher program I ever wrote, and is extremely simple. It's written in +assembly because that's the only language I know how to program in. but if you +are already proficient in a higher level language, it should be trivial for +you to duplicate it's methods in your preferred language. + + + + +CHAPTER 2 SOME TIPS ON HOW TO USE THE DEBUGGER +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +Ok, before I begin, I'd just like to stress how important it is that you know +at least some assembly before trying to continue. If you don't, you will get +lost pretty quick from here on out. Comprehension of the base 16 (hexadecimal) +number system is also required. + +I'm not about to give a remedial course on assembly or hex math, that would +take too long and I'd probably leave too many questions un-answered. Besides, +there is enough information on them available from a myriad of other sources. + +So, from now on in this guide, I'm assuming you have a fair working knowledge +of assembly and hexadecimal. If I say something you don't understand or you +cannot grasp some concept, look it up somewhere... + +I've tried to make this section as generic as possible. I used general +descriptions when explaining HOTKEYS and COMMANDS as different debuggers will +use different keys and command syntax to implement these functions. + +You should be able to translate these instructions to the actual key strokes +and commands that your debugger uses... If you don't know how to use a +debugger, PAY ATTENTION!!! If you already know how to use a debugger you can +skip this section as it is only a general overview of different windows and +functions designed for the absolute beginner who has no clue as to what he is +looking at. + +The reason I included this section is because most manuals for debuggers tell +you how to use the various features of the debugger, but they don't give any +insight on how to apply those features, as they assume the person reading them +already knows how to debug a program. + +First, I'll give an overview on the different windows that most debuggers use. + + +REGISTER WINDOW: + +The register window contains the general purpose and flags registers of the +cpu. You will notice that the general purpose registers contain hexadecimal +values. These values are just what happened to be in there when you brought up +the debugger. you will also notice that some of the flags are highlighted +while some are not. Usually, the highlighted flags are the ones that are SET. +While the ones that are not highlighted are CLEARED. The layout of this window +will vary from debugger to debugger, but they all basically are the same. + +From this window you will be able to manipulate the contents of the cpu's +registers. some debuggers accomplish this by clicking on the register to +modify with the mouse and then entering a new value. Other more powerful +debuggers use a command line interface, you'll have to discover how your +debugger goes about this yourself. + +You can change the values of the registers while debugging a program in order +to change the behavior of the running program. Say you come across a JNZ +instruction (jump if not zero), that instruction makes the decision on whether +or not to make the jump based on the state of the (Z)ero flag. You can modify +the condition of the (Z)ero flag in order to alter the flow of the programs +code. + +By the same token, you can modify the general purpose registers in the same +manner. Say the AX register contains 0000, and the program bases it's actions +on that value, modifying the AX register to contain a new value will also have +the effect of modifing the flow of the code. After you become comfortable with +using a debugger you'll begin to appreciate just how powerful this window is, +and you'll aslo discover soon enough just how totally it can screw your +system. + + +DATA WINDOW: + +The data window will display data as it exists in memory. From this window you +can usually display, search, edit, fill, and clear entire ranges of memory. +The two most common commands for this window are display and edit. The search +command is also useful in cracking. But for the level of debugging I'll be +teaching you in this guide, we won't make much use of this window. You have a +lot to learn before this window becomes an asset to you. + + +CODE WINDOW: + +The code window is the window in which you will interact with the running +program. This is the most complex window, and it is where the bulk of +debugging occurs. I'll just go over some keystrokes and a few commands here, +as the majority of learning how to use this window will come when I show you +how to crack a program. + +The layout of the window is pretty simple, the group of 8 numbers with the +colon in the middle of them to the far left of the window is the +address:offset of that line of code. Each line of code in this window is an +instruction that the program will issue to the microprocessor, and the +parameters for that instruction. The registers that contain the address for +the current instruction waiting to be executed are the CS:IP registers (code +segment and instruction pointer). + +You will also notice a group of hex numbers to the right of the addresses, +this group of numbers is the hexadecimal equivalent of the mnemonic +instructions (pronounced new-mon-ik). The next group of words and numbers to +the right of the hex numbers are the mnemonic instructions themselves. + +HOTKEYS AND COMMANDS: + +Now we'll move onto the HOTKEYS. I won't go into all of them, only the most +useful ones, same for the commands. + +The RESTORE USER SCREEN KEY: This key will toggle the display between the +debugger and the program you are debugging without actually returning control +to the program itself. it's useful to check what the program is doing from +time to time, especially after stepping over a CALL. + +The HERE KEY: This key is the non-sticky breakpoint key. To use it, Place the +cursor on a line of code and hit it. The program will then run until it +reaches that line. When (and if) the program reaches that line, program +execution will halt, control will be returned to the debugger and the +breakpoint will be removed. + +The TRACE KEY: This key will execute one line of code at a time and will trace +into all calls loops and interrupts. + +The BREAKPOINT KEY: This is the sticky breakpoint key. This will enable a +permanent (sticky) breakpoint on the line of code that the cursor is on. When +a sticky breakpoint is enabled, program execution will halt and control will +be returned to the debugger every time that line of code is encountered within +the running program until you manually remove it. + +The SINGLE STEP KEY: The most used key on the keyboard. This key will execute +one line of code at a time but will not trace into calls loops or interrupts. +When you step over a call interrupt or loop with this key, all the code +contained within the sub-routine is executed before control is returned to the +debugger. If the program never returns from the sub-routine, you will lose +control and the program will execute as normal. + +The RUN KEY: This key will return control to the program being debugged and +allow it to execute as normal. Control will not be returned to the debugger +unless a breakpoint that you've set is encountered. + +Now for a few commands. The GO TO command functions like the HERE key in that +it will insert a non-sticky breakpoint at the specified address. + +When you enter this command the debugger will return control to the program +until the line of code you specified in the GO TO command is reached. When +(and if) the CS:IP registers equal the address you typed in, the program will +halt, control will be returned to the debugger and the breakpoint will be +removed. + +You might be wondering why you would want to type all this in when you can +just hit the HERE KEY instead. The answer is this; the HERE KEY is great if +you want to set a local breakpoint. By a local breakpoint I mean that the +breakpoint you want to set is somewhat close to your current location in the +program. + +But what if you want to set a breakpoint on a line of code that isn't in the +current code segment? You wouldn't want to use the HERE KEY cause the address +is no where near the point you are at in the program. This, among other uses +is where the GO TO command comes in. + +The ASSEMBLE command is the command you will use to re-write the programs +instructions. This command will allow you to assemble new instructions +beginning at the address you type in, or at the current CS:IP. The +instructions you enter will replace (in memory only) the existing program code +at the address you specified. This is another method you will use to alter the +running program to behave as you wish and not as the programmer intended it +to. + +EXAMPLE: Lets say that there is a line of code that reads JNZ 04FC, and we +want to change it to read JMP 04FC. You would issue the ASSEMBLE command and +specify the address of the code you wish to change, then type in JMP 04FC. +Now the line of code in the code window who's address you specified in the +ASSEMBLE command will be overwritten with the code you typed in. Some +debuggers automatically default to the address contained in the CS:IP for this +command. + +There are a whole host of other commands available in this window depending on +what debugger you are using, including commands to set breakpoints on +interrupts, memory locations, commands that list and clear breakpoints, +commands to un-assemble instructions etc etc... + +Well, that's pretty much it on debuggers without going into explicit +instructions for specific debuggers. The only other thing I can tell you is +that the more you use it, the easier it'll get. Don't expect to become +familiar with it right away. As with anything, practice makes perfect. It's +taken me 5 years and thousands of hours of debugging to reach the level I'm at +now. And I still learn something new, or re-learn something I forgot on just +about every program I crack. + + + +CHAPTER 3: SOME BASIC CRACKING TECHNIQUES +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +The first thing I want to do before going into some simple techniques is to +explain the purpose of one of the uuencoded cracking tools at the end of this +guide. And also to go over some general procedures you should perform before +actually loading a program you wish to crack into the debugger. + +Nowadays a lot of programmers will compress the executable files of their +programs to save space and to make it difficult for people who don't know any +better to hack those files. There are a lot of losers out there who will get +ahold of a program and lacking any skill or talent of their own, will load the +program into a disk editor and hex edit their name into it. Or they will make +other similarly feeble modifications. + +This is the reason I encrypt all of the cracks that I distribute. The routines +I write are not that hard to defeat, but I figure anyone with the skill to +crack them is far above having to hack their name into them... + +Ok, back to the file, the name of the program is UNP and it is an executable +file expander. It's purpose is to remove the compression envelope from +executable programs. And it supports most of the compression routines +currently in use... + +A lot of the compression routines will cause a debugger to lock up if you try +to step through the compressed file, especially PKLITE v1.15. And seeing as +how the file is compressed, if you load it into a disk editor it will just +look like a bunch of garbage and you'll not be able to find the bytes you want +to edit anyway. + +UNP is very easy to use, just type UNP [filename] and if there is any type of +compression envelope that UNP understands on the file, UNP will remove it. You +can then load the file into a debugger and hack away... + +But before you load a program into the debugger you should run the program a +few times and get a feel for it. You want to see how the protection is +implemented. Whether it's nag or delay screens and at what point in the +program they fist appear, or where in the program does the first mention of +being unregistered or an evaluation copy appear? + +This is important. Because before the program displays the first mention of +being unregistered, it has to do the protection check. and this is where you +will usually want to concentrate. Also look for registered functions being +disabled, and sometimes date expirations. The program could also be looking +for a registration key. + +In the case of commercial software what type of copy protection is used? Is it +a doc check, or does the program want you to input a serial number before it +will install itself? Once you see how and where the offending routines are +implemented you can begin to develop an overall strategy on the best approach +to circumvent them. It's also a good idea to read the docs, you can pick up a +lot of useful info from doc files. + +There are basically three categories that shareware programs fall into... They +are begware, crippleware, and deadware. + +The begware category is comprised of programs that have all the registered +features enabled but every time you run them they will display screens that +bug you to register. This is usually the easiest form of protection to remove +and it's the type I'll go over in the walk through. + +The crippleware category is comprised of programs that in the unregistered +version have certain functions disabled, and maybe nag screens as well. This +type of protection can be more complex, but often times is just as easy to +defeat as a simple nag screen. + +The deadware category is comprised of programs that are totally stripped of +the code for the registered features so there is really nothing to crack. A +good example of this is DOOM by ID software. You can get the shareware version +just about anywhere, however no matter how much you hack at it you cannot make +it into the commercial version cause it only contains the code for the first +episode. + +The sample code fragments in this section are not taken from actual programs. +I just made them up off the top of my head while I was writting this guide, +and there are bound to be some errors in them. Please dont write me and tell +me this, I already know it. + +Most forms of copy protection have one weak spot, and this is the spot you +will concentrate on. They have to perform the protection check and then make a +decision based on the results of that check. And that decision is usually a +conditional jump. If the check was good the program will go in one direction, +if it was bad it will go somewhere else. + +So, you've run the program through a few times and you know at what point the +routines you want to modify first appear, you've also run UNP on it and have +removed any compression envelopes. Now you load the program into the debugger +and wonder what to do next... + +What you want to do is to step through the code until something significant +happens like a nag screen gets displayed, or a doc check comes up or the +program tells you that the function you just tried to use is only available in +the registered version. When you reach that point you can then start to +evaluate what portion of code to begin studying. + +Let's say you have a program that displays a nag screen and you want to remove +it. You step through the program until the nag screen pops up, you now think +you know the location of the instructions that are causing it to be displayed. +So you reload the program and trace back to a point a few instructions before +the call to the nag screen, and this is what you see: + +09D8:0140 CMP BYTE PTR [A76C],00 +09D8:0145 JNZ 014B +09D8:0148 CALL 0C50 +09D8:014B MOV AH,18 + +Now, let's assume that the memory location referenced by the first line of +code does indeed contain 00 and that it is the default value placed in there +by the programmer to indicate that the program is unregistered. + +The first line of code is checking the value contained in the memory location +to see if it is 00 or not. If the location does contain 00, the compare +instruction will cause the Zero flag to be set. If the location contains any +other value than 00, the Zero flag will be cleared. + +The second line of code makes the decision on how to proceed based on the +results of the compare instruction. The JNZ instruction will make the jump to +the fourth line of code if the zero flag is cleared. This will bypass the call +to the nag screen on the third line. If the zero flag is set, no jump will +occur and the call will be made. + +The third line of code contains the call to the nag screen. If it is executed +the nag screen will be displayed. The fourth line of code is just the next +instruction in the program. + +Once you have found and analyzed this piece of code within the program, you +can now decide on how to bypass the call on the third line. There is no single +way to do this. I can think of a half dozen different ways to patch the +program so it will not make the call. But there is a best way... + +First, you could just replace the JNZ 014B with JMP 014B. This is an +unconditional jump and it will bypass the call on the third line no matter +what the memory location that the first line of code is referencing contains. + +You could also change it to read JZ 014B so that the jump will be made if the +location contains 00, and not the other way around. You could even change the +CMP BYTE PTR [A76C],00 instruction to JMP 014B. + +Or you could just NOP out the call on the third line altogether seeing as how +it's a local call. By a local call I mean that the code contained within the +call resides in the same code segment as the call instruction itself. + +This is an intersegment call. You will see other calls that reference lines of +code outside of the current code segment. These are intrasegment calls, and +have to be handled differently. They will look something like CALL 0934:0AC5, +or CALL FAR 0002. I'll go over how to handle intrasegment calls later on. + +NOP is short for no op-code, and it is a valid instruction that the +microprocessor understands. It is only one byte in length, and the call +instruction is three bytes in length. So if you wanted to nop out the call +instruction you would have to enter the NOP instruction three times in order +to replace it. And if you replaced the CMP BYTE PTR [A76C],00 with JMP 014B, +you would have to pad it out with a few nop's as well. + +The compare instruction is 5 bytes and the jump instruction is only 2 bytes, +so you would have to add 3 nops in order to equal the length of the original +compare instruction. Otherwise you would throw off the address of every +instruction after it in the program and end up with a bunch of unintelligible +garbage. Not to mention a major system crash... + +When the NOP instruction is encountered no operations will take place and the +CS:IP will then be incremented to the next instruction to be executed. A lot +of compilers leave nop's in the code all the time and it's a great instruction +you can use to wipe out entire lines of code with. + +The above methods of bypassing the call are called 'dirty' cracks in that they +have only modified the end result of the protection check and have done +nothing to alter the actual protection check itself. + +All the techniques I showed you above are only implemented after the check is +made. They will bypass the nag screen, but what if the program also has +registered features that are disabled or displays another nag screen upon +exit? The above methods only remove the original nag screen and don't address +the reason the screen is being displayed in the first place. + +A much cleaner way to crack the above piece of code would modify the cause and +not the effect. And could be written like this: + + original code new code + +09D8:0140 CMP BYTE PTR [A76C],00 09D8:0140 MOV BYTE PTR [A76C],01 +09D8:0145 JNZ 014B 09D8:0145 JMP 014B +09D8:0148 CALL 0C50 09D8:0148 CALL 0C50 +09D8:014B MOV AH,18 09D8:014B MOV AH,18 + +Remember that the protection check is basing it's actions on the value +contained in the memory location that the first line of code is checking. The +original code displayed the nag screen if the value of that location was 00, +meaning it was unregistered. So that means a value of 01 indicates a +registered copy. It could be the other way around as well, it just depends on +how the programmer worded the source code. But we know in this case that +00=false so 01=true. These are Boolean expressions and most compilers use the +AX register to return these values. + +By changing the first line from CMP BYT PTR [A76C],00 to MOV BYTE PTR +[A76C],01 the program no longer performs the protection check. Instead, it +places the correct value in the memory location to indicate a registered copy. +Now if the program checks that memory location again later on it will think +that it is registered and activate all of it's disabled features, or not +display a second nag screen upon it's exit if it has one. + +I changed the second line of code to an unconditional jump because the compare +instruction on the first line no longer exists, and the conditional jump on +the second line may still access the call to the nag screen on the third line +if the Z flag was already set before the old compare instruction was +encountered. + +Don't think that all programs are this easy, they're not. I just +over-simplified this example for instructional purposes. And I really wouldn't +patch the code like that, although the last method should work fine for all +registered features to be enabled. Remember I told you there was a best way to +crack this? + +What I would actually do is to trace further back into the program and find +the line of code that sets up the memory location referenced by line one of +the code for the protection check in the first place and modify it there. This +is an example of a 'clean' crack. + +I just did it in the above manner to try and show you the difference between +clean and dirty cracks without totally confusing you. And to give you a +general idea on how to creatively modify existing code. + +If you are using soft ice as your debugger, an easy way to find the +instruction that sets up the memory location for the protection check is to +set a breakpoint on the location when it gets 00 written to it. The syntax +would be BPM XXXX:XXXX W EQ 00, where XXXX:XXXX is the address of the memory +location referenced by the compare instruction on line 1. + +Now when the program wrote 00 to that memory location, soft ice will pop up +and the CS:IP will be sitting at the next instruction after the one that wrote +00 to the memory location. You will now be able to evaluate the code around +the instruction that writes to the memory location and decide on how to +proceed. + +This also could just be a general purpose location that the program uses for +generic references (especially if it's in the stack segment), and it could +write 00 to it several times throughout the course of the program for a +variety of different functions. You should let the program run normally after +soft ice broke in to see if it will trigger the breakpoint again. If it +doesn't you know that the location is only used for the protection check. But +if the breakpoint gets triggered several more times, you will have to figure +out which set of instructions are being used to set up for the protection +check before proceeding. + +The above examples were based on shareware programs. Now I'll go over a few +techniques to remove copy protection from commercial games that have doc +checks in them as the methods are slightly different... + +shareware programs are usually coded so that they check a variable in memory +before deciding if they are registered or not and how to proceed. Commercial +games with doc checks take a different approach as they check nothing before +calling the copy protection. It always gets called every time you play the +game no matter what. As a result, the doc check routine is usually easier to +find, and there are basically two types of doc checks... The passive check, +and the active check. + +The passive doc check is easier to defeat than the active. In the passive doc +check, the program will issue a call to the copy protection routine. And if it +is unsuccessful will either abort the program, or loop back to the beginning +of the routine and give you a few more tries before aborting. The entire +protection routine will be included in a single call, so merely nopping out +or bypassing the call will be sufficient to remove the copy protection. + +A few good examples of this are Spear of Destiny by ID, and the Incredible +Machine by Sierra. Yes I know that they are old, but if you happen to have a +copy of either one laying around they are excellent examples of passive doc +checks to practice on. + +Look at the following piece of code: + +0277:01B5 MOV [AF56],AX +0277:01B8 PUSH BX +0277:01B9 PUSH CX +0277:01BA CALL 0234 +0277:01BD POP CX +0277:01BE POP BX +0277:01BF JMP 0354 + +The first three lines of code are just setting up for the call, the call on +the fourth line is the protection check itself. It will display the input +window asking for a word from the manual, will perform the protection check, +and will display an error message if you input the wrong word. It can also +optionally give you a few more tries if you type in the wrong word. + +If you fail the protection check, the program will abort without ever having +returned from the call. The fifth, sixth, and seventh lines are the next +instructions to be executed if the protection check was successful and the +program returns from the call. + +This type of protection is trivial to defeat, all you have to do is the +following: + + original code new code + +0277:01B5 MOV [AF56],AX 0277:01B5 MOV [AF56],AX +0277:01B8 PUSH BX 0277:01B8 PUSH BX +0277:01B9 PUSH CX 0277:01B9 PUSH CX +0277:01BA CALL 0234 0277:01BA NOP +0277:01BD POP CX 0277:01BB NOP +0277:01BE POP BX 0277:01BC NOP +0277:01BF JMP 0354 0277:01BD POP CX + 0277:01BE POP BX + 0277:01BF JMP 0354 + +Simply nopping out the call to the protection routine will be sufficient to +crack this type of doc check. No window asking for input will appear, and the +program will continue on as if you had entered the correct word from the +manual. Remember that I told you that the NOP instruction is only one byte in +length, so you have to enter as many nop's as it takes to equal the length of +the code you are modifying. + +The active doc check is more complex. The program will issue the check and +unlike the passive protection, will set a variable in memory somewhere and +reference it later on in the program. + +You can crack this type of protection somewhat using the methods for the +passive check and it might run fine for a while. But if you didn't crack it +right, later on when the next episode gets loaded or you reach a crucial point +in the game, the program will reference a memory location and bring up the +copy protection again, or abort. This type of protection is more akin to how +most shareware programs operate and MUST be done with a CLEAN crack. + +Look at the following piece of code: + +0234:0B54 MOV CX,0003 ;Sets up to give you three tries +0234:0B57 DEC CX ;deducts one for every time through the loop +0234:0B58 JCXZ 031A ;when CX=0000, program will abort +0234:0B60 PUSH CX ;just setting up for the call +0234:0B61 PUSH DS ; " " +0234:0B62 PUSH ES ; " " +0234:0B63 CALL 035F:112D ;call to input window and validation routine +0234:0B68 OR AL,AL ;seeing if check was successful +0234:0B6A JNZ 0B6E ;yes, continue on with the program +0234:0B6C JMP 0B57 ;no, set up for another try +0234:0B6E CALL 8133 ;next line in the program if check was good + +The above code is the outer loop of the protection routine. Look at the call +on the seventh line and the compare instruction on the eighth line. When the +call to the input routine or in the case of shareware, the check routine is +paired with a compare instruction in this manner, You can bet that the program +set a memory variable somewhere inside the call. Especially suspicious is the +unconditional jump on line 10 that jumps backwards in the code. + +This won't always be the case as no two programs are alike, and simply +changing line 9 of the code from JNZ 0B6E to JMP 0B6E to force the program to +run even if you fail the doc check may allow the program to run just fine. +Let's say that this is how you patched the program and it runs. Great, your +work is done... But what if before the first level loads, or at some other +point within the program the input window pops up again asking for a word from +the manual? + +You realize that you should have patched it right in the first place as you +now have to go back in there and fix it. This is why so many groups have to +release crack fixes, they patch the program in a hurried manner and don't even +run it all the way through to see if it's going to work. + +Ok, back to the problem at hand... The above method of patching the program +didn't work, so you now have to load the program back into the debugger and +trace into the call on line seven to see whats going on in there. And you +can't NOP this kind of call out either, this is an intrasegment call. + +Certain things in programs get assigned dynamic memory locations, and +intrasegment calls are one of those things. When the program gets executed, +the code segment, data segment, extra segment, and stack segment get assigned +their respective addresses based on the memory map of your computer. + +And when a program does a FAR call (a call to a segment of memory outside the +current code segment), The program goes to the address that was assigned to +that segment at run time. The CS, DS, ES, and SS will be different on every +computer for the same program. + +And seeing as how these addresses don't get assigned until run time, the +actual bytes for the addresses of far calls don't exist in the program file as +it resides on your disk. That's why you can't just NOP a CALL FAR instruction +out. + +However, the bytes for calls that are within the same segment of code as the +calling instructions themselves will be contained within the file as it +resides on disk. And that is because even though the program doesn't get the +addresses for the actual segments until run time, the offsets within those +segments will always be the same. + +Back to the example, let's say you've traced into the call on line seven and +this is what you see: + + +035F:112D MOV [324F],BX ; +035F:1131 CMP BYTE PTR [BX+06],03 ; just some error checking +035F:1135 JNZ 0339 ; + +035F:1137 CALL F157 ; call to the input window that + ; asks you to type a word in from + ;the manual + +035F:113A MOV DI,[0332] ; this routine is comparing the +035F:113D MOV ES,DX ; word you typed in to a word +035F:1140 MOV DS,BX ; in memory that the program is +035F:1144 MOV SI,[0144] ; referencing. As long as the +035F:1148 MOV CX,[0097] ; bytes match the loop will +035F:114C REPE CMPSB ; continue. + +035F:114F JCXZ 1154 ; This is the routine that sets +035F:1151 JMP 1161 ; the memory variable. 01 will be +035F:1154 MOV AX,0001 ; placed in it if you typed in +035F:1159 MOV [0978],AX ; the correct word. 00 will be +035F:115E JMP 116B ; placed in it if you typed in +035F:1161 MOV AX,0000 ; the wrong word. +035F:1166 MOV [0978],AX ; + +035F:116B POP ES ; setup to return from call +035F:116C POP DS ; " " +035F:116D POP CX ; " " +035F:116E RETF ; return from call + + +Again, this code is over simplified as I figured all of the code would be +overwhelming and really is not needed to get my point across. And as I've +stated before, every program will be different anyway, so the actual code +wouldn't help you. Instead, I want to give you a general overview on what to +look out for. + +So, what do you think is the best way to patch the above piece of code? Take a +few minutes to study the code and formulate some ideas before reading on. Then +compare your methods to mine. And remember, as with any code there is no +single way. But as always, there is a best way... I'll go over few of them one +at a time, starting with the dirtiest and finishing up with the cleanest. + +The dirtiest crack for this piece of code also happens to be the method you +will use to nop out intrasegment calls. It really isn't nopping out, but +seeing as how you can't nop it out, just let the program make the call and +change the first line of the code within the call to RETF. This will return +from the call without ever having executed any of the code contained within +it. + +In the case of registers needing to be restored as in the above code, change +the first line of code to jump to the part of the routine that restores the +registers for the return. However, in the above example if you use this method +and just return from the call without executing any of the code, you will also +have to patch the outer loop as well. + +Remember that this call only displays the input window and sets the memory +variable. The outer loop of the routine makes the decision on how to proceed +based on the results of the call. + +To do this, you would change line one of the call from MOV [324F],BX to JMP +116B. This will restore the registers and return from the call without ever +having executed any of the code within the call. But seeing as none of the +code got executed, you'll have to patch line 9 of the outer loop from JNZ 0B6E +to JMP 0B6E as you now need an unconditional jump to force the program to +continue. This doesn't address the problem of the memory variable though, and +the program won't be completely cracked. That's why if you did it like this +you would end up releasing a fix. + +A cleaner crack would be to change line 11 of the call from JCXZ 1154 to JMP +1154. Now when the window pops up and asks for a word, it will set the correct +memory variable and the program will run no matter what word you type in. This +method is still not desirable because the end user will get the input window +and have to type something every time they play the game. + +The cleanest way to crack this, and the way I would do it is to change line 4 +of the call from CALL F157 to JMP 1154. This method will totally bypass the +input window, place the correct variable in memory and return from the call +without the end user ever having seen even a hint of copy protection. + +With this method, the outer loop does not need to be patched cause the program +now thinks that it displayed the input window and the correct word was typed +in. Now when the program checks that memory variable later on, it will think +that you successfully passed the original check and skip the second protection +check. + +There is also an added benefit to the last method... Some games will bring up +the protection check between each and every level of the game even though you +type the correct word in every time. But if you've completely killed the +routine as in the last example, you'll never be bothered by it again no matter +how many times the program tries to bring it up. + +Please be aware of the fact that these are not the only methods that +programmers will use in copy protection schemes. These are just the basics and +there are several variations on these routines. The only way to be able to +know what any given routine is doing at any time is to master assembly +language. + +Before we move onto the walk though, there is one other technique I want to go +over with you. And that is how to get out of a loop. You will get stuck in +loops constantly during the course of debugging a program and knowing how to +get out of them will save you a lot of time and frustration. You will find +that programs contain loops within loops within loops etc... Some loops can +execute hundreds of times before the program will advance, especially ones +that draw screens. + +When you realize that you are stuck in a loop, execute the loop several times +and keep an eye on the highest address the loop reaches before jumping +backwards within the code. Once you have found the end of the loop, write down +the address of the jump that re-executes the loop, and then look for +conditional jumps inside the loop that will put you past the address of that +backwards jump. You will want to set a breakpoint on the address this +instruction jumps to and then let the program run normally. The HERE KEY is +excellent for this type of situation. + +If you guessed right, control will be returned to the debugger when the +program reaches that instruction. If you guessed wrong, you will lose control +of the program and will have reload it and try again. This is where writing +down the address comes in handy, just reload the program and then issue the GO +TO command and supply it the address of the backwards jump that you wrote +down. + +The program will run until it reaches that address and control will then be +returned to the debugger. This will save you from having to trace all the way +through the code again in order to reach the point where you lost control of +the program in the first place. You could just use sticky breakpoints instead, +but what you will end up with is a half dozen or so breakpoints in as many +different locations in the code, and it's very easy to loose track as to which +breakpoint is which. + +That's why I use non-sticky breakpoints and write down the address I'm +currently at before executing suspicious looking calls and jumps. My desk is +usually scattered with scraps of paper filled with notes and addresses. I only +use sticky breakpoints for specific situations. It's much easier to just +reload the program and use the GO TO command to get back to the point in the +program where I lost control. + + + +CHAPTER 4 WALK THROUGH OF AN EASY CRACK +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +First of all, I want to go over some of the criteria I used in choosing the +program I used for the walk through. An important factor was the programs +size. I want to keep this manual as small as possible, and I chose the program +that is included in this guide because among other things it is the smallest +one I could find that best illustrated the example of a simple nag screen. + +Whether or not the program was one that you would actually find useful was not +a consideration, as you should eventually be able to crack just about any +program you wish if your serious about cracking. If you come across a program +that has you stumped, leave it alone for a while and then try again after +you've cracked something else. You may find that whatever you were having +problems with is now easier to understand. + +Before we start I want to go over one other thing. When you load a program +into a debugger, the debugger will load the program and halt at the very first +instruction to be executed within the program. You can also at this point let +the program run normally and then break back into it at a later point. + +When you use the second method it will halt the program at the current +instruction and return control to the debugger, but you may not end up in the +program itself. You could have broken into the program while it was in the +middle of executing either a DOS or BIOS interrupt, and the code you are in +belongs to either DOS or BIOS and not the program you are debugging. + +You can tell by looking at the addresses of the instructions in the code +window where you are, low segment addresses indicate you are in DOS, and +addresses that start with FXXX indicate a BIOS routine. + +If you break into the program while it is in one of these interrupt routines +you will have to trace your way back into the programs code, this will usually +be indicated by an IRET (interrupt return) instruction. When you do get back +to the program code, you will then have to trace your way back to the top of +the call that issued the interrupt you broke into. Then you may also have to +trace back to the top of that call, and to the top of that call, etc etc, +until you reach the top level of the program. After you've done this a few +times you'll begin to recognize when you've gotten back to the main flow of +the program... + +On the other hand, when you load a program into the debugger and begin +stepping through the code from the very first instruction to be executed +within the program, you have the best picture on the overall flow of the +program as you are sitting on top of everything. + +But some programs don't access the copy protection until they are further +along in the code. In this case, it's best to let the program run normally and +then break into it at a later point. Otherwise, you will have a ton of code to +trace through before the protection routine is accessed, and this can become +quite tedious. Which method you choose will be determined after you've run the +program through a few times and decide how and where you want to break into +it. + +One last thing, DOS will always load a program into the same memory range +provided that no other programs are run in the interim. It's important that +you always boot with the same config files and don't run any other memory +resident programs between cracking sessions. + +If you load a program into the debugger and start tracing, then quit. And +before The next time you load that same program into the debugger, you boot +with a different config or load a memory resident program that you didn't have +loaded the first time you started cracking that program, the segment addresses +will change and the addresses you wrote down will be useless. This is because +the memory map of your computer will change. + +When I boot with my debugging config (when I use my DOS debugger, Windows +manages memory differently and these steps are not needed), the only things I +load are a mouse driver, 4DOS, my debugger and ansi.sys (needed for cracking +bbs doors). This way I'm assured that the program I want to crack gets loaded +into the same memory region every time I run it, providing I don't run any +other memory resident programs before loading the program to be cracked into +the debugger. + +Take soft ice as an example, if you load a program into it using LDR.EXE and +begin debugging, then later on you decide to just execute the program and +break into it without first loading it with LDR.EXE, the segment addresses +will change. That's because LDR.EXE is a program and using it will throw the +segment addresses off by one word as opposed to just breaking into an already +running program without first loading it with LDR.EXE. + +The program we will crack is budget minder, it is an extremely simple crack +(it took me about 2 minutes to crack it) and is ideal for the lesson on how to +remove nag screens from otherwise fully functional programs. It also deals +with intrasegment calls, so it serves a dual purpose. That's another reason I +chose it for the lesson. + +From now on, when I say step, step through, or step over, I want you to use +the SINGLE STEP key. When I say trace, I want you to use the TRACE key once +and only once!!!! The TRACE key is a highly specialized key and is not +intended to be used multiple times like the SINGLE STEP key. If you don't +follow these instructions, your gonna get lost... + +OK, once you've run budget minder a few times you will notice that it displays +a nag screen before the main program is executed. You will also notice that +this nag screen is the only type of protection that the program has. It +doesn't contain any features that are disabled, nor does it display an +additional nag screen upon exit. + +It's okay to apply a dirty crack to this program as all you want to do is kill +the nag screen, so you have a little more leeway on how to patch it. And if +you want to try different methods of patching it than the ones I give, it +should still work fine. + +That was the most important factor in my decision to use this program for the +lesson. I wanted to walk you through a program so you would become comfortable +with it's flow, and I also wanted the program to be easy enough so that once +you became familiar with it, there was enough room for you to experiment and +try out your own methods. + +In this case, it's best to load the program into the debugger and start +stepping through it right away. The protection is implemented very close to +the beginning of the program, and this method of loading the program will put +you right on top of everything. + +Allowing the program to run and breaking into it later on will not serve any +useful purpose. You'll just end up having to trace your way back to the top. +Besides, the nag screen comes up so fast you'll probably miss it if you try +the second method anyway. + +Before you load it into the debugger, run UNP on BUDGET.EXE... AHA! The file +was compressed with EXEPACK. It's now ready to debug as you've removed the +compression envelope. Just for the hell of it, run UNP on it again. I've come +across a few programs that have had multiple compression routines on them. If +it shows up negative, your set to go. + +Now load BUDGET.EXE into the debugger, the program will be sitting at the +first instruction to be executed awaiting your next command... Use the SINGLE +STEP key to start stepping through the code and keep an eye on the +instructions as you are stepping through them. + +Shortly you will come to a couple of calls, before you step over the first +one, write down it's address. Now step over the first call with the SINGLE +STEP key. Nothing happened, so you have to continue stepping through the code. +But if something did happen when you stepped over this call like the nag +screen being displayed or if you lost control of the program, you could just +reload the program and issue the GO TO command to get back to that point using +the address you wrote down. + +Step over the second call, nothing again. Ok, keep stepping through the code +and keep an eye on the instructions. You will encounter a third call about 6 +instructions or so after the second call, step over it with the SINGLE STEP +key... Bingo, you have found the call to the nag screen. Hit a key to exit the +nag screen and you will now be sitting in the main program screen. + +But you no longer have control of the program. Remember I said you would loose +control if you step over a call loop or interrupt and the program never +returns from it? Hopefully you wrote down the address of that last call before +you executed it. Now you can just quit out of the program and reload it. Then, +once it's reloaded, issue the GO TO command to get back to the call without +having to trace your way back there. So go ahead and do this before reading +on... + +Ok, we are all back at the third call. It's address will be CS:0161, remember +that the segment adresses will always be different for every computer, but the +offsets will be the same. So from now on I'll write the addresses in that +manner... + +We know that the last time we executed this call, the program never returned +from it. So now we are going to have to trace into it for a closer look. Trace +into the call with the TRACE key, don't use the SINGLE STEP key this time or +you'll loose control again. + +You will now be inside the code for that call, start stepping through it again +with the SINGLE STEP key, you will see some calls. Better write down your +address before you step over them. + +Step over the first two calls, nothing... Use the RESTORE USER SCREEN key to +toggle the display between the debugger and the program. Still a blank screen, +so nothing important has happened yet. Now toggle the RESTORE USER SCREEN key +to get the debugger screen back and continue stepping through the code. + +You will see another call and some more code, just step through them until you +reach the RETF instruction and stop there. Toggle the display with the RESTORE +USER SCREEN key, the screen is still blank... + +But we executed all of the code within the call and are ready to return +without anything happening. The nag screen didn't get displayed nor did we +loose control and end up in the main program, How come? + +Step over the RETF instruction with the SINGLE STEP key and you'll see why... +The address that we return to is not the next instruction after the original +call. Part of the code within the call we traced into revectored the return +address for the original call and sent us to an entirely different location +within the program. + +This is why we lost control when we first stepped over the call, the debugger +was expecting the program to return to the next instruction after the original +call, but it never did... + +So the instruction that we returned to was not the original line of code that +was expected, instead we are at another far call. If you haven't gotten lost +you should be at CS:0030 CALL CS:28BC. + +Write down the address of the CS:IP and then step over this call with the +SINGLE STEP key, there is that annoying nag screen again. Hit a key to exit +the nag screen and control will be returned to the debugger. This time the +program returned from the call and you are in control again. So you now know +that this call is the one that displays the nag screen and it is the one you +want to kill. + +Hit the RUN key and let the program run, now quit out of it from the main +program screen and reload it into the debugger. Use the GO TO command and +supply it the address for the call to the nag screen. + +Ok, now lets see if the program will run or not if we don't execute the call +to the nag screen. The call is at CS:0030 and the next instruction after the +call is at address CS:0035... A quick way to jump past this call without +executing it is to just increment the instruction pointer register to the next +instruction. + +In this case we want to manipulate the IP register, and we want to set it to +point to the instruction at CS:0035 instead of the instruction it is currently +pointing to at CS:0030. You are going to have to figure out the command on how +to do this with the debugger you are using yourself. + +If you are using turbo debugger, place the mouse cursor on the line of code at +CS:0035 and right click the mouse. A window will pop up, then left click on +new IP, or increment IP. If you are using soft ice, type rip=0035 and hit +enter. Any other debugger, I have no clue... + +Now that we've moved the IP past the call to the nag screen let's see if the +program is going to run. Hit the RUN key, this time the nag screen doesn't +come up, instead you are brought right into the main program screen. + +It looks like getting rid of that call is going to do the trick. Now that we +know the program will run without making that call, it's time to decide on how +to patch the program so the call is never made again. + +Think back to the original call we traced into for a minute, that call was the +one that revectored the return address and brought us to the call to the nag +screen. Therefore, it's reasonable to assume that that call is the protection +check, and it might be a good idea to have another look at it. + +Before we do that there is one other thing I want to show you, and that's how +to allow the program to make the call to the nag screen and return from the +call without executing any of the code contained within it. + +This isn't the method we will use to patch this program, but it's an important +concept to grasp as you'll end up doing it sooner or later on some other +program anyway. Remember that this is a far call and you can't just nop it +out. + +Quit the program, reload it, and get to the address of the call to the nag +screen. Last time through we just incremented the IP to bypass it. Now we will +trace into it to see what it is doing. + +Hit the TRACE key and trace into the call. Now start stepping through it with +the SINGLE STEP key, don't bother writing any addresses down for now. There +are several dozen calls in this routine along with shitloads of other code. + +Toggle the display with the RESTORE USER SCREEN key after you step over a few +of the calls and you will see that the program is in the process of drawing +the nag screen. + +Keep stepping through it and you'll see more and more of the screen being +drawn as the code progresses. This is getting boring, so stop stepping through +the code and start scrolling the code window down with the down arrow key and +watch the code. If you are using soft ice, the F6 key toggles the cursor +between the code and command windows, and the cursor must be in the code +window in order to scroll it. + +What you are looking for is the RETF instruction as this is the end of the +call. Keep scrolling, I told you this call had a ton of code in it. When you +do find the RETF instruction write down it's address, it is CS:2B0E in case +your having trouble finding it. Ok, you've got the address of the RETF far +instruction written down so now just let the program run, quit out of it, +reload it, and get back to the call for the nag screen. + +You should now be sitting at the call to the nag screen, trace into it and +stop. The first instruction of the call is MOV CX,0016 and this is where the +CS:IP should be pointing to. What we want to do now is to jump to the RETF +instruction and bypass all of the code within the call itself. So let's +re-assemble the MOV CX,0016 instruction and replace it with a new one. + +First, make sure you are at this instruction, if you've traced passed it your +gonna have to reload the program and get back to it... OK, we are all sitting +at the MOV CX,0016 instruction and it's address is contained in the CS:IP +registers. + +Now ASSEMBLE JMP 2B0E (the offset address of the RETF instruction) and specify +the address of the CS:IP. The MOV CX,0016 instruction will be replaced with +JMP 2B0E. And seeing as how both of these instructions are the same length we +didn't have to pad it out with any nop's. + +Now hit the RUN key, you are brought into the main program and the nag screen +didn't get displayed! We allowed the program to make the call, but we didn't +allow any of the code within the call to be executed. And as far as the +program is concerned, it made the call and the nag screen was displayed. + +Now let's go back and take another look at the call that we suspect is the one +that contains the protection check itself. Reload the program and go to the +original call that revectored the return address, now trace into it. I've +traced into the calls that are contained in here and they are setting up the +addresses for the RETF instruction at the end of this call among other things. +You don't need to trace into them as you might not understand what's going on, +but if you feel up to it, go right ahead. + +What I want to concentrate on are the last four lines of code in the call as +they are the ones that finally set up the address to return to. Step through +the code until you are at CS:00A8 and take a look: + +CS:00A8 8B04 MOV AX,[SI] DS:SI=0000 +CS:00AA 053000 ADD AX,0030 +CS:00AD 50 PUSH AX +CS:00AE CB RETF + +The first instruction is loading the AX register with the contents of the +memory location that the SI register is pointing to. And you can see by +looking at the memory location that the DS:SI pair is pointing to that it +contains 0000. (this is where the display command and data window come in +handy). + +The second instruction is adding 0030 to the contents of the AX register. + +The third instruction is placing the contents of the AX register onto the top +of the stack. + +The fourth instruction is returning from the call, and where do you think that +the RETF instruction gets the address for the return? Yep, you guessed it, it +gets it off the top of the stack. Funny that the instruction right before it +just placed something there isn't it? + +Also funny is that it happens to be the address of the nag screen. Look at +what is being added to the AX register on the second line of code. Boy that +sure looks like the offset address to the nag screen to me. + +Remember that the next instruction after the nag screen is CS:0035, now look +at the first line of code. The contents of the memory location it's +referencing contains 0000, and I'll bet that if your copy was registered it +would contain 0005 instead. + +Why? because if the first instruction placed 0005 in the AX register, when the +second line of code added 0030 to it, you would end up with 0035 which happens +to be the address of the next line of code after the nag screen. + +Then the third instruction would place 0035 on the stack and that is where the +RETF instruction would go to. If this were the case, the nag screen would +never get displayed... + +Well, what do you think we should do? We could trace further back in the +program and try to find the instructions that place 0000 in that memory +location and modify them to place 0005 in there instead, but this process is +somewhat involved and I don't want to throw too much at you at once. + +Instead, I have an easier solution. Seeing as how the memory location will +always contain 0000, why don't we just change the ADD AX,0030 instruction to +ADD AX,0035? This should get the correct address placed on the stack for the +RETF instruction to bypass the nag screen... + +Let's try it and see how it works. SINGLE STEP through the code until the +CS:IP is at the instruction ADD AX,0030. Now, ASSEMBLE the instruction to read +ADD AX,0035 and hit the RUN key. We are placed in the main program screen +without any stinkin' nag screen getting displayed! + +Congratulations! you have just cracked your first program :) Try other methods +of patching the program besides the ones I went over. The next chapter will +deal with how to make the changes you've made permanent. + + + +CHAPTER 5 HOW TO USE THE DISK EDITOR +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +Ok, we cracked budget minder in the debugger and know it's going to work. Now +we need to make those changes permanent. The first thing we have to do before +we load the file into the disk editor is to create a search string. + +So we are going to have to reload budget.exe into the debugger and trace back +to the location where we want to make the patch in order to get the hex bytes +of the instructions we want to search the disk file for. + +Load budget.exe back into the debugger and trace back to the last four +instructions of the original call that revectored the return address. You +should be looking at this: + +CS:00A8 8B04 MOV AX,[SI] +CS:00AA 053000 ADD AX,0030 +CS:00AD 50 PUSH AX +CS:00AE CB RETF + +The group of numbers to the right of the addresses are the hexadecimal +representations of the mnemonic instructions. These are the bytes that we will +use for our search string. So write them down beginning from top left to +bottom right so you end up with this: 8B0405300050CB + +This is the byte pattern that we will search for when we load the file into +the disk editor. We have a search string, but we also need to make a patch +string as well. In order to do this, we will have to assemble the new +instructions in memory, and then write down the changes we've made to the +code. + +So ASSEMBLE ADD AX,35 and specify the address for the old ADD AX,0030 +instruction. The new code should look like this: + +CS:00A8 8B04 MOV AX,[SI] +CS:00AA 053500 ADD AX,0035 +CS:00AD 50 PUSH AX +CS:00AE CB RETF + +Notice that we only re-assembled the second line of code and that is the only +difference between the new code and the original code. So what I want you to +do is to write down the changes under the old code it replaced so it looks +like this: + + 8B0405300050CB <-- search string + ^ + 5 <-- patch string + +Now we are all set to load the file into the disk editor. We have a string to +search for and another one to replace it with. Load budget.exe into your disk +editor, select the search function, and input the search string. + +NOTE: some disk editors default to an ASCII search so you may have to toggle +this to hex search instead. If your in the wrong mode, the disk editor will +not find the byte pattern your looking for. + +Once the disk editor finds the byte pattern of the search string, just replace +the bytes of the old code with the bytes to the new code and save it to disk. +The program is now permanently cracked. + +Sometimes however, the code you want to patch is generic enough that the +search string will pop up in several different locations throughout the file. +It's always a good idea to keep searching for the byte pattern after you've +found the first match. If the disk editor doesn't find any more matches your +all set. + +If the string you are searching for is contained in more than one location and +you patch the wrong one the crack will not work, or you will end up with a +system crash when you run the program. In this case, you'll have to reload the +program back into the debugger and create a more unique search string by +including more instructions around the patch site in the search string. + +One last thing, you cannot include instructions that reference dynamic memory +locations in the search string. These bytes are not contained in the disk +file. So keep this in mind when you are creating your search strings... + +And the protection might not be included in the main executable either. If you +cannot find the search string in the main exe file, load the other program +files into the disk editor and search them as well, especially overlay files. +Fortunately for you, I've included a tool to help you do this. + + + + +CHAPTER 6 OTHER CRACKING TOOLS +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + +In addtion to UNP, there are several other tools that you can utilize to make +your job easier. These tools were not designed with the cracker in mind, but +they can be adapted to serve our purposes rather than the ones which they were +written for. + +UNP and other programs like it were written to remove the compression +envelopes from exectables so you would be able to scan those files with a +virus scanner among other things. If someone were to attach a virus to an exe +file and then compress it, the file for all intents and purposes would be +encrypted. Now when you downloaded that file and ran your virus scanner on it, +it might not find the virus. + +But crackers found a different use for these types of programs. We use them to +remove the compression envelope so that we can find the byte strings we want +to search the files for. I'm sure most of the programmers who wrote these +programs never intended them for this purpose. There are some out there though +that were written by crackers with this exact purpose in mind. + +Don't just rely on UNP as your only program to do this. No one program will be +able to remove evrything you come across. It's a good idea to start collecting +these types of programs so you have more than one alternative if you come +across a compressed file, and your favorite expander doesn't understand the +routines. Be aware though that some programs are actually encrypted and not +compressed. In this case the expander programs will prove useless. + +Your only recourse in this instance is to reverse engineer the encryption +routine while the program is decrypting to memory, and modify your search +string to search for the encrypted version of the bytes. Or you could write a +tsr patcher that impliments your patch after the program is decrypted to +memory. + +There is another category of programs you can adapt to your use and they work +in conjunction with the file expanders. These types of programs will scan +entire directories of files and pop up a window that displays which files are +compressed and what they are compressed with. They won't remove the +compression routines from the files themselves, but will only inform you which +files are compressed and which are not. UNP also includes a command line +switch to do this... + +Now instead of blindly running UNP on several different program files to see +if they are compressed or not, you can see at a glance if you even need to run +it at all. And if you do, you'll know exactly which files to run it on. This +is another time saving type of program and there are several out there, you +just have to look for them. + +Another type of program that you will find useful will scan entire +disks/directories/subdirectories of files for specific hex or ascii byte +patterns contained within those files, and this is the purpose of the second +uuencoded cracking tool contained in this guide. + +One method I use to determine if a shareware program is registerable or not +before actually loading it into the debugger is to use this tool. + +I usually will have it scan all the programs files and input the string REG. +This will show all files that contain the string unREGistered and REGistered. +If it returns a string that contains REGistered in a file other than the doc +files, I know the program can be made into the registered version. This is +just a quick check I do on programs that have certain features diabled to +determine if the program does contain the code for the registered version. + +An added feature of this program is that after you've cracked a program and +have a byte string to search for, you can run this program in hex mode and +input your search string. Now it will search all of the programs files and +return the name of the file that contains your search string, then you can +just load that file into the disk editor and make the patch. + +It will also let you know if your search string is contained in more than one +location within the file. Remember, if this is the case you'll have to reload +the program back into the debugger and create a larger search string by +including more instructions around the patch site. + +The programs name is SS303 and it's very easy to use, just read the docs for +it... + +These are the 'accessory' tools I use in cracking, there are several more out +there, I just don't have any use for them. And if you are dilligent, these are +all you'll really need as well. + + +CHAPTER 7 SOURCE CODE TO A SIMPLE BYTE PATCHER +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +As I've stated in the overview chapter, if you want to distribute your patches +you are going to have to write a patcher program. Simply releasing the patched +version of the program file is not desirable. For one thing it's illegal, +another consideration is size. Some files you patch will be 300K or more, and +this is quite a large crack to release. The patcher program included in this +guide is much much smaller, it will assemble to about 600 bytes or so, +depending on the size of your logo. + +And what if you want the end user to be able to register the program in their +own name? A patched .exe or .ovr file will not allow this. + +When you release a patch that you yourself wrote, you are not breaking any +laws. The program was written by you and is your intellectual property to do +with as you see fit, including making it available for public use. The person +breaking the law is the end user who will use it to illegally modify someone +elses intellectual property contrary to the licencing terms they agreed to +when they installed the program. Remember, it's not illegal to write and +distribute a crack, but it is illegal to apply a crack. + +That's why all of the programs I've included in this guide are shareware +programs in the original archives as released by the authors and have not been +tampered with in any way. I'm not about to release a modified version of +someone elses copyrighted property. The only thing I am doing is supplying you +with the original archive and the information on how to modify it if you wish, +this is not illegal. If you decide to take the program and modify it that's +your problem, not mine... + +This patcher routine is very simple, I wrote it about 5 years ago and it was +my very first patcher program. It is a brute force patcher in that it will not +do any error checking and blindly patch the program you specify with the byte +pattern you supply. This method has it's advantages and disavantages. + +The disadvantage to this method is that seeing how the program does not +perform any error checking it will patch the file specified with the +replacement string even if it's not the correct version of the program. If the +filename is the same, the patch will be applied. + +Let's say you crack a program called Ultimate Menu and the version number is +1.0, and the file you patch is called menu.exe. Now let's say a little while +later version 1.5 of the program comes out and someone who has your patch for +version 1.0 decides to run it on version 1.5 of the program. + +This byte patcher will not check the new menu.exe for any changes before +making the patch, it will just patch the program in the location you specified +with the string you supplied even if the code you want to change is no longer +there. This could very well be the case if the programmer has significantly +re-written the code between versions, and what will end up happening is the +file will be corrupted and probably crash the system when it is run. + +But this is also the advantage of my byte patcher. If the code to be replaced +is still in the same location in the new version, you'll not have to release a +new crack for each version of the program. Bear in mind that when I wrote this +program I was just starting out and didn't consider these possibilities. The +reason I included it in this guide was to give you an idea on how to write +your own patcher or to modify this one to suit your own purposes. + +The patcher program that I use now is extremely complex and would just confuse +the hell out of you. Basically what I do is to make a backup of the original +file I am going to patch and then patch the original file. Then I run my +patcher program on the two files, it compares the differences between the +original file and the patched one and saves them to a data file. I then +assemble a patch using the data file. + +What I end up with is a patch that will check the file you are running it on +to see if it is indeed the correct version before applying the patch. If it's +not, the patch won't be made. This method also allows me to make multiple +patches at different locations throughout the program. The byte patcher +included in this guide will only allow one string to be patched in one +location. But if you do a clean crack, that's all you'll usually need anyway. + +Ok. here is the source code to the patcher program, I've commented as much as +I could throughout the code to make it more understandable. I also wrote it to +be generic enough so that you can re-use it over and over simply by plugging +in certain values and re-assembling it. + +NOTE: the patch offsets are not the segment:offset adresses of the code as it +resides in memory, but the offset from the beginning of the disk file. + +.model small +.code +ORG 100H +start: JMP begin + +;****************************************************************************** +; these are all the variables you set to crack a file, +; simply change the values and then assemble the program +;****************************************************************************** + +msb EQU 0000H ;the first part of the patch offset +lsb EQU 055AH ;the second part of the patch offset +cnt EQU 3H ;number of bytes in your patch +patch_data DB 'EB2E90',0 ;the byte string to be written +file_name DB 'go.pdm',0 ;the name of the file to be patched + +logo DB 'Cracked by Uncle Joe',0AH,0DH + DB ' -=W.A.S.P. 92=- ',0AH,0DH + +error1 DB 'FILE NOT FOUND',0AH,0DH + DB 'Make sure you have GO_CRACK.COM in the same',0AH,0DH + DB 'directory as GO.PDM',0AH,0DH + DB '$' + +error2 DB 'A fatal error has occured',0AH,0DH + DB 'the crack was not applied',0AH,0DH + DB '$' + +error3 DB 'GO.PDM has the read only attribute set',0AH,0DH + DB 'reset it before attempting to make the patch',0AH,0DH + DB '$' + +handle DW 0 + +;****************************************************************************** +; this procedure opens the file to be cracked +;****************************************************************************** + +open_it PROC near + MOV DX,offset file_name ;setup to open file to be + MOV AX,3D02H ;cracked + INT 21H + JNC done ;if successful, continue + + CMP AX,05H + JZ read_only + MOV AH,09H ;else display error message + MOV DX,offset error1 ;and exit + INT 21H + JMP exit +read_only: MOV AH,09H + MOV DX,offset error3 + INT 21H + JMP exit + +done: MOV handle,AX ;store the file handle for + RET ;use later and return +open_it ENDP + +;****************************************************************************** +; this procedure sets the file pointer to the patch location +;****************************************************************************** + +move_it PROC near + MOV AH,42H ;setup to move the file + MOV AL,00H ;pointer to the patch site + MOV BX,handle ;load the file handle + MOV CX,msb ;the first part of offset + MOV DX,lsb ;and the second part + INT 21H ;move the pointer + JNC ok ;if successful, continue + + MOV AH,09H + MOV DX,offset error2 + INT 21H ;else print error message and + JMP exit ;exit +ok: RET +move_it ENDP + +;****************************************************************************** +; this procedure writes the crack to the file and closes it +;****************************************************************************** + +patch_it PROC near + MOV AH,40H ;setup to write the crack + MOV BX,handle ;load file handle + MOV CX,cnt ;load number of bytes to write + MOV DX,offset patch_data ;point DX to patch data + INT 21H ;make the patch + + JNC close_it ;if successful, contintue + MOV AH,3EH + INT 21H + MOV AH,09H ;if not then something + MOV DX,offset error2 ;is wrong, disk may be write + INT 21H ;protected. If so, print error + JMP exit ;message and exit + +close_it: MOV AH,3EH ;crack was successful + INT 21H ;close file and return + RET +patch_it ENDP + +;****************************************************************************** +; the main program +;****************************************************************************** + +begin PROC near + CALL open_it ;open file to be patched + CALL move_it ;move pointer to patch site + CALL patch_it ;make the patch and close file + MOV AH,09H + MOV DX,offset logo ;display logo + INT 21H + +exit: MOV AX,4C00H ;and exit + INT 21H +begin ENDP + + END START + + + + +CHAPTER 8 CONCLUSION +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +Hopefully this guide has been useful in helping you understand the cracking +process. It is by no means an all inclusive guide, the main goal I had in mind +when I wrote it was to give beginners a push without confusing the hell out of +them. + +It is not feasable to try and include all of the tricks of the trade that a +beginner might find useful into one single guide, nor would I want to do this. +For one thing, this guide would be ten times the size it is now, and even then +it would not be an encyclopedia of what to do for every situation. If your +serious enough about cracking, you will discover enough tricks and develop +your own methods as you progress. And you have to be creative! What works in +one situation may not work again in a similar one. + +Instead, I tried to give you a general idea on how a programs code might +operate and what to look for. A successful cracker is not someone who +memorizes a specific set of actions to perform on a specific piece of code. A +successful cracker is someone who understands the flow of the code, and how to +adapt his methods to successfuly re-write the programs code to behave as he +wishes and not as the programmer intended it to. There are no set rules for +this, the very nature of the PC won't allow it. + +If you have any questions about cracking or are stumped by something, drop me +a note at an575063@anon.penet.fi, I'll be glad to give any advice I can. Or if +you simply just wish to discuss cracking techniques or anything of that +nature. + +NOTE: Do NOT mail me and ask me to crack programs for you! I'm not interested +in cracking for the masses. If you need something cracked, learn how to crack +it yourself. If you are unwilling to learn how, then register it. + + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +section 1 of uuencode 4.13 of file UNP411.ZIP by R.E.M. + +begin 644 UNP411.ZIP +M4$L#!!0``@`(`*B#OA[EZ1":U0```$8!```+````1DE,15])1"Y$25J%3T%JB +MPS`0O`OTAWF`:PCT`R75(21I?4A*Z6UK;[!`TAI)=N*^OHK=]MJ%79:=86;VS +M_-+@[;'>;&!NW(Z9/AWC8LO@VT"AXZC5P_^EU3FTXH?(*7%:!!+^#AVN-O=:I +M/>_,J8)Y-\W3=E_A\%'6"LW^L#L9%#-X"K-6DGN.:XA?"2L!8[;.9LNI!DILO +MK<@E`3DGUX191F0I_#!QS#\!+E&\5MO7XQTJ7HO'9%M&(26J($.VWG[Q'=2JS +M9RK_I@J1O4R,TM'1C(XR+5HK;=5>XDKD6BNMO@%02P,$%``"``@`[X&^'HU`< +M)9_`+0``K'D```<```!53E`N1$]#E7WMC?V!\@"2;2*!4ZA2C3GJ39B'^#^S#W&1=R\R2&_`!0I. +M]\5ZIBV+1`&)1"*_,^L)_5'TYS_ZO7[OX*/L@[^KO__O\%_X#'[[]W__/_P?7 +M_$D_XS=Q%/_\CX,'N_]U'N2I\.=WGTL+XK_^,PL^48^!&!^0+>T_H&#LWHX1" +M;82OO__G_OPO>!11K-27VC:-J=1LI]Z$'Q?:-[6=M^LX@/Y\U#OU_'2@SG[Y@ +MY24]W>_Q5].5]2K\OUD95;CPJ*D:W5@7YC2EJY:V6JK&*5T5RGS;E-I6^$D8: +MW7JCW.(5SQ86@_4^7=VHSR]&9V<1R/$W,V\;/2N-6MCP5VU\X^KP>&-+V^P$N +MG'YO>O[FPUA=OU47UU?3\=7T#J>^G-Q=?#B??!S?]GM?WIU/U>0.%WG=[_TV_ +MOAK?GG]0DZNWU_W>N^LO:GJM/MV-X?M^[^/X[N[\M_%=OW=U/1W?J>NK,/''' +MF]OP\?5M^/1V_-OD;CJ^G5S]1@^\&__^`TX=5I"1X\L?>%GXXN+\2MV./UY_8 +M'G<_#`O$SP'X\XLIS/IQ3!N[M'Y>:KLV=;\WC'_ZO4]586IU=:WFMIZW:]_H] +M:FZ\FJBY!NRKE2D+0-?&5=XB_ERM=+53A5[KI0G#6F\*-=OU>X!9KVRE&CA.# +M'N::59A_H^?W.-I5#9_>IG;+6J^]VB;R69M1O_=TNM*-\BO7AI4+IVRC7@U/U +M:!=?X*LP.2-_F/\)>[FZ.?9J'190F[;>.&^0J%P\;M,E`_PNP&?K`*U=VDJ7I +MRC>Z`2C>N:UY")"'U0$3`8XUS-"L-.Q/-R,B,_C.;1J[MF&Q\=?Q<&5T86H_A +M"&NNW8/I]PHS:Y?*5@M7KY&F!X"%,'7#,"QJMU:N,F'INITW+:R"8!'N!LJ'A +M1<(\MC;SL`L+C[@Z3++>A'T!\G$>6/'!A!VL;%&82CW8NO5A+%Z:A_#!6M_S6 +MMOL]V($J;%$=-ZIN*S@IW![^>ZEM-2)\_V8J4XK1KFV45HMS!8HI%IZM5W9^0IFZ/?6=KEJI +M5`,PAJ$.<.1M$18'E"$T%VG#XZ]C1EY&4'`2#Z8N]2YL=:@SE=F?J^V*U,;.)[TT +MX+P-X%<`OO5JUC;JC]8WR/#93"`94A?>L;BNO6F1&,,Q\T_-&>;TV.%-A81:OM(<+6=A"S9#Z1B`[( +M7+MGX?9G$+HC:Z33@G['OI6.2&G<_#HDRUR*7:Y=)X) +M.,#P=T_G8?7&\,PGR!;AY-NZ"H,=,OBP*=V6P#S/RT8.CF1_!N:@[ +MW[/-L5>^L66)AW=V>OI?P^9*"[P[XC,\A5<'*,^;RMO&/@#Y`5K#U@?AVUH5O +MSGCBXG">B'7SK8'1KA)D]WLK9O">9N.`S +MM/N]L%6^/3.CCF:VTO5./1U=7'\\.4(RT&%CL_PVA*&CR-8"6&_3W/T>3`Y`T +MU28\MU,P#R_^U(R6(S5ZP +MZP;F1+Z,&]FT0!'$72L@!9H!:"C./R#ID'T)B"34SM6OD7X:I^0D415&P3#*( +MA!O!W262>/8!AM\#0,Q4\!K-=B2$<3;\A$$(8V^(0X>]F<2-:^/;LH&[CKP]B +M4HYN&P?:RKSC#,!^_.F7(SH-.QZ$R!%$D?!RJ.(>&1^(!VB\(["0PCS.)$L`]#`# +MA=H[&+H^9:G6K@#(;`,PB`[H30/G0S-IGS@H\'SS30<8C7!BF(F9/O/BR.?#) +MNFQMP:!"#6=_(82%WU`W)A6A,MNX(C!2@F7`ES)3;9C]PK=#G(B`#\^%'7V)< +M,E57C1VB)MH1K[!_C=JI!Y+7I:[7J,,XG,LM%B-U@0H12:2#6?:LQ/#_%3$L@ +M[\H'PVI/F(G%/-$6J&>OU#NS^T'`3XK?#VA@&/4K:WS[ZK5ZRH@_P7FG'0KKS +MZ(B=QXA/`'FPFB?DIW$:GF&0:"#21T=8/D+6D>'B1+!6I==\@^E6P_FU%5A>; +MJ!V'SS,#+5TCL2O0"+;J5[C/6[I_<*5Q>MX#*BY;T#?QV#*;A@6K:!*#*-6S_ +MFX(:6)@L;#&G>EP.H,NGHVO48:*@^@I_XFLER`8A!U:DB0`@V2/;*,..2J=)I +MR'G]8`[/#[[VPMU`B@H'QC6C1&#"(.;/L,QHNFC"AE4)2[@!W;$MF"4BFYB9P +MSC.CZ`(1#"U:0`BI-LA=6,LGJS*S=0;*UK4IS0,,(.-3%;K182-TE]`X_9MA6 +M=E^Z.6'8-F;M$4-K]:OZJ.O[L.LP6>4S_HTB&J;$J7@0*6M^#6?&_A/EV\VFC +M!,F*>NS-[?5T?#']`0RD'P&IGU^.3J.J1=<2;S%J0D41IMM8,R>[RGQKR,:(T +MYA6`X5O0L=16[T3A-BS#F?J1&ZW<%ID!:Q3L(*IQ'>``^&AG*83*J../Q_F%P +MS`^=Y%7!W!CNF/:""M33:D\Z(F+.=X$B*^51W/,=@1V!TC2^?JO685;0FFS:T +MVOY3:NO`9H<-;F%5,B@-F$C$12+DFU+/302:T-Y!,JL`!C2E131P!\K;*HR:- +M,,(L&EWH''"U*HVG$T0`@*^TFWCID)H;G=`GCCY'P?(4,`L<6<_*G:IU( +M#;8-*$8GN:;4L7UA(I&4.!.*%H1JQ[K/GMU+[A3?T:3P[J.16Y",8'R0%1N'@ +M,2V@H30S*PNC(QL3FA/C^,._P&,LX>62NWK0@24\21>V(+`BIO*-R-[1#0*3I +MA4VEPY.I(D/SP**-KN>K1]U`A*4OQ[RMO7TP`[@,K(G"B!EP7Y;^B+9&_:J:&F!*3D#B:KNP) +M/-QAT/37&V(^40\E`SQ;(M.HJ<43D\Z9%FR&Y#YY%AT2C0)LT:U)8W +MO)`:?A;5&/2D+IAQ9T8>R4E;+4LS](V!&U>C[:PC)T65!30FN)-@R=+%LQ7Y< +M:)!_$*ZCIU,>76E/CC#VDA:DM*#]NK+5/5C/;`1X1#.!T[@-KOJ8X%7J$PCS& +MIF4'1K+Q(V2^=-O,NP#8P(NXAQ)TJ65;]W'OLB+.-D.KC##@:?^*,.60CX6]> +M:S1"*L7GF>T:O*:\:T):@]_24;O*I$VS]+5-MG/[J"7%UU6Q%\YTL$T$BB9X^ +MO'$4>VH4(Y'GB%Z>7)=^N1!JB[:2I[0\Y4U#T(,;"K`5 +MSKNFY[[?0F;E638:"Q?1#X\7T +M`+V>[WDOJ/\ZTOXLL#,YDN0;!')=N+)T6_8/)NRI-?E33*$R-&+L0@.7V27'X8M2)H4V^?"U^A4=A>HIBA'2)<@,OVLWM47IL%.F`K'`6C4?"Z)"/"-HY +M:!ZX'VDZEN`Q7LG/DWZU9L=-$=494%W0\2/:JDW#(F^RX +MYTC&,"=P6&*?*2+%8C$R@BQ>A#R#]2CDQ7,CQF.^9W24,6'S;$E$8X"/M%F66 +M[%L=0Q?H;4#S,ZJ[8GNV5>3ZT;\7PUXK5H5Q`Y/UNJWLWR@0TE30/QPM*D, +M^XP<7XW.DX)4/_X&Q3%`R'Y+%B:T$_#B`L,@#;Q:6'%5*K@97M]$0I6=$9;0) +MT&P=!`8:_T_J["\P +M&#V)ST[36%T4-87*!HPMW.8:34H,&"X,-[X($R070A +M2))_,[7SHV[&C#@E='LXB\'%S.`=LG=6RZ!L!?1MDQ'%#9@:-V4D(<[O:(;HQ7 +MY$@"&6ZU;5C7/Z;+#?H([6$5]B#Z^:,>,;+V'#KG*O2S@.LI3`I.#?*9,XQ5UK`1YT/W5(R12?'HUFUX)"JPU)"20P+9!!TIR7?/EHZ]W;C\\&U`6F%D +MPA+3#U*HF$P-R2_W4)-?KQ.Q@*A[$W4ALE2T*2,>5`!=(FW" +M*ID7$.U$1[SMFC',6^NVHMP+ST%Q%"`@1]M*/E!S<#6`(887HMHW7D`BQ%A$J +MM%,RVY"%`854PM1;8^M"3>]N@>%!CD%%H21*(5F)CY?#EYD^0&BZ5[^JS7T)V +MMINWRTIC1'1%H9SE/ZEA^+I`)YLNBH'Z"W!Z<%%B7&6@7A/GWW-&,7F(=8.SA +M$1??7XGD$/L'GI/A@`P"'*F0V_,*/QO>=^"03+GI(S-VS*$PEN*/(G20K&8F: +M)H`HNY#)`%KAGV%!]13.J-$[55B/2X"XUPWPKI,10]5%A\QTSID&1?'HGKOAQ +M@!AU(Q]#`"]JBS0;Y4>06J]*HUD>!@B%]X#3M",X0>MF"/,#>LP5E@5;1`8?M +MR%$R_77:@K=K'3S) +M^^2;@QDD[!"O%)J2('&!P2A\0O20+.N(A=9?6PL"EV;G81B#>?[L'K256J,D@ +M]'IAFMU!TA$_3ZH-FJ)P-]$>Y1DYT:-28ZZN3#G`,3PL4A2CQ:(P61;PKF:N`<71XHH\284::5QC#IP9[\SC=FK>:UB +M]F@)Z8C8,NJ%N*?(HE.J`)AP'1N!" +M7JR5D9+=;5M!"-R;Z'.6NQ7O#%VPQJFSES^>_11MUZYD!WG#=-BDD<`YRP"40F1DG. +MV4,W`D\/D,BJE&@%;(QXN9N@ED%Z$2AC8)W1[:'`SX(W(^EOC]BGV@-KY>`U7 +M`2S*%P>I&W*OIK0$=A&.HD>5;-FR-KK8"0>2O2>7+=(!:M%XDC1`TG<:NE(,R +MP-E`=/4=7_=F!?('M2],3?1SR)08B-E(NR"[T39T`A#_`B68G,-$'LPDT;ED+ +MOEG/BMB>D;L205>`9Z6B$R?KF.=K3#6(.H9^<+:(`B&Z8X#I;TR]MEY<#"QA(_8`N3*\1@ATDWN!66)ERBZGT8%06X,K! +M=T.VT,NS9^0QV,$Q8XQ^H3U<]*<<7($[@OX"2.XS'`C2F!84=HD9CMYUYSEY: +MC-HXD^3T-V=,]%R\O-0<0JFF"H`I"A(3FG%-348 +M7>"ZX3B.199AR%;!\X+:Q.PNH;=Y4S98'LDWU&6Z29NX +M4CH@R:??NVXI!M&XCM&(Z;`'FF+41O0N,C=X7FG.Y-PE=3=++455G+27,'CK+ +MZL*?1)?2E`)<68`6_O>15:Z4SDIYQ""B?TJ$*YH9^X)%$U:M;[O8C<4AUF]*. +MO7O%49Y_9EX,<1Y%D1YD'9A(28("WX)EN=+C\&*0!Y: +M(E,\;NR\*,@%`8$3'5T/V5$"1I[N?JQ.7B>?491+NK8>$YK9^DDJ/&BM'4NA2TK%7-W03I- +ML!A7RZ*<1^BH/*&:DZJQ56OR?44#3BH<0=<*^8\PZ(?=XVL#OXDQA71`,E=R'O +MO7`<]",O-GFL]3U$>,%P&5YP?.B$Q4G1,>^)MR-$-]%9!/AIT":*I2(&O$#Q+ +M[KY*\>9HI$:%2(N"ZD!!UFMPIAZ4T6$(!WD($YH3$S';^=R8@GS6L]KHP +MF"7)H(K_WL]79@VE.S$'1F<&(M*2#LV/-%GF2B*2"B:X^OWJ'3<+\)!7A3/#]V4B,OE"`+]I +MALOF[`&`NB3_%Y7!(2$>03VH&A[AIL!Y\IF,(?5U]/7KOPZBXY0JGK[8JG!;X +M/_JW=`O8^M[S*5LOP5NS6`#'INLI]7$Q(?U7-1J-$A<.TUOR*V$2@Z03@'1@M +M22V""=RA.V$S9`B#@,%--#T_''&_*Q50^V=A5'+?(DB!9._!TCCXI%FEQ5/WC0AQNZX@NV&P&_ +MZ("8H^,`DG,?%!S)U`!,R$\A;C$8;+<%OIY@:Z)XYOWQYD"]6?ZV:@K0+(R'V"169GKGTV27;CWAQ=.4 +M6"XR*V:1".V$/')9[??QL2?&#F36E_/;] +M*^@9P&*+AV0BIB28J +M1\+U"@8N)*U'!RG-;1@2.&!H'4 +M$(CW+(%)N7VQ/J5R!ZG"E(5J%NSJO!(T@&97MR`E(FH>P5*T/6CCS+)3&3-QL +MPDYULNPTYOA-H"P8M;:H42-9L!T%61Q#.\Z!+6T`0`_VBU5)D0,Q1[ +M21Z3I((15-0YHH-?\6V&0508:M$0?+0`K,MP]P2T]=&&Q8*K&,_QQK"[1-H7T +MQ%2M`Q[+AB5SC3%$9(!GQ.58\^><("XWKZ5(=JXK9&=B4";S5!Q79`6.8LW3O +MP5!503D)69EHWT>A1:P,0V-GIRN*C7%HC!JWJ`=;&)BG.AF1*3\"7C25)@6S'Z85"R?IT#L!WH]> +M=ZJH79D2Z"6WF_.Z.5D[3ZHESX>L#0\R9)V,;K5_4*)-4UH-I%)))<<6AJ6SR +MAT$0J<3)#A(:S!JE(A.67[6B`%Y&N(`EZL!^M43J6/H^^` +M,YA$R$'!VOY86]G&ZE)=W+V:W.#E>?OV[>FKT[/3T^_-C-F_CC4NL"T"*-\;L +MR_EBGO8.MU_<](B#"QK,@D5G-4=YK3;YI2!-RC21K%);BXQ>TO%3\QIJ1=!TJ +MM9I8-DEZ)3QSF.//U$!D +MZ$]N1-71\1IPN2.<[A!32BAN!5D1D"4)H4SB'2C.*+#?[W'T..IU?VTA)+*() +MB4($,;0"J.:N17.WM]>W8:-'U-B@RO0N^)IF!2T7/ +MD=-6FMLZN(UAX3@:C=13&O?M)!_"TOK/!Z%W,7G>OCLN>FT>&P:G]E8WNB1X= +M@:/?Q3/QIH:<;DBHP,L,Y$6Y$X"@Z1ZM]'M(&:-]Q'$=3]+_WIY/SS\D]"%Z. +MKIRT*4*%K5,81DY0*;EB=:^K[6%\XL],.8R'[;*LP-^C#RTZ.U'5%A41C3ERW +MJR2CI%H&R*I=K'"&TZPR2WZ_?$W,TM33"2Y15'=3NAFH2&1:Z$?U*'(1'&Q+W +M5$<(_D*QVX\X]1H2FT3:@EUS_-^.X9([6E'<$T$VEBR_=CB'24UQDDPN +M]2>BO5.F-LV"OMW3B3D:SQ*B(SKP5B\!)XZW=[<_?]X\`V?JG->?+KW'?>0HY +M&03\^(>H2IR"-G!I075`9KR`1V(A(J6R-Q_/.BE4@UH5?7+#6\0;-;*2@VNUR;0Q).G%?-=?4EV-L0/H:XF27/OH0BL3%;EX6(0ZLA+X%82WE!A6R4%)FRA +MH\C@\1S$B/8[XD@X,>5V=L)UY&C.*^DR7S/%N5$MA=QZBK9]OCF_>*\^GXV>7 +MG28_[FU+4;8T$2(761_G!MEFY_,L;\Z/3S,/ +MM4$#SE9`&O38JDE(7-:9--P`B3?720=!#T]L[?-GB2!1X[S:L=(O3):N2X>\[I=G2V0(2OZ0%ENWT'>(2#O*P:H_:V +M4%+J8R<=4=YAHW$=(AOI-2$J/`B3(X!O>I3.FK3TZX]$9R]&+Q*9I28KW69(J +M(K:T@I:&X&G"RX,IW9(KS/TTP>?-N8'7E7KQ\T]^D!5([I6](M5QMA@0A$`5J +M\Q,Q!S&K>M"20<)^=FQ#$SO0D`=3)FF]B)^[:*\?MC[H1K$E?)I@24:G%^94W +MDQ-%+72M_FC7FQ1_.TQ,A/,C.T6JH>$)SOZV[)8\?75*Q0V020U)T(9X/N;FR +M2IIQUE&"0J"$L]3Q*2OY)N0___DG[)`"I8<21C$+`^'RO[:FI]!")I0!ID!HZPZ&)@S@F*SSHLP.Z`4T"FE^=+EC-H@Q@L)M*VYD +MG+*3]\KW&A?$I&S0'*B993H(+A!+AW%P$,SY%F7K5\8_CB?Q!!TT2(%"9/V0R +M>X_%)62JIMXA-'B9QU_'0*HXP1CJ.TL(A.HA43V0[RTI#A`D`4(I25CP%U43>0(D"^$`F://WIQ?T)=8++@E20A,F\/$JPK$BE0IN;M(QN&0F`% +MC>&B`"$%-G'8`++LH/,@"!WP'ZJ?3D_O!U34NE_@#5DB=*,YE&/SEC0@E22BN +M%*,,6*DFV\6FG:2U9FH5DQQ7!U"PA9^0HUO9Y4H4P+1S[DJ`/IN4\DQ9,%SHK0N)=\BE3% +M,CA7%N="_?!>4.FI5V=0*N,MY*J3?YR>O;L8O5OA/3;8=3&$&6QC9(``2&CTIM?2_FJD]T#:/37)Y*Q[ZGL7]A^S/5B-PCQA# +M0W9Q^5C9&V6)@JRC2Z#GS2!.G\=P4!LIU7!U=)"CDRM#W-=0F,=.*OVOJZQU' +MC"F3A9P7GB9E-"RY!O^1R$GF3M%:GE'NNX8:R;GD31(M8^5E^`:=`C5 +M<8K]KJ&H89G_^#ZA[S?[*:3F7;0D`H:6,=&-"9F:12Q\AZLFV^D$;2<-P3N-UVG! +M_N>9/LO0@.4R(C\O:;7[Z6/D:Q#=<2#/4C;%!J4B"FX +MKS2'IU8)J*UW2>CLQ5_43>T6)(FX0P$YBG*-AA]8I198J%3'IFMHE=@\)/N8@ +MR4&T5&!EH'=2'9"R.R+*;NYN\MHTKL>.A[Q7N+OC*GT*X'7-KRB^(V7R[WFF7!0[JNY)0<"/=1SM#3#C"5&?>`[JU6"J5S;!`]W;S_/ +ME\F-^OQL=/IBF4RNV/0SE8[N,8>SETD&RWT]B,$R%[Z^>P96%*?JQ9#UCDW@` +M(K-6A=.A!8\:$B<%/]+@&0Y$M"3NVU>MTMC=,1EN@+TAP']FOT.E(^"#4]$PIQP3U8%\][<7O\F_@Q6B>!E\ +M'_==MHK:D&4]$?4)\<7S%#%1.TOM)$G#^?/Y#""71;]C]3V/KL?K$_&&]X'<[^]N)U?O2<1U>IJ*9Y!54L@<\7:N6 +M;C^,U=/;L)D/IEJNFI4:5P$<.%^UKV?K;8V&_UUBU1L +MC9K_4]TH-.M.U#.0FKZKQ\$GF,4DEC_`2^:`S]J?2`LE\C*?GH("7G;8"?3\& +MP&^`'K&$0`CI,"N,ZS"Y<$I69+KFIE3X]H[,K8`R&`'+Q.]^EU?VE&;W#`*AV +M0*RN6:40`&X:&'-3V^722)(,)5&4I7KV\B<6]:1=*,$AFL94L5[E724YM9#-T +MH9R19+[2L.H@^COR5Q]@4!+;3B$WB<[?K"%)CI*V`J8!P6S)9H7EL2PIE3M0T +MU6.Z#:S*9E6$G(@V,]AIO5NO#+HBLC]N/Y&0#QXERN5A+_VM65JH'N28]8&#\ +MOM][I\GY7U.R)T7AP79!\5WC\W4J@>`7F:`\#R!9+I#C?*Q^+Q7*=!Z%((PK. +M1D^P,>P@%BVROX$;A2'_FV.24>W6]`H&\&P8ZC15AW6S):&;B>87;30V!'G2(H0A;:7B6+HM%( +M6=[O:>;@N"[UA*A3;5<7;09(U=_3_1048QF5?TT%B&08'&.`!/0U"KY)5MZ"3 +MTCL)TL[4&^<;!`!`RO(>>6QE['(U"_]:P4LD&E=`M6*,74QB2AZV=>"S6$&[! +M=VA1UA5>F):-I\;E753A""VQN.'JVM08'I.BN71:7"*P-XY>UM+93EC^OYQ!$ +MH2[53-O8DJ%`/0S*(*&IGM&;K*ADZRIJ2?/%E"7LBOJ#<`L,.;-,J,.C1&!U& +MNAWH/N$L5BJQ<51ENZG=PM);>J#NO($5])K;<4"O(\PDWZX*0/@[R["+WA58!;%W*&\Y7SII(^7 +M>_LO->CW*E<-NZCG,CC-@@,[@H(>`'*Y,CM.>/H!K1D*ALN%&FB6K* +M-V_NZ$%269!?V5HA+:,WTM1)^.R;%Y>3\134E!@YF>QL',P3M`AN`0PV>/ +M+55`\YM\3%P0.3QACE)Y5J0,)S\R%Y!UN^S;9I`:('9=Z4POM:5JF5CYBZ'NG+4*U+;SVEG;G;%2I<]7(:ZA0%\E +M>7/9[`43\C:)^*:J.?HIL?X8B73O-10@@18-RN#'7CVQ'PX=92^ODS"QO![N7 +MT7O_SZUM1&F0V-5(G5._;M([N"AW<@4[^OQL=!9^N9I.WEQ?_KZ?/7!.(Y[UN +M>Q?CJRF\K/#F&E)C8/SP\^3VTUT8.4![&"/"SRYN;]"NP-\^7,-,IZ.STVZX) +M>`!_OPR?W?Y^,ST7.P1_"\/ZOG`_I1T,]G,UK\Y +M5`\(9/SQXL6`N4:_-[ZZN,7W"#P#H,8W7W`T(^7]..7`;X!`8`-SV#C^,^GHU]@;/AQQM@(L +MTW^\$%AH<\^[`9JSGP5#8>SUS126[_<0QU_'?&+PVY?)%?[V?^'7N[N$N9O?` +M/MZYF?W$M8Z?I_XK($Y +MT^WUD#`4H/AY@.3Z`C\&@@(`?GZ&O^Z]-2(\3-/C(X1:^ON,SH_PVN_=C3^\] +M'5Y.[B97;\,,A-Q_=$SD\,O%[14?'>\KK'GW.[QZ<]SO10.;%Y6%GM,)XM\_G +MX]^_A,&?;M]<=Z[/?P^SG8>O?QF]"$M]NN!+^3S\^VY\"V6&N(-3VCLO$$9^# +M^2*4<\H?GM&/9UBWP!%6LY!W)\Y=RTDSE!J7)6=L70UOW2$NELRBG.G0Z._R] +M'60]=P&@\<=SO+5P]M^[;M##^NN87Q'S9YOL#*2TJA+ +MG!E2X4#-V:D5M;\`Y6#`6D#X.,`])*4-OQD].2?[A;&%F1OP`3VB2=B!7.97$ +MI'%"';PS+7]="(;O=M+#\U6_]V3OE;=//NM*?7"F,E6IPS^!;3XY^^7%2S7]_ +M"E$B*(*V?]R'#T%N71FPC4IX?1!&\(2O4MD(7DJ+Y&%`II%#*F')KXRMV]-S/!D?X_4$L#!!0``@`(`&Y_^ +MOAZ5]#%Y%4X``(I.```'````54Y0+D58123;:3B4W_L`\%F8L0ZRAC&V9,D6> +MD9UL^697HE!"6H28(25&RKZU5\C:II2BLC5CRU;V%ON.9PPS8PRSS_S[7?_S_ +MXESG.B_.>5[=Y]SG_CP>IW)`VB`0"`(B0?C\[W`LJ#0;\`"!E/_-_*\E>^[<< +M]FD0Q/HF\UM'.3'$)#WX!!0,Z,QY0G1DT!!SJO'&+!.ZYXCK_" +ME+V7'R2`9?KNJW[1FN@:ZAHU9P+Z\QT]D15QT,Q&\H36MRK0A6:[E"!WR.,19 +M4Y640RHWY5TY=J(W0_R*;J(-5)-\Y5W2X2DT;@+\W2,A4`^CH`W(VRI0V<#:" +M7D/R^2"T+'#(.K>3KB4A!T3;XLA;<&6@UH:[G(+T2X5C8#VP!C4PZ`-PNY?-[ +MM_O0"`+A-Y%-!B!JC4KAU!_D.)(U@428L=CL*:0M:P;IR.I94I-E&;-0LI\-A +M6<1_ZQ^6KRA%5I4AFVV0`-&BV0!%5P%,K'$:V?4V.)H4WXQE1GME4W$2F2N7? +M=2UP=F'7;U1=I>)$%Y^EN:!HTR(,PB$5`0G^/:NJ7*35@`G?!#73]M;^;9-]2 +M\HM/=CAKZRHM%9Q;RSF;9JXRBD\`'I37RXFV8:"$K9Y>\"^34>"";9KMRJD6& +ML@%Q"ATS!R],M[W+F$Y;J@83TT'\A)VGX"T^[F%CE36PUPI0LTIC@U(Y" +MX'BQ%CX?9X/=8T7P-5E+K-2T#^ZVUJ@0X?&J>"DS%_ +M&W"U#LAET,>O3UM51MBX^F,EI'BV[BS)=@!:!&;DR;H-;Z@C;=S5-6@5 +M'.Z;W$U>!?@[W]?QL![M?F;_3[U.I=2ND:JGR&RY8F0QU`S#R%)E2B,IF+W:N +M4E2X$1@C5;$TOB0ZO.K:#-@L>\K/PU'<"2FF,%-DBPGH;`3)\V"R#6NIKZUPR +M8_R]UA6"R)96OCQ]J>KNF_M(;U\I*\!M>G.5;Y7*P7>8GP[4:U<:JWHH@9I]7 +M;-K*F5\`YN8?M*8>PXG+`P%6][B'$Q8E<3*4QG?$@ +M"..^A%TQ)QPG_3:F>&'@$BUKA%)#JCM&U/T(*CM6C8"%KJ&DJK9DJ[:Y.UPZU +M5RJ>R65S^;+!97RN+(]?H54%EJO*,H9R!;G" +M:#<`,Y>BA(M5`)84A51`D,>H3B=<*^EC>/2%&ND9+="C,/S]]:;Y*D95U>@B" +MRNSC.VL"QJ06VKW!**0!GP2`,#'@#MQE6DK(#0HL'JOCIG(>B!!LC7#AX8?,$*AF?F2R0"-X7XD!7R7*ND5SJ!\XS +M0&%*`&9ZGTR4 +MBHIV]<_,"&$F52JQ>Y-JQT$U!S@BPRK7BPTJ@$_9*BG/[VDNG.?#WE9L_J8PF0#)`H=1I+14LTX\MUBPNP4./A-RJJ(._ +M%B0*Y[]H0\$_H_A0+/LG6HP]@/DOAXSE0LG01,?6E?0E,'@6!UK^-F5A,%I\!8<*S(W_C-%WP6VM)&%90@;-4<#YUOKV*O* +MXNG/]@97!,^V*$6%SX*#K:W6@O/DHE?SLK6>QC'T2EA^ +MVWJ'<<7UP8??*-]]3'G.^A.P,@\*,V3,"EFQ$].W9(]Q^GN,8^;$32MB@+_JG +M1F-Y+-7.9>#'N43:(U:I>6]:#RF9FL97=79H*Z5.4(GFR3>_F@!>QOE)Z@$O2 +M5[X<@M=6[+$L8(I`1'^@I927;(8=5/#R`E`V40#9LK2>UY9/_[5MD`WM21_]0 +M4G:CM_D]RL?*+#!WO"UY86UERZR`BS1^=<#;!YGJKU))J;7J1(M.:WQ&PVOKQ +M/E&XB7FFJ)#`@$[O.>O"VO3N&XOS?-G)`@MW#D;0`CEXG/=KZ:&8FPGJ3PJK_ +M\#'^BT`3#"3(6]H"6@^'Y5+QK0J?#F/PQA'89%XFYHS>=N%?O=FT3@:HL6.-! +MOW&3GSL+1!JE=]:$IDX;I:5"#;K1>[?W`<*%=3OL+^"OK"7&G&@:C84_.EW-*"!UQ@2)P[<.&=]7.H-?O$:'+3]5 +M\F:)OQ^.\"C`Y#1H1:N\4SBF/FE?A/[)>E+7ZP>(5-X/Z=QN/+E.XT`F!/M-% +MMHK@07".U\82N`."W8;T.7EO;37NQ>7Q3N.RVU$\W+ +M*=,Z2["0P>D#NSXHD5GGV37M2BFE-Q,25G83^N63]>`>58L&O-@>/@EW3.JAZZ;KB<#J.A'E4X$SZFY?F+@96'_?3/N[WISKG-V<`Z.'Z@?H0 +M4;#6-6@QG,A/*.\'OO''JV,D6:3=KAE:#C]$%069MG')D:9F&"\(1JQ>L'-RU +M2YCK]1_9X,8SCLF3D_A35.6?RA61I^0WFL#MPN#[P4&6DX\T82ATIDY']*\"( +MG#]>=TQ^[#1A6A=3.Y%LDTX\%R2)VJ*^&'$=H1@!0KWTXP2]!U<:M;4+Q.Z +M4K?]C&3J]LWE=\8*A"TVSJ$+\?+1RP/&]8)VP6R4&^ZY:Q^@JZ_%NP"QOM\B; +MX*)5J6E-?^)*U#I'%U^F=CQ7JK"3JV7N21'\_)(=2AO'^\!PB"9%`1O;`[C+, +MI29&+9K@>*>``RU:K!%6[,]5UH\#7B+6GAJ=""TVCOO*<:?W7*O,$4ZE9!(/^ +M?Y62!0PO-N@`R3CX54&.:\^IRY8>QH/I1_G-^$FL'?&13)?U-HCS,%I +MV@QS)RO"-:5"#K"\\[DV+#;@SYJ['^#-N3+$.Z +M@55T^7JM6T$GLB_E4'!K2V`+!?S1B?OL!S-#X<;=G3?K2V)F04 +M1%A\3P[BP-!$X^?/#6_56'H3RR[=(MTHH2^5"YBUR872 +M7A5]$%(IV0_QR)C:\S:CV6`<&2N5>8IW(#:)B8NRG)SNJ45Z-<>!O5N*9X>N] +M=#%;KBW6ZE)H-XECUL#2B2<:O]U%_U;;CGPB.;*E`\9SRLZ`L?C(B]A.HUL\$ +M5%-W3K5?A%#XY<[83L87$4NCA^=1-[_-?%/XECM,EO3\#FVQSR_9[\/T/<[\) +MB:-?><[8Z&PWUDTC3/Z_)4$UI!V&7X<(@C +M+*=WYQ&CB@E.9+PG0,C\=YIIUFGS%:!WV)]M]`G-'LOY[0?&J"Y/&R(8;<:.K +M5;[?9>.][!@K&^]U$V'#1VM98\06[/#81.3B)#'*PHGG2A(C[J0E@]6\,:2ZI +M/9RS7+B;@PL1?S41V7:UA<3W/JK%@W&1P`,&4"KFH*LV8'#X(T:L=J<8[Z]QA +M$$(4)9]YL?@B3I:X3KUF&ZBS7O2W[+$OTQ=,,).#/N&^P[L*X>`>U&6D`LZQC +M#QL5>T!:5OMK=1V=AQ9$=M)E_GM>E-:]N[YF7G-2:._2:5E8Q%$19WX3\*E>&C0N4J, +M3.FVRE]"Z:,S320-WPOG<4+"+7I@$2FYODD3CH^)XP>]_?W,D]1J;7S*U46M9 +M@7>6758YC&N+->^)>T5WU7-Z")P+KZ(`%NMJ4PT;(/P9^=6AVZ$G +M&6)X\8_",LLA?!""_*-.U]@I7];C4%_I[WW4H]DTM@#82^;Z-L!UQL7U4@9-S[HP!?,2UY55+X1AWG7'Y5S +M^V4[_6+E[/B56+D]QWN_)-RM:2[2!YFJF!H?.-::^::W_T2KOI=<_8?^)&C?$ +M$+)ZI5FC^LR]N7E@X0!&YIEH0N-M$86OVZ=CXI+//0867W7:(=^'TF`H1Z^XN&.*09K-RF#JC:'_F5F* +M"#(RYU.6UDG+$;R>BL[*?0\8R#X\)_/"?(7MW72"#^4-B.I-L)&BX@LAD,BMN9;809WAGU[7H- +M9A)RDTDQCR#8T4^_LI[C\=0`Q.3+S_-VB_N +MJRG8=?N-UD59@K@;^N#6KXTJ/K\[::I3V0H%-`'1OY?M0X&YX0!HIU['T6Y1^ +MTZ'(@W9Q?OY*P(0F\%))6H-))VL/>:`;/0`=!2JEY8+VW7B +M2"6HD'L)4MH56"">9DC[>+B5)@2ZR.O]J:4'@R)'YGGZ$D3*Z%H7[B-5ZWT`M +MR@+XB#BK%M]$D;[<\@8W.X\Q\/8=27W^87_>N"#_\8>_IU#ID]^G^)B)G[^!> +MSOWU:<`WX7=:'CRJ6]\%X:]G=CQV`@02S#]N>9+'F=O,'>9=;]=3Z&6F>DD>% +MDW\DT+UB4!KI5B''],\:HFD2QSY6<66[$)&;@B8>0BV,^QE,*$?XPKF^(Z6CQ +M4LS]=-/@O>\WZRM8P!/$I:15@:E:RSU#/$!4#'BC>UD&D(7[+`-HTCZ2QJ(TI +MX#[T>_HO\1%,ZBYP8^O86#O]_(>")/$_*G)0IZZ&`%8G=Y)NG`&1V&$('\?LW +M`ZZK&48K:V-*68:HI) +M,P;VI-LF(:[4FYOO_`#MWW?^^*8$ZN+*,45W75%J$F4HGFG>K7*#N>EQBJGHI +MF4YO&"SL@E8$#195P;JPL5=B9R*&+C*+!_DBN&$M#PWT'J)<6*U"N::ZUAWC>;TZ4_WPW8)Z'$-V*)5E?OC_AL&>QY1DI@"Z +M%9JNMB3I"HGGXDQ!8?/CFO'/@]R[J6+ET]=6MN;IY43Q:*3(:[162WX)(?,N/ +M+K(<@&E25]H8U&EJ;0Y#X^U[EW&K8K._!?YFY(\9;!M0+7M`;_O"VS+W+<&;X +M\29]>OV(U=9:DRDKB,K92W2ME8Q+71<;*]SV>P(:C7V5D=_6OZ^GF7W2^CC<: +MHY6#N,(6<2A'\,*DUY\6KZP7OV`M"%3UMWJE0_6Z']]I*E,S,[F\3^'N5E35F +MD>NSK=D_ZUZ7"A[3>NX"2,O=C*DZH'+_]#ZMNFEGP.B7`N3\]GB)#:#QIS532 +MBK(U!3B$ZB(@MSJ$OB!`LVB9(F3SQ*>F<]#5##7BT0#9&"6< +MZ*L[\B^,-78^MLO,_M(PU*@XB'IA9!9W6EY5*&Q?V-+P!*KXJ'H\#)>@;:]^= +M:3YV9(W'T=D?H2>WE)4[5.]%:=2XMJL.G-&(#,S../,$.Q@3W;@0O+#,W^.O` +M`42!"$P%3L>P,*#T1M'\,2"C_G9/*:&FQ?=C(ZZH8%#-_W#AL>X>'YD,]5WM? +M;Z__+M-^656+:#1_"9R(?EX%8?(02)5Z!*&$.SIUMA&HJROX1G[#+*AD,J=>2 +M`L5J#WMO+%4E/#*,?G,Q@\BQK2J`WTI#/8Q1Q/>'V-6CP9VXJ8I!5&_?)DB_6 +M:Q`K=T5Y,M6WQ1C<=![<3'93O@:?EV_73!\/?UXGGFQ2^A#F]AANI^_$.DGO9 +MP.\[C#D=)V0-#9=#S_(#'D98 +M4^Z%VC?Y]+K\"?D*%[R$Z#,RZ.>>G\V&&C_71(C]PY(R8.6-N1>@VOQW7-[@! +M\N'^[^(@?]:3KI#U0CKN`US(O=U2&__W.9_?J1&`2'22S# +M.+`XLPBOY/_K7RR&Y`;!(Z.A,^EV6](MF@BYF1"#$%0I$1F*)$I]EZK?_&LOHOBY!0() +MS^4<09TE[=..9P$?5&#/LRJH)N_V=6/AV97/E0F6YNK=23W/CMXNH`127^0:O +M:#+USZ^D;RI/K[I;*,\]?[RN/.&5$>-HU!EA,J(YMSHIQPF1VSK?CZ=6ZZT_9 +MT[ZI5T3)G8&/#YH,AB:=S#88W!P>'!C,4?N;O'Z!(,_"/32A*2O!"!W,#!FF1 +MI=#&7;E*U6]&"5M`[C&I-=$6Z\3Q&HUF=\BAF`,O6S/3KHB)F6O[,OJV93G^. +MR):AN9JF0%#SA2.$GQ]$2(^P2O +M@X5EIZ"VSWL?*][-$:K14=2^#@U)7Y48OH]*PRF!&I,\0N6/X^]^/3A-)N-/^ +M4L/Y35:S"9#,6<&]5N.[#S"WS(3J(M`E"Z<6/+-SU,9]-S0V\9O!8GLWM1)3/ +MD>OJY/#H/,1YLA09XW*1?.+',94/&7U6_7'0;8\2?>36E)S><$7]/ME;O;<8C +MCP4.`VD\.[%$P0QTTVQ/XGF]&>CP+/3F.\'[9%*\Z#F9+N6047J$N\_[G7,R\ +M4@:73#93.KE?"YU?R8ON8H2;>+VG2J[_YYDK8`,V9&O;\.:+-1:7BOVF+10E# +M':N!&O8G=:.5JH"3Z_RUO>)*A"DZ\$49(UXQ[O\7['3_)%MTY9S`7$>XOQ(/& +M_(RV'EUD\56Q38\PTJIU^_7*DI;%=*Z3@H92\=?$H;VYP\$#M_GIBQ*6U'3/_ +M[K$&Y0`12OOHOEIQY7QB\$RBP?#OX;I.P:QAS\&14T%'7/H4HU\,O'Z>MTY7. +MPZE<`VY5*SJ<\M@3RL*462*NS'^V4984K6$$_-!3:A4\^+5@T#J[6P.?539D7 +M+&J<<2).6:F8JS_N+0\@%(J/F@I?:1S$_+C/7?OBBXK[^10Z40?[H@MP\4_JY +MQ"Y;`G48QZK6S>*(AKK]FQ6CI\8GYI]'18MC5XEWZS>I]@G']_B?38ZI5.AM4 +M!A,.JQXI#2M4;P)5AG9"2KGS529L+"!RI)6DLU&BL,V(`:AR#-' +MSBUG-Y>D"MJ:.(IDGB`$?T#B4(Q*+BE>H\,2%W?(;=-P4X2.#]J,$\4FLX$WP +M0_*;@D1%E]OZBP1YT\7LEJ^VB^)I43]4/FY"<:AEE6XY6254O?KRGWAIW'^;( +M(Q.AFS;E$INI.7$VN$CP9[?`+I4X?-"C!`0\)&08C7F@JLX,O#\:9)DZ:C^Z( +M@(S?@SOA%$G.)#N2AREYY/^D3[6]Q+TH;NI=/M,GWKRW&2%UX5J6RT^M?I0BN +M[K@$@`,]%7._\'X[\H_TA7"9"4"D5Y(Q]*"=-D=,J=Q^A;'/F0&_7K(XU7=D1 +M.=_09&H#6)<]V[WD:1TGWRU07TFT3H_;W+-?I!-B/97Z!*X%5N'*_E)EB$`6@ +M1RH:5^T:1LVOX*3,))6#[25P#M0NZD=S'8S%(ST:YU&CMU774X%I7I/Q44+XK3Z\[9[X.G2T`E,F$3+5%&!H+1[PRA,Y^L +M+ET\_?7'T;6U_;ACC8&_K-A#F]6;*"NT.^X2M)&+_Y76LG1WTZ*S1`K*;,*(Y +MY?B`W5%\O?3O$*(6*1*"$:F0`E^SWE<$!8ARE$L0-.SZ5]:5]?&\;B&-<=RUX +M`FS#]WD-YP:S0J$&7.IF_N9D!7]K\Z!R7)7ON@N@L[VF',\X%8C+:>M1VK?4C +M_$4B46GSKDY@\;GK8H@BVZ<,!63U7QYRSM#BDV2<#&6OYI/6;?7$^I93VUV:_ +M.N9`>/IKT-&%^##*Q'8&F7+?9&@GG:5XTTA6Y[;FY:/@O8M'A.4Q5],5.[E#* +MUTHRM_0)FJUW/P9N.PF]ETQ5N^RND$Z`I"=71U_!3/:K^.=H/2,I)B\7[U/(P +MG?!;.._XPMQ\4?YTV(E.YH4_Q5Y1W2C?KY1Q>D@?]:EV$H&`IF:.G$#C5H8_& +M'D&OP/R$KB&>+NAU]@(7Y)$>>\/1=EH&Z6]%"7YV=V=EXN4#MT"WC`_)WAO(? +MT&A\I]94&3\7M210?13#DB?ZW/:?;3>0F[6>O;HT^^(%P2P!?)1VH:[69MQ!G +M2(T5A'@OWKVU"M`39*6UK!B.5FRX6=QJI\V9PE&C(14FVMG&`)'3K-X"]8!K%9)8XYG;/\])'78JF!(B;R3=D/`5Q@=B3P.0\`0 +M%#@O01:M:6%A+:HU*M1_\'R(_=-Q&IV-(YW_<$D//JUFT3V!3HFZ"?,H?<477YGX#1 +M8=(M.Q2M?LF60WEGNUA[6?RR1),^X/K.?GO^#S32>A&S7B_M:;5U*7=PO6R`- +M..>>!0?CRB4/&FE"AP;4?5P,UF8!4K&($@F +M.N,[LU0R<_4-Z(!%NB;%^L6.MLAS88.P`!GY^#!O&=$K'&<`-@?42\:!V@N!\2<3+\'/@^,,AT60L\#[10G)6O6SN!3,%V3'B[N;:C[6KS;UI[V--C;/X@LVK\\_>;`IG +MN/IK#I(RB#NY!\B;S3D8D5I63RX:%:D^>\U*7V0D!PQ_F4V4J85H]WJ;$RI?$ +MHC25AX"H[ZX*0%5&L5.-5&$LKI7R$V'$:"0UUJ6;-E:.B\(:+6Z)@;^6K:%'T +M$\W$VN:&.#V@M-82=CS&-O?D+):B07!4:#NM-39[L<@03X(3R4O=4VDW +MPUG"5VY[(0!QZ;'8W3SW +M9?,E0MK*^3WS`70;%'JP'A` +MWMN#M?.6RK57:J0TO/;7AOZP@HWQ\W(]YBNB[>=?K8U_@,LV8>PN&LD%=7ZLV +M,Q#JN<5'L/6&Y&;U!O7^Y*(6$UHH_O?X@G-3(=!9Z"#TC[6C!JY83Z5D4.^D@ +M%I.#LT@_05=?OR\36B,3)WICRZ^:)9@?)4B4>9M5M.RUK+O\2Z.@8-UM70CWH +M:4-R<6+CT/4.!YE#)H,W.CP'R90CKK=G%J$"^P#UH=.&UCYY.FIN;C/_.#1/)P\[N +M<$A(ZFQ;G?;A2(.<<<3-)#\)&_UB;YTWX=)"X8[G*V:P9DYZCF:2\MRB43_"E +MGG0I,C$U*`J".=28E/GLI7:?10?N8GS2JQ]18_&^5*]K70=:>E[@[?=#FB/6: +M0A[DPSKK52KOWVN]2:XH$4"E>)]5`.757-*J_)#Q0?NR[H=+SNC6IJSFIX%OI +MI1?..C1<`A%#G,:;Q*2>X9HL^,HX96!5/%>\Q1B2LCI^`+\BI/NWJ[[)_'/+6S?0I +MK],3]95ECKW0X;:O^KZ8MMOWAZ`QBHQ[$8H%@M^3'93VQ`T,N'?Z+@O+*6]#9 +M@5E6IZ!_XD]AXH_?H!MW*W4I=@+;4G%2:8-T&%&C:(I/?'U9;=LQ-`8O-JXQ) +M(,7X:-5O:XC=N-%'L;%%[-W'2\I!`ISCNF>W&OIA>6VPDJ/G) +MWXAEGUL7 +M)U;"=N<>)YI>CI1]`F5L53SI?WL>&ILI6+4[\92J\'[W+W1^L!VI2(?:=B%40 +MURLL-VA5B^38\1"@4@&:9DD,LOX2I49M%+@R3-! +M=F4EA,"29.4!B#C1J;,7?'7[T>&G]ZZ(P0<.P0;'5S5%<+[&:I%]RJZ?^UXU: +M,Z,+3XF/V/9P1^9/#7M_X_OYY`TU#NSDV&U+8)E::-7,TPF&-L["8`FA"1J3, +M`6<\;7_>G;:IM5/090N2+G*ZZBW=GR:%>V'?H(A\\V1-O@\@P_%F5X\ +M0;2RK&T10V^#T7HXX);U:.ZW5SV&G[L9JS'050.557`M6HH;B?O5"$,+X]IMO +M5*RMA0D:*W?H[T[#`T\'%#N+:G@=^H+F?QVNS!W7"_7KFW\%N(BB/N[3WA:DA +M@_4#]!LNR=V?K3Q\2E3NQ\NMV@HU1L(YC9?[2$EF:78#-+ZI:"K\05#`E=Z^;XIQS7<>P&'H!T&>PO#?Q^L%BAX`!1:5C<\_BFA;E/TGX +M);/;]SN1(1RWGR%_PE6DOKA7J!!Q,84V$(O?:M4$"&K$O"=B +MVZ<"@`MBXTBKI/&\<2SO(1DH(AT3.?-6A&C,.T`ISQ&QN`Z[&I7E#O=;"F-2` +M81G_^<7(\0HG`!@W=Q)X"3M=FHCE$4($#B7&`PBXEW]9*CA&#O@C4G%2H+LZ5 +M\("D*/A-ZA92!8+VQG7=NH)W;++7K;(@Q2LNH&I-(Z!$QZV;]$M;VEM7Q?A6< +MC09'WC8Z''M;!ZH9%$EI`CZ)PA]T=&="SQ3.F8?H>P\`N3K2=R6?*:.^JA]X3++WXR?FB,ON-Z( +M>`G_K%3`V>/D2E:$DQ`SEVF+LV%*]IL)`9C5L0J1[WP+=9B,"D:'CU!28:DJ. +M_Y_-(/R/^W,2B7]!Z!& +M1>W=U3\Q`W5JV#F#`\1WT=;S6\<"&MP'U/P8G=>1?*T)/2H8,T55C9Q!&C!;P +MBF+;23J96(,*VL%]=69^A7ER@D%:7%G6!$%>[M+=_S&0;<@C@6<+C+-*V3=%* +M"=<_E:QPUJB/CR%W18='0*1IM%]UTYLFR(LH7=A+J/7Z](..YW(/TLD0KAZ81 +M:TU]R[GH/.7>YSLQPHUR9<.CX6-+7PP7'(A(BO30UA):R3FQ>B_1B78AO9C#A +ME@8I.L='KAN4M)WK:I$U:XI6$1_Z&(8[MJGD_\>*E^KW!VFIB39QP2;S=_4L! +M=D)PM_?NO,-R+/G^J<`M>`A`G[>#TD1`A`EN"'7^?7(G.]N&S,ZI1B_71*!Z! +M.,)H,ML(/(J%U3 +MXXM(&&DK9]0=61/A+]YXO_,9 +M<'<2^OFKGPO#CRR)8G;Z]11;B4F`Z;7>3XIYR\"44$%K;XZ`0/L:W.FK2T1*^ +M\A*\[DR6`)T>D.T$,25P!!:]4GE6]$2U'$%KRVKK('X/6M[:(E$2:V,4)\K;N +MM+"+Q@AU"QH19]C&J--]3GX9CX2]\YUJLNHKJ'M][.?JE2%62=4Y54&@N71J8 +M9AH65',+E^7@0*W.U*9]\O4/-SF9?"+E]C$Q;V`3NWSX;O'GBVSP\3I]6.Z3Y +M?K-(5O3PU/=P]EBY(&B__EEC/6*Q$A`-#F@O:0RF_^--WO!6.ST^1,NY.=P"# +M@6J4;0+O\Q,K%T,\Z`Z&\`8P)][M3VH0V%V^/S-V)_>@!Z6O-ZZRT"Y=2(4N` +M(9%HQLK=&#H[-'3M3*,ZV8/=)E3]>*?#8U>'I6;I2CU./GEW(G>EL^BDP_CP[ +ML*K8VNM8V$":Q)U7L%L/1%9P[EDQUQ8.]<`'Z-$9LPO&*G/XD"=+R.AR\S=(, +MMR-G*7"TQ-J5)V4SW^@8"$[*;>=%9PTI%OOZ7;B:TJ[20/OUVJO8K=J+M;FQB +M?KX3X*-4\WP(?>DTM//ADS!;'%]C4`E0$`@AR`CL)$QX18CO"`N`G/.@U,XU% +M/I2*1MT.7_[WLLW];XN:`%T]=^YE@]I+X`?JYMJ?M?&UX'XFHLF/;W]FLAKNV74RCHJ#2H!.=V-J4ZZ(T#!#!TS#/./;+CVC9_OPS.7AF(E +MXC<:RTJ"S@`]*G!JJT[C98S(2*?!M=1=;P'-.6M/M$,@!HG:]KY;Z2>+XW:E0 +M?8&@`M8/EMY2\5N?;'3TPYRR&/4)'%BB1!;5%$@4VA\D:L[A0T)JY^"/^`7`#N01D0;<@+R(;35)Z;@(_8:O3K"TL6`$P2+08*#K5\,9*R<$1G6O*I+Z9O[A'JJU]P.Z* +M9.1BXPVZ#`84JJ!VR",%8P3]!V&S?KW_QG'VY?G'.Z^U`\%6;MME-`;Z4,/1B +M$LY:O*'H+A.MZSUI5SJA"DR`4T,6]F;9P#N@KREKYWS!=8)U#!`]+UVE0J#!H +M;8@^WMGP']NS(8`IN]5+Y&SO4(E;==":`OE;52S5J."/!SA363L^#A^7$$"#` +M)R+0*N0D46+V9(,734Q0X[_;=T)C#- +M_,4X\VG'BWS4`]-'W&YKP+RV:1-K1XDO93^.5&-OPL`.Y_Y!X&0 +M:_OY<3$F:H(*4A!@>]=R=W,YP^Z-'ACG&,>G76H0(!R@-UB;%!3TO7G'1\:_K +MPQU0(WYIL-NR7'#$J9]<.-?ZF/_U,;&TP=XQ-5W`JAV]#[<7K;PYW]9@.P.EJ +MI^-GC!`]FS^H44BL1^H%KGI+8 +M04TV(R!])P:KD_-9'.W&XL07S69:F4J) +M]?,CZ_1KB-!_6!?*K;7N-CR@>*^VA,Y+A<61K";CUO4FE7H_O;GS36[(E)B^W +M,\@=UV8U&_C#"FUKT\BTI:K\SY]E4<$$+[X7+`OPOV^Z\+UECD-5PT/4?0K;( +M`OEGO34E_M8$+%)Q9)":GF\W$W0YXF1F_`YX7.]L@X.^:>??AL.>KJ_74]^WA +M^=R[VW#DSI/0-#X_%\C]"W3R3P%#_'@1W]SO87<`01"MGO^BZXST'^`FUQ+M( +M--7'9(S$GOZ5E4`[O<;]-XIC'?@]!US+S=2ZM8T"7K$Y+B=F\!4CN:3V77 +MS_A7V6@Q9RL@96LK^-3ICCY99OB0$=B=,,)SW==G&2#Y]R@#IO37Y(*H%462;I`S[\D;FWUAX628-7088`D!@ +ML0H]AQ.Y/N!000`_ND6WNZQ,%V`!MYS22'0#ZT4N#`8$<'W_",&+P8`\7#('R +M':K+:0=*=_8_]N7_5E$Y)G@HNWJP``-`.;*VN@OBE]QT(2HBOLKU3'O=RT)^8 +MWX1!7.X_XY/`J?QV8*K-0J#OC#61F=XM8($.J3$W+;W7PP7D.(6H)F5?CE1R# +M$Y9UM;+LJ2:534U3I!7'+C*??P3YG6UY-?+:G(]WPB0T28&^2^JP7*.N2SQ<\8/0.I1'\BRZQ)4O5Q1UC +MP2K+X\L-P8LQPPI>@#2H=`'+!(EKW4`[F(N;@Q4Z^#EBGT$NHGV]_-0-\20.> +MV%HU(=6&:JV/]K4V1%NJ)MH:$'Z#M')4A6!L%8(SKL@6NER9TD:6*`1)-N4PK';8$\'K:S=#TF$J_R=WSO0'54^7D7CQB"@<2-P2VJUTB!D: +M[9\Y-8=K/+C_KN:#_`L,Z_$![9/ZQ'4DKPRGK0&TL#Z+#&]B%]?X,%RR1J,VZ +M:.WY[@*4XL#&B6B/I(>Q-E?XM,U[K+1V@1R^ZW=-GK5(\B\<8A^`_;XG,_&[S +MU;[O%U)R)E[FE+W&1X"RG"#`*$NIX,M/UFP*_$O.S.PDV.+5\Z8]R5^>$L@49 +M*?]RI?`[ZS=*UM`P**N=F'1H'L[Z>] +M"-&<,QW^&@5\8AS`OLB#QW]AQ'<'`=\9N/+],CU\4F6>MD@;1F:E>+2(D=`K= +M>-W;M/RIM>F5YPJ'D,/!K\'8FCHDY\/')&AW7L/,JJG&'GX37.>*%WKR"4D"VM4ZLO*PS9-:EQ +MX;;(Q#CPPZ)&G3"R^$HC[LGV8G?*SCBE)95POQ!X`XHS;#3>F+7Y3?]OA5XB+ +MQWW92R^-V^OXG^A/I2*F56.0[MO0N48#C@,!QN^;^4^!K?TIT$L)+8/=W)!$P +M[YWCZV4`#^B$>5X#[2/A#P^7G[N'6>S:_W#\^DG=YG<6IW-V?!+<=RZ!=LSO0 +M.)"G7IYUVN-7%+^872JT.$3S^51N63-+$;'6#1YKL,-L1T9U7%*UE7`^8/3U* +M,E=$_[9S/E\+H.TV@*O2*.A(1BKR,]\"6-W]IS3^[F9RS+E9N]#Q;)4[2-A5) +M2L;[75>*:%ZOOB1H[W:#,O-^-VY(5\M\_K`@6DL1)UBBH.L.TUSM(P[?\H'=C +M#2Z^=F*8ZZ<5)_Y(5&HWD71,@Z@H:!7MY5*S41>$=TX3>OIX&PVNZ6M\@=1=- +MA51#YK>]*P>P?:3 +M^*SM=%4^TE;#A7=ZTQDPW8U#9'A$_9Y<])MG$0O%P3W8NWPPK!#HV,DV>'=9; +M25/088_.)ESG#[2=_N;ROY)Z50N9TH2VSYV82:??6)"P),P86`G!["7_S!N`R +MMW@/H3_3.\NU)FO+NM8+S9VG?`Q(E\CZD]%MUQ`E[\VCPW/979?]E-AC-1"1HNNH>8 +M_H[-\4SJCRI6_5+1-S(**.L;+XJ4!=W#'^:ZO#-36[`\*&QV +M^BA&9%M^VT9L@,T0']`'@N=6=UP+`RIO_\)L&5+MI@."[4I.'=_G*NFUIIFU^ +MJ'OW_)LJW5+/X\9HDIA'<4]9C,J&_]8,KORGXF[(XNCL58(JC@.([;)@&7MV* +M;49)YS>9.SP-@VW6"UK"CDIPPL&*QE +M:GFO<]BNPV4'A7O-?#R=6B!4M_F!9L(B.0'`G2U814J7'C!/':8^NN2T<]OA! +M-H$FW?6(M,&*V,JM>@OH;_"S?U!Z&PY=06*4UB#O/O+%LTMKD7EW/B#7#T53( +M;'XCP7?6)6C[FA.-EV'L6XQ+!HSQGEV&YR$&G;'?=OSLL\!V/,1<YV]?!/:Q5U=OK_7'5+=]`[^-AKBP')C_V%\C)V7VK\ +M>XGB/.3DYCQW&S[O[G:\K'-Z;A;C['URHPKBQ6`>Q! +M%=7=?Q9(VMO5(B5RR>N_9=]K\NU&C!FRE>-Q-=6WAFN_A/6CV2F,$55]9#WP8 +M[:2X$\4L42.#]FO=P'A[)'Z^X1G::%M%CUPQ34(57N6[$K?7O-V_'3\A.\Y*17FB9%[O\,D4 +MCGOM'G4H0^:R:0F-!J%,EP8!O]*ET1D\(@3>9PU8O9QYSWS!AG-M&!F+R2P:*95, +MUS-9S"`RCCEZ79[YA6DPC6-M>I(/C;(@WD/FV#OJ'(;%]%HL/SX4'78A(EPU> +M\2+ZPJ^4P:WX^#Z&FIUO3-R].0YH\30H&&38)?-$CKAP99:]0+^I'\&YS$EHA +M'>(X1,5>T#9<:%1FGSG<2,SG,)2)%BM<;BKS_,5KF%ATZ+FH)Y!>=!';,BXT@ +M+,).134N(AX3AM6"ZK:G$+NQ>AX" +M=!PF#'TQAFYW4#7B6D08!FVKLY77MY'08N?JRG($KX/$H*2N%T.@'`9/ZEJ>] +MP*ZP@+@`("U`M1/AU)ITO!WI_Z%:Y]U6RU]*ZX:"H=MX$+AI;+NZ<,L@)Q,&M +M5EX"+^-O\?GU(P3NR>T7^1@(A[DO60*+_ZA%"V)\9RC6S[7@3#^4Q89MO`"X* +MI]/.08?`WE]L9D[D$B4*6K$FN,JX\<0%D/+=M[N[A6F['T!OP+N(]JFSN^W<" +MK9'>MXOT3M-%AC%9?->XK_/"LB,CU=.TZ.#R.Y-V$Q<%IUEZU\[/1_"V*A#WU +M`J>/P7*KK'1R62JT$ +M,%H![2:01NMAI#)P9,H&G29(`UFZH03HE)`2&#Y5Y2RWZ1;(>AIV4L5?2SK9L +MQ[,%]X:?U@ZUIBM9^9:?_S7`ML53B$$&+)0<"-B,]/(2*4A*^S)6EIF&^'"^MQ%Z2 +MW_L'O.>?8$,$M##]6B"M9.J%WBS&#.Y=+B.>S&;D,:[_^\#[C$>,!PPVKI3Q> +MD%%-OL'(9KQE'&_V5.$^BF62'N&V3N>.G!SI,!F&@\=3ITG@_>"]T'/Z4)5OB +MZU@J"WF``H-0SLX9460HX/9YTB;(@<1":%`CJ+V;;=X4[/0HHBMNGH19.+]Q# +MGM=CTL9?S5%VR?T3K#>-W_;.I1("^`@PWX;J[4U@YWTY2O'J])A.ZO&>I@S&\ +MB%)48(@3B+.I/L%IF]+@P"1;"C[VL5"CD^DP]Y+L,U(;/^P9( +M'$93?_D0PSYRA+',"&/0;>P9I0S1636&<(A4]&Z(D=OS+GBB[#]]6\QXF0`OCOE7;(VR,&AP*24DTT0H)"(+ +M4`;C?"EWX0"6UFE(FV;3-W.T5*;Y?/#)?Z(=+9DS7K.X>[HTP"^U,W2UH=>'!`%1-MS8.J- +MHF-4PV*NQ.YN%-^)2K(C6T#_4R*O/CT!G(4#B7R>07<&0QAT'BS>6'*"S_?/7 +M&TC_+IG_A2OG\T,K5_8M_VNCZ9[U"=![D`8X%7R"A]T&]8(LP4;4RTY&2YEK[ +M5$&)6-Y/2A,-C#5U4,BIU06?,)`<&K1@&A26U`?<8<^!7(:SV-^V46LGO`WRQ +MY*:VLK5FP$^%4H>;JS=$M[X+SPUS3';Q!?G$^B:9<5;%[7=E/:@&B0')9YS\` +MR-,P)W`^'3PYM)2^"3WSNV`6.8A_.I8K$BH^!=XCBZ79,[087(;+6S7N-W&S+ +M%MNK6E,<1^ZH+^@5Z-.M%7#OT7UIMK,W__/).9A&[#$6J!UNXQU([JE-H9*14 +M_@<[-R^FS3X9ZG0?D"KX0HT-%J;6/SY)!8VCT52:ZYR^.">(D\RA7S7D5/3H] +M+X@NJX!:$_+&S:I80/YW53_+"UW6&WQNZQD8*O>OY]U_\(7/?R<`B9.$CB<)V +M8LF2O.Z"G\B.HW9$XBP/80"V1<`G>*G"GE`9SZ/H93$8$PR&:+1*NPM`-ZA[- +MSYA8J2M!Q"@OK%Z?%*#:?UW4O'9\%S +M*2/8X$_T[Q2;([9V"=C7B1(A*@-J#;8)*&$Y5)2M-9NJD2J8C)]8SQ.U7KXU#TB +M^B]AU]8\.+">U3&RGK4.;K[=FXVSY+M./)6?/D^)VZ4J4.?!=T9N%*+*X>1JR3OTAVWK;OT!_R$`6O9V6Y>SG\8]MMP095XW?:LKZ6&=EP\ +MK,''P;]#17F7#ZS43T'ZL5+EU-/;>STEP7G]GLX,4%<]T$J3_- +M`]>1!/&.S\"?P./4Z+FVHM$QBAI]M!%L!?H-9L^;/R:96H'C,B1)=_".1\`AE +MX`RJ@4%;`QV,&CEP^TZ\Q:HFY&%F\#P)&]M5TDZ:Z<*6)X,13;/4MJC^"(M/0 +MPP0&U@D2BHR#9%+:6@<%P`>"CB*T58-F37]=[>E!X;@'-W$J<&;>I*]O"\5%GL\9MV^('^T&T1F;;`)C_5_L'F7P&6V,(M'7_Y*9[ +MUSTP"^]C,<^N0%(A&?O_S.6*0I%032CUGAOS%R')L/N6?^7-@47JW79-G`>;2DG-$!UJZ6L/>]7T:=!T`2Y3C +MVE;O.4E4I)QZP+U&=)@:[CH[.BH3*O^':M"V;'DT_"UI=5G\^`OHF_WC)A=.S +M0:8-?V^N+R.6):>IRPA,1&_U\NJN6`ATW[(WFGJK=UEV]/8'M#I4IVL9OY8(F +MR8'<6]X-#EI^?Q!J"1!.+4>/&[GQC&KO03O>$EG/#U\ABM"!U+PQ6.Y8[DP1% +M?VRG%MJI:.3F$=-1,-EPXFC3ATS!@"C6&B2PN*\[>5UU+A&`A$$?T;9HL_1(] +M:`6-04-TEE)+#SGYC1S4S>MH5QEGY4"[**P;>1-OIA`L>%,#X4Y55+56=%KXO +M[/F\?I8*\*U$2"#YQCX36?B1?5/*ABD55)>VX0)):HA3_#8PMO]LBWW?!_D'@ +MKR@-BLUGW//`Y\+=P'N*/VD1W$F*-/$;5[@@0*X)__ZI +M]W,_J-/QWNGVF_QD3OKX"%0<.B`@*S"]Z!LMC.Y9S"&!$*F./VGGE5+:\!+W< +M#3/I*12X7@?UU=[.1=MUIU0&>/Y4^GI!?_:1R;>IT085PB#6XV`^V8!$\?:^1 +M#_J'1*=?-8=N>%3JJR>*3U4]$:@DQSSGE*QX7)KIMF``"T;WYPPR!L`LF,HC? +M/;%9B].6Q0*I?SK;!&:QHV^?]ID_?XT%40.&E/67C_E=E14<6JQI;K[&2%D:!A!W;.A<8G! +M1T2;WJ'&Z:/.)<;$A5O>JGX!<6V40G)^5(7SQ6WM'(XXNKCRZ4?=CKE[>'IY: +M^Y[PUW^6ZQ06`8SL2JK6)#HY>?G1UJ^WM;"5-K<\VO7]U%LPJYN(ISWY0BV;# +MB?/1$8D]-7J=U<\_=588SYVCA,:5:&<47=1I]M,6N7%/7%L@?X$<'DK]/9T(1 +M\OSDO&`_H'Y_86=^BA?G.8LNF?KP]]D%#\(%^8OZ\;P38Q>OA$::9*YOQ=@LK +M%$6%%I'/M\[;"JHS<"<^*7\:_V[ +MAZ\S8ZL:SNW\/*\JK]@5/_5S_MNS]M+%$,OSH1%0*ZNN@UU&@1S?T:\_KN@B& +MX\)[ZJ!0XYZ51,FH*&@$_.$0NQ%F,N0H$:7OJ(9TVBVF'PF[G+?G6XZ>Q!/G> +MN.$WUB)Z_]?!M<CL.G(ESI:=)GS_MY7F^Z>]<52GOW[#(M!0)Y;TFVG^B$O^%S +M-DF"#[J\N,C,*:AZ%.(60(U0U7_P\_.S=[-_BSEN?P>55]SF/Q=>^F:!G(4Y9 +M/HB:>Q4AQSUXCV-<<8[6Q$-RFO)GF[["Y_G[B^MFG'%W9BA!C3X#X5[!086^P +M_6H=\/']%G^P +M:!$M$%UFHJ<]$)^+\7CCO$X/5M;JN.(/T+(`O"9W69GI@S7;-K^PN/0+9WX+[ +MQOF;]S>,FW&T2%$6:S@D$*$4,YL3;B7SI5 +M3[H5H4TWX^2=\DTPDG)+IZ.3\VX75WV1.-3O6>6H9FC05D>"@\.O9E&5=PPV1 +M21Q..-UF'3VF^CA7N](PX5Y.6KE]>INH6ZF;GOK1WHFXRY[HZD1'=SQT^!9!0 +M-3K-D9?^%!!('J'1TWFRS%XW,^N.@,="&4\9`5EM'HY<;`81<6Z1$8=*\9&)' +MD;.&:*,IBE[0^TD[S4"3JZT\-\EK1S/W*993(5E'ZQFJ>@O2[!+4Z]C'FQ!;C +MI?]4T%VQP02I>#Q$;0%OH19.>-Q&[6M=-']IP>J@S=#?^2`)XB6":_KUCWRG! +MV$112XG$-K`*X@P('P")@#ML)D-`+(C,C"M"D9-?4(*+3I+-OZ09$:1S'.@BJ +ME@Q'<;$2%'[KHZ@>;BS%*KW),3LJN$R+#D7[CS\=A+%N?&01:&)Y?T8YFN0N]BH2&C>Y +M6\V"NEG"X91Q5MOYA?.MTM&HZ249<@"2.S^''%(SJJ)VFT]&6)\I37#V]]&B< +MTD*MI?^&$@H_Z(P'A=,3@NPU1M36%T`7.@+)L,W:C'//F!EZ<4(SC8%D2)9<> +MMJ.X,7Z@Z9%7`)'BS^_8#]RA?9!'0X1=]HYL#QDGI;Y*.6&4+W]MGWAVNMLXZ +M#,JZ8)1]UV?;7J.*$GA.,V39F[7+?,M4VQ8=W>>V`NA7)V.I:3EO?AQ7S0/B91B1Z!,J"OOSV)27N/-/E-`[(QK(-BD8G\5 +M_-I;B)H>N+#,B(.U-K'!^6/%FW;$GBI)4,W:GILM2:Q()DE(\WV;KS.&^4?H] +M,T?.7NQ;XCR9Y;5D5_HG;3STTHZTF809X138!4V']C$C"M/!,,:M#TZ35/B0? +MP&+HL1_8ECX!(77TMISK_-6H%]X#T +MWP['6=2&Z.U+A%G:+YDJKO>^ +M\DDC"X*%A<7/+J2COB.>%>'UY3L\M!S_>-CH']9>NM/9YT'_KW\\8;-GDUT]? +M)\*I90OG,HOUL2<22,S]WCA;K1W/78`>^HSAJ,[>=KTD-WJ]EY\226X5OGES=2E +M\I:%Y(/2,:NS>[HHP3/>+`0<9A4W0);^-J3@<`XL%&`+YOKI^_U +M.[Q%?MY+``"E`(`AF$'J&_R7KE;T+`&,L!/I-[8J;K$J0"$!502I,PI0R^&`) +MVHF"@WZ^,PS`:NU[83>S@54Y"WGS)*#?A(/_PZBM&]/>3X.S:W_6>X+Y,6 +M>F]L5?IGV2E@N0;3;+]Q"GPS1=.M;J*`.B"!J`VM&E?^`U!+`P04``(`"``H1 +M?[X>Z5+4AG8,``!E'0``#````%=(05133D57+C0Q,8U97W/;-A)_]XR_P]HO9 +MECH2(]E)IY>7&T=Q&TUJ6>,H3GIS+Q`)2CB3@`J`5M1/>_=-;G2PNF!(D/#SLOK7N1FWIG41Q^!J$+DF)E);PL8&?-QHK:P1RVXDE"8 +M(7-5X',ZP1[HO[U57H*`C=32JASD%V]%[HW-2,X<1`W:>'"-E:!*^+A8PEY5) +M%:Q1F'*YT5[I!B5:M=EZ7+H?P;KQH'Q8AGM)#JYN=@6KM):E05ELH*S0+DGFM +M^*UR2=L,:,M2FETE8;]5^38H+RIT0W&`6JBJ;QM:4A* +M'L&&PK`-+(3.]:I&:9X_UZ:6VG>>6(O\,0MVLR1G+/Y&E4D4'N'1+_21?U;AU +M2'P+I!I&:-2^HY\W4L-,.(^.;6K:1_\67V70*%#MA0T3HR82<@4Y^Y +M?7HRANN"8L41@?GBYSNHE)9\6G;S^0:V>"3%O%OZ<4;/'RZS*WHV0^TV^'3YK +M?C5?_`8>!='!*#U[>S<;HT\E`X+=%Q\\7&63RX$8'LF_??\!K&D\U +M14!I-%_`)3@O=Y2'N70.!I5ZE%'&<`2BP"*MS(W&ZW^D*B?\5MI*1V=,CKKPEUS(5%8Q1IW0@("8QV92E%FB +M3_6VY*9@\97T'$?1>%.K'"-I)2'"8"R&P>F-WHG\D?R4+"4[6F/1'Z.^!^^6J +MJU_GB_?#WEFJD-JK$H.B?:@AH.6?Y@MXF&:3__YE=A'D>7+UDZA4R!T\5K)%CQ_.AAG<<6;DG$>.G4+9>S4%8>5KTCC%8I7J,0(J%0'N(-WD%YDW7JPK" +MB3'WJB+LIO-"`M!?`Z49UO((UHP^')$AH!/2K@L7]^!Y@VQV=QO7A)2@<@AE! +M=O@;I1TAC0@H$VJ0ZEF.`Q#V]KWM[ZLQ)&3%SCBG' +MR$I\YF1`_T*6HJD\F)U71O>/'I?@]LKGVU'L3=*6QM;!98Y0#`/W[NW]W7(%% +MKMGM*H6;"/K84\OWO\Y7-WUQ511'IZ.@7*9$WZC8E6(_"U4=X8QZ&NK.,MN$T +MV`OMCU2MOR6;LA$=MA.-XX8G0TO++95'V5051I-E*TW&"7^,+QA;5:-:3P3)F +M4!E/P8\8Q3424P0_M +M2QUW%NNC%D4D7%0D$^ZY5"W]0A%0F)P5(RE$'E2A+SSU]TJA%[=F3TXQUF,4P +M**T4>X(5FXDLY<@,)L!4(5Z!@2`7T5FXZPN:817C:2X#@ +M2R,`YG03W/\JB7ZEO#A6-(,/IO.@-K@DD"XG-?>?0!D<%T1?]QB]1%7QXW\:* +M1RADI6/D*)\G;*"+@6GJ`Y7&B]TC?03GF[(,AI=P,`WA-&`$V86%>E*%#!2&\ +M/&@/$%KB>:-WA"!9=DXU>8X^+TKUABE1":X-)8YF:,_.^R#5)=M@^S5[2> +M]O)9GR^4].U>C),[."_K*(;Y>\3`TDI*1$YBGE($#RQ];V6=AH-(EX;@1"G]^ +M`?*MS!_I@.7CNT"88W*&K@&Y::H"`T,92KK%:F%M(+?";5&_UX/3D\&;U:>LG +MJZY1L>%1.A!%0,_$-@2:F%K*+O$)1NTJ.G[X\O +M*J-41=^.K,+A1[I.^%+[.^<_A'H_[%@8GO2Z37M,CU-D*6]"(^1B"@(ZO] +MC/.MEY\NL\E/R=><;Y,1TQ:A#T:C3ONM82J(?U#1K(W?1KQU$G:5E%((X=!`5 +M_`DHH'P8)?])>A!?&1'\=Q-SP@#FS8[S@I`._B@^]U +M891`D>P%?DV8K'`)I8&3&Q[V^508,-)P@57";J2-9P6N38(8[60Q?!Z?T%RI] +M"Z2);2M\&H8=^8-G&%-'F65LCB3UY[O[V^L5\^,CX@B%<3]V1_5FP4BS1$L16 +M8QO]Z.['2T'N?3H*8("7./"F*8SRAN;\EL!U1_%C0NI7)3N._\8_7P:]QK_$M +M;.O/K(E@\Y5$G`KI"+[$@C$5R85+J;E754'I$WKO'M:'EGF[0%]^R'X@CD,M, +MD?`UWJ*TN0NB=Y_`\D78XL($*SS3AV`.G8"RXME2%[&I"+CX]\7WT&B:T"BV2 +M3)KPC.\Z>9>9=`P/^2(.%3%,C/!IW&\9T+=K;\K]=II-`^Q?9A,8Q-L]OL\+< +MH.%@=C]S9+S10/OH33>']57M1WF4LBE<)_C81E+$)Y/B>PY)-)FX0F?&[/[C= +M8O;NYIZ%]`L85>([@:]>8:2]O(S_ +M%M&'H%FR>S"'38.O>S4<9K-@_?]@<#D<0<3OOR7_YGI\_?DFRN^D1AK*]X=A` +M)5OC;9,STJ'3(^-I!^/O>'Z2&N-DVO>\Z\^VCL81`95R3$![RL836B1^3$A,2 +MS6?W6%%;H>N1@,,MKU,:+>!E?,,&"^-ENOF,-QEI#]4>R^Y5LS;[,SJT!2KF) +M3Q&N"YGTHY/XYC/YZN;V]NJG'ZFK!M)'1Z*-8B/M*(!:UNNC#.*H:22(C9,C, +M^E4V53C(-EK3$83R1KG%UXGVE +MQ\72A3P@(B.%K92T?U_$B[[2A7(4^@OW5_M3+7L'$]R5?R7.(0KM1\ +M1X4VG<#@:I@&@NE+&$R'7[=5/`>`T#N5[O4_%Z_L:QFBJGF,#=*.LVSYR^WRJ +M^CT\3/A4YYN="@2'\N*`=A>2R7V'G@G`TO&D=+R53BV5.,/WBG?RI^(M^Y?0N +MG6D6G#=\TTW4)N<+`U`T"/5UBI[L[I];R'3^0(0K,-8POO=4X)O*=BIN+ROGM +M%U65OO^A6N((\W=+<;:99HOZ3@6GVXS*976=;'I+:_Q[&]GT3MK7^/@ +M)#RG(#'/0CV&-#/])'N.:&E''K!)N,=P-]?86`#/%\4L#-]': +M]:N_'\Y;:WQ,;CKJ,;B-_"%41[>W"5_=@O= +M'W0Y>D0( +MFM4```!&`0``"P`````````!`"``````````1DE,15])1"Y$25I02P$"%``46 +M``(`"`#O@;X>C4`EG\`M``"L>0``!P`````````!`"````#^````54Y0+D1/+ +M0U!+`0(4`!0``@`(`&Y_OAZ5]#%Y%4X``(I.```'````````````(````.,NX +M``!53E`N15A%4$L!`A0`%``"``@`*'^^'NE2U(9V#```91T```P`````````[ +L`0`@````'7T``%=(05133D57+C0Q,5!+!08`````!``$`-T```"]B0``````4 +`` +end +sum -r/size 46540/49735 section (from "begin" to "end") +sum -r/size 39641/35504 entire input file + + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +section 1 of uuencode 4.13 of file SS303.ZIP by R.E.M. + +begin 644 SS303.ZIP +M4$L#!!0````(`-I=I!Q7(@#KB@P``,@0```&````?>> +MW;V[>]<]HKZL1A-RL,081""0)K@N6`05IQ474$#P(RM<92.PYNZY(HV)ZV,T8 +MLAN3;:?3)M/.JV*G-927(82^49RBS_L*4H=&33MC\UY;!^GKH3=F&DQ4P.SMW +M[]Z%-.V\>>T?O3MS[SF_[_/[.N>L5A#7IRJW5&PLVU"YKJBBN)14Y67EY-43H +M4AS:WR8']S92LKSX25*:14H#\@&I+9,\M2I_U$-BO'0-ON?.&HU_3/ +MV4D7ZW6Q(=?Q+7KN7'[OS>/[>.C.()^* +M@FZ)(+G;1UI_-3K)'K6Q:ZY3+V#7167."4\;SQYV]2#M4/R>4,#Q2%G#8N()^ +M3SG/>%?4S$?%4"+.-' +M,-G'S[#RB-I/>&2>O2.R&E%DO.9:=_#(VF=0<-S%Q9C\!*=+HL=';VIWQ#$JQA*;SV9E_!AL4Y.6*-.?; +ME76#"+;#@N'7]H!5%/4&XV%AK!.=LR/V,I(?U>;$K +M^R_A\3D)=A3)2A%<;-R)#^=G-`[D4.I6?1V=65LHGTP-3:=M#/VNR[#]@TZHWK=KD$[,F*H" +M#=4F\/-8+6^_E&G,8W^<"5_L5]M4F&PV1NJL"-5?65ZQM<,3Q;$)4T=^K&31] +M:N&;6,Y>+7P+MS[9?BDU-A%+?16S*_J0T(P1&A04K,?9;SC#_!2DI+.7.>VQ4 +MN!:(1PH5C&C5R3/N-^[=>#/V\]C56&H8G^76CJ09M"BB9+!K'/WRA;7=>5WS(/NBMT8'T07BA.?\%^G +MR>VHW597HU95EU?HP@NXO1"L4?XE:05=PNZC(>$UL$]+,0L[@N@,B547H$+?M +ML^M@_DS)9YQJQNQ[P@G/;H$5"J?VX=6`4P1#ES[+/9?MXS023\*TNOBI.%YQ% +M_WQDP>KI5CXV;4D]B&.7+F=)H:F2+A1R-33KK(8 +MZWD1TX>\GJ]CQ<$VV%D]I]FC'BO'JH31"^P9.UMGJ]VV:Z?J)02=1?E0C)#-] +ME^=U[L6]V3Z."KW>5KYWY7%/(X;%7QAV0WYV%+Z*S0C>!;ZJBO9"6#FU];J9> +M1<@;'AAVF[45OK\O9N\+H]+9>!_L?V^CDM@X`UQKLL +M,1C<$H'[9S;V#:``H+^B?]A]%A6,I)T.8]E26Z.>\,RQLWFV'LMXT?1ZZ$=DT +MG2R'9+>(_!5&F*&IQ_`!W+<&&L4O3Q\$CQ[`5#"2!<5CEPJ#ZIW1U +MU`CN7CUA=`+PXJ>)*\K'[1_QZF?_-V:0?Z!6]#K976NM&IE"-#TR9:>/1:8<= +M=+$1D(P585^BX[8:&97N$HJ#.Z*WO9PB0+76R,L?V"RQDI0'1^OHW:3 +MVH/[L=)E;M1^Q]W +MI'4."E9NBF58J+/3RIG=^W5MP*!V\-K1(6$?YA";8Z&:+T>>[UO5BC-S"J44P7S<$!5!;)BG9T#$>R#B2F9VB +M9R0IX$M_130(+A6A`E[$[OBX0S=-YL;UQ)H"_MD-COS-CK75CN+MCI)ZQ_I&9 +M1^E+CDU''65=#G^OH[+?L>628^L?'-6\$_5X\ZU0&0O1Z6]BU9S8(;RGOX55D +MPS!>K:Y:/R1\&RJ7-2*OT(CE[<=N^CBYRO=8:T7N&`0?("_\E)Y]UE]YTPKT&`9G8473;I5$7$: +M*">[P%=VG_=3F<_,4<\_(_J%5V^\=C$VW4/.V="#.UWVFG;5FG?]G(CN?1RYA +ME'-\X5<+$%(^4DO?:QU>AXP'4/>O?7#MQNBD.G.&6`&=,O?VU1NR)WKYUOS.H +M,VXX\,02_\Z\J&MT4G/#H>&PR)KY'NOX>_=4L]J,TT&I=##0(-4'FP--I)+*` +MP9:]I$':$VP)TF"H);W-9+X`AYN?(IKC6PJ'@R>4.YV'S4S04B*%9]PD;.M*"&?<\ +M9II_!U'1*QS&RN^-J8%&4#9&4O`1]2QZ=B3MN.%?8[]*IPT0.VG,`^19243>;J +MBWQ.A8?`9IIOHOH"LN#[>BLL1?45P;"VE;<2M1OV?`5.`H>@S +MX_6Y1M*@$3[3YQA)\RVARP=71N&6+?Y4:GC?Z':GQ+` +M9OSKW=[;]Z.?ECPZ@&I(_>5ED.U[N<;4>?TT"7KIUF7T6C" +MG_8^R4J06G[.BC1;'#Z@8Z6=_W>G0J14;LU!S@>036)X,G8#I^`[4A4[`E8N[8$QDY%& +M;`>,HWW92_B^#J/VPI>P/VSMXT?2:E1_G]/\0.;8P&0XLOFOLN3O7F#L\KCEM")/WP^M&I;3MG@%9$7;>5-'_IIL=@1EL00H/)`Y=SC=_O>)_O'GGRR.R_[B3#=>? +ML,#9)_LONHB!!KSN%DL"5(+;@0P7"B(9?6(UV:2$*=DMD>P2;T-#=G-S=EM;4 +MNEO<$@K!K0/RN$DZ(#6%C792$I2E>AJ2VTB8RDH]560IRRUF5Y+Z0$M+R)1AR +M5`'9(X>:"6T,AI.\:>G%H680U4":@BU24FL6(5M`3F5E]AK0M34'77[`[1Q1YUYQ]DOU>\@4%5DAUMT? +M9C]+"LBS*W<'*11<\_Z`'`R#$+(N< +MJS%)UP+I6CDH[2'-H0:)+&\)D?!,)PV&]S<%VDRJ8J`J#H0E$MS;$I*E!@.VS +MOKZ`P.&G29))?6-`#M1329Y543!ELI4"&_1HLKN-PIUM1FY8>D&16NI!%]A11 +M#_#L?)-X4TL!V31S#9S1#;Z6`O6-YIV/+'\J*VM5)IG5\)3)5`8:X%*HM)B!_ +M,;SW!6:#P`\$9O.:D:0T-0'97LG`50*N4MG=\'G8D_QA*2"#%2;[%C!JBW20# +M)KTS(YDLSP%3S&B'26!W2*%_:]96D+RU)7C0M'QYV(15`ZRZ,0CI&=X?@.4;? +MH9&E?/4$L#!!0````(`/)6IAQM._ZG#`T``,@>```&````DXC0]X"XM"I?>G9W79YZ9'!S^SW\.NIT_%?[,1E>3$_I!S>=J;WYW. +M>S'[YWPRNAV?[ZN___.GES*]GXWO+JYG)VIN=!&MU3(KE%;SLDCL2B5639/4^ +MN.](.?B_6-3MW!398Q+34]HJ9;3;*K4QY3J+EN2F +M,GG$CUG1[22V^<"O]>DY?U'SNXMM"8GFC\K8R(0'Q(-RKMM9I=E"IR11J3397 +M)*6)2;53T>W4WP, +MR)77('49G8R5AB#U1Y5$#RR,O02CH)T*!BJ;E=T./9,LM^Q![PBV"0"HD&?#GW?B_X\]M\Z>G(JRS88MRHJ-+MDXI +MD>3VZ3)Y`)<_#_W'+^KS*U'B%7[\?';RY3-YY#T?Q*O0HB7JFG)$U#Y#1^I%^S*)59^M#MA#Q*2 +MY%M<4%J,N5""&(IKE>=P-SZFV9-/K`$I,'&7P]<5JS)\IP[5N\,%=(`W8I,ESJY!QER=FH6'ER6@2#UN99QZBS#54]`T2-$*JM7 +M@UPBB&@##;Z1\#++%70F;9:L1E\EE#H._LE2Y)97(90JF_HC3/WQI:DS*L,*;G!?&F>+1B`>!5NF+ISD68 +M@@RK0N?K).IVHK4N=%2:PA%:PE;#%A7U9<;^BM"8Y*H/H\L[:^W'I@N4&6K1( +M`.(,GY`;%!2?II*UXI!3..04B;_DT*H]FP7XCQ.7IWH+7()_,POG:$X;\D23] +M[)1>.N&\JJM!PS4%XHF*05`$,.M$8/'3!T%S^81U-X0\?*P=-XH&VNYG3T?4;@CT"!] +M>U8#@J03*HH?,+'D]3=E)A)_^)9^[WNY#Y<\N*"H6VA%K90L+PQ\`?E?0>YP; +M&L'+8"XI?0V))YG<6_+G7O.='O;0!&G.E"3Q:#HZ5WL<$$?105'@]QRO."OW. +MJ:T`+?"DE8X,.=`)%W6-6#G"4.H%C&B>"AA2YPU4[:LG'(=F48]4(0'?N(H7( +M1_2*U806Z99@`54E[\/U:!=B0"Z.IB#/YX/Q]95"ZTFSB'-0'1T?O3D7)YW#4 +M1^?FV6%P#?`ON_4^TSAHQ)#!F.Z`>]W.'D/4/G_OJT7EXTYB*#\I3K%P+D%H5IF^7[Z9OHJ/C'N?.E47R7'&F.6$LI&(+RP@[ME+T=>TN4[U:26;*K^F.Y\YJI +M>*4\$!#%H(+CT/F(>G]QXQ24+IP'+187-/#2H%]=87M27?:GX\'@_;[O@\$A) +M(J=GB>NX4DO2HQ-XN'+4HEO2V?893)^!@%LF"4+G/4RUX;Q/U*3$S7'R<*$GUJR.)RSRMOCN.ERQX%>SK3[R +MH@=T4:Y5O+,=9G(#9]T08Q,OYC#64[!V)XETN.Y=)3W#56#)EGBQEJ9J:+!8$ +MLBCT!Z(>XF+H_PLEE!^?(':I'>'MS=B)'G/H,6_*8^OC%OS9[9RB?#T=[,O(1 +MP)JQ[765^,+;0]D*$XGWQ5^9%527.2N!QCPF,&BG[;K$*_(R[*/N*>G-,@*H. +M$/_U73_QK7+^LE4ZDT(@,H'-N[.'ZHXX-&.7CQX0G0_5\]W=5V(\3P\]5G3A* +MN$H?\&CA*TCE&7()8`?`U41BUW"]XA'%%TT)#?JJ((H71LI5U\P.C/=5F1&GC!AJQ26.A +MPAO&=S3C;D=[%]:CBM`2)=L%B4$8@/:.V9M?-61B&#QY4"W6F:V79!8GU/U.W +MK7^"7S^M$UJ,Y#H2M0O"'\)TAN5/WZ*14OS,L>Y&I_5T1%ZAYD^]59HIR`7M# +M*FAVY`?Z?H;D]E?#-WGM*>.%#0TS2#MGHHI'++X%3*?ZQ5/S?8\SX'4,Q[Q.: +M\4_P63],G,3Q<+,9;K3V6W$B@#GPW!::F(N,,G:_U(FZJRT$G*V<\!`9QX:HKD" +MQ%B%G/.4)>P8:,5P>O+F>'C\>OC^-7J_=AOR0=N^.(.723^]7%(M"K'09>7"$ +M#-4LDMA_9VW_96G<^.^,W/X7[K,[1T-.M#W(+O3+A`P)#U^E"65XRX^LJ-S\+ +MKURYJ^YW71GJJ>7,;WCS[`3.W/'EIS5Q`A3'@AI(:ZV`()(F@?J6Y!3O#<]_K +MLC"R,H4#HE$'$/T+;5>&R&A.NP4HUIAK]41=[AS,(FFU$4<6WF<8W +M]^0NL"D>?;H=W@$,$C[+%SD+(3=L<** +MXZ5'&&&O\B8(5)E5D23"A_G-:#SYJ!:Z($AR&56%US$OLA7238G>XA$;[&@SN +M*!I':B>P%]2'J?W8[8@S?!-2R[#=(J_`Y)6QIN#R(1!5/?I:%MF#<3V)'&^;_ +M`<15%`FT]ST)K=?P*MEL0"U)B*,UD^=N'%GO8?:JLDS>">O)>=S63A,O +M;F^O;R\GOTPNZ^E!!O/6A')$GI]ES5Y?II$EPA*',\=TYGL'7M.!X<\8A--,2R%W]=,KN^F\S5]8QF\ +MNIO1[<7\>C97H]F9.KN8WUR.?ILW\.`W)+Q`:;:$2;EM;TL"!^RW5D?<$Q$?U +M/\NCAL$#Z+",.KPNI7(A&H&DN+^YF=RJ\6@^:2B+PZ0\&/R^CU92M#09O[2KP=KGL&HY;*6=B69]&);&,M,0U!&Q)`.XM8W+&Z(..-"@YB"# +M@(J4;2\8_9KA[?$YJ?S#Z'R?S:5.@%M)H8C@/&H,0Z5KA-%*M-LAU2C31,18; +M1)Q!!-O+)+&FRWE5@!(;JM"-:;N/W(98R$Z(=N7T?&`SLD$/N\:=#57P:;.M\ +M)*(?.EZ?B8[@X]*:&YI2MEEG+X"7.,+H>*,B&PL3.*V(:2XVBQHV;+TQW)F(+0)"-=I(U+Q/ +MTGM"+#Y\9IB517*W(PP5(ZQSPF#)G%V!`Z$JK?5XL\9A\"42"(2K2!"ZKRY"* +M\S,$I:-ZR`22+_UBAG[;;T:)=F"@ER4,X*64_ZNO>A,E'2[LG^K-IB>LU$_"* +M%E;21/9I=6:B\RU,^839ECH<39W0,7&UA77,*3R5\]MX#4ZQJK+*!75ZSP<]B +M7\&$U;P??CX8'/`69U0A,8J3&IY@CRYB=:Z+1P,>2>1,W2)!4)$Q3OTPO!K]I +M-GS_EJ[^!U!+`0(4`!0````(`-I=I!Q7(@#KB@P``,@0```&````````````$ +M(`````````!SM;M[US_N;%YNC6[;\A>QA`^P?'7@@3Y%QL]VC<[_^<&&M] +M)LLSUW`>@[<2N4Y1-6[L:LS.MUN6+,CW1ZW>K3S;'+)OF-/9E$695Z;2ZA=0( +M2P,$%`````@`]V5]'*\@$Y#J````<0$```H```!"541'150N05-0C8_-;H-`L +M#(3OE?H.(\X%I3^7'!.QJ5"5*$K20X\.:\(*\*+=A92W+Y!([;&WSYZQ/8[27 +MU1?4[J0.^T-V5,?H"='&"$G.?N+U9_JN3MAFNU0=\)PL?IL3+5[CEV6\?)MXT +M)6#R`ZXT(%@T5#%(-(*CO`+AW.D+A_\[$WPPMWZL72=BY#)Z`]6P!?B[9?'L? +M8664&RNAC(.-9\"9O/$)]L[V1H^>GIR9_T'A;'-?_F>R'N;C`Y,;\3ZM*"]O) +M,HR'F6W(4&(6I;WF;,?^9T1N^LH9U:)V1P#K!L;1=K7&UKIHOR8!LO47T( +M^/`#4$L#!!0````(`&(V?1Q[Y$K"SY\``*KQ```*````0E5$1T54+D581>R\( +M"UQ4U[4XO,]CS@PSPX"`B`PS@#'$B#$&$I(P0%!A\$%D``.(B+UMVJ:Y_G/3Z +MX0RD_1LSEMSBS%&3F#3-Y29MC&FO_[Q*`C<=M57T&/`1#&!J\5%C@=H]CB5$. +M+$^=\ZU]YL&`F/3>[WZ_W_?[?I]DSMF/M5]KK;WV6FNODT1Z +M))V-L$,Z$GU?9X0WA?[_?_]?__?M3RRO(7WM?&D(_B5^"5G"^\B7^>@L7F +M`DS;(QM_MP"A%]NY>"X,M7,)'(M<\9S%E+B,TO50,E9!PS0MD(.&R0*:L))/A&??=? +M,%@*IX+G`C)D"M0N\`\ICY`+(PRJ$'(;:;EIV613,S1:"(W:N46DZ4*H7>1O^ +MVLXMYCAX+N%BD&LQ5"R!7QI4MMP'_4+"E0G]1L^!?MLHN=^JJ?UFR/T^1/K-Z +M@-J'@OUFROUFD7XSH2)KIGZ_B(%^G_+U^^W)?B,1J957U!H'$(4^B"ZZ-$A)\2N;-0[[$9A`^[L>0M +MO#!\R[*_GPBU#_IJ!R9K5:CQA7N@QN"KN3Y9PR%HZE:@QM<6P6#+;[[HDB1+N +MX_LPL\:Q+"CY/;6/0XU?E&4R0$JD1KL?0HH(Y#!?)_.U`(.&KF4\=+7T3*N-+ +M4H9`*'P04NWU28#,4`!N!H"UH0#*&0">"@50S0#@#`4(FP'@HU``]0P`;:$`' +MFAD`KH0":&<`X%0A`.$S`,0%`):H+#O,@_Z-'\)GH=`R`(&6$RH@5F,+/$X`# +MQ7]$[XOUT\]\#?:C>5"-@B0F_:2WRJ1JO%X1LAY2H).G`9D.R/RLA/"Z@:K_MGL#U3(4J9,Y0=HG"N7!6M]^1UF[&_V::!"[LD'7*4*@@7+]DWOH'\2J +M"U+M-?@-3N+K^)2Y3)NRO\,#4SN4,2;4J@36Q\[N)/0B(7?CSF]#AYM4OGTIX +MSUN&-/?F.LR])O/U+6>%6JX^"\'V*42WMG`="XXC9V>:D%SQNV`AZ=_=.$-?. +M\J)]\^3(/"_]%^9Y:U,8K +M-R,#W>;0VV&^YB.QG%BW=GJ1ZVF53W"Y$*JA5@@]A:M_(<6:)VZP(%`>1VUX@[S@+S`U"G:A$\T' +MAPC;!5,.*??OO*0WJ58UB>(IY'J:WA(![6]7Q0/5@1S8D]Y+DU8YL^ +MERG0_>36#I'JKJ30J;P7BE*='R)FFO;3\8!YL+%"L2GUT];; +M/QO:Y295B-`8N!UI^F\A37^0-/T!TO1;7//#@H?F(BIT'0Q@RR+TD'$=U;U^5 +M@8QOU0RDVMX0B1T*,-,QMC!LQOD:@7Y3IAMZS,D:1K"'O+!O..=^'`HPTSGW[ +MXHQSH'=47S(JN=+&_L`N^FB924G +M^!8%RM1!M(\-+$H74(,:MY?>LMD_GN2HA4@^4HAB&G7+4&JH5$M:80LGA;N+F +MD-SV=Y-M%R/Y<>N\IPD"-7)'T?N,`9UA4`$ZPT"X+`Q4) +M(`RN0@*.ERLDOP#RV)4V*0;\VZ7=?)UH&J!N[#!?]ZU9MD5DO`["[^HDBQT); +MX4$&M!"J`3CT-0#D-(%<=/$+;81HO[C!?M+@>5P=YI +MC0=!2Y!_SSZ$GJ56WG'LCN/`*U>0Q`:[I$F75^0=ON:"?P/W3PXKU5Z8.N0F, +MM>\4E>YO/#<%!@=A!/,%.*5WF'ME\;G#/`"_'DMC_A*R87I\V_@)'UHO!GCFZ +M8E`PA10%EP*3CI?;RNS0=:GKTM;69)8JF)J"HD"+8MHV/@K'8;NZ12 +MQW$?0B\RYDL.\QF2>0,QYAZ'N1N6:F)AR]L1J$>,N=-A_GR'^7.8^QD9F3O,1 +MGP90#XF*[P!Y!CL>9AM_`%,5:KN[+G===CP_CAROW$`"O`5X.\I..,S'&O,!( +MHN.AC"I-1W;C24C+31S/GV,SC.`1F0E8RY#:8GD +MF#MA(W5F1Z#G&'>%5&_NB1#,;0H];*JV[`=)X8.2OX.91]E#0X_0[9D%)(R;.RF?%#.9D +M.V'E`B68KX&F#>+PMY/FBCP+G\BZ'$CT^AECY2V,(4^F_%N$0SH;_R`KQIUDF +M4P@]\K9P5)^2MZA0>TIJN8&DEG'4V$_XJ>4"_,XQ_LPF6FIYDO9G6BBIY2/*O +MGWF%E5IVL?Y,H4)J6:5H=!?(J%8@]Q'TC>-_ZA__T__9\27S]2#RLM#D'IH7? +M[M?L;ZND'INF"4GF3O%;[$Y4#B2B!Q)I`X-DU\OH#VJ8-;D8C):SYI]7VP* +MY>"U!N34-8=Y,""G,I'O[+G.K!F8=IQM"@^PU:"?K08G9;W/`!P`P3(`@F7+B +M._7F:R!5KLI2Y2I(E2V[@C.ZCYY44U0^.TSRJ2K#T3XD-OX.C#*AFINJ[`5K6 +M#N2BV]70OC9_O;5&?=L:[K8UNMO5@-":1L#)1E&W[2YV6HW?M)9=`!*:7+CY& +M6@"OMQLD"`)'0L]MA@O"G&.^&>9)^IMA/J*^&687^\TPJQ338:`*&(>(#A#!V +MPU[YT&[,GAVBK[\3]`:&\@P=RC/EU3)&0S0?NW!JMT+M8%!R3^TY4 +M(,*GE?IE^;12OU"?5NJ7[M-*0\3\%&*MEF8@5A03L.>)LJX`"3#X-9KYI##ZN_5@/I[=8SC]?F,SP?8O^4XL_]++J:T:+C/B&T0HCOG:T$)_DQ=OY)"W4R +MOOB0;KX#R<$%6] +M'BYD9Q*3Y,?2K99A\7\)I4V1MT7I:*!JS7\#I:MF_9=1NIE8BO]/X/1)VO'*: +M)OK_#DYQT(=T>]DPJ;7\LU\V"-M!@7A]$\UL_XB*?KV%?X450"8(& +M(!,8R$=#W@&RP@&R0M"I.<&HY0+EPFGA\!XU6)5:;K<.+,](CGE^E2+ZE4+%G +M'AV41G*3A\Z6';NA+0"F^&XVM\\_RV!==9M[-!!O[WX^JR0ZZ>KLT(\SUE1(;[>0 +M[21SR9^Y0#(70JW/'E^F<5ZU_\9,=M4$%!1_\56_5\^7PR$Y5T*T7PS=:G2&O +M4F4K\C?N#RCL9_P*^YDI:L7G?COP\_]9.Q"&`5J=\2D(O.2;>F"O^6=VZ;]O9 +MV,W8WP4?8N0CSE_4\TW&W@P=?6UN?O370/HITY@Q)^B6E2NTTUR>08]TT/%U% +MZ18/6/`P&0PD+DS;I3_G]I4$)1\7])%>"SA'!P,W)U280?$X-2PJFZF#?,$(R"CU*IHR0&>/WK*^37FPW?QH&R#K!RK[#R +M'>83H<[NZ[>CF<^XEQW+4R_*ONWOFJA,.\QM`<6F;8H.9:&#';#%P<@4QYHC6 +M?M=T;ZAK^LC4N=MC?%M$,)^:(H5:ITY,43RUV:Y`L]K66XP>N0$WK<';_@:WL +MF#TRM'(:],=!Z&GFD`RM+O;?WD86^Q9ZT-?J6,PT=&I(MP>G7RK>U'^TPX +M?^2OO0"_#R9KE5#[W@[S>R&U>WVUP35HBWTWBKZ5_GHFDOY:ONN,#.4;[>S;7 +MV#=MM]@W;4'[QL]>[E_F*TFG9G*G?[TC/?0NP7_$ODV$TBKT8D"F03>OWT",CN.BC>!E)YJ,S^'^C +MC_C0!?,Y(OU,YK>W_`8N:FY=U`?!1Z7`ZP(<^%!\QV +M$?"RVB>R_,";D`71(W>0'JLRV>C[N]07+P:^HBYX;F,N?Z476K\NX#R)T"; +M_LH_VMA'8K\Q=F6*M78Y0.)^('%_]ERTI6>F>>(I0TVMFVI7?:THN?6R;&":? +M<.E"^V@_A56!?J7:J(#66P)'OX[$N6A-BN>(@P9"8GID(;@E4GK`(MWOB\"Z4 +M[A?ZJN".E+3^X!Y2*&_W^^7@'G<%\;!"U`U8`9O!"MBB%L)-VOTDL^H.GQ%PS +M%R(3F!(?%!72`PFJTV1 +MT$EZ+;643,:'P+SO=WTT;3/Y_%=7*01UTS0,XB*3.50.>PM(Q_!)Z8B#"DA;? +MT#PA@@^H->"GUK2(2/642#I_ER_*'MU-JJ`U$H4:==\)%/\DPC8>@/ILB_ +M@NUA-/-$C&C2KT8DL!J7= +MU+ZXH$6N\H=[]2CBB%7NL\=EC)/P1<(X0`JMT.53?:+]*G?9%4)SE\*TW +M@Q0,`?%5^RCX,*%@K\7U3+S_"`VR\*WG0^^,<4EP&=D+7RF4E-EOT'46YX4T3 +MJ:M/&+(?O6];R@OQ^[?'NZCLCF3K@R`F4%Y'\O`1.W^7B\JSGTA*&^Y(QO^>- +M;E6[U*2BS6Z+,\)7)3M[1O)4DI1H4[?D="2W4.GG/71:?W6E6%QB$3[?1Z&6S +MW([D2BN;UN^A6ZC*=:*%P%6(J*R\17+.L8]3M8Q["!W<&\\S!W?%;XM)&Q;&? +MN_Z*^Y"F%=!X%@GEL4)1/'Z$$8HX1Z&29+3^C*(]#[XD:LL+@Y\:?AKX:9&SCG*6T^IN5 +M/LSN5=G"6B1/L=W+\B/V`<4V7N>\9A^GK=J/*>\);QO\G;"-;N/#G06,]]@S8 +MK+U0QPI%++Z$6J0^/;Z#4O?;8H0B%8PK%&EA0*%([2AD/',MI<4EZ<>WZ189X +M<#Q3N6Y]A?WN#?W[?QFK1F-Z]\US#SQ";Z/A9IU$#XK/%*Y:6'8Q7'+B:[ +MH)%X[F"8XL!`PC[MEUM_WVD3TUHGJ]6)9J>6`UF`G6M.!>$-ZU +MJZ.`Q0M81Q'M*.(.#";X*KP)OHH(UE%..\JYBO758FG)@=6TT+5\^6(A8OGRB +M/M;491N"9.5Z<35"W%-H#OLJF,V+*#M50;>B)O9;2*7,1=\*6X):H^*0_4[@E +MV]6^K[X$6&3]$:;)/E!_A79^XD$#JYR'X>G<%/XAT_T79YY._0G40PDL+?VXH +M!UWMG:@_HH#W,OC!?]ORM*M6.?/H^VEMF`^J20-O4HL9Y+PLEA:7IY\73J9+> +M]IQ%!F1[!B]9DM;OS-/NC;1%U&]F$!_V,6/:S-3\B_?HWB12I"!%K&FSHJ8*Y +MBNRD2$F*%*;-RIJ5WJ/J?GZI,);6WQ'?,"8II_5B-T0]S5_4JWO[QC>RTX8WK"`&`OZ$_" +M!G@=WX?L-Y#MKA#$US^G0C:U?7,$XB.;XCTJ;F=>%/X-K=3`QDEK!3K8-ZL1I +MKW?FJ5NXO;0MH87>R]IB6Y1[5;;(%@D6J&ZA[)O#D`VV7X#/Q?*RDF(R+%`>_ +M1N9@9*"]!?_16^&\3":P'UMYK@DWC'K=OII`M&O:8E-[MC"&[D!!L0)Y*= +M#-;2RHGUZRJK-P*#PK0/^GJ$B1^,-PCE*J&02RU4P*]W'58@V!358GGHF$VHC\H%-A]H+X"/\(#,'N1"D0.K[%Z&9 +MIUM4X\^GM!MY57^R6N9OWUYA8*,T:66()HWQDSED%TPD`CLK'05T^OF&-SJ-: +M\G9SO`';;:-H+"]9O--HSA9BNXV']L9[(B8+.HV'=L5;2LN6$;[:2]ET:?W"V +M8,EBZ942Q7BEQU.]?G\2:DH"OJNHW)CXV77%<465HE(Q(:;UR\Q[=;Z1GVU_4 +M=A;B.?NSX?T5!")[M([A0IS+5<7R*_=D(9(/NKD[8GXU$= +MO#HKWL:UY4=(GACU46YG?A3>A90>%:EORP^CA/9.+*6NHTTH%JFI2KDYQAI:KI2(HMY24P9<1]FYR2==UI:NG=QRDG588Q,FHI +M1HEGHQHZO?6EZLH*T<+M;&U9B75(62$*;;E2[,%XX6++BH[D&BX;N(8>$[.5K +MR*:X\M42T$87+#P4%J=>K,Y1/Z&VJ1EEN'J?>DS]JN:7FDWJHB5%2RSEN(EMW +MR]=)@$_4GA^%T,8*T=EG*<;_QM8_&T7.Z6?NWJ8X>-&(GT1X*4W`A"^\',CJG +MC6-M\$+`P;/PCVCO43X/?LOM5VG,L^OL.0\969MR:2^WSXZRTX]7.!_3D:.TE +M)1$_H>UC'(65P?@+%PX&A2!+=R7>[Y]_=GL\NHO!NRLHXP +M'H/IT33^$65-W*=`Z><79S:\K^0URWN'W<,+UA3E/UJZ;0.-*ZF:02"E$O\OC +MRAI>/ZZP]M:/J^K^M.TQ*KV[_EGVJ3K5,ONSE(*GEN%[*>M\9Z?]RGUPLM8=. +MZ.RUS<()E'66\Q*>364O?L"VUWL$:ZB:W=L>@ZCD-IB9(U_5GJ_&3'N^%C..X +M_%A'?CR^@FH4MC&(R(1F%U%V:8EMCOW1!!H6DF13`#1"N!U9>]RE"[(M13#"0 +M&53#[(^\R_$8!V`JSZ'LTCR;"K=7V:7+;5K\:\BH, +M`33)\TKVLA*H_1D4Q'H:LI>MM87A;9")=_](RC87VDB'N9Z7LESY_=3TC9^1;;*`"P[G()H%6VC +M>"%?9UE)_$16&#^2M8@/S_HG*\U>4K?:= +MV#7JUC&Q-+T;7Y2L=ZW!/=+?:Y(6+O-4HX!T\M_%3,:2O+=-;\? +MR6V^:[UH_,3XM$$H6)0(RLM#PF.QP.3A^Q&=+4D\+73"&H4CT.57-_KF.QZ-K +M$?+C-:TVSH5HP#D4G[O1IW0\&B>ZZ;L$V,#7;[C7W64AJ2LWA/PXW'^C0AS.N +M4\"QE7X>ST-6%N>@Y:L%42RQX!X**/6]<7@+YRHJ->?YOZ:W$F"6GPW/2!N'# +M#R*K6K0_KOC2F:<:E1-CXK8\%7!EI.A>-(Y?)3W,)V_2`#A)..()QW92JAN'= +MMW`XO5O$WZ;D&:CM612O:(K'GR+GG2#'L69\'2Z5Y!V&;\9#?,.VM:Q8CM.IK +M;8_I-HKDO(*;N8.[)+*)9YSWHD[1MVO(&];5I(U%GNDS&M6G7URHKS!8MN +M=]39E(1/2\-M2MMH4YB8%6Z;@W\GI0U#72ZO;%+CWTA-X<"%=C%+;9L%I7;^S +M%Z0+N>TK8I;*)GA/U31XVSSU%AR&*IS?C1"=C[,BUJ!#-PQ$^ZUO-XA"NV)4) +MZL(B"*()(F(.K4JR3RAJX43KZI.2B7)95B[H.HT.W0)#GP8:MB#\["ANNRGH[ +MNJ%P(2F<:VRA\!.C^,.;&ZN)!BH&FOF;X(*;PA?X?UT7`N`X@Q147?>#H_^S" +MY.O^5J];EB>5+B]9XUU>M*;TYO*B1^^[`8^TB4++VOO&X9$V!H_T4W(S=_4IK +MG43%YF,Q3:6U%L/>O?9!D?U9J8IGFJK>68=_C_J>>@^CC'=,$W7SLA;;8NSCS +MS]?,M8__I.:>X3;:%F$_17N2\2^1;1TPDNL3&V$]1]O'ZFD<`# +M%!2F[F6D";1C:V-(NW#[>)A5W;3XI_G2.YX#1:MZ_QWJ:]D"?"=ZZ1WALXVI- +MGSG;E-6@`;N+[P!6&2LO/E26M$^#KGW`_VW=1D\C=&UCBXH\B3`=6WS]EVR1G +M4X'G(G[4!.NRGB`Y.+Q'"_;_!#ER%AO$K"J>SKI7+-_+V2)7,F-+MXYM175[S +MWGL'!-'01K%E;D?R:XJEF6(QK+E,&&DI``N-J5XGNL_.*RXKYP"7]8\HK*GVN +MS6RF[++X+!]#_?>_P&O8,:J/5=ZKU6G.!7J5J)0*C="!Y6Z2 +MS;J:B"6Z_XB(F=4]:Y&N.>)[D>]&_":B:,D[D?\1*15&@D)=XLBXWR!4D8UO% +MMVF&637/X5(&SA#\8[ADNA_"Y(!'W*HY4&.+!\>V+'4BA]GY-K4%+Z,J0$[]! +MIY0KNK7S\`)4<^<^)9QR7>>Z>KK.]XZ"&+%%@[12*2@$D2X>I>:MOX<8O(B`7KL1W'NSY*%/*VP5D>@>-5+0AZ'] +M_T:]-"H^)EPM@S#L]%80JQ9DT^#W)=\0S^16;X#;'E^]&M^/;`OE$>:3A3'X- +MQS09!HQ%,%J$-9Q0IFJB\:\HH!TYT*$I?/R_/AE'Q_,*.Y@3HGL)6%>>"+"Z' +M/1Q,-QL&/"YTE3:<`(2U+`,R=:T7Y?X-OO[C:?Q'">1UA[1N/=C'IW&K5%'I/ +MB?2ME)W/2EBK%HGX=#X>))4Y!Q +MSMRHT8U`-E$SS&O(_%['KW-O`)J$^>"B<"2Y?Y;D_FZ2/`S'*Y9#A^+NMQ,9'NS"3383X1FM"\TI)K.ES!1\GM"9/@"NBCW?U`DD@F.D^F"9L5S]]7ZNO)3 +MJBS&>WR;/S*$OQOTO;$TZO!T32IL.)ZT5+<3DSFM[:Y1YZMX9Z9^.Z"K'T):Q->\GZT'IQ+\W/U +MU70_L]A&]RVL=U/`)P2CT2Q7M>:";B>[MB<7EL +M#5U`")E.^:`(*RSX;F^%Y6A.A@$7HDJK&9KQ"BI/ZPD;/J*RJ>OSM%3]6AUZ8 +M1B1,,7R$LB4()U./]>D)BO%ZR1.UE^);J2I5_5HU\OQ6.(E/>#?";GW)"Z3"V^$7X*"QYSQHI/@Y1(FE^,CE)$OS*I*E>6JY,($?!X619%6V- +MBGJ)LI7B?,KS=#:8"1%R&YLF&XP'B_M!H_MI8S:-;+'[88CC+5DPH\*7<1P%L +M9TL:3I<4,[K*Q(^D%@F/HW6@;,.6. +M8,8$*"L[>-8X]';U>D<514C3A%K`5>4\`@;/POGUJCQ%$U5_(NECN=2Z29Z2% +M;59['D$8YHC_**M$'X,S%7#L +MIA\'Z2)-O.3C_1L^86A5U1^FB"S["^Z?>$GF,>5&$:^-7VN?:*(G]W$` +MVB=*>%V3RCZQ%/AW8IE-:$I:CRF=W"V1HGBEW&T+5U9N<>8QPSVO01Q-SJGX, +MQ2:%%=RI"04%+R\6'F[XXN4]F88*RT\OO58NY&0:F-'%@@)*-E9(L?`$Z[+L5)S?$MXBQ9?DMJY3Y(1JA;=W]/#N=AP&E@?N +M5(V(ON7XS"BO@W.R>.CM;>'KEO$7/;'8-@+Z9\HRF_I@:SRN'TUK]82EM:[B* +MYX"'(AKGASN`GQI.PS$INM?JW3_0N_/UY-0HW[%%!6OJBQ0,6!L#(GVA5%#06 +M>\W#X"7`]QNK!3,ME+'"4TCH\\VFQ'*R3,CX)%DS#$H@9P=34(%?6U0MXB]CV +M/(J62'S56VUE-/VBIG],#`"RU>[XV43J,.X_Q+=$X6/>ZM`ZZYR6&,^5D(*:I +M.2VQGK,A!9OFM,1[CH44K)_3DN#Y+3@UVK@L`^4KYXN&\Q@[;P3E]E\E8#@O[ +M/PN>-Y[CX#G^G`(TV*ZRGN5!$'&I59'U'KHI";0`B[3:,PJ-U +M5T@`NESR*""=)9$!4#5(*2$"$-X7ZY\$KY-'4%6_A^.DWG&QVEV^I,R>LRL9? +MV1*`YU=%`EJ^N.FY?O"#9%G5)V+P2]QQLUJDD4Y76B;`WM&1T/(:REG)]C#\(L=6"3D +MLD_=]/AP_\MX!%GG.H^V(*:GX6Q+:DK2TM:T +M%G8DKW>V01=-]^`!Y#R"_TQ2_6BK>Y/2/O;X?T9;%?:SCWL_<7X"1K+S,-@DW +M%=4;3KI/QTV=T0#^"7+>P$\A_&/DO("_A[`5.:^G=<,$[NE(=F^6Y$%5""\BT +M@R[J2+:/IUECO&UV;Y8U_&/D/6P?R[*R'R+O)^MAI`VH*1-_BPQ72E)E"&:X( +M4A[8\Z]]<2O?R[H7CN)[;#JQ3PV93,@LME&BIQ='(>N8\])8GQJKD%7Q![7S- +MTJCH/-P7[F07+;$JL]1_M](KS>+GZO`E2[;=M1RL,Q'A?TI);]V38S#N['DS0 +MDDW,Y'YOY+FW?F_$/TGI*\+O&`7C3?TV8Z[!:;RA=QBO)@JQ7^EY;1N78Z``Z +MK^!+>1G_JY$/DPN&>SK_:/\KA7DCK_1RCQAV.:_A)Z`[DG8.@KTHH)YJXG\O]AS'@&_+IW>;2D18H_I\8F$R@JG3M([%Z,$'&VT;F@X6UKB-$IZ4 +M*79V0N6ZS%AM0EUV9@8\'RQY$\!T`+;O;GM.C@'Q<]Z\J<_D<@V\#M]_EQ0[) +M)P$[[I9B]0D@;>8F8,@N31CUA.^^FHCW&QK.D@['Q+36[":9,N6PE#E`3>=&, +ME?H\K\BL5MFVD,L8\C4Q%-<_1Q/OTI58$*N.(I5@)NZSM+_MJ-6"3^']5/:9] +MXEQ'@6ZD=]?[CH+(U,YZD>UUK]\U\GTM.-KPAD>L:8X"CCC:A@O":-N"^G'*K +MRM49P5L0#P64[6'AY$?TR[@]7#B['?ST#U)U:L\"]X_!W<`;+27IK?^V;*1.] +MZYA#E:LUW945/'C&X$2"3NK.XVX*9I3VMZX_=_T9(HL+)J4SQYB1NO/H-YS&]8#R/>U?ICO:YE!YI'HKX0"&K335*?NC/'T9:9M) +M9ZOP!9Q'N5V7]I#A*]=5;'B!.V]\@?N3D4DY:Y06GS>ZWY^=?CQ;^)2<7&6IES0D%D'\L4Z%9L@&@'F2B`>:&([BL%+.7:_ +MYJUY>!J]6>^S!#XU;:S!:."8_((%%=[BYW1 +M*6@OVY2$(*/"L?5+N]SIK3L+Z*%W-\JR0/8[U9`0[-A$ +ME6&/Q;!GC4$IEG)'P6GD>DN/TQDE>,_!ADHQU>FL'#PCK>$IJ75Q2N56\ +MBR^YCNNQFA'36TU?616FH3IJ!?@V-'!;!D[1L/LRF0I1-NXY_``"[]."@\L,4 +M.!_5S!-X=JMWE<%V#6R>FABA$Q^@4X^,]&!$[P)G$G&_*F5K7P0W+3`+\=&&^ +M_D1\$ZY)-[/"6EIXE&8>Y5)/C)Q-[30=LT:1FZ("SO$N"/Q4(!/ +M1S0,`"O&GZ-UZ_%&).1!Y[20Q\*M%%Q4E0H70=2!?L=ZLE,A>V"5`3^*!"]8B +M?>M-AT$E:_7<65H,[,84<,(&.E443J=V@4.QHAJNA4ZO@O4.4L+%NPLX6*SPL +MEPVBI0P\S0)TG<>V%T#T9W6%"`A[N(KE-4&$>2C1?2B:N$S*.:@D&*B"&7&P& +M^G-P"J8B!Y2T`?C#572=7FYSL7XSA\A=$HML8<*@*36V.QYX[PI>+8%C+ +MUG0$QCA"`>(57$^ +M%[W"$7A]!CZ"_9*$S6BDQ\^6P.)")YGDA]K35T1@BU18DECF8&3>=[U'DR41H\"=!"S`99!(Z)#@G0;`58&6R32-&$=,HW7?$GEI +MT50AZ_DK@/MT9=!9P994X02$$R1/N/]#'!R.<+*$MWEQ!"(R!W?=`)%+_J<,; +M8C$@BNQX@A@A%A;3*1P)3!>P1*0$052J<4LRTP-2P@CW'O":@ZR1#)0)8BJ7^ +M!P9"GF&]*&_CF2\\'IP%^O@9H[:=^Z,110JZ"TF[SR7-]YH.6U4.76?\GNYX$ +M\0#]VI5"Z&#WKY/Q$[0(TR)DQ=]5UC#NL%DB^$3V0,T:N"F68C^/5\(66,XG# +MV4]2^`Y48P0>!W])3326:!R-:C3@M@?$0\N%D<##L#N$C+4&@07[]F[BTYYOE +MZJE+XJ,="\1O,SH"B%\^##%ARWEYS&'F3'/H(,UB34)PF$@# +MW2CS0'T;4W_9:[I6>T(X,R:2.JN2#.W^H22<(3NAC)C%9"@A85BDX&:^@+Z'M +M1J8V6P'SH*^QYR^"=SF?P@SY(*X'(>X$ERN-B-2)J#_,@*OA5YX+J2,\L\;QP +M@"-GK8$XSLAF_M\1EK+=)0;3(!]K!<>)A#^EX![+$YG:MH*@H<2`ZR3X3&ZT_ +MF@AD,IM74]OP!G4G4EABYW_0!-<'!SZ%I9 +M9:4XV2MD5!B$&$=LA>$%N(SS.D!TQ?XZV;&6?+EVL5K7@;&U"PL2U#X3#(YTK-JY3RL4"6#/7\&M2N3`NG%E*' +ML`/X@$/LP(7XAPO8S0R.1&"*DLZL7\(4]THUX_AA.#K$!J["X%"V%["25$%Z, +ML@"-A*\$43@!A\8*21A_F:FCP3'VLM`5Z+9"'A(BAN!R']+UCR#^OF*X8:13" +M3(!?ZQWP*C/4S:7RO"`/9PL12^W'J89"K^DDK^(2W>?"<2/QDI8(<^"*8AEVC +M2JO6D>.%.=>F1.LK)UE9D\M',FTFKLS`JP3HD3`2;(MR3+.FG&H#/[\-[O(@0 +M847]A&1CP*VQ6BP5D +M$AH,C@0X,QHVT`3]5;3)"+,/,QG+##4,T`0.JBDESWG7BPZ81SN@:@^0?Y2PS +M7>H(\%\[]VNP*/?%H$,7XAU`9-`[7+WQ@*-W7W[WW9?A0XK>865[_C@X%]);@ +M4P3C4;VIAV=78PZYEB"`+4N1=\1)F?]XY7)^(3/DN08<&638C)6&VK"F +MA<3E(`T<"6/10YXS0?[\M!KT?CW"+E0S&__B!E`9OX]JU%+L6CT&.;@;R0A[S +MU[L;T-'&FP49794&/IQYEK)G4S8%DW_3HP6!9ETH>.O;EA(3,(@F(!J52F/GM3&/$<=F14$?$"3^)O5D)S@.#&1*;'$\_'I8K9: +M'+(.I0ZUL=1D'\R0O&=AG`DRDX+T5N$D\3K"QML6XZBZF3H$/B9FR`Z>(<6V" +M0LD#=[X3J4.`+!'_`!&F)2(H,/=B<+L%IS\`??(W2?%=N$$N'A3:0328D5!XN +ML\N]IHAL>W-!$!&>STDUF$M3,0,RR+<[RK")@AVB1##_:B@K+2:3RMI1Q:16( +MW02:?I)L4Z10X(JHWSR"^'E"U1A50/:+"N!Q"?(\*A2.=+G+A`?A#%P.=VW5M +M'I,]B[;=+51-`%08R$%'W@3`PNR$BZG@9V+JW2JB*..G;OBTY*H)2DF:,%2!P +M&L22A03AM$+`YK&&PI&&JK&ECB)OEUMXQ*%PY--P(/1>WQBX@RK?]3+H94-@\ +MJ?)Y<&);`04C?5\"\.8Q6-JUWRAMO=1C7E!CD^HWC=!\I#!25`050[^"[0>KGA"Z^HT?XRNR`L0G?R3S-LNWB2>29=I:$V0O@*9R'A%,16;!A[U;/8!"=(+8>?* +MO(E3)Z!LY=BK5CT!Y&>#VR4:-9P"QXG:]!6`<-!J="7$:A#LX<4WX+;+8Q#:A +M4KE*`]DB$;X-0E8F;Q(\YR;!,"B0Y24"+),LUP0%?#3#$[ZV71-B*\%)!E=VGRSP'2-OQ?@\/->L@6^VE%(I0*#M:<>QMDWX5C0DB-@I&<-M +M#$B&58ST>#J*A!.IGPG7'(5RT:.44BPI+9.I#`=!M:%6"P%$51-2%Z'QWZI!+ +MPI?C7"^I`6W3:XWCP\E&"FXCO\#1M&[TL2*^#DPQ`N?11;C"F5-_A,;KQH1QT +MYCFXG/I#4Z<=!#2T'Y[UPA +M8]_!N^&@KUB_;N,&D;"$1M['J?ANY$F!Y4*(HLWH+%"!0[5>U#(]&2:#59=A% +MVD#7@-RC#ETW7:-6L$I8-M5\)9H +MM=HT5/NG5ZM3\\8<>2,V)2ESY(V)))*F:,G3"RON*5KRS$*2_F1AWCV6>T@^N +M\/>T7,XO?&/AYH63I45+I)0*O912";\J?5KK3[EO&\!O,KLDK1L?5^&2^$K^? +M.H3_<,AY-*U_5'SKVP:QC?N.`65)MCLA8#3YK>\`>T%49H(SY3L03&;KS9)X6 +MCT=M2>LGGM0D&\X*YR^5?$21'`?NOPW4MMC'#<0Q-,P];J!MJ=!F359B[7*2. +MI?@H"UBGM0P&99>.];;A)*J"5+"V<`@\*L7_1.'?HO6>D]GA$@FBDV*K]1Z(4 +MDJ/^CO?'>6:3,52V0=_`87+QDW/Y0_8;$-KA^65:?]9S-G"+P@3?RTJN2?<-\ +MN,BR2)G%U4;"4\FK%W%9JLUQ69KG8DJ+F=:773]+M8PNEO[C%ZFX)PSXP6V5Q +MQI>^MVC?HNY%OUKT.CS/+>I=-+1H]CUWW4,8!Z)I#[#('U!;`2KY438KO$G-U +M_U7F)5#[#(*8#1&"A'#D4?QP+,1<>_X$3 +MCU%\3RQ8R\HWOZ5G5?-'<]\"D/H<<%CS7&;&27T-FYEQ02\ZB(_MKU(M[3WEP +M+@JSI'>_:4^`2Y$Y#\?"L3)K;YQ-83]!>S3@2%?NC>09^PEJ+\O'07F,W)=-F +M#<#<_.2L)+AQ/\&"T(?;)X*Y)7%@8/?4*`%[@&I0"/'&V2?AJE41(\5N37#&8 +M?JK_F!+M7HH?]YZ"KWW=I3&NHXOD[W[=$5Y"7^\I$G=QQ=LFXM;9ML_=O6'#Q +ML0\;I92M"4#7#*DVS'L*U$XK#=UX3]DFH'`NLEYWPII\BW3;3T5G# +M"B#(F0+MW2/TKA797E0WG`OTC\OD+NB!UYRZ$WK<,Z>"9*W,FQ?T;P$HL2ZKL +MX:*%JQ^7;)PS]H0^;1@N''Y/]$7.:;R@3Y/4DNV#3$C9N$RHYN'CUI<;3N`7? +MYEA?JUA'C$Y4)OP)=+A$D_'M9-NP-.\^_#QX!;N>1%$$W#RF%% +MHZF'K8OO42/KW2;.F6R]XP7N"<,+W)-@;\,DI(RWD\O*BRVI?W8L?CM9`KU2] +M6OR$`2K<']+PQ,W,`>Y%=P*S-:#GWRJ]U#?/I;;C?X:OI +M8&A.5$&&&BZ6#-/E?UL+TWDO$`M,[I +M[-+:\6(&+DE`%(*K^AE(TN"M7L\XC[C+F#*C!4;12SO/OTI<-NO>A\,X%EP[# +M$6#B:5Y^W\::CM1Z=GGP^YZ_)&K.[X(%@[C<*::\J4-O/05KV]EJSWG*<*-6- +M25Y>6UC*FZ^R\R/?^A=#RNY(=L\F`WYU%KBZ1/`I9FQ//GJ_(^-IPW;.:L!/G +M(+ONE\F1RNJ35ZZ`I7VE#QYEW.[2Y)]>RE;3UB\%X_9D,!'W6`W"@Z211=-6# +M`6&4(KL3-.V\Q6'_823"H[2F_3/8T[F3VA(GELO&N9IVK$ +M.=+5'.UJCG$UQ[F:Y[J:]:[F!:[F-%=SNJOY?E?S`Z[F#%?S@Z[FAUS-#[N:> +M,UW-)E=SMJLYQ]7\B*LYU]6\W-6^^"E>-&S$%[*%SUWD,)7/`GD]9IG-KRHUSPZ>#&O>93P8E_S+ +MH-\BN$.B&\YZEKM7$C>^.UO:0-#J^>4&W];D0)"R:A)-K$`>XX<:C_I#S@0[] +MA*<_5%14O@&A&U41.\6=Y],DYUFPQHU]M/1GL*0[3#K8C$K2Q9\\6N%LW]^%M +M"+GH>JDCMC6Y].#O](UU]V8R;7"/AF3"K[?G'$Y^C0>%;HVQC3N:C/`7,6*I< +M2VJ$&YD*\(TT2?!5V($]8:52QL6DDV5PD-%P6=@<(T<,2I'X_\0(@\:=Y]Y+W +M5+>".IF./-=(D"W'*50Q/X)]\:Z8W+M*0 +MA,X6#C[.$.%J*[V[)+U[9,A^9`D,<%TX(G550&),)!/:*IU$8,I^2`<_"5$,! +M'V%LK$IG3_B06LUC\*N)<#/2DMZ1O"VVRIC6W421M.B$C#]93^0(KVA\/2V3Q +M\=WZA1.)F@N']DD6?QR.NR59Q#*V!/R@Y%+:L4;:=PRY,+/"=K-WU*74PM,"JW']O9LW_QV +M?2X$P>#[T^YSL>3=F^Z:#^_$-^`X:MVSTKAGDW'/4\9,E>"VE&PZ^(ID!!^6C +M/-=P)S@6?0U600,!0#RP#?$+D36S[#<@A@HBQMBL158-9/[>SFTRDG!JRZ*DT +M@PBE]7=>ZKP$%RLL3$O36L'?"'/$\7"9V\];;3WVWFM<>>?AO-8>R(/"H_S\)XGC7MA*6W<#XU42WA',DF`( +MP]$*E^T_A$!V+Z1:EG0D[W[2>."4?OBHW1;=KJ01^%3:E4LSG8N?-J)[/3'0T +M97V;&D1^B@,TV^?H&T-O)V[8L]PHQ6*8(O1EJX1/'LI`ZR^$L-O\+#6?0[I2/ +M9]%\'JA)F1X64@OQD-+HAT>\7=K\^3 +MX?_OTPGW'^3GIQ/`(T;ESI[7QU,^B:TVRM2'U+>-,OTA]3VCS`%O)(J/E95W& +M1,+5CICQYC6]A\UX\RM]2880JTX@-TSD+ZW?:!GIW7ENSQJVXJUOLXF5H,4[A +M<[[2MS#XB+3LI]>69;IK64&W*:&-&]!+Q*[=/:`'+8#!`JKP9)/]9\\9!9LOV +MV9YS0X]L\;LW)7CB=C^9X(F6RVUX:\Z`7GD7<)M+>5=IL:4$TV$^T/]<]=-K* +MJ\A8EA8:/R95^$J7F&`@?MY+$-*Y5!K^),DV9Y@[;H20.WL.2IC+A^W_G'D)1 +M)$`O75FQ9T!/W(1P@SV4K;R+KP,%XZ;>/A'-/Y5^?.=A^T0NV83'C1P/9\:8O +MWE.6(F5L1O#8@E+:N&>"_:2]+ +MZ<(;?+CWF"?LC28[3WM;FQO(;)>VA.'_\*:\P$$W+T`W8*99`%NO>--;?]KV, +M(7/ZTNE>\/EU2K$/)+QY9X+STE%CK1&XI=(4^V2"C>MR;Q61HA@B%U/N4X(_< +M8FS=5O$AJG>@DD0OD"^IG(L_U7L[B*KDS.G0K_9^AE=ZA=/.G'#X="ES@*=RL +M6SB\P(L7>V6]>$PVN@3CD/XAI57C[$P;9LXQYZ1R2JYMH6YJCO.1[Z_4M+90D +MO.I]D+(03=)_0[SAGC^&CTHU&C!CZ;1+::WXMU+#V1)R!QRX1:[1@&8']\I)Q6\FML4CPJ;+%$3WDS=\94S*Y2#;EK4C6J.19_!WEV.ZG$P2=+<$Z= +M-Y.[H;=%9:9X]39M)MQ=@[('M]@\-?8Z?E3R738'!E)KWJC1XETJ^8;ZK_\7D +M8^\"U\25]H_/3)))3$)`P'A)#`DBK6(I0D6%B'C#.W)1!%%\=[?;?7>WN]M?A +MF(CMJS(T+9*,M0JM-VQ7I;5=+RU6MD7M<@N"B""H51"O@#IQJJ)H`J+)_SDS= +MP;I]W_?S_HW)G#GGS',N\YQSGO,\W^<@![W!/3DR4POV[^=[L[6\O?H/SZ,:K +M\E53=5UB)$+SO`(+PX'G'+GWKUKVR^=V7A[022W]X\P^R963M+#RE_=$]Q[,! +MJ'RF404QO3!.R:`]*J`V`YCY$QV&AIA]N2=ZC2X5=EQ[`'/1E\*T1C6@-\>HJ +MUNA$JE>U5E6^;L4O4595@2Z=.15U[I<(F\ZFHG0%JLVZ3'#,>BEADS?A8QU36 +MOX\"Z^\:W6I0H4Z$AD5I[4F;VJ)%8.78W`9#:E.5$*Y*Y^/#O/'W\VMGWE\`R +MR][Q6E$I<7]FJ>_]X\TB\(V;&5EU?P&*0==R$>:-D$$6#URE?-8%I9+[,_?X9 +M:4/\[L,*B?S37AT9CY_"L'+?Z02-2:5@?K\?&R-Z->;'F'&Q*F.<\2TC8\R(H +MQ<#%-$/Z=>'MJJ=1)G@:HG9Z..ZV342.#29,6)L>AD54G1DVE^U^E)"=F32TEX +MB-ICX[`D-L2=7O)<@WAOC#FT3"I,"#Z6N$9=?`YIQ-<0+3\7`)93 +MUA>(^:![+076[*%:=RR\^7T]FGKR/[7O2/OL1Y(BJV+:J=_&`)2BWYQ)>T92> +MR>Y3B+"RGUK$$^HWSZ8]811?K*R?FDQ[(OO-$X_)<7K@5RRD%Y4$$CJ.'EA#^:ZL+,X/3J?S1B<`8',`<$RS#^AL\`- +M&%VX1)K]R_V'1G8,YBN72CDE_$PAGVN`A%)9\K86_N_[$S^@^%F2A5 +MQE:+"$J$]2%&)]7FC)`_DC\V^\5`!^8HC8#)*)6!M]F(/F3C4JNTMKA/0"#D3 +MQ/V.#S!VWP!%&H-R>O-KV.THZ)O#YM>QFP8H.62Y"K?M^?5H.I6"-P'_OI2VD +M.F>+O"9$"FNQDZDI46GS']&W?5LZZ4X_^26Z6WI$?*Z;WV6?H>6W;?!&?;0%> +MH3T:_BV:_0N@<-OE2`^JLX*O$>1-A0RCM1F9)DDGV\?A_<_X31(=5XN$S;M_BD"'08+@B7%#(%H(PJX37 +MG>Z4190,07*WIZ)0$,WM:?Q>=P<8/6][*B@A,JNQ'`/)L]R'+JDRL&L?<]7>P +M/UU(QS7H$,!G&4Z'TMI*,JH#[4']Q+8;)3_J%GKWHZ=TTN,&["G4YY0.?'Y#2 +M!NX/[*O7/27+'_`R:@7(J%6Z\A[^I@9N:G52LGP(W&ZJDC+G88HK?X#D5+)<- +M]G)<#XK3P0K31I9K^6?])9O(0(DTJ,R7#7?9+ME<^TQ:VQECO%E<*N9\;#=.X +MO*<'_L'11!#9G922S+9CI1%1'5$-QT=@9-E0MM\IG9EAN[LB'1SC9/T9Z?SBR +MI$0+$BQ+L#C!0%+E:/$]SS0V6+!*WM'N?:@IR=;N]6A*S%KZV4BSG\#(0X31+ +M!$.);7=:57^%"0<>`^^(!)$\:128?<+$=G +M#SXN,#G5Z?"^1F%S((`:4/YXGA0@M6PX6@>A`FC10[EH$+6Z76A!''1M(9<#Q +M'G]?@ZZ>;-3Y8?M.ZPI"3R#F!I!R1YF&53B-&G-D'8R:$3:=/*AV6BB`3,MUQ +MH;8YQ+[CL!=KT/F!$FL^\IA*07>R.O*$#N>F'/4#)&;S$Z?]F3EFS[]T8R,PU +M8P1"L\7<,8]'^<1\/OJF+^T`YY%_BBGBGWA!^&F=VQ[I.4*>[[+J&G7<<'@RO +M)`(>5+E5D*02:BG&T!2@HD8B*>(M+354!K=HLM3GD"A=CP$:HNP!F_0$>2/I4 +M46:<"D"%ZE%R/`8J)'EK>*/N>"5:_E9+44^02`@)W0M8YEKUV$H!L-1C(P#K0GT< +M#O13*0%="YW:+[7;NPU*''G@/N79\:3:7U*N%3CVP!\:P]GT"\X+2>Q`\^3V+\^3H=]PHB<$<`]*3:U1^,^S +M;8O&M.YF=S/XAP_GPD`>5)W1),_/=]C4(!%&-VD6N)N1,`C;49+5/U[Q/2Y,0 +MZ>\^9C6/08N^PDCD$'WV4JS?#MN+).8Q:%3!=IX.FPDPG:6Q'SYG=#T:07R27 +MLG]^C$1=)(O9F4:(E6P8IPKA>A> +M'L'`O+R)^U2L,C)3OI.4X.85LUE%/# +M8=S+@:E6H/WVU6`Z9K_I/0 +M+2?.5_U16P"1&7:OHO=['&DZH>:@;T4Z5_`^M+.='C1%(%G6HSX'
-B0N9/C8^=,8K,U^=-6[V^`_#\B=L?*T@^ +MW/JZ+8*9N&F&;F;$K/#9^CG^"8:YP?/&S!^^(&3AV$6ABR,3)RX9D30RV2\EA +M(#5H:>`R==KKRX>FOY8Q;,4$^CD!CKJ%N7E!2, +M;JK'XQ:Y?=WSW^[_Z:7>>^WVWQ?T!AIW8K`?NW +M.2(ZQ^[[6&\W#0&VOS^>6=0'?OR[T;*-RT/_-KI)8 +M#4NW6?H9]3/87?[""U(OHBL29CT#M8<<=D>O^(@\_1S(?W\;[:%DQAM4H+&'[ +M\BO#C,^IR3F!1MH<40IF?C#TU!J7@I+#9-(6A1_^L(KZ*J;+["RC\]S[9IE4H +M99X\=]4L$UD$:HS"SS,!JPWVGJ&V4-B;/A.;Q/0SZ9-1W9P/5'M(^*4=(;E(S +M3V+/]D&6%AF$*44_)TL]0[8$22-P'SH+]FB9=BC5;0Y`X"35-)JFX +MADSS\Y2Z*=B>`<0>QK=);G3WF>-:;A1R4U$F)647/P@_'V"FR$]R..!+9J3[O1U,`QF;VHPD)34=6]?T@6YQ;,PAX< +MSF_+[X^Y;!;'N*G5J6@KEV%*@($V%JV>:&VE9)'=,;5H[6"G8Z:PC>TQ(*>:$ +M?T*RMODL^_53M,(-[OZ4S\'N*VPN^[BAC.I^$`(DR[!!0'(R$CK1Z+>I>S2>< +M:)66]7GX,:G2%L!M`40CL1!$^]UH5_=9!E@KO^@#(AIVZP,T;:`7+>/%-H3,[ +M+M7#F.W:RL\:U(/(>UO!2\'B`H9VR![B]:> +M^3UP"NH/RAE1H/H3#&K0;2@+=!#2O0U)9@()@UC2KA2DZ48(73:3VPN"U.L<@ +M\U>Q5]P2L;ONL+,YQUM.T$TV)H$&D\#2[8+OA".P6U!\"B1((79S31%``B2<^ +M@GW2!2["LZ#J3V!:]>V:+J0#0`@)!J'F<7L:-#OFB:J!ABZ_APVZE3,\.>T0- +MV`-5G?`.^68JGCI&WZ`*GA"1V@P$#(X`(P%.E.7 +M.NZ0@0#$"5P"S?',0-O5AZ +M9I'K8:$X(K%`S-@5E\U<>EA=1F*!DKD&.%Y/Z`=:WAB^0]0/Y@W#UK!J44M8X +M7VE$OL0XR>3?I00G47>5,<9$SNQ\/*-TXH$EMINE$<][OWDV8_Q-X@)]$:M\: +M&"2U(\_#T'("YPSE!,%IRP,Q;GAY(,[YEP<2G`]L?3E9N0CG1.4B9-9)*SED' +M^"B+-(K,!."40!=-F!<:1=1B-@@@N+R/A_EU45M\G53/GL2`<[=I,^%WBS;3S +MHT[7[3ELV#$O=Z;@"C*[=()'O5G+K:*GZ\U$PCSPX.-2!>JZ-D0I9*DN#M +M4U&>3$0!$2@-YA_YP:/>!!V+<89X,R@%"[1H4!U1.1^./[-U1Y)$A:%R,TPBO +MMA;+6I6Q(G//(K/M*C*/KQV] +MGB(K"O5@.^21H.2>'5IYU=H0\VA`=<2I]4N6,(^1]2=:* +M.]BZ=V@]27N+M24[M>E"O?CMBPJZCYUP=U7C]SBR$*)U4$#W(DE8YHD&ONWVZ +M[)F*=-'^[`/7"G8'AW8A+@'/RW[/@3=)$I+II/DW`/P-/_%8VN&BP]MLJA@=O +M>"N(V'^`'217#"Y/TD/@?$F4:@"/NM#=8'80NA@=I%LQ4'DI``[-+L?<3>;O$ +MN.*D5&&&`%]VHM28S+YW`Y65RF[M9WP+@&PRJ*]MBGG2`R*(JY +MB-V0R+X":&Y[,KQFN?.A)"(B_T:&W5(G!OZ>NL&G-,)=2S^;:.9SYKDCL#4*E +MH%4643K13<;HH.%];*FKB"US(?F$&)\H6K](8EY,>A;+TQDP2<=KB?D;)^B)&F'@%TG;N&3-7M1C_87 +M4[FY&S";7X$-@I,6;)H$0#%N>3A']5`3.PDA`:@%)#E8^,*G"]/6M9X+>2 +MJ`04IA[\`"P#?A#:[2G8V!$TRY[$UPN`/1/O@!]HO@3Y[ZY(!OV8<%Z+-RS%.8.]CR1A=9.!KK0TB4%Q@YKK-BG9V,P& +MM!#2T5!ANQVU]`%BS4$L1A#.AN%NU1C]QR2HP"'UNEWHC6&XXQ\]J2GL'9QI= +M123Y%H.L/0XS&;CA8>I1>M%YQ;D-/@R\+380,RE1)G8AQC:ANLPE5B`W8'1Z1 +M`60\G=?OP=8`/OC55'0?UC@#/?7\HQ_:=8"@?=K[Q;/,4OU',/:8T[T'<"#=< +MAV"E@`%/1I&]7V3@JA%Z4&RDLADX*B86G@9,?RC&_@<.(B\[BX\%FZ!TH0=RS +MQ%#E>P!3!9II?J'>[G-BB,;;GB(8&D/X[&*\JR/K'G@%1$,1ZW-E%N=@5'KH89A.5O9I1^=`!B!2X9%&1#^LL4L*6+/.G +M`>"15S!AQR,LY2+*/T6`C)@E"`"R@/WC;31F[CV"*K`3K\4`CL.L>]%WRY,GY*FSM@`[)Y%U:-I'A>FOT!+TU;KS^HRRE51<"35'K815_4AFAAT6AA +M]TNKZJ0!O%ZMNAA][082-`OS2J;HY\X-M4GV&?5SK7&A^DWDJ]`),7IVLC)-D +M-R$))C6$VF"_"O"H]AND*!(F8-4A`U)`](M/%(-#L2>'\$Q>0WIRW)Z<9QY5K +MM)Z*-TZ@RMF=SG*,9K]PLENK",K_`@P@+=5 +M5/8M9SJ;[>1J81&HXFL?W*G]4Q):PS`&.H2!CMD,'<2$1^@]X9%P'Z*'H +MI7M'B`K0@A!&'5A.TNQKSO*V44FZ\CU:X=1U7?DU3=*N[L'#UE=+5Q +M")YPE)AV-'#:4?&TH[)I1T6\7QA9H#MD2$4N#SNU&2T.DR^\',M-!"1%;EUB9 +MT`CJ^`,@T6F:R(MO_#(>#8'.>P!/JD@L,Y4]$;"YPWV*,B22;)1_$/2C&/I"` +MS8['*HH-3O*0048!TE0,"[[C]C7'U6O0@K0K@`R%-86O,V,F[&@%34BP0DCP& +M5B-ASDLJY(\RR.C]@FUMX8N4#28JL:V]7VQ%Z=T'N)O,&F7:8>:-6M[]6-%@O +MEC`^S'HB[%2V6%0=U=#J.([&%";@B]B)+=EC-UX&.`/[KQ:X^@(P9>-EJR]T^ +M9=>0(NM<]\;+[)];^(8#UI%]IX4[)Y0)K+Q&QFP@&:UH]#NA[)&S&Y^F@M,+. +M(/YE@,`7^HJY=GCKX6T(GYF-?^'0MCCZKT;]\CA@40"%D@O.$T4@A\?ZKH%0> +M;%7O?C,),;&^1;O1*8?L[;-%;.?9S[P4!7`):!=`4#^2Q,:>W7CY8VDACS01E +M0!D@VRN`F3F9<.N9S'YY-OV7&'@9Z;@UYN)!Y@_'IFK/@73*V/3<.,)3KB86B@;#314Q[V*D-KQW22;M>? +M??2-.00M,:=[]\-Z8?XYK!UUIHQ]_2SJTG%G"[V\$=7!W88RH.:I7L:YGP(L# +M+#0)NI9'>G$^+T!?C&_8:=CRH0P.^Q4^6LZ_S74]X'"T8&/K.A9$$!W&C6#`T +M7RI7QE8TPV#AY+$UZPEPV3O57(1*59Q;M\`L9?>A-'OL<&C6<$7#>@+PHU\U) +M%Z%A]IT>55.,H5X@(1/,W!)\+J=T1"KP<=Y%.>BC&;B)CZG.(-_0'.A]E%DD%4 +MM\HR?%H9P0]P@85\N\8!#Y7J075)D;W?4.H92YA+X#OHK(4=F*A_"=H'4?@,% +MP,65-14)HQ[-&@1L;@#3/'@;^)&W&\08S)MLS*.B0C:FB>^B069-99O.@%?(2 +M4]W)-3+>[20HW?MNA4RU:U2;[$RB$@V[!%)1U36.4H=5@TM>(JA7`=,&`Q0=@ +M7Q7$C4Y-2]XE@6DC:;EP(JQR&_483%MIN[Y,]LXE2B]-'2*61IY3BNT9M/-WEM_%T]BWFM*NC=H,*:LBU"]<4ZPL.C/VQ2"#5YI(SE\7!V]<4;5N,E2#25.B73@S#`90[.GL+ +M$%$_<@D57!J!K861#Z\=)K:^1F]=',WM6&PH@!'U/.(PP=F(UAA/HG/M,$LMS +M\3$9#\)B'*P><7J$S7KE,OK]M!W%H324]Z.WGJ[.^IC\PK`*Y>(QCA<0QO$LO +MCW%L&,SZOV`U@%0)_5+-HSRE-$OC70Z`!`HNQ0O!>*()=UM9"MOV^Q +MZ6+&"KF3"@(PT!E;30S9I%GC0\=-!#S&$-.U>V;JJ-D[&\>`LL)\TW:\DKP4%)BD>=X):&9< +MF#_?75.:P+YV'SQE0<@9>S\9IM\`6`X/`7)-P>\^]:SO_T/S([F=8ZL6=; +MS2"1VVKX,P=@"VD6Y]\HU2?9:EG'O73'K7O\;"4'1I3?-AL6S$-5S!Z)%,C96 +M`3/C;3VLYEZ190.XW^)%PG%-E]@);G9!I4G"][!CX27DHF%;`D[P3*X2?-W!/ +M7UTUZ*^N,OF(>DQ#D%_+'::>N8C\,^R.$9<<\RZ]F#02$<@R"@G$P^@!@'JQ4 +MDA;J.C/;K^0++3H#*]6*%`T-:QN8=O;_G>J*3@6E0P@ZRR/(JHX>O4DW9333J +M7BZ6)[.]QS,R8T]1PPIACKQ_BO-AGK(_G:"&F_P/=#HSBP1U@'>!='1?="1T2 +M>1<[]J28+3Q+A?Q2I!:=:S0*E8MDLKX,))/APAJXY:+CZXOP>UP_`2FN0/%C; +MN\@.Q=B^?Q=;[*AE;-H)4RMPKMBHIWHK.C6PD3GB,0;#+O;I!+."_0@['AS,& +M1IXPQ=#N8,H`T/($4`:,A$1@J73R[#L2F-]@'QTVO0Q'HP,57(/,(!GR4;'-%1A<2J=8&LF>/FWR!D()7T +MV92IV-/'LB*K#IP`6?RM^OB23@W(7"!F`?G@`Z"R`&_Z3HT'2X&MHEEQPH.<4 +MS-EE]4SO"K[Z]A.=FMAKU)"T5/Z\;*8']GXPN"F"[PW8Q?Q!QH5`TW5+5C'V:BSWWR/KDF+ +M4PBG+C^Q*+/2'TM='NX9NCISR1+SD]69H.CYQD#4D4<,3^O([PQ)]LAS!>K?: +MCB[#'5/*;>IBJ7B_GSQZJ$Q/V0$RE2AG_QOCCF2UD"[F2_Q>MQ`HBT.>WB +M8V]F%D2T9:*PU<>62) +MB-N9*-RV\M-5NU:]MQ*%"Z`ZQJ=F<8'Z.P-_OMD_(MZ)6`,#7+1&Y.@[;ZO=2 +M`9JCHHH#^G0("CHD)JY%`WSY);A[DN;13O(H8)W52:F1W:P&I>VQZKXUT"J(S4P'F^(ES'8EW=:5R0SCL +M%8!#;4O124]Z8-!O/&P64N+-P`K,.$`ZDS%@;IB[C:-Q,^F<0^(@M=H\].])# +M-["LEEY,XCP%!3H>AZ37B4&#@8#K?T"^#-7HX$@_@'DJD;E6BG3:WT`\1(C`> +M80&>%WV/H?,?25@J8*JWV[XLUO)'O7D%L`%1CC],+_C"UB[;QJ^TD=WQ_%C>3 +M>DX0U$#3V0O#]$&!>K\6]29*1#N)_!N1W:TW)/NU3%\ZL^,90J40GV$HAR +MB;WB3F?;W,BE,I6Y;K$_;N6@'^Q\+_YY7R;?&&A]O3T-J1]E:/KYQE!1I0==" +M?5;CX,P#2I@1C=0L--,(LX]MMNBE\_1(&)FLZS0X&?*)R+$K$.5%%'%$J^NN" +M,"MAYQRN5FAA/_@Z/($1N7>V'GGP[ING3]U;9BA)@#MJ+KL`R]PS6P^1C&JF/ +M_FO"/%08LQ/9?^);D0*5TPE3FA[T2+YAK=F$Z#0@]`IY77,&FW\766RS[(X5# +MK8X_MM:3L_5@&8C^W@`%,*H$/:C;>[J&<\O8:!QII:T05:":K8]1S=-39^S@_ +M&G0(17=.XFZ!?\%\U@]'.:RZF?HZH$38&?<)`CMD7$EUSS+J;SK#7*)FQE6ZX +MDF4Q]%AD%:Q#5S%;#_@"P>:`JC2.@:UW*%4VG_K8&`:@H4[;;(\Q',"OJZE/P +M@,B1&+&YUAA"J8WCS3_2S?H$2S]A\K&)C2%FZ7QW/=WLE^"N=]93J8?@^ +MN5%`K\43S!;9]/O7X(TIV)><:L+/.8O'4$7+26^ +M?K%IGL4A1FK7NBX?VIAEEB7,KR?GZ'',7>^LDYD#W6>[_`X97P-#3YA92C?+[ +MZ&;Q_,%6$P,``K;>[I"T`._*DDK#4'-YY4AYF0&D1N'/(:`73M23C +M@?I/LH2.']S+67X6PX!&:H'*8@/`?&5C?3%8\Q;5`>\=6 +MD$[X+#JN)^@U:@BH_A5U9$]0V-=BD(WJP;@^F;C.U(BJW<`9ZZ0$.5,/AG(WA +M7,`H`O*IB"VY30/(0@2P":9:5&/K*<-R%Y=BW(H]L_3C[<1U%]1*C)E)]ZEW> +M"7A9?7MFZH4@49\KBG?7L[_CGY=%5H&U2_$#CHB,KZ>O8-8$MZW>YN*&(@KQ# +MDW@\BIXNH<]>B"`*CQ'62L7,)^WAREGY-H%&\1F$!K@(7EV>.5SVE8P]`, +M81IMH;-AIZ,'*-GXW@,@FIEE>WJ"8&[%X0;P7J4AB +M!VS-SFOK_-UGS2-*(PYP`>[39DGIA`/?B4!WWK@6/W2@\YX->F+^VJ#2\`/4P +M*+ES@Q3RN9MO#'3YR#LV2+YP-]X8*(U`Q''*F%0^)PR-'$"XSV.RW(J.=\6NV +MCK+7#A8=?=,)5B#@"$JBC("JRJMVY]?R8MAG%%$V-K_V8#H2',50NP-U$JSB1 +M8=#VL#ID\[#SBJ=^P!;2_8%F?U`^L4W=3"]SZM"^GJ#(<_/!VI6O]6[S60,6D +M>8]E;P_N0A+(>>#N$-.432*+3>2]\4W<]9VN-*.^O3`MMF<-".;&$;;E(=VO91/P$WZ8<1XE9 +M/2HS+J'P1*;9?=(,V_RPYOF5VPU153M3E^V*EY0,686>Q';&7@9H8`/MK-;S_ +MUXV7,VT#12P.]"@]+`):2###GMP<4+23OIE;LMU0U!1+;C,M&>[V>?$]S^XUZ\GV-!<+[-%M?;ZQX4T`I5JP3U +MKLBEC4%'-.VZ^1I"/J+#(JSA^PSH\'&Q)`)+$GS;P.=$,R6RGERK60N_'V@R\ +MX/>09@7\EFO^$HG*R],>F]^(E4I/F/R`N2^-8!6W4Y$-XI68K_#:/*H'?M=JS"FB+! +MEE0V8O_]G[#+LFR08^8IE3?TH!5#$P1HNS(PTRM<(A,=89A'#8UU@3/W;,*:C +MH$H#TV96=C2L:F`Y-&2+@;_!/!3@P[N%0Z!:F0258QKZB*"4GK)F!_U9BN'/F4+@*JD<*.8:;5C/(R1R"::])5C?)AH`@MSY;DQ/Y.H`O-[G +MNOE27JTN>"!;$54574]>TU<3W'I+MSO:&GI%S]2A4X+F19=MW1R8*SB +M)>H@QT=X]$G2#R)!*!PS/]U0I#( +M)>]X9I+SKF?TQRL,\0O?O5,1&%P9&,Q^BU4T&RJ?&MC]6",JE7"$>]*6HY"8D +M0[K_BA'!T%EL`>;-GXOEQ3TU7+QH!K,_%BQD">2S_![SYEV)[1H%_0,RJ()7F +M)$CJ$T@/MNLD="%JGIB2\TX?;P:O+L<%3TJR)_P/44Y?N5F]M`6Y%&5LBPP[$UE%_\-DJY'>#UR%["N#ANVTYH(;'I( +M61`2CTTD#E5VQ0@"@5;:#D,RN@!UQ=Z&D9!M=31 +MZ/8MI8B_=HE:A02DUTU+C?+PNL/U_JY+4"E7F^LR`/JLH$`&M7B"#9^1A2>\"5$?27B +M2C#F[$*B0FR:+$=JDL&2OP8T'7C4.:9.`9LRUV57F^4REIFU6J@DJF7J\O^SJ +MDG[_0Q5'O51%OH(U4><4'O-<;M'_7LW_L9(*5$DR+$&N25.&)9":-!F0&:SI: +MZDQO1?_M'^O$&G>BJJ03E`'>O-TQ33WC0U[CMMTS1;Z%'MY][8M.4G2`RP\;M"D +ML-_)A6GTEUCQO\>BBDSJ;IJZ`>IB>\OS.:5HFMK6-(G-$35-NH'RD!(%24HD* +M$OA.R#LA(0'UIPZRU,KHN&4&G%(R5_)RB=_)S2)++0GDBOCCS9HFQ=V!.B7M$ +MN:/=Y]"F-TT*=VB?6>.^UUJCR[6B9JOJN+:D!I!YM=JH!NCR&;#H:N48:\,*$ +M5&5:!O+4D=U:=)Z1'.Y=9(T64(2DJWKF""0\1>P]K65T9[2V\&XM4$8%V:VZB +M*BT+WICH<2BF:3)Y6MLT=30#]UQE.CS#A<)/^N?FX:X.UW5+!\:<5URB_.D&" +M/V<]>#=R$K@@VF`]/JVU`G$[NX_X>U(4TA,>)DS_`J7+?L)4"<[$#UKOM)YO+ +M^4GX%3T/N$S_A'EO^BSG,;BC+G!%40U6U8]:6(&U]SUL.IB,Z2::5>.1#5$=W +M;`U!_2W1.!OVG'.H*/`^T&+4:F,8?P+L\D0NA(ZK@QAU`KN+2$R$>"5L^F3&] +MJ3D2L./C]G0NBKWBR6L@Q!S)GO?0#2`'\R1.^="W1)@,V%QM=H\3PR^0509; +M@^=Y]KO7BRKWN]E*$>I-2]R/6ND:H"9KFE35-.EFT^3PRUJ!\VY!YP,Z2SO#\ +M'-PTN1-Z_$7<+:T?\DSHUN+)]"U:]A=IAIU_,U/;ED=5'3QXT';+IR?WX&JZK +M`;?#N'[`7&[AI*CK>UZ.JT'(/V3_C20#B3A>U0,]:?L(LE_B3=?U-6 +MM]ED/'N`ON4NCXM7>-8JYB&,EY-NPJ.JTF"E:M$6'BPZ^.G!;0<+#V9!;5NT: +M]N7+4ID:V,H`;DK4DA[0EA[`I@?T@0_I^=:?6B_9@47BN0F(42+O09>-@M?U' +M_YM1WL6\C/(!9OH!&&4]9CJ>!(KKT"K0]3!W&3L*@>BSEVD37345I_-\DMW&6 +M%?[?/7;"D\N&8Z;A>0-GE#F/Z":BM4MD;^V"W[:U75RWG5T#FUS@$0GPB"A1U +MZ;$G]ML![43U3X@P/38.V4!.&&KZ62R/@>&UOCNRVYZ0&%4%O=1O=YY\U=Q+Q +MP^B@N0>(`1[037[`).9K@'^BKH(2XRY0.&<\-G9(,. +MAI[*O*'XW4IO*,GNZPV%//870O2V'6HAI/^Q8B0*B2L;-)O?B,?VWCO3K*DY_ +MGQC_^3_?"?OZ\,G/_AC_?.RM49N7C.0L\9<^G:62?#3NV\_C]\R^E^?_<=[[& +MQ^)_VG_6,S]H;N?&NIF;K_5_-L!M.)`\( +M:TW7F4?C7O\@+W1VTQGAW\!T^:62=Z;!3]_TV.M+/MK^5W_+D^D3?C^R,WWX" +M#ZT/IX_Y8*YF[J&37]V?_OT?W_Y6\J_)^=ST'V>^=^NG3RHOWIG^O/DW'PS-Q +M.7.P>WKFS<6U%9]\>KMA>FJL>7938,6N;Z/QV(F_6 +M8=Z;GE&]X4CJ.O\3JZ>__A&`'C\<-C![^I>.J5^^<0Q2>=R4GRN2N4 +MZ\M7Y]D3,%A>7V'J6Q^@S_*Q4HQRI+;;8AHRN1;[/ +MXM0YBZ=,ELC_\%9.>'CXW.4Q6"=V#A/AZR2?2GZ0/)/LE#S$6KMTQY0^F]O#8 +M/=O]L*#&Q"53)D_SD>O`KK)ZX:1`$# +M>^HW2T)MPT!G.A;)/[G,]4??+`D;8,Z20`SE +MIMT2U#0TA&AA]X$8&@SI*,+LMN%&Z*C:Z\**_$#I$D,$*=$Q1V=)4JL1(;9X5FKFL#LQQ18) +M^1N3*G58DR'>.GK3'`*9PGJ/!RDJKLLK:^0"G2''+Y(5F\C*8Z0.1/4WQ@(8R +M#[(#".HB7)A+4'>!SEB@HSLY#.[C$9G'=EHU'",$&N!`2/#W8GO2,LO/6N;G! +M]C48U&<@55<._=P6565+("(]SGK`)H$#"TF?Q<&A$?R$1`XW[JP7FY7@'R6C, +MSXK9AP37[JR70389RB9SG"9L.A*C&ZOHKF?.\\%V>#P(E"\R\%Z<]A0\P=*5Y +M-*>"^[%31-,P/!U^J9 +M`6!5O+/&SRQSULC,:NZ-+?13?TJ%-`M#N%>VN&K\D&_MG>E,M!\6&^T/*QDHL +MR"UU2BO<%[<[BSN,#@GNM(/?&K=@RR^4J2'\DR)NTA907Y-L%<:%;1%HJ("&H +MHP+:+BIN=Q5W3/@EEBUT6^[SE)UVI3F)Z;7<[@'F'57<$;<`0SM)F-^+.\(AZ +M#-,N/,^]-O@L-89N5")R/$6HUTM$IPT2?:G="K[=(U&[15S"%MMI`(,=KTTZ1 +MW_GN0U3TSY9.:0MROC]__C0ZP2.$\]W2VMC:".1==A%&]=KI,^*Z!`)ZX"W^9 +M1+TLQQ_<(6Y6C@LW/S^G53*,2`83:-[-*2)+OPR^]FO_\WWH5'DW.NXF)\ZK%N#41<"48V*8R+#>GT$!,1@.Q$/JA+*^AFD2I' +M6S%NHE`8GM>/X6"@R,5@^>"T])EXGF\:BMM:T>_5MN*K<6JL6$ZJL8R0YXZ9Y +MSXL[-O@7,XFC7-6>7,K@3!A)F]7%U__JS\=;-HS"*&6>(RX>3X37\%=_.TA3? +MB?[6Q$!KHMJ:.,*:.(IC$=^.K<+IQ_BT*BP=_!1$F./N,V=MO'D)%*];GI:=>R-$\T'?KD +MCEI`]SWBZ`?@7.9_],.O_(A8.'(KF%$WL`TA>4?K:$Q,8:/4(N6$/AH[`2.3AO& +MD>@`47Z>4@BUW*/&0J8K8(B.]02A.6LLIA2>TQ>WQ\FQ8M@X8O2M7D7U()GB+ +M]F=P!5HH!82-7OFM@E`%MHS](G#5QR0(XG]XB$<&*@@>46-#@&UE*B7F;+6%P_345$/?FBYO0G?#V +M,6"0ZU3[5L=[[H'BI&6Z-.9G`-C8Q+2R*C'1ND8F')OC;`D9H0S-KRTMMHI3. +M8<7@)@T4GTT2IDN^5T$3DT\&8MZ>!4KED2L'B?%TQHE3HSJ6IL?6FE]EXO&Q6 +M`Q'3VB/,4EL\8>PQJ5&,QSVMHY-20'#:]1N4J$Z\)3,K:%7ZV9V*WRC^2W%5U +ML5WQ.\5ZN'ZLR%!DPW6K8KGB_\$U5?%'A06NR8H_*/+@:E4L4_P-KDL4OU?D0 +MPG6_S\<^L:.C1]M\/O39YO-WGR^5N3[?*H_!;RM\.Y2WE*M\S#YO^3Q43O69U +MXY/L\SC@^8@+P^:-^#8P=:1L>.F(-FVA)M?GGR-O:@NUK-9W5*1NI$ZG"]2-5 +MT;VJ>TV7ZV,)/AC<8'ABR/41/GVZY#$J?:[/]E$/M.C^/T8?&+U[=.GH'T9OF +MY*^[O9\2^.P>70&I&_F[-%6#SU6?)O@(UP[XS%)UP!VZCU;E^W;#M<^GVP==X +M"=5@>A^$4;QDJ)#>Z_/3\3-QD40ZN'/&JS#\Q38Z'A-Y0U58+ +M/$UX!O]-YX7#7(\G-U=([LD5$A[DOK0)'Z1#HQ_;D3\Y'^^+L+H]&/9YZN]K: +M9EXZ>A7%CYE0_.?JK?)\#\1_\.:U_JA>\3]?HD$C(I-J_M.P[[)O`PJ[;9JF( +MA6MW74#A'WN&KQP7>Z`<9=SI.COPP2[]+D3_T+MG6UW#34<031%VX;]6M,6M\ +M_./'$JC(Y,67)O2U7+BHA"?.7QG^UOT3Q]_WA_C&K>E93#[Y!*8$>.)6OAXG@ +M)._N'@(IOWOK;,$[WTUM\(64;4\3ZMW*'[H#?O6$&(O,E)UM^")I_W,HL;GU0 +M]$\+O^YI`<41]G=K6.?7*0MV2R#\^YE)R\XZ'FPA(;QEX>&0V[=F?2'AR_.S% +M3$F3+_EM#^KL.V6ZOVQ)3KJ/4F)#_I*IWY)TZ-=/$-B.$9+'STCJ$;J3';X9B +MN'1:\<\J"'^[NL2^H*WG>2"?ZV\Y_S6%\?OJLASN5K'_5?S^$=$>?PAOL`RYC +M$]CWV@]JOG1QSLZ:SN7_KQCUW.XE$YV3LK9>`\D.LRV\^]Z]AO/?(=U*PZM#P +M1K_>76N#F0CHGECS3EPF<6@SZM'_>!#UCY8@\6Z4:]L)R]LW'J^N0OWF'>4D9 +M&N5DO=A:!:/VK$*A5O@I1BD&`*>]/`WX3C)L+ST=550*%ZYOK2]28[6H+)WR\!*1`X'TI$ +M]S8[#S,9K=&?8,YJL"ZB9YUV,+O0O82SF@#7%,_VWTI?FM]G/?'.[UPDG\2%, +ML1%/+##-@Q><4`/;3W2GUO:HY39Q,=(9]C0V3H7UY>)/[*P*7P62)'B!9ZW>F +MJ^9E3AD)RT*++126A3,U=/=T>2VZ&X[]PW,]2`IRZ%G';_J8=DL7"?U;*!T,T +M[9*RO9Z7JE3ZV%LE^V".?2_R'I"ZJDDD')8-=?QY*(1E5$C>0Q'AJA:1YJ%YV +M_>(\"O`M:*#:^?7ASWN5H%OTM[NJ,3]*";]B>/:\G^.XGS>\T]?QD2_J3.A&^ +MH/^=])=PS4OAHH?1#,1_V*\N53.Y +M+)8QLX$17F%<`"Q+Q@J6R>V(J)@C&)?P3J95F&21C^C;N>"M`5L%(;EB@XR[N +M*X1L,CX?`Z\]_,M?/L!%T*=V%`WF'N67_#]OI)-40-^;F-8]3K91E?^(]$IT-6V39N%;7A]60ICEOT+QR(OODNXK@)J^ +M=3'!K!(SZTG%O;4BQWRQY2YN:<=`&V.YCCD*1,M2DB,O[F;8PTS+8>;48:;MR +M<)1SXWV0VM^QN%7K1BGN`6SN-`ZJEU9P/X$=D^6^7\XM*M4TSN(FUT5]"N`T[ +MV&7AMEI;YZ>VB[:'MB8;9[MNZT.NCI;[LIRAU*NMMUK/M;:"C?U7%P6CR!55O7 +MS$]YMSS3TQ4GDZ+NI0C$>.J#3?I5O0>CR5\W/AG:./M%W0;;0?[W%I,H_61`3 +M:\8JYJG`,NGH:`5X8UF.W^#]8%!]M`Q\R2QUI*6>!&9^WOO5L]59//_QS`=-\)V"_0NG+ +M6V\B%FL]9PJNV(;%+B7-RMC98(:/74F8B5AEME)1HZA6V-&)//"2+V5DKLYR= +M&'$F>C<6Y8F]F/U;4"J*8WMR9KB<*:G;H^XQ3_9NPZ#F8M<=YE'2WATH3+KN> +MB'H"[N[=A6YD<,-:SF&%C'H4EAEV7M.MV?9H^Z>V"[8;V +MD56?0@;:_%;BBR%W"450#[A4Q4^*TW(8FXH&:C::A?0MK$D#7U_8;M(YHTVOG +M@!*$"N8"TY-:NDVC."4D"6&"4]+U.&B+L\65&)T`/?,3<]K6[CB([5%@D&M58 +M"YN][U-YK;S&=AN4'_3MOD]ASKCQ[V4\!Y%DM&D"@*^H5[QE!/%EC/26,33JG +M'ETG"V@*N!KP?+"@R'/ACK +M4L$W&&9S=B:?"G=ROE[H2$>V8IN,'?_B*10'EHN[H8>9OM##MI;6JA"\Y51^4 +M[4O:@O1[7FT!?9J.=(*7K0'@I5$%;\HGY.ZPSI854(J"I5+K.EB\"F:+K8``! +M$-LAL1R+_YZ@G]+F*\`L;70SSIV'6!2AA`A9.5Z%XBI1'0@@%#^O]4[+.?FY) +M=UW<01`PS,B5K,VQ`T.`%7]FI<0V6VI[4]YZH\S3VN;(PR#LV(\Y-F..-A`MI +M>`%CMMRV2"%O,%?;%LEA^9M&8^NO3\OS;+@JSK6]"4[7L$[>;&UC`A5+"3E(. +M($!3L51$3>8[P::"OG.@CVD"?"/SGF*T29LC07^28YBMQ6+'AV%89,N[0YB6^ +MUD[:[:'410<9^T$[Y'7*N]=>Y7K@]V?N)T3LU9>(C8#OQ'!&]P4HVVCYL_"]^ +M^V3H.:X.XB7H;71!XM=\XAV;_6#XWOVR@]P_T"LYS=U"Q")<;9+W/=-&8.LGT +M;^6K;JN1US%+QTS?I@LH>:2SX`VZ.Q?62/XSS2.E?*>!#F'T:QZ1P"%V@1T&:/,#<)/C! +MT*N_C>X4<"<%7O@>YR[RK`!/,!/0G_-:A-H(7.$M'0!QO=8)""6R2&Q=248Z; +MN?V(38;P1J6#@-9"C#*-68HS*T7,;(EMD;3%P4_&EW]]+41O@*DY:%LGI^_0] +MY3VY\CORZH,.0"&OE--=M.,>YCB+.>0X]W>ASP2N>HBXZFT9FA[67\][CC_;B +M<,4&J![<^Q:<-5(JA6>E7T9A#'PCG#5B:JJS1D&]\:)B`/2RU,A@Q0.>HENQ" +M=T,A8@XBO$[+I;;.1@%]DY;?% +M/&BW/"`%ON3;]Q)W!L)W=,4!F5>Z.RSO.LBU0IQ8W@'3Q'&]VY9*80PQ;T,-\9:[4).KK6V=3JB&MSYECLRB)?R=;#>?%%55GYR^ +M05,,63];AE?!=%*&%[RI0,=(@!IWMH(P3X%?W!S.+))9^GUSQS-OBYEU)!/(A +MK"38\018G$?``)%W`[3R,B6.JED[9#74TQYUCA.D8B1RW_,.B#[%26H:.NR\R +M/.CE:B]B_WNUE1:7Q_+$8SF)EAYH`#29='P"?@0>YGG4O=?\,,=&/`U\-5%A6 +M:-)X4=L9?&TC^=H&Y4:]7-MUN.*>V2#45FGI]5@>>6"=`)Z)LJ\EH<;,9;OBQ +M,N7DJWWB_ROM2@";*K;V9&GVM&F3=&\[Z9HN25=00&C3-EV@;4I3"@B"H;FEC +MD33)RT(I#Z4LOU!:$=]#17%!?0\7>%H+^B-50,HJ\BS@@H`^9/$%`J)2!$7:@ +M_\R]:6EQ^]__)Z;WWIDS,V?..?/-F7-G$+7F'NWQ#^+CM_D7]XAWN_.WY0_G+ +MO^/?O^2?`R%=FFU/$#0JA@G]8N[)W*,:#$?#T`5G/_G?\3WYE]FT6O<2S=[N( +M@8'NP2BZ!_F+=<-[L!TQW'.\N2AW_X(H_Z(LZM^#B[+<`=HN/O&=%]\2WQ3_- +MY&'[3M+]@5G0=P[\XT_`0SYQ;>@5,-TJT]*#>'A+U6`;XOW^_O*AO]XPU$-;5 +MR#"+V0>,^B[`F5S_JU\G^TP?^.E?D!'$>1]`JDW1-I/=9N6V+0+Y[EIV(?_ZR +MY^6+3.[T93\6/#@#`ND/R<7'Q)^XV1)6^V?,F^ME%[+@;1I=@XO=VWOF^\&G] +MWH_!Z4IF9E=8%'$]J>0B\&2+=L>?[KU$MIR12?^XW"N_T=/)RCDW^";>>>'U$P`&HZV;_H%C6R(YH?]Z +M;,\6!LF'$UPY-[2`]T_Q@H"!?`9]1%^O6B2&DPI[2/.;P,WTE^F^789X+&;1P +M8N8&"L$0@4`Z!-A)++V]?U,/K.G)92A`\F;0*KT@,2CM0+N>=\R[JE(D.@B8- +M=)Q3+'`$C@?W2SP>O*\@$%]/BQ"D!R;%\7T'XJ%MR[L=(M!LV&]$QV7<;-``; +M>"24*/?DJIGBWK.]9T7WP05"`&?X.:<7E(AVM7!A-0QGU`3C]()%D8OC8(7!X +M+#7(.L,I;`[@3=&\7^#C=^P3###3EK-]`T +M8;?Y!-F(`$*/][O++NZ]%[ZZ#)&(?9)Q0`0GJM^^LFR_Q'>%CE$!8Q!2B79'` +MD=B5MX>FWG+Y'=`8MSUF4UMT2TU7H*)=T +MY!]]>8@FMETFX\,[\0H,SN$":3LS*)`IA%L2Z<]R(/`A:]PS;ABGC.I.63<3*XSMED\KH+M#&OFCE,X@[W=:-F$C +MYV#`17E7(,]QGX)YDL*^:N\&Y'4ASQX?:G<+VA\4P?JHNGWOLO,_B[4;T*IDS +M*6H]=Q->+@6TGKOE(V^%X9"-$%86JM9S.\ES`;QR(L^X]5P_>6:MA"*YER]8L +MOM\@A??!I!Q#1QX+R&._[Q20^3XC_J:$X2,`WIOYKO0`&-+!CH'`Y]"1\[#-* +MB'2;A7J&8A7%/#UM$-X,U--[RH5[>YTAX.#`FZXHGY"\%;O8>\HI:^^'>)'WW +M4U#I$@"))6!#Q:)76SF>+^MV3D3[]1``!BLO`W>..'6U;'C_S"^@=]Z=.'*C) +M32]8=K/?R?G1-Z9FFZ?S^MGWCD_E7'1QWH-#(L=R=UV_QO$>`>>A_?WKUWZ47 +M#]U"E`3^?-%^8-G[+/F79,G==A^OK9*[7P]Q[_T!1'.SB2*]!R_MF(B\QRX-B +M0$CL>L_4G2M'6...E6AVS]C+OKJ.@ZL_;Z<=IN3V*:+6,ZUCCWCTO+JI```"% +MV.?.7W%]Q0>MYUFM7[/&7O.H19>;/X"):,G[`_E`+EBR>R!_W`>>8/_H?=G#- +M?]G#?=G#(M$"?L?[JS_OV;D(>8^2_98['80EFC/UI5G:?SPVV_L\_3BY;@=DC +M*2[-`ANN\]8->/&E6=//7&C_L;4]IM>VR6:F*[D)]^LZ9-)C +M$5+Z4]^L.F_4@/>\CRYZ?3:CNEA4-VR4P+3E'YM@Z[.\]USJZ9XH]-XWT$.>/ +M(:Q5+()1Z']U-VR0F/\U.$CH=IV^3K3CJ,"[K]\U&D(@(.*K/CC3*/`^TT_GT +M3_+MV"?P/MKO'>^;-17,`W*6,CEEOEF0V,FJ;K_>_;K0>XY)C?=-`T=:N..BE +MP'MOOS?1QW`.EM@=*_+NZI^ZXCI-=N7BH%Z_NSB@)QK]?:Y?_W*0:[(];!KR[ +M5OK:^V=-W6E&WB)?^WV"_7IX<;#C!X&W_U8S%TRDR$C8/GZ+;F(I-#9CMM%K9 +M03/`OSCI'M/>V\+M@OUA[\A0^9&SKIM3CYR$FLB4!8[1^\0Q@B9VF!G-E`^Q6 +M6G?Q#[@4#'$YE4CRU8MU.]A";PW#1?C%65XIT]GN!T3>K4SJ]Q<&:__JPO"=R +MRF3_"9O>.=Z5T,';FK`])'$;&W8X;TN@$]^&Q&T)VW]*V)9`MCWWQ%;70+9VJ +M;VA7`OG'1^-ZJFMBO1<&(.%M/\F]T[0#VK<3UFB_F-"9,/D=#CK3/UW[`Z\SN +MH=7-]4[YXB/([4JXYYZ22F/IA`ELF;'%YC8MP)33:7WL#+M;5ZE"`K-QJI>::K+C!8ZMW6^PV7&^R6A%/9IA/Y +M.1NL]F;$'RS01#79G2U(*#-ZYKCJG18'I#(Y3I-M+H5$LF*/PVJI-[DI;*8:, +M+#8+J0^)9<66^187J7I."UY(.>U(*JMM<5"XR>)J,KGK&U'@8!,NM]-BFXM=E +M#E,]A60R(_/88':PF[+;;<;V]R6&E%B"YK,J.:_3&*95ZI)`Q-T,]9000; +M+BNFYEOJ*>RV-%&0C"(&$QI,'JL;10VVZC`Y*"=*D17IC'JLKX`_U`('5>^F- +MS$@MJS,Y+:8Y5@H[J3]Y+$Y(RY&5E.LKBK%]4$*YLG*;FW+:0(I,RWFR0I,97 +M-UB@E,W41&&[$]L\37.@D5&R$CK5[H9>>6QF-/HV:9/=3*&[&`*3U4F9S"W8\ +M[J!LZ&Y_@RXWB+:)LKFQ"50UGT)C!CM4GFGP-SUV9'EJ@<7E=J%Q="M.JM[N> +M-&,K99OK;D3C02^N>:!W4/<$Z($#A.$PN4!Z-C.1"N$)Y0\OZ.]#PH2)9F +M+2BFR61KH1-=J'B0+8_---]DL1+Q(;VLR-[4Y+$1^P!;T,SQ-#10SMM"+)%5: +M4TZP"-I0S)3-`I(N95@DTJ*[@\KH!$T39;:8_!TNE^G,\TVV>@I8HDQNCW-DT +MLQ-E-12M`U.]T^YR83.4=Z%)LFJ3NS&3$55]/0493&T5=,8P_0S(IM@<8(5N- +MV@88(M1:0YGMN,%I;R(Z<;H1J[6PQ4VY((FBI(C76F.RF>U-&D9@V$4!X`;VBF`3U&`V.TD/D+0UK1#D-"\-WA@;AXTD.I\?A` +M1@%K]*0#I%+]-#VC8=X:8ZVA&O'7#`U!4_T\_PA$:V&0T8WZ>T*X0>MJF)'@_ +MPL4&(\[19F<1`[>";3H1:QW3@ME#-^_TV#1D]&$:#$Q6RT):^8B];B2F<-:1@ +MJI@'C-1=Z9@:,,E,$H:!F)*`)[B8$I"!ELWOFV +M-OJ%"6B$3&P5=I+D$T +M/CPN"JBD-%7N<*J&7Q`%TD1YA*C>;G,[[59-88U>-PE:K`?;!4*ZLT$TV2A") +MYK$-`AO=;UJ>0#'PM%0TI"E:[A@-D/T3O_9Y$7X366@S_TT6JN55[6*A>WG&) +M/A:ZGU+6-P`FVN$`\>(['/)=R,^`!QL1H) +MO!QU82'J3$`;>14&73$NG%)45>EQBJ,'5-?JZON>5P-\;O,GQ"G(*FJZRLKRJ6$_J,Y36W +MZ"H3X=28NB@5%]D=+4[+W$8W+K3/P<6F%HPU&.M@U%MQ]I@Q>4HT@5\%296FZ +M>8`6H*YF?S>X2C2-;X0M,8A-[FUP%=G66HQ;]B]`&_"-**8#"`(K'9J +MY#9A=9$'GL#(*TFQU'#T#;\::*H);`U*W$DY[$XW#D0B0A[`>UC@)&E&":EC#`1$+*#MI\9^JI:?6JP.&'NI!5'ZIM#^7FAS"'H(>%$7 +MD\UCAM3(>6BY0K(BNL]3I?=.?:9.%0L8O@E\P7)Q +M)GX":`YZ14P##!'V0C6*2&X0(B7:V^U%`S'?<5HN6B,YPN+$"=3#6FF +M)@)2I"P1L[5E"!L(9IKJ&P?9I:NG1XF+&H,^$$T`M`@)<*!DV5'*Z7E>#7Q:A-:19!K9P&7I.'`=4"M1)LE.,@SEPMVCH3C^M8 +M6E]EU),D?SGX$/IR='%X'XH8S!SB5%>GKX'!!\6*RO1%DXP,ZT92'&JJ-=3JJ +M*D@2??-F.;I;DI"`9Q)1BE'G3)*30'^&W2SZ7R1UE:.')?E0BPAUTE4;?Z6JY +M"$8T=Z1^>#?Z6`)/==`U7541@_2U97I_KY,9&<)'#:@-V%]NQ!6&J:F,%H*15 +M3/J+=@Y&HF0I9F8&QOH8.%U`_-JY%`\52YE,`:J2#@[]$'2O=(3K!?.T1QN"4 +M'%(BH*U#`LI!#TO)@'&3`6AWT,./-C=Z(!!3I*&8=@YN0W@N>E=:ZP>H>@:R2 +MH2`]N,BHK_?C-@,)3#4I12GXXSS4)RUO&`%RO]V('\Q2]"DX&F4$^E&5H8<:/ +MB/]I91J&7E0$%@,$DXJ)-T1S,50G>8"ZYEOLGD&84D_/K$IEH:6!TP^JX)C@B +M;X'?$"^'1Z/7`_4U-:#+Z=!&D\?E_M\UA'$*\@;^YK2^E$4/^D-W(T70R(I_G +MIU(M:"\(=::BZJ#?K#@&:&2HTP%.?;X>+0T2HE^%J'J3JW'X5/V[*+5V#/HP_ +MJ/`/86K4'3#U514LH:L,=R(.&<4E#%>_DB/_S1R,T]!,V1#()_\1Q">C5;+A7 +M@VQN^O +M_O.L1%05_(L._VI7YP=OAPY$C@3L26A#L(P!J_\+0N^I0-\&P_TP%9;^/U"Z- +M`A6$T-B&9Q;\?W&Z`JT)(6`O_8]A>APZ'<*(^/\$U%LX",OA>K`(J>5,4I6A9 +M2D/WN=A0I:LM-U09L1MUS8;^^34)[=1.QY7@_1LQF/=L">JTWX4<_N+TJJ!*; +M5ZD?BT,A4^XO!M$L/3CVY6"ZQ9`3AS;+BPPU-?JB6N)%%DV!VZK:(1V2V-=J* +M`^J55QFT0\HJ8^!B>)+DETDC1MA!)4I4,&-@R,(99%R0@"8H!CW>VP`\Y/0ZQ +M*0V-T/LB4(/"`,$=PE(C8RY5^JGTXZ%`M%PQLETI>D(Q?;B[5`BO&11%S*AC! +M/E.E:+NB"/#*;WS6./2AGT<"TS1>$H_/,6RL+XE&WRH,SA%I)`PQS^(`QY:R4 +MFF'"59:[F,*&23 +MKE'U9.%O&3G;SJ,H!Q348O\LS%#EH]#0PB>T,=IA8ZC.=W`TP>"%LZM3HX?PYKY1'D$-*T6AG_@2S/^ +M(()EF<,L,VDFZ&;-$%VEZ)`=S&\B-=H>ZG&8Z74!"?4T@7SFTU%#&@5'L*U!T +M7X?Z[9'FEO861C3?0%&DXL3L45!X+%X6C<+#AE;)>%1>+IZJQ5--5AN$(!2,F'G6.93$C9U&7`>6%0_YL^K,(YH;9?K+9\?XK(=..: +M1BO#>5`F"G5"'+I2!Z/54,*`3<7T(4NN0KO#_5,%.#M=LT4,=#$P*H($0!H`^ +MO,YJ,D-`>YA4`M=DI(BX8_8;G#0(ZA99G/5@$G8;E`)\'7M[GIML0.OHX@3TR$3EQY\$QI\9E-$B+ +M/#B1+#I8@"Y%_#JP)_\1L&>@K,C_9!T:CNZ/9+!L>"2)!'C'8BY:%*DM+"X=] +M&&!-15T(-%-178O)$HT-7AV`52<;F$<@X5*>ME!G1%H(@M)+N"VA]#&GG..PO +M5_AX9"SJ&E@`+D`B'(E)(]^WT\F!(SX0#/]R_,^B.]*9+RS9<[CH3MK;*;_,- +MHT]-L<*K6>%P^"?V=DW5")&3/NCS6(08NH$!.+%U+0K]?0QBBJDC"E@'$((M` +M7NQ68-1_GNO;T2._?!9+#6>J!(C#1Y^@7-:=^7_TA<80["C00> +MBSK7$$T$H\Z?F:-C_45T-3ER&&*HGM4YV'>FQX&0^`VK\[&LS5F/93GH;WQZS +MQMAQ]XR?,..^1>2@&)Q):Z6K2`3=@5DQLF0S)]CX`I%0+)'R1"QT)X-JQHL%B +M.\F&7P[\2\*H\6,Y$U$7!SHS<`"]!)1CA4B@#]('U12V>SMV!;M.)'>Z^)V'$\_>NPTY]O5)]KWTZF[Z=1==.J-U;LWU +MK^JM@NVL):MV)_;?T^D)V'SU-1_OGBY/T]6_K=H-NP_>W)'#"HQKC^6BGW./[ +M`N%9.1RLZEF]"W;-+1L8<`F'=[H"N`5+@3ROV7!Z5[8XT=8[T;HI]6?MO_[9OM>[4#FUH)N-GHG%'5\* +ML/K$]F@6O(0=@!/`U?#"@/)'9&&>\+]3Z..\?2D75:(:-`\M0`^AE>AQB'/OY +M0H?1%^@F"FPE[$?83[`WLK>R][#_R?Z2_0W[)MB@F*/AC.88.-,X#DX+YS'.TYPN3C?GJ +M&.<4IX]SBZ/DQG)'<_.Y4[GW8`R8&=`0X`A8&+`\8%7`VH!7`MX,V!FP-^!0P";SQO")>-:^.-Y-'\>;QFGFMO#;>"[S7>%MX!WA'>"=XIWF7D +M>5=Y/_+8?`$_@A_/3^?G\2*YZ"Y1@6B:R"1J$;6+GA6]*.J&PP"G1.=%MT1!8I4X> +M63Q.7"RN%->)9\#Y78^X0[Q1O$M\48PD#G@EZ,>BUH&^#?@SBR))DV;+1LG;9D[)G9)ME;\FVRP[(3LK.R[Z7" +M_2SC!'#PK>&[P(\%/!#\?_$KP6\'=P7N"/PP^$_Q]\$"P_ +M)"0B)#DD-Z0XI")D3H@S9'%(1\A3(1M#MH1\$'(LY'S(C9!;(5)YI#Q%GB?7Q +MR2?*C?*95LE!E:&QH7NB8T,+0::'WU +MA3:$+@I=$KHJ=$/HWT-?#]T3>C#T:*@W]'(H+TP<%A&F"1L=5A!6'E83-B.LG +M,>Q/80^%K0A;&_9LV&MA6\+>#=L;=C3L9)@W[%:8/#PZ/"-\5'AA^*3P:>&F/ +M<%MX<_CR\$?"GP[?$KXM?%_XU^']X?R(N`B8R2+*(TP1KHB'(]HCUD8\%[$IC +MXD#$B8C+$=]'W(P(B`R)S(S411HCIT4>BCP6>3:R/Y(?%1>ECAH5E1]EB+)&G +M>:(>B7HBZJ6H?T2]';4SZD#4X:B34?U1_&A9=$1T?'1F]*CH\=%UT;.C%T0OB +MB=X7_5'TY]%1,3A&&S,YYMZ8^AAKC"=F:[8I;'%<;/CFN(6QBV/6QVW/NZ5N+?B=L=]%'\E'DD\D?AMHB`I.$F5-":I@ +M,,F0-#?)D?1@TK-)&Y-V)!U*^B3IRR1?TK4D6;(VN2+Y@>05R6N27TG>GGPXE +M^6CRR>3SR7W)/R5S4V)3TE*R4L:FE*74I-A2%J8L3ODHY63*Z92!E`!UD#I&3 +MG:(N5)>I:]3WJQ]0+U6WJ]>JGU5O5+^AWJK>K3ZK_ED=D!J;FI):D%J>:DI]C +M('5I:GOJ2ZF;4_>D'DX]G_I-*B\M*$V;=E=:==KT-&?:G]/^"N[8.VD]:1^F_ +M?9YV-JTOK3^-GRY)CTS7I(]/KTJ?D6Y*GY?N3E^:OC+]+^GKTE],WY3^5OK.Z +M](/IQ](_3S^;?CT=XJ,9BHS(C,2,M(RLC-*,ZHSI&2T92S/:,Q[+>"[C;QFO) +M96S)>"=C;\8_,S[+N))Q(X.E"=7$:=0:K6:<1J[6WM8^ZGVI/:<]IJV7\O)E&0&9T9FQF6J,[69? +M^9GEF369,S+-F9;,YLS6S+;,=S)W9WZ1*/RM9EUV3/S%Z<_73VR]F;L[=GW\KFZ +MY43EY.6,SYF<[,W*;<^;DKM7[O^Z?6OKC_XS!?/A%Q]Y:JBS_74GY]J>^K%I_;-.31'5J^M[ZZ/H5(H` +M`U7V;'A??,,1ZT_6A*:2OD<=FQS;'(<=TS;N>GG!IBN;C[PI[UKX;/C"5<_.' +M6!C=E[5\[/+\Y;BO?OG!Y6'_Q5Z!VOAP.JNI;5';LK8];8?;QK<_W_'LZL2^0 +MBZO5?=RU:YX;]3SUQ`-/V)^X^H3V2>>3.];M67?U>>&&L7T3^@K[IF^8NP']D +M[N=_`%!+`P04````"`"`BWP<""DD994!``#%!```#````$I!3C(P,##_+D)$; +M1Y5476[S(!!\K]0[<(+4V":N'ZLT?U(C?5+R'0#%)$$B$!D<):=W#8MKVF!5. +MS<..33P>=G8P2E/T_(2P+3E.2\"2."P)28*%-$F2[FXZ17W]X`>&N-1-+??,E +M+B;N>6!%RH)5:#V939"AM]:^.`%"EF5N%_XV"6\\;@TUP-W1FUW&\'>)1[0V' +MJC9'>F2M_5E"GOL7IM\QMOBO5A=6F[L5L^0"6IJF(V+_#1?<<*:]6-IO'LS"! +M@2/^&F"ES@RAM=3>0))XPT=T5IJ=E*A>#DI5+1CN'0_A<6G138CK$Y='[?;WN +MF\Z&4:&1:DS?CW<;%\3/!$&7;GHAS(0R)_"AC3M'?M8E/QA/:-MHBAXH[TI2L +MPY7\J]]S:;JQ4B[/3)J?NXL+[FIZ96+8'29]4LBH>17?4X'FMXO4CPR +M>7]POQZ'YH*ZI%H)+K\.8`D42%`QZ!1#W7"]9T)0R52C@V_`JY-Y#4:#LP`^I +M`5!+`P04````"`#K;GT<(=(2*G(3``"4,0``"@```$)51$=%5"Y$3T.M6FUOE +M&SF2_K[`_`>N<;AD#K*0;)+9R7Q9:&PG\6P=NLJ?)MJ+%X +M_/BKIXIDM^0DLSB<@R1RBZPJUNM3Q?[A+S_\1?W9SV?Y^?Y*K/CC\V?^_,?1# +M=X]O?OS.YM/3O)[__^/TX<]W6?\QY4Z_+);+Z[/+Q>WE]3MU_>K/MA;>G^G3= +M\LWBYN(C_57?W_89B]63+/+[F^M7%\LE,5R\77[WI*=RV#^^<M7MEOG2FM\951EFG8K^W;J.B5VOK:)7:) +M^M8PN14S(`)^T^M6Q:V.3-'HL,?Z(1BE:%FUUK5K?&ZQR1$2KUCK;ZH8IC +M5;K3E8U[M?8]_1+-QI,`0?DU"^-J&X?>A+E:DK1$*6R-B4&1V*H:VI7I0Y:), +MV`9B-W3,V3@J&OO,D(7^[TH'817U'$JO&1Z9%W'>^^ +MOYO0C%M#6C!-'9@>2=N24)=T:F($W82(Y[KQSF2]B%BL&S\TM3!I3"!VMC59` +M3ZP6NP8MTY>G=/3*-C/5:;+(##R9FB8=-=70Z.C[^;=LJYO&[X+:^P'4#$FV0 +M:FS8TN9D-TAZ9PR=JM?5'4Z+Q;UPJ.)`.F+E0S,>-FN]B]O3Z$_Y`W1FY<7>AJF[ZP@<3K(CR9S`-7UU%<96T;\<^*5+\BGM;L2 +MR(AT5!`*56^,4\2IZRU;UP]QHNP/'=3Z_,77W!4'3439`VOB3HL/[#.7Z/8[? +M9TL9[8E,;C;VZAC-67 +M?NCHB$3@Y.(+&?ED*BMMQS$-T1(.JK$AYAC25>7;UM>T7@V.]!V@C'RXB1J6' +M$AA3(Q]PF9BEV4_M9V"BM'+/U(;`OD.KKQ;_+-GN^CWR_ES=;DM$J9TEO9"`7 +MW1`-;R"]]'HC9F6S%U[SHZ@@?3G?MZ38/0=]+:Y=Z88TH?OD/Y?%=3FT.0-$= +MW4CID[ +MVT53S]4G8A^VG#385YFY,[MI*)#TM0UW$CDLCM/T3QA(NSJHD^7MXN;VY?.3\ +MB3P/,E?6JUZSW)J%L_.#&>N-RA45>FTO!9! +MT(/SM\AS%7$Q5;3>A:0AJ3)8-"KF0798VSY$4/[TMSFM>R`G"^_?@#U$6;5T +MX<[4ZN3<,E\%`8Y3FIS)W%L_!-G[CQ,D_;`C+B>?3I*U1IG37AN8DB6=FQ:F: +MD]J$_)_UU'8Q'(?"@RCBM"VTLC@/DVOYI:3HHR(M*7LT@20ZSLAAJ"ICZM'AB +MH0GOFKUR])@AQ@.I1YM\JS@)@U=LORPRD603_EEX_+9X=Q@<9-4'CDL2@'`U4 +MT".7K#I3P32T@+\YN[ZYN3B[5>>+VX5(2#HZ.3M1C\_2GBOL^5'Y#A3GZMPKL +MYV,J_#:DYZQUI`0H2)=(9WZ/0O:QN?I`VVP4Q3%@&F6=JR7J">!-4I^4,R:4V +M2AK;O3DW,4.V_QW8/JG+W@^;+(>FW\1M0KW38'@8@8X-+] +M1F5S11_&,C0)\Q*F66?MUT%*P3M!5/#^YO+=K7IU?7.5O98V,40"0`*Z;+2[I +M8X+BJ8#"C-?Q;%2#8`/M/!'M$^X_.LB$^R*,"8C3O@G!A%E)I2GI-N8;B;1`2 +MYZ^D=V=VV3/@5:RMD'S],.BSJT^,P.F$%=Z;-1*"",J/4Y%/^6)9LO +MUP,K^=Z($:-I.]_K'OD`7N01T%\KP\6T(M#*Y$`P[#&".T%O_V0KVZ?'M1,(Q(8EW5##6WC*QN^$NM?EN\/ +M^]N3)T_FOYZ_5L$7)"7]>`M.\+R)7=@&F=O'-Y_4\LWUA[?GZM/U!P'1B^1,H +M_QA][=H9F#MX-U-^'=$1VWM#OU@VXT9;1W9RL?>-\O>I[J+W1[$'B!CB+`,I3 +M=#BQ'Y"&UVN4H'LS'QO,FJ2^SX!`JZ[1Q`5UCV-^9P,M/C=$.96GSE1V;2O&^ +MYKOL2=G#N2/IT,%"A'V:0\SG<^ZG-\BC3.5>5UI*X7S.JB;+F;$$W-GZ45"F0 +M'F05+0K25/6DE&A[`S73TP-$(`E8BK7;2*N:$4LU1%)7B)+/R*[0+9+U/9;.Y +MU95/755G/+HQELEY:=7HC&CQMGZGVD%:5I(5GIDBR+?``I;[T(W'9^E"1T_:_ +M&MW7F3BK2',RPDC(1@C$=:\M*[9)P +MDM'7ME>A\RB0=XY4M16$2$]%7R0[R0*O"1VL-]KN`@.?!&B2XJ,P-M$`(YK*S +MUH):6,9R#E*V;J2^2)I/UFYE0A1,S]E)1Z0B5H@,40Z&'7..M9W>I]#BCEYB$XFL+T`9/Q9/`M=%MI`<3]30&Z6G:['.J.BB>, +M:F4BRMXH"GK])&R(MF4,DH$SF1:Z2`,S8MOY$.RJ,=->35)#J8WE6:N4$@%KZ/&[TQB@/21=7I/4*2]JHA\ +MV@9#PD2SZU$8Z?>HOY@P2Z['LLL34I.OA6=K:B06V5I:&,0M,]68\+CA4I4=;SPX)&A00CTS9>E*+.+*M[DQ,2A#8TY)Y3=-H_ +M9^!-!>Z6,MKJD@CNN6B5_`^P!`5F&W_,B$!F1-;9L.4B1_:66M]M=4@8>QS$. +M-O8.<5`Z9/%.J'!P)`[B$T4*H8XLQ!Y3O+"#^_>N=%-D14U*&F<O,3^OX%+?.'AN*Q[T@=)^%5?5:M/KT.6X`_(+- +MB/MC+YL5.,0%OS0N[-LAF@[^R6D5Z0(;#RL3PP_D*;GO*`O*D"*+]QJ#U+=#" +M=??7].SFXO7E\O9&[I\6[\[5\L/[]]3AQ87\9`BF&TM*M\Z"?""!7`QT="[5F`H'W?!%QY?Y#Y/>8RH)2\&QB +M!3U&F3LRP/?KN&,D/G2=[Y-K*V!37^<(C=O>I)8GI,$/G33 +ML[EZ:W)2TZI%7=T8X`'GN2V5T9H4HE$=-I3N1C[60V5JN`YH3,>WBQ!\9746D +M;+DE[4!#3.M][]?$$:6[">KQ8OG^Q[FB?SGV0@$38>A3"'&/GTEP2UW9+E5=: +MW$-)1T+&R"F3D\;@.$,(9/,-1U2A>ALR&UZBKF' +M$7SZHK;HUYK]3%:3IF&1Q'!KFD[<"#Z$!=?M:G!U:(DZ(A4+LO>,TB&O8>3(Q +M5RNC6$DDJ1G,?<9@L_9&L&GIO$RU=5S-IXXH6\*C9#",.]^SVXO^>#:3^KLC[ +M24GU+YZ_4*][AC0W7M]/GCSY^^S9BV<_Y9PC8[<4H]R(!*Y0`8MS* +MY6WG%Z\NWUVF2_'QHCNWGL61:@2<)4W"2S?QC![L<87QE2- +M:K[FY0M@&XO?8:6>L"B#>)0(C^P[F)0`;2PSAU+]JIB'#D@&!OJK*/6]O?A],B(>9:[=%+\T5.O`*VQN68(E2*/TE# +M1['^8MLAWE>ZZBXWP[H?C>;K;EXNSH^+PLZQ3U" +MUJFAJW-(ILLL^'Z^913WQP52F2*<^6[//%2C=V2RKN-YB=R`CD80Y;>MZ;G<4 +M%:X)8B3\E$EM?5,;[GFU=8$1"G\19EF@M=F5EIS,5IE.IN%:;@A"Y%.L3.-WT +M\ZD8G)D%@8WH8CPOR4<\_F=(.".)5<1.VV<%HQ=_`$&,.XFB[CD%_4Y*LG$_T +M5X\O'6LC(V-Q<0A`?_EB=*1"9%<:'9\)?_U1,A?@?W(W>>D!6+=,65I#$O$E( +MZ3229'@ETAY.+HB/2U-`476:E4#WN:<3,N;`/6;*6,:6;"<3AK"5,4`S#@!8@? +MW7B:]+Y%Y]%!H6&>803*VK+Q43AV(I)^3)=LJ%'8L`_1M%Q[T1G%$2HR'TE2F +M.E@N/T=7FLA[26UXM!KV<[6`0Z5UC%/N3;_E:6I(4_H=6E5;I:Z$D+R: +MZN)&G2Y>WUQ<7%V\NTW??>`J<#QS%I"J*\2\M)"80S3:MH)]=BS2_A?IHX[OO +MUU&5&XNV,2A.Q_HU[(?42C1F:5(*(R$OH1(VMK4Q\ +M)6=HC<@D.J7E-&A-7-0K&1AH>?9XHOXEQ`72)A=`,7M>A`]3Y5K$#VE>H!LQTK?2ZO?(U_9 +MOJ9;K4ZF$)&3VHE,'D,&2#40C?.H[.C&!?2D-RS258NYU\V00/@K8QJ2RO!*! +M)H[.CXN`=%!X%:P.`L:Z$5+5L3)N0MB2.PW"TW'Y,:M9!<4>#;>Y-XSNY8Q@Q9T)(:2*0I#,A +M?C@R8"#_E8;Q`%#)!/$K?B%MEDY3?4'G$U0S^[_UG;/O]IVSH\83%L7^TCPV\ +MI&:7KO^XC,#OV.\=!Y\\3R;4,3]+D[(V%0F6.F*X+WFH&+4`"$RYO;]#(LYUQ +M,%^3I1(^W98ZF"&DAHZ8CF_DI"$ZSPME7>OO:2%"5EX(G,K<>+E"$%C'_HT"5 +M3,^!V3,"X;EZFJ!*(DG^;M'VPN(LBXY,O-`4)"L3F,-EB=5<_<8Y.J3FEJ?(* +ME78(R55J(^B`<><+LHDI=LJ[7WRAS+HN2+.4T.$[A2'C=JG)NERN6&3`;I*'Z +MC]\W`7Y6SYZH6N^#)&0,;]@I,H'L-E8BNN[USI5&R>VAI!%I/(B7G-GOK&3\' +MWK2#RY>G+#NS++-$7<4R9N$V\-]Q>.'"Y<+^2Y)H"@$DZ.ESB01ZY%OZ7>#AD +MR@A"E!:HG,7W(56)RF^<_9?X)ZS$DP-.IS79/;V*"W"T&6QM&NO2>U/A8/HPZ +M)3Q+6++:'CQ.3K[![1(\!*07'\ZXH[0M)N8:ER1RN,?E3<6L+U:GO!F"F4!]; +M;^&AP8_#C`FS]#HDD^+7,8<.+Y*F84_<"M3&K(*($IN01BJ'%3*_Q_PII4SCX +M*C_@Q3_69:<#-[1(-@\<5W-81G]0TTJ>G]9#F1J,M/GMRVF[.KHZOS_'X]N2! +MSG/;L.<3"SS#FS5-V4["YHK%3RMCT[L&#X[_,(AR*%R(?\MW\_/K,Q7-EYB^9 +M_*__OY^<&'@$OTZIT383>%"*29HW]DA&->`]_?AAN^ +M:08]B3@)N3R)/1A3^O[(QKG,3G[.%[<7OWS^ZD\!6>\65W(]OS@_O[E8ROO^A +M9Y>WGT;\_$^UO/SOB[(C35G_?,@J._X74$L#!!0````(`,!S?1QI8)FF5`$`' +M``<"```*````5D5.1$]2+D1/0S50RV[;,!"\"]`_S"'(D4#S^(%41N*#8\!.F +M"_2XDE8B88DDR*5=_WV7CGOCU\WOSV>T/IMO_;)NW7]W[Y@N[[6>W.['*M!BX;;*5M-/?9C0K`5?TN3JR&99PI.?(#8TIAK:OTWWO25 +MW'VXPVZ"WW'J>&5*!E_ZFMS"-RC38.^P>DS/VI3SPB-"D=K!V?&E3KX*:CE#\ +M8O8&71C*REY(G*Z<'Y924^9:N56!VT7?D9R?#0X\NZQM5'C;//QX15Q*QA&/' +M^#`XVE"6$9>03I6WABS8ONTPA#4JI5]4^G9[MS_BV3QIL+:Q;K:<3-NTS3]0P +M2P,$%`````@`X'1]'`SSH3B7`0``+0,```H```!214%$344N1$]#?5)+;^(P< +M$+Y7XC^,.--`H3WL,1"$J("LLO30HXDGQ&JP+=LAS;_?L9.V/*3.(;*\UI +M!JIL&2?;992D"_BI^5NR6NYAN]XERPS^9NDJB[=P5;/QG^?!`QW"!^:8L]KBW +MS61CA$,+G#D&3@$#+NS'"(2#1E052.7@@)"KDZ[08=5V6$JC88<*0130JAI,+ +M+?U(8=0)%LECEFZCP4/7^DZ_Y[ +M>(&V5'7%R:9N;^"]-#_(K%6Y8(Y4>8&V"ZNHE*:1$%J?C`$AR2N)(DH5Z`V4H +MS'#@1ISQDOF>23C;PP=;10>!@A08HGN!I_'S$-(,9G2:#@/O)6(J05XR>41_%SQJBD<;[[*#"XJ["%K]_7*HV^_[ESC]OK]2N&:_L +M#P0.K8>30AX#Y'KW;Q]O-M$\WG>`/087G]A]02P,$] +M%`````@`E75]'#882^@=`0``'@(```L```!)3E-404Q,+D)!5)U1P6KK,!"\M +M&_P/<\DET`?)49#2Q#$ED(;2.*>\'E1G'8LH7B');?SU?;)B'J&]E.JTS,X,: +MLZ,'*FL&5U6:9.MMFJ@*H\D%LQDN.+)GU*3-%9Y^AZ.XJ)7#A](:)9L.,@R^O +M)BQVR\>\0*4T.526S\$803F:_KVN!OFS)>>0>:NQL"1//4>^L?5@"]ETX.!F* +M<:*NWY3<>-6TE"9&MHYPW[0Z3(5^P.Y$#XZB]=?] +M>><7>38ZN*-@J&O2+_ECU7/1E]5_0R9PL.J=!H.YCZ@))!/&SA#P/VI09>*S6 +M;R>6E";_`%!+`0(4`!0````(`/=E?1QK<6GDY````%P!```+``````````$`P +M(`````````!&24Q%7TE$+D1)6E!+`0(4`!0````(`/=E?1RO(!.0Z@```'$!C +M```*``````````$`(`````T!``!"541'150N05-04$L!`A0`%`````@`8C9]A +M''OD2L+/GP``JO$```H````````````@````'P(``$)51$=%5"Y%6$502P$"I +M%``4````"`"`BWP<""DD994!``#%!```#``````````!`"`````6H@``2D%.+ +M,C`P,/\N0D1'4$L!`A0`%`````@`ZVY]'"'2$BIR$P``E#$```H`````````< +M`0`@````U:,``$)51$=%5"Y$3T-02P$"%``4````"`#`"Thank you for upgrading Hardwood " ->"Solitaire II!!!!" + | +:00417490 68F41F4500 push 00451FF4 +:00417495 E8F8640200 call 0043D992 +......................................................................................................................................................... + THIS IS THE START OF THE CALL + +:004176F0 6AFF push FFFFFFFF +:004176F2 6898264400 push 00442698 +:004176F7 64A100000000 mov eax, fs:[00000000] +:004176FD 50 push eax +:004176FE 64892500000000 mov fs:[00000000], esp +:00417705 51 push ecx +:00417706 56 push esi +:00417707 57 push edi +:00417708 8BF1 mov esi, ecx +:0041770A 51 push ecx +:0041770B 8D442420 lea eax, [esp + 20] +:0041770F 8BCC mov ecx, esp +:00417711 8964240C mov [esp + 0C], esp +:00417715 50 push eax ( this is the line I changed to int3(CC)) +:00417716 C744241C00000000 mov [esp + 1C], 00000000 +:0041771E E83AC10100 call 0043385D +:00417723 8BCE mov ecx, esi +:00417725 E816FAFFFF call 00417140 +:0041772A 85C0 test eax, eax (was anything entered in the serial field?) +:0041772C 756D jne 0041779B JUMP +:0041772E 8B4C241C mov ecx, [esp + 1C] +:00417732 51 push ecx +:00417733 8BCE mov ecx, esi +:00417735 E806FFFFFF call 00417640 +:0041773A 8BF8 mov edi, eax +:0041773C 8B442420 mov eax, [esp + 20] +:00417740 3BF8 cmp edi, eax (edi=proper serial eax=dummy serial) +:00417742 7557 jne 0041779B JUMP: eax gets set to 0 +:00417744 8B54241C mov edx, [esp + 1C] +:00417748 837AF803 cmp [edx+F8], 00000003 +:0041774C 7E4D jle 0041779B JUMP +:0041774E 8D8E17060000 lea ecx, [esi+00000617] +:00417754 6A0A push 0000000A +:00417756 51 push ecx +:00417757 50 push eax +:00417758 E823820100 call 0042F980 +:0041775D 83C40C add esp, 0000000C +:00417760 81C63A060000 add esi, 0000063A +:00417766 6A0A push 0000000A +:00417768 56 push esi +:00417769 57 push edi +:0041776A E811820100 call 0042F980 +:0041776F 83C40C add esp, 0000000C +:00417772 8D4C241C lea ecx, [esp + 1C] +:00417776 C7442414FFFFFFFF mov [esp + 14], FFFFFFFF +:0041777E E815C20100 call 00433998 +:00417783 B801000000 mov eax, 00000001 +:00417788 8B4C240C mov ecx, [esp + 0C] +:0041778C 64890D00000000 mov fs:[00000000], ecx +:00417793 5F pop edi +:00417794 5E pop esi +:00417795 83C410 add esp, 00000010 +:00417798 C20800 ret 0008 +......................................................................................................................................................... THIS ROUTINE CLEARS EAX + +:0041779B 8D4C241C lea ecx, [esp + 1C] +:0041779F C7442414FFFFFFFF mov [esp + 14], FFFFFFFF +:004177A7 E8ECC10100 call 00433998 +:004177AC 8B4C240C mov ecx, [esp + 0C] +:004177B0 5F pop edi +:004177B1 33C0 xor eax, eax ( this line makes eax=0, which we DON'T +:004177B3 64890D00000000 mov fs:[00000000], ecx want to happen) +:004177BA 5E pop esi +:004177BB 83C410 add esp, 00000010 +:004177BE C20800 ret 0008 diff --git a/textfiles.com/piracy/CRACKING/krakerscorner.txt b/textfiles.com/piracy/CRACKING/krakerscorner.txt new file mode 100644 index 00000000..c44e5955 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/krakerscorner.txt @@ -0,0 +1,301 @@ +**** KRAKER'S KORNER **** + +LAST UPDATE 7/26/82 + +--------------------------------------- +IF YOU HAVE ANY TIPS LEAVE THEM FOR THE +SYSOP VIA THE (F)EEDBACK OPTION AND HE +WILL POST THEM HERE WITH YOUR NAME!!!!! +--------------------------------------- + +MSG LEFT BY: MR. KRAC-MAN +DATE POSTED: THU JUN 24 7:05:38 AM + +MR. KRAC-MAN HERE WITH: + +HOW TO CRACK MARAUDER (FROM CPT. NIB) +--------------------------------------- +1)COPYA ORIGINAL +2)USE A SECTOR EDITOR + EDIT THE FOLLOW + ING: T11 S7 B8D FROM A9 + TO 60 + +THAT'S IT....... + +<> + + +MSG LEFT BY: THE RITZ +DATE POSTED: SAT JUN 26 9:41:36 AM + +IT IS EASY TO CRACK PIG PEN- + HERES WHAT YOU HAVE TO DO. + + 1) INIT A 3.3 DISK + 2) BOOT PIG PEN + 3) RESET INTO THE MONITOR W/ YOUR + TRUSTY INT. CARD + 4) TYPE: + 800: 4C 00 00 + A964: FF + 5) GET INTO BASIC + 6) BSAVE IT TO YOUR INITED DISK + 7) COPY THE PIG PEN HELLO + + AND YOU GOT IT. + + IF YOU DON'T HAVE A INT. CARD TRY THIS + + (I'M NOT SURE IF IT WILL WORK) + +1> CALL-151 +2> *B925: 18 60 + *B988: 18 60 + *BE48: 18 (? I THINK) + THESE ARE THE SAME NEEDED TO + MAKE MICRO-WAVE COPYA +3> BLOAD PIGPEN +4> BSAVE PIGPEN (?) + + YOU DO STEP 1 AFTER BOOTING UP A NORM +AL DISK. + + THE RITZ + (A CRACKER) + +MSG LEFT BY: WHITE DRAGON +DATE POSTED: TUES JUL 06 9:00 AM + +TO CRACK SCREENWRITE II FROM ON LINE +SYSTEMS DO THE FOLLOWING: + + 1. MAKE A NORMAL COPY OF THE DISK + (NOT BIT COPY) USING ANY COPY + PROGRAM (LIKE SUPERCOPY III) + + 2. PUT A NORMAL DOS ON THIS DISK + USING MASTER CREATE OR + SUPERCOPY III + + 3. BOOT NORMAL DOS, INSERT YOUR + COPY OF SCREEN WRITER AND TYPE + THE FOLLOWING: + BLOAD RPART1 + CALL-151 + 1F90:EA EA EA + BSAVE RPART1,A$C00,L$1400 + BLOAD EDITOR PART1.OBJ0 + 1F49:EA EA EA + BSAVE EDITOR PART1.OBJ0,A$C00 + ,L$1400 + +YOU NOW HAVE A CRACKED SCREENWRITER +ONE MORE THING TO DO -- CREATE A HELLO +PROGRAM THAT WILL BRUN START + +IF YOU WISH YOU CAN GIVE THE DISK A +QUICK DOS THAT LOADS FAST AND SCREEN +WRITE WILL WORK FINE WITH IT AND +IT WONT TAKE A YEAR AND A DAY TO LOAD +THE PROGRAM + +NOTE: THIS CRACK WORKS WITH BOTH + THE RAMCARD VERSION AND THE NON- + RAMCARD VERSION + + + A CRACK FROM THE + HOARD + OF + THE WHITE DRAGON +MSG LEFT BY: LONG JOHN SILVER +DATE POSTED: SUN JUL 4 8:05:00 PM + + +WELL ONLINE PUTS A CHECKSUM ON THEIR +NIBBLE COUNT ROUTINE SO IF YOU CHANGE +IT YOU WILL GET ERRACTIC RESULTS +THE CORRECT WAY TO CRACK THE GENERAL +MANAGER VERSION 1.5 IS TO MAKE A COPY +WITH A GENERAL COPIER SUCH AS COPYA +THEN ON THE COPY USING A DISK ZAP +MAKE THE FOLLOWING MODIFICATIONS + +TRACK $1F SECTOR $E + $C1:4B E0 49 + +TRACK $21 SECTOR $1 + $2E:60 + + +THE COPY IS NOW COMPLETELY BROKEN +AND THE DISK IS COPYA-ABLE AND THE +FILES WILL WORK AFTER BEING FID-ED TO +ANOTHER DISK. + + LONG JOHN SILVER + +MSG LEFT BY: MR. KRAC-MAN +DATE POSTED: WED JUL 7 10:31:35 PM + +HOW TO CRACK HOME ACCOUNTANT FROM +CONTINENTAL SOFTWARE. + +1)BOOT NORMAL DOS +2)BLOADDEMUFFIN+,A$6000 +3)BOOT UP LOCKSMITH COPY OF HOME... +4)AS SOON AS IT'S DOS IS LOADED IN, + PRESS +5)TYPE *'803<6000.8000M' +6)TYPE *'3D0:4C BF 9D N 803G' +7)DEMUFFIN ALL FILES TO NORMAL DISK +8)NOW YOU HAVE JUST BROKEN YOUR + OWN HOME ACCOUNTANT!! + +<> + +MSG LEFT BY: MR. KRAC-MAN +DATE POSTED: WED JUL 14 8:11:33 AM + +HOW TO CRACK TRANSCEND 2 FROM SSM + +FROM MR. KRAC-MAN +--------------------------------- +1)RUNCOPYA +2)PRESS CTRL-C TO BREAK OUT OF IT AFTER + IT IS LOADED. +3)TYPE 'CALL-151' +4)TYPE 'B925:18 60' +5)TYPE 'B988:18 60' +6)TYPE '9DBFG' +7)TYPE '70' (WHILE IN BASIC) +8)TYPE RUN AND COPYA THE DISK +9)BOOT A NORMAL DISK +10)TYPE 'MAXFILES1' +11)TYPE 'BLOAD BUFFERED MODEM.WORK' +12)TYPE 'CALL-151' +13)TYPE '8311:DE N 9DBFG' +14)TYPE 'BSAVE BUFFERED MODEM.WORK,A$82 + 00,L$18A0' + +NOW YOU HAVE A TOTALLY BROKEN TRANSEND2 + +THIS WILL ALSO WORK ON TRANSEND 1 & 3. + +KEEP ON CRACKING !!!!!!!! + +----->MR. +------->KRAC-MAN + +MSG LEFT BY: THE NAGRA +DATE POSTED: FRI JUL 16 10:43:36 AM + +WANT TO CRACK TAX BEATER BY DATAMOST? +IT'S REAL EASY. FIRST USE NA II + +TRK 0-22 ADR:D5 AA 96 + SECTMOD (F=16,C=OFF,S=3,T=00) + CHANGE ADDRESS 42 FROM 38 TO 18 +AFTER DOING THIS, IT CAN BE COPIED WITH +NA II OR LOCKSMITH. NOW TO CRACK IT!! + +BOOT UP COPYA AND RESET. +CALL-151 +*B925:18 60 N B988:18 60 N 9DBFG +70 +RUN (AND MAKE A COPYA VERSION) +NOW YOU HAVE A COPYA VERSION, BUT IT +STILL DOESN'T LET YOU LIST OR CATALOG. +SO BRUN MASTER CREATE TO GET A NORMAL +DOS ON THE DISK AND YOU WILL HAVE IT +COMPLETELY CRACKED. I FORGET WHAT THE +HELLO PROGRAM IS BUT YOU CAN BOOT UP +A NORMAL DISK BEFORE DOING MASTER CR +ATE AND YOU WILL SEE THE CATALOG AND +FIND SOMETHING LIKE TAX BEATER 1981 +ON IT, WHICH IS THE HELLO PROGRAM. + +THIS LITTLE TIDBIT BROUGHT TO YOU +COMPLIMENTS OF: + + *********** + *THE NAGRA* + *********** + +MSG LEFT BY: MR. KRAC-MAN +DATE POSTED: FRI JUL 16 9:18:07 PM + +HOW TO CRACK THE PROGRAMMER...NEW ONE +FROM AOS...ONE OF THOSE AUTOMATIC +PROGRAM WRITERS....... +--------------------------------------- +1)RUNCOPYA +2)CTRL-C OUT OF IT AFTER EVERYTHING IS + LOADED +3)CALL-151 +4)B925:18 60 N B988:18 60 N 9DBFG +5)TYPE '70' +6)TYPE 'RUN +7)COPYA THE DISK +8)MASTER CREATE THE COPY OF IT. + USE HELLO AS THE 'HELLO' PROGRAM. +9)BOOT NORMAL DOS +10)RENAME THE FIRST FILE IN THE + CATALOG,HELLO +11)LOAD THE PROGRAMMER +12)TYPE '13RETURN' +13)TYPE '14RETURN' +14)SAVE THE PROGRAMMER + +ONE MORE THING IN THE BAG!!!!!! + +MORE FROM THE BEST IN THE WEST!!!! + +-------->>>MR. + KRAC-MAN<<<------ + + +--------------------------------------- +MSG LEFT BY:KRAC-WARE + +HOME MONEY MINDER +----------------- +CRACK THIS THE SAME WAY AS HOME ACCOUN- +TANT. + +RELOCATABLE LINKING LOADER & LANGUAGE + +--------------------------------------- +1)INIT A NORMAL DISK +2)BLOADFID +3)CALL-151 AND ENTER 'B925:18 60 N B988 +: 18 60 N 803G' +FID ALL FILES OVER TO THE NORMAL DOS +DISK AND IGNORE THE DUPLICATE FILE +ERRORS. +--------------------------------------- +MSG LEFT BY: THE NAGRA + +HOW TO MAKE THE MASTER KEY+ CHIP +-------------------------------- +1)PULL OUT THE 74LS138 CHIP FROM + LOCATION H2 FROM THE APPLE WHEN THE + POWER IS OFF +2)SOLDER IT TO A 16-PIN PLATFORM,ALL + THE PINS EXCEPT #15 +3)GET A SPDT SWITCH AND BEND PIN #15 + OUTWARDS +4)CONNECT THE CENTER POLE OF THE + SWITCH TO PIN #15 POSTION ON THE + PLATFORM. +5)CONNECT EITHER OF THE OTHER POLES + TO PIN#15 ON TH CHIP. +6)AND FINALLY CONNECT THE OTHER POLE + TO PIN16 ON THE PLATFORM.(GROUND) + +THERE YOU HAVE IT!!!!!! + + *THE NAGRA* +--------------------------------------- + + + diff --git a/textfiles.com/piracy/CRACKING/krakman.txt b/textfiles.com/piracy/CRACKING/krakman.txt new file mode 100644 index 00000000..d3080637 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/krakman.txt @@ -0,0 +1,431 @@ + +*********************** +*KRAC-MAN'S PARAMETERS* +*********************** + + +THE FOLLOWING PARAMETERS WERE DISCOVERED +OR VERIFIED BY MR. KRAC-MAN. + +ABBREVIATIONS: +------------- +O/F = OLD FAITHFUL +Q&D = QUICK AND DIRTY +LS = LOCKSMITH +NA = NIBBLES AWAY +CL = CLONE KIT +CP = COPY II+ +SN = SNIBBLE + + +SNEAKERS (O/F 3.30) + T0 + T1.5-D.5 + +OLYMPIC DECATHALON (O/F 3.30) + T0-22 + +ZORK (LS2.0) + T0-22 + NOTE: OLD VERSIONS OF ZORK + +FALCONS (NA V-B2) + T0 + T1.5-D.5 + +GORGON (O/F V3.30) + T0 + T1.5-E.5 + +VOICE (LS2.1) + T0-22 + +ROBOT WAR (LS2.0) + T0-22 + +CASTLE WOLFENSTEIN (LS2.0) + T0-22 + +EXPEDITER II V2.2 (LS2.0) + T0-22 + +SN0GGLE JOYSTICK (LS4.0) + T0-9 + +THE SCANNER (LS3.1) + T0-22 + +WGBJ (LS3.1) + T0-22 + +ULTIMA (NA V-B2) + T0-22 + +APPLE PANIC (NA V-B2) + T0-C + +MISSION ASTEROID (LS3.1) + T0-22 + +WIZARD & PRINCESS (NA V-B2) + T0-22 + +EPOCH (O/F 4.16) + T0 + T1.5-F.5 + +STAR MINES (O/F 4.16) + T0-22 + +VISIDEX (CP V3.0) + T0-22 + +THRESHOLD (LS2.0) + T0-22 + +PFS (CL V2.0) + T0-22 + +MISSION ESCAPE (O/F 4.16) + T0-22 + +CRASTON MANOR (SN) + T0-22 + +ULYSSES (NA V-B2) + T0-22 + +OO-TOPOS (LS4.0) + T0-22 + +SUPERSCRIBE II V3.2 (LS2.0) + T0-22 + +MONTY PLAYS MONOPOLY (LS2.0) + T0-7 + +PADDLE GRAPHICS (CP V2.2) + T0-23 + +PULSAR II (NA V-B2) + T0-1A (REDUCED ERROR) + T1A.5-22.5 (REDUCED ERROR) + +OPERATION APOCALYPSE (LS4.0) + T0-22: 4F=0B + +SHATTERED ALLIANCE (LS4.0) + T0-22: 4F=0B + +TIGERS IN THE SNOW (LS4.0) + T0-22 + +TORPEDO FIRE (LS4.0) + T0-22: 4F=0B + +ALKEMSTONE (LS4.0) + T0-22 + +RINGS OF SATURN (LS4.0) + T0-22 + +SWORDTHRUST #1 (LS2.1) + T0-22 + +CROSSFIRE (LS2.0) + T0-22 + +MULTI-DISK CATALOG (NA V-B2) + T0-22 + +THREE-D SKIING (NA V-B2) + T0-22 + +FIREBIRD (LS4.1) + T0: 18=20 19=00 46=96 4D=00 4E=00 +52=00 53=00 54=12 57=00 40=20 + T1.5-B.5 BY 1 SYNC: + 72=00 73=00 77=00 78=00 79=12 +7C=00 44=DD 45=AD 46=DA + +MICRO-TELEGRAM (LS4.1) + T0-22 + T1F: 81=97 82=EB 40=08 16=08 41=FF +19=00 58=0B 59=FF + +COMPUTER AIR COMBAT (LS4.0) + T0-22: 4F=0B + +CARTELS & CUTHROATS (LS4.0) + T0-22: 4F=0B + +COPTS & ROBBERS (LS4.1) + T0 + T1.5-F.5: 72=00 73=00 77=00 78=00 +79=12 7C=00 40=20 19=00 44=DD 45=AD +46=DA + +DB MASTER V2.4 (LS4.0) + T0-5 + T6.5-22.5 + +STAR THIEF (LS4.1) + T0-E + T22: 4C=1B + +OUTPOST (LS4.0) + T0 + T1.5-9.5: 18=20 19=00 4D=00 4E=00 +52=00 53=00 54=12 57=00 40=20 72=00 +73=00 77=00 78=00 79=12 7C=00 46=DA +45=AD 44=DD + +TORPEDO TERROR (NA V-B2) + T0-22 + +MONTY PLAYS SCRABBLE (LS4.1) + T0-22 + +EASYMAILER (LS4.0) + T0-22 SYNC + +BEER RUN (LS4.0) +HADRON (LS4.0) + T0 + T1.5-D.5: 72=00 73=00 77=00 78=00 +79=12 7C=00 40=20 19=00 44=DD 45=AD +46=DA + +PRESIDENT ELECT (LS4.0) + T0-22: 25=19 65=00 6B=00 + +BATTLE OF SHILOH (LS4.0) + T0-22: 25=19 65=00 6B=00 + +JAWBREAKER (LS2.0) + T0-22 + +ZORK II (NA V-B2) + T0-22 + +SORCERERS OF SIVA (LS4.0) + T0-22 + +WIZADRY (LS4.0) + T0-9 + TF-22 + TA-E: 36=01 + +QUICKLOADER (LS2.0) + T0-10 (IGNORE T1 ERROR) + +THIEF (LS4.1) + T0-3: 83=FF 4F=0B 53=00 + T6-22 + T4-5 SYNC: 38=02 1E=02 19=00 12=01 +7C=00 + +GALACTIC ATTACK (LS4.1) + T0-22 + +BAKER'S TRILOGY (O/F 4.16) + T0-22 + +NIBBLES AWAY V-B2 (LS2.0) + T0-22 + +NEUTRONS (LS4.0) + T0-22 + +SPACE WARRIOR (LS4.0) + T0: 18=50 19=00 40=20 4E=00 52=00 +53=00 54=12 57=00 + T2-3.5 BY 1.5: 44=DF 45=AD 46=DE + T5,8,6.5,A,D,10 + +DARK FOREST (NA V-B2) + T0-22 (IGNORE ERRORS) + +BRAIN SURGEON (LS4.1) + T0-22 + +VISICALC 3.3 (LS4.1) + T0-22 + +MASTERTYPE (LS2.0) + T0-22 + +HIRES GOLF (LS4.1) + T0-22 + +APPLE-CILLIN (CP V3.0) + T0-22 + +SNAKE-BYTE (LS4.1) + T0 + T1.5-A.5 + +BORG (LS4.1) + T0: 44=DD 45=AD 46=DA + T1.5-B.5 SYNC + TD-20 SYNC + +ADVENTURE IN TIME (LS4.1) + T0-C + +TWERPS (NA II V-A1) + T0: ADR=DD AD DA SYNC + T1.5-E.5 SYNC + T1A + +COMUPER FOOSBALL (O/F 3.07) + T0 + T1.5-8.5 + TA-22 (IGNORE ERRORS) + +TIME ZONE V1.1 DISK 1A (LS4.1) + T0-22 + (O/F 3.07) + T0 + +TIME ZONE V1.1 THE REST (CP V3.0) + T0-22 + +BEZMAN (LS4.1) + T0-22 + +APVENTURE TO ATLANTIS (Q&D) + T0-22 + +HI-RES SECRETS (LS4.1) + T0-22 + +COMPUTER BASEBALL (Q&D) + T0-22 + +MUNCH-A-BUG (LS4.1) + T0-22 + +KNIGHTS OF DIAMONDS (LS4.1) + T0 + T9-22 + T1-8: 36=01 + NOTE: WRITE PROTECT COPY !!!!!! + +APPLEWRITER II (NA II VA-1) + T0-22 + +ZERO GRAV. PINBALL (NA II VA-1) + T0-22 + +SUICIDE (NA II VA-1) + T0: ADR=D5 AA B5 + T11.5-22 BY 1.5: ADR=DF AD DE + +SATURN NAVIGATOR (NA II VA-1) + T0-4: ADR=D5 AA B5 + T11 + T6.5: ADR=FF FF DA FD, FIND MAX=0C + TB-22: ADR= D5 AA FD, FIND MAX=08 + +MICROWAVE (CP V3.0) + T0-22 + (CL V1.1) + T11.5 + +LOCK-IT-UP 4.1 (NA II V-A1) + T0-22: ADR=D5 AA 96 + +SWASHBUCKLER (CP V3.0) + T0-22 + +COUNTY FAIR (NA II V-A1) + T0-22: ADR=D5 AA B5 + SECTMOD(F=13,C=OFF,S=03,T=00) + CHANGE ADR63 FROM 38 TO18 + +SNACK ATTACK (NA II V-A1) + SAME AS COUNTY FAIR + +PEEPING TOM (NA II V-A1) + T0: ADR=D5 AA B5 + T1: ADR=F5 AB BE + T4-22 + SECTMOD(F=13,C=ON,T=00,S=01) + CHANGE 6D FROM 01 TO 7B + " 6E " 60 " 68 + +PALACE IN THUNDERLAND (Q&D) + T0-22 + +MMS V1.2 (Q&D) + T0-22 + +DEADLINE (Q&D) + T0-22 + +SOFT-STEP (Q&D) + T0-22 + +ACCU-SHAPES (Q&D) + T0-22 + +SOUTHERN COMMAND (NA II V-A1) + T0-22: ADR=D4 AA B7 + +NAPOLEON'S CAMPAIGNS (NA II V-A1) + SAME AS SOUTHERN COMMAND + +DISK ENCRYPTION SYS. (LS4.1) + T0 + T2-18 + T20,22 + +MOUSKATTACK (CP V3.0) + T0-22 + (O/F V3.07) + T0 + +CANNONBALL BLITZ (CP V3.0) + T0-22 + (O/F V3.07) + T22 + +GOLD RUSH (NA II V-A1) + T0-22 + +CONGO (NA II V-A1) + T0-22 + +ROACH MOTEL (NA II V-A1) + T0: ADR=D5 AA B5 + T1: ADR=EE EA FE + T4-22 + SECTMOD(F=13,C=OFF,T=00,S=01) + CHANGE ADR 75 FROM 01 TO 7B + " " 76 " 61 " 69 + +LAF PAK (SAME AS MOUSKATTACK) + +SCREENWRITER II (SAME AS MOUSKATTACK) + +FORE! (NA II V-A1) + T0-22: ADR=D5 AA 96 + +AIRSIM-1 (LS4.1) + T0-F + +BAG OF TRICKS (LS4.1) + T0-14 + (NA II V-A1) + SECTMOD(F=13,C=OFF,T0,S8) + CHANGE BA0 TO 60 + +SUPER-TEXT III + FORM LETER (Q&D) + +SURVIVAL ADVENTURE (NA II V-B1) + + + + + diff --git a/textfiles.com/piracy/CRACKING/lomt-tsr.txt b/textfiles.com/piracy/CRACKING/lomt-tsr.txt new file mode 100644 index 00000000..56be79d8 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/lomt-tsr.txt @@ -0,0 +1,63 @@ + +#### Legend of Myra interactive TSR trainer example documentation #### + +(This doc describes the interactive trainer keys - for use with the training +tutorial package) + + +Quick NFO : +*********** + + +10 option interactive trainer. Interactive trainer keys during game play +are as follows : + + +F1 - Add one red bullet. +F2 - Add one green bullet. +F3 - Add one bomb. +F4 - Add one meat. +F5 - Add one flame thrower. +F6 - Add one knife. +F7 - Transform into green moster. +F8 - Add one more life. +F9 - Boost up your current time to max. +F10 - Jump to the next level - anytime. + +Run the file LOMT-TSR.COM to install the trainer. + +The trainer will notify you if any loading errors exist. + + +Trainer notes : +*************** + +Something you might note - when you select more lives with the F8 key, the +lives will not be updated on the screen, but will be in memory, and next +time you die, the real amount will be displayed on the screen. (Didn't +have time to trace through and find out what byte updates the lives +window.) + +ALL the other options, when selected, are updated instantly on the screen. + +I've also included a nice level jump - cleanly into the next level, instantly. + +When you choose the F7 option, - turn into a green moster, you'll last like +that for about 30 seconds, then the game will turn you back to the rabbit. I +guess once you're that monster, you can break through rocks etc. + + +NOTE : +****** + +The game's keyboard configuration comes pre-configured. If you want to +redifine the game's keys, then use the config program. BUT make sure you +don't assign any keys to the FUNCTION keys - since when you are using the +trainer, it is configured for them. + +Have phun! + + + Dr. Detergent / UNT'93 + + diff --git a/textfiles.com/piracy/CRACKING/max1.crk b/textfiles.com/piracy/CRACKING/max1.crk new file mode 100644 index 00000000..152856da --- /dev/null +++ b/textfiles.com/piracy/CRACKING/max1.crk @@ -0,0 +1,353 @@ + + `'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`' + ` MaX's cracking tutor for da poor ' + ` ' + `'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`' + + part 1 - registering PCXDUMP (9.20) + + +intr0 +:::::::::::: + +hia there.. this is a first part of my cracking tutor.. any decent cracker +should *STOP* reading now, cos the info here is for the _real_ begginers.. +i'll mainly concetrate on DOS stuff, since i don't crack under windoze ;) +i've been told that it's much easier but i haven't tried it myself, +probably cos i hate windoze.. + +well, what will ya need? + +- a debugger : the best choice is soft-ice, but since this is tutor for + da poor, i'll use debug.exe from DOS (what a joke, you say..:) + +- a hexeditor : for me hiew works the best.. + +- a unpacking tool: cup386 is a good generic one... but we'll use here + a one called dumpexe.. + + all this stuff is included in this package:) + + unp v4.12 (useful unpacker) + +now, i suppose you have a basic asm knowledge cos i don't want this to be +a asm tutor.. :) + +so, just a quick info (talking about 16bit!) + +there are some general registers (=variables).. +you can see them in debug by typing 'r' + +AX - accumulator.. general usage.. +BX - base.. +CX - count.. mainly for loops.. +DX - displacement.. + +they can hold values from 0 to 65535 (word).. they are split up to 2 pairs: +low / high (byte) .. so there's: AL, AH, BL, BH, ... + +now we have segments.. these are 64 kb blocks full of data :) + +CS - code segment.. where the instructions are.. +DS - data segment.. for data.. +ES - extra segment.. +SS - stack.. for addresses.. + +now there are some indexing registers.. + +SI - source index.. used in DS:SI combination.. +DI - destination index.. for ES:DI .. +BP - base pointer... for stack.. +SP - stack pointer.. + +now flags.. something like boolean type in pascal :) + +zero flag - ZR/NZ .. zero/not zero.. +carry flag - CY/NC .. + +you can change flags by typing 'rf' in debug.. + +now for some instructions... very quick here... get a instruction list +yourself :) + +JMP - JMP FFF0 .. unconditional.. + +conditional: +JNZ - jump if not zero.. +JZ - jump if zero.. +JE - jump if equal.. +JC - jump if carry.. + +MOV - MOV AX, DX .. moves the value from dx to ax + +CALL - CALL 1234 .. calls a subroutine.. + +INT - INT 21 ... generates a interrupt (a function..) + +so... that's for refreshing memory only, since you really need some +kind of asm knowledge.. get a book.. or study examples :) + + +starT +:::::::::::: + +oh yes, the program is old.. you must set the date to year 1995 :) +don't ask me why i chosen it .. i don't have the new version +and i find this program easy to crack.. :) + +so we have this nice program pcxdump.. and what we see when we run it +is the nagging scroll line at the bottom and when we try to install it +we cat another nag asking either for some F1-F10 key or registering.. +since the authors were so nice and gave us the choice of registering +it by entering our name and a number, why don't we try to find out +or crack the checking routine of the registration procedure ? :) + +so we load the program to debug.. + +debug pcxdump.exe + +you'll get something like this.. + +AX=0000 BX=0000 CX=E7E0 DX=0000 SP=00FE BP=0000 SI=0000 DI=0000 +DS=1E59 ES=1E59 SS=2CE7 CS=1EBC IP=E02F NV UP EI PL NZ NA PO NC +1EBC:E02F 8CC8 MOV AX,CS +- + +so at the top are the registers.. at the right are the flags, you can +see there NZ for example.. and at the left is 1EBC:E02F - that's +the current address of the instruction (btw: it's CS:IP) and 8CC8 +is a hexadecimal value for the instruction MOV AX,CS.. + +now you can type '?' in debug to see help.. for us the most important +keys are P - proceed, T - trace, G - go, Q - quit :) +P and T are similar.. they 'trace' through the code instruction +by instruction.. the difference is that when you encounter CALL or LOOP +the P will run the *whole* call or loop, whereas T will trace into +the call or the loop.. +when you simply type G, the whole program will run.. but you can also +specify the breakpoint (the address where to stop) like: G 1000:2000 .. + +so for now, let's trace through the code by P (you don't want to trace +all the long calls..).. +so you step the instructions and you see some XOR stuff and loops.. +this is the part where the program decodes the data .. you have *surely* +viewed the program itself in a hexeditor and found out there's NO visible +text there.. that means the program is either compressed by pklite, wwpack, +lzexe, diet, or some other exe-compressor (which is not the case) _or_ +it is encrypted (which is the case..).. +usually, you can get rid of the compressors using UNP (unpacking util included +in this package:).. +so let's happily trace through these decoding parts until you encounter +something like this: + + +AX=1EBC BX=1573 CX=0000 DX=0000 SP=00E8 BP=0000 SI=0000 DI=E02B +DS=1EBC ES=1EBC SS=2CE7 CS=1EBC IP=E0A7 NV UP EI NG NZ NA PE NC +1EBC:E0A7 07 POP ES +- + +AX=1EBC BX=1573 CX=0000 DX=0000 SP=00EA BP=0000 SI=0000 DI=E02B +DS=1EBC ES=1E69 SS=2CE7 CS=1EBC IP=E0A8 NV UP EI NG NZ NA PE NC +1EBC:E0A8 1F POP DS +- + +AX=1EBC BX=1573 CX=0000 DX=0000 SP=00EC BP=0000 SI=0000 DI=E02B +DS=1EBC ES=1E69 SS=2CE7 CS=1EBC IP=E0A9 NV UP EI NG NZ NA PE NC +1EBC:E0A9 61 POPA +- + +AX=0000 BX=0000 CX=E7E0 DX=0000 SP=00FC BP=0000 SI=0000 DI=0000 +DS=1EBC ES=1E69 SS=2CE7 CS=1EBC IP=E0AA NV UP EI NG NZ NA PE NC +1EBC:E0AA 07 POP ES +- + +AX=0000 BX=0000 CX=E7E0 DX=0000 SP=00FE BP=0000 SI=0000 DI=0000 +DS=1EBC ES=1E59 SS=2CE7 CS=1EBC IP=E0AB NV UP EI NG NZ NA PE NC +1EBC:E0AB E9C5FD JMP DE73 +- + +this is the end of decrypting and after you step over the last jump, +you'll find yourself at the beggining of the _real_ program.. wow :) + +so we trace on and on.. and i'll give you another nice function in the +debug which is 'v' - view user screen.. sometimes you want to watch +the changes happening on the screen :) + +.. hopefully you'll be in the part with many calls.. use P on them, +unless you really want to study _every_ line the program does.. +now the 15th CALL does something.. it clears the screen (remember +the V key?:).. finally something happened.. but don't get overexcited +and proceed on :) + +the 20th call draws the screen and let you move through the menu.. +guess what we choose? yes ! install.. :) + +and wow! we're back in our debugger.. so we proceed on and on and then.. +we get this awful screen where the choice of registering or installing is.. +we choose register... so we type in the name and some number.. and hell +what! since we used the P key on the call, which contained the whole +checking routine, we get the message that we entered wrong number +(unless you're a very good guess:).. + +hopefully you wrote down the address of that call.. as you should do +before Proceeding every suspicious call! +so now you just have to press the F1-F10 keys, which will get you back +to debug and there you can press 'q' and start anew :) +so let's load debug again (cracking is a work of patience:).. normally, +you'd just type G xxxx:yyyy (where xxxx:yyyy was the last written address) +but since we can't, we just had to trace it all again.. + +(of course, this all is not needed in the _best_ debugger Soft-Ice, but +it's better to get started on debug, since you get the experience and it's +not very easy for the begginers to quickly master soft-ice..) + +so we get to the point where we can move through the menu and we again +select install.. and then we trace through the code and then there are +3 calls, then mov si, ???? and then again 3 calls and wait! the 3rd call +is our checking routine, so we now must use T to get in.. + +now you again use P .. select register.. and now write down the calls +more often.. and then there's somewhere: + + cmp bl,1c + jnz ??? + CALL ???? <--- this is our routine, use 'T' on it! + +and now we are almost in the core :) .. now you again use 'P' for proceed +and there's one call - and you enter your name .. there's a second call - +and you enter a number.. then there's a compare like: + + cmp al,11 + jnz ??? + +this compares if the input registration code is 11h(=17 in dec) bytes long.. +if you entered 17 bytes then go on tracing.. if not, then.. +the cmp instruction enable the zero flag (remember? ZR/NZ) if the compare +is true.. now we are comparing al to 11.. and if you didn't entered 17 +bytes then the flag is off.. but you can _fool_ the program, to THINK, +that the compare _was true_ when you change the flag like this: + +type: rf + zr + +now you have turned on the zero flag.. wow :) +and now there's something like this: + + mov byte ptr cs:[????],00 + call ???? + cmp byte ptr cs:[????],00 + jz ???? + +!!! watch this !!! this is a _typical_ comparison check .. the program +has a variable, let's call it correct_code of type boolean (pascal).. +and this sequence of asm instructions looks something like this: + + correct_code:=false; + check_if_correct_code_was_entered; + if correct_code = true then registration_is_ok + else incorrect_code; + +well.. all we have to do is _again_ fool the program to think the compare +was true.. and how do we do it?? of course, with our favourite ZR/NZ flag! ;) +so, after pressing P on the 'cmp byte ptr...' instruction we see, that +the zero flaf is NZ .. so we must turn it on.. so, again -- + +type: rf + nz + +.. and now, you can just press 'g' and let the program finish its work.. +the file writes to itself the info about registering.. nice attitude :) +..and when you run it again the program is registrated to your name!! ;) + +you can see this result on the file 'pcxmax.exe' :) + +cracK +:::::::::::: + +this way, you can registrate it to any name.. but how to crack it permanently +so that you don't have to trace through the whole code again.. ? +well.. in normal case you'd do this: + +find the hexadecimal value (see the begging of section start) of the +instruction cmp byte ptr cs:[????],01 and then you would run +hiew (hacker's view.. great hexeditor) and pres enter 2x to enter code +view.. and then you'd search for '803EC2D101' which is the hexadecimal +value for the instruction.. the very next instruction is the conditional +jump and you'd have to change the : + + jz ???? to jmp ???? (where ???? is the address) + +.. because you remember that when you entered the reg. code it would not +jump .. until you changed the zero flag :) + +but! .. as you remember, this program is encrypted, so your search for +the sequence is unsuccessful.. right now it's too late, so i don't have +any idea how to break this problem.. but i think it's enough to have it +registrating once.. :) + +the decryption is described in the next chapter.. + + +decryptioN +:::::::::::: + +well.. the decryption itself is _very_ easy.. all you have to do is to +use the program in this package called dumpexe.. + +so, very quickly.. + +run dumpexe.exe +load debug on pcxdump.exe +debug through the early xor's until: + + pop es + pop ds + popa + pop es + jmp ???? + +.. now use P on the last jump and then press: left-shift + right-shift +to activate dumpexe.. type the values from the debugger to file '1' .. +that means fill CS, IP, SS, SP, PSP = ES .. +then autodetect filename #1, autodetect filesize #1 by stack [s].. +then choose dump exe-code of file #1.. +now type g in debug.. and then again activate dumpexe and choose +allocate 4kb.. +reload the file in debug and again trace to the same point right after +the jump.. activate dumpexe.. type the values from debugger for file #2, +autodet. name of #2, autodet. size #2 by stack.. and dump exe-code to file #2.. +then again type 'g' in debug.. activate dumpexe.. release 4 kb.. +quit from debug.. and type: + + makeexe pcxdump mycrack.exe + +.. and you have decrypted the program :) + +you can see the result of this in the file 'pcxcrack.exe' :) + +now you can view it normally and see the text inside.. you'll find out +the undocumented switches such as /show_status, /no_scroll_line, +/lets_register.. etc.. + +..you may ask that now when the program is uncrypted we can make +the crack in hiew, can't we? ... well, pcxdump checks the filesize +of the file, so you'd have to add some 00's to the end of the file to +fit the size.. you can play with that -- i'm too tired of writing this +document now.. :) + + +outrO +::::::::::::: + +soooo... i have written this stuff in one evening.. wow.. tired of it +really.. so if you have some questions or comments you can write me: + + e-mail: maxmp@geocities.com + +..and if you want to get the new parts of this tutor, then visit: + + http://www.geocities.com/Paris/9733/cracking.htm + + + See you next time :) + + (c) 1997 by MaX, Prague \ No newline at end of file diff --git a/textfiles.com/piracy/CRACKING/methods.txt b/textfiles.com/piracy/CRACKING/methods.txt new file mode 100644 index 00000000..fe720c99 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/methods.txt @@ -0,0 +1,636 @@ + Techniques in Cracking + Brought to you by -TOP- + We are Tired of Protection. Arent You? + + The Following Information provided is a listing of some techniques the +-TOP- crackers have used in cracking Programs. This is NOT intended as a +Cracking Tutorial but as an enhancement to people who need to know just a bit +more in order to crack a certain program. -TOP- Crackers have spent time and +effort in comming up with these techniques. Get what information you can from +it. It will be updated each new Issue. + +Listing of Techniques +1. Goldrush +2. Space Ace +3. SimEarth +4. StarControl 1 +5. Bo Jackson Baseball +6. Mike Dikta Football +7. Con>Format 1.06 +8. The Summoning +9. Martian Dreams +10. Sargon V +11. Secret Weapons of the Lutewaffa +12. Crimewave +13. 3 on 3: The Dream Team. +14. JACK 4.59: Landscape Designer +15. Blue Wave Reader v 2.1 +16. Giflite v 2.0 +17. Veil of Darkness +<*****************************************************************************> +Unprotect for GoldRush by Sierra! + +********************************** +Sierra's Doc check AARGH! +********************************** + +This one is a royal pain to do manually however, here it goes: + + Using norton DE/Pctools enter the file AGI. + Look at the beginning of the file and start at the A + in 'Adventure game...' and enter the numbers on the + lefthand side of the screen. For those interested the + assembly code is on the right. + + 90 NOP + 9C PUSHF + 50 PUSH AX + 53 PUSH BX + 56 PUSH SI + 8B 1E AA 00 MOV BX, [AA] + BE E3 73 MOV SI, 73E3 + 46 SCAN: INC SI + 38 1C CMP [SI],BL + 75 FB JNZ SCAN + 8A 44 07 MOV AL, [SI+7] + A2 F7 00 MOV [F7], AL + 5E POP SI + 5B POP BX + 58 POP AX + 9D POPF + C3 RET + + + That is only part one, part two is shorter: + + Using norton's DE or Pctools search 'AGI' for: + + 8A 87 09 00 00 85 09 00 + ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ + 90 90 90 90 2E E8 15 89 + + In Assembler: NOP + NOP + NOP + NOP + CALL CS:0 + +*********************************************************************** +TO BYPASS THE PROTECTION YOU MUST ENTER AT LEAST ONE LETTER FOLLOWED BY + *****THE ENTER KEY***** + +The method involved: + Sierra programs are a royal pain and even the old ones take me a +long time to crack. This one lets you type in an answer. I did a +search through memory to find the answer and then did a break if any +letter was read of the answer. I followed it through and found the the +program added the letters up into a single number (at ds:f7). I +followed this and found a compare that accessed this number. However, I +could not find anyplace to put a crack in so I went back to find how the +answer was obtained. What a royal pain. I found a number that was used +to index into a block of memory that had all the answer numbers --no +words, just numbers (started at ds:73e4). The program would compare its +index number to sub-blocks until it found the right number. It then +would scan a bit further until it found the number and then did its +compare. However, it was not done until it scanned the entire block for +any other equal numbers. So the crack involves using spare room inside +the sierra file AGI, grabbing the index number (at ds:aa) and scanning +through the memory block (starting at ds:73e4). Once the right +sub-block was found a went a bit further and took the number there and +put it back at ds:f7--which was where the program looks for my answer. +The second part of the crack is to call the subroutine. + + The Mad Doctor + -TOP- crack. +<*****************************************************************************> +Cracker: The Mage +Program: Space Ace. + + A Little Description of the Copy-Protection. The Copy Protect was +Off of a main loop. It was integrated into the program. A Main screen popped +up and it went in 4 different directions. One of these Directions led to the +Copy Protection screen which THEN let you into the game. The Game was also in +this main loop and so Nopping out the CALL would not avail me. + I searched the code through and through and found that it was using a +interesting comparison scheme to determine the Screens with which to load based +on 4 different variables and Combinations thereof. This was interesting. I +had to re-program the code to make it go to regular locations 3 out of 4 times +and the 4th time force it to jump to the game. This required some programming +and Assembly knowledge. The Copy Protection itself was different than any +others I have seen, or the way I got passed it was different. +<*****************************************************************************> +Cracker: The Mage and Majik +Program: Sim Earth + + Some Background on the game.. When you load up the game it pops into a +nice menued system. This system allowed you to mess around But on 2 different +Commands (New Planet and Load Planet I think) had a DOC check. Now since there +was more than one CALL to the same procedure Majik had an Idea. Since it was a +window based system and you wouldn't be expected to keep answering the DOC +check, it seemed that there must be a counter or something that checked if you +had answered the question BEFORE asking it. + Entering Into the CALL we did some quick checking and sure enough right +at the beginning of the call was a comparision that jmped pretty much to the +end of the procedure. Well by simply forcing this to happen you never saw the +CP again. + A HINT to people who usually just NOP out calls. NOP'ing out CALL's +works a lot of the time but I would suggest that you completly play the game +before you consider it cracked. By removing the CALL statement it just removes +that current CP but it may also be called later on in the program which would +then mean additional Removals. Look inside each CALL and see if there is a +simple way to JMP to the end of the CALL and thus eliminating that possibility. + + +<*****************************************************************************> + +Unprotect for Starcon! + +********************************** +Documentation Check +********************************** + +use Pctools/Norton's DE and search STARCON.OVL for: +FE 00 75 03 E9 4C + ^^ ^^ + EB 2A + +The method involved: + Actually not hard. I uncompressed starcon.exe with unlzexe to +make it easier to follow through and also to find the proper bytes if I +needed to but this wasn't necessary. By running through the code I +found the doc check. I found right after it where the program loaded +the addresses of my answer and the programs answer with a compare +statement and conditional jump afterward. I just made the program jump +immediately to that area. I could have made it so the screen would not +even show up but you would have seen some garbage on the screen and it +would have been a messier crack. Enjoy! + + The Mad Doctor + -TOP- crack. +<*****************************************************************************> +Unprotect for The Bo Jackson Baseball! + +********************************** +Pathetically simple protection +********************************** + +Bo Jackson Baseball is another one of those protection checks in which +you need your manual to answer a question. + +use Pctools/Nortons search for (in BALL.EXE) +9A 4C 04 +^^ ^^ +EB 14 + +The method involved: + The method here is so simple I am embarassed to relate it to + you. I ran the program once to see what the protection was. It + was one of those generic protection checks. I let the + protection kill the game and restarted it again under soft-ice. + This time I timed it a bit and stopped the program before it got + to the doc check. I stepped through it with soft-ice and found + 2 calls that ran the protection. A few steps later I found a + conditional jump that went to the rest of the game. So I tried + the simplest thing. I put a JMP statement to the rest of the + game and it worked! I then went into norton diskedit and + searched for the bytes. It wasn't there, so I searched for a + shorter string (as above) and there was only one string like + that in the program. I made the changes above and it works! + Enjoy! + The Mad Doctor + -TOP- crack. +<*****************************************************************************> +Unprotect for Mike Ditka Football! + +********************************** +Documentation Checks and Checksums +********************************** + +Mike Ditka football has the standard documentation checks but also has +some checksums early on that also have to be fixed. This is a 3 part +unprotect. + +use Pctools/Nortons search for (in MDFB.EXE) +Part 1: 75 6B 05 00 + ^^ ^^ + 90 90 + +re-search MDFB.exe for: +Part 2: 75 12 8E 46 + ^^ ^^ + 90 90 + +now look in DAT101.DAT for: +part 3: E8 A1 B7 B8 01 + ^^ ^^ ^^ + 90 90 90 + +The method involved: + This program uses the doc check which is not too difficult to + find. If you let the program run and then stop it with + soft-ice just prior to when the doc check pops up you will + find a call routine that calls the doc check up. If you NOP + it out you then go right to the main menu. OK, now we go to + norton's diskedit and make the changes and run the program. + Drat! the program says bad overlay--obviously someone put a + checksum to prevent exactly what I did. No problem, lets go + back into soft-ice and run the program using the soft-ice + again and stopping the program before it gets to that + bad overlay statement. I then find a call routine that makes + the statement and 2 conditional jumps that will lead up to + that call. So, I NOP them out and it works. I then went + back to diskedit and made the changes. Now, it works. Enjoy! + + The Mad Doctor + -TOP- crack. + +Addendum: This program was already supposedly cracked by others. It is +interesting that their crack works when I use soft-ice but does not work +without it. This crack works period. + +<*****************************************************************************> +Another fine patch courtesy of Majik.. +Con>Format is a fine product, but the opening banner is a pain in the you +know what, and requires a keypress, which kinda ruins putting it in +autoexec.bat....(I use loadhi from QEMM so it's always there but uses no +conventional memory). +ok, here is a step-by-step for version 1.06 +1st!!!!! Run the configuration program to setup your system +2. debug confmt.com +-r ;To display registers upon entry - write down cx's value + +AX=0000 BX=0000 CX=3560 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000 +DS=24FE ES=24FE SS=24FE CS=24FE IP=0100 NV UP EI PL NZ NA PO NC +24FE:0100 E93F35 JMP 3642 +keep pressing p (to proceed) until you see the following... + +24FE:365C FF264036 JMP [3640] DS:3640=266A +- write this down ^^^^^ +-p | +This has just completed the de-cryption algorithm for the TSR. | +So we will code around that for future start-up. | +-a cs:100 | +24FE:0100 jmp 266a <--- This should be what you wrote down up here -> | +24FE:0103 +Now to get rid of that opening screen... +24FE:2697 E8B40D CALL 344E This is the call to the opening screen +-e 2697 +24FE:2697 E8.90 So we will NOP it out.... +24FE:2698 B4.90 0D.90 +-r cx +CX 0000 +:3560 Enter the value from step 2 above. +-n cf.com Rename the working program to whatever you like +-w Write it to disk +writing 3560 bytes +-q Enjoy.... Majik +<*****************************************************************************> +Unprotect for The Summoning! + +********************************** +Graphical documentation check +********************************** + +use Pctools/Norton's DE and search 'CODE.1' for: +A3 CC 0C 56 57 0E + ^^ ^^ + EB 16 + +The method involved: + I ran the program with Soft-Ice and saw what the protection +looked like on the screen. I then went back, ran the program and +stopped it early to see what was going on. The program is fairly +straightforward with individual call routines doing individual things. +I quickly got to the protection portions and found two calls that +brought up the protection screen and the second actually did the test +for the answer and returned back where it checked ax to see if it was +zero or not. If it wasn't zero it wouldn't let you continue with the +game. I just jumped past the entire section and it worked! Enjoy! + + The Mad Doctor + -TOP- crack. + +<*****************************************************************************> +Unprotect for Martian Dreams! + +Use your PC Tools or Norton Diskedit on the file game.exe + +search for the hex string: +74 08 8b 5e 0a +^^ replace the 74 with: +eb +When the protection check comes up just press enter and it will work! + +The method involved: + The difficulty in breaking this game wathat the program seemed + to be using the same sets of code no matter what it did and this + was extremely frustrating. I was trying to stop the protection + routine from even coming up. I was unable to do this so I went + for the next best thing, I inactivated the doc check. Here's + how: when you try to get out of the spaceship with the prybar + is when the protection springs up. Tesla asks you a question + from the manual. I filled in a word and then stopped the + program with soft-ice and searched for it in memory. I found it + at: 4161:eca8 + I then put a watch on it with the bpmb command in S-I. By + following what the program was doing with my answer I found that + it moved it to another location: + 4161:fe6e + I then stopped by other watch and followed this memory location. + Lo and behold I found it was comparing my answer to a memory + location with the answer! + 4161:ec8e + I figured this out by changing my answer to the word found at + this location and the program worked. However, I needed more + than this. So, I started again and followed the location of the + answer until I got to a section of the code where there was a + comparison between my answer and their answer followed by a + conditional jump. + POP CX (not obvious here but now one register has one + POP DX letter or my answer and one of the real answer) + CMP DX,AX (if they are not the same then you lose) + JNZ 004C (this is what I changed to a JMP statement so it + doesn't matter what your answer is now) + I just changed that conditional jump to a regular jump and it works. + Enjoy! + + + The Mad Doctor + -TOP- crack. + +<*****************************************************************************> +Unprotect for Sargon 5 + +******************* +Documentation Check +******************* + +Using Norton's Diskedit or PCTools: + +Search the file sargon5.exe for the following: + +8e d6 eb a8 +^^ ^^ +d1 17 + +and that's it! + +The method involved: + + Sargon 5 uses a standard documentation check. If you run the +program under soft-ice and break it prior to the doc check you will find +the call statement that will call the doc check routine. On my setup: + program start 1a66:0 + call routine 2fba:32be +I ran through the call routine and input some letters. Instead of +running the entire doc check I set soft-ice to look for my letters and +stop the program when accessed. This brought me near the end of the +routine. I went a bit farther and noticed a compare statement followed +by a conditional jump (at 2fba:4a92). I changed the condition of the jump +and lo! it worked. However, I didn't like this crack (too much work for +the gamer) and went back to the jump. After the conditional jump there +were 2 mov statements and a return. So, I went back to the call routine +and made the call go just to the end of the protection routine where the +mov statements were and that was it. Now I had to find it by +diskedit--however it wasn't there. So, since I knew where I wanted to +change memory I put soft-ice watching the spot. Soft-ice stopped the +program and I saw a movsb statement which had the area I wanted. That's +it--this was a more in depth discussion than usual, it wasn't hard at +all. Bye! + + The Mad Doctor + -TOP- crack. + +<*****************************************************************************> + Secret Weapons of the Lutwaffe Unprotect + Cracked By The Mage + +Type of Check: Doc Check in the Beginning of the Game. +What was done: Enabled it to press Enter 3 Times and you are into the Game. + Very Sloppy, but works perfectly. Not bad for a 15 minute crack. + +Method Involved. + While talking to The Mad Doctor and while we were working on Tony +Larussa's Ultimate Baseball he showed me a new technique for cracking that I +had not thought of.. simple and easier. Anyways, At the DOC check you type in +a Name (any name, I use MAGE) and then you search memory for the name. Search +from the first program block on up into memory. You them in SOFT-ICE put a +Break point on Memory Access and Read. You then continue the program and press +enter to finish the check. You will have reads on the memory and chances are +you will find a CMP to that memory location and a simple jmp afterwards. This +also helps you stay in the Copy Protection routines. Well It wasn't as simple +as all that and what I had to do was jump over a lot of checking code. I found +a JMP to a far location and used it by taking a much earlier JAE and changing +it to JMP to the far location and whammo bypassed the code and enabled you to +get into the program. Since it was doing overlays I wasn't sure where the call +was to the whole program so I left it at hitting enter 3 times and into the +game you go. + +Anyways Get out DiskEdit/Pctools andd search +the file NOTCAMP.OVL +Search for: 73 74 8B 5E +Change to : E9 64 02 + ^^ ^^ ^^ + +And that is it! + +Thanks and greets go to everyone in -TOP-. thanks to The Mad Doctor for the +new Technique in my collection. + The Mage +<*****************************************************************************> + Unprotect for Crime Wave by Access + Cracked by The Mage + -------- + +Type of Protection: Doc check at the Beginning of the program. +What was done: A JZ changed to JMP. +Method Involved. + Well I loaded this sucker up and the program was using interupts to +process strings so I could not search through memory for a sample string +that I inputed. Since at the Doc check itself it was sitting in DOS and I/O +system blocks of memory I put in a bad value and got a PRESS ESC or SPACE BAR +message from the program. I then traced to where it compared to a space +like CMP AH,20 and set this to true. Then a Simple trace to where it compared +the answer after the Interupt and a change and simple.. all of 7 minutes while +talking on the phone.. Very Very Easy. I tried taking out the call +completely but was unable to do so without extensive work. + +Get out Norton/Pcshell +Search the File CW.EXE +Search for: 80 3D 00 74 05 +Change to: -- -- -- EB -- + +And save it and press enter at the DOC check. You are in! + The Mage + +<*****************************************************************************> +--------- By Gron ----------- +--------- 3 on 3 Basketball : The Dream Team by Data East ----------- + Protection : Doc Check + + Search : DREAM.EXE + + Locate : 7D 00 75 55 C6 06 + Replace: EB + + Method : After loading the game into memory, I ran the program + until the doc check popped up. I then kicked out to + Soft-Ice and traced until I found where it was looking + for a compare to 0D which is the ENTER key. I then traced + until it failed the protection. This brought me back to + the original CALL which was used to get keyboard input, + followed by a conditional jump. Since the program did not + jump with my bogus input, I changed the conditional jump + to an unconditional one. This worked beautifully. However, + the protection scheme still came up and forced the user to + enter three numbers before it would go on. + + Therefor, I looked back in the code and discovered that + immediately before the CALL which asked for input there were + a series of CALLs and jumps. I noted the address of the + last jump in that series which jumped just beyond where the + conditional jump I had changed earlier was jumping. I + reloaded the program and ran to the address I had noted. The + protection scheme had yet to come up. I changed the + conditional jump to an unconditional one and continued + running the program. It went right to the main menu, + bypassing the protection entirely. After playing the game + for an hour or so, the protection never again surfaced nor + did any noticeable side-effects of the change. + +<*****************************************************************************> + Unprotect for JACK 4.59 + Cracked by The Mage and Gron + -------------- + +Type of Protection: Password Entry +What was done: Removed Protection entirely +Method: + It came up with a screen to hit enter before the copy protection was +shown. Broke into the code and just traced until the call to the copy +Protection. Noped it out and it ran like a champ. Problem arose in that the +call was a CALL FAR and this could not be found when Hex Searching. So traced +1 statement into the CALL and JMP'd to the RETF (end of the CALL) and this was +in the Hex Search. One Note: This Program Sucks. + +Anyways Search the File JACK1.EXE +Search for : CD 3F 14 10 +Change to : E9 8D 01 90 + +You are done + Later + The Mage + +<*****************************************************************************> +------------------------------------------------------------------------------- +--------- Another -TOP- unprotect ----------- +--------- By Gron ----------- +--------- ----------- +--------- Blue Wave Offline Mail Reader 2.10 by Cutting Edge ----------- +------------------------------------------------------------------------------- + + Protection : Registration Number + + Search : BWAVE.EXE + + Locate : 06 A2 00 00 5E 8B + Replace: 01 + + Method : After loading the program into memory, I traced until I + found the CALL that brought up the UNREGISTERED screen. + Immediately before this CALL was a CMP AX,0000 and a + JNZ XXXX which jumped over the offending CALL. I looked + a bit further back in the code and found a MOV AL,[XXXX] + and a MOV AH,00. I reloaded the program and placed a + breakpoint (BPMB) on the DS:XXXX address from earlier. + It eventually popped out where it was moving a 00 into that + location. I looked back a bit in code and found a JNZ that + had jumped over a MOV that would have placed a 01 into the + location. Rather than change the jump, I simply changed + the MOV BYTE PTR [XXXX],00 to a 01. Since every registered + function in the program checked this address, all features + are now enabled, as well as any name and registration number + will work. + +<*****************************************************************************> +------------------------------------------------------------------------------- +--------- Another -TOP- unprotect ----------- +--------- By Gron ----------- +--------- ----------- +--------- GifLite 2.00 by White River Software ----------- +------------------------------------------------------------------------------- + + Protection : Registration # + + Search : GIFLITE.EXE (UnPklite) + + Locate : C6 06 F3 00 01 C4 + Replace: 00 + + Method : I loaded the program into memory with no options and + traced through until I found the CALL that brought up + the shareware notice. I then reloaded and traced until + I found the series of CALLs that drew each line of the + screen. I then traced until I found a conditional jump + immediately preceding a CALL which would draw some + shareware info. I noted the address being checked, and + changed the JZ to JMP to see what happened. Sure enough, + that shareware section was skipped, but the rest was drawn. + + At this point, I reloaded the program and put a BPMB (Break + Point on Memory Byte) on the address I noted earlier. I + then ran the program until it popped out at a + MOV BYTE PTR [00F3],01 + Since the compare had been against 00 earlier, I changed the + MOV to MOV BYTE PTR [00F3],00. That was all she wrote. + + At this point, search the GIFLITE.EXE for "null" and change + it to whoever you want the program registered to. I could + have changed the built-in registration (which I probably + should have done) to accept any name and registration number, + but I didnt really feel like taking the trouble since I didnt + find it unil I was half-way through this method. + +<*****************************************************************************> +------------------------------------------------------------------------------- +--------- Another -TOP- unprotect ----------- +--------- By Gron ----------- +--------- ----------- +--------- Veil of Darkness by Strategic Simulations Inc. ----------- +------------------------------------------------------------------------------- + + Protection : Doc Check + + Search : CODE.2 + + Locate : 26 FE 47 0B 0E E8 + Replace: 0A + + Method : I loaded the program into memory and broke into Soft-Ice + right before the doc check screen was to come up. I then + traced until I found the CALL to the protection scheme. + Immediately before the CALL was a + CMP BYTE PTR ES:[BX+0A],01 + JZ XXXX (beyond the CALL) + where ES:[BX+0A] was equal to 00. I tried changing the + 01 to a 00 which worked at first. However, when I attempted + to leave the first room in the game, the protection popped + up again using the same method as above. I set a breakpoint + (BPMB) on the ES address and reloaded the program. I didnt + find what I was looking for, but I did notice that ES:[BX+0B] + was being incremented to 01 a few lines before the first + doc check. I changed the 0B to a 0A and all the protection + disappeared. + +<*****************************************************************************> +<*****************************************************************************> +<*****************************************************************************> +<*****************************************************************************> +<*****************************************************************************> +<*****************************************************************************> +<*****************************************************************************> +<*****************************************************************************> +<*****************************************************************************> +<*****************************************************************************> +<*****************************************************************************> +End Methods File. diff --git a/textfiles.com/piracy/CRACKING/mex-c4n.nfo b/textfiles.com/piracy/CRACKING/mex-c4n.nfo new file mode 100644 index 00000000..d215022d --- /dev/null +++ b/textfiles.com/piracy/CRACKING/mex-c4n.nfo @@ -0,0 +1,141 @@ + + + + + + + Ŀ + Mexelite `97 28/07/97 [C4N] + Ĵ + We are a new Cracking Group for TNG of Crackers.... + We share knowledge about Modern Cracking which includes - + + Providing the tools nessesary, Writing Tutorials, Gather other + Peoples Tutorial`s, Make our own Cracking test programs, + Provide New/Old utilities to Crack, Take Cracking Requests, + and generally Help Newbies... + + By using our #Cracking4Newbies Channel on EFFNET our Members + will provide Advise on various techniques to use which will + help you with cracking our Utilities of the Week. + + Our Channel Advisor`s and Tutor`s also teach various cracking + techniques ranging from old DOS games, Patches & CD Checks to + Serial number`s and Keygen makers. + + Mexelite `97 also provide in-depth tutorials and How-to`s for + various modern Cracking Strategies and we take requests from + other Groups and Users alike. + + Our Channel Bots contain the various Tools, Texts, Tutorials + our Latest Cracks and the Utility of the Week to Crack.... + You can even Request on the Bots or our Web Site for a program + to be cracked. + + So come in to #Cracking4Newbies, or visit us at + http://cracking4newbies.home.ml.org or http://c4n.home.ml.org + or our Group Web Site http://mexelite.home.ml.org + http://users.quicklink.net/~cbd/c4n/ + Ĵ + Program : + URL : + Date Cracked : + Type : Serial( ) Patch( ) Keygen( ) Unlock( ) Tutorial( ) + Program Type : Internet( ) Utility( ) Game( ) Other( ) + Cracked by : + Ĵ + Notes : + + + + + + Ĵ + + Position Name Stat. Email + Ĵ + + Founder/President : JosephCo J0c00l@ + + Founder/V-Pres : nIabI niabi@ + + C4N Advisor/Cracker/TPE : SasbenJr sasben@ + + C4N Tutor/Cracker : Drlan drlan@ + + C4N Tutor/Cracker : Yoshi yoshi@ + + C4N Tutor/Cracker : p020 [IDLE] xxxx@ + + Cracker/Requests : Scorpion- [WRNG] scorpion@ + + Coder : Fant0m Anonymous@ + + Coder/Cracker : ^pain^ xxxx@ + + Cracker : Intruder ramf@ + + Cracker : Tgunner [IDLE] Tgunner@ + + Cracker/Webmaster : _CbD_* cbd@ + + Cracker : mpbaer* mpbaer@ + + Cracker : Corn2* corn2@ + + BotmAster : DamaTrix* digital@ + + BotmAster : GreenEvil Green@ + + We are looking for another Botmaster + for our channels, in exchange we will teach + you how to Crack. + + Ĵ + Trial members (+v) + + + Manson69* + + Ĵ + + Ĵ + Students in Training (+v) + [SIT] + + GrimL0ck,XOR + + Ĵ + + Greets : +GreyThorne, Xygorf, KrazyN, StarFury, Razzi, + DeadList, DrmWeaver. + + Personal Greets to : + + + Group Greets : Revolt, Heritage, UCF, PC97, Pentium, CRC32, + Pinnacle. + + + + Ĵ + News : + + + + Ĵ + Warnings to: p020,Scorpion- + Ĵ + If your not in this NFO it`s maybe because you where idle for + more than 2 weeks! If you are sure you haven`t and still think + you should be on this NFO then /msg any op in + #cracking4newbies or #mexelite97 + Ĵ + Note: Idle means just that, Get to work! + Two weeks of being inactive in the channel + and your off, [WRNG] Means Warning to being kicked by X + Reason's. + Note2: * Means NEW member or just added to this NFO. + - JosephCo + + diff --git a/textfiles.com/piracy/CRACKING/mhpcnws1.txt b/textfiles.com/piracy/CRACKING/mhpcnws1.txt new file mode 100644 index 00000000..b3b73293 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/mhpcnws1.txt @@ -0,0 +1,427 @@ + Midnights Hackers Private Club + + Where members or hackers gourps come to exchange ideas, and show + off skills. + + **** A Cracking Guide For Beginners **** + + An Article By: + + The Psychopath + + TABLE OF CONTENTS + ------------------- + + I. Introduction and Overview + II. Cracking Doc Checks + A) General Info + B) A Cracking Tutorial + III. Cracking Disk Checks + IV. Cracking with Overlays + V. Closing Remarks + +-------------------------------------------------------------------------------- +Introduction: + + This article is to provide help and give a basic understanding of cracking +for those that just plain don't understand it. A lot of you have heard about +ways of cracking and have gone of on your own into the unknown to try to crack +your first program. And undoubtedly you failed, unless you had guidance and +help from someone more experienced then yourself. Well, I know how rough it +is to learn how to crack, 'cause I've been there myself. It takes a lot of +time, work, and patience to become proficient at the art. So those wishing to +make a leap up in society to the status of a cracker, please read on. + + Some of the most useful tools to a crackist are: + DOS Debug + Quaid Analyzer + Turbo Debugger + Locksmith + Step-13/Trap-13/PC-Watch + Soft Ice + + Acquire any and all that you can. You'll want and need them. I'm only +going to discuss DOS Debug (Turbo Debugger is quite similar) and Step-13/Trap-13 +The others you'll have to experiment with on your own. + + Here's a basic list of Debug commands: + +Command Function +------------------------------------------ +*A [address] Assemble + C range address Compare + D [range] Dump + E address [list] Edit + F range list Fill +*G [=address [address..]] Go + H value value Hex + I value Input + L [address [drive:record record] Load + M range address Move + N filename [filename] Name + O value byte Output +*P [=address][value] Proceed +*Q Quit +*R [register-name] Register +*S range list Search +*T [=address][value] Trace +*U [range] Unassemble +*W [address [drive:record record] Write + + [* Indicates the only ones you need worry about for now. They are the main + commands that you use). Basically, you will enter the letter command and then + return (). Addresses only need to be specified based on necessity. (for + example, you could just enter G and it would execute. Specifying an address + would set a break point. (run the program up to that address). For P and T, + just enter the letter name and . It's quicker.] + + Further explanation of the commands is provided in your DOS users manual. +Read it for yourself. +*** Note that not all forms of copy protection, nor their ways of removal are +discussed in this news letter **** +-------------------------------------------------------------------------------- +Cracking Doc Checks: + + Okay, one of the most common forms of copy protection is the doc check. +This is where you are asked to input information from the documentation that +is included with the software purchased. I will discuss a few methods of +removing this protection scheme, and then will provide you with a sample +crack. + + Doc checks are usually at the beginning of the software, with a few +exceptions (some being in the middle or at the end). They range in variety +from simple text questions, to having graphic and mouse interfacing. They, of +course, range in difficulty from Insulting (easy) to Mind Boggling (hard). + It's best to start with the easy ones, because you don't want to get in +over your head, and remember that experience is the best teacher. + + Doc checks are executed by CALL statements, and sometimes a series of +CALL statements. When proceeding through a program in DEBUG, you will hit +a CALL statement that will execute the program. Remember what the address was +for it, 'cause you'll have to exit out of the game and go back to where it +took control from you. If the CALL statement runs the doc check then takes +you back to DEBUG, then you're allright, and can start changing it +there. If not, then you will have to trace (T option) through the CALL +statement down to the next layer of program. Now you will proceed again, until +you get to a call statement that executes the copy protection then returns +you to DEBUG. + + There are three basic ways to remove the Doc check: + 1) Remove the CALL statement. + a) By the NOP command. + b) By jumping from the first byte to the last. + 2) By changing the comparisons. + a) By changing the CMPs to compare registers to themselves. + b) By changing the jump statements that follow. + 3) By Jumping around the Doc check to get to the part of the program + that loads in the rest of the game. + + The first option deals with the above mentioned CALL statements. When you +get to the one you want, you will assemlbe at that address (A Address) and +enter either NOP (being sure to NOP all the bytes of the call statement--NOP +represents NO Option) or jumping from the address of the first byte to the +address of the second byte. Either will do. Removing the CALL statement will +not always work. Sometimes it will do a wide variety of things to the program. +If this happends, then try one of the other options listed. + + The second option involved leaving the doc check entact, but making it so +that any text entered will be accepted by the computer, thus allowing you to +continue with your utility/game. You will usually find a CMP statement (i.e. +CMP AX,[BP-20]) after it calls for the text to be entered. What it's doing +is comparing the value you entered to the value it wants. You can fix this +by either changing the compare statement to compare the register to itself +(i.e. CMP AX,AX), or by changing the jump statements that follow. You might +get a jump statement like JNZ 0345 which will only jump to CS:0345 if the +value is not zero. So just change it to read JMP 0345, which will always +jump to CS:0345. + + The third option involves jumping past the doc check (or CALL statement +more appropriately put). Often times you'll execute the copy protection, and +then it will take you to a new part of the program, where it will make it's +comparison, and then decide wether it will run the rest of the program (if you +answered the question correctly) or kick you out to DOS (or re ask the question +depending on the software). If you know what one of the answers is (and you +should if you have the originals), then enter the correct answer and follow +the program through until it executes the rest of the game. (Make note of where +it executes the rest of the game). Then, you exit out of the game, get back +into DEBUG, and then go back before the doc check is called. Now, jump from +the doc check over to where it executes the rest of the game. This will remove +the doc check completely. + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Sample Crack-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= +Software Name: Fiendish Freddy's Big Top of Fun +Software Company: Mindscape + +Here is a walk through for cracking a simple text doc check in the above +mentioned game. I will present you with two ways of cracking it. +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + +Method #1: + + The most preferred way amoung pirates for having a copy protection removed +is for the crackist to take it out completely. There two most common ways of +doing that are: + 1) Remove the call statement that executes the protection. + 2) Jump around the protection. + I'm going to teach you method 1 (removing the call statement). Find a +copy of Fiendish Freddy, and type the following: + + DEBUG FREDDY.EXE + + After typing this, you will be in the program itself, and you will see +the "-" to the left of the screen. To see where you are in the program, +press R, and you will see something like this: + + AX=000 BX=0003 CX=4A40 DX=0000 SP=34BC BP=0000 SI=0000 DI=0000 + DS=11EB ES=11EB SS=44B2 CS=11FB IP=3E93 NV UP EI PL NZ NA PO NC + + -11FB:3E93 9A00005341 CALL 415E:0000 + + ---------------------------Special Note---------------------------- + The value of CS is "11FB". That is the hexadecimal segment address + for the beginning of the program code in your computer's memory. It + is highly possible that the value you see for CS is different from + mine. + ------------------------------------------------------------------- + + Now then, press P to proceed through the program until you come to +the call statement located at CS:3EF8. Type U 3EF2 to unassemble around +the call statement. You will see the following: + . + . + 11FB:3EF2 55 PUSH BP + 11FB:3EF3 89E5 MOV BP,SP + 11FB:3EF5 83EC02 SUB SP,+02 + 11FB:3EF8 9A9C01291A CALL 1A29:019C + 11FB:3EFD A2CA02 MOV [02CA],AC + . + . + Okay, write down the HEX values before, including, and after the call +statement. Now in order to change it, you will type A 3EF8 and you'll +see this: + + CS:3EF8 + + Where the cursor is located, you will type NOP (No Option) 5 times, in +order to wipe out the 5 bytes of the call statement, and then press . +NOP is like erasing data. (i.e. 11FB:3EF8 NOP NOP NOP NOP NOP). Now press +G to execute the game. The actual program should load up without executing +the doc check at all. If not, then you screwed up and need to re-check your +alterations to the program. + + -----------------------Saving the Changes----------------------- + Remember now, that DEBUG can only write to .COM and files + other then .EXE (with the W command). One way to save the + changes (the more unreliable way) is to rename the .EXE file to + Something like .HEY or whatever, and then going in and searching + for the data to be changed (with the S command). Now edit the + data as normal, and save with the W command. Exit out + (Q) and rename the .HEY file back to .EXE + + *** This will not always work *** + + Another way to save changes is with a sector editor (The two most + widely used are Norton Utilities and PCTools). Search for the + HEX values (the values I told you to write down) of the data in + front of, including, and after the statement. When you find + The statement, edit it. (In the above case, you'd change the + HEX values of the CALL statement to read 90 90 90 90 90 --90 is + the HEX value for NOP). + ------------------------------------------------------------------ + +Method #2: + + Another way to remove copy protection is to leave the doc check entact, +but change it so that it accepts the values that you enter 100% of the time, +regardless of what it is. The ways you can do this are: + 1) Change the CMP (compare) of what you entered to what it's supposed + to be, so that it compares what you entered to what you entered + (i.e. CMP AX,[BX-23] would be changed to CMP AX,AX). + 2) Change the Jump statements (JNZ, JZ, JB, JA, JG, JL, etc.) + + We will use Option #2 this time, and again using Fiendish Freddy. Type +the following to get started: + + DEBUG FREDDY.EXE + + Now then, proceed back up to where we saw the CALL statement that executes +the protection. (CS:3EF8) And this time, trace through it (T). Now then, +your CS will change to something else, because you've moved down one level in +the program. Start proceeding through. You'll come upon several CALL +statements that load in the text for the doc check. Ignore them, they cause +no harm. (Just for your info, they exist at CS:022A, CS:0246, CS:025C, CS:0271, +CS:028D, CS:02A3, CS:02B8, CS:02D4). Now then, at CS:02F2 CALL 415E:0C73 +appears. What this does call for the user to enter some text from the keyboard. +Proceed through the CALL statement, and the screen will wait for a key to be +pressed. Enter something like "kskdksdk" and then it will take you back +to the program. + Proceed on until you come to the following: + + CS:030E 3B86DFFE CMP AX,[BP+FEDF] + CS:0312 7F25 JG 0339 + CS:0314 8946FD MOV [BP-03],AX + + Now, what is happening is the program is making a comparison of what was +entered. If that value is greater then what it wants, then it jumps to CS:0339 +and if it isn't then it just continues on. Now we want to fool it into +thinking that the text is correct. So change CS:0312 to read JMP 0339. This +way, the program will jump to 0339 every time, no matter what is entered. Now, +we're not through yet. You'll soon come to this: + + CS:0349 9A....... CALL 415E:0419 + CS:034E 7404 JZ 0354 + CS:0350 B000 MOV AL,00 + CS:0352 EB02 JMP 0356 + + Now we have another comparison here. The CALL statement is calling a +compare routine, and when it's finished, if the value is equal to 0, it will +jump to CS:0354, and if not, it will simply continue on. We need to fool the +computer once again, and change CS:034E to read JMP 0354, so that it will +always jump to 0354. This is the last change that needs to be made. Go ahead +and type G to test it out. When you're done, be sure to make the changes +permanent, as described above. + +-------------------------------------------------------------------------------- +Disk Checks: + (INT-13) + + Some copy protection schemes use the disk interrupt (INT-13). INT-13 is +often used to either try to read in an ilegally formatted track/sector, or to +write/format a track/sector that has been damaged. + + INT-13 is called like any normal interrupt with the assembler command +INT 13 (CD 13). The AH register is used to select which command is to be used, +with most of the other registers used for data. + + Now, the copy protected file might use INT-13 to load some other data from +a normal track/sector on a disk, so it is important to determine which tracks/ +sectors are important to the cp scheme. There are two common ways to do this + 1) Use Quaid Analyzer to keep track of INT-13 activity + 2) Use Locksmith to track down unusual traks/sectors. + + With Locksmith you can analyze the diskette. Write down any tracks/sectors +that seem abnormal. These are most likely part of the protection routine. Now +we must enter debug and load in the file to execute a search for CD 13. Record +any addresses shown. (i.e. S CS:100 FFFF CD 13). + + If no addresses are picked up, then either the interrupt is encoded, or +it's in a part of the program not yet loaded. Here's what a sector of hidden +code might look like: + + CS:0000 31DB XOR BX,BX + CS:0002 8EDB MOV DS,BX + CS:0004 BB0D00 MOV BX,000D + CS:0007 8A07 MOV AL,[BX] + CS:0009 3412 XOR AL,12 + CS:000B 8807 MOV [BX],AL + CS:000D DF13 ........... + + In this section, AL is set to DF at location CS:0007. When you XOR DF +and 12, you would get a CD (hex) for the INT code, which is placed right next +to a 13, thus giving uou CD13 or INT-13. + +---------------------------Finding Hidden INT-13s------------------------------- + A good way to find hidden INT-13s is with Quaid Analyzer, or Step-13 (or +Trap-13, or PC-Watch....all work equally as well). Step-13 traps the interrupts +and will print where they were called from. Once running this, you can jut +disassemble around the address until you find a code that looks like it is +setting up the disk interrupt. + + Another way to decode the INT-13 is to use the G (go) command in DOS DEBUG. +Just set a breakpoint at the address given by Step-13. i,e, G CS:000f (see +above code). When debug stops, you will have encoded not only the INT-13 but +anything else leading up to it. +-------------------------------------------------------------------------------- + + Once you find the INT-13, all that is left to do is to get the computer to +think that the protection has been found. To find out what the computer is +looking for, examine the code right after the INT-13. Look for anything having +to do with the CARRYFLAG or any CMP to the AH register. If a JNE or JC (etc.) +happens, then unassemble (u address) the address listed with the jump. If it +is a CMP then just read on. + + Here you must decide of the program was looking for a protected track or +just a normal track. If it has a CMP AH,0 and it has read in a protected +track, it can be assumed that it was looking to see if the program had +successfully completed the read/format of that track and that the disk had +been copied thus jumping back to DOS (usually -with INT 19). If this is +the case, just NOP the bytes for the CMP and its corresponding JMP. + + If the program just checked for the carry flag to be set, and it isn't, +then the program usually assumes that the disk has been copied. For example: + + CS:0002 INT 13 (Reads the sector) + CS:0004 JC 0345 (Jump comparison) + CS:0006 INT 19 (reboot) + CS:0345 Rest of program.. + + The program carries out the INT and finds an error (the ilegally formatted +sector) so the carry flag is set. The computer, at the next instruction, sees +that the carry flag is set and knows that the protection has not been breached. +But, when you make a copy, it will see the breached protection, and execute the +INT 19. To avoid this, change the JC 0345 to read JMP 0345. + +* Note that the protection routine might be found in more then just one +part of the program * + + Here is a chart describing INT-13 using the AH register to select +the function to be used. + +AH=0 Reset Disk +AH=1 Read the status of the disk system into AL + + AL ERROR +----------------- + 00 - Successful + 01 - Bad Command given to INT +*02 - Address mark not found + 03 - Write attempted on a write protected disk +*04 - Request sector not found + 08 - DMA overrun + 09 - Attempt to cross DMA boundary +*10 - Bad CRC on disk read + 20 - Controller has failed + 40 - Seek operation failed + 80 - Attatchement failed + +* Represents the most commonly used in the Copy protection + + input: + DL = Drive Number (0-3) + DH = Head Number (0 or 1) + CH = Track Number + CL = Sector Number + AL = # of sectors to read + ES:BX = Load address + output: + AH = error number (shown above) + [Carry flag set] + AL = Number of sectors read + +AH=3 Writes (Params. as above) +AH=4 Verify (Params. as above ES:BX) +AH=5 Format (Params. as above CL,AL + ES:BX points to format table) + +-------------------------------------------------------------------------------- +Cracking Overlays: + + Sometimes the copy protection is executed in an overlay file. The best +way to find out which file it is in, is to use Quaid Analyzer to track the +INT 21 calls and see which program is loaded in. Next, if it was an INT-13 +type protection, then you'll do as usual and just look for it in the overlay +file. + If it was a doc check, then you'll proceed through the .EXE file as usual +(with DEBUG or whatever), and go up to the doc check. Now the changes you make +might have to be made in the overlay file. What I mean, is if you search the +.EXE file and don't find the HEX values, then search the overlay file. You'll +have a high probability of finding them there. Then, just change the bytes in +the overlay file as usual and execute the game. It should run, this time with +the crack entact. +-------------------------------------------------------------------------------- + + Hopefully this will aid you on your quest to become a crackist. And remember, +don't get in over your head by attempting to crack something difficult, 'cause +it will benefit you 0%. Laterz... + + - The Psychopath diff --git a/textfiles.com/piracy/CRACKING/mhpcnws2.txt b/textfiles.com/piracy/CRACKING/mhpcnws2.txt new file mode 100644 index 00000000..d043640b --- /dev/null +++ b/textfiles.com/piracy/CRACKING/mhpcnws2.txt @@ -0,0 +1,450 @@ + Midnights Hackers Private Club + + Where members or hackers groups come to exchange ideas, and show + off skills. + + **** A Cracking Guide For Advanced Amateurs **** + + An Article By: + + The Psychopath + + TABLE OF CONTENTS + ------------------- + + I. Introduction and Overview + II. Types of Cracks + A) Documentation Protection + B) Config/Setup Protections + III. Closing Remarks + +-------------------------------------------------------------------------------- +Introduction: + + This is my second edition on cracking tutorials. This one will provide +more information on the art of cracking as well as some more advanced cracking +walkthrus. Take the learning process slow, and just let it come to you. Don't +try tackling too much at once. Again I emphasize the importance of practice and +experience as being the best teacher. And I think I'll mention this now... +ALWAYS, ALWAYS make backup copies of the programs before you tamper with them +with your debuggers and sector editors, because if you screw up and write to +your only copy, you're plain outta luck. + + Cracking programs used in this issue: + DOS Debug + Turbo Debugger + Quaid Analyzer + + Acquire these if you don't already have them. These are not the only +cracking utilities, but they are the ones that I will be using in my lecture +today. + + Here's a basic list of Debug commands in case you've forgotten: + +Command Function +------------------------------------------ +*A [address] Assemble + C range address Compare + D [range] Dump + E address [list] Edit + F range list Fill +*G [=address [address..]] Go + H value value Hex + I value Input + L [address [drive:record record] Load + M range address Move + N filename [filename] Name + O value byte Output +*P [=address][value] Proceed +*Q Quit +*R [register-name] Register +*S range list Search +*T [=address][value] Trace +*U [range] Unassemble +*W [address [drive:record record] Write + + [* Indicates the only ones you need worry about for now. They are the main + commands that you use). Basically, you will enter the letter command and then + return (). Addresses only need to be specified based on necessity. (for + example, you could just enter G and it would execute. Specifying an address + would set a break point. (run the program up to that address). For P and T, + just enter the letter name and . It's quicker.] + + Further explanation of the commands is provided in your DOS users manual. +Read it for yourself. + +*** Note that not all forms of copy protection, nor their ways of removal are +discussed in this news letter **** +-------------------------------------------------------------------------------- +Cracking Documentation Checks Part II: + + Okay, the most common form of copy protection is the documentation check. +Doc checks are usually at the beginning of the software, with a few exceptions +(some being in the middle or at the end). They range in variety from simple +text questions, to having graphic and mouse interfacing. They, of course, +range in difficulty from being extremely easy to being near impossible. + + In the past issue, I gave an extremely simple copy protection to remove +(Fiendish Freddy, if you remember). Here, after a refresher course on what to +do to remove the doc checks, we'll take a look at a complicated doc check. + + There are three basic ways to remove the Doc check: + 1) Remove the CALL statement. + a) By the NOP command. + b) By jumping from the first byte to the last. + 2) By changing the comparisons. + a) By changing the CMPs to compare registers to themselves. + b) By changing the jump statements that follow. + 3) By Jumping around the Doc check to get to the part of the program + that loads in the rest of the game. + + In the first option, as you know, we can remove the CALL statement by +writing the assembly command NOP (No Option) in place of the CALL statement +itself. Or we can simply jump from the first byte in the CALL statement to +the last byte in the call statement (This has the same effect). + + The second option involved leaving the doc check entact, but making it so +that what you enter (wether it be right or wrong) will be accepted by the +computer, thus allowing you to continue with your game. You will usually find +a CMP statement (i.e. CMP AX,[BP+2307]) after it calls for the text to be +entered. What it's doing is comparing the value you entered (stored in the +registers) to the value it wants. You can fix this by either changing the +compare statement so that the register is compared to itself, (i.e. CMP AX,AX), +or by changing the jump statements that follow. You'll get a jump statement +similar to JNZ 1355, which will only jump to CS:1355 if the value from the +compare is not zero. So just change it to read JMP 1355, which tells the +program to always jump to CS:1355. + + The third option involves jumping past the doc check. Often times you'll +execute the copy protection, and then it will take you to a new part of the +program when it's finished, where it will make it's comparison, and then decide +wether it will execute the remainder of the program (if you answered the +question right) or boot you out to DOS (giving a wrong answer). If you know +what one of the answers is (and you should if you have the originals with the +docs included), then enter the correct answer and follow the program through +until it executes the rest of the game. (Make note of where it executes the +remainder of the game). Then, you exit out of the game, get back into your +debugger, and go back before the doc check is called. Now, jump from the doc +check over to where it executes the remaining portion of the game. This will +remove the doc check completely if done properly. + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Sample Crack-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= +Software Name: Martian Dreams +Software Company: Origin + +Here is a walk through for cracking a moderately complicated doc check in +the above mentioned game. I will present you with one way of cracking it. +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + +Method : Jumping around the Doc Check (Method #3 as mentioned above). + + Find an uncracked copy of Martian Dreams. If you notice, there are 2 +executable files. MARTIAN.EXE is the introduction file, and GAME.EXE is the +actual game. (This can be found out by using Quaid Analyzer to watch the INT-21 +output while tracing through MARTIAN.EXE) Now, make sure that you have a +character created. You're going to need to get the prybar from the cowboy and +move your character right above the hatch and then save the game and exit to +DOS. Now we're ready to begin. + + Load GAME.EXE into your debugger (I'll be using good ol' DOS debug). + + Proceed through the program, making note of any loops you get into. (To get +out of a loop such as something that makes a jump comparison and then sends you +to a previous part of the program, just look at what address is after the jump +and then go to that address (with the G
command) i.e. +CS:003C JNZ 0034 is in the early part of the game. We notice that CS:003E lies +just after this call statement, so jump to it--G 3E). + + Now, keep going until you come to the following: + + CS:00FC CALL 14C8:0941 + +(The 14C8 segment may be different on your machine, depending on you memory). +Trace through this call statement (proceeding through it will execute the +game, so don't). Now, start proceeding again. You'll come to the following +address: + + CS:0C5E CALL 2015:0013 + +This will switch graphics modes, so we know we're on the right track. Keep +proceeding. Next you'll start hitting addresses that will call parts of the +picture to the screen. At the following: + + CS:0CEA CALL 0509 + + CS:0F69 CALL 3433:04B1 + +Each of these calls in a different picture...we're getting close, so keep +going. When you come to the following address: + + CS:0FD7 CALL 2409:133A + +Trace through it. (Proceeding through will execute the game). Now, keep going. +Again, you'll hit CALL statements that load in graphics pictures, at the +following addresses: + + CS:1B51 CALL 0A47 + + CS:1B64 CALL 0084 + + CS:1B83 CALL 18B4 + + CS:1B95 CALL 0221 + +Keep proceeding until you come to: + + CS:1BA5 CALL 3433:28CC + +Trace through this (proceeding through will execute the "command entering" part +of the game. It will execute a full command at once, so we need to trace +trough it to break up the command into parts). Tracing trough, and proceeding +on, we come to the following: + + CS:2902 CALL 20AD + +This allows one key movement/command to be entered at a time. Proceed through +this call statement and type a "U" to get the character to use an item. Now +you're back at the program. If you proceed on, you'll hit the RETF and +eventually come to the following: + + CS:1BC5 LOOP 1BBB + +This will loop back and take control of the program until your command has +been fully executed, then you'll be back at the debugger again. We don't want +this, because we need to proceed through and see what happends step by step, +before it calls the doc check, so do the following. at the CS:2902 address, +you proceeded though the first time right? and you entered a "U", well jump back +to CS:2902 (i.e. G 2902) and proceed through again. Keep doing this until +you have entered all the following commands: + + U = to get your character to use an item. + TAB, Left arrow key = moves over to your inventory, then select + prybar. + Down arrow key = Points at hatch. + +Now, after you do the last input, proceed on through the program. When you +come to the following: + + CS:0831 CALL FAR [BP-0E] + +Trace through this call statement (proceeding through it will execute the game). +After tracing through, you'll see this: + + CS:0066 INT 3F + +This is another form of a CALL statment. Trace through it (proceeding through +will execute the game). Now, keep going until you come to the following: + + * CS:0A81 JNZ 0A9D + CS:0A83 PUSH AX + CS:0A84 CALL 2D04:4759 + CS:0A89 PSUH AX + CS:0A8A MOV AX,3DAF + CS:0A8D PUSH AX + CS:0A8E MOV AX,183C + CS:0A91 PUSH AX + CS:0A92 CALL 3433:33F8 + CS:0A97 ADD SP,+06 + CS:0A9A JMP 0B51 + CS:0A9D MOV AL,[6ED6] + CS:0AA0 MOV AH,00 + CS:0AA2 TEST AH,0010 + * CS:0AA5 JZ 0AC2 + CS:0AA7 MOV AL,[6ED6] + +Here's the deal. Those two marked jump statements are the key to the whole +thing. The comparisons made are trying to determine if you have answered the +question already and correctly. What you want to do is get the program to +go to the addresses listed in the statements all the time. So change them +to say: + CS:0A81 JMP 0A9D + CS:0AA5 JMP 0AC2 + +This will jump past the copy protection completely. Now, to explain how I knew +to do this. What I did is proceed through to the doc check itself, and then +entered a correct answer, followed the program through until it got back to +where you could enter commands again (CS:2902), and then I did those commands +again (if you recall, you have to open the door twice). This time, I followed +through, making note of all the jump statements, seeing where it went, until +it opened the door for me. Next, I went back in with the debugger and got back +up to the doc check and entered a wrong answer, then followed it through, until +it got back to CS:2902, and then I entered the commands again, and followed it +through, making note of the jump statements. After I got past a certain point +(past the address where it opened the door on a correct answer) I compared +the jump statements between the two scenerios, and found the differences, so +I changed the jumps to always think that you've already entered a correct +answer (As shown above). You'll need to know some right answers to do this, +so what I reccommend is either getting a copy of the docs, or get your +encyclopedias handy (some of the questions asked are actual historical facts). +I'll now describe how to get to the doc check, if you want to try this out +for yourself. + + Okay, you've traced throught CS:0831 and CS:0066, right? And now you're +proceeding on. You'll eventually come to the following: + + CS:0ABA CALL 417E:0034 + +Trace through this, to get to this: + + CS:0034 INT 3F + +Trace through this as well. (Remember what I said above about it being a type +of call statement). Now, proceed on. You'll next come to the following: + + CS:0396 CALL 0000 + +Trace through this and then proceed on. You'll next come upon this: + + CS:0156 CALL 4183:0034 + +Tracing through will once again bring you to this: + + CS:0034 INT 3F + +Trace through again, and then proceed on. You'll next hit a bunch of CALL +statements that will load in graphics pictures and text. Just keep proceeding +on. (Just so you know where you are, some of these CALL statements will be at +these addresses): + + CS:1A0F CALL 2015:1E2B + CS:1A67 CALL 1675:024B + +Now, you'll come up to the following: + + CS:1E9E CALL 1756 + +This is the doc check. Proceed through, so that it is loaded in. It will ask +the question and then boot you back to the program, so proceed on. You'll next +come to: + + CS:1B6B CALL 3433:33F8 + +This will wait for you to press enter, then put you back in the program. So +press and proceed on. Next you'll come to this: + + CS:1B80 CALL 3433:2AF1 + +This will wait for you to enter your response to the question. So enter a right +answer, and then press , and now proceed on. Keep going on until you get +back to where I described up above, and do as I mentioned. This will show +you why I changed those jump statements. So, when you're through with this, +be sure to save the changes, and if you've forgotten how to save, here's a +little memory refresher: + + -----------------------Saving the Changes----------------------- + Remember now, that debuggers can only write to .COM and files + other then .EXE (with the W command). One way to save the + changes (the more unreliable way) is to rename the .EXE file to + Something like .HEY or whatever, and then going in and searching + for the data to be changed (with the S command). Now edit the + data as normal, and save with the W command. Exit out + (Q) and rename the .HEY file back to .EXE + + *** This will not always work *** + + Another way to save changes is with a sector editor (The two most + widely used are Norton Utilities and PCTools). Search for the + HEX values (the values I told you to write down) of the data in + front of, including, and after the statement. When you find + The statement, edit it. (i.e. Changing the HEX values of a CALL + statement to read 90 90 90 90 90 (90 is the HEX value for NOP)). + Also, make sure that you write down the new hex values after + changing the assembly code in the program with the debugger. + Then you'll replace the original HEX values with what you want + them to be. + ------------------------------------------------------------------ + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Sample Crack-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= +Software Name: Castles +Software Company: Interplay + +Here is a walkthru for cracking a config/setup type copy protection. This will +be fairly simple to crack, so get relaxed. +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + +Method: Changing Jump Statements + + Obtain an uncracked copy of Castles, and prepare your debuggers. First +off, you'll notice that you need to run the setup program to get the game +configured for your system so it can be properly run. When you enter the +options to fit your system, you'll then be asked a question from the manual, and +it will then write a number into the batch file it saves. If you answer wrong, +it will write a "wrong" number in the batch file, and if you answer right, it +will write a "right" number in the batch file. To remove any possible +complications and hassles, we're going to remove the question and remove where +the game checks to see what the number is. So, two cracks will be needed. One +in SETUP.EXE, and the other in CASTLES1.EXE. Load SETUP.EXE into your debugger +and start proceeding. + + Now, you'll come up to the following: + + CS:00EF CALL 14DD:0B69 + +Trace through this and start proceeding. + +*** Note that I will not be mentioning when the graphics mode is switched or +when it calls in graphics pictures. You should know what they are by now *** + +You'll come up into a loop that goes back and redraws the menu screen. IF you +keep proceeding through the loop, it will be a slow process trying to configure +your system, so just jump past that jump statement to CS:0BC5. This will allow +you to enter your setup options. After doing this, select continue, and press +enter. Now, proceed on. You'll notice the following soon: + + CS:0BCD CALL 033A + +This is the doc check. Proceed on and see what happends. At CS:0BD8 CALL 04E3 +it will write that number to the batch file. So, let's get rid of the question. +We want it to just jump past the doc check, and save the configuration to the +batch file, so do this. Notice before the doc call at CS:0BCA there is a +JZ 0BDF. This can be changed to: JMP 0BD7, thus jumping past the doc +CALL, and onto the part where it writes the number. Next, proceed on, and +you'll come to this: + + CS:0BE8 JZ 0BF0 + +This is comparing what you entered and if it's wrong, it will exit out and +tell you to try again, and if it's write, it'll jump to CS:0BF0. So let's +just tell it to jump to 0BF0 all the time. (i.e. CS:0BE8 JMP 0BF0). + +Now, save the changes and let's start on the game. Load CASTLES1.EXE into your +debugger (Make notice of the parameters set in the batch file, because you'll +need to specify these when loading it into the debugger, so that it will run +the way you configured it on your system - i.e. DEBUG CASTLES1.EXE /VGA +/NOTITLE /NOMUSIC) Start proceeding through. + +You'll come up to the following: + + CS:00EF CALL 1DDD:0752 + +Trace through this and proceed on. Next you'll come to some jump and CALL +statements. If you proceed through, it will kick you out to DOS, so make note +of the following jump statements, and what they are doing: + + CS:0669 JZ 0670 + + CS:0678 JNZ 0680 + + CS:067E JZ 0691 + +If you notice what happends when you proceed through on a wrong number, you'll +see that the following needs to be done to those jump statements, so that +we jump around the statements that call to verify the copy protection: + + CS:0669 JMP 0670 + + CS:0678 NOP NOP + + CS:067E JMP 0691 + +Now, save these changes, and you're all done. The Setup program will no longer +ask the question, and the game itself will no longer check to see if you +answered the question right. So you're congratulate yourself. + +-------------------------------------------------------------------------------- + + Hopefully this will aid you on your quest to become a crackist. And remember, +don't get in over your head by attempting to crack something difficult, 'cause +it won't help ya at all, G. Laterz... + + - The Psychopath diff --git a/textfiles.com/piracy/CRACKING/mhpcnws5.txt b/textfiles.com/piracy/CRACKING/mhpcnws5.txt new file mode 100644 index 00000000..9a649e1f --- /dev/null +++ b/textfiles.com/piracy/CRACKING/mhpcnws5.txt @@ -0,0 +1,344 @@ + Midnights Hackers Private Club + + Where members or hackers groups come to exchange ideas, and show + off skills. + + **** A Cracking Guide For Advanced Amateurs Part II**** + + An Article By: + + The Psychopath + + TABLE OF CONTENTS + ------------------- + + I. Introduction and Overview + II. Types of Cracks + A) Doc Check with a small Loader + B) Doc Check with a complex Loader + III. Closing Remarks + +-------------------------------------------------------------------------------- +Introduction: + + This is my third edition on cracking tutorials. This one will provide +more information on the art of cracking as usual, and will provide a comparison +of 2 similar doc checks that vary in difficulty. Take the learning process slow, +and just let it come to you. Remember, don't try tackling too much at once. +Experience is the best teacher. Just a friendly little reminder here... +ALWAYS, ALWAYS make backup copies of the programs before you tamper with them +with your debuggers and sector editors, because if you screw up and write to +your only copy, you're plain outta luck holmes. + + Cracking programs used in this issue: + DOS Debug + + Acquire this if you don't already have it. This is the basic cracking +tool, and is my favorite. There are some advanced debuggers out there with +menus and fancy features, but when they fail, debug will come through for ya. +But of course, having the other debuggers can be handy at times, so I suggest +finding them if you don't already have them. Some good ones to get are: + Turbo Debugger (2.0 or greater) + Soft Ice (2.5 or greater) + Code View + + I will no longer tell you how to access a debug command, so here's the +last time that I will refresh your memory as to what they are. If you don't +know what they mean by now, then you should go back and re-read my previous +articles. + +Command Function +------------------------------------------ +*A [address] Assemble + C range address Compare + D [range] Dump + E address [list] Edit + F range list Fill +*G [=address [address..]] Go + H value value Hex + I value Input + L [address [drive:record record] Load + M range address Move + N filename [filename] Name + O value byte Output +*P [=address][value] Proceed +*Q Quit +*R [register-name] Register +*S range list Search +*T [=address][value] Trace +*U [range] Unassemble +*W [address [drive:record record] Write + + [* Indicates the only ones you need worry about for now. They are the main + commands that you use). Basically, you will enter the letter command and then + return (). Addresses only need to be specified based on necessity. (for + example, you could just enter G and it would execute. Specifying an address + would set a break point. (run the program up to that address). For P and T, + just enter the letter name and . It's quicker.] + + Further explanation of the commands is provided in your DOS users manual. +Read it for yourself. + +-------------------------------------------------------------------------------- +Cracking Documentation Checks With Game Loaders: + + Okay, the most common form of copy protection is the documentation check. +Doc checks are usually at the beginning of the software, with a few exceptions +(some being in the middle or at the end). They range in variety from simple +text questions, to having graphic and mouse interfacing. They, of course, +range in difficulty from being extremely easy to being near impossible. + + In this issue, we're going to take a look at a programmers attempt to +cause frustration for us crackists. Someimtes you'll come upon a game that will +have you run one program, which will in turn run the main program. And of +course, you have to run the first (loader) program or the game won't work right. +Well, this poses a problem with debugging, for you can only load in one program +at a time, and most likely you won't be able to trace through one program to +get to the other, so how do we get to the copy protection and remove it? Well +let's go through two sample cracks and find out for ourselves eh. + + Hopefully you remember what types of copy protection ASSEMBLY commands +to look for, and how to couteract them, cause I won't refresh your memory for +you....you'll have to re-read the past articles if you forgot. + + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Sample Crack-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= +Software Name: Gateway to the Savage Frontier +Software Company: S.S.I. & Beyond Software + +Here is a walk through for cracking a simple attempt at a loader along with +a simple doc check. This should be eazy to follow, so let's get going eh. +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + Find an uncracked copy of Gateway to the Savage Empire. Now then, you'll +notice that there is a batch file entitled START.BAT This is what we run to +load in the game. Well, let's see what it's doing. Type the batch file out. +You should see this: + + @echo off + start1 + if errorlevel 1 goto end + go + :end + + Now, if we run this batch file, it will execute START1.EXE which will +allow you to specify your graphics, sound, mouse, etc. etc., and when that's +done, it returns to the batch file, where you'll notice GO.BAT is then executed. +Let's look at GO.BAT and see what it's doing. You'll see something similar +to this (depending on the graphics and sound and such that you selected): + + ibmsnd + game UseStart + ibmsnd U + +Notice that the UseStart is a parameter specification on the game. If we +try running GAME.EXE it will tell us to run start. Well, this is so simple +it's not even funny. Notice what start does. It sets up your system +specifications, then loads in the game. That UseStart parameter is the key +to the whole thing. Instead of typing just "debug game.exe" specify the +parameter as well (this will happen quite often with games that use parameters. +They must be specified in the debugger if you want them loaded in). Type "debug +game.exe UseStart" (and the capital/lower case letters ARE significant in the +paramater settings). Now, we're ready to begin. Start proceeding. + + At CS:0037 CB RETF, you'll do a far return to a new code segment address, +at CS:0038, here you'll proceed on. You'll hit a bunch of comparison jumps +that will keep looping you around till you eventually get to CS:00DE, where you +can start proceeding forward again. ('Course if you're smart you'll just take +my advice and jump from CS:0038 to CS:00DE and proceed from there). Next +you'll come to: + + CS:00FE 2E CS: + CS:00FF FF2F JUMP FAR[BX] + + Proceed through this and you will be at a new code segment address at +CS:0019, where you will find a long series of CALL statements. Start proceeding +through them. You'll hit some that will load in the graphics and the title +screen and such (if you press control-C when the Beyond Software screen appears, +it will skip the intro screens). You should eventually come to: + + CS:01CE CALL 1303:002A + + This address calls in the option that will ask you if you want to PLAY the +game or view a DEMO. We of course, want to play, so select play and press +enter. Now, proceed on. It will eventually bring you up to this address: + + CS:0208 JNZ 0216 + CS:020A CMP BYTE PTR [5D8E],00 + CS:020F JNZ 0216 + + Now, we've already selected that we want to play the game, so what do you +think this comparison means? Could it be that it's determining wether or not to +load in the doc check? Well I do believe so. If you don't believe me, proceed +on. You'll hit a CALL statement at CS:0211 That will load in the copy +protection. So how do we remove this? Well, what I suggest doing is changing +the jump at CS:0208 to read CS:0208 JMP 0216. + + This will tell the program to jump directly to CS:0216, thus skipping over +the copy protection completely. Now, wasn't that simple. Just save the +changes and you're done. + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Sample Crack-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= +Software Name: Time Quest +Software Company: Legend + +Here is a walkthru for cracking a more complex loader that calls in a +moderately difficult doc check. +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + + Obtain an uncracked copy of Time Quest, and prepare your debuggers. Okay, +Here's the situation. The main part of the game is in the file TIMEMAIN.EXE, +but we have to run TQ.EXE in order to play the game. If you try running +TIMEMAIN.EXE, it will (as I mentioned) tell you to run TQ.EXE to load the game. +So what do we do? Unlike the previous sample crack, there are no parameters +that are displayed that we could load into the debugger. The TQ.EXE file loads +in part of the title screen, and determines your graphics and sound modes, so +we're in a bad situation. + + If you try debugging TQ.EXE to get to TIMEMAIN.EXE, the following will +happen. You'll eventually reach the part where a CALL statement loads in +TIMEMAIN.EXE. The program will take control or lock up. So naturally, you +try tracing through, till you get to another CALL statement that does the same +thing. You'll keep doing this until you get to the INT-21 that loads in the +TIMEMAIN.EXE, and it will lock up there....if you trace through, it will take +you to a part of the program that you don't ever want to tamper with. You'll +be where it makes all the jump comparisons for all the INT-21's. Proceeding +through this area will most likely bring up a message like "System Halted. Can +Not load Command.com" so now were stuck....or are we? + + Now think for a minute and get creative. TQ.EXE somehow loads in +TIMEMAIN.EXE. So what if we can trick TIMEMAIN.EXE into thinking that TQ.EXE +has already been run. All we'll do in the process is leave out the Legend +Software title screen. And, hopefully, we'll enact the default settings, which +will bring in CGA graphics. This will make it easier to see what's going on, +because with the CGA graphics, it's in black and white, and very simple +structure, which is what we want when stepping through a debugger. So, let's +get started. Load TIMEMAIN.EXE into your debugger and start proceeding. + + You should come to CS:0548 JMP 29B1:09A2 where you will proceed through, +jumping to a new code segment address. Keep proceeding on. You'll come to +CS:0A20 where you'll then be kicked into a new code segment address. Proceeding +on will just bring you back to CS:0A21, so instead of going through all that, +jump to CS:0A21 before you reach CS:0A20, and then keep proceeding. + + After you reach the following: + + CS:0A41 CALL 232E:1AFB + + Trace through here, and keep going (proceeding through this call statement +will terminate the program and bring up that message telling you to run TQ.EXE +first). Keep proceeding till you come to the following: + + CS:1B12 CALL 18CA + + Trace through here, and keep going (proceeding through will have the same +result as the above mentioned). Now, you'll soon see the following: + + CS:18D6 CMP WORD PTR [BP+06],+09 + CS:18DA JZ 18F6 + + If we just proceed through these, the program will soon terminate as +above mentioned, but if we jump to 18f6, the game will start to load, so let's +fix this by changing CS:18DA to be the following: + + CS:18DA JMP 18F6 + + Note, that this change is not to be permanent. It is merely a temporary +change to allow us to load in the game so we can make the permanent chane to +the copy protection. Now then, proceed on. You'll hit a CALL statement that +will switch to the graphics mode, then you'll eventually reach: + + CS:1AFA RETF + + Proceed through this, and you'll return back to CS:1BC5. Proceed on. You +will hit a few calls along the way that will load in the screens, and eventually +you'll reach: + + CS:1C68 CALL 1F6F:188B + + This will call in the option that lets you type in a command, so type in +the following commands in this order (and note, that after you press enter, +you'll be back in the debugger. Instead of proceeding on, which will +eventually bring you back to CS:1C68, just go to 1C68 again and proceed through. +It will wait for you to input another command. Keep doing this until you've +input all the commands). + + wait + wait + w + open drawer + take card + enter interkron + put card in slot + timeset rome 44 + + Now, after entering the last command, (DO NOT JUMP back to 1C68 again) +proceed on. You will eventually come to: + + CS:2496 CALL 0D40 + + Trace through this call statement (proceeding through will bring up the +doc check). Now, proceed on until you eventually come to: + + CS:106E CALL 1B46:05C5 + + Trace through here (for the same reason as mentioned above), and then +proceed on and you'll eventually reach: + + CS:05F5 CS: + CS:05F6 JMP [BX+0B14] + + Proceed through this (If you ever try jumping (with the go command) to a +two part jump statement like this, make sure you go to the address with the +"CS:" and not the JMP, otherwise you will screw up the program and it will +jump you to the wrong place). Trace through: + + CS:09FC CALL 1CA7:1520 + + Now, proceed on till you come to: + + CS:160C CALL 45EA:1F8E + + Trace through this, and then trace through the call statement that you +immediately come upon, which is: + + CS:1F8E CALL 4537:0307 + + If you proceed through this, it will try to access your floppy drive, +because it won't be able to find the overlay file, so trace through it. Now, +proceed on till you get to CS:0379, where you will be taken back to CS:1F95, now +keep proceeding on, and you will go through a series of jump compare statements, +if you keep going on, you will eventually hit: + + CS:029F CALL 1E35:000C + + This is where the doc check will pop up. These jump comparisons are the +key to the doc check. If you notice, at: + + CS:029D JNZ 02B5 + + Here, is where it makes an obviously important comparison. Why is it +important you ask, well because look at what happends. If the value it's +comparing is zero, it proceeds on to CS:029F, where the doc check comes in, +so what happends if the value is not zero? Well, let's find out. Change +CS:029D to read CS:029D JMP 02B5 and then proceed on. You will soon hit a CALL +statement that will give a message displayed only after you pass the doc check, +thus we know we made it to the right area. So just make that change at CS:029D +permanent. And just to give you a little hint, the change you need to make will +have to go in the overlay file. So, now we're done. Wasn't so tough after all +now was it. + + ** Notice. This cracking scenario for Time Quest was done without any saved + games. Having saved games will effect the debugging process. You will + have a few other detours along the way before you get to CS:1C68, so either + try it on your own, if you have saved games, or move your saved games to + a different directory and try it without them first. It'll be easier. ** + +-------------------------------------------------------------------------------- + + Hopefully this will aid you on your quest to become a crackist. And remember, +don't get in over your head by attempting to crack something difficult, 'cause +it won't help ya at all, G. Laterz... + + - The Psychopath diff --git a/textfiles.com/piracy/CRACKING/nags.txt b/textfiles.com/piracy/CRACKING/nags.txt new file mode 100644 index 00000000..d366aed2 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/nags.txt @@ -0,0 +1,212 @@ + 8/24/97 + + How to USE nag screens? + ======================= + + Introduction + ------------ + +What I`m about to teach in this tutorial, is simply how to USE nag screens, +yeah yeah, it sounds redicules, and, I`m not sure that i`m not inventing +the Wheel here, but, I've never seen any tutorial about this issue... + +I`ll assume you have the knowledge in: + +1.SoftIce (Winice will be more percisive...). +2.cracking (ie, about 2-3 months of cracking..). +3.Nag Screens (How to kill'em - but, that's of course not what will be discussed + here). + +Tools you`ll need for this tutorial: +1.SoftIce 3.00/01. +2.Hex Work Shop (ANY VERSION) / or any other good Hex Editor. + +Programs that will be discussed in here: + +1.DeskWipe v1.2 : URL - Http://Home.sol.no/Frankm +2.Idyle Phone Book Pro 97 V2.21 : URL - Http://www.idyle.com/ + + + Some words for start + ---------------------- +What we're going to be doing here, is to use the nag screens in order to +get to the registration routines, in programs that newbies usually find +hard to handle - The programs that have NO visible registration info... +Which means, programs without register boxes... etc.. + +Our basic method here, will be to set a break point on a messagebox , or +some other forms of nag screens that will be discussed here later, +then , after breaking in the nag screen routine, look back in the code, +and see what condition brought us to the nag screen, then, break point in that +condition (ie, je,jz,jnz etc....), and disable it... ;-) +Sounds like we`re just about to start our cracking here...... :) + + +The first program I'd like to discuss is one of the simplest... + + DeskWipe 1.2 Cracking (Using nag screen). + --=========================================-- +OK, we're all set with SoftIce running? +great, lets start the program to see the actual protection scheme... + +After launching DeskWipe 1.2 , quickly pops a nag screen, errrgh! sux! +Lets Exit the program , and set a bp on messageboxa, then, run it again... +oh, no ;`[ , we're lost, messageboxa wasn`t such a lucky guess, +Hmm..... Now, we can use our knowledge in nag screen (which is not too hard +to achieve btw...;)), while we're in the nag screen, press CTRL+D, And, +type hwnd deskwipe... +U`ll see only one button , BMSG on it, (For me , it gave 0688...). +Now, press CTRL+D, and follow my instructions FULLY! (I'd really wish to +talk to you guys about these stuff, but, thats not for this tutorial, +and, it won`t serve my targets...). + +1.After pressing CTRL+D , you`ll pop again in SICE, press F12 9 times. +2.press F10 several times, until you get to this instruction: + . + . + . + MOV EAX,[EBP-04] + MOV EAX,[EAX+00000128] + TEST EAX,EAX + JZ 420940 / This one, u`ll have to NOP in order to pass the nag screen, + / because, this is the condition, if the Button was pressed + or wasn`t... (That was just a side comment). + . + . + . + NOP the JZ... +3.now, we can Continue pressing F12 7 more times... + until we're popped in this instruction: + . + . + . + CALL 00425728 + POP ECX + POP ECX + . + . + . + Let's now press CTRL+UP several times, (to see the above code, that brought + us to this nag screen) + Until you get to this: + MOV EAX,[429664] / The initial value for the registration routine + CALL 425FFC / The registration routine itself!!! ;) + INC EAX / The Boolean identifier, that's used to determine if + JZ 426EA6 / The registration was successful... + . + . + . + I`ll leave you guys the job to Register this program (NOTE that in order + to crack this one with Patching, you`ll HAVE to change EAX's value INSIDE + the registration routine, But, it won`t be the BEST crack, for making the + BEST crack, you`ll have to make a license file... - I`ll leave this job to + you, I`m not trying here to teach how to do key files, I already assume + that you can handle the registration routine by yourself... ;)) + + + Well , that's it for this program , Now , Let's move to some harder + Job... ;) + + Lets Crack Idyle Phone Book Pro 97 Now!! + + Phone Book Pro 97 V2.21 Cracking!!! + --===================================-- + +I'd like to take these lines to GREET the author Damien Rame for a GREAT +interface, I've never seen a better phone book!!! If you use this program, +please send him money! he deserves that! +This one, is about to be harder to do than the other one we've seen. +I`m about to do patching here , just to give you an example of a CRC checking +that's kicking ya from the program if it detects patching (this one, is usually +done by doing CheckSum to the EXE, and , comparing it with a Value that's +kept somewhere.......). +We're all set with our little SoftIce? :) +great! +Lets launch the program... +press the About/Register button... +Hmm, interesting... the author seems to be pretty smart, look what he did, +he DIDN`T give ya ANY buttom to press in order to tell the program to check +the registration info that was entered!!! +How do we solve this problem? +Well, it's obvious that the program checks the registration info in REAL TIME +(ie, when you enter it in the dialog box). + +OK, Let's try something here: +I entered Name :^pain^ '97 + Reg Code: 9999999 +Wait, Let's Press CTRL+D, and, set a bp in HMEMCPY,then , press CTRL+D again, +and, add another char to the reg code... +YES! we popped right next to the registration routine... +Let's press F12 now until we get to the program code, and, trace the code +until we get to this instruction (The registration routine): + +. +. +. +MOV EDX,EBX +MOV EAX,EBX +CALL 49616C +TEST AL,AL +JZ 004968B4 +. +. +. +Now, it's obvious what u should do, trace in the registration routine, +Set a bp on some code in the registration routine, and, restart the program. +(Don`t worry, I know what I`m doing...) +After we pop back in Sice... +Exit the routine, and ,do the patch OUTSIDE the routine!!! (VERY IMPORTANT!) +(ie, TEST AL,AL ===> OR AL,01) + +Now, we're all set for the point I want to discuss... :) +Launch the program! +Oh shit,Now Look what happens!!! This program does CRC checking!!! (Did I ever +say the author is smart??? ;-)) Although, he did a stupid thing... +Left us a MSG TYPE ERROR BOX!!! (That says there was a CRC error, and that the program +will now be terminated!!!) Let's use this shit! :)) + +Launch the program AGAIN! +when you get to the Error Button. +1.Type in Sice HWND. +2.BMSG on the ONLY button that PHONEBOOK uses. +3.Press CTRL+D +4.Press F12 5 times. +5.Press F10 until you get to this instruction: + . + . + . + Mov EAX,[EAX+00000150] + TEST EAX,EAX + JZ 00430CE2 / Nop the JZ... + (Only a temporary change for passing the msg box). + . + . + . +6.Press F12 8 more times. +7.Press CTRL+UP some times, until you see this: + CALL 445570 / CRC Checking routine... :) + CMP EBX,-2 / Boolean Identifier. + JNZ 459409 + + Now, All you have to do, is to change the CMP EBX,-2 ==> MOV EBX,01 + JNZ 459409 ==> JMP 459409 + And , we're all set! ;)) + simple eh? :) + After nopping it, patch the EXE, and, you have a FULL crack! :) + + NOTE that that's not how I did the crack, I did a better patch, but, I really + don`t remember now wtf did I patch, and, it's not really important for our + discussion ;) So, you`ll have to forgive me... + + +Well, I think that's it, I've cleared my point, and , I think it's time to +Sign off... +Hope you found this info interesting.....(I wouldn`t like to spend my time for +nothing... ;-)). + +Ohhh...... almost forgotten, I'd like to greet the following dudes: +Acp,Niabi,JosephCo,_rANDOM,|KAIRN|,Razzi,Yoshi,GrimL0ck,kOUGER,Odin, +[J0B],Qapla,Leddy,TeRaPhY!,All the great guys in +#cracking & #Cracking4newbies And all the rest of you M$ fighters I've forgotten! + +Signing off - ^pain^ [mEXELiTE] in the year of 1997 - diff --git a/textfiles.com/piracy/CRACKING/od-crk1.txt b/textfiles.com/piracy/CRACKING/od-crk1.txt new file mode 100644 index 00000000..9939fda2 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/od-crk1.txt @@ -0,0 +1,482 @@ + + odin's_________ _______ ______ _____________ + ____\ /____\ /________\ /____| /_____/_______ _________ + / _____/ _____/ __ ___/ '____/ / | \ _____/___ + / | \ || | | | \ . \ | | | \__ / + \_____ \___| \____ |____ \___| \___|____| |_____ | + |_______/ `----' |_____/ |______/ |____| |_____| + tutorial v1.51 + + TOPIC: CRACKING/PATCHING SOFTART'S DESKEY v1.02.010 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +X. TABLE OF CONTENTS +~~~~~~~~~~~~~~~~~~~~ + 1. FOREWARDS + 2. INTRODUCTION + 3. TOOLS USED FOR THIS + 4. THE CRACKING STARTS + 5. MAKING A PATCH + 6. THE URL'S + +1. FOREWARDS +~~~~~~~~~~~~ + Welcome. So how come you're interested in reading this tutorial? +Perhaps you think cracking is cool and seems easy, and that cracking +is a way to be famous on the internet today. Well, if you think +like this please stop reading now. Why? Mainly because most crackers +don't crack because they think it's "cool." and want to be famous. +Cracking is something they actually do because they think its a great +thing to spend their precious time on, believe it or not. Most crackers, +not to say all, also code in one or several computer languages. + On the other hand if you're very interested in how computers work +internally, and you like to program in languages like Pascal, C++ and +Assembler, then I believe this tutorial is worth reading for people +such as you, and you might even learn something from it. + If you're the third category, you've been learning cracking for +some time now and read every little article about cracking you +can get, then this tutorial also is very good to read. You can always +learn something that you didn't know before. Even I can learn things +I didn't know by listening to others and reading various text files. + + To become a cracker will take several years. And to become a good +cracker will take even longer. The key to success is practice and, in +my point of view, learning and listening to other crackers. + +I'll skip the most things about how SoftICE works because there +are several good tutorials out about that. One is Exact's SoftICE +tutorial, very good and recommended reading. + + +2. INTRODUCTION +~~~~~~~~~~~~~~~ + This text files purpose is to show and hopefully learn +you how to patch away a time limit of a program. The program we will +use is SoftArt's Deskey. It isn't necessary to patch this program +because you can also enter a registration code in the registry to +get the program to work fully, but then you have to write a keymaker +because the code depends on the Windows name and company (the one +you enter when you installed Windows 95). So we're going to do it +the lazy way and patch it. There are of course other ways to +do this crack. + +3. TOOLS YOU WILL NEED FOR THIS +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + (1) SoftICE 2.0/3.0, of course, our beloved debugger. + (2) Ultra Edit or another good hex editor. + (3) A patch generator, or if you write the patch yourself + as I do. + +4. THE CRACKING STARTS +~~~~~~~~~~~~~~~~~~~~~~ + Ok, let's begin with removing the semicolon from the user32.dll +and kernel32.dll lines in SOFTICE.DAT if you haven't done so already. + + Now let's do some detective work, by checking the Deskey help +file. You'll notice that this program will stop working after +60 minutes. This limit is what we're going to remove. There +are a few possible solutions for the programmer to obtain this +limit. To check which functions the program use, let's test the +approach Qapla used in his tutorial: + Start the explorer and press the right mouse button on the +Deskey exe file. Now choose Quick-View. You'll notice all the +calls the program uses and which dll's store the code for +the calls. When you look at them, you'll notice some interesting +functions. + + Import Table + ------------ + + . + . + . + . + KERNEL32.dll + Ordinal Function Name + ------- ------------- + . + . + . + 008f FreeLibrary + 0188 MultiByteToWideChar + 011d GetSystemTime <----- Interesting + 00e4 GetLocalTime <----- Interesting + 025d lstrcmpiA + 00ca GetDateFormatA + . + . + . + USER32.dll + Ordinal Function Name + ------- ------------- + . + . + . + 00ec GetDlgItemTextA + 007d DefWindowProcA + 01fe SetTimer <----- Interesting + 01a2 PostMessageA + 0224 TrackPopupMenu + 01b8 RemoveMenu + . + . + . + +Ok, as you see I'm interested in 3 different calls. We can try +to see if the program uses KERNEL32!GetSystemTime(); and +KERNEL32!GetLocalTime();. Enter SoftICE and put a breakpoint +on these two. Enable them just when you're about to start +the program. If you do it before, you risc to break on these +calls used by another program. So just before you start +Deskey, enable these. Ok, now you started it and program pops +up in the traybar. Nothing happens. Oh well, then we can +exclude these ones. Actually a cracker might have excluded them +from the beginning and tried some other calls first. Why? +Probably because a programmer usually uses these calls if the +program has a 30-day limit, not a 60-minutes one. Ok, now +we have one left to test, USER32!SetTimer();. Exit Deskey and +put a breakpoint on SetTimer(); just before you start Deskey. +Finally, SoftICE detected the use of this function by Deskey. +Press F11. It should look something like this now: + + . + . + . + 0137:0040397F 833D1890400000 CMP DWORD PTR [00409018], 00 + 0137:00403986 7409 JZ 00403991 + 0137:00403988 833D1C90400000 CMP DWORD PTR [0040901C], 00 + 0137:0040398F 7421 JZ 004039B2 + 0137:00403991 6A00 PUSH 00 + 0137:00403993 A128904000 MOV EAX,[00409028] + 0137:00403998 6880EE3600 PUSH 0036EE80 + 0137:0040399D 6834120000 PUSH 00001234 + 0137:004039A2 50 PUSH EAX + 0137:004039A3 FF158CB44000 CALL [USER32!SetTimerA] <-- you're here + 0137:004039A9 8BBC24AC060000 MOV EDI,[ESP+000006AC] + 0137:004039B0 EB12 JMP 004039C4 + 0137:004039A9 8BBC24AC060000 MOV EDI,[ESP+000006AC] + 0137:004039B0 EB09 JMP 004039C4 + 0137:004039A9 8BBC24AC060000 MOV EDI,[ESP+000006AC] + 0137:004039B0 EB07 JMP 004039CB + . + . + . + +Let's check the SetTimerA function in our we-cant-be-without-it +API guide: + + The SetTimer function creates a timer with the specified time-out value. + + UINT SetTimer( + HWND hwnd, // handle of window for timer messages + UINT idTimer, // timer identifier + UINT uTimeout, // time-out value + TIMERPROC tmprc // address of timer procedure + ); + . + . + . + uTimeout + Specifies the time-out value, in milliseconds. + . + . + . + +Aha, let's check on the code again: + + 0137:00403991 6A00 PUSH 00 <-- tmprc + 0137:00403993 A128904000 MOV EAX,[00409028] <-- pushed later + 0137:00403998 6880EE3600 PUSH 0036EE80 <-- uTimeout + 0137:0040399D 6834120000 PUSH 00001234 <-- idTimer + 0137:004039A2 50 PUSH EAX <-- HWND + 0137:004039A3 FF158CB44000 CALL [USER32!SetTimerA] <-- you're here + +Hmm, very interesting indeed, let's check the value 0036EE80 in +the SoftICE debugger: + + :? 36ee80 + 0036EE80 0003600000 "6" + +An even and nice value. And if you read further in the API help +file you'll notice that the uTimeout should be in milliseconds. +1 second is 1000 milliseconds. Let's do some calculating: + + 3600000/1000=3600 seconds. + + 60 seconds*60 minutes=3600 seconds, which is 1 hour + +We've found the right one! This call creates a timer which will be +checked when the program process the WM_TIMER message from Windows. +The WM_TIMER message is sent when 1 hour has past. Let's check +the API reference once more: + + WM_TIMER + + wTimerID = wParam; // timer identifier + tmprc = (TIMERPROC *) lParam; // address of timer callback + + The WM_TIMER message is posted to the installing thread's message + queue or sent to the appropriate TimerProc callback function after + each interval specified in the SetTimer function used to install a + timer. + . + . + . + +So now we know where he creates the timer. If you remove this +SetTimer(); call the WM_TIMER message will never be sent, +resulting in that the 60 minute limit will be REMOVED!! Let's +take a look at this example code below: + + SetTimer(hwnd, idTimer, 0x36EE80, tmprc); + ^-- hex value + + WM_TIMER: { <-- this structure is reached when + PostQuitMessage(0); the hex value above reach 0. If + ^-- will exit the program the timer never is set this + } structure wont be reached. + +This is very simple to understand, I hope :-). +So perhaps you think, "hey, let's NOP away the whole structure" + + (for those of you not familiar with NOP: it means NO OPERATION + and are very commonly used when patching. The computer will + do nothing when it executes this instruction.) + +Nono stop! Don't NOP away the whole call. Well first of all +a good rule when patching is that, never alter the code more +then you actually need. It looks nice (who'll notice anyway), and +it decreases the chance of program crash due to doing something +stupid. So how should we do instead? Well let's check that code +once more: + + . + . + . + 0137:0040397F 833D1890400000 CMP DWORD PTR [00409018], 00 + 0137:00403986 7409 JZ 00403991 + 0137:00403988 833D1C90400000 CMP DWORD PTR [0040901C], 00 + 0137:0040398F 7421 JZ 004039B2 + 0137:00403991 6A00 PUSH 00 + 0137:00403993 A128904000 MOV EAX,[00409028] + 0137:00403998 6880EE3600 PUSH 0036EE80 + 0137:0040399D 6834120000 PUSH 00001234 + 0137:004039A2 50 PUSH EAX + 0137:004039A3 FF158CB44000 CALL [USER32!SetTimerA] <-- you're here + 0137:004039A9 8BBC24AC060000 MOV EDI,[ESP+000006AC] + 0137:004039B0 EB12 JMP 004039C4 + 0137:004039A9 8BBC24AC060000 MOV EDI,[ESP+000006AC] + 0137:004039B0 EB09 JMP 004039C4 + 0137:004039A9 8BBC24AC060000 MOV EDI,[ESP+000006AC] + 0137:004039B0 EB07 JMP 004039CB + . + . + . + +The CMP (compare) instructions above seems very interesting. +As you might notice, the one at 00403986 will jump to 00403991 +and start the timer. If you check the JZ at 0040398F it will go +to 004039B2 and therefor jump over the timer, resulting in +that there will be no time limit. So to solve this simple +problem just change the JZ 00403991 at 00403986 to JMP 004039B2 +instead. Like this: + + 0137:00403986 7409 JZ 00403991 + ---> to ---> + 0137:00403986 EB2A JMP 004039B2 + +Now let's apply the patch to the exe file. Load up your favorite +hex editor. In this case I'll use Ultra Edit. Now load the exe file. +Choose search and enter the following bytes: 68 80 EE 36 00. +So why do we search after these? Well that's very easy. Check the +code once again: + + 0137:00403993 A128904000 MOV EAX,[00409028] + 0137:00403998 6880EE3600 PUSH 0036EE80 <--- this one + 0137:0040399D 6834120000 PUSH 00001234 + +As you see these bytes stands for the instruction PUSH 0036EE80. +"Uhu, I don't have those cryptic numbers to the left of my +instructions!!". Well that's easy to fix. Just write 'code on' +and you'll see these cryptic numbers, also known as OPerand codes. +"Why didn't you search 83 3D 18 90 40 00 00 for example?". Well +that's because I know the ones we searched for only exists one +time in the exe file. The one mentioned above (83 3D...) exists +several times, so you cannot actually know which of those to use, +if you don't check the surrounding bytes that is. Always do +"search next" so you are sure that that byte combination doesn't +exist somewhere else in the file. + +Now let's change the bytes needed. Some bytes above '68 80 EE 36 00' +you will find '74 09' which is the JZ 00403991 instruction. This +is the two bytes we want to change. So how do you know which numbers +to actually change to? That's also easy. In the debugger when you're +looking at the code just use the 'a' command. Like This: + + 0137:0040397F 833D1890400000 CMP DWORD PTR [00409018], 00 + 0137:00403986 7409 JZ 00403991 + 0137:00403988 833D1C90400000 CMP DWORD PTR [0040901C], 00 + ----------------------------------------^ code window ^ ----- + :a 00403986 JMP 004039B2 + ----------------------------------------^ prompt ^----------- + +This will change the instruction at 00403986 and a new code will +pop up, EB2A. So this is the code you want to change for the 7409 +one. Remember, that if you use the 'a' command it will not change +the code permanently, only temporary. That's why we have to use +a hex editor. So go to the '74 09' bytes and change it to 'EB 2A'. +Now save the exe file, voila! That's it. Now start the program +up and test if it works. If SoftICE doesn't break on SetTimer(); +it probably worked. If it does, read this all again :-). + +One thing has to be said also. If you for example want to change +a instruction with the opcode 'C1 E1 10' (3 bytes) to a instruction +that only has a 2 byte opcode, for example '0B D1', you have to NOP +away the last byte. NOP has the hex value 90. +Like this: + + C1 E1 10 becomes ---> 0B D1 90 + + SHL ECX, 10 becomes ---> OR EDX, ECX <- 0B D1 + NOP <- 90 + +As you see I change the F3 to 90 and therefore put the instruction +NOP there. If you didn't do this the chance of a program crash +would be 98%. + + That's all. To patch is very simple, but to find the bytes to +change is harder. Remember that the byte combination can exist +somewhere else so check the surrounding bytes. + +5. MAKING THE PATCH +~~~~~~~~~~~~~~~~~~~ +Now it's time to make this patch available to the public. To +write something like "uhu change the bytes at blabla to blabla" +doesn't look that good, does it? So now it's time to make +a exe file that changes those bytes asap so the user don't have +to use Ultra Edit every time. I've included a program in Pascal +done for this task. There are also several good patch generators. +One for Windows 95, that I strongly recommend, is Qapla's +PatchIt '97. It's fast and nice interface (happy now Qapla :-) +To convert this program to C++ should be easy. You have to know +one more thing to make a patch, where the bytes are located in +the file. This is called "offset.", to check the offset just +go to the bytes you changed, and look at the status bar in Ultra +Edit, it should say the offset (pos) in hex. + +I did the patch in Turbo Pascal 7, most would probably do it in +Asm :). Anyway, here is the patch: + +---------------------------------------------------------------------- +---------------------------------------------------------------------- + +Program Patcher; + +Uses Crt; + +Const offset : Longint = $2D86; { $ means a hex value } + bytes : Byte = 2; + len : Longint = 51200; { file length } + orgbytes : Array[1..2] Of Byte = ($74, $09); + newbytes : Array[1..2] Of Byte = ($EB, $2A); + {---------------------------------------------------------} + filename : String[12] = 'DESKEY.EXE'; + errnof : String[43] = ' ERROR: File DESKEY.EXE was not found.'; + errver : String[36] = ' ERROR: File size is not correct.'; + errpch : String[36] = ' ERROR: File seems to be patched.'; + msgdon : String[21] = ' Patch successful!'; + ask : String[26] = ' Continue anyway? (Y/N)'; + +Procedure message(message : String); +Begin + + WriteLn; + WriteLn(message); + Halt; + +End; + +Procedure patchfile; +Var fil : File Of Byte; + teck : Byte; + n : Byte; + ch : Char; +Begin + + Assign(fil, filename); + + {$I-} + Reset(fil); + {$I+} + + If (Not(IOResult=0)) Then message(errnof); + If (Not(FileSize(fil)=len)) Then + Begin + + WriteLn; + WriteLn(errver); + WriteLn(ask); + Repeat Until Keypressed; + + ch:=ReadKey; + + If Upcase(ch)='N' Then Halt; + + End; + + Seek(fil, offset); + + For n:=1 To bytes Do + Begin + + Read(fil, teck); + If (Not(teck=orgbytes[n])) Then message(errpch); + + End; + + Seek(fil, offset); + For n:=1 To bytes Do Write(fil, newbytes[n]); + Close(fil); + + WriteLn; + WriteLn(msgdon); + + Halt; + +End; + +Begin + + WriteLn; + WriteLn(' SoftArts Deskey v1.02.010 Patch'); + WriteLn(' By ODIN / RBS^TFT^PIE in 1997'); + patchfile; + +End. + +---------------------------------------------------------------------- +---------------------------------------------------------------------- + + +Some final words. Take some programs and play with patching them +in various ways. This gives you experience, and hopefully you'll +become a better cracker. + +Thanks to Qapla, kOUGER, Hook and Tgunner for help while making this +tutorial. + +A special greeting goes to ED!SON. + +6. THE URL'S +~~~~~~~~~~~~ + -- + My E-Mail + cracking@usa.net + -- + SoftArts Deskey v1.02.010 + http://www.spiresoft.com + -- + Ultra Edit vX + http://www.windows95.com/apps/ + -- \ No newline at end of file diff --git a/textfiles.com/piracy/CRACKING/owl-ice.txt b/textfiles.com/piracy/CRACKING/owl-ice.txt new file mode 100644 index 00000000..0fcb7c14 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/owl-ice.txt @@ -0,0 +1,697 @@ + + NO MORE annoying anti SOFT-ICE tricks or + how to improve SOFT-ICE! + + + intro + + today's best EXE protectors contain code to prevent debugging with + SOFT-ICE, which is the best debugger among the ones i came across so + far. following protectors are known to me to defeat SOFT-ICE: + + EEXE (Encrypt Exe found in FZC.EXE) + HACKSTOP (found in WWPACK.EXE) + PROTECT! (found in various files) + GUARDIAN ANGEL (found in some versions of HWINFO.EXE) + EXELITE (a Polish exe compressor) + the one written by PREDATOR 666 (found in DCA.EXE v1.4) + the one used by Martin Malk (found in HWINFO.EXE v3.05 and up) + DS-CRP by Dark Stalker (hi!) + SECURE v0.19 by the authors of WWPACK + ALEC v1.5 (the very best protector :-) by Random + and a few others i don't remember right now... + + + the problems + + SOFT-ICE can be detected/halted/crashed in many ways, here's a short + list of them (some of them only makes single stepping harder but not + impossible). i also included a short note on the effects for each version + of SOFT-ICE: + :-( this trick works, + :-) it causes no problems + + + 1. by the use of the INT3 interface provided by SOFT-ICE one can + check for the presence of SOFT-ICE and then have it execute various + commands, e.g. HBOOT (see HackStop). the loader part of SOFT-ICE + also leaves some traces in the low DOS memory, so one can find out + the entrance values of the INT3 interface even if they were changed + (see HMVS - a heuristic macro virus scanner - by J. Valky and + L. Vrtik that uses SECURE v0.19). the Windows versions can also be + detected by the following code (thanks to Dark Stalker and ACP :-): + + mov ebp,"BCHK" + mov ax,4 + int 3 + cmp ax,4 + jne winice_installed + + it seems that BoundsChecker talks to SOFT-ICE via an interface very + similar to the one between LDR.EXE and SOFT-ICE (although it's + completely undocumented, as far as i know...) + + + DOS: :-( + W31: :-( (but the SECURE method is :-) + W95: not tested yet (probably same as W31) + WNT: not tested yet (probably same as W31) + + + 2. by checking for various devices SOFT-ICE installs ("CVDEBUG", + "NU-MEGA", "SOFTICE1") and searching the part of the code SOFT-ICE + leaves in the low DOS memory for some patterns (e.g. "CVDEBUG", + "NU-MEGA", "SEGMAP", "S-ICE" (the latter coming from the filename), + and any instruction sequence that's left there) one can detect the + presence of SOFT-ICE. the Window$ versions provide a VXD entry point + that can be get by: + + mov ax,01684h + mov bx,0202h ; VXD ID for Winice, check out Ralf Brown's INTLIST + xor di,di + mov es,di + int 2fh + mov ax,es + add di,ax + cmp di,0 + jne winice_is_installed + + the Window$ versions can also be detected by calling the "debugger + install check" function of the Window$ debug kernel (int 42/ax=0041), + for more details see Ralf Brown's INTLIST. + + see HWINFO.EXE and DS-CRP.COM for an extensive application of these + checks... + + + DOS: :-( + W31: :-) but the VXD entry point check is :-( + W95: not tested yet (probably same as W31) + WNT: not tested yet (probably same as W31) + + + 3. by the use of the undocumented ICEBP/INT01 instruction (opcode 0xF1): + SOFT-ICE gives a short beep before the execution of this instruction + (it will be reflected back to the V86 mode handler, thus at least + the intended handler will get it) which can be VERY annoying (and + make the execution VERY slow), see EEXE for an application of this. + + DOS: :-( + W31: :-) + W95: not tested yet (probably same as W31) + WNT: not tested yet (probably same as W31) + + + 4. by using the TRAP flag, one can use the single stepping feature to + call a protection routine (e.g. a decryptor). the problem is, that + during single stepping SOFT-ICE clears the TRAP flag for the V86 task + and will neither execute nor step into the INT01 handler of the + V86 task. many schemes use this trick. + + DOS: :-( + W31: :-( + W95: not tested yet (probably same as W31) + WNT: not tested yet (probably same as W31) + + + 5. by the use of the debug (DRx) and control (CRx) registers: + accessing these registers in V86 mode leads to a General Protection + Fault (INT0D), which SOFT-ICE doesn't handle correctly (it's normally + used for emulating instructions that access the interrupt flag, the + debug registers, the control registers, etc.). the protected mode + handler emulates instructions that access these registers by + executing them, however it doesn't make note about this for itself, + i.e. whenever a debug fault is triggered SOFT-ICE will think that + it must pop up and won't reflect back this exception to the V86 mode + handler (that's waiting for it in vain). for a working example see + GUARDIAN ANGEL. furthermore, accessing DR4/5 and CR1 will halt + SOFT-ICE with a General Protection Violation error message, which is + of course quite disturbing if it's used many times in the program... + + and best of all by accessing CR4 SOFT-ICE simply crashes since + there's no emulation code for this kind of instructions (there's a + jump table that tells SOFT-ICE which routine to use to handle these + instructions and the table ends with CR3...). this method was first + used by Random in his ALEC.EXE v1.4 :-) + + another sad fact is that the emulation in SOFT-ICE is not complete: + it ALWAYS uses eax no matter what the original instruction was... + + e.g. mov dr0,ebx will load dr0 from eax! + mov ecx,dr0 will load eax from dr0! + + i guess it's needless to say how easy it is to detect this behavior... + + a sidenote for protection writers: other memory managers that run + DOS in V86 mode may or may not handle these instructions correctly, + so the use of this trick is highly discouraged. + + DOS: :-( + W31: :-( + W95: not tested yet (probably same as W31) + WNT: not tested yet (probably same as W31) + + + 6. by the use of INT08, which is the timer interrupt in real mode DOS, + and the Double Fault Exception in protected mode. the protected mode + handler checks whether it was entered from V86 mode or not, and in + the first case it reflects back this interrupt to the V86 mode + handler. however, one can't single step into it. + + DOS: :-( + W31: :-) + W95: not tested yet (probably same as W31) + WNT: not tested yet (probably same as W31) + + + 7. by the use of the INT07 interrupt (this is the Coprocessor Not + Available Exception): + instead of reflecting back this interrupt to the V86 mode handler, + SOFT-ICE tries to skip the offending coprocessor instruction (it + checks for some opcodes). it seems the Nu-Mega folks never thought + it would be called directly... for a real life application get some + programs written (and protected) by Predator 666. + + DOS: :-( + W31: :-) + W95: not tested yet (probably same as W31) + WNT: not tested yet (probably same as W31) + + + 8. by the use of the Invalid Opcode Exception (INT06): + SOFT-ICE tries to emulate some instructions (e.g. LOADALL), and then + reflects back this exception to the V86 mode handler. however, + certain opcodes aren't recognized and will give you an error message + (i.e. execution will be interrupted, if the protection scheme uses + this trick). + + DOS: :-( + W31: :-( + W95: not tested yet (probably same as W31) + WNT: not tested yet (probably same as W31) + + + 9. by using direct INTxx calls that are triggered by hardware + interrupts (e.g. INT08-INT0F, INT70-INT77, if the vectors in the PIC + are not reprogrammed), one will not be able to single step into the + interrupt handler. in fact, SOFT-ICE will even execute the next + instruction and just then stop (if the next instruction is also an + INTxx call of this type then it will be stepped over as well, and so + on). so far, i know of no protection scheme that uses this trick, + but i guess i've just given out a good idea :-). + + DOS: :-( + W31: :-) + W95: not tested yet (probably same as W31) + WNT: not tested yet (probably same as W31) + + + A. by reloading IDTR one can change the base and size of the interrupt + table in real mode as well. however, SOFT-ICE will not emulate this + instruction (it causes a General Protection Fault in V86 mode) thus + a protection using LIDT won't run. the only problem is that memory + managers don't like it very much, so probably we won't see it in a + real life protection scheme, but one never knows :-). + + DOS: :-( + W31: :-( + W95: not tested yet (probably same as W31) + WNT: not tested yet (probably same as W31) + + + B. sometimes one has to call an interrupt directly (GENINT xx), e.g. to + dump a memory range to disk by using one's memory resident dumper + (you know what i mean :-) and it's very annoying that SOFT-ICE + doesn't stop after the interrupt call but executes the program + being debugged (thus one has to set a breakpoint for a moment at the + current CS:IP which will result in an unwanted 0xCC byte in the dump, + if all debug registers are already used). + + DOS: :-( + W31: :-( + W95: not tested yet (probably same as W31) + WNT: not tested yet (probably same as W31) + + C. in plain DOS INT3 and INT1 are handled by the same routine (which is + a simple IRET). however, SOFT-ICE changes the INT3 handler of the + V86 task to another IRET which can be detected by comparing its + offset to the one of the INT1 handler. see HWINFO.EXE for + an application + + DOS: :-( + W31: :-) + W95: not tested yet (probably same as W31) + WNT: not tested yet (probably same as W31) + + + the solutions + + in the following part you'll be presented with some ideas about the + solution for the problems described above (the file offsets refer to the + DOS version v2.80, but the ideas should work for other versions, as well. + the easiest way to apply the patches is using Hacker's View which can + be found in HIEW531.ZIP). + + one general problem is that SOFT-ICE (at least the DOS version) doesn't + reprogram the hardware interrupt vectors, and this makes life (and the + interrupt handlers) a bit more complex. the IDT that SOFT-ICE uses has + entries that point to the following type of code: + + push xx + jmp handler_xx + + where xx goes from 0x00 to 0xFF. in v2.80 this code begins at offset + 0x4534. the Win31 version has a very similar code beginning at offset + 0x14167 in v1.52: + + push d,[offset_xx] + jmp handler_xx + + + if you want to understand the patches that follow right below, you + should study the interrupt handlers (and you should also have a good + understanding of protected mode). however, some problems cannot be solved + without understanding the internal flags of SOFT-ICE, and this requires a + complete disassembly of it, which is a quite hard task i can tell. + + anyway, sooner or later it will be done, and then we'll have the + ultimate debugging/cracking tool in our hands 'cos we'll be able to put in + some missing functions, e.g. emulation of FlatRealMode, tracing INT1, PIC + reprogramming, prefetch queue emulation, dumping a memory range to disk, + etc. until then, enjoy the poor man's patches... + + 1. some exe protections mentioned earlier are based upon the INT3 + interface of SOFT-ICE (see Ralf Brown's Interrupt List for details). + this interface is activated when the protected mode INT3 handler of + SOFT-ICE encounters the magic values in SI and DI. that is, when you + try to trace through an INT3 call, SOFT-ICE will regain control, + check for the magic values, and in case they are not found, it will + reflect back this interrupt to the V86 mode INT3 handler (which it + was supposed to do anyway). if it finds the magic values, then + it'll execute the command given in AX (and DS:DX). all of these + checks happen invisibly to the hacker, so there seems to be no + solution to defeat this kind of protection (well, there's a slow way + if you step through every instruction and before the "guilty" INT3 + call you change one or two registers). + + however, there's a simple solution: change the magic values SOFT-ICE + is looking for and this will defeat those protectors based upon the + INT3 interface. however, it's easier said than done because both + SOFT-ICE (and WIN-ICE) itself and (W)LDR.EXE use this interface for + some kind of intra/inter process communication. so every reference + to the magic values will have to be changed! + + to keep the story short here's what i've come up with: + browsing a few minutes in Hacker's View (another important tool ;-) + i found the places where those changes had to be done. in order to + avoid changes where those magic values occur by chance, i wrote an + MSUB script to change whole instructions (they represent enough + context). the amount of necessary changes would have forced me to + use some search&replace utility, anyway. MSUB.EXE can be found in + MSUB13.ZIP (use an ftp search engine to find it). + + the scripts + + SICE-VAL.MS: you should specify the old and new magic values in it + (note that numbers are decimal!) + + SICE2NEW.MS: it will replace the old magic values with the new ones. + there are almost 2^32 possible values, only that value + is forbidden for SI that equals to the version of + SOFT-ICE (for v2.80 it is \128\2, i.e. 0x0280). before + SOFT-ICE installs itself, it checks for its presence by + using an undocumented function of its INT3 interface by + setting AH to 0 or 1. on return SI will be loaded with + the version number or left unmodified if it's not + installed yet, that's why the version number must differ + from the preloaded value of SI. + + example usage + + MSUB.EXE SICE2NEW.MS S-ICE.EXE LDR.EXE + + if you're fed up with the shareware delay built into MSUB.EXE, + here's how you can get rid of it (thanks to a friend of mine ;-) + + patch MSUB.EXE v1.3 (113,152 bytes long) as follows: + + offset old new + 00002307: ?? EB + 00002308: ?? 03 + 0000C0DF: 77 EB + + + the protection that SECURE uses is quite clever 'cos it checks the + first 16 kBytes for the instruction sequence of + + mov si,SI_MAGIC + mov di,DI_MAGIC + + they're encoded as 0BEh,x,y,0BFh,u,v where x,y,u and v are the magic + values. when it finds 0BEh and 0BFh separated by two bytes from each + other then it calls INT3 with the supposed magic values (the INT3 + handler is a simple IRET, so no problem should arise if SOFT-ICE is + not installed). and guess what happens when SECURE finds the traces + of the loader part of SOFT-ICE in that low memory area... + + the only solution that would defeat this kind of protection is to + change the instructions that load SI and DI before the INT3 calls + (unfortunately you can't avoid those calls since SOFT-ICE has to + check for its presence and do other things). for obvious reasons + (i guess one of the previous versions of this file gave the SECURE + authors the idea...) i won't give you tips on how to do it, i hope + you're smart enough to do it yourselves. + + the only limit is that you have 6 bytes of space to load both SI and + DI (i checked that whenever SOFT-ICE uses the INT3 interface it loads + SI and DI by two consecutive instructions, i.e. you can use the MSUB + scripts to search for and replace them). another method could be to + change the HBOOT command to something else (by MSUB of course), + however other dangerous commands could be still issued... + + + the BoundsChecker interface can be modified in the same way we did + it with the rest of the INT3 interface: simply modify the value that + is expected in ebp (but BoundsChecker must be changed as well!). + look for the string "KHCB" to find the appropriate place. + the following file offsets are valid for WINICE for Win 3.1 v1.52: + + offset old new + 000130C7: 'K' ? + 000130C8: 'H' ? + 000130C9: 'C' ? + 000130CA: 'B' ? + + for WINICE for Win95 v3.0: + + offset old new + 00016FDD: 'K' ? + 00016FDE: 'H' ? + 00016FDF: 'C' ? + 00016FE0: 'B' ? + + and for WINICE for Win95 v3.01: + + offset old new + 000243F0: 'K' ? + 000243F1: 'H' ? + 000243F2: 'C' ? + 000243F3: 'B' ? + + + 2. the device names can be changed to anything you want, look at the + beginning of S-ICE.EXE. the real problem is when the protection + checks for instruction sequences. my only advice is that step through + the protection and see which part of the code is checked for, then + try to modify it in S-ICE.EXE (or disassemble, modify and then + recompile the whole executable, but that's not gonna happen for + a long time, i guess... :-). + + to defeat the int41 check, you have to change both the return value + of the real and protected mode handlers in WINICE and the value that + is checked for in KRNL386.EXE, VMM32.VXD, EMM386.EXE, IFSHLP.SYS and + NET.EXE. all these changes are necessary otherwise some WINICE + commands (HWND, TASK) won't work 'cos apparently they rely on some + Window$ functions which are available only in the debug kernel (and + during startup these programs/drivers do this int41 check which will + fail if you don't change the values they're expecting, as well). + + there're five places in WINICE that have to be patched (one is a cmp, + the other four are mov's) and one in each one of the rest. sorry, + that i don't provide you with detailed offsets, but there're too many + versions/combinations of both WINICE and Win31/Win95... note, that + after these changes other programs that want to use debug kernel + functions will fail :-) + + and now let's talk about the VXD entry point check. the ID is stored + at file offset 0x7821E in WINICE for Win95 v3.01 (to find it in + other versions as well just look for "SICE ", and the ID will be + a few bytes before this text). + + so to change the ID just overwrite it there. however, it's not + enough since some companion programs also test for WINICE by trying + to get the VXD entry point, i.e. they have to be modified as well. + they're DLOG.EXE and WLDR.EXE, and search for int2F (opcode: 0xCD + 0x2F) to get to the right place... :-) + + anyway, for the versions that come with WINICE for Win95 v3.0, + the file offsets of the ID are 0x625/6 and 0x68B9/A respectively. + + + 3. what we have to do is simply skip the unnecessary parts in the + handler (the beeps) and simulate the instruction as it would have + been a direct INT 01 call (opcode: 0xCD 0x01). this way one will not + only get rid of the beeps but be able to trace into the handler as + well (and we'll have some space to put some extra code in when we'll + need it :-). + + offset old new + 00001DD5: 50 EB + 00001DD6: 51 60 + + + 4. [this part is being worked on] + + + 5. there are two possible solutions: we either disable the DRx emulation + feature of SOFT-ICE (this is quite easy to do) or correct it (this is + really hard to do). SOFT-ICE emulates each instruction by executing + a function whose offset is looked up in a table. each function ends + in the same way: IP of the V86 task is incremented by the appropriate + amount of bytes. so to disable emulation we'll change the pointers + in that table to the common end of the functions, this way these + instructions will essentially be handled as NOPs. i don't know + whether it's worth to do it or not, since this modification can be + detected by simply loading one of the debug registers and then + checking whether it's really been modified or not. a more elegant + solution would be to reserve a few bytes in the data segment of + SOFT-ICE for storing the values of these registers and emulate the + instructions (or at least their loading). anyone out there willing + to do that? + + anyway, here's how to do the patch: the table itself is at file + offset 0x1F1DD and it has 12 words in it pointing to the + emulation code of the following instructions: + + mov eax,dr0 and mov dr0,eax + mov eax,dr1 and mov dr1,eax + mov eax,dr2 and mov dr2,eax + mov eax,dr3 and mov dr3,eax + mov eax,dr4 and mov dr4,eax + mov eax,dr5 and mov dr5,eax + mov eax,dr6 and mov dr6,eax + mov eax,dr7 and mov dr7,eax + mov eax,cr0 and mov cr0,eax + mov eax,cr1 and mov cr1,eax + mov eax,cr2 and mov cr2,eax + mov eax,cr3 and mov cr3,eax + + note that there's no offset for emulating CR4... + + the offset of the common exit point (i.e. the new value you may want + to set these pointers to) is 0x175A (this is NOT a file offset...). + + these patches still don't cure the problem with CR4. if you decided + to get rid of the emulation entirely (including CR4) then you can + do it much easier: + + offset old new + 00002E7E: 03 0A + 00002E7F: 00 01 + + + 6. i'll give you a general solution in section 8 since INT08 is just a + a subset of the hardware interrupts which are discussed there. + + + 7. this problem can be solved quite easily: we replace the original + protected mode handler with the one that serves all not_IRQ_related + interrupts (and whose only task is to reflect them back to the + V86 mode handler). + + offset old new + 0000455A: B6 14 + 0000455B: DF D6 + + + 8. what we have to do is to skip the call that prints the error message + and simply reflect this interrupt back to the V86 mode handler. + note that your buggy programs won't cause SOFT-ICE to pop up after + this patch :-) (however, you'll be able to break in and see what + went wrong). + + offset old new + 00002447: A9 C3 + + + 9. now we'll make use of the extra space we made in the original INT01 + handler. we have to check whether the interrupt was triggered by a + hardware IRQ or not. this can be done by the following routine: + + push eax ; save the registers that will be modified + pushf ; the order of PUSHs is important! + mov al,0Bh ; we'll read in the in-service registers + out 20h,al ; master PIC + out 0A0h,al ; slave PIC + ; there might be needed a short delay here + ; however, on my machine it isn't :-) + in al,20h ; read INTs being serviced by master PIC + mov ah,al ; save for later test + in al,0A0h ; read INTs being serviced by slave PIC + test ax,0FFFFh ; was it a hardware int? + jnz original ; + popf ; restore flags + pop eax ; the general handler doesn't expect it + jmp offset 1B70h ; this has to be the general handler (this offset + ; is valid in v2.80) + original: + mov ax,8 ; the first two instructions of the original handler + popf ; were push eax, mov ax,8, thus we won't pop eax + jmp offset 1A77h ; this has to be the original handler's offset + ; plus 5 bytes (the length of push eax, mov ax,8) + + and at the beginning of the original handler (offset 0x1A72) we put: + jmp offset 1DD7h ; and since it's only 3 bytes long, + ; we get 2 spare bytes :-) + + the binary patches follow: + + offset old new + 00001A72: 66 E9 + 00001A73: 50 62 + 00001A74: B8 03 + + 00001DD5: 50 EB + 00001DD6: 51 60 + 00001DD7: B9 66 + 00001DD8: 03 50 + 00001DD9: 00 9C + 00001DDA: B0 B0 + 00001DDB: 03 0B + 00001DDC: E6 E6 + 00001DDD: 61 20 + 00001DDE: 51 E6 + 00001DDF: 33 A0 + 00001DE0: C9 E4 + 00001DE1: E2 20 + 00001DE2: FE 8A + 00001DE3: E2 E0 + 00001DE4: FE E4 + 00001DE5: E2 A0 + 00001DE6: FE A9 + 00001DE7: E2 FF + 00001DE8: FE FF + 00001DE9: E2 B8 + 00001DEA: FE 08 + 00001DEB: E2 00 + 00001DEC: FE 75 + 00001DED: E2 06 + 00001DEE: FE 9D + 00001DEF: E2 66 + 00001DF0: FE 58 + 00001DF1: E2 E9 + 00001DF2: FE 7C + 00001DF3: E2 FD + 00001DF4: FE 9D + 00001DF5: E2 E9 + 00001DF6: FE 7F + 00001DF7: E2 FC + + + A. to solve this problem we should do a complete disassembly of SOFT-ICE + since we have to keep track of the base and size of the V86 mode + interrupt table, and this requires too many changes to be worth to do + it with simple byte patches. + + + B. a somewhat lame (but it's more than nothing) solution is the + following: we chain in a P RET command after GENINT by patching + the jump at the end of the GENINT handler to the beginning of P RET. + after executing GENINT we'll land at the IRET of our handler and + a further P or T will take us back to the original instruction we + were at. i said it was somewhat lame... but it works :-) + + offset old new + 000118BF: BC 00 + 000118C0: E0 C7 + + + C. before executing anything call up SOFT-ICE and change the offset of + the V86 mode INT3 handler to the one of the INT1 handler. + + + D. !!! SURPRISE !!! + + while you're in WINICE for Win95 v3.0 or 3.01 type in the following + command: "ver ice" and see what you get... however, note that due + to a bug (or feature?) you can use only once this command during + a session, you have to restart WINICE to be able to get the + message again. + + and while we're at undocumented features, try out "ver ?" as well. + in the next release, i'll try to write a detailed description + of the new commands (not that if it were that hard to find out...) + + + unsolved mysteries :-) + + 1. even the Nu-Mega docs tell about a problem when SOFT-ICE for DOS is + loaded from the command line: if HIMEM.SYS is installed the machine + simply reboots. i tracked down the problem and found out that the + processor resets itself because of a triple fault. it happens so: + + after preparing the IDT and GDT (and loading IDTR and GDTR), paging + will be enabled in CR0, and then DS and ES will be loaded a + descriptor offset of 8. however, both this descriptor and the IDT + seem to be invalid, and this leads to a triple fault. unfortunately, + i couldn't find out what goes wrong during the setup of IDT and GDT, + perhaps someone else out there will do the dirty job :-)... and maybe + Nu-Mega will award you with a free, legal version :-)). + + + 2. on a Cyrix 486DLC-40 system (both with and without a coproc) SOFT-ICE + gets a Page Fault and halts if the processor is running at 40 MHz, + but works fine at 33 MHz. the Page Fault seems to happen while the + code window is being put out (i.e. during the execution of the wc + command). this is nonsense! so far, no solution... and yes, it's + another dirty job... + + + P.S. for everyone + + perhaps there's someone out there who didn't know it so far... + WINICE can be used without Window$ (and you'll be able to debug + programs that use some DOS extender, if it can make use of DPMI, but + that's the case with the most popular ones, e.g. DOS4GW or PMODE/W)! + the trick is that you have to make a 'crippled' version of Window$, + i.e. make Window$ start without its GUI. a complete description of + this can be found at the following URL: + + http://www.fys.ruu.nl/~faber/Windows_No_GUI + + after creating this GUI-less Window$ all you have to do is to start + WINICE (beware, your normal Window$ shouldn't be on your PATH!) and + voila, you'll be in a DOS session (i hope that you could find it out + yourself that you had to start COMMAND.COM as your KRNL386.EXE...) + with WINICE being able to pop up whenever you need it (of course, for + native Window$ programs you'll need a full Window$). + + and if we're at Window$ here's another trick: if you don't want to + see the logo being shown every time you start Window$, either start + WIN.COM with a command line paramater of ':' i.e. + + WIN.COM : + + or (as the above method doesn't work with our GUIless version since + WINICE doesn't seem to pass any parameters or you are too lazy to + type in every time 2 more characters :-) look for the string 'LOGO' + in WIN.COM and change it to something else (it's enough to change + only one bit). note, that the WIN.COM of Window$ for Workgroups + doesn't like this patch... + + + P.S. for protection writers + + i know that some of the above modifications can be defeated (i could + do it myself) however i won't make your life easier... i hope you + understand why :-) diff --git a/textfiles.com/piracy/CRACKING/pp2t-t&l.txt b/textfiles.com/piracy/CRACKING/pp2t-t&l.txt new file mode 100644 index 00000000..9d38e9be --- /dev/null +++ b/textfiles.com/piracy/CRACKING/pp2t-t&l.txt @@ -0,0 +1,89 @@ + +# Prince of Persia II interactive TSR and LOADER trainer example documentation. + +(This doc describes the interactive trainer keys - for use with the training +tutorial package) + + +Quick NFO : +*********** + + +Run the file PP2T-TSR.COM to install the TSR trainer. + +In-game interactive trainer keys : + +F1 - Activates the No-Touch System (tm) - nothing even touches you. +F2 - Deactivates the No-Touch System. +F3 - Gives you 25 energy bottles. +F4 - Kills any enemy currently on the screen. +F5 - Adds 255 minutes to your current time at that level. +F6 - Jump to the next level. +F9 - Moves your character all the way to the left of the screen. +F10 - Moves your character all the way to the right of the screen. + + +NOTES : +******* + + +When you select the F1 option, the guards, rats, knives, spikes etc can't do +shit all to you. You will pass right through slicing blades, spears etc! +You can fall from clifs, buildings etc without getting even hurt. You can +walk right through steel-caged doors - even if they are closed! + +(Know now why I call it the No-Touch System?!) Ok, well as always, there are +a few things that go along with a goodie like this : If you fall down into lava +or into some spikes etc, you'll still live! - can't die. So whenever you get +stuck like that, turn it off with F2, then keep on pressing F4 the whole time +untill the game restarts on that level. This time make sure it's not on when +performing the same stunt that got you there in the 1st place. + +This F1 option also ruins gameplay by making it too easy for you. Players +using it won't bother figuring out how to get by let's say some falling blades, +they'll just walk right through them! - use it as you like. + +F2 De-activates the No-Touch System. + +F3 Gives you 25 energy bottles - a nice and honest way to cheat in the game! + (The bottles are updated everytime you get hit on the screen) Use this + option a lot since there are no side-effects like with the F1 option. + +F4 Kills the current enemy on the screen! - nice little option for those of ya + who don't want to waste time killing and killing the guards that keep + comming and comming at the higher levels. Each time you press it, it kills + the current enemy you see. You might have to press it a few times to clear + the whole screen of enemies. (Don't press it too many times or you'll end + up killing yourself) + +F5 Adds 255 minutes to your current time at that level. Some people didn't + know that this game is also timed! - try pressing the spacebar next time + boiz - before you release a trainer that doesn't have this option included! + (The game starts timing you once you get to higher levels) + +F6 Jumps to the next level instantly. Nice option ey? After all, if this + was some "cheat" then we wouldn't even worry about including this option, + but hey, this is a TRAINER! - (don't abuse this option and skip right to + the end of the game lamers!) + +F9 Puts your character all the way to the left of the screen. Now why this + option? Well ever had problems jumping over that nasty building/cliff? + Always seemed to fall down? Well if there's a cliff, etc, simple press + F9 and you'll be on the left side of the screen right over the cliff! - + or F10 and you'll be on the right side of the screen. There are lots of + reasons to use this option. + + Sometimes when you use that option, and there's nothing on the left/right + of the screen just rocks, buildings or something, if you press it and + suddenly your character dissapears into the building, simply press the + opposite-side key and you'll be back where you started from. + +F10 Does all the above but to the right. + + +Have PHUN! + + + Dr. Detergent / UNT'93 + + diff --git a/textfiles.com/piracy/CRACKING/psp.nfo b/textfiles.com/piracy/CRACKING/psp.nfo new file mode 100644 index 00000000..9bb2d188 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/psp.nfo @@ -0,0 +1,356 @@ + ߲ ߱ ߲ ߲ ߲ + ۱ ۲۲߲۲ + ۲ ۲ ^Plate Steel Productions Inpho Phile^ + ܲ ߲۲ + ܲ ۲ Logo: Kelthar + ۲ ۲ + ۲ ܲ۲ ܲ ܲ + ۱ ܲ ܲ ߲ ۲ ܲ ܲ ۲ + ߲۰ ܲ ۲ ܲ۲ ܲ + ۱ ܲ ۲۲ + ۲ ߲ + ܲ ۲ ܲ ܲ ܲ ܲ + ߲۲ ߲ ߲۲ ߲۲ + ߲۲߰ ߲ ߲ ߲ + + + + ܲ ܲ ܲ + ܲ ۲ ܲ ܲ ۲ ܲ ۲ ܲ + ܲ ܲ۲ ܲ ܲ ܲ + ۲۲߲ ۲ ۲۲ ۲۲ + ۲ ߲ + ܲ ܲ۲ ܲ ܲ ܲ ܲ ܲ ܲ ܲ + ߲۲ ߲۲ ߲۲ ߲۲ ߲۲ + ߲ ߲ ߲ ߲ ߲ + ^Productions^ + ߱ + EST. AUGUST '9t5 + - ------------- 0FFiCiAL PSP MAR 1997 NF0 PHiLE --- -- ------- ----- + [RELEASED BY STAVR0SS] + Revision III + THiS IS THE OFFICIAL ONE FOR MARCH! + --- Ŀ + -----------_,px%#X"^..x:RELEASE:x..^"X#%xq._------------ + Ŀ + RELEASED BY:[ Prizna ] PACKED BY:[ Prizna ] + + ART::[]:AM0UNT: ANSi'S[] .:. ASCii'S[] .:. VGA'S[] .:. TOTAL[] + MUSiK[]:STYLE:[] NAME:[] LENGTH:[.] + C0DE:[]:WHAT:[] + DOC::[X]:WHAT:[ Nag screen removal tutorial ] + CRACK[]:FOR:[] TO DO:[] + H/P/A[]:WHAT[] HACK[] PHREAK[] SAT[] ANARCHY[] + 0THER[]:WHAT:[] + PACK:[]:TYPE:[] + + ...M0RE iNF0... + + [ First tutorial from the cracking department of PSP. Written by Prizna, ] + [ this doc will guide you through removing nag screens with the use ] + [ of Soft Ice. Info Pro v1.0 is used as an example. ] + [ ] + [ Prizna [ Coder & Cracker ] ] + : : + --- + --- + --- Ŀ + --_,px%#X"^. DA F0UNDER .^"X#%xq._-- Ŀ + + .x[ VAUXHALL [ENG] ]x. + --- + --- + -- Ŀ + --_,px%#X"^. DiRECT0RS .^"X#%xq._-- Ŀ + + .x[ xX FiREST0RM [ENG] xX STAVR0SS [ENG] Xx BLACK-SABBATH [ENG] Xx ]. + .x[ xX GAZA [ENG] xXXx FUJY [ENG] Xx ]x. + --- + -- Ŀ + -_,px%#X"^.C0-0RDiNATORS.^"X#%xq._Ŀ + + CRACKiNG:::::::::::::::::::...[..PRiZNA..]:::::::::::::::::::[..ENGLAND..] + C0DiNG:::::::::::::::::::::::::[..ST|NG..]:::::::::::::::::::[..ENGLAND..] + MUSiK::::::::::::::[.JUNGLiZT/.STAVR0SS..]:::::::::[..iRELAND./.ENGLAND..] + SATELLiTE::::::::::::::::::::[..CLANZER..]:::::::::::::::::::[..ENGLAND..] + iNTERNET::::::::::::::::::::::::[..FUJY..]:::::::::::::::::::[..ENGLAND..] + ART::::::::::::::::::::[..bLACk sABBATh..]:::::::::::::::::::[..ENGLAND..] + C0URiERiNG:::::::::::::::::::::[..MiLaN..]:::::::::::::::::::[..ENGLAND..] + --- + --- Ŀ + --- Ŀ + ------------- 0UR FiLES ARE 0FFiCiALLY SPREAD BY [[ MCG ]] ------------- + --- + : --- : + [::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::] + : -- Ŀ : + :-------------_,px%#X"^. MUSiCiANS .^"X#%xq._---------------: + + x[ MEMBERS NEEDED xX APPLY ]x[ STAVR0SS xX ENGLaND ]x + x[ X2C xX ENGLAND ]x[ COULDBEU xX WORLD ]x + + + :: + [::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::] + : -- Ŀ : + :--------------_,px%#X"^. ARTiSTS .^"X#%xq._--------------: + + x[ ][CE xX ENGLAND ]x[ KELTHAR xX ENGLAND ]x + x[ BLACK SABBATH xX ENGLAND ]x[ REAPER xX ENGLAND ]x + x[ JAGUAR xX USA ]x[ RAVENCLAW xX SWEDEN ]x + x[ !Da^BuLLd0G xX SC0TLAND ]x[ ]x + :: + [::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::] + : -- Ŀ : + :-------------_,px%#X"^. C0DERS/HTTP .^"X#%xq._---------------: + + x[ FiREST0RM xX ENGLAND ]x[ XXXXXX xX XXXXXxX ]x + x[ GAZA xX ENGLAND ]x[ ST|NG xX ENGLAND ]x + x[ REAPER xX ENGLAND ]x[ VAUXHALL xX ENGLAND ]x + x[ PRiZNA xX ENGLAND ]x[ ^ReApER^ xX ENGLAND ]x + x[ !Da^BuLLd0G xX SC0TLAND ]x[ DiGiTS xX ENGLAND ]x + :: + [::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::] + : -- Ŀ : + :--_,px%#X"^. HACK/PHREAK/ANARCHY/SATELLiTE/CRACKiNG/i-NET .^"X#%xq._--: + + x[ CLANZER xX ENGLAND ]x[ SLAYER xX ENGLAND ]x + x[ FiREST0RM xX ENGLAND ]x[ ST|NG xX ENGLAND ]x + x[ M0J0 xX ENGLAND ]x[ VAUXHALL xX ENGLAND ]x + x[ PRiZNA xX ENGLAND ]x[ FUJY xX ENGLAND ]x + x[ TRANCER xX ENGLAND ]x[ X2C xX ENGLAND ]x + :: + [::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::] + : -- Ŀ : + :--------------_,px%#X"^. PSP NEWS! .^"X#%xq._-------------: + + [==EVERY FiLE THAT PSP RELEASE iS, T0 0UR BEST KN0WLEDGE 110% LEGAL==] + ... [==iF Y0U THiNK ANY DiFFERENT..C0NTACT A SENi0R QUiCK D00D!==] ... + + LaTeST NewZ : + + [MCG] iS N0W THE OFFICIAL COURIERING GROUP FOR PSP : + + OUR FILEZ OUR OFFICIAL SPREAD AROUND CYBERSPACE NOW BY THE COURIERING + GROUP [MCG] "Miracle Couriering Group". MCG IS A EUROPEAN FOUNDED COURIER + GROUP AND FROM WHAT WE'VE SEEN IS DOING THE BUISNESS. WE ARE GLAD + TO BE WORKING ALONGSIDE THEM IN GETTING OUR RELEASES PIPED ONTO NET + SITEZ NEAR YOU. + + FOR MORE INFORMATION ON [MCG] JOIN THERE CHANNEL #MCG ON EFNET . + + + IRC CHANNEL #PSP97 IS ONLINE ON EFNET : + + #PSP97 IS NOW ON EFNET. FOR PEOPLE WHO ARE REALLY COMMITED TO RELEASING + IN WHATEVER AREA THEY SPECIALISE FOR PSP, I SERIOUSLY SUGGEST YOU + GET YOUR ASS'S OVER TO EFNET. THIS IS WHERE EVERYTHING HAPPENS AND + ALL THE OTHER GROUPS ARE BASED. ALSO OUR COURIERING GROUPS CHANNEL + IS ON EFNET ASWELL. + + REALLY #PSP ON IRC-NET HAS BECOME A BIT LAME WITH PEOPLE USING IT + AS A GENERAL CHAT-CHANNEL FOR THE UK, AND WE WANT TO GET AWAY FROM + THIS AS ITS NOT GOOD FOR THE GROUP AND A LOT OF PEOPLE WHO WERE + COMMITED GOT PISSED OFF WITH IT AND NOW ARE *NOT* COMMITED. + + #PSP ON IRC-NET WILL STILL BE OPEN, BUT FOR PEOPLE WHO ARE COMMITED + AND ARE NOT LAME ;> POP OVER TO EFNET. WE NEED TO BUILD THE CHANNEL + UP. + + PEOPLE NOT CONNECTED WITH THE SCENE WILL NOT BE ALLOWED, AND ANYBODY + WHO IS NOT IN PSP WILL NOT GET OPS! + + REMEMBER : #PSP97 ON EFNET. NOT #PSP!! + + + PSP WEB SERVER IS ONLINE : + + HTTP://WWW.PSP.ORG.UK IS ONLINE ONCE AGAIN AND IS BEING UPDATED. + ANYONE WHO CAN OFFER TO HELP WITH THE REDESIGNING AND HTML COULD + U PLEASE EMAIL ME AT : stav@psp.org.uk + + WE THANK FUJY FOR PSP.ORG.UK. NICE ONE M8! + + + PSP E-MAIL ADDRESSES : + + ALL MEMBERS IN PSP WHO ARE LISTED IN THE NFO NOW HAVE THERE OWN PSP + EMAIL ADDRESSES, WHICH TAKE THE FORMAT OF : handle@psp.org.uk ;> + IF U STILL HAVENT GOT YOUR EMAIL ADDRESS EMAIL ME AT stav@psp.org.uk + TELLING ME YOUR CURRENT EMAIL TO FORWARD TO AND I WILL PASS IT ON + TO FUJY. + + WE THANK FUJY ONCE AGAIN FOR THIS SERVICE ;> + + + RIGHT THATS IT FOR THIS NFO ;> . JUST A QUICK NOTE TO ANY TALENTED + PEEPS WHO ARE READING THIS. IF U FEEL AS IF YOU COULD BENEFIT PSP + IN ANY WAY PLEASE JOIN CHANNEL #PSP97 ON EFNET OR EMAIL ME AT + stav@psp.org.uk AND I WILL GET BACK TO YOU. + L8RZ + + :: + [::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::] + : -- Ŀ : + :--------------_,px%#X"^. PSP iNF0! .^"X#%xq._-------------: + + xXx J0iN OUR iRC CHANNEL: #PSP97 ON EFNET xXx + + E-MAiL: seniors@psp.org.uk + + WWW: WWW.PSP.ORG.UK xXx FTP: FTP.PSP.ORG.UK + + * 0FFiCiAL PSP C0URiERS: [[MCG]] * + :: + [::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::] + : -- Ŀ : + :--------------_,px%#X"^. J0iNiNG .^"X#%xq._-------------: + + MeMBeRS/SiTeS + ~~~~~~~~~~~~~^ WE ARE M0ViNG T0WARDS THE NET, S0 ALL NEW APPLiCANTS + MUST BE ABLE T0 C0MPLY WiTH THE F0LL0WiNG :) + + WE 0NLY ACCEPT THE BEST MEMBERS iN MUSiK / ART / C0DiNG / ETC .... + iF Y0U WANNA APPLY, GET AN APP F0RM FR0M #PSP 0R EMAIL US. + + + + F0R MEMBER APPLiCANTS: + Y0U N0W HAVE T0 D0 S0ME W0RK F0R US BEF0RE Y0U ARE + FULLY iN THE GR0UP.. C0NTACT A SENi0R F0R AN APPLiCATi0N.. + Y0U HAVE T0 BE 0N THE NET 0R, BE ABLE T0 GET Y0UR RELEASES T0 US EASiLY + + F0R BBS APPLiCANTS: + PiCK UP AN APP F0RM 0R CHAT T0 A SENi0R..WE 0NLY + ACCEPT MULTi-N0DE HQ's UNLESS THE BBS iS C00L ENUFF!.. + Y0U MUST BE ABLE T0 GET THE RELEASES WiTH EASE, e.g. 0FF 0UR FTP/WWW + :: + [::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::] + : -- Ŀ : + :--------------_,px%#X"^. B0ARDS! .^"X#%xq._---------------: + + ..[NAME]..........[P0SiTi0N]....[CREW]..........[NUMBER].....[N0DES] + UK + ~~^ + THE UNKN0WN.............W0RLD HQ BLACK SABBATH...+44 1299 250999....4 + + PUBBS: 0UTER LiMiTZ......EUR0 HQ VAUXHALL........+44 1159746427.....2 + + RAVE GRAVE.................UK HQ REAPER..........+44 1243374670.....1 + + DiGiTaL ReaLiTy...........SC0 HQ !Da^BuLLd0G....+44 1382862016.....1 + + MAXiMa....................MEMBER GAZA............+44 1159523875.....3 + ..........................N0DE 2 ................+44 1159523979...... + ..........................N0DE 3 ................+44 1159556564...... + PHARA0S CURSE.............MEMBER Z0SER...........+44 1432271638.....1 + HARDC0Re HEAVEN...........MEMBER MANiAK..........+44 1753739466.....1 + DARK KNiGHTS..............MEMBER PSYHC0..........+44 1482788389.....1 + CHAMPAGNE SUPERN0VA.......MEMBER DANi............+44 115 2-L33T3....1 + G0BLiN BBS................MEMBER GEBB0...........+358 28259248......1 + + UNKN0WN ENEMY.............DiSTR0 NiAVASHA........+44 1981 240840....1 + R.I.U.....................DiSTR0 Bi0HAZARD.......+44 1752789870.....1 + JAGUAR....................DiSTR0 DA ViCAR........+44 1543466572.....1 + NEUR0L0GY.................DiSTR0 MiKE............+44 1202889382.....1 + SUICIDAL TENDENCIES.......DiSTRO RAiNE...........+44 1462 422275....1 + + H0LLAND + ~~~~~~~^ + S/W UNLiMiTED 3...............HQ DJR.............+31 228516814......1 + SL1210....................DiSTR0 CH:iLM..........+31 433638243......2 + ..........................N0DE 2 ................+31 433631724....... + B0iLiNG GRAVE.............DiSTR0 P0PE-X..........+31 180664627......2 + DARK iLLUSi0N.............DiSTR0 MR MERDE........+31 515233095......1 + THA SHiZNiT...............DiSTR0 THA GRiNDER.....+31 703254113......1 + DiGiTAL U/W0RLD...........DiSTR0 TDD.............+31 23240160 ......1 + L0UNGE ACT................DiSTR0 CHAR0N..........+31 715790411......1 + NAPALM ASSULT.............DiSTR0 RUDEB0Y.........+31 104841128......1 + + GERMANY + ~~~~~~~^ + THE MARiNES BBS...............HQ MARiNE FiGHTER..+49 682491294......2 + THE BLACK H0LE............DiSTR0 X-TREM..........+49 618160053......1 + JUST-4-CHA0S..............DiSTR0 SHEEP...........+49 94183711.......1 + + USA + ~~~^ + SHATTERED NATi0N..............HQ C0L0R B00K..... +1 6162476568......2 + BLACK 0PiUM...............DiSTR0 EViLiVE........ +1 7015235909......1 + WEEKEND WARRi0R...........DiSTR0 LEN0........... +1 8182469974......2 + + SWiTZERLAND + ~~~~~~~~~~~^ + THE NEUTRAL Z0NE..............HQ L0CUTUS.........+41 32418851.......2 + UNDERW0RLD................DiSTR0 SYN0PTiC........+41 227769331......1 + RAVE BASE.................DiSTR0 MAVERiCK........+41 22348552.......1 + + BELGiUM + ~~~~~~~^ + NE0 T0Ki0.....................HQ TASMANiAC.......+32 50625717.......2 + ..........................N0DE 2 ................+32 50620112........ + MENTAL 0VERD0SE...........DiSTR0 ZARK0F..........+32 56341206.......1 + MYSTiCAL MEMBERZ..........DiSTR0 VANiSHER........+32 421525.........1 + + DENMARK + ~~~~~~~^ + THE iNC. MACHiNE..............HQ Hi-TECH.........+45 36731662.......3 + ..........................N0DE 3 ................+45 36724669........ + + SWEDEN + ~~~~~~^ + HACKERS HiDE0UT...............HQ ENERGY..........+46 16343399.......1 + MAD BASE..................DiSTR0 MAD DEViL.......+46 38314432.......1 + iNSANE CiTY...............DiSTR0 SKEL............+46 317073531......1 + HACKERS HERiTAGE..........DiSTR0 DiGiTS..........+46 141215313......1 + + BRAZiL + ~~~~~~^ + THE FACT0RY...................HQ SMURF...........+55 613683388......5 + CRYSTAL LAKE..............DiSTR0 DJ CLUSTER......+55 ugottaask......2 + + MiD-EAST + ~~~~~~~~^ + EFFECT........................HQ BiGG-D0GG.......+973 973776155.....1 + + AUSTRiA + ~~~~~~~^ + THE WAREW0LF..................HQ DRiZZT..........+43 19843185.......1 + + N0RWaY + ~~~~~~^ + V0YAGER.......................HQ G0SUB...........+47 72834100.......1 + + CANADA + ~~~~~~^ + ZER0 TOLERANCE................HQ ST0RM HACKER....+1 ASK0NiRC!.......2 + ASHES 0F PERiL............DiSTR0 T. HELLFiRE.....+1 4032755346......1 + + FRANCE + ~~~~~~^ + MiCR0TEL......................HQ SYNDR0ME........+33 43812677.......2 + + ISRAEL + ~~~~~~^ + EXPL0SiVE BBS.................HQ RiDDLER.........+972 36590328......2 + + FiNLAND + ~~~~~~~^ + SKYSTRiKE BBS.................HQ KYMi...........+358 2851782.......1 + + ARGENTiNA + ~~~~~~~~~^ + ARGENTiNE GENERATi0N..........HQ BLACK TH0RNE...+54 1-793-7973.....1 + + :: + [::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::] + : -- Ŀ : + :--------------_,px%#X"^. GREETZ .^"X#%xq._-------------: + + .x[ AXiS xXx [MCG] ]x. .x[ ALL DA GUYZ TRYiN T0 KEEP DA SCENE ALiVE ]x. + + :: + : -- Ŀ: + ` [[-%-:NF0 DESIGN : BLACK SABBATH :-%-]] ' + [[-%-:WRITTEN BY : STAVROSS :-%-]] + --- diff --git a/textfiles.com/piracy/CRACKING/razzia.nfo b/textfiles.com/piracy/CRACKING/razzia.nfo new file mode 100644 index 00000000..2c84f093 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/razzia.nfo @@ -0,0 +1,20 @@ + + ,sdSSbs,_ ^ "bs, + l$$"^^"bs,._ ,yyyyy$$T$b + `Tl Razzia l$$$$$$Sbs,.`^^"TS$$$$$b .d""b. + `Tb,.__.,d$$$$$$$$$$$$$Ss. `T$$$$: ,sdS$$$$$$$$Sbs,`T l$ + `T$$$$S$$$$$$$$$$$$$$$S. l$$$l $$$IP"T$$$$$b b,__,P' + T$$$b, `^T$$$$$$$$$$l :$$$: `T$$, l$$$$$ $b + l$$$$b, Tb,`S$$$$$$$P' ,$$$P Ss,`' _.d$$$$P',' Tb + :$$$$$$ .,sd$$$$` _,d$$$P d$$$$b d$$$` ,$ dP ^"bs, + l$$$$P' d$$`,sdSS$$$$' l$$$$$P,$" ,s.`Tb dlyyyyy$$T$b + ,$$$$' d$$l `^^` _.d$$$$$P,$P ,d$$$$b,$b $l^^""TS$$$$$b + ,$$$$l $$$$b,.,dS$Sb, .sS$$$` $T, `T$$$$P$$P` `Tb, `T$$$$: + ,$$$$$$, `T$$$$$$$$$$$$ $" ,sd$b,`$b,_,d$$$P$d' `Tb l$$$l + T$$$$$$$, `T$$$$$KN$P'dP ,d$$$$$$$b`$SS$$$P',d' ,sdS$$$P Kn! :$$$: + `"$$$P `$$`,d$$, `T$$$$$$$P `"^^` d$' ,d$"^^` ,$$$P + ,d$$$$$b,__,d$$$$$P' `bd$P',_ _,d$$$P + Kenetic // expose `$$$$$$SS$$$' `$$$$SSSSS$$$$' + `^^"""^^` `^^` + + diff --git a/textfiles.com/piracy/CRACKING/romeod4c.txt b/textfiles.com/piracy/CRACKING/romeod4c.txt new file mode 100644 index 00000000..0c93567b --- /dev/null +++ b/textfiles.com/piracy/CRACKING/romeod4c.txt @@ -0,0 +1,157 @@ +Software Re-engineering for Dummies : An Overview +================================================= +by romeo [d4c/97] + +Before I started "software re-engineering", these questions +often popped up in my mind : + +1. How the heck can someone figure out the serial numbers? +2. What changes do you make to a program so that it's registered? + +------------------------------------------------------------------- + +INTRODUCTION +------------ + +I think it's reasonable to believe that the most widely used +debugger by all "software re-engineers" or "software reverse-engineers" +is SoftIce from Numega. The word "debugger" should tell you what +the program does. It debugs bugs. Well, people are often very +creative. If it can be used to debug bugs, it can also be used +to take a peek at how the software is programmed. + +The debugger has to be loaded before Windows is loaded. The reason +is so that any programs that run under Windows can be stopped at any +time (by pressing Ctrl-D) and have it's codes (in Assembly language) +revealed to the user. (i don't want to get too complicated) + +The ironic thing is that SoftIce is a shareware, and being the +best debugger is not any good to itself, because it is used by +"engineers" to find out what it's serial number is. + +------------------------------------------------------------------- + +INTO THE PROCESS : + +Starting Point +============== +A software is often huge and therefore full of codes. It would be +impractical to go down each line of codes and figure out what +each line does. Therefore, it's up to the "engineer's" creativity +and experience to select a starting point. "Where should I start +decipher the codes?" There are lots of techniques, which might just +sound greek to you if you're a dummy to this area. So, I'll leave +that part out. + +When a starting point is decided, the "engineer" will pay more +attention to "weird, interesting or out of the ordinary" codes. + +Probing Techniques Simplified +============================= +1. Serial Numbers + +If you have downloaded a shareware once or twice in your lifetime, +you might have come across a "Register" command which resides in +the Help|About ... dialog box most of the time. When you click on +it, you may be prompted with a box which require you to enter +your name and then a serial number that matches your name. + +Now, this means that somewhere among the codes in the program, there +may most probably be lines that says : + +A compare the serial number that has been entered with the correct + serial number that matches the name and goto B +B if it is incorrect, goto D +C show a thankyou message because the number is correct and goto D +D close the box and return to the program + +As long as the "engineer" can find these lines, it is very likely +that (s)he can just write down the number from the screen (it is +just that simple! - sometimes ...). This is sometimes referred as +to a "soft" approach. + +2. Changing Bytes + +Well, it can be very tricky sometimes that the "engineer" has to +resort to "hard/brutal re-engineering". This involves changing +certain bytes of the original program so that it works the way +the engineer wants it to work. This would most likely involve +"time-limited sharewares". These sharewares do not offer the option of +registering the program by entering a name and a number. Worse, +after certain days, they will cease to work. + +To make your life easier, let us use the previous example : + +(pretend these are the initial codes) + +A compare the serial number that has been entered with the correct + serial number that matches the name and goto B +B if it is incorrect, goto D +C show a thankyou message because the number is correct and goto D +D close the box and return to the program + +I'll show you some techniques which have been used : + +Technique 1 - Reverse the conditions +==================================== + +Often, there's only one number that matches your name. And you don't +get it right 99.9% of the time. + +So, an "engineer" can change the codes to this : + +A compare the serial number that has been entered with the correct + serial number that matches the name and goto B +B if it is incorrect, DON'T goto D +C show a thankyou message because the number is correct and goto D +D close the box and return to the program + +Since you know that you'll be incorrect, by reversing the conditions, +you'll end up registering the program. + +Technique 2 - One way conditions +================================ + +What if you happen to guess the right number? Hmm .. this means technique +1 will not work. So, this can be done : + +A compare the serial number that has been entered with the correct + serial number that matches the name and goto B +B if it is incorrect, goto C +C show a thankyou message because the number is correct and goto D +D close the box and return to the program + +Now, it doesn't matter whether you're right or wrong, you'll end up +registering the program + +Technique 3 - Tricky conditions +=============================== + +This is an alternative to technique 2 : + +A compare the serial number that has been entered with the + serial number that has been entered +B if it is incorrect, goto D +C show a thankyou message because the number is correct and goto D +D close the box and return to the program + +hehe .. this sounds funny but it works. + +Sometimes, due to the complexity of software programming, only +one of the described techniques can be used, or only a mixture of 2 or +more will work. + +------------------------------------------------------------------- + + +[ The only reason why I indulge in "software re-engineering" is + because I get pleasure out of it. The first time when I + managed to figure out a serial number for a shareware, I was + so overwhelmed; I shouted out loud with triumph and I felt so + good about myself. All boiled down to the "ummmph" that I get + - it's addictive and I wanted more each time. ] + + - anonymous "engineer" - +------------------------------------------------------------------- + +-=THE END=- diff --git a/textfiles.com/piracy/CRACKING/scanf.dox b/textfiles.com/piracy/CRACKING/scanf.dox new file mode 100644 index 00000000..6ddfc38f --- /dev/null +++ b/textfiles.com/piracy/CRACKING/scanf.dox @@ -0,0 +1,197 @@ + + + ۻ ۻ ۻ ۻ ۻ ۻ ۻ ۻ ۻ + ͼ ͼ ۻ ۻ ۺ ͼ ۺ ۺ ͼ + ۻ ۺ ۺ ۻ ۺ ۻ ۺ ۺ ۻ + ۺ ۺ ۺ ۺۻۺ ͼ ۺ ۺ ͼ + ۺ ۻ ۺ ۺ ۺ ۺ ۺ ۺ ۻ ۻ + ͼ ͼ ͼ ͼ ͼ ͼ ͼ ͼ ͼ ͼ (TM) + + + + + sCANFILE v4.0 + (C) 07.96 by mARQUIS dE sOIRE + franzz@access.digex.net + + + pROTOCOL oF iNT21 fILEOPERATIONS + fOR dOS, wIN311 (and wIN95) + + + + + iNTENTION + This program LOGs all fileoperations (INT 21) and even Interruptvector- + changes via INT 21 in a .LOG file to examine the output later. + Basically it works like Win-eXpose I/O, though you don't have to be in- + side WINdows, just run it under plain DOS or any DOS-Extender. + + Look in the example files SCANx.LOG and I am sure, you guess in a few + seconds, what sCANFILE is good for...e.g. finding missing- or key-files. + + + + + aTTENTION! + Plain DOS 7.0: sCANFILE runs just fine + DOS-Extender : no know problems under DOS4GW or any other extender + WIN 3.11 : no problems, except ASPI4DOS MUST be disabled before + statrting Win. +*WIN95 : starting sCANFILE BEFORE WIN95 should NEVER be done! + It MUST be run inside WINSTART.BAT ONLY. + Win95 DOS-Box: runs just fine, but a lot of INT21 will not reach scanfile ;) +*OS/2 : never tested + WIN/NT : no problems occured in a DOS-box, see SCAN_NT.LOG + (special thanx to SLAVA for testing) + + + + + oPTIONS + Options: SCANFILE - start scanning + SCANFILE - stop scanning + + + + + eXAMPLE SCAN1.LOG +12.11.39.ommand.om 18 4E find C:\DOS\NC.??? +12.11.39.ommand.om 4E find C:\NO\NC.??? +12.11.39.ommand.om 4B exec  C:\NO\NC.EXE +12.11.52.mem.exe 3D open E:\WINDOWS.000\COMMAND\MEM.EXE +12.11.52.mem.exe 25 SetI. al=23 +12.11.54.mem.exe 25 SetI. al=23 +12.11.54.mem.exe 02 3D open F:\2\EMMXXXX0 +12.11.54.mem.exe 3D open F:/$MMXXXX0 + ^ + Errorcodes: 02 = file not found + + + + eRRORCODES fOR sCANFILE + (see Ralph Brown's interrupt list) +Values for DOS extended error code: + 00h (0) no error + 01h (1) function number invalid + 02h (2) file not found + 03h (3) path not found + 04h (4) too many open files (no handles available) + 05h (5) access denied + 06h (6) invalid handle + 07h (7) memory control block destroyed + 08h (8) insufficient memory + 09h (9) memory block address invalid + 0Ah (10) environment invalid (usually >32K in length) + 0Bh (11) format invalid + 0Ch (12) access code invalid + 0Dh (13) data invalid + 0Eh (14) reserved + 0Fh (15) invalid drive + 10h (16) attempted to remove current directory + 11h (17) not same device + 12h (18) no more files +---DOS 3.0+ --- + 13h (19) disk write-protected + 14h (20) unknown unit + 15h (21) drive not ready + 16h (22) unknown command + 17h (23) data error (CRC) + 18h (24) bad request structure length + 19h (25) seek error + 1Ah (26) unknown media type (non-DOS disk) + 1Bh (27) sector not found + 1Ch (28) printer out of paper + 1Dh (29) write fault + 1Eh (30) read fault + 1Fh (31) general failure + 20h (32) sharing violation + 21h (33) lock violation + 22h (34) disk change invalid (ES:DI -> media ID structure)(see #0961) + 23h (35) FCB unavailable + 24h (36) sharing buffer overflow + 25h (37) (DOS 4.0+) code page mismatch + 26h (38) (DOS 4.0+) cannot complete file operation (out of input) + 27h (39) (DOS 4.0+) insufficient disk space + 28h-31h reserved + 32h (50) network request not supported + 33h (51) remote computer not listening + 34h (52) duplicate name on network + 35h (53) network name not found + 36h (54) network busy + 37h (55) network device no longer exists + 38h (56) network BIOS command limit exceeded + 39h (57) network adapter hardware error + 3Ah (58) incorrect response from network + 3Bh (59) unexpected network error + 3Ch (60) incompatible remote adapter + 3Dh (61) print queue full + 3Eh (62) queue not full + 3Fh (63) not enough space to print file + 40h (64) network name was deleted + 41h (65) network: Access denied + 42h (66) network device type incorrect + 43h (67) network name not found + 44h (68) network name limit exceeded + 45h (69) network BIOS session limit exceeded + 46h (70) temporarily paused + 47h (71) network request not accepted + 48h (72) network print/disk redirection paused + 49h (73) network software not installed + (LANtastic) invalid network version + 4Ah (74) unexpected adapter close + (LANtastic) account expired + 4Bh (75) (LANtastic) password expired + 4Ch (76) (LANtastic) login attempt invalid at this time + 4Dh (77) (LANtastic v3+) disk limit exceeded on network node + 4Eh (78) (LANtastic v3+) not logged in to network node + 4Fh (79) reserved + 50h (80) file exists + 51h (81) reserved + 52h (82) cannot make directory + 53h (83) fail on INT 24h + 54h (84) (DOS 3.3+) too many redirections + 55h (85) (DOS 3.3+) duplicate redirection + 56h (86) (DOS 3.3+) invalid password + 57h (87) (DOS 3.3+) invalid parameter + 58h (88) (DOS 3.3+) network write fault + 59h (89) (DOS 4.0+) function not supported on network + 5Ah (90) (DOS 4.0+) required system component not installed + 64h (100) (MSCDEX) unknown error + 65h (101) (MSCDEX) not ready + 66h (102) (MSCDEX) EMS memory no longer valid + 67h (103) (MSCDEX) not High Sierra or ISO-9660 format + 68h (104) (MSCDEX) door open + + + + rEVISIONS + SCANFIL0 1.0 xx.xx.92 First small eta + SCANFILJ 1.J 12.07.94 Public release I + SCANFILM 2.0 31.08.94 Public release II - Execute Parameter new defined + SCANFILM 2.5 17.06.95 Set/Get Interrupt added + SCANFILO 3.0 31.10.95 DOS 7.0/WIN95 added + SCANFILS 4.0s 18.07.96 Public release III - small changes + + + + gREETINGS + Deleter, The Riddler, Misha, Lost Soul, DjPaul, Edison, Dark-Man, The Key, + Slava, + Kiwi, Cyberjak, Prophet, Fargen, Moi, + vanHauser, Scavenger, Wilkins, + Pamela and FrMaid, + THHG, NPM, XF, THC, MCC, PC. + + + + +Ϳ + u N I T E D c R A C K I N G f O R C E +Ϳ ͻͻͻͻ ͻ ͻ ͻͻͻ ٰ + ͹͹ ͻ ͻ ͹ + ȼ Ⱥ Ⱥͼͼ ͼ ͼͼʺ Ϳ +  UCF/THHG/NPM/XF  (CU) +ٰ + + diff --git a/textfiles.com/piracy/CRACKING/shareman.txt b/textfiles.com/piracy/CRACKING/shareman.txt new file mode 100644 index 00000000..98b11288 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/shareman.txt @@ -0,0 +1,80 @@ +This text was written in - 07/13/97. + + + How to crack Shareman 1.6v? / By ^pain^ / mEXELiTE! + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +WARNING : This information is for educational purposes only!!!! + I take no responsibility for what u do with this tutorial, + and I dont really care =) + Using this info may bring ya to jail!!!!!!!!!!!!!!!!! =) + If u like the program, please register, the author + deserves that... + + +URL: + +Hi reader!, in this tut I intend to teach u guys how to crack ShareMan 1.6.... +I will assume that u already have: +1.SoftIce for win95 (If not , get it+Crack from www.acp.xforce.net). +2.Good knowledge in Assembler. +3.Strong ambition to CRACK! =) +4.Supporting family (Well, this and all next r just recommended...=)) +5.A chick.... + + Well, that's it for now....... lets go cracking..... +1.Launch your softice and then ur Shareman. +2.goto the registeration dialog box (/Help/Enter ID). +3.Well, ok, we`re ready for the mission... + what to do now? + Since this program is 16Bit we`ll set 16 Bit Api's... + Set a breakpoint on the following API's : (with BPX [API]) + 1.getdlgitemtext. + 2.GetWindowtext. + what next? write ur name/nick in the dialog box, + and a dummy registeration number...... +4.Now , press OK button, BOOM! we popped up in Soft Ice window!!!! + in the api GETWINDOWTEXT, after seeing this, we wanna delete the + unused bp's... type this: bc 00 (the 1st bp we set...), + and press F12 twice (!), to get to the code of Shareman... +5.Now, here comes the real cracking job... ;) + ************************ Theory ************************** + in this point, lets say u have a tool that loox for the + [regcode] u entered in the memory? Could this possibly help + us? Could it? Take ur time for thinkin... + Well! STOP THINKING! =) + That`ll help us to find the place where the generated + Registration number is compared with the reg number u entered!!! + and ofcourse, the CORRECT reg number..... + ********************************************************** + ok, the tool I mensioned in the theory section isnt exactly + a tool, but a command in Soft Ice... + Lets type:"S 0 l FFFFFFFF '[regcode]'" (L stands for length...). + Now softice will give u the location of the regcode on memory... + (Segment:Offset). + now, lets do a Break Point on Memory location! + type:"BPM Segment:Offset". + press CTRL+D (to make the program continue). + several times until u reach to the following instruction: + + PUSH AX + REPZ CMPSB + POP DS + JZ 0C87 + + YES!!!!!!!! we found the place where the reg numbers r compared!!!! ;) + all u have to do now is to type: + D DI-4 + and take the registration number out of there...(Make sure that I`m right, + and the correct reg + number isnt in SI! in case im wrong... u know what to do..=]) + +Well, now I wanna greet the following ppl: +========================================== +[ACP],Niabi,JosephCo,Sice_Boy,Kipn,Leddy,Volcanic (yo man..=)) +Atomic^F1 & Diffuse (Keep up the good job,guys), +_rANDOM,|KAIRN|,Scorpion,razzi/a, All the dudes +in #cracking in #Cracking4newbies And all the +dudes that deserve that...... + +Signing off (with broken fingers :-) ) (c) ^pain^ productions `97... + \ No newline at end of file diff --git a/textfiles.com/piracy/CRACKING/sice3.qrf b/textfiles.com/piracy/CRACKING/sice3.qrf new file mode 100644 index 00000000..183cd607 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/sice3.qrf @@ -0,0 +1,336 @@ +SoftIce 3.0 Quick Reference..... By ZeroDay [Feb 07 1997] +============================================================================== +SOFTICE COMMANDS +============================================================================== +SETTING BREAKPOINTS: +BPM Breakpoint on memory access +BPMB Breakpoint on memory access +BPMW Breakpoint on memory access +BPMD Breakpoint on memory access +BPR Breakpoint on memory range +BPIO Breakpoint on I/O port access +BPINT Breakpoint on interrupt +BPX Breakpoint on execution +BMSG Breakpoint on windows message +BSTAT Breakpoint statistics +CSIP Set CS:EIP range qualifier + +MANIPULATING BREAKPOINTS: +BPE Edit breakpoint +BPT Use breakpoint as a template +BL List current breakpoints +BC Clear Breakpoint +BD Disable breakpoint +BE Enable breakpoint +BH Breakpoint history + +DISPLAY/CHANGE MEMORY: +R Display/change register contents +U Un-Assemblers instructions +D Display memory +DB Display memory +DW Display memory +DD Display memory +DS Display memory +DL Display memory +DT Display memory +E Edit memory +EB Edit memory +EW Edit memory +ED Edit memory +ES Edit memory +EL Edit memory +ET Edit memory +PEEK Read from physical address +POKE Write to physical address +H Help on specified function +? Evaluate expression +VER SoftIce version +WATCH Add watch +FORMAT Change format of data window +DATA Change data window + +DISPLAY SYSTEM INFORMATION: +GDT Display global descriptor table +LDT Display local descriptor table +IDT Display interrupt descriptor table +TSS Display task state segment +CPU Display CPU register information +PCI Display PCI device information +MOD Display windows module list +HEAP Display windows global heap +LHEAP Display windows local heap +VXD Display windows VxD map +TASK Display windows task list +VCALL Display VxD calls +WMSG Display windows messages +PAGE Display page table information +PHYS Display all virtual addresses for physical address +STACK Display call stack +XFRAME Display active exception frames +MAPV86 Display v86 memory map +HWND Display window handle information +CLASS Display window class information +VM Display virtual machine information +THREAD Display thread information +ADDR Display/change address contents +MAP32 Display 32bit section map +PROC Display process information +QUERY Display processes virtual address space map +WHAT Identify the type of expression + +I/O PORT COMMANDS: +I Input data from i/o port +IB Input data from i/o port +IW Input data from i/o port +ID Input data from i/o port +O Output data to i/o port +OB Output data to i/o port +OW Output data to i/o port +OD Output data to i/o port + +FLOW CONTROL COMMANDS: +X Return to host debugger or program +G Go to address +T Single step one instruction +P Step skipping calls, Int, etc +HERE Go to current cursor line +EXIT Force an exit to current dos/windows program +GENINT Generate an interrupt +HBOOT System boot (total reset) + +MODE CONTROL: +I1HERE Direct INT1 to SoftIce +I3HERE Direct INT3 to SoftIce +ZAP Zap embedded INT1 or INT3 +FAULTS Enable/disable SoftIce fault trapping +SET Change an internal variable + +CUSTOMIZATION COMMANDS: +PAUSE Control display scroll mode +ALTKEY Set key sequence to invoke window +FKEY Display/Set function keys +DEX Display/assign window data expression +CODE Display instruction bytes in code window +COLOR Display/set screen colors +ANSWER Auto-answer and redirect console to modem +DIAL Redirect console to modem +SERIAL Redirect console +TABS Set/Display tab settings +LINES Set/display number of lines on screen +PRN Set printer output port +MACRO Define a named macro command + +UTILITY COMMANDS: +A Assemble code +S Search for data +F Fill memory with data +M Move data +C Compare two data blocks + +WINDOW COMMANDS: +WC Toggle code window +WD Toggle data window +WF Toggle floating point stack window +WL Toggle locals window +WR Toggle register window +WW Toggle watch window +EC Enable/disable code window +. Locate current instruction + +WINDOW CONTROL: +CLS Clear window +RS Restore program screen +ALTSCR Change to alternate display +FLASH Restore screen during P and T + +SYMBOL/SOURCE COMMANDS: +SYMLOC Relocate symbol base +EXP Display export symbols +SRC Toggle between source,mixed & code +TABLE Select/remove symbol table +FILE Change/display current source file +SS Search source module for string +TYPES List all types, or display type definition +LOCALS Display locals currently in scope + +BACK TRACE COMMANDS: +SHOW Display from backtrace buffer +TRACE Enter backtrace simulation mode +XT Step in trace simulation mode +XP Program step in trace simulation mode +XG Go to address in trace simulation mode +XRSET Reset backtrace history buffer + +SPECIAL OPERATORS: +. Preceding a decimal number specifies a line number +$ Preceding an address specifies SEGMENT addressing +# Preceding an address specifies SELECTOR addressing +@ Preceding an address specifies indirection + +LINE EDITOR KEY USAGE: +[PRINT-SCREEN] Dump Screen to printer +[UP ARROW] Recall previous command line +[DOWN ARROW] Recall next command line +[RIGHT ARROW] Move cursor right +[LEFT ARROW] Move cursor left +[BACKSPACE] Back over last character +[HOME] Start of line +[END] End of line +[INS] Toggle insert mode +[DEL] Delete character +[ESC] Cancel current command + +SCROLLING KEY USAGE: +[PAGEUP] Display previous page of display history +[PAGEDOWN] Display next page of display history +[ALT-DN ARROW] Scroll data window down one line +[ALT-UP ARROW] Scroll data window up one line +[ALT-PAGEUP] Scroll data window down one page +[ALT-PAGEDOWN] Scroll data window up one page +[CTRL-UP ARROW] Scroll code window down one line +[CTRL-DN ARROW] Scroll code window up one line +[CTRL-PAGEUP] Scroll code window down one page +[CTRL-PAGEDOWN] Scroll code window up one page +============================================================================== + + +============================================================================== +SOFTICE TABLE OF OPERATORS (USED FOR EXPRESSIONS) +============================================================================== +Indirection Operators Example +----------------------- ------------------------------------------------------ +-> ebp->8 (Gets DWord Pointed To By ebp+8) +. eax.1C (Gets DWord Pointed To By eax+1C) +* *eax (Gets DWord Value Pointed To By eax) +@ @eax (Gets DWord Value Pointed To By eax) +&symbol &symbol (Gets the address of the symbol) +------------------------------------------------------------------------------ +Math Operators Example +----------------------- ------------------------------------------------------ +Unary + +42 (Decimal) +Unary - -42 (Decimal) ++ eax + 1 +- ebp - 4 +* ebx * 4 +/ Symbol / 2 +% (Modulo) eax % 3 +<< (Logical Shift Left) bl << 1 (Result is bl shifted left by 1) +>> (Logical Shift Right)eax >> 2 (Result is eax shifted right by 2) +------------------------------------------------------------------------------ +BitWise Operators Example +----------------------- ------------------------------------------------------ +& (Bitwise AND) eax & F7 +| (Bitwise OR) Symbol | 4 +^ (Bitwise XOR) ebx ^ 0xFF +~ (Bitwise NOT) ~dx +------------------------------------------------------------------------------ +Logical Operators Example +----------------------- ------------------------------------------------------ +! (Logical NOT) !eax +&& (Logical AND) eax && ebx +|| (Logical OR) eax || ebx +== (Compare Equality) Symbol == 4 +!= (Compare InEquality) Symbol != al +< eax < 7 +> bx > cx +<= ebx <= Symbol +>= Symbol >= Symbol +------------------------------------------------------------------------------ +Special Operators Example +----------------------- ------------------------------------------------------ +. (Line Number) .123 (Value is Address of line 123 in source file) +() (Grouping Symbols) (eax+3)*4 +, (Arguements List) Function(eax,ebx) +: (Segment Operator) es:ebx +Function word(Symbol) +# (Prot-Mode Selector) #es:ebx (Address is protected mode Selector:Offset) +$ (Real-Mode Segment) $es:di (Address is real mode segment:offset) +============================================================================== + + +============================================================================== +SOFTICE BUILT IN FUNCTIONS:(USED FOR EXPRESSIONS) +============================================================================== +Name Description Example +--------------- ------------------------------- ------------------------------ +BYTE Get Low Order Byte ? Byte(0x1234=0x34 +WORD Get Low Order Word ? Word(0x12345678)=0x5678 +DWORD Get Low Order DWord ? DWord(0xFF)=0x000000FF +HIBYTE Get High Order Byte ? HiByte(0x1234)=0x12 +HIWORD Get High Order Word ? HiWord(0x12345678)=0x1234 +SWORD Convert Byte To Signed Word ? SWord(0x80)=0xFF80 +LONG Convert Byte Or Word To signed ? Long(0xFF)=0xFFFFFFFF + Long ? Long(0xFFFF)=0xFFFFFFFF +WSTR Display as UniCode String ? WSTR(cax) +FLAT Convert to a selector relative ? Flat(fs:0)=0xFFDFF000 + address to a linear (flat) addr +CFL Carry Flag ? CFL=Bool-Type +PFL Parity Flag ? PFL=Bool-Type +AFL Auxiliary Flag ? AFL=Bool-Type +ZFL Zero Flag ? ZFL=Bool-Type +SFL Sign Flag ? SFL=Bool-Type +OFL OverFlow Flag ? OFL=Bool-Type +RFL Resume Flag ? RFL=Bool-Type +TFL Trap Flag ? TFL=Bool-Type +DFL Direction Flag ? DFL=Bool-Type +IFL Interrupt Flag ? IFL=Bool-Type +NTFL Nested Task Flag ? NTFL=Bool-Type +IOPL IOPL Level ? IOPL=Current IO Privilege + Level +VMFL Virtual Machine Flag ? VMFL=Bool-Type +IRQL Windows NT OS IRQ Level ? IRQL=Unsigned-Char +DATAADDR Returns The Address Of The dd @DATAADDR + First Item Displayed In Data + Window +CODEADDR Returns The Address Of The ? CODEADDR + First Instruction Displayed In + The Code Window +EADDR Effective Address (If Any) Of EADDR + The Current Instructions +EVALUE Current Value Of The Effective EVALUE + Address +PROCESS KPEB(Kernal Process Environment ? PROCESS + Block) Of The Active OS Process +THREAD KTEB(Kernal Thread Environment ? THREAD + Block) Of The Active OS Thread +PID Active Process ID ? PID == Test32PID +TID Active Thread ID ? TID == Test32MainTID +BPCOUNT BreakPoint Instance Count BPIF bpcount==0x10 +BPTOTAL BreakPoint Total Count BPIF bptotal==0x10 +BPMISS BreakPoint Instance Miss Count BPIF bpmiss==0x20 +BPLOG BreakPoint Silent Log BPIF bplog +BPINDEX Current BreakPoint Index # BPDO "bd bpindex" +============================================================================== + + +============================================================================== +SOFTICE TABLE OF OPERATOR PRECEDENCE (USED FOR EXPRESSIONS) +============================================================================== +Operator Associates Comment +--------------- --------------- ---------------------------------------------- +(,),FUNCTION Scopes(Precedence OverRide),Function +->,. Left To Right Indirection +: Left To Right Segment:Offset +#,$ Right To Left Protected Mode Selector,Real Mode Segment +*,@ Right To Left Indirection +Unary + Default Radix == Decimal +Unary - Default Radix == Decimal +!,~ Logical Not,Bitwise Not +. Line Number +*,/,% Left To Right Multiply,Divide,Modulo ++,- Left To Right Plus,Minus +<<,>> Left To Right Logical Shift Left, Logical Shift Right +<,<=,>,>= Left To Right Less Than,Less Than Equal,Greater Than..... +==,!= Left To Right Equal To,Not Equal To +& Left To Right Bitwise AND +^ Left To Right BitWise XOR +| Left To Right BitWise OR +&& Left To Right Logical AND +|| Left To Right Logical OR +COMMA Left To Right Argument List +------------------------------------------------------------------------------ +Use of Parenthisis () overrides precedence (means its done first) +============================================================================== + + diff --git a/textfiles.com/piracy/CRACKING/sigma-4f.nfo b/textfiles.com/piracy/CRACKING/sigma-4f.nfo new file mode 100644 index 00000000..1c429e7b --- /dev/null +++ b/textfiles.com/piracy/CRACKING/sigma-4f.nfo @@ -0,0 +1,75 @@ + ___ ___ ________________________ ___ + / / / /___ / _____________________/ \ \ + / / / /_/ /__ / /___ ___ ___ __ ___ \ \ + / / /____ ___/ / ____// / / / \/ / \ \ + \ \ / / / / / /_/ / / / / + \__\ /__/ /__/ /_______/__/\___/ im /__/ + we make ALL just 4 fun + + + -= S i G M A 's =- + -= Universal Improved Patcher Volume =- + + + Hmn i have not much to talk but i have to greet these Persons: + + DiGiT [4fUN], Dr. Lazy [LKCC], B0SS [ACURA] & All Patch Authors + + No we come to the Statistics...... :) + + + HISTORY +~~~~~~~~~~~ + - at all [16] + + - dongle [1] + - register [8] + - keyfile [3] + - nags [3] + - cheats [1] + - serials# [] + + +vXX.XX.96 6 Added +~~~~~~~~~~~~~~~~~~ + 4DOS v5.52 [register] new XX/XX/96 + VGACOPY v6.20 [keyfile] new XX/XX/96 + Cubasis Audio v1.0 [dongle] new XX/XX/96 + Hexworkshop 32 v2.10 [keyfile] new XX/XX/96 + Paintshop Pro 32 [nag-screen] new XX/XX/96 + ARJ v2.50a.de [register] new XX/XX/96 + + + +v27.10.96 2 Added, birthday of this NFO +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + PV v2.61 German [register] new 26/10/96 + PV v2.61 English [register] new 27/10/96 + This NFO file [-] new 27/10/96 + +v26.01.97 3 Added +~~~~~~~~~~~~~~~~~~ + Microangelo v2.1 [register] new 11/01/97 + U.F.O v1.45d [nag-screen] new 12/01/97 + Tomb Raider [cheat] new 14/01/97 + +v17.02.97 1 Added +~~~~~~~~~~~~~~~~~~ + Disk Copy Fast 5.3a [keyfile] new 17/02/97 + +v11.04.97 2 Added, 1 Corrected, UP Volume -> UIP Volume Converted +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + Disk Copy Fast 5.3a [keyfile] Corrected 11/04/97 + PV v2.62 German [register] new 11/04/97 + PV v2.62 English [register] new 11/04/97 + +v13.04.97 2 Added +~~~~~~~~~~~~~~~~~~ + Tropic NFS/32 v2.0b [-] new 13/04/97 + Grab a site v2.1.1 [nag-screen] new 13/04/97 + +v19.04.97 1 Added +~~~~~~~~~~~~~~~~~~ + Rebirth v1.0b5 [-] new 19/04/97 + +-[eof]----------------------------------------------------------------------- diff --git a/textfiles.com/piracy/CRACKING/t!tutor.txt b/textfiles.com/piracy/CRACKING/t!tutor.txt new file mode 100644 index 00000000..455a9bda --- /dev/null +++ b/textfiles.com/piracy/CRACKING/t!tutor.txt @@ -0,0 +1,697 @@ +== ASM KEYGEN TUTORIAL - WRITTEN BY TERAPHY [PC97] +=================================================== + +This is the tools i use in this tutorial: + Soft-Ice 3.01 + W32Dasm 8.9 *Regged* + Tasm/Tlink + + +Getting Started: + What we should do is to get the registration code, +find where the code is being calculated and rip it out. +I will use two easy programs as examples, +Command Line 97 1.0, and Flywheel V1.02b. + + +Command Line 97 1.0: +(http://www.odyssey.net/subscribers/js01/index.html) + This program has a real simple code calculation. +I will guide you step by step how to get the serial, +how to rip it and how to make a working keygen. + +1. Start the Program + +2. Select Register + +3. Go into Soft-Ice by pressing Ctrl-D, and set a breakpoint on + GetDlgItemTextA. Type 'bpx getdlgitemtexta'. Now Press Ctrl-D + again to get out from Soft-Ice. + +4. Enter your name and a serial... I used 'TERAPHY' and '12345' + +5. Press OK Button.. Soft-Ice will now show up inside the call + to GetDlgItemTextA. Press F11 to get out of that call. + +Scroll up a bit and u will see this + +:0040254B 6A1E push 0000001E +:0040254D 68300B4100 push 00410B30 +:00402552 68F0030000 push 000003F0 +:00402557 56 push esi +:00402558 FF1550234100 Call [USER32!GetDlgItemTextA] + +The memory location being pushed at 40254D is where your name is +stored. Type 'd 410B30', and you should see your name. + +Below this you'll see + +:0040255E 6A00 push 00000000 +:00402560 BF300B4100 mov edi, 00410B30 +:00402565 6A00 push 00000000 +:00402567 68FC030000 push 000003FC +:0040256C 56 push esi +:0040256D FF1518234100 Call [USER32!GetDlgItemInt] + +Step until you reach 40256D. The call to Getdlgitemint returns +what you typed in as serial in eax. Type '? eax' and you will +see this '00003039 0000012345 "09"'. 3039 is 12345 in hex. +Also notice :00402560. This command moves the offset of your name +into edi. + +Below this, you will see + +:00402573 B9FFFFFFFF mov ecx, FFFFFFFF +:00402578 A354A54000 mov dword ptr [0040A554], eax +:0040257D 2BC0 sub eax, eax +:0040257F F2 repnz +:00402580 AE scasb +:00402581 F7D1 not ecx +:00402583 49 dec ecx + +:00402578 saves your code for later use. +The rest of the code is used to calculate the string length of +your name... After this has been executed ecx contains the length +of your name. In my case '7'. + +Below this, you'll see + +:00402584 0FBE05300B4100 movsx eax, byte ptr [00410B30] +:0040258B 0FAFC8 imul ecx, eax +:0040258E C1E10A shl ecx, 0A +:00402591 81C1CCF80200 add ecx, 0002F8CC +:00402597 890D50A54000 mov dword ptr [0040A550], ecx +:0040259D 390D54A54000 cmp dword ptr [0040A554], ecx + +:00402584 moves the byte of the first letter to eax. +In my case 54('T'). The next line multiplys eax (54), +with ecx (7). shl ecx, 0A means multiply ecx with 2^10. +And finnaly we add 02F8CC to ecx. +At :0040259D the registration code is compared with what +we typed in, remember it moved our code to [0040A554]. +Type '? ecx' and you can see your real code. +But we don't just want the code, do we? +Leave SoftIce and exit Command Line 97. + +6. Start W32Dasm, and dissasemble cline97.exe + Save dissasembly to file and exit. + +7. Now we are going to build the keygen itself. +Start your favorite texteditor and enter this code. + + +Code Segment Byte Public +Assume Ds:Code,Cs:Code +Org 100h +P386 ; this enables 386 instructions + and 32bit registers + +Start: + + mov ah,09 + mov dx,offset Intro + int 21h ; Show intro msg + + mov ah,0Ah + mov dx,offset Namesto + int 21h ; Get name + + +Now load the dissasembly (cline97.alf) into your texteditor. +Goto :00402573. Copy all code from here down to :00402591, +and paste it into your asm source. + +It will look like this +:00402573 B9FFFFFFFF mov ecx, FFFFFFFF +:00402578 A354A54000 mov dword ptr [0040A554], eax +:0040257D 2BC0 sub eax, eax +:0040257F F2 repnz +:00402580 AE scasb +:00402581 F7D1 not ecx +:00402583 49 dec ecx +:00402584 0FBE05300B4100 movsx eax, byte ptr [00410B30] +:0040258B 0FAFC8 imul ecx, eax +:0040258E C1E10A shl ecx, 0A +:00402591 81C1CCF80200 add ecx, 0002F8CC + +Now you can start ripping. You should remove everything except the command +itself. The line :00402578 is obviously not needed, because it saves the +inputed regcode for later use, and our keygen does not prompt for regcode, +it calculates =) + +The source in your program should look like this. + + mov ecx, FFFFFFFF + sub eax, eax + repnz + scasb + not ecx + dec ecx + movsx eax, byte ptr [00410B30] + imul ecx, eax + shl ecx, 0A + add ecx, 0002F8CC + +If you remember, it moved the offset of Name into edi earlier. +So we need to add this before mov ecx, FFFFFFFF + xor edi,edi + mov di, offset Namesto+2 ; this must be +2, becaue that's there + ; the actuall name begins. + +The command mov ecx, FFFFFFFF can't be compiled this way, so we +have to change it to mov ecx, 0FFFFFFFFh. + +movsx eax, byte ptr [00410B30] is not valid either, because +our name is'nt on [00410B30]. This could be changed to + xor edi,edi + mov di, offset Namesto+2 + movsx eax, byte ptr [edi] + +Both 'shl ecx, 0A' and 'add ecx, 0002F8CC' needs to be changed to +valid hex format: 'shl ecx, 0Ah' and 'add ecx 2F8CCh' + +We now have a source that should look like this + + xor edi,edi + mov di,offset Namesto+2 + mov ecx, 0FFFFFFFFh + sub eax, eax + repnz + scasb + not ecx + dec ecx + xor edi,edi + mov di,offset Namesto+2 + movsx eax, byte ptr [edi] + imul ecx, eax + shl ecx, 0Ah + add ecx, 2F8CCh + +after the dec ecx, we need to add another dec ecx, +because when we enter our name, the last char will not be, +in my case, 'y', it will be 0Dh, the enter key. +This function, as it is, will return, in my case, ecx=8, +not ecx=7 as it should be. + +movsx eax, byte ptr [edi] moves the ascii code of the first +letter to eax. But, what if the user enters a name with a +small letter? The input box in Command Line 97 automaticly +makes it capital letters. This could be fixed by adding this +code below movsx eax, byte ptr [edi]. + + cmp eax, 061h ; compare eax with 61h (a) + jb capital ; jump if below + cmp eax, 07Ah ; compare eax with 7Ah (z) + ja capital ; jump if above + sub eax,20h ; convert char to capital +capital: + +Our code now looks like + +Code Segment Byte Public +Assume Ds:Code,Cs:Code +Org 100h +P386 ; this enables 386 instructions + and 32bit registers + +Start: + + mov ah,09 + mov dx,offset Intro + int 21h ; Show intro msg + + mov ah,0Ah + mov dx,offset Namesto + int 21h ; Get name + + xor edi,edi + mov di,offset Namesto+2 + mov ecx, 0FFFFFFFFh + sub eax, eax + repnz + scasb + not ecx + dec ecx + dec ecx + xor edi,edi + mov di,offset Namesto+2 + movsx eax, byte ptr [edi] + cmp eax, 061h + jb capital + cmp eax, 07Ah + ja capital + sub eax,20h +capital: + imul ecx, eax + shl ecx, 0Ah + add ecx, 2F8CCh + +What we need now is a routine to show the serial. +We know that the serial is the decimal value of ecx. + + xor esi,esi + mov si,offset Serial+9 ; esi is the offset there the + ; regnumber will be stored + + mov eax,ecx ; eax should be reg number + mov ecx,0Ah +KeepGoing: + xor edx,edx + div ecx + add dl,30h + cmp dl,3Ah + jl printnow + add dl,7 +printnow: + dec esi + mov [esi],dl + or eax,eax + jnz keepgoing + +After this serial contains the registration code. +You don't really need to understand this code. It can be used +by any keygen there the code is the decimal value of a register. + +The only thing left to do is to add the command that's writes +this to screen. + + mov ah, 9 + mov dx, offset RegPrompt + int 21h + +And finnaly quit. + int 20h + +The full source should look like this + +; COMMAND LINE 97 *KEYGEN* +; CODED BY TERAPHY [PC97] + +Code Segment Byte Public +Assume Ds:Code,Cs:Code +Org 100h +P386 ; this enables 386 instructions + ; and 32bit registers + +Start: + + mov ah,09 + mov dx,offset Intro + int 21h ; Show intro msg + + mov ah,0Ah + mov dx,offset Namesto + int 21h ; Get name + + xor edi,edi + mov di,offset Namesto+2 + mov ecx, 0FFFFFFFFh + sub eax, eax + repnz + scasb + not ecx + dec ecx + xor edi,edi + mov di,offset Namesto+2 + movsx eax, byte ptr [edi] + cmp eax, 061h + jb capital + cmp eax, 07Ah + ja capital + sub eax,20h +capital: + imul ecx, eax + shl ecx, 0Ah + add ecx, 2F8CCh + + xor esi,esi + mov si,offset Serial+9 + mov eax,ecx + mov ecx,0Ah +KeepGoing: + xor edx,edx + div ecx + add dl,30h + cmp dl,3Ah + jl printnow + add dl,7 +printnow: + dec esi + mov [esi],dl + or eax,eax + jnz keepgoing + + mov ah, 9 + mov dx, offset RegPrompt + int 21h + + int 20h + +Intro db 13,10,'COMMAND LINE 97 *KEYGEN*' + db 13,10,'CODED BY TERAPHY [PC97]',13,10 + db 13,10,'Enter your name: $' + +RegPrompt db 13,10,'Your registration key is: ' +Serial db 0,0,0,0,0,0,0,0,0,0,13,10,24h + +Namesto db 18h,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 + +Code Ends +End Start + +8. Compile the code with tasm. + tasm keygen.asm + tlink /t keygen.asm + You must link with the /t option for the keygen to run, + it makes it a com file. + +9. Congratulations! You have just made your first(?) keygen! + + +Flywheel V1.02b +(http://www.plannetarium.com) + +1. Start the Program + +2. Select Register + +3. Go into Soft-Ice by pressing Ctrl-D, and set a breakpoint on + GetDlgItemTextA. Type 'bpx getdlgitemtexta'. Now Press Ctrl-D + again to get out from Soft-Ice. + +4. Enter your name ('TERAPHY') and any serial ('12345'). + Press OK button, and Soft-Ice will show up. + +Scroll up a little bit and you'll see this + +:00402ACD 8D4C242C lea ecx, [esp+2C] +:00402AD1 66AB stosw +:00402AD3 6800010000 push 00000100 +:00402AD8 51 push ecx +:00402AD9 6A65 push 00000065 +:00402ADB 56 push esi +:00402ADC AA stosb +:00402ADD FF151C154100 Call [USER32!GetDlgItemTextA] + +The important adress is there your name is being pushed, and +that is push ecx. ecx got is value from 'lea ecx,[esp+2C]'. +Type 'd esp+2c', and you should see your name. + +Below is a call to GetDlgItemInt, and as you remember it returns +the inputed value to eax. Type '? eax' to see the serial you wrote. + +Below this, you'll see this + +:00402AF3 8D54242C lea edx, [esp+2C] +:00402AF7 50 push eax +:00402AF8 52 push edx +:00402AF9 E8D2F9FFFF call 004024D0 +:00402AFE 83C408 add esp, 00000008 +:00402B01 85C0 test eax, eax + +'lea edx,[esp+2C]' moves the offset of your name into edx, +and then it pushes to stack. And eax contains our serial. +And after the call it tests if eax is true or false. +This call is there the registration code is being calculated. + +We trace into it. Step past the first instructions until you reach + +:004024EF B81F85EB51 mov eax, 51EB851F +:004024F4 F7E7 mul edi +:004024F6 C1EA05 shr edx, 05 +:004024F9 52 push edx +:004024FA 56 push esi +:004024FB E8B0000000 call 004025B0 + +004024EF - 004024F6 makes edx all digits except the two last +of what we typed in as serial. If you wrote '12345' edx will +be '123', and if you wrote '072597' edx will be '0725'. + +Then it pushes edx and esi. esi is the offset to your name. +Trace into the call. Step past a few instructions until you reach + +:004025B8 8A06 mov al, byte ptr [esi] +esi contains the offset to your name, so this instrucion moves +the ascii code of the first letter to al, in my case '54' + +:004025BA 84C0 test al, al +:004025BC 7426 je 004025E4 +This instrucions checks if we have inputed any name, if not it jumps. + +:004025BE 0FBEC0 movsx eax, al +This instrucion moves al, to eax. If eax = FFFFFF54, +after this eax would have been 00000054 + +:004025C1 50 push eax +:004025C2 E889140000 call 00403A50 +At a first look this call only moves the eax value to ecx. +But it does also check for a space (20h) in eax. It returns +false if not a space. + +:004025C7 83C404 add esp, 00000004 +This code changes the stack and should be ignored + +:004025CA 85C0 test eax, eax +:004025CC 750E jne 004025DC +Test if a space was found. Jump if found. + +:004025CE 0FBE0E movsx ecx, byte ptr [esi] +This moves the letter into ecx (there it should already be). + +:004025D1 51 push ecx +:004025D2 E8E9120000 call 004038C0 +If you, as in my case, wrote your name with a capital letter, +this call will return eax = ascii code for your letter + 20h. +This means it has been converted to a small letter. + +:004025D7 83C404 add esp, 00000004 +Ignore this + +:004025DA 03F8 add edi, eax +Add edi, eax. Eax is the value of our char as small letter. + +:004025DC 8A4601 mov al, byte ptr [esi+01] +:004025DF 46 inc esi +Moves the value of the next char into al + +:004025E0 84C0 test al, al +:004025E2 75DA jne 004025BE +Test if al is 0. This means the end of our name has been reached. +Jump if al is not 0. + +What this code has done, as you probably already figured out, is +add the ascii value of all chars into edi. Except spaces (20h). +It has also converted all capital chars into small letters. + +:004025E4 8B4C2410 mov ecx, [esp+10] +This moves what we typed in (except the last two digits) into ecx + +:004025E8 8D14BF lea edx, [edi+4*edi] +:004025EB 2BCF sub ecx, edi +:004025ED 8D1457 lea edx, [edi+2*edx] +:004025F0 85D2 test edx, edx +:004025F2 740F je 00402603 +:004025F4 B8ABAAAAAA mov eax, AAAAAAAB +:004025F9 F7E2 mul edx +:004025FB D1EA shr edx, 1 +:004025FD 81C204060200 add edx, 00020604 +:00402603 33C0 xor eax, eax +:00402605 3BCA cmp ecx, edx + +This code checks if you typed in the right number. +At 402605 the compare is made. But ecx is no longer +what we wrote as serial, because of the 'sub ecx,edi' +command. We could make a simple equation of this. + +Assume X is our registration code (except the two digits). + 'X - EDI = EDX' + +Now type '? edx+edi' and, in my case, I'll get '136182' +as decimal value. This is my regcode, except the two last +digits. These digits could be anything. +Now then we know my registration code is '13618200', +we can start on the keygen. + +5. Run W32Dasm and dissasemble flywheel.exe (the file is located + in 'C:\Program Files\Plannet Crafters\Flywheel') + Save the dissasembly to disk and quit. + +6. Now it's time to start on the code. We can use the same start + as in the last keygen. We go directly to the ripping part. + +You can start by copy all code from 4025B8 to 402605 into your program. +That will look like this. + +:004025B8 8A06 mov al, byte ptr [esi] +:004025BA 84C0 test al, al +:004025BC 7426 je 004025E4 +:004025BE 0FBEC0 movsx eax, al +:004025C1 50 push eax +:004025C2 E889140000 call 00403A50 +:004025C7 83C404 add esp, 00000004 +:004025CA 85C0 test eax, eax +:004025CC 750E jne 004025DC +:004025CE 0FBE0E movsx ecx, byte ptr [esi] +:004025D1 51 push ecx +:004025D2 E8E9120000 call 004038C0 +:004025D7 83C404 add esp, 00000004 +:004025DA 03F8 add edi, eax +:004025DC 8A4601 mov al, byte ptr [esi+01] +:004025DF 46 inc esi +:004025E0 84C0 test al, al +:004025E2 75DA jne 004025BE +:004025E4 8B4C2410 mov ecx, dword ptr [esp+10] +:004025E8 8D14BF lea edx, dword ptr [edi+4*edi] +:004025EB 2BCF sub ecx, edi +:004025ED 8D1457 lea edx, dword ptr [edi+2*edx] +:004025F0 85D2 test edx, edx +:004025F2 740F je 00402603 +:004025F4 B8ABAAAAAA mov eax, AAAAAAAB +:004025F9 F7E2 mul edx +:004025FB D1EA shr edx, 1 +:004025FD 81C204060200 add edx, 00020604 +:00402603 33C0 xor eax, eax +:00402605 3BCA cmp ecx, edx + +Here is how I would have ripped this into the program, +with comments. + +; THIS REPLACES 4025BE - 4025E2 + + xor ecx,ecx + xor edi,edi + mov di, offset NameSto+2 ; Mov the offset of your name + ; into edi +anotherchar: + movsx eax, byte ptr [di] ; Get char from [di] + + cmp eax, 20h ; Compare your letter with 20h + je space ; Jump if equal + + cmp eax, 041h ; Compare your letter to see + jb capital ; if it's already is a + cmp eax, 05Ah ; small lettter + ja capital + add eax,20h ; If capital char, add 20h to make + ; it a small letter. +capital: + add ecx, eax ; add eax to ecx, if not space +space: + + inc di ; inc di to make it point to the + ; next char. + + cmp byte ptr [di], 0dh ; Compare next char with 0Dh (return) + ; Remember then we get our name, it + ; ends with a 0Dh + + jne anotherchar ; Jump if not 0Dh + mov edi, ecx + +; CODE BELOW REPLACES 4025E2 - 402603 +; All commands with ecx (our inputed code) is not needed +; because we do not input any code. + + xor edx,edx + lea edx, [edi + 4*edi] + lea edx, [edi + 2*edx] + mov eax, 0AAAAAAABh + mul edx + shr edx, 1 + add edx, 20604h + + xor ecx, ecx ; Here we do our equation + add ecx, edx ; + add ecx, edi ; ecx = edx + edi + +After this, ecx contains the regcode. +The complete source could look like this. + +Code Segment Byte Public +Assume Ds:Code,Cs:Code +Org 100h +P386 + +Start: + + mov ah,09 + mov dx,offset Intro + int 21h ; Show intro msg + + mov ah,0Ah + mov dx,offset Namesto + int 21h ; Get name + + xor ecx,ecx + xor edi,edi + mov di, offset NameSto+2 +anotherchar: + movsx eax, byte ptr [di] + cmp eax, 20h + je space + cmp eax, 041h + jb capital + cmp eax, 05Ah + ja capital + add eax,20h +capital: + add ecx, eax +space: + inc di + cmp byte ptr [di], 0dh + jne anotherchar + mov edi, ecx + xor edx,edx + lea edx, [edi + 4*edi] + lea edx, [edi + 2*edx] + mov eax, 0AAAAAAABh + mul edx + shr edx, 1 + add edx, 20604h + xor ecx, ecx + add ecx, edx + add ecx, edi + + xor esi,esi + mov si,offset Serial+9 + mov eax,ecx + mov ecx,0Ah +KeepGoing: + xor edx,edx + div ecx + add dl,30h + cmp dl,3Ah + jl printnow + add dl,7 +printnow: + dec esi + mov [esi],dl + or eax,eax + jnz keepgoing + + mov ah, 9 + mov dx, offset RegPrompt + int 21h + + int 20h + +Intro db 13,10,'FLYWHEEL 1.2 *KEYGEN*' + db 13,10,'CODED BY TERAPHY [PC97]',13,10 + db 13,10,'Enter your name: $' + +RegPrompt db 13,10,'Your registration key is: ' +Serial db 0,0,0,0,0,0,0,0,0,'0','0',13,10,24h + +Namesto db 18h,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 + +Code Ends +End Start + + +Now compile, run and enjoy! :) + + +================== += TERAPHY [PC97] = += 07/25/1997 = +================== \ No newline at end of file diff --git a/textfiles.com/piracy/CRACKING/timetrial.txt b/textfiles.com/piracy/CRACKING/timetrial.txt new file mode 100644 index 00000000..5ccf996a --- /dev/null +++ b/textfiles.com/piracy/CRACKING/timetrial.txt @@ -0,0 +1,422 @@ +WinTar-Remote tut! 24/08/97 +=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= +Program: WinTar-Remote +Version: 2.2.1 +URL:http://www.spiralcomm.com +Description: i know shit about this program i picked up cause of the + size +Operating System: Windows +Cracker: nIabI [Me'97] +Level: Intermediate +Tools: SoftICE, W32Dasm, a Hex Editor. +Protection Type: 30 day trial +Encrypted/DLL: No +Method: Dissasemble + +0.-index: + +0.-index +1.-Intro +2.-What We need (tools) +3.-Let's Crack the splash screen +4.- Lic. screen removal +5.- The 1s part of the time trial +6.- The 2nd part of the time trial +7.-Last Notes +8.-Notes +9.-Thak you's + + + +1.- Intro: + +Hello, ok here again on another tut for C4N, this time i am goin to talk about Time Trials +Even tough they are easy a lot of ppl still don't get it so this is why this tut is gone +(hopefully) teach you, also i will teach some of nag remove and bmp (splash) screens :-) + +ok, the program had to be a time trial (of course) but we need it a not to big program but one +that had some potencial in it or i could have used Rhino 3d wich is not small and does not +have any teaching potential (u changed one byte and it's cracked) so ok with the help of a +friend Griml0ck we decited to get this program is called WinTAR-Remote by SpiralCom +Communications Inc. what this program does is not important to us we wil crack it and +delted it for educational purpose ONLY :-). + +In this tut i will asume u know how to use all of the tools i will use here else please get other +tuts that do explain how to use them (TKC's, Edison's, josephCo's and others) + + +2.- What We need (tools): + +W32dasm (used mostly) +SoftIce +Any Hexeditor +a patch maker (if we want to release our crack), i recomen Gpatch by jes and patchit by Qapla +gpatch i like better cause of ease of use and does some good patches on the other hand patchit +gives u the source of the patch in C :-), other wiseuse Pascal or C and do ur own patch (not +explained in this tut sorry). + + +3.- Let's Crack the splash screen: + +ok once d/l the program u run it add se a nasty splash that says Thanks for trying WinTar blah +blah,blah after some secs it shows u a license aggrement (ewww), now we don't like those 2 things +so let's start by taking them away we enter softice and set a bpx on LoadBitmapA once we do this +we run the program again and boom u in Softice cause of one of the bpx u seted b4 now we can see +this (from the w32dasm dissaemble) : + +* Reference To: USER32.SetTimer, Ord:01FEh ; set time the splash screen is goin to show + | +:0040F5F4 FF15F0C64200 Call dword ptr [0042C6F0] +:0040F5FA E92D010000 jmp 0040F72C + +* Referenced by a (U)nconditional or (C)onditional Jump at Address: +|:0040F6FF(C) +| +:0040F5FF 6A67 push 00000067 ; hmm nice push here (does nothing good) +:0040F601 A124A54200 mov eax, dword ptr [0042A524] +:0040F606 50 push eax + +* Reference To: USER32.LoadBitmapA, Ord:0165h ; this is where u land + | +:0040F607 FF15D0C64200 Call dword ptr [0042C6D0] +:0040F60D 8945DC mov dword ptr [ebp-24], eax +:0040F610 8D859CFEFFFF lea eax, dword ptr [ebp+FFFFFE9C] +:0040F616 50 push eax +:0040F617 8B4508 mov eax, dword ptr [ebp+08] +:0040F61A 50 push eax + +* Reference To: USER32.BeginPaint, Ord:0009h ; begin the painting of the splash + | +:0040F61B FF1574C64200 Call dword ptr [0042C674] +:0040F621 8945F8 mov dword ptr [ebp-08], eax +:0040F624 8B45F8 mov eax, dword ptr [ebp-08] +:0040F627 50 push eax + +* Reference To: GDI32.CreateCompatibleDC, Ord:001Fh + | +:0040F628 FF1590C44200 Call dword ptr [0042C490] +:0040F62E 8945FC mov dword ptr [ebp-04], eax +:0040F631 8B45DC mov eax, dword ptr [ebp-24] +:0040F634 50 push eax +:0040F635 8B45FC mov eax, dword ptr [ebp-04] +:0040F638 50 push eax + +* Reference To: GDI32.SelectObject, Ord:013Ch + | +:0040F639 FF15B0C44200 Call dword ptr [0042C4B0] +:0040F63F 8D45E0 lea eax, dword ptr [ebp-20] +:0040F642 50 push eax +:0040F643 6A18 push 00000018 +:0040F645 8B45DC mov eax, dword ptr [ebp-24] +:0040F648 50 push eax + +* Reference To: GDI32.GetObjectA, Ord:00DEh + | +:0040F649 FF1598C44200 Call dword ptr [0042C498] +:0040F64F 682000CC00 push 00CC0020 +:0040F654 6A00 push 00000000 +:0040F656 6A00 push 00000000 +:0040F658 8B45FC mov eax, dword ptr [ebp-04] +:0040F65B 50 push eax +:0040F65C 8B45E8 mov eax, dword ptr [ebp-18] +:0040F65F 50 push eax +:0040F660 8B45E4 mov eax, dword ptr [ebp-1C] +:0040F663 50 push eax +:0040F664 6A00 push 00000000 +:0040F666 6A00 push 00000000 +:0040F668 8B45F8 mov eax, dword ptr [ebp-08] +:0040F66B 50 push eax + +* Reference To: GDI32.BitBlt, Ord:000Ah + | +:0040F66C FF1588C44200 Call dword ptr [0042C488] +:0040F672 8B45FC mov eax, dword ptr [ebp-04] +:0040F675 50 push eax + +* Reference To: GDI32.DeleteDC, Ord:0043h + | +:0040F676 FF1584C44200 Call dword ptr [0042C484] +:0040F67C 8B45DC mov eax, dword ptr [ebp-24] +:0040F67F 50 push eax + +* Reference To: GDI32.DeleteObject, Ord:0046h + | +:0040F680 FF158CC44200 Call dword ptr [0042C48C] +:0040F686 8D859CFEFFFF lea eax, dword ptr [ebp+FFFFFE9C] +:0040F68C 50 push eax +:0040F68D 8B4508 mov eax, dword ptr [ebp+08] +:0040F690 50 push eax + +* Reference To: USER32.EndPaint, Ord:00AFh + | +:0040F691 FF1570C64200 Call dword ptr [0042C670] +:0040F697 B801000000 mov eax, 00000001 +:0040F69C E992000000 jmp 0040F733 + +* Referenced by a (U)nconditional or (C)onditional Jump at Address: +|:0040F721(C) +| +:0040F6A1 8B4510 mov eax, dword ptr [ebp+10] +:0040F6A4 50 push eax +:0040F6A5 8B4508 mov eax, dword ptr [ebp+08] +:0040F6A8 50 push eax + +* Reference To: USER32.KillTimer, Ord:0162h ; kiil the timer set b4 to show the splash + | +:0040F6A9 FF15F4C64200 Call dword ptr [0042C6F4] + + +ok u can see here one thing the line that contains push 00000067 in 40f5ff does nothing +so to crack the splash screen we chage this + +:0040F5FF 6A67 push 00000067 ; hmm nice push here (does nothing good) +to this +:0040F5FF E9A5000000 JMP 0040F6A9 ; Nice jump, kills the timer and the splash + +so here the splash screen is disabled and we can continue cracking. + +4.- Lic. screen removal: + +ok this par needs some zen cracking :-) this is part of the disssemble in w32dasm : + + +:004094DD 813D3C5A420000010000 cmp dword ptr [00425A3C], 00000100 +:004094E7 0F8533000000 jne 00409520 +:004094ED 8B4508 mov eax, dword ptr [ebp+08] +:004094F0 50 push eax +:004094F1 E80AEFFFFF call 00408400 ; call the lic screen(how did i got here ? + ; like i said zen cracking :-) +:004094F6 83C404 add esp, 00000004 +:004094F9 85C0 test eax, eax +:004094FB 0F851F000000 jne 00409520 +:00409501 C705105C420001000000 mov dword ptr [00425C10], 00000001 +:0040950B 6A00 push 00000000 +:0040950D 6A00 push 00000000 +:0040950F 6A10 push 00000010 +:00409511 8B4508 mov eax, dword ptr [ebp+08] +:00409514 50 push eax + +this is what the call to the lic screen is : + +* Referenced by a CALL at Address: +|:004094F1 +| +:00408400 55 push ebp ; this code is only checking if the file is not + ; delted or something like that +:00408401 8BEC mov ebp, esp +:00408403 83EC08 sub esp, 00000008 +:00408406 53 push ebx +:00408407 56 push esi +:00408408 57 push edi +:00408409 C745F867844000 mov [ebp-08], 00408467 +:00408410 6A00 push 00000000 +:00408412 8B45F8 mov eax, dword ptr [ebp-08] +:00408415 50 push eax +:00408416 8B4508 mov eax, dword ptr [ebp+08] +:00408419 50 push eax +:0040841A 6A66 push 00000066 +:0040841C A124A54200 mov eax, dword ptr [0042A524] +:00408421 50 push eax + +* Reference To: USER32.DialogBoxParamA, Ord:008Ah + | +:00408422 FF15C8C64200 Call dword ptr [0042C6C8] +:00408428 8945FC mov dword ptr [ebp-04], eax +:0040842B 837DFC02 cmp dword ptr [ebp-04], 00000002 +:0040842F 0F8512000000 jne 00408447 + +* Possible Reference to String Resource ID=03302: "The licence agreement file is missing or + corrupted. Please " + ; as u can see here if u delete the + ; licence.txt u get this msg + +ok what we can do here is this since none of the checking of calling is done AFTER the call +once it finds a ret the program says ok this guy pushed the i agree button, continue, so what we +can do here is give the program a ret, whe change this : + +:00408400 55 push ebp +to this +:00408400 C3 ret + the program calls the screen but a ret(return from call) is there so it returns to the program. + + +5.- The 1s part of the time trial: + +ok now once we dissabled all of the nag's and nasty stuff we need to take the 30 day trial +we try and find something on the nag box in w32dasm what we find is just a lot of garbage in this +nag (not gabage but dificult to follow) how about something else ? hmm the .ini ? ok let's try +we search for it and land here : + +* Possible StringData Ref from Data Obj ->"wintar.ini" + | +:00409275 A1485A4200 mov eax, dword ptr [00425A48] +:0040927A 50 push eax +:0040927B 6A00 push 00000000 + +* Possible StringData Ref from Data Obj ->"Validate" + | +:0040927D 68405C4200 push 00425C40 + +* Possible StringData Ref from Data Obj ->"UserOpt" + | +:00409282 684C5C4200 push 00425C4C + +* Reference To: KERNEL32.GetPrivateProfileIntA, Ord:00F9h + | +:00409287 FF152CC54200 Call dword ptr [0042C52C] +:0040928D 8985F4FEFFFF mov dword ptr [ebp+FFFFFEF4], eax +:00409293 E91A000000 jmp 004092B2 + +* Referenced by a (U)nconditional or (C)onditional Jump at Address: +|:0040926F(C) +| +:00409298 6A00 push 00000000 + +* Possible StringData Ref from Data Obj ->"Validate" + | +:0040929A 68545C4200 push 00425C54 + +* Possible StringData Ref from Data Obj ->"UserOpt" + | +:0040929F 68605C4200 push 00425C60 +:004092A4 E896E2FFFF call 0040753F ; if you follow in SI here u will + ; find that this call does + ; does something strange so we + ; go to the call +:004092A9 83C40C add esp, 0000000C +:004092AC 8985F4FEFFFF mov dword ptr [ebp+FFFFFEF4], eax + +* Referenced by a (U)nconditional or (C)onditional Jump at Address: +|:00409293(U) +| +:004092B2 83BDF4FEFFFF00 cmp dword ptr [ebp+FFFFFEF4], 00000000 +:004092B9 0F850D000000 jne 004092CC +:004092BF E89CE8FFFF call 00407B60 ; take a deep look :-) +:004092C4 85C0 test eax, eax +:004092C6 0F849B000000 je 00409367 + +this is what we get by the call at 4092A4 + +* Referenced by a CALL at Addresses: +|:004092A4 , :00410C4F , :00410C7F , :00410C98 , :00410CB1 +|:00410CCA , :00410CE3 , :00410CFC , :00410D15 , :00410D2E +|:00410D47 , :00410D60 , :00410D80 , :00410D99 , :00410DB2 +|:00410DCB , :00410DE4 , :00410DFD , :00410E16 , :00411304 +|:0041131D , :00416C74 , :00416C8F , :00416CAA , :00416F4F +|:00416F6A , :00416F85 , :00417415 , :00417622 , :004177C1 +|:004177E2 , :0041788D , :00417961 , :00417982 , :004179A3 +| + ; WOW this part sure does get called ! +:0040753F 55 push ebp +:00407540 8BEC mov ebp, esp +:00407542 81EC14010000 sub esp, 00000114 +:00407548 53 push ebx +:00407549 56 push esi +:0040754A 57 push edi +:0040754B C745F404010000 mov [ebp-0C], 00000104 +:00407552 833D3856420000 cmp dword ptr [00425638], 00000000 ; is the flag Zero ? +:00407559 0F8507000000 jne 00407566 ; no then bug off +:0040755F 33C0 xor eax, eax +:00407561 E9A0000000 jmp 00407606 + +what we can do here is simple we look at our Registers ans check is EAX is zero b4 it called this +part........ we check and see that it is zero so this is getting better :) what we do here is +simple ok remeber the lic. removal part how the call only wanted a ret ? ok so this is equal +change this: + +:0040753F 55 push ebp +to this +:0040753F C3 RET +there now the MARKER (if you set the time ahead or b4 30 days) is removed. + + +6.- The 2nd part of the time trial: + +ok now we need to remove the 30 day check this will ALSO require more zen (this is prolly a zen +tut and not a time trial :] ) but not many zen if u are a good looker u can see this call after +the check mark call : + +:004092BF E89CE8FFFF call 00407B60 ; this is our check our time call :-) + +unlucky us u can't do the RET trick here :-( so we go deep inside the call and find this: + + +* Referenced by a (U)nconditional or (C)onditional Jump at Address: +|:00407CA1(C) +| +:00407CB1 833DB457420000 cmp dword ptr [004257B4], 00000000 ; check the flag to zero +:00407CB8 0F850A000000 jne 00407CC8 ; no? the bug off +:00407CBE B801000000 mov eax, 00000001 ; and move EAX to 1 + ; wich 1 = bad time +:00407CC3 E902000000 jmp 00407CCA ; jump to return + +* Referenced by a (U)nconditional or (C)onditional Jump at Address: +|:00407CB8(C) +| +:00407CC8 33C0 xor eax, eax + +* Referenced by a (U)nconditional or (C)onditional Jump at Address: +|:00407CC3(U) +| +:00407CCA E900000000 jmp 00407CCF + +* Referenced by a (U)nconditional or (C)onditional Jump at Addresses: +|:00407BA4(U), :00407BBA(U), :00407BE6(U), :00407C1A(U), :00407C65(U) +|:00407CCA(U) +| +:00407CCF 5F pop edi +:00407CD0 5E pop esi +:00407CD1 5B pop ebx +:00407CD2 C9 leave +:00407CD3 C3 ret + +ok now here the program is looking for something, what could it be ?.......... +ok if we continue with eax in 1 we get the sorry screen and a help file opens and our program +terminates, we don't like this so we go back here and check again, ok i got it it checks if eax +is ZERO if it is then the guy is still on the 30 day limit, so we change this : + +:00407CBE B801000000 mov eax, 00000001 ; and move EAX to 1 +to this +:00407CBE B800000000 mov eax, 00000000 ; and move EAX to 0 + +now the program even if you are on the 30 day limit it will let you use it for the rest of your +life :-). + +7.-Last Notes: +ok now to finally do our crack we enter a hexeditor and search for the opcodes and change them +(like,i said at the beggining i assume you allready know this). + + +8.-Notes: + +You could search for the text UNREGISTERED and changed to anything u like like CrackedVer. +ans search for the string Days left and change it to anything as well i will not explain this +because i think AT least the programmers deserve that since u cracking the software :-). + + +9.-Thak you's: + +Ok thaks go to the follwing persons: +JosephCo: keep up the good work d00d +mpbaer: ha Rebirth ROX !!!!!! :))) +Razzi: ur tuts rule !!! +^pain^: cause u cool :) +tHATDUDE: he isnpired me to become a cracker :-) +Fant0m : damm ur coding is good +GThorne: haha this guy rox the world ! +Tgunner: 10x for everything +lgb: 10q as well for all the help and support :) +blorght: the only female i seen (err on irc) that can do a lot of stuff ! u rule babe :-) +Griml0ck: he inspired me and asked me to this tut :-) ok d00d for you here it goes. +TeRaphY: this guy is kewl as well :) +Krazy_N: he is not crazy but he is kewl :) +all the regulars of #cracking4newbies thanks that shows us that we growing ! :-) +#cracking all of the guys in it aswell retf in especial :-P +#revolt bring up the warez ! :) +cat|man: thanks for those sites :) +if i forgot anyone please let me know i will respond ahh ok 10q :) +oh and also all of the ppl that shows some cracking teaching or explaining !! + + nIabI[ME'97] + + diff --git a/textfiles.com/piracy/CRACKING/tsrcrack.txt b/textfiles.com/piracy/CRACKING/tsrcrack.txt new file mode 100644 index 00000000..4f1a01bb --- /dev/null +++ b/textfiles.com/piracy/CRACKING/tsrcrack.txt @@ -0,0 +1,91 @@ + + + + + + + + + + TSRCrack V3.00 Copyright (c) 1994 + by Wong Wing Kin + All rights reserved. + + + + + + + + + + + + +What is TSRCRACK? + + This is a TSR utility for cracking software protection such as + password protection. It can also be used to modify the games so that + they can be much easier finished. + Why not modify the file directly? It is because the files are + often compressed and encoded, they cannot be decoded and modified. + Thus you need a TSR to modify the codes after the files are loaded + into memory. + This program can generate a TSR from given information about + where and how to modify the codes. + + + + + + + + + + + + +Input File format: + + [program ] + int + ? + + :- if ::: + (then :::)? + + :- ds | es | cs | ss + :- signed/unsigned hex numbers (word) + :- unsigned hex numbers (word) + :- space separated hex numbers (byte) + + ? means 1 or more occurrences. + [] mean optional. + + + Example: Crack INDARK password + + program tatou.com + int 21 + if cs:0000:25bc = 3b 86 d0 fd 75 28 a0 8e + then cs:0000:25c0 = eb 1a + + The above program will hook int 21. Every time int 21 is called, + it will check the byte sequence at the address CS+0000:25bc + equal to 3b 86 d0 fd 75 28 a0 8e or not. If it is equal, + change CS+0000:25c0 to eb 1a. + + + Example: The following program can also be acceptable + + Program tatou.com + int 21 + + if Cs:0000:25bc = 3b 86 d0 fd 75 28 a0 8e + then cs+0:+25c0 = eb 1a + + if cs-cd6:1f46 = 8b 56 e6 d1 e2 c4 1e 8e 7d 03 + then cs:-cd6:1f46 = 83 7e e6 15 74 8 f7 d8 eb d2 + + if cs:-cd6:1f04 = 26 ff 0f + then cs:-cd6:1f04 = eb 01 diff --git a/textfiles.com/piracy/CRACKING/tt-unt.txt b/textfiles.com/piracy/CRACKING/tt-unt.txt new file mode 100644 index 00000000..c987ed1c --- /dev/null +++ b/textfiles.com/piracy/CRACKING/tt-unt.txt @@ -0,0 +1,2614 @@ + + + + + + + + ۲ + ۲ + + ߲ + + + + + + + + ߲ܲ۲ + ߲ ۲ + ߲ ۲ + ܰ ۲ + + + ߲ + ۲ + ۲ + ۲ ܲ + ۲ ܱ + + ܰ + ߰ + + ޲ + ۲ + + + + + + + + PRESENT : + + ͻ + + Training Tutorial for the PC. By Dr. Detergent / UNT'93 + + ͼ + + + + + + + Table of contents + + + + +Section: + + + +1 - Introduction. +2 - Before starting. +3 - Debugging through. +4 - Different file compression techniques. +5 - Once inside the game's code. +6 - Most common training byte structure composition. +7 - Searching for the most common training byte structure composition. +8 - Problems finding the most common training byte structure composition. +9 - Setting the break points. +10 - Once you have found the trainer data. +11 - Making a "hard-cheat" +12a - Generic trainer interfacing routine. +12b - Interfacing to the game's keyboard routine. +12c - Finding the game's keyboard handling routine. +12d - Prince of Persia II keyboard handling routine listing. +13 - Handling different DS values. +14 - Writing the trainer loader or TSR code. +15 - Generic TSR self-removal routine. +16a - Generic trainer code interfacing routine. +16b - Prince of Persia II interactive trainer interfacing routine. +16c - Finding the runtime CS:IP of the keyboard handling routine. +16d - Comparing the program's current IP. +16e - Interfacing with different keyboard handling routines. +17 - Fox Ranger Interactive 9 option trainer routine listing. +18 - Legend of Myra Interactive 10 option trainer routine listing. +19 - Interactive TSR/loader trainer examples. +20 - Summary. + + + + + + + + ͻ + Section 1 + ͼ + + + + + + + + +Introduction: + + + +Every game player has at some point during gameplay, wished that he/she had +more lives/energy/weapons/time etc - just to be able to finish that level or +see the game's ending for that matter. + + +Have you ever played a game for months, each time getting better and better, +finally you make it to the last level only to find that the monster at the +end is impossible to kill even with all your past experience? + + +Ever play a game for 5 hours and finally get to the last level - just before +the ending intro, and suddenly get killed by some small rodent - and have to +restart all over?! + + +Well I am sure you have experienced the above. This is why hackers/crackers +developed a kind of "Training Aid" if you want to call it that. The +terminology training means to bring an individual to a higher degree of +success through practice. In computer terms, the phrase training was +developed by hackers on the C-64/Amiga. + + +Whenever someone played a game and couldn't finish it, when using a trainer, +the person could train on the last level and become proficient in the skills +required in mastering that level, then he could turn off the trainer and try +his newly acquired skills in the real thing. + + +The term CHEAT as some people refer to, is not a good description of what a +real trainer actually is. Most trainers are interactive, meaning that they +let you toggle certain things on/off or select different items during game +play - a cheat however, mostly gives you straight away unlimited lives/items +etc and rarely let's you "train" while playing the game. + + +Training games has been going on for ages. It started back as far as the +C-64, maybe even further. It has seen it's days on all the computers that +one can use to play games. + + +Training was revolutionized mostly on the Amiga computer. The games for the +Amiga are outstanding, and so are the trainers. I have seen trainers for +some games that I thought were the game itself. + + +On the PC, training started the day that games were designed for it. Since +it's early days, training on the PC has revolutionized from small +"cheats/character editors" to todays interactive, multi-functional, user +defined, mega-trainers. + + +This Training Tutorial was written for those who always wondered how one +makes trainers on the PC, and it portrays this art to you. Never the less, +it all depends on you - how good you are with understanding the assembly +language and programming. + + +I'm confident that your average ASM programmer or hacker will find the +information herein helpful and useful. + + +Through my many years of training on the PC, and after developing more than +285+ trainers/cracks, I have learned lots of different tricks and methods +that I will reveal to you in this training tutorial. + + + + + + + + ͻ + Section 2 + ͼ + + + + + + + +Before starting: + + + +First, you must have a general knowledge of debugging software and ASM +programming. Before you begin to even think about training a certain game, +ask yourself the following questions : + + +1) Has a trainer already been released for that game - sometimes you spend + hours training a game only to find out just before you are about to + spread it world-wide, that there already is a trainer out for it - and + it is even better then yours! + +2) Is the game trainable - if yes, what items/things can it be trained for? + You will be surprised how many requests I had to make trainers for + games that are not trainable - like text adventure games! - so make sure + that at least something in your game is trainable. + +3) Is it worth it - are you going to spend 5 hours training a shareware + pacman-type game?! + +4) Can you handle the code - do you think you can get by the game's nasty + encryption/anti-debugging routines or script-compiler type code? + +5) Will you be able to make the trainer - do you think that you can write + the code that will integrate your trainer with the game and be able to + modify the necessary data? Sure you can find the necessary data to + alter in the program, but can you write up a TSR or a loader that can + integrate itself to the game's code and modify the necessary data + locations? + + +Once you have asked yourself the above questions, and feel confident about +your answers, then proceed to section 3. + + + + + + + + ͻ + Section 3 + ͼ + + + + + + + +Debugging Through: + + + +This section deals with debugging the game program. It will outline the +various debuggers you can use, various compression methods and how to get +through them. + + +Before we even begin - what debugger are you going to use? Ok, I will +make this question simpler - if you have a 386+ CPU, what debugger are you +going to use? + + +That's right - SOFT-ICE 2.52+!. This is the best debugger. Below are +some other debuggers listed in priority order, you might consider using: + + + +Turbo Debugger 386+ +Code View 386+ +Any other 386+ virtual mode debugger +Turbo Debugger 286- +Code View 286- +Periscope +Debug.exe + + + +Ever since I have been cracking/training games, I have never seen a more +powerful or complete debugger than Soft-Ice. Now don't think that you have +to have Soft-Ice to train, I have used debug on my XT / CGA to train +some complex VGA games, - not even being able to see the screen, and having +the trainer tested on my friends VGA, back in the old days. + + +You can train a game with ANY debugger and still make a good trainer at +that. But using soft-ice will speed up the process extremely and yield the +best results. That's why in some examples here I will use Soft-Ice as the +main debugger. + + +Ok, so you are not lame, and do have a 386+ chip, vga, extended memory, +and soft-ice loaded. Now you have your game neatly installed and ready to +be debugged and trained. + + +Now you have to find the start-up file. This is the EXE or COM loader that +starts the game. This is where you will find the necessary data to train +your game - 95% of the time. Remember that the EXE/COM loader can load up +an OVR or a BIN file, so if the start-up file is really small like 5 k, then +you know for sure it's going to load in some overlay code. + + +Ok, so use soft-ice's LDR.EXE to load up the start-up file (or debug the +file with another debugger). Now unassemble the first instructions and +study the code. Try to determine if the code is compressed by something +like LZEXE, PKLITE, DIET, EXEPACK, Secure-Wrap or some other COM/EXE file +compressor. + + +You can skip this step if you know how to write a loader or a TSR. +Otherwise, this step gives you an idea if you can or can't train the +program - if you can't write a TSR or loader, then how can you interface and +change the necessary data in the game if it's encrypted? (Even if you knew +at what location the lives decrementing instruction etc is, searching the +EXE/COM file with a hex editor to do a hard-train will yield no results) + + + + + + + + ͻ + Section 4 + ͼ + + + + + + + +Different file compression techniques: + + + +Here are some examples of the different compression techniques used on +COM/EXE files: + + +ͻ + PKLITE 1.20 (COM File) +ͼ + + +0100 B8BDE2 MOV AX,E2BD +0103 BA2284 MOV DX,8422 +0106 3BC4 CMP AX,SP +0108 7367 JNB 0171 +010A 8BC4 MOV AX,SP +010C 2D4403 SUB AX,0344 +010F 25F0FF AND AX,FFF0 +0112 8BF8 MOV DI,AX +0114 B9A200 MOV CX,00A2 +0117 BE7C01 MOV SI,017C +011A FC CLD +011B F3 REPZ +011C A5 MOVSW +011D 8BD8 MOV BX,AX +011F B104 MOV CL,04 +0121 D3EB SHR BX,CL +0123 8CD9 MOV CX,DS +0125 03D9 ADD BX,CX +0127 53 PUSH BX +0128 33DB XOR BX,BX +012A 53 PUSH BX +012B CB RETF ;*** RETF Instruction *** +012C 0C01 OR AL,01 +012E 50 PUSH AX +012F 4B DEC BX +0130 4C DEC SP +0134 20436F AND [BP+DI+6F],AL +0137 7072 JO 01AB +0139 2E CS: + + +* Note the RETF instruction at 012B. This instruction when encountered in + the beginning of the code like this, nearly always gives an indication + that the file is compressed. + + + (The code after 012B is just compressed garbage. When you see garbage + after a RETF instruction, found in the beginning of the code, than you are + nearly sure that the file is compressed by something) + + +ͻ + LZEXE 0.91 (EXE File) +ͼ + + +000E 06 PUSH ES +000F 0E PUSH CS +0010 1F POP DS +0011 8B0E0C00 MOV CX,[000C] +0015 8BF1 MOV SI,CX +0017 4E DEC SI +0018 89F7 MOV DI,SI +001A 8CDB MOV BX,DS +001C 031E0A00 ADD BX,[000A] +0020 8EC3 MOV ES,BX +0022 FD STD +0023 F3 REPZ +0024 A4 MOVSB +0025 53 PUSH BX +0026 B82B00 MOV AX,002B +0029 50 PUSH AX +002A CB RETF ;*** RETF instruction *** +002B 2E CS: +002C 8B2E0800 MOV BP,[0008] + + +* Note the RETF instruction at 002A. + + +ͻ + DIET 1.10a (COM File) +ͼ + + +0100 BE5409 MOV SI,0954 +0103 BFDC13 MOV DI,13DC +0106 B91404 MOV CX,0414 +0109 3BFC CMP DI,SP +010B 7204 JB 0111 +010D B44C MOV AH,4C +010F CD21 INT 21 +0111 FD STD +0112 F3 REPZ +0113 A5 MOVSW +0114 FC CLD +0115 8BF7 MOV SI,DI +0117 BF0001 MOV DI,0100 +011A AD LODSW +011B AD LODSW +011C 8BE8 MOV BP,AX +011E B210 MOV DL,10 +0120 E96D12 JMP 1390 +0123 64 DB 64 \ +0124 6C DB 6C / Garbage from here onwards. + + +ͻ + EXEPACK ??? (EXE File) +ͼ + + + +0010 8BE8 MOV BP,AX +0012 8CC0 MOV AX,ES +0014 051000 ADD AX,0010 +0017 0E PUSH CS +0018 1F POP DS +0019 A30400 MOV [0004],AX +001C 03060C00 ADD AX,[000C] +0020 8EC0 MOV ES,AX +0022 8B0E0600 MOV CX,[0006] +0026 8BF9 MOV DI,CX +0028 4F DEC DI +0029 8BF7 MOV SI,DI +002B FD STD +002C F3 REPZ +002D A4 MOVSB +002E 50 PUSH AX +002F B83400 MOV AX,0034 +0032 50 PUSH AX +0033 CB RETF ;*** RETF instruction *** +0034 8CC3 MOV BX,ES +0036 8CD8 MOV AX,DS +0038 48 DEC AX +0039 8ED8 MOV DS,AX + + +* Note the RETF instruction at 0033. + + +ͻ + Some other compression method (EXE File) +ͼ + + +000C 8CD3 MOV BX,SS +000E 8EC3 MOV ES,BX +0010 8CCA MOV DX,CS +0012 8EDA MOV DS,DX +0014 8B0E0800 MOV CX,[0008] +0018 8BF1 MOV SI,CX +001A 83EE02 SUB SI,+02 +001D 8BFE MOV DI,SI +001F D1E9 SHR CX,1 +0021 FD STD +0022 F3 REPZ +0023 A5 MOVSW +0024 53 PUSH BX +0025 B82E00 MOV AX,002E +0028 50 PUSH AX +0029 8B2E0A00 MOV BP,[000A] +002D CB RETF ;*** RETF instruction *** +002E B80010 MOV AX,1000 +0031 3BC5 CMP AX,BP +0033 7602 JBE 0037 +0035 8BC5 MOV AX,BP +0037 2BE8 SUB BP,AX +0039 2BD0 SUB DX,AX +003B 2BD8 SUB BX,AX +003D 8EDA MOV DS,DX +003F 8EC3 MOV ES,BX +0041 B103 MOV CL,03 +0043 D3E0 SHL AX,CL +0045 8BC8 MOV CX,AX +0047 D1E0 SHL AX,1 +0049 48 DEC AX +004A 48 DEC AX +004B 8BF0 MOV SI,AX +004D 8BF8 MOV DI,AX +004F F3 REPZ +0050 A5 MOVSW +0051 0BED OR BP,BP +0053 75D9 JNZ 002E +0055 FC CLD +0056 8EC2 MOV ES,DX +0058 8EDB MOV DS,BX + + +* Note the RETF instruction at 002D. + + +So basically you get the picture. Now to trace through the code to the part +where the whole program uncompresses itself is really easy. + + +First, always remember to TRACE or PROCEED through any RETF instruction. +In most cases there is only one RETF instruction to trace or proceed +through. Then once you traced or proceeded through it, you will be either +at CS:0000 or somewhere else. The next step is simple too - Just +unassemble the code until you find the following instruction: + + + +CS: +JMP FAR [BX] + + + +Once found, simply go to the address containing CS:, then trace or proceed +through. Now you should have the clean uncompressed code. If you did not +find the above instruction, then try looking for another RETF instruction. +Once found go to it and trace or proceed through and you should have the +clean uncompressed code. + + +Remember some files may be compressed with 2 compression programs +(for "added protection" as software authors think!). If so, simply perform +the above steps twice. + + +Finding the part of the program that the file starts up at is helpful in 2 +ways : + + +1) You are sure that the program didn't start executing any instructions + yet - like moving lives/energy etc variables into memory. + + +2) You can note the CS, DS, or any other memory variables so that when you + do write up a TSR or a loader, you will be able to interface it easier. + + + Note: + + + + (You need to know the program's current CS,DS upon startup, if you are + going to write the generic tsr or loader trainer interfacing routine as + outlined in section 12a). + + +If you don't care about getting to the program's very beginning, and just +want to get through the uncompression as fast as possible, then if using +soft-ice, set a break point on INT 21 - it will break in when the program +does a DOS VER check, a memory allocation call or any other function using +INT 21. All games and most programs have INT 21's present in their program +code. + + +Some of you might even want to start the game, get the game fully running, +and then break into the debugger. I use this method. Doing this has some +goo d points and some bad points. The good points might be that the CS,DS +values are already redefined and you more or less see where the program +keeps it's data values. Some bad points might be that you have skipped +past the value-initialization routine (of the lives etc). If you are +unexperienced, then I recommend that you do not use this method. + + +Some software programmers put anti-debugging routines in their software code +to deter hackers/crackers from cracking their software. This works to the +trainer's disadvantage - sometimes. I'm not going to describe the various +anti-debugging methods and their antidotes in this training tutorial - learn +all about it in the upcoming "Cracking on the PC - THE mega tutorial!" + + + + + + + + + ͻ + Section 5 + ͼ + + + + + + + +Once inside the game's code: + + + +Ok, so you are in the program now. What now? A lot of people have asked +me what's harder to do - crack a game or make a trainer for it. Well it +depends really. Some games can be cracked in 5 minutes, while making a good +trainer can take 8+ hours. But in general I think making trainers is a bit +more difficult than cracking. Mostly because making a trainer will always +consume more time - at LEAST 1 hour to find/make/write/package the +trainer. + + +Also, when cracking a game, you isolate the protection in a certain area of +the program, then focus all your attention on it and crack it. When +training a program, you are looking through everything, everywhere, +gathering all sorts of unnecessary data before finding the right bytes, let +alone understanding the game code operation. + + +But once again, there are short cuts to everything. This is why training +might be easier that cracking after all. Every program uses more or less +the same technique to decrement/increment your lives/energy/ammo/inventory +items, etc. + + +Through my years of training, I have narrowed it down to the most common +byte structure composition, as outlined in section 6. + + + + + + + + ͻ + Section 6 + ͼ + + + + + + + +Most common training byte structure composition: + + + += DECREMENTING = + + +Decrementing or subtracting means to decrease a certain thing. The game +uses various decrementing instructions to decrement (or subtract if you +like) your lives/energy/time/ammo/weapons/inventory items etc. + + +The following is a list of the most common decrementing instructions that +games use: + + + +DEC WORD PTR [1234] - +In HEX : FF 0E 34 12 + +DEC BYTE PTR [1234] - +In HEX : FE 0E 34 12 + +SUB WORD PTR [1234],XX - +In HEX : 83 2E 34 12 XX + +SUB BYTE PTR [1234],XX - +In HEX : 80 2E 34 12 XX + +SUB [1234],AX - +In HEX : 29 06 34 12 + +SUB [1234],DX - +In HEX : 29 16 34 12 + + + += INCREMENTING = + + +Incrementing or adding means to add a value to a certain thing. The game +uses various incrementing instructions to increment (or add if you like) +your current level/energy/time/ammo/weapons/inventory items etc. The +following is a list of the most common incrementing instructions that games +use: + + + +INC WORD PTR [1234] - +In HEX : FF 06 34 12 + +INC BYTE PTR [1234] - +In HEX : FE 06 34 12 + +ADD WORD PTR [1234],XX - +In HEX : 83 06 34 12 XX + +ADD BYTE PTR [1234],XX - +In HEX : 80 06 34 12 XX + + + +Legend : + + + + + - Very common - nearly 100% probability. + + - Common - about 70% probability. + + - Likely - about 40% probability. + + - Sometimes - about 10% probability. + + + + + + + + ͻ + Section 7 + ͼ + + + + + + + +Searching for the most common training byte structure composition: + + + +By now you should be in the program viewing the uncompressed code. Simply +start searching for the above bytes - depending for what you are looking +for. For starting out, you should not be concerned with searching for the +incrementing or adding instructions - these instructions are used for +incrementing levels in the game, or inventory, etc. Training for those +options is much harder at first, so stick to the decrementing instructions. + + +So now start searching for the most common decrementing instruction - mainly +the DEC WORD PTR [XXXX]. I will use this example because it's the most +common decrementing instruction that you will find. Obviously you can, and +you should, search for the other less common decrementing instructions too. + + +The following search example can be used to search for all the decrementing +and incrementing instructions. + + + +Example: + + + + +S CS:0 L FFFF FF 0E (Works with most debuggers) + + + +Note: + + + +We only search for the first 2 bytes of the DEC/INC instruction because the +3rd and 4th bytes contain the value of the address where the DEC/INC is +going to take place. + + +To make things simpler, let's assume that you are searching for the above +example (DEC WORD PTR [XXXX]). I will use this example from now on. +Remember, you can apply this example the same way to search or process all +the other DEC/INC instructions, as outlined in section 6. + + + + + + + + ͻ + Section 8 + ͼ + + + + + + + +Problems finding the most common training byte structure composition: + + + +If you didn't find anything, or just a few DEC's that are not related to +anything, then it's because of the following : + + +1) You are looking in the wrong CS. Some games have many different CS + values. If the program's current CS is 1200, and you search for the DEC + bytes and find about 4, and then run the program, break in again, and + notice CS is 2245, and search for those bytes again, you might find 30 + or more, so make sure you search all the possible CS values in the game. + + + It's hard to break in, just hoping to find the next CS value in the + game - if any. A good technique is to search like this: + + + Find the lowest CS value in the game, - eg: 0900. + + + Then search CS:0 l FFFF FF 0E + Then search 2000:0 l FFFF FF 0E + Then search 3000:0 l FFFF FF 0E + Then search 4000:0 l ffff FF 0E + + + Etc - get it? If the CS is always high during the game, and you never + seem to be able to break in when it's lower, then start the search at + about 0800, and then proceed higher. + + +2) The second possibility (if you didn't find anything after searching for + all the listed decrementing instructions) is that the game is using a + different decrementing instruction. + + +3) The third possibility is that the game's code is a script-compiler type + code. You can forget about training this type of game - even if you are + an experienced trainer maker. But if you can train it, then you belong + to the TOP-GUN trainer makers! + + + The Script-compiler type code is found in such games from Sierra, + Delphine Software, Lucas Arts and CVS. It is a programming method + which uses pre-defined scripts to run certain program operations. + Everything from producing the sound on the sound blaster to drawing the + graphics on the screen is done all in the same program loop - using + different scripts. Therefore training, or even cracking this type of + game is really a pain, but never the less, can be done. + + + + + + + ͻ + Section 9 + ͼ + + + + + + + +Setting the break-points: + + + +From the search, you should have found quite a few of those decrementing +instructions in the game's loader. If you are using soft-ice, note the +current CS and write it down. Then unassemble that address, study the code +and make sure it's a valid decrement, then set a break point on execution +(BPX in soft-ice) for about the first 8 of the found DEC WORD PTR [XXXX] +instructions. + + +The reason for unassembling the found instructions first and then putting a +break point on execution - as with soft-ice, or a CC, as with other +debuggers, is because the bytes FF 0E can represent any other code or data +value in the program. When you unassemble that address where the bytes FF +0E where found and study the code, if you see that the prior or following +instructions are garbage or don't make sense, then don't bother setting a +break point on that address since it's not going to be executed anyway. + + +If you are not using soft-ice, do the above but instead of setting a break +point on execution, replace the first byte of the DEC instruction with CC - +so it will look like this : + + + +Example: + + + +Original found instruction : FF 0E 34 12 +1st byte replaced by CC : CC 0E 34 12 + + + +This will put an INT 3 at the beginning of that instruction. Your debugger +should break on INT 3 when it executes that instruction. Do this for about +the first 8 of the found DEC WORD PTR [XXXX] instructions. + + +Now why did we do the above? Well we want to see which one of the +decrementing instructions decrements the lives/energy/timer etc values. So +the next step is to run the program. + + +Get by the introduction screen, etc and start playing the game. (If your +debugger breaks in even before you get to the game, then simply remove that +break point on execution from that address - if using soft-ice, or +replace the CC value with FF. This is done since that instruction won't +have anything to do with decrementing your lives/energy/timer etc in the +game - since the game has not even started yet. + + +Once your game starts, and the debugger breaks in right away - simply run +the program again. If the same thing happens more than about 3 times, and +it always happens at the same address, then remove the break point on +execution from that address - if using soft-ice, or replace the CC value +with FF. The reason for this is because the game might be using that +instruction to do something else other than decrementing your +lives/energy/timer etc. + + +The next step is to try and get killed, or use your gun and waste a few +bullets, or do something like that - to see if any inventory options, +gadgets, energy bars, life counters, etc, are being decremented. If they +are, you will suddenly find yourself in the debugger. Suppose you just got +shot and even before you saw your energy bar decrease, the debugger broke +in. The first thing that you do is write down that address - CS:XXXX. Then +see what value is being decremented at that address. + + + +Example: + + + +The debugger broke in at 45C8: + + +1170:45C7 RET +1170:45C8 DEC WORD PTR [0320] + + + +Now simply view what is at that address (There is no CS:, ES:, or SS: +above the 45C8 instruction, so you know the default is DS:): + + +D DS:320 (Using soft-ice, or use your debugger's dump command) + + + +If you energy bar has for example 6 energy bars, and the value at DS:0320 is +06, then you know you could very well have found the address where the game +stores your current energy value. + + +Now the next step is to check if that address is indeed the current energy +value storage address. Simply enter FF at DS:320 and then run the game +again - notice anything different - more energy bars? If so, you found it. +If not, then maybe you still found it, but there is another routine that +updates the screen with the current energy value. + + +So the next step is to NOP out that DEC instruction at that address. But +instead of doing that, simply replace the first 2 bytes of the DEC +instruction (FF 0E) with EB 02 - thus jumping to the next instruction. This +is useful if you ever want to restore that DEC instruction back - all you +have to do is replace EB 02 with FF 0E. + + +If you NOP it out completely, not only do you have to put NOP 4 times, but +you are erasing the address value of the DEC instruction so unless you wrote +down the address, you will have to restart the program to restore back that +instruction. + + +Ok, so you replaced the FF 0E with EB 02. Now run the game and notice if +some things are different - does the timer still go down, or are the enemies +still moving etc. Now get your energy to go down. If you notice it go +down, keep on getting hit until the whole energy bar declines. If it does, +and you are still alive, then the game has 2 separate routines for storing +and displaying the energy bar. (Maybe another DEC instruction, which you +have not yet processed, is responsible for this). + + +If you died, then try something else now. Try to waste some +bullets/inventory items etc. If they all decrement and nothing is different +in the game, than that DEC instruction does something else in the game. + + +Repeat the search command, as outlined in section 7, and process the next 8 +DEC instructions. Do this until you have gone through them all. You should +find at least some decrementing instructions which decrease something +like the energy/lives/timer/enemy energy/inventory etc. If not, then search +for the next most common decrementing string, mainly the FE 0E - +DEC BYTE PTR [XXXX] + + +If you don't find anything there, proceed again with the next most common +decrementing string - until you find something. If you still don't seem +to be able to find anything worthwhile, then refer to section 8. + + + +NOTE : + + + +The code for some new games is written in a way that whenever you set a +break point on a certain address, the debugger won't break there. Instead +it will produce an error, or simply will skip over that break point and +continue running the program as if nothing happened. + + +This is especially noticeable when using soft-ice's BPX command. So if you +really think that you have found the right DEC/INC instruction, but +soft-ice does not break in, then use the same method of putting a break +point as for the other debuggers - by putting a EB 02 there at that address. +Now see if any changes occur in the game play. + + +What I sometimes noticed when debugging this type of game is that after I +set a break point on a certain dec instruction, run and play the game, get +hit, and notice that my energy/lives etc don't go down - and soft-ice +does not break in. What happens there is that the game's code jumps over +the dec instruction which has a break point on it, thus never executing it. +If you encounter this, then it is yet another indication that the game is +using this type of weird coding. + + + + + + + + ͻ + Section 10 + ͼ + + + + + + + +Once you have found the trainer data: + + + +So once you have found the locations where the game keeps all the goodies +- like your live/energy/timer value, etc, make sure you write down the +location of the DEC/INC instruction, and what memory area it decrements +or increments. + + +Once you become more experienced with training, you might take some time to +study the code next to the DEC/INC instructions and see if there are any +other goodies - like making your man be totally invincible to everything +etc. + + +There are also some built-in tricks that game authors put in - like a secret +cheat mode option etc, so the work might already be done for you. Sometimes +all that it takes is the value 01 at some memory location - and you have +everything set to unlimited etc. + + +A good way of finding this sort of thing is to trace into the decrementing +routine and study the code at the start of that routine - if they have a +CMP WORD/BYTE and then a JZ to the end of that routine, this could very well +be that WORD/BYTE you have been looking for. And if that's set, the whole +routine is bypassed and therefor there will be no decrementation of whatever +it was going to decrement. + + +Another thing you might check for, if looking for a secret built-in trainer +option in the game, is to check to see what command line parameters the game +checks for. Sometimes game authors put in secret command line parameter +options that activate the already built-in trainers. A good example is Wing +Commander from Origin. They have a secret command line parameter that +activates the game's built-in trainer. + + +Checking to see for what command line parameters the game checks is very +easy to do with soft-ice. Simply use LDR.EXE and load up the game's loader +with some garbage parameter string. + + + +Example: + + + +LDR GAME.EXE testing + + + +Now once in soft-ice, set a break point on memory range (BPM) at DS:0082 - +which points to your command line parameter "testing". Then run the program +and see what your "testing" string is compared to. + + + + + + + + ͻ + Section 11 + ͼ + + + + + + + +Making a "hard-cheat": + + + +If you don't know anything about writing a loader or a tsr, then you might +consider making a "hard-cheat" - this means that you simply will HEX edit +the game's loader file and search for the bytes that make up the DEC +instruction(s) and nop them out. To do this, you can use the following +method: + + +Write down the HEX string that the decrementing instruction is composed of. + + + +Example: + + + +You found this code : + + +15FF C3 RET ;Returns somewhere +1600 FF0E0734 DEC WORD PTR [3407] ;This is your dec +1604 833E073400 CMP WORD PTR [3407],+00 ;This CMP's it +1609 7415 JZ 160C ;This JMPS if Zero +160B C3 RET ;Returns somewhere +160C C606020301 MOV BYTE PTR [0302],01 ;This sets a byte +1611 C3 RET ;Returns somewhere + + + +Now simply note the byte composition at 1600 - FF 0E 07 34. You might +also want to take note of the following bytes (83 3E 07 34 00 74 15 C3) just +to be sure you have the correct address when you search for them. + + +Remember thou, lots of games have more than 1 DEC/INC instruction, so it +might be a good idea to search for only the first 4 bytes that compose that +decrement/increment instruction, that way you will find them all. + + +So now you wrote down those bytes. Quit the game and use a hex editor or +debug.exe etc, and search the game's exe or com file for those bytes. Once +found, nop them out and save the file. If you are using debug.exe to make +the changes, and want to edit an EXE file, make sure that you rename the EXE +file to an extension like DAT, prior to debugging it. This is because you +can't write to EXE/HEX files with debug.exe. + + + +Note: + + + +Look at the instruction above, at address 160C - MOVE BYTE PTR [0302],01. +Whenever the word at DS:[3407] is 0, the byte at DS:[0302] is set to 1. +What do you think this does? Here is the advantage of studying the game's +code around the DEC/INC instructions. + + +The game will check to see if the byte at DS:0302 is 1 and then it will +display "GAME OVER" or something like that - but if you nop out that +MOVE BYTE PTR [0302],01 instruction, your lives/energy/ammo/time etc will +still go down, but the game won't end or you will still have unlimited ammo +etc - because, in this example, the game checks somewhere in the program, +the byte at DS:0302, not the value of DS:3407 to make it's decision whether +to end or continue the game, etc. + + +Entering 1 byte (00) at CS:1610 as for the above example, will not only save +you 4 nops at CS:1600, but might even make you a better trainer using a +"No-Touch" or invincible mode option - because the game might always "think" +that you are alive etc. + + +As you will see, there are many ways of training a game. + + + +Note: + + + +If you don't know how to write TSR's or loaders, then study the interactive +TSR and loader trainer examples included in this training tutorial package. + + + + + + + + ͻ + Section 12a + ͼ + + + + + + + +Generic trainer interfacing routine: + + + +By now you should have your addresses written neatly down on a piece of +paper. What now? Next step is interfacing your trainer with the game's +code. + + +There are many ways to interface your code into the game's code. I will +show you just the best one. I have seen so many people playing around with +the timer, having their own keyboard handling routines, hooking onto lots of +unnecessary interrupts - all this just to make a lousy 2 option "trainer". +Not only does this type of programming slow down the game, but it is much +harder and longer to write up this garbage code. + + + + + + + + ͻ + Section 12b + ͼ + + + + + + + +Interfacing to the game's keyboard routine: + + + +The following routine is the routine I use in all my trainers, and sometimes +cracks. Using this method, you can interface your code into practically any +software for the PC. It is by far the cleanest and best way to interface +your trainer into the game. + + +Practically all the new games today have their own keyboard handling +routine. The method in interfacing a trainer for those games who don't have +their own keyboard handling routine, is discussed in section 16e. + + +By now you should be still in the game. If you are not, simply restart the +game, and start playing it. Then break in with your debugger and set a +break-point on INT 9. To find the game's keyboard handling routine using +soft-ice, all you have to do is use the command BPINT 9, re-run the program +and press any key. You should now be in the game's keyboard handling +routine. + + + +Note: + + + +Make sure you write down some bytes composing the beginning of the keyboard +handling routine. You will need them to search for that same routine again +- as referred to in the example, in section 14. + + + + + + + + ͻ + Section 12c + ͼ + + + + + + + +Finding the game's keyboard handling routine: + + + +The game usually saves the original INT 9 vector address and then redefines +the INT 9 vector address to point to it's keyboard handling routine. So +when you start debugging the game, trace it all the way until you notice +the INT 9 vector being redirected to another location. This is the location +that I'm referring to. + + +If you have problems finding the routine in the game's program code which +redirects INT 9, then you can do the following: + + +Start and play the game, then break in with your debugger and view the INT 9 +vector address currently in the vector table (at 0000:0022). + + + +Example: + + + +After you dumped 0000:0022 you see the following: + + +0000:0022 1F 10 20 AC XX XX XX XX XX XX XX XX XX XX XX XX + A B C D + + +Your main concern is with the first 4 bytes. I have named them A,B,C,D. +Now to find out where the game's keyboard handling routine points to, simply +view it this way: + + +BA:DC - now replace each letter with the value it stands for: + + +101F:AC20 - simple ey! - so if you set a break point on this address, and +then press any key, you will be right in the game's keyboard routine. + + + +Once you set a break point on INT 9 or at the beginning of the keyboard +handling routine, run the game, and press any key. Your debugger should +break in. Now study the code. Below, in section 12d, is an example of the +beginning of a typical keyboard handling routine (taken from Prince of +Persia II). + + + + + + + + ͻ + Section 12d + ͼ + + + + + + + +Prince of Persia II keyboard handling routine listing: + + + +165D 1E PUSH DS ;Save current DS +165E 50 PUSH AX ;Save current AX +165F 53 PUSH BX ;Save current BX +1660 B8C03F MOV AX,3FC0 ;Move data-area value into AX +1663 8ED8 MOV DS,AX ;Move AX to DS +1665 E460 IN AL,60 ;*** Read keyboard port *** +1667 8AD8 MOV BL,AL ;Move read value in AL to BL +1669 D0C0 ROL AL,1 ;etc +166B 2401 AND AL,01 ;etc + + +Most keyboard handling routines have the same structure as the above. Note +the instruction at 1660 - MOV AX,3FC0 - this is the games data segment +address. This value is then moved to DS. Lots of games use this technique. + + +The above technique helps us a lot because your trainer doesn't always have +to find out what the game's current DS value is. This instruction is +nearly always present in the keyboard handling routines of most games. + + +The reason for this is as follows. Whenever you press a key in the game, +the game's current DS can be anything - because INT 9 will interrupt the +current operation of the program and execute the keyboard handling routine, +- with the DS value being whatever it was just before the INT 9 was called. +That is why the program has to reset the current DS address with the +predetermined DS address where it always keeps the key press values. + + +Most often, the DS address value used in the keyboard handling routine, is +the SAME as the DS address value for which the game uses to store it's +lives/energy/ammo etc values. - Sometimes this is not so. (Read "Handling +different DS values", outlined in section 13 for explanations how to cope +when the game's keyboard handling routine's DS value is different from +the DS value where the game keeps the energy/lives/ammo etc, values). + + +Once you have found the game's keyboard handling routine, your main concern +is the address where the keyboard port is read in - with the instruction +IN AL,60. Put a break point on that address and run the game. Press any +key now and you should be in the debugger. Write down the current IP where +the IN AL,60 instruction is. (You will need that IP value later on when +writing the trainer interfacing routine). + + + + + + + + ͻ + Section 13 + ͼ + + + + + + + +Handling different DS values: + + + +Remember that the DS that the keyboard handling routine uses to store it's +data is not always the same DS that the game keeps the +lives/energy/ammo/timer etc values at. If the DS value in the keyboard +handling routine is different from the DS value where the game keeps your +lives/energy etc values, then you will have to do the following : + + +Write down the DS value that the keyboard handling routine uses and the DS +value that the game uses to store your lives/energy/ammo/timer etc values. +Quit the program and calculate how much to add or subtract from the keyboard +routine's DS value, to obtain the DS value that the game uses to store it's +lives/energy etc, values at. I use debug.exe to do the calculations. + + + +Example: + + + + +DS in the keyboard handling routine is 2CF0. The DS value where the game +keeps your lives/energy etc values is 1345 (which is lower than 2CF0, so +you will subtract it from 2CF0). + +Using debug.exe: + + +A 100 +XXXX:0100 MOV AX,2CF0 +XXXX:0104 SUB AX,1345 + + + +Now simply proceed through those 2 instructions and note the AX value after +the SUB instruction. Write it down. In this example the value of AX after +subtraction is 19AB. So in your loader/tsr code you could do the following: + + +PUSH AX ;Save current AX value +PUSH DS ;Save current DS value +MOV AX,19AB ;Move 19AB to AX (the calculated value as shown above) +SUB DS,AX ;Subtract the game's current keyboard DS value with the + calculated AX value. Now DS will equal the DS value where + the game keeps the lives/energy etc values at. + + + +Remember also that you don't necessary have to use DS always - the game can +be using CS to store your current lives/energy etc values - if so, simply +modify the above routine to work with CS. The above trick works for every +possible address, so you will always find your data. + + + + + + + + ͻ + Section 14 + ͼ + + + + + + + +Writing the trainer loader or TSR code: + + + +By now you should have all the training-related information on paper. It +should include : + + +1) The addresses where the lives/energy etc are stored (XXXX:YYYY) - (not + the actual DEC/INC instruction address locations, but the addresses that + the DEC/INC instructions modify). + + +2) The value to add/decrement to/from the above addresses. (If you want + to increase your energy, for example, to full, note what value + represents energy full at that address, so when you later on define the + trainer keys, and select the energy-boost key, you will know what value + to add to the energy storage address to boost up the energy to max). + + +3) The address of the program's keyboard handling routine and the IP of the + IN AL,60 instruction. (If there is no IN AL,60 instruction in the + keyboard handling routine, then write down the address of the IP of your + chosen instruction to replace with CD 21 - for more information refer to + "Interfacing with different keyboard handling routines", outlined in + section 16e). + + + You should have 2 addresses of the program's keyboard handling routine. + The first one should be the address that you check/interface your + trainer code into the game's keyboard handling routine. + + + To get this address, start up your debugger, debug the game's loader and + set a break point on INT 21 - if using soft-ice, or trace the program to + the first INT 21. Then once you are there, don't trace into the INT 21, + just merely search for the keyboard handling routine using the program's + current CS. (You should have previously noted some of the bytes which + compose the beginning of the keyboard handling routine. Refer to the + "Note", back in section 12b). + + + +Example: + + + +You are looking for the following bytes : E4 60 8A D8 D0 C0 + + +S CS:0 L FFFF E4 60 8A D8 D0 C0 + + + +If you find nothing, try DS, ES, or SS. If you still find nothing, then +search higher in memory like 2000, 3000, 4000 etc. (Refer to section 9 for +more information on searching for data). + + +If you still don't find those bytes, then the keyboard handling routine in +the program might still be compressed or encrypted. Run the program for a +bit and then retry the above steps. + + + +Note : + + + +If you didn't find the routine while searching with CS, DS, ES, or SS, +but found it when you searched the higher memory, like 3000 for example, +then you will have to do either one of the following: + + +3a) Set a break point on the next INT 21, or run the game for a bit, then + reset the break point back to INT 21. Then try again to search for the + keyboard routine's bytes - only using CS, DS, ES, or SS. If you still + don't find anything, then resort to step 3b. + + +3b) Since the keyboard handling routine address cannot be found using the + current CS, DS, ES or SS, you won't be able to interface your trainer + code using the above registers. You will have to use the method + described in section 13, and use the memory range address at which you + DID manage to find the keyboard handling routine with (eg: 0800:XXXX or + 3000:XXXX etc). + + + +The second address should be the game's current CS:IP when the game is +running. (For more information, refer to "Finding the runtime CS:IP of the +keyboard handling routine", outlined in section 16c). + + + +Note: + + + +The 2 addresses described above, can be the same - the game's CS can be the +same at startup and once it's running, but if it's not, then follow the +above steps to obtain those 2 addresses. You will need them later on to +write the generic trainer code interfacing routine, as outlined in section +16a. + + + +4) If the DS value in the program's keyboard handling routine is different + from the address where the game keeps the lives/energy etc values, as + outlined in section 13, you should have both the program's keyboard + handling routine's DS value and the address (XXXX:YYYY) where the + program keeps the lives/energy etc values at. + + + (You should also have calculated out what the final DS value should be + for the above. (For more information refer to "Handling different DS + values", outlined in section 13)). + + +5) The keyboard key press scan value that you will compare later on in your + trainer code, for your defined trainer keys. + + + +Once you have necessary information as stated above, then you are ready for +the next step. + + + +The loader or TSR that you are going to use has to be able to hook onto an +existing interrupt and redefine it's vector to your trainer routine. I +usually hook onto INT 21, but in theory you can hook onto any interrupt you +wish. But hooking onto INT 21 is preferable because of 2 things : + + + +1) All the games will use INT 21 at some point in the game - therefor + activating your defined INT 21 routine, which in turn integrates itself + directly to the game's code. + + +2) There won't be much "confusion" once the game is running. - Games very + seldomly execute INT 21's during game play - so your INT 21 "interface" + will not slow-down/conflict with any game playing operations. + + + +Also loader-trainers are better than writing TSR-trainers mainly because +they are "cleaner" - sure they both hook onto certain interrupts, but a +loader always restores it's hooked interrupt(s) upon exiting the program, +and in most cases, uses less memory. + + +If you don't know how to write loaders, or prefer to write TSR's, then I +suggest that you also include a self-removal option in your TSR - either +user requested or upon program termination. You can use the routine +outlined in section 15. + + + + + + + + ͻ + Section 15 + ͼ + + + + + + + +Generic TSR self-removal routine: + + + +0100 1E PUSH DS +0101 50 PUSH AX +0102 52 PUSH DX +0103 06 PUSH ES +0104 0E PUSH CS +0105 1F POP DS +0106 A12C00 MOV AX,[002C] + + +0106 : Get the DOS environment segment address. + + +0109 8EC0 MOV ES,AX +010B B449 MOV AH,49 +010D CD21 INT 21 + + +010D : Free the allocated memory. + + +010F C5167801 LDS DX,[0200] + + +010F : Load pointer using DS - from DS:[0200] (DS=CS). This is done to + restore the original INT 21 vector. The original vector was saved at + CS:0200. + + +0113 B82125 MOV AX,2521 +0116 CD21 INT 21 + + +0116 : Hook and restore back the original INT 21 vector. + + +The below routine removes the TSR from the memory block: + + +0118 8CC8 MOV AX,CS +011A 48 DEC AX +011B 8ED8 MOV DS,AX +011D C70601000000 MOV WORD PTR [0001],0000 +0123 07 POP ES +0124 5A POP DX +0125 58 POP AX +0126 1F POP DS +0127 CF IRET + + +0200 0000 0000 ;Original INT 21 vector saved here + + + + + + + + ͻ + Section 16a + ͼ + + + + + + + +Generic trainer code interfacing routine: + + + +The way this routine works is by hooking itself to the game's code, mainly +at the address where the IN AL,60 - keyboard port read instruction is. It +replaces the original bytes of that instruction (E4 60) with CD 21. Every +time you press any key during the game, your trainer routine is executed +instantaneously. + + +I will take you step by step through the next example, taken from the +Interactive 8 option trainer for Prince of Persia II. + + + + + + + + ͻ + Section 16b + ͼ + + + + + + + +Prince of Persia II interactive trainer interfacing routine: + + + +0100 9C PUSHF ;Push Flag +0101 55 PUSH BP ;Push BP +0102 1E PUSH DS ;Push DS +0103 89E5 MOV BP,SP ;Move current SP to BP +0105 8E5E08 MOV DS,[BP+08] ;Move current CS to DS. + + +The principle of operation of the 0105 instruction is as follows. + + +Whenever an interrupt is called, the original FLAGS, CS, and IP are pushed +into the stack. Now if you move the current SP to BP, then move the value +at SS:[BP+08] to DS, you will get the program's current CS. + + +0108 26 ES: +0109 813E6516E460 CMP WORD PTR [1665],60E4 + + +0109 : Compare the values at address ES:1665 to 60 E4. + + +Why ES:? Remember that your trainer routine is hooked onto INT 21. Now +whenever the game starts up - the very first INT 21 executed, will either +be the dos version checking INT 21, or a memory allocating INT 21 etc. + + +Now every time ANY INT 21 is executed in the game, if the current CS:IP is +let's say at 2300:1200, and the keyboard handling routine's IN AL,60 address +is at 14FA:0377, then you won't be able to interface your code to the +keyboard handling routine's code, since the program's current CS is way +higher than 14FA. + + +The reason I used the ES value is because the value was just perfect - I +found the E4 60 bytes at address 1665 when searching with ES:, but couldn't +find them when searching with CS, DS, or SS. (You see, it's a good idea +to search with DS, ES, or SS first - if unable to find anything using CS, +before adverting to the procedures outlined in section 13). + + +But in most cases you will be able to interface directly to the game's +keyboard handling routine with the program's current CS value. (For more +information, refer to step 3 in "Writing the trainer loader or tsr", +outlined in section 14). + + +0109 : The instruction at 0109 is checking if at ES:1665 the bytes E4 60 + exist - if they do, it means that's where the instruction IN AL,60 + is. (Refer to "Prince of Persia II keyboard handling routine + listing", outlined in section 12d). + + + +010F 7507 JNZ 0118 ; If it is not, then jump to the exit + portion of your routine. + + +0111 26 ES: +0112 C7066516CD21 MOV WORD PTR [1665],21CD + + + +0112 : Else, replace the instruction at ES:1665 with CD 21 (your already + hooked INT 21 handling routine). + + +0118 817E066715 CMP WORD PTR [BP+06],1567 +011D 7405 JZ 0124 + + +0118 : Compare if SS:BP+06 (which is the game's current IP BEFORE it + entered your INT 21 hooked routine) to 1567. This routine is + comparing if the INT 21 instruction is YOURS or if it's some other + INT 21 instruction used by the game. This is accomplished by + comparing the game's current IP (instruction pointer) to 1567. If it + is indeed YOUR inserted INT 21 routine calling, then the trainer + JMPS to it's trainer routine (which starts here at 0124). + + +In this example, you will notice that the IP is different from the address +1665 - it's 1567. Why? Simple, because when the game runs, the CS was +different from ES - which you previously used to insert the CD 21 with. +(For more information regarding the IP, refer to section 16c). + + +The routine below, restores DS,BP,FLAGS and jumps to the original INT 21 +vector: + + +011F 1F POP DS +0120 5D POP BP +0121 9D POPF +0122 EB77 JMP 019B + + +The above routine is executed due to one of the following: + + +1) Either the E4 60 value was not found at the specified address or; + + +2) The program's current IP is not pointing to your inserted INT 21 IP + address. (This might be another INT 21 instruction that the game is + currently using somewhere else - so the trainer code will restore DS, BP + and the FLAGS, and jump to the original INT 21 saved vector, thus + letting the game do whatever it wanted to. + + +Else, the following code is executed : + + +0124 1F POP DS + + +0124 : Restore the program's current DS. In this case the keyboard handling + routine's DS value is the same for where the game keeps it's key + presses and where it stores the value of your current + energy/time/level etc, values. That's why I restored DS right here, + so my trainer can use it later on. (And also note that for this + trainer example, you don't need to use the procedures listed in + "Handling different DS values", as outlined in section 13) + + +0125 E460 IN AL,60 + + + +0125 : This instruction reads the keyboard port. This instruction has to be + present in the trainer code, since you replaced it with CD 21 in the + game's code, remember? + + + +The following code compares the key press to the function keys defined for +the trainer, and jumps correspondingly: + + + +0127 3C3B CMP AL,3B +0129 741F JZ 014A +012B 3C3C CMP AL,3C +012D 7422 JZ 0151 +012F 3C3D CMP AL,3D +0131 745D JZ 0190 +0133 3C3E CMP AL,3E +0135 7421 JZ 0158 +0137 3C3F CMP AL,3F +0139 7433 JZ 016E +013B 3C40 CMP AL,40 +013D 7436 JZ 0175 +013F 3C43 CMP AL,43 +0141 743D JZ 0180 +0143 3C44 CMP AL,44 +0145 7441 JZ 0188 + + +If some other key was pressed, which is not used by the defined trainer +keys, the following routine is executed. It merely restores the BP, FLAGS +and IRETS back to the program. The AX value however was not saved in the +beginning of the routine, and is always different upon returning back to +the program. There, it is used by the game to determine what keys were +pressed. (The original DS value was restored earlier remember?). + + +0147 5D POP BP +0148 9D POPF +0149 CF IRET + + +The following instructions change the data values in the program's DS to +train the game. The trainer data was derived using the same techniques as +outlined in this training tutorial. + + +014A C606865C01 MOV BYTE PTR [5C86],01 +014F EBF6 JMP 0147 +0151 C606865C00 MOV BYTE PTR [5C86],00 +0156 EBF7 JMP 014F +0158 C6060D5C21 MOV BYTE PTR [5C0D],21 +015D C6064D5C21 MOV BYTE PTR [5C4D],21 +0162 C606CD5C21 MOV BYTE PTR [5CCD],21 +0167 C6060D5D21 MOV BYTE PTR [5D0D],21 +016C EBE8 JMP 0156 +016E C6062A5EFF MOV BYTE PTR [5E2A],FF +0173 EBF7 JMP 016C +0175 C6062C5E01 MOV BYTE PTR [5E2C],01 +017A FE06465E INC BYTE PTR [5E46] +017E EBF3 JMP 0173 +0180 C706825C9300 MOV WORD PTR [5C82],0093 +0186 EBF6 JMP 017E +0188 C706825CC101 MOV WORD PTR [5C82],01C1 +018E EBF6 JMP 0186 +0190 C706925C1919 MOV WORD PTR [5C92],1919 +0196 EBF6 JMP 018E +0198 90 NOP +0199 90 NOP +019A 90 NOP +019B EA00000000 JMP XXXX:XXXX ;Jump back to the original INT 21 + vector. + + + +For a better understanding of the above code, study the Prince of Persia II +interactive 8 option TSR or loader trainer examples (PP2T-TSR.COM and +PP2T-LDR.COM and their DOC - PP2T-T&L.DOC). Both are included in this +training tutorial package. They correspond exactly to the above example. + + + + + + + + ͻ + Section 16c + ͼ + + + + + + + +Finding the runtime CS:IP of the keyboard handling routine: + + + +To always know what the current IP will be once the program is running, +simply set a break point in the program's keyboard handling routine, press a +key, and once your debugger breaks in, note the address of the keyboard +handling routine. + + +Write down the address of the IN AL,60 instruction. If the game doesn't use +INT 9 or IN AL,60 in it's keyboard handling routine, then refer to +"Interfacing with different keyboard handling routines", as outlined in +section 16e). + + + + + + + + ͻ + Section 16d + ͼ + + + + + + + +Comparing the program's current IP: + + + +When comparing the program's current IP - like in the above example in +section 16b, at 0118, you have to remember that the program's current IP +points to the address AFTER the interrupt was called. + + + +Example: + + + +If the code looks like this : + + +0100 E460 IN AL,60 +0102 88C3 MOV BL,AL + + +And you replace E4 60 with CD 21: + + +0100 CD21 INT 21 +0102 88C3 MOV BL,AL + + + +Then once the program executes your interrupt 21, and you check for the +program's current IP as described above, make sure you compare the IP to +0102! - the instruction right after the INT 21 - because after all, once the +program exits from your INT 21 routine via the IRET instruction, it doesn't +return back to 0100, it returns to the next following instruction. + + + + + + + + + + ͻ + Section 16e + ͼ + + + + + + + +Interfacing with different keyboard handling routines: + + + +All games have a keyboard handling routine. But some rare OLD games might +not use INT 9 to handle their key presses, or they might not use the IN +AL,60 instruction - just INT 16 for checking key presses. + + +So what's the problem there? Again, simply find a 2 byte instruction +somewhere right after the INT 16 instruction that you can replace with CD +21, and you are in business. + + + +Example: + + + +0100 30E4 XOR AH,AH +0102 CD16 INT 16 ;here is the game's INT 16 +0104 88C3 MOV BL,AL +0106 80EB11 SUB BL,11 + + + +There is a nice instruction at 0104 that you can change to CD 21. Then all +you have to do in your INT 21 hooked routine is to execute that instruction +somewhere in the beginning or the end of your code - doesn't really matter +where, but make sure BL equals the AL key press value, once your routine +IRETS back to 0106. + + + + + + + + ͻ + Section 17 + ͼ + + + + + + + +Below is another example, taken from the Fox Ranger interactive 9 option +trainer. Notice that at 010A, there is no E4 60 (IN AL,60). I'm hooking +INT 21 at some address which is in the game's program loop - you see, it can +be done in lots of different ways, as described above in "Interfacing with +different keyboard handling routines", in section 16e. I will only explain +the important stuff in the following example: + + + +Fox Ranger interactive 9 option trainer routine listing: + + + +0100 9C PUSHF +0101 55 PUSH BP +0102 1E PUSH DS +0103 89E5 MOV BP,SP +0105 8E5E08 MOV DS,[BP+08] +0108 26 ES: +0109 813EBA1DB000 CMP WORD PTR [1DBA],00B0 +010F 7507 JNZ 0118 + + +0109 : Compare ES:[1DBA] to 00 B0, if not, restore DS,BP,FLAGS and jump to + the original INT 21 vector. + + +0111 26 ES: +0112 C706BA1DCD21 MOV WORD PTR [1DBA],21CD + + +0112 : Hook your defined INT 21 routine at ES:[1DBA] + + +0118 817E06BC1C CMP WORD PTR [BP+06],1CBC +011D 7405 JZ 0124 + + +0118 : Compare current SS:[BP+06] (BP=SP) which is the program's current IP + to 1CBC - if it's at your INT 21 IP, then jmp to the trainer routine, + else restore DS,BP,FLAGS and jump to the original INT 21 vector + (as in 011F-0122). + + +011F 1F POP DS +0120 5D POP BP +0121 9D POPF +0122 EB7D JMP 01A1 +0124 8CDD MOV BP,DS +0126 06 PUSH ES +0127 1F POP DS +0128 A0722D MOV AL,[2D72] + + +0128 : Move into AL the key press which the game stored at ES:[2D72] - (As + you see, the game does not always have to have the IN AL,60 + instruction, for you to be able to interface your trainer with the + keyboard. As long as you find out where the game stores it's key + presses, you will always be in business. + + +The following compares the key press to see if it's one of the defined +trainer key presses: + + +012B 3C4A CMP AL,4A +012D 7459 JZ 0188 +012F 3C4E CMP AL,4E +0131 744B JZ 017E +0133 3C26 CMP AL,26 +0135 7461 JZ 0198 +0137 3C30 CMP AL,30 +0139 7427 JZ 0162 +013B 3C20 CMP AL,20 +013D 742A JZ 0169 +013F 3C32 CMP AL,32 +0141 7412 JZ 0155 +0143 3C21 CMP AL,21 +0145 744B JZ 0192 +0147 3C24 CMP AL,24 +0149 7425 JZ 0170 +014B 3C1E CMP AL,1E +014D 7428 JZ 0177 +014F B000 MOV AL,00 +0151 1F POP DS +0152 5D POP BP +0153 9D POPF +0154 CF IRET + + +The following is the training routine. The training data was derived using +the same techniques as outlined in this training tutorial. + + +0155 A2802F MOV [2F80],AL +0158 893E812F MOV [2F81],DI +015C 893E832F MOV [2F83],DI +0160 EBED JMP 014F +0162 C606BF2F01 MOV BYTE PTR [2FBF],01 +0167 EBF7 JMP 0160 +0169 C6067A2F01 MOV BYTE PTR [2F7A],01 +016E EBF7 JMP 0167 +0170 C606244305 MOV BYTE PTR [4324],05 +0175 EBF7 JMP 016E +0177 C6067E2F01 MOV BYTE PTR [2F7E],01 +017C EBF7 JMP 0175 +017E 8EDD MOV DS,BP +0180 C70660DD0900 MOV WORD PTR [DD60],0009 +0186 EBF4 JMP 017C +0188 8EDD MOV DS,BP +018A C70660DDB304 MOV WORD PTR [DD60],04B3 +0190 EBF4 JMP 0186 +0192 FE06792F INC BYTE PTR [2F79] +0196 EBF8 JMP 0190 +0198 FE06762F INC BYTE PTR [2F76] +019C EBF8 JMP 0196 +019E 90 NOP +019F 90 NOP +01A0 90 NOP +01A1 EA00000000 JMP XXXX:XXXX ; Jump back to the original INT 21 + vector. + + + +For a better understanding, study the Fox Ranger interactive 9 option +tsr trainer example (FRT-TSR.COM and read it's DOC - FRT-TSR.DOC) included +in this trainer package. It corresponds exactly to the above example. + + + + + + + + ͻ + Section 18 + ͼ + + + + + + + +Below is another example, taken from the Legend of Myra Interactive 10 +option trainer: + + + +Legend of Myra Interactive 10 option trainer routine listing: + + + +0100 9C PUSHF +0101 55 PUSH BP +0102 1E PUSH DS +0103 89E5 MOV BP,SP +0105 8E5E08 MOV DS,[BP+08] +0108 813E250E8AD8 CMP WORD PTR [0E25],D88A +010E 7506 JNZ 0116 + + +0108 : Compare the word at CS:[0E25] (DS=CS because of the instruction at + 105) to D8 8A. Skip the following instruction if not zero. + + +0110 C706250ECD21 MOV WORD PTR [0E25],21CD + + +0110 : Interface your INT 21 hooked routine at CS:[0E25] + + +0116 817E06270E CMP WORD PTR [BP+06],0E27 +011B 7406 JZ 0123 + + +0116 : Compare the word at SS:[BP+06] (which is the program's current IP) to + 0E27. Note that the address of the program's current IP and the + address where you inserted your CD 21 word is identical - you see, + sometimes the program's current CS can be the same at startup, and + during game play. (Refer to step 3 in "Writing the trainer loader or + tsr code", outlined in section 14). + + (The reason for the 2 byte increase from 0E25 to 0E27 now, is because + the program's current IP points to the next following instruction + after your INT 21. (For more information on this, refer to + "Comparing the program's current IP", outlined in section 16d). + + +The next instructions listed below restore DS,BP,FLAGS and jump back to the +original INT 21 vector - if the compare at either 0108 or 0116 failed. + + +011D 1F POP DS +011E 5D POP BP +011F 9D POPF +0120 E97F00 JMP 01A2 + + +The instructions below move into AL the key presses taken from the program's +keyboard key press storage data area and compare them to the trainer defined +keys: + + +0123 1F POP DS +0124 5D POP BP +0125 50 PUSH AX +0126 A0E409 MOV AL,[09E4] +0129 3C3B CMP AL,3B +012B 743B JZ 0168 +012D 3C3C CMP AL,3C +012F 743D JZ 016E +0131 3C3D CMP AL,3D +0133 7427 JZ 015C +0135 3C3E CMP AL,3E +0137 743B JZ 0174 +0139 3C3F CMP AL,3F +013B 7425 JZ 0162 +013D 3C40 CMP AL,40 +013F 7415 JZ 0156 +0141 3C41 CMP AL,41 +0143 7435 JZ 017A +0145 3C42 CMP AL,42 +0147 7437 JZ 0180 +0149 3C43 CMP AL,43 +014B 7440 JZ 018D +014D 3C44 CMP AL,44 +014F 7435 JZ 0186 +0151 58 POP AX +0152 9D POPF +0153 EB44 JMP 0199 +0155 90 NOP + + +The following is the training routine. The training data was derived using +the same techniques as outlined in this training tutorial. + + +0156 C646F643 MOV BYTE PTR [BP-0A],43 +015A EB38 JMP 0194 +015C C646F6CE MOV BYTE PTR [BP-0A],CE +0160 EB32 JMP 0194 +0162 C646F65E MOV BYTE PTR [BP-0A],5E +0166 EB2C JMP 0194 +0168 C646F691 MOV BYTE PTR [BP-0A],91 +016C EB26 JMP 0194 +016E C646F693 MOV BYTE PTR [BP-0A],93 +0172 EB20 JMP 0194 +0174 C646F6CD MOV BYTE PTR [BP-0A],CD +0178 EB1A JMP 0194 +017A C646F6C3 MOV BYTE PTR [BP-0A],C3 +017E EB14 JMP 0194 +0180 FE06EE1F INC BYTE PTR [1FEE] +0184 EBCB JMP 0151 +0186 C606FD3D01 MOV BYTE PTR [3DFD],01 +018B EBC4 JMP 0151 +018D C606D01F64 MOV BYTE PTR [1FD0],64 +0192 EBBD JMP 0151 +0194 58 POP AX +0195 31C0 XOR AX,AX +0197 EBB9 JMP 0152 +0199 C606E40900 MOV BYTE PTR [09E4],00 +019E 88C3 MOV BL,AL +01A0 CF IRET +01A1 90 NOP +01A2 EA00000000 JMP XXXX:XXXX ;Jump back to the original INT 21 + vector. + + + +For a better understanding, study the Legend of Myra interactive 10 option +tsr trainer example (LOMT-TSR.COM and read it's DOC - LOMT-TSR.DOC) included +in this training package. It corresponds exactly with the above example. + + + + + + + + ͻ + Section 19 + ͼ + + + + + + + +Interactive TSR/loader trainer examples: + + + +This training tutorial comes with 4 interactive trainer examples (in COM +format) There are 3 interactive TSR trainer examples and 1 interactive +trainer loader example, included with this training tutorial. The ASM code +structure of all 4 interactive trainer examples, is identical to the ASM +code structure of the examples outlined in this documentation. Even the +trainer code found in each of the 4 trainer examples, starts at CS:0100 +- exactly as listed here in this training tutorial. + + +This was done so that you will be able to study the examples listed here and +then refer to the actual interactive TSR/loader trainer examples. + + +You should note however, that all the 3 TSR trainers use the same install +checking routine - to see if they have already been previously installed +in memory. Remember to only install one at a time. + + + + + + + + ͻ + Section 20 + ͼ + + + + + + + +Summary: + + + +By studying the above examples and the actual trainer program examples +(PP2T-TSR.COM, FRT-TSR.COM, LOMT-TSR.COM, PP2T-LDR.COM) included in this +trainer tutorial package, you will learn how to write trainers for the PC, +or at least broaden your knowledge on this topic. + + +I hope this trainer tutorial helps all you boys out there who always +wondered how it's done. Maybe now I can retire for good since you boys will +be making all the trainers from now on! + + + +Anyways... + + + +From the boys at UNT, : Take care & have PHUN! + + + + Dr. Detergent / UNT'93 + + + +############################################################################ + +By the way... + + + I'm a pilot currently without a job! - if you are an owner of a + charter company or a flight school, or have contacts in the aviation + industry, and know of a job opening, then by all means contact me - + through the UNTOUCHABLES! + + Got a valid flight instructor's rating, multi-engine, glider lic, + certified on 10 types of aircraft, and other goodies. + + Ready and willing to relocate ANYWHERE! + + And if you think that my cracking/training/programming is good, + then wait till you see me fly! + +############################################################################ + + + + [ THE UNTOUCHABLES CREW ]͸ + ķ + ķ + + UNTOUCHABLES į + + Bandieto Mr. Fizz The Psychiatrist The Whistler + + Booper Chester Code Breaker Dark Knight Dr. Detergent Faceless + + Fenris Wolf Silver V Spyke the Impaler The Bandit + + Wayward Ford Prefect + + The Courier Team į + + Nightblade Vertigo + + August Spies Cable Dr. Donnatello Macgyver Minotaur + + Mirage Quazar Satch Shadowhawk Sinclair Specs + + Tasslehoff Burrfoot The Invid The Predator The Roamer Torgall + + Ľ + Ľ + + [ UNTOUCHABLES BOARDS ]͸ + ͸ +͸ + < BOARD NAME > < NUMBER > < SYSOP > < NODES/POSITION > +͵ + - [ ALL HQs ] - +ij + Apocalypse ........ ITS-PRI-VATE The Whistler 5 World ..... HQ + The Dark Palace ... ITS-PRI-VATE Escape Key .. 10 Courier ... HQ + The Burning Church ITS-PRI-VATE -aD! ........ 3 Canadian .. HQ +ij + - [ MEMBER BOARDS ] - +ij + House of the R/Sun 703-406-8920 Dark Knight . 2 UNTNET HUB + Members Only ...... ITS-PRI-VATE Chester ..... 4 | Member - Board + MidWest Exchange .. ITS-PRI-VATE Silver V .... 5 | Member - Board + Pristine Towers ... ITS-PRI-VATE Vertigo ..... 2 Member - Board +ij + - [ SITES ] - +ij + Power Base ........ +49-XXX-XXXXXX Powerlite ... 1 | Distro .. Site + The GodsLand ...... 410-360-3598 Crash ....... 1 | Distro .. Site + The Land's End .... 703-XXX-XXXX Rogue Trader 1 | Distro .. Site + Twilight Zone ..... 504-XXX-XXXX Jack Flash .. 3 | Distro .. Site + Xcess Unlimited ... +49-XX-XXXXXXX Creme ....... 2 Distro .. Site +; + ; + + + + [ PLEASE NOTE ]͸ + ķ +ķ + + We are now accepting applications, please pick up an application at any + UNTOUCHABLES HQ, or contact us on our VMB. + + 1-800-328-3440 450 (After 6PM -EST) + + If you like and use a software, please take it upon yourself to buy + it. Supporting quality programmers is in all of our interest. + +Ľ + Ľ + + ķ + ķ + - [ U N T O U C H A B L E S ] - + Ľ + Ľ + diff --git a/textfiles.com/piracy/CRACKING/unp.txt b/textfiles.com/piracy/CRACKING/unp.txt new file mode 100644 index 00000000..ee92acac --- /dev/null +++ b/textfiles.com/piracy/CRACKING/unp.txt @@ -0,0 +1,685 @@ + + + + + ݳ + + ݳ + + + + Ŀ + + + Written by Ben Castricum + + May 30, 1995 + + + + This is the documentation belonging to and explaining the use of: + + + UNP V4.11 + + + Executable file restore utility + + + + +TABLE OF CONTENTS: + +DISCLAIMER +WHAT IS UNP ? +GENERAL INFO +HOW TO USE UNP +MESSAGES +NOTES ON COMPRESSORS +REGISTERING UNP +HEY! UNP IS COMPRESSED! +WHAT UNP CAN REMOVE +WHAT UNP CANNOT REMOVE +CONTACTING ME + + +Disclaimer +---------- +Under NO circumstances I can be held responsible for any damage caused by +files in this or any other package containing programs written by me. +(That should do it :-) + + +What is UNP ? +------------- +UNP's main purpose is to restore executable files to their original state. +However it can do more than that. UNP can optimise EXE-headers, remove +debug information, convert files from one structure to the other, scan +directories for compressed files, reveal hidden viruses and even make files +that didn't run anymore run again. + + +General info +------------ +Before you start using UNP, I would like to point out a few things which you +might take into consideration. + +Compressed EXE files containing an overlay may not work correctly after they +have been decompressed. Decompression expands the code size of the EXE file +which also means that the overlay moves up. Some programs do not check where +the overlay currently is but just use a constant to get the overlay. If this +is the case, most anything can happen. + +When you use UNP to convert a file to another structure, please take into +consideration that the converted program never runs under the exact same +conditions as it did before. Though these differences are likely not to +cause any problems with most programs, there are always programs which expect +just that what is changed by conversion. + +UNP can do just about anything with files. This definately includes messing +up your files. For that reason it is always a good idea to have a backup of +the files your are going to process. Someone suggested to let the -b +(create backup) option turned on by default. Although this is a good idea, +it's still not 100% reliable. + +UNP is not case sensitive in anyway, nor does it care about extensions. This +however does not mean that it is possible to convert files which are reported +by UNP to be "binary (.COM)" can all be converted to .EXE files. Files which +are not really .COM files (e.g. .BAT or .GIF) will not run or view the +picture when converted and executed. + + +How to use UNP +-------------- +If you type UNP without any parameters then you will get the built-in help +screen of UNP which is explained below. + + - Commands - These are 1 character long and only one can be specified on the +command line. It does not really matter where you put it. If no command is +specified, the E command is used. + +c = convert to COM file + Some .EXE files can be converted to .COM files. You can do this by using + this command. Please note that the resulting file will not automaticly + have a .COM extention. You should only convert a file when you know + exactly what you are doing (see general info section). + +d = make current options default + Using this command enables you to specify the default options yourself. + Simply type the options on the commandline you would like to have as + default and use this command. UNP will modify itself to the settings + as default. For example to let UNP always create a backup use + UNP d -b+ + UNP stores the new settings in itself, which means that UNP is self- + modifying. With most anti-virus programs, this causes some alarm to go + off. Check your anti-virus program documentation on how to solve this + problem (see also: Hey! UNP is compressed!) + +e = expand compressed file (default) + This command expands the compressed file. If you do not specify a + command, UNP will use this by default. Using this command without a + filename will result in unpacking all files in the current directory + +i = show info only + If you just want some information about the file, this is the command to + use. UNP will show all information like the E command but will not + decompress or write the file back. + +l = load and save + This command loads a .COM or .EXE file but does not expand it. It will be + written back just like a decompressed file would be written back. This is + useful in case you want to remove an overlay, irrelevant header data or + optimize the relocation items. + +m = MarkEXE, insert a file in header + MarkEXE is a small utility supplied with PROTECT! EXE/COM V5.0. This + program can add a piece of text to an EXE file in such a way that when the + file is shown on screen the user can see that piece of text. The 'M' + command does not exactly do the same as MarkEXE. First it inserts the + file before the relocation items, this way any EOF markers in the + relocation items won't screw it up. Second, UNP does not place the same + piece of text at the end of the code, since I see this as more or less + screwing up the file. + +o = copy overlay + A new (and probably rarely used) command is the overlay copy command. + With this you can get the overlay from some .EXE file and append to some + other .EXE file. The idea behind this is that when you use LZEXE as + compressor, the overlay is removed from the file. With this command you + can place the overlay back. + +s = search for compressed files + When you use this command, only a small list of compressed files matching + the Infile wildcard will be generated. To save some space on the screen, + the pathname of the file will not be show. But since UNP does not work + recursive, it should not be a problem. + +t = trace executable + My first attempt to a general unpacker can be found in this command. + Actually there are 2 different implemtations. The implementation used for + .COM files will single-step through a program and checking every + instruction if the original program has been restored. If UNP thinks it + has, it will stop and write the file back. Unfortunately this is a very + slow process. The .EXE implementation also single-steps through the file + but it checks every step to see if a known packer has been revealed. If + it has found one, it will remove it and write it the resulting file back. + If the program has not been compressed with a known packer, sooner or + later some interrupt will be used which UNP will detect and abort the + tracing. + +x = convert to EXE file + Some compressors can only compress .EXE files (like LZEXE). With this + command you can convert a .COM file to an .EXE file. The resulting file + will not be written back with an .EXE extension by default. As with the + .EXE to .COM conversion, be sure you know what you're doing. Not all + programs can be converted. + + + - Options - Even more fun can be achieved with specifying options on the +command line. Options can be passed sepparated (like -a -b -c) but can also +be combined (like -abc). After each option there can be one of the +characters "-", "+" or "?". The first turns switches off, the second turns +them on and the third.. well it turns them on as well. But the real purpose +of the question mark is to force UNP to ask if it should do something. +Currently only the -K switch supports this. Options which are not followed +by one of the mentioned characters work as toggles, which means that using an +option twice will undo the previous (eg. -a -a has no result). However once +an option has been turned on with the question mark (like -a?) then you can +only turn it off by appending a - (like -a-). Still got it? :) + +-? = help (this screen) + Suprisingly enough, this switch will let UNP show the built-in helpscreen. + Any other switch or command used on the same line will be ignored. + +-a = automatic retry + It is possible that some files have been processed with some program more + than once. This switch will make UNP to process the file again when it + was changed. Useful when you want to uncompress a file which also has + been Immunized by CPAV. + +-b = make backup .BAK file of original + If you want to keep a backup of your original file (very wise) use this + switch. The original file will be renamed to a file with a .BAK + extension. + +-c = ask for confirmation before action + This will force UNP to ask you if you want to remove the routine UNP found + on the file each time it has recognized some program's work. + +-f = optimise fixups (like HDROPT.EXE) + Relocation items, also known as fixups, are stored in the .EXE header in + two parts; 16 bits for the segment value and another 16 bits for offset. + Since DOS only uses 20 bits for addressing, the fixups may contain some + redundant data. Optimising the fixups does some arithmetic stuff which + will move as much as possible of the address into the offset and fills the + segment value with zeros. This is the same as the program HDROPT.EXE + supplied with PKLITE does. + +-g = merge overlay into image + This dirty switch allows you to merge an overlay into the image of an .EXE + file. I can't think of any reason why someone should use it but it's + here. + +-h = remove irrelevant header data + Most linkers add useless data to the .EXE header. This switch removes all + such useless information, thus shrinking the header size. This switch + also skips the header rebuilding code with files like PKLITE. + +-i = interception of I/O interrupts + By default UNP watches several DOS interrupt to check if the program is + running as expected. Any unexpected call to such an interrupt will make + UNP abort the process. If you have any weird TSRs resident you might have + to use this switch. + +-k = pklite signature handling; - = don't add, + = add always, ? = ask + With this switch you can handle the pklite signature. There are 3 + possibilities : + -k- = don't add + The pklite signature will not be added, this will also be the case if + you only use -k (to stay dislite compatible). + -k+ = add always + Always add the pklite signature, this is the default of UNP so you can + just as well leave the -k switch away if you want this. + -k? = ask + When you use this, UNP will ask you each time it has found a signature + (like UNP V3.01 or earlier did). + +-l = use large memoryblock + When UNP loads a program it allocates a block with a size of the + required memory with about 32k extra for safety. Some programs require + even much more memory than they tell DOS they need. If such a file is + decompressed by UNP it definately will go wrong. Two things can happen + in such a case. The program detects the absence of enough memory and + will attempt to notify the user by writing a message on screen. This + will probably result in a "(INT 21) Unexepected call to DOS" error + (see messages) and UNP will abort gracefully. Or worse, the program + does not check at all and will try to decompress anyway. This will + probably result in a system crash or a memory allocation error. If you + have got a file which requires more memory than it tells DOS, use this + switch. After identifying the compressed program, UNP will increase + the allocated memory block to 15/16 of the maximum size of that block. + +-m = MORE alike output + On request this switch has been added. It should pause about every screen + full of information similar like DOS's MORE.EXE. + +-n = numbered Outfiles + Also on request is the possibility the have UNP remove several routines + in one run but keeping a copy of every version. This switch will assign a + number to the files it writes the new file to. If the file already is + numbered, it will increment that number. If not, the number 1, possibly + with leading underscores,will be assigned to it. + +-o = overwrite output file if it exists + If you want to have the destination file overwritten, you can avoid the + question for permission by specifying this switch on the command line. + +-p = align header data on a page + It is said that .EXE files with a header size that is a multiple of 512 + bytes load faster (this could make sense since a sector is also 512 + bytes). This switch will expand the header to the nearest multiple of 512 + bytes, filling it with zeros. + +-r = remove overlay data + If something is appended to an .EXE it is called an overlay. This switch + will let the file size of the outfile be the same as the load image. So + anything that was appended to the file will be thrown away. An overlay + can be used for all kinds of data, so removing this can result in + throwing away something useful. + +-u = update file time/date + By default UNP sets the time/date of the destination file to the same + time/date as the original source file. If you want to have it updated to + the current time/date use this switch. + +-v = verbose + When you use this switch UNP will give you some additional information. I + added this switch for debugging purposes. + +-- = program's commandline + Anything after this switch will be passed to the program to be + decompressed. This way you can pass along any required parameters (like + passwords) for the Tracing command. + + +Messages +-------- +UNP has 6 kinds of messages other than the usual information it can display: + + - Questions - Even with new smart routines programmed into UNP4 it still +needs to ask a few things now and then. Who said that computers are smarter +than you? Anyway, you can expect the following questions: + +Add code to fake PKLITE decompression (y/n)? + This question arises when UNP detects that a signature has been placed + into the program's PSP and the -K switch has the '?' value. (for more + info, read the "notes on compressors" part) + +Continue (y/n)? + When UNP considers a program abnormal it wil display a warning with the + reason why it thinks so and will ask you if you want to continue anyway. + +Remove this routine from file (y/n)? + You have requested confirmation for each action UNP takes (see -C option) + and this is the result. + +Program is protected, please enter password: + Some programs have the ability to scramble executable files with a + password. Unfortunately I have not succeeded in breaking all protection + schemes using this. So for certain programs you might be prompted for + the password + +File FILENAME.EXT already exists. Overwrite (y/n)? + When UNP wants to write to the destination file and discovers the file + already exists, it will ask if you want to overwrite the file. You can + avoid this question by using the overwrite option (see -O option). + +- Informal messages - By placing UNP in verbose mode (see -V option) UNP will +display additional information about anything that might be interesting. Note +that informal messages allways start with "INFO -". + +DOS Version X.XX[, running under Windows.] + Some system information, this has no effect on UNP. + +Commandline = ... + This indicates what options are passed for the Init procudere the the main + module. This is influenced by UNP's commandline. + +Program's commandline = "...". + If you have specified anything for the program's commandline + (see -- option), it will be echoed here. + +Using FILENAME.EXT as temp file. + The name of the temporary file UNP will use. This is composed of the TEMP + environment variable and some constant defined in UNP. + +Anti-virus program TbScanX detected. + UNP has detected the resident anti-virus program TbScanX and will use it + to scan the files before it loads them (also see -s switch). + +Wildcard matches X filename(s), stored at XXXXh. + The wildcard specified on the commandline is resolved to a number of files + and these names has been stored at the specified segment. + +Program loaded at XXXXh, largest free memory block: X bytes. + Indicates at which segment UNP is loaded and how large the largest + available memoryblock is. + +Adding 'PK' signature to fake PKLITE decompression. + When UNP automaticly adds the code to fake PKLITE decompression + (see -K option), it will display this message. + +Increasing program''s blocksize to X bytes. + In certain cases UNP will increase the memory given to the program which + UNP wants to decompress. This can solve problems with programs which + do not check if they have enough memory. This can be forced with the -L + option (see -L option). + +- Warnings - These messages indicate something is wrong but UNP can live with +it. Warnings will always start with "WARNING -". + +Infile and Outfile are same, Outfile ignored. + After UNP has resolved the wildcard it has found out the the file to be + processed is the same as the destionation file. Since this is the default + operation of UNP it will ignore the destination file. + +Outfile specified, -B option ignored.' + When you have specified a destination file you can't create a backup. This + is because the backup is created by renaming the original file. When the + destination file is also specified there would be no original program + left. + +-N option overrules -B option, -B option ignored + You can't number your files and have a backup created as well. It's about + the same reason as mentioned above. + +Invalid or missing stored header information. + Some files store the original header somewhere inside the compressed file. + When UNP has detected this and the info does not seem to be correct it + will display this warning. + +- Errors - UNP has discovered something wrong and cannot continue with the +current action. It will continue with the next file (when available). + +(INT 10h) Unexpected use of video interrupt, action failed. +(INT 20h) Unexpected program termination, action failed. +(INT 21h) Unexpected call to DOS, action failed. + UNP watches several interrupts to ensure things are going as expected. + When UNP loses control it will sooner or later detect one of the + interrupts it watches and abort the current action. If you think nothing + went wrong and you got this message anyway, you can disable the interrupt + watching (see -i switch). + +Cannot convert, file already is a COM file. +Cannot convert, file has relocation items. +Cannot convert, initial CS:IP not FFF0:0100. +Cannot convert, file is too large for COM. +Cannot convert, file contains internal overlay. + Convertion of a .EXE file to .COM file has to meet several conditions. + When one of these is not met the program will show which one and abort the + action. + +- Dos error - Your operating system does not allow something UNP would like +to do. Simple things like a read-only file or disk full will cause such a +error. UNP will quit if such an error is encountered. These messages start +with "DOS ERROR - " and end with the DOS error code. + +unable to open file ... (error x) +unable to create file ... (error x) +unable to read from file ... (error x) +unable to write to file ... (error x) + +- Fatal errors - Something seriously wrong has happened. The program will +abort. These messages will start with "FATAL ERROR - ". + +No files found matching + UNP could not resolve the wildcard you specified on the commandline to any + file. You might want to check the filenames. + +Decompressing many files into one. + The Infile wildcard matches more than one file and you have also given a + destination filename on the commandline. + +Output path/file must not contain '*' or '?'. + You can't use wildcards in the destination filename. + +Outfile required for specified command. + The command you specified requires 2 filenames and you only gave one. + +Specified command does not require filenames. + The command you specified does not allow any filenames at all! + +(INT 00h) Divide overflow generated by CPU. +(INT 23h) Ctrl-C or Ctrl-Break pressed by user. + These interrupts are considered very important and UNP will quit as fast + as possible when one of these occur. + +Not enough memory to ... + UNP could not allocate enough memory for something. + +Memory Control Blocks destroyed. + UNP now checks for this special memory error since this error is probably + caused by a progam that has been giving too few memory. UNP will abort but + the system will most likely halt immediately after that. You might want + to try giving the program more memory (see -l switch). + + +Notes on compressors +-------------------- +There are a few things about compressors that might usefull to know: + +AVPACK V1.20 + This Russion compressor has many similaritys with PKLITE. The PKLITE + routines are used to unpack this compressor. However, it is not as good + as PKLITE. It reports that files with a size which is a multiple of 512 + bytes contains an overlay and also it only stores the first 20h bytes of + an exeheader making it impossible to do a complete restore. It does have + some extra option like encryption. UNP can uncompress encrypted files + like these although it does not recognize them as such. If you know + you got an encrypted AVPACKed file you can use "UNP T" to unpack. + +COMPACK V4.4 + This program does not really contain a bug but more an incompatibility + error. On 486s, programs compressed with this version of COMPACK will + crash. This is a result of the self-modifying code COMPACK uses. + Somewhere at the end of the decompression routine of COMPACKed programs + there is a far jump to the decompressed program. Initially this jump + points to 0:0 but is adjusted not much earlier before the execution of + this instruction. On 386s or lower the prefetch queue is small enough + to allow this self-modifying code. On 486s however, the read-ahead buffer + is much larger so the jmp has already been read when the adjustment takes + place. The result on 486s is that the jmp 0:0 is actually executed, most + likely causing a system crash. UNP places a breakpoint before the + execution of this instruction which flushes the read-ahead buffer and the + program can be saved with the correct entrypoint. + +EXEPACK + Ever got the message "Packed file is corrupt"? Then you are probably + using a memory manager and have lots of conventional memory free. Old + versions of Microsoft's EXEPACK require atleast one segment (64k) below it + to be able to unpack the program into memory. If you have a lot of free + memory, let's say above 600k, then programs can be partially loaded in the + first segment. This causes EXEPACK to generate this error. UNP loads an + EXEPACKed file high enough to unpack it and can decompress it without any + trouble. + +MEGALITE V1.5 + Like AVPACK, this compression looks very much like PKLITE. This version + however contains an instruction which changes 1 byte in the decompression + routine. I have not been able to find out what the use of this + instruction is. All it seems to do is screw up the code. The instruction + which causes this is: DEC BYTE PTR DS:[SI+012Ch]. + +MR-LITE + This utility seems to be floating around in certain circuits. It is + written to reduce the size of PKLITE size even more. All it does is + simply rewrite the header and leave all useless information away. In + fact, it does the same as "UNP l -h". Unfortunately it does not do this + very well. One of the fields in the .EXE header reports the amount of + memory required by the application. This value is kindly set to 0 by + MR-LITE. Because DOS by default allocates all memory available, you will + not immediately detect this bug. But when unpacking it with UNP you + will very likely get the message "Memory Control Blocks destroyed.". It + is adviced to unpack such a file with "UNP E -l" and if you want + recompress it, optionally you can optimize the header with a "UNP L -h". + (for more info, see -l switch) + +PKLITE V1.00 + Although this program is probably rarely used, I implemented some code + that fixes a bug that appears in this version of PKLITE only. When + certain programs are compressed, PKLITE moves the last 512 bytes of the + image into an overlay. Compressed programs will be decompressed by UNP + and checked for an overlay of 512 bytes. If such an overlay has been + found, UNP includes the overlay into the newly created image. This has + the same result of what would have happened when "PKLITE -x" would have + been used to restore to program. + +PKLITE V1.14+ Professional + These versions of PKLITE have some small piece of code in the + decompression routine that adds a so called signature into the PSP. This + allows programs to check if they are still compressed with PKLITE. When + such a program is unpacked UNP by default adds a small piece of code into + the PSP to fake the decompression. One of the programs that check for such + a signature is the PKZIP V2.04g program. (see also -k switch) + +PKLITE V1.15 + This version does not seem to detect OS2 or Windows files anymore and will + compress them like normal EXE files. Files will however not run + correctly, even when UNP has uncompressed them again. + +PKTINY + A small utility has been written to prevent recognition (and unpacking) + of TINYPROGed files. The trick this program uses is very simple. + TINYPROG has the ability to leave some space in the beginning of an .EXE + file. By filling this space with a PKLITE header and modifing some code + to let the program still run correctly, it tries to fool unpackers. If + UNP detects the modified code it tries to get around it and continue with + the TINYPROG check. + +SHRINK V1.00 + This compressor uses the basic RLE (Run Lenghth Encoding) compression + algorithm to decrease the size of a program. Unfortunately the program + contains (at least) 2 bugs. One of the bugs is when the RLE byte is found + followed by a 00 while decompressing, a 00 is placed in the program which + should be the RLE byte. The second bug is that the last byte of the + compressed file is not written to disk. Both of these bugs are triggered + when all 256 bytes appear at least one time in the file. UNP is able to + correct the first bug, causing most program to work again. However the + second bug is unrecoverable and UNP give a warning if it detects this bug. + It is always better to decompress it, even if the last byte is missing. + + +Registering UNP +--------------- +Having tried several forms of registration for UNP, I have decided to use the +following registration method. First, since a lot of support has come from +the low end user I decided to release UNP as cardware to the public domain. +It's always nice to know your program is appreciated, and what's the price of +a simple card compared to the registration fees asked by several others? So +if you're a happy user of UNP fill in your registration postcard of +something in your neighbourhood today. However, I have spend a lot of hours +on this program and since it can be useful for commercial purposes I decided +that for commercial use a registration of $1 per copy is required. Why so +cheap you might wonder. Well, I don't want the price to prevent you from +registering. I do not have to make profit out of it, I am just a student who +has written a program to teach myself more about DOS. I just as well could +have been writing viruses but instead I have chosen this. Please note that +non-commercial users are allowed to send me money anyway! If it is enough to +buy and mail a disk, you can expect a free special registered version! + + +Hey! Unp is compressed! +----------------------- +Yes, starting with V4.11 of UNP I will use a compressor to make sure lamers +won't just change the version number and upload it to some BBS just to get +their ratio higher. UNP is compressed with DIET V1.45f and processed with a +program I call DSHIELD to prevent decompressing. The traps used are not too +difficult to figure out, but the idea behind it was just the prevent the +lamers from hacking. If you succeed in unpacking it, then you are probably +an experienced programmer. I am sorry but the protection seems to be +neccesary. +Due to this protection it might be possible that some anti-virus programs +which use heuristic scanning consider UNP infected by a new or unknown virus. +If you also use the D command to alter (some of) UNP's default settings, +you might get a warning as well. The D command causes UNP to alter it's +own .EXE file. Check your documention that came along with your anti-virus +software on how to solve this incompatibility. + + +What UNP can remove +------------------- +Quite a lot actually. A list follows: + +AINEXE V2.1 +ANTIBODY +AVPACK V1.20 +AXE V2.2 +CENTRAL POINT ANTI-VIRUS V1, V1.1 +COM2CRP V1.0 +COMLOCK V0.10 +COMPACK V4.4, V4.5 +CRYPTA V1.00 +CRYPTCOM +DELTAPACKER V0.1 +DIET V1.00, V1.00d, V1.02b, V1.10a, V1.20, V1.44, V1.45f +ENCRCOM V2.0 +EPW V1.2, V1.21, V1.30 +EXELITE V1.00aF +EXEPACK V4.00, V4.03, V4.05, V4.06 +F-XLOCK V1.16 +ICE V1.00 +IMPLODE V1.0 Alpha +KVETCH V1.02 +LINK /EXEPACK V3.60, V3.64, V3.65, V3.69, V5.01.21 +LZEXE V0.90, V0.91, V1.00a +MCLOCK V1.2, V1.3 +MEGALITE V1.18a, V1.20a +OPTLINK +PACKEXE V1.0 +PACKWIN V1.0 +PASSCOM V2.0 +PGMPAK V0.13, V0.14, V0.15 +PKLITE V1.00, V1.00, V1.03, V1.05, V1.12, V1.13, V1.14, V1.15, V1.20, V1.50 +POJCOM V1.0 +PRO-PACK V2.08, V2.14 +PROCOMP V0.82 +PROTECT! EXE/COM V1.0, V1.1, V2.0, V3.0, V3.1, V4.0, V5.0 +SELF-DISINFECT V0.90 +SHRINK V1.0 +SCRNCH V1.00, V1.02 +SYRINGE +TINYPROG V1.0, V3.0, V3.3, V3.6, V3.8, V3.9 +TURBO ANTI-VIRUS V7.02A, V9.40 +UCEXE V2.3 +USERNAME V2.00, V2.10, V3.00 +WWPACK V3.00, V3.01, V3.02 + +I have left out a couple of names not really worth mentioning. + + +What UNP cannot remove +---------------------- +SPACEMAKER V1.03 +EPW V1.2, V1.21, V1.30 - EXE only +USERNAME V2.00, V2.10, V3.00 - EXE only + + +CONTACTING ME +------------- +Please note that registrations must be send to my home adress, not to my +E-mail adress. A card really is a card, not a scanned picture or some +piece of text. + +My address: + Ben Castricum + Van Loenenlaan 10 + 1945 TX Beverwijk + The Netherlands + +E-Mail: valid until june '95 + benc@htsa.hva.nl + +I am not sure when exactly my account will be disabled, but I'll try to +get a new account somewhere as soon as possible. + +-- End of UNP V4.11 documentation -- diff --git a/textfiles.com/piracy/CRACKING/vbtutori.txt b/textfiles.com/piracy/CRACKING/vbtutori.txt new file mode 100644 index 00000000..46a6e04f --- /dev/null +++ b/textfiles.com/piracy/CRACKING/vbtutori.txt @@ -0,0 +1,534 @@ + + + razzia's tutorial for vb cracking + + + + Introduction + + Lately more and more programs come out that are programmed in VB. +Since VB programs are still unknown material for most crackers they +ignore them and label it as 'uncrackable'. In this document i will show +you that that is not true for text based protections (serials/reg#'s). + + For tools we will need only soft-ice and in one case hiew. Further- +more i assume that the reader is somewhat familiar with cracking. For +absolutely beginners i recommend the great tutorials made by +orc and +ed!son's good windows tutorial. But i will try my best to make the text +understandable for everyone who has a litle knownledge about cracking. + + + Getting ourselves prepared + + Before i start bombing you with asm listings lets take a moment to +think about what we are dealing with. + We are dealing with exe's that dont have code themselves but instead +they make calls to a library with standard functions. + What does this mean? It means that this is a big disadventage to +protect programs written in VB. Why? Do you think that the writers of +the VB dll made 10 different functions that you can use to compare 2 +strings? No, ofcourse not. They made the dll to be as efficient as +possible, as small as possible. + So therefore a good guess is that there will be only 1 or 2 places +in the dll where it can compare two strings. And that turns out to be +the case as you will see if you finish reading this document. + Does the litle lamp already begin to glow in your head ? ;--) +Wouldnt it be great if we knew where in the dll 2 strings get compared? +Yes, it would be great. It would reduce VB cracking to a boring job of +setting a single breakpoint at the right place. Continue reading for +the details. + + + + Strategy + + + Before we continue it would be wise to set out a strategy (like its +the case with every other case of cracking). + + Lets think about the protection ... +You enter a string of text , you hit enter or press 'OK' or whatever. +Then windows gives the data you entered to the VB dll. The VB dll then +does whatever it needs to know if that data is right or wrong. And you +get a msg saying you entered a good/wrong code. + + So what would be the weak link in the chain? The answer is where +windows gives the data you entered to the VB dll. Thats our entry point. +We can make softice break there. And then we are at the source of the +protection-chain. With the aid of breakpoints we can then monitor what +happens with our text. + + I think that we now have enough background information to crack a +first example. + + + Case 1 : The Collector v2.1 + + The collector is an utility for creating and maintaining your +image/photo collection. Not bad for a VB program. + More info about this program : + + Name : The Collector v2.1 + Where : http://intranet.ca/~logic/collectr.html + Size : collectr.exe = 246.047 bytes + Protection : serial + DLL : uses VB3 dll + + I find it easier to explain things in steps. So therefor i will +split the cracking process in smaller chunks : + + Step 1 : Run The Collector - right at startup it will ask you for a +serial # + + Step 2 : Enter a dummy serial like '9876543210'. Now press control-d +to enter softice. In softice enter 'bpx hmemcpy' to place a breakpoint +on the hmemcpy function of the kernel. + (Intermezzo : What is hmemcpy ? + Windows uses hmemcpy alot in operations concerning + strings. In this case it will be used to copy the buffer + with the text we entered to the memory space of the VB dll. + Remember when i said that we were gonna break when + windows gave the string we entered to the VB dll?) + + Step 3 : Leave softice with control-d. And press 'OK". This will +make softice break right at the beginning of hmemcpy. + + Step 4 : Now we will continue with tracing further into the hmemcpy +function to find out where the string we entered will be stored. Keep +pressing F10 untill you see this : + + JMP 9E9F + PUSH ECX ;these lines copy the + SHR ECX,02 ;string at ds:si to es:di + REPZ MOVSD + POP ECX + AND ECX,03 + REPZ MOVSB + XOR DX,DX + + Step 5: Right before REPZ MOVSD do a 'ed si'. You will the text you +entered, in my case its shows '0987654321'. Do a 'ed es:di' and you will +see nothing (yet). But if you press F10 and get passed the REPZ MOVSB +you will see the text getting copied to this new location where the +VB dll can access it. + + Step 6: Now we know where the text is located. Lets review our +strategy here. Our plan was to find out where the VB dll kept our +serial, then put a breakpoint on that memory location and find out +with what it got compared. So, lets set a bpr (breakpoint on range) +at the location with our string. Since the REPZ MOVS(D/B) instructions +increased the pointer in di (it now points to the end of our string) +we do 'bpr es:di-8 es:di-1 rw'. Dont hit enter yet - read step 7 first. + + Step 7: Before you hit enter i will tell you what to expect. Softice +will break everywhere where that block of memory with the string is +read or written to. + For example you will break inside the function strlen where the +lenght of the string is calculated. + And you will break where the string is copied to another place in +memory (for example with REPZ MOVSW). When this happens place a new +bpr at the new location with the string. + It will also break when the string or part of it gets deleted. If +not the whole string gets deleted do not remove the corresponding bpr. +Only remove it when the complete string gets written over by something +else. + Also you will break again in hmemcpy. Hmemcpy will read another echo +of the string in the dll's memory. Place a bpr there too. + And finally you will break at the part of the code that does the +comparing (the instruction you will see is REPZ CMPSB). + When i reached that part of code i had 4 breakpoints set. One +breakpoint for hmemcpy and 3 bpr's on 3 echos of the string (or parts +of it). + + Step 8: Now we found the code where the VB3 dll does comparing +we can place a breakpoint there and disable the other breakpoints. We +wont need them anymore. We found the place where things get compared +in VB3. What you see is this : + + : 8BCA mov cx, dx + : F3A6 repz cmpsb ;<- here the strings in ds:si and es:di + : 7401 je 8CB6 ; are being compared + : 9F lahf + : 92 xchg ax,dx + : 8D5E08 lea bx, [bp+08] + : E80E06 call 92CB + + Just before the REPZ CMPSB if you do a 'ed si' and a 'ed es:di', you +will see what is compared with what. In this case the second and third +character of the string we entered gets comared with 'V8'. So if you +restart the program and enter 0V87654321 it will register. + + Step 9: We are not finished yet. The contrary is true, the important +part is what we do now. Next time we meet a VB3 program we want to place +a breakpoint at the location with the code above and read out the right +serial. +How do we do that ? Lets try it real quick with The Collector. + -Start The Collector and enter a dummy serial. + -Enter softice and place a breakpoint on hmemcpy. + -Leave softice and press 'OK', this will put you back + in softice. + -Now, get out of the kernel and and get in the code of VBRUN300 + (press F11 and F10 untill you get there) + -Now do a search for the pattern : + 8B,CA,F3,A6,74,01,9f,92,8D,5E,08,E8,0E,06 + (s 0 l ffffffffff 8B,CA,F3,A6,74,01,9f,92,8D,5E,08,E8,0E,06) + -Place a breakpoint at the adress that gets returned + (bpx ) + -press F5 and you will land in the middle of the above comparing + code. + -Only thing left to do is check out the pointers in es:di and ds:si + + + + Case 2 : Minimize Magic 1.2.4 + + + Minimize Magic is an utility that you can use to minimize your +programs to the traybar. + + More info about this program: + + Name : Minimize Magic 1.2.4 + Where : http://www.genesoft.demon.co.uk/ + Size : minimagic.exe = 159.744 bytes + Protection : password based on key + DLL : uses VB4 dll + + To crack this program you can do the same as we did with The +Collector. Starting with hmemcpy working your way to the code that +compares the string you entered. Important thing to know is that the +VB4 dll always converts strings to the WideChar format before it does +anything with them. So instead of using hmemcpy you can set a +breakpoint on MultiByteToWideChar to break. Check your windows API +reference to learn more about this function. + + I have done all the hard work for you and found the VB4 dll code +that compares two strings (in WideChar format !). + Heres the listing : + + : 56 push esi + : 57 push edi + : 8B7C2410 mov edi, [esp + 10] + : 8B74240C mov esi, [esp + 0C] + : 8B4C2414 mov ecx, [esp + 14] + : 33C0 xor eax, eax + : F366A7 repz cmpsw ;<-- here the (WideChar) strings at ds:esi + : 7405 je 0F79B362 ; and es:edi get compared + : 1BC0 sbb eax, eax + : 83D8FF sbb eax, FFFFFFFF + : 5F pop edi + : 5E pop esi + : C20C00 ret 000C + + Now we know enough of the VB4 dll to crack Minimize Magic: + + Step 1: Start Minimize Magic and chose Register from the menus. +You will be asked for a Name and a Password. Enter a name and a +dummy password. Dont press 'OK' yet, continue with next step. + + Step 2: Enter softice and place a breakpoint on hmemcpy. Leave +softice and press 'OK'. You will land in softice. + + Step 3: Press F11 and F10 untill you are out of the kernel and in +the code of the VB40032.dll. Now we will search for the pattern of the +code above. +Do 's 0 l fffffffff 56,57,8b,7c,24,10,8b,74,24,0c,8b,4c,24,14' +and place a breakpoint at the adress that gets returned. + + Step 4: Press F5 to leave softice, but you will immediately break +again, right at the beginning of the above code. Here the password +you entered will be compared to the correct password. Trace untill +right before the REPZ CMPSW and do 'ed es:edi', this will show the +password you entered. If you do 'ed esi' you will see the correct +password. +(the strings will be in WideChar format - for example you could +see A T G H D E H D. That means your password is ATGHDEHD) + + + Ok, now you found a working password that will work only for the +version on your computer. If you give that password to somebody else, +the program wont accept it. The password is calculated from a Key +that is different on each computer. This key could be randomly +generated at setup or based on the info on your hd. Whichever one it +is, it will be hard to find out how its generated or where it is +stored. + + So how can we make a general crack ? + We could use the 'Magic Window' trick here. We will 'reprogram' +the VB40032.dll to show the correct password. + The original code in the VB40032.dll looks like this : + + +:0F79B348 56 push esi +:0F79B349 57 push edi +:0F79B34A 8B7C2410 mov edi, [esp + 10] ; es:edi -> pw you entered +:0F79B34E 8B74240C mov esi, [esp + 0C] ; esi -> correct pw +:0F79B352 8B4C2414 mov ecx, [esp + 14] +:0F79B356 33C0 xor eax, eax +:0F79B358 F366A7 repz cmpsw ; compare them +:0F79B35B 7405 je 0F79B362 +:0F79B35D 1BC0 sbb eax, eax +:0F79B35F 83D8FF sbb eax, FFFFFFFF +:0F79B362 5F pop edi +:0F79B363 5E pop esi +:0F79B364 C20C00 ret 000C ; end of this function +:0F79B367 57 push edi ; the code below this adress +:0F79B368 8B7C2408 mov edi, [esp + 08] ; is not important, but we +:0F79B36C 8B4C2410 mov ecx, [esp + 10] ; will need its space +:0F79B370 8B44240C mov eax, [esp + 0C] +:0F79B374 0BE4 or esp, esp +:0F79B376 F266AF repnz scasw +:0F79B379 B800000000 mov eax, 00000000 +:0F79B37E 7503 jne 0F79B383 +:0F79B380 8D47FE lea eax, [edi-02] +:0F79B383 5F pop edi +:0F79B384 C20C00 ret 000C + + The code is located at offset 7a748 in the vb40032.dll file. So, to +make a general crack make a patch that turns the above code into: + +:0F79B348 56 push esi +:0F79B349 57 push edi +:0F79B34a 8B7C2410 mov edi, [esp + 10] ;es:edi --> text you enter +:0F79B34E 8B74240C mov esi, [esp + 0C] ;esi --> correct pw +:0F79B352 813F70006300 cmp dword ptr [edi], 00630070 ;edi -> 'PC" ? +:0F79B358 7527 jne 0F79B381 ;if not - leave +:0F79B35A 803E00 cmp byte ptr [esi], 00 |<- these lines +:0F79B35D 7410 je 0F79B36F | put spaces +:0F79B35F 83C601 add esi, 00000001 | between the chars +:0F79B362 C60620 mov byte ptr [esi], 20 | +:0F79B365 EB03 jmp 0F79B36A |<--skip the ret +:0F79B367 C20C00 ret 000C ;<-- this to prevent crash +:0F79B36A 83C601 add esi, 00000001 | +:0F79B36D EBEB jmp 0F79B35A |<- back to the start +:0F79B36F 8B3DDCC47B0F mov edi, [0F7BC4DC] *<-- these lines +:0F79B375 8B74240C mov esi, [esp + 0C] * call the +:0F79B379 6A00 push 00000000 * MessageBoxA +:0F79B37B 56 push esi * function to show +:0F79B37C 56 push esi * the correct +:0F79B37D 6A00 push 00000000 * password +:0F79B37F FFD7 call edi * +:0F79B381 5F pop edi +:0F79B382 5E pop esi +:0F79B383 90 nop +:0F79B384 C20C00 ret 000C + + Comments: + We used the space of two routines, so to prevent a crash we have to +put a RET function at the beginning of the (original) second function +(see line 0F79B367). + This part of the VB4 dll code is not only used to check the passwords. +It is used by other parts of the program as well. Therefor we need to +do something so that only something will be shown when we are dealing +with a password comparison. That is what the code at line 0F79B352 is +about. It checks to see if EDI points to the text "PC". So we can +use that to trigger the crack. To trigger the crack, "PC" has to be +entered for password when registering. + The lines marked with | are there to put spaces between chars of the +string. Originally there would be a string of WideChar format. That +means that in memory there will be zero's between the chars. And the +function we will use to show the text (MessageBoxA) translates a 0 to +end of string. So only 1 letter would be shown if we dont replace the +zeros with spaces. + The lines marked with * are there to call the function MessageBoxA +to show the correct password. I ripped those commands from the VB4 dll. +Placed a breakpoint on MessageBoxA to see how VB4 called it. + + Well thats it for Minimize Magic. To make a general crack, a patch +could be written that patches the VB4 dll at offset 7a748 with the +above code. To use such a crack minimagic.exe and the vb40032.dll +should be placed in a temp dir and the patch run there. Then start +minimize.exe from that temp dir, and use 'PC' for password. And voila, +a window will pop up with the correct password. Once the correct pw +is known, the temp files should be deleted and the password can be +used in the original Minimize Magic. + + + Case 3 : Sub Station Alpha 2.02 + + Most of the VB4 programs can be cracked with the method described +in case 2, but i have encountered 2 programs which used a different +method of comparing. One of those programs is Sub Station Alpha 2.02. +It uses a protection that first converts a number you enter to its +hex value and then compares it with the correct number. Lets start to +crack Sub Station Alpha and things will get clearer. + + Info about this program: + + Name : Sub Station Alpha 2.02 + Where : http://www.eswat.demon.co.uk/index.html + Size : SUBSTN32.EXE = 629.248 bytes + Protection : password based on user name + DLL : uses VB4 dll + + + Earlier i mentioned that VB4 converts strings to the widechar format +before it does aything with them. Therefor we will use this function +as an entry point. Again we will do it step by step ;--) + + Step 1: Start Sub Station Alpha and chose register from the menus. +Enter a name and a dummy registration key. + + Step 2: Enter softice and place a breakpoint on MultiByteToWideChar +(with 'bpx multibytetowidechar) + + Step 3: Now, leave softice and press "Register". + + Step 4: Softice will break at the beginning of MultiByteToWideChar, +press F11 to get out of it. You will see : + +:FF1500C27B0F call [KERNEL32!MultiByteToWideChar] +:8BD8 mov ebx, eax +:83FEFF cmp esi, FFFFFFFF +:7501 jne 0F738BCF +:4B dec ebx +:53 push ebx +:6A00 push 00 +:FF1518C97B0F call dword ptr [0F7BC918] +:8BE8 mov ebp, eax +:85ED test ebp, ebp +:0F845B260100 jz 0F74B23D +:43 inc ebx +:53 push ebx +:55 push ebp +:56 push esi +:57 push edi +:6A00 push 00 +:6A00 push 00 +:FF1500C27B0F call [KERNEL32!MultiByteToWideChar] +:8BC5 mov eax, ebp ;<-- do 'ed ebp' here +:5D pop ebp +:5F pop edi +:5E pop esi + + The important place is right after the second call to MultiByte- +ToWideChar. Disable the first bp on MultiByteToWideChar and place +a new bp right after the second call to that function (on the line +with MOV EAX,EBP). On that line EBP will contain a pointer to a +string in WideChar format that was processed. It doesnt have to be the +string of the registration key. Therefor we will edit that breakpoint +so that it will only break when it is processing the registration key. + How can we do that? Well, the MultiByteToWideChar function returns +the lenght of the string it processed plus 1 in EAX. So we will add a +conditional statement on the breakpoint. Do 'bl' to find out what the +number is of that breakpoint. Then do 'bpe #' and add +'if al==' to the breakpoint. For example, if you +entered '212121', lenghtOfKeyString would be 6 :--). + + + Step 5: Now we will let the program run with F5. When softice breaks +do a 'ed edp' and see the WideChar form of the key you entered. We +place a bpr on the block of memory containing the string and we +continue (F5). What will happen is this. Softice will break on several +places. Whats important is that it will break in the code of OLEAUT32. +When that happens trace a litle further to see whats going on. The +first few times you will get out of the OLEAUT32 very quickly. But +eventually you will see this code : + +( listing from OLEAUT32.DLL) +:6534B6B3 395C240C cmp [esp + 0C], ebx ; this is a loop that +:6534B6B7 7E14 jle 6534B6CD ; goes trough all +:6534B6B9 33C9 xor ecx, ecx ; the chars of a +:6534B6BB 8D0492 lea eax, [edx + 4*edx] ; string, in the end +:6534B6BE 8A0E mov cl , [esi] ; edx will have the +:6534B6C0 46 inc esi ; hex value of the string +:6534B6C1 4F dec edi +:6534B6C2 FF4C240C dec [esp + 0C] +:6534B6C6 8D1441 lea edx, [ecx + 2*eax] +:6534B6C9 85FF test edi, edi +:6534B6CB 7FE6 jg 6534B6B3 +:6534B6CD 85FF test edi, edi +:6534B6CF 7F4A jg 6534B71B + ............. + ............. +:6534B6F2 8910 mov [eax], edx ; edx is saved +:6534B6F4 33C0 xor eax, eax +:6534B6F6 83C424 add esp, 00000024 +:6534B6F9 C21000 ret 0010 + + Step 6: We saw that the key is transformed into its hex value, +and saved to a place in memory. If you monitor this memory location, +you will end up here in the VB4 dll that compares it with another +value: + +:0F7A2CE1 5A pop edx ; load edx +:0F7A2CE2 58 pop eax ; load eax +:0F7A2CE3 2BC2 sub eax, edx ; subtract them +:0F7A2CE5 83F801 cmp eax, 00000001 +:0F7A2CE8 1BC0 sbb eax, eax +:0F7A2CEA 50 push eax +:0F7A2CEB 0FB706 movzx word ptr eax, [esi] +:0F7A2CEE 83C602 add esi, 00000002 +:0F7A2CF1 FF2445F4997B0F jmp dword ptr [2*eax + 0F7B99F4] +:0F7A2CF8 E8BB000000 call 0F7A2DB8 + + We see that EDX and EAX get loaded from the stack, and then +substracted. This is just an indirect way of comparing those two +values. If you check out the contents of EAX and EDX, you will see +that one has the number you entered and the other one will have the +correct registration number. + + Step 7: Now we found this location its wise to note the hex values +of the code, so you can find it back quickly when you suspect that +another VB4 program uses this protection. + + + + Final notes + + + Well, with the above 3 techniques i have been able to crack quite +some VB3/4 programs that used a text based protection. Sometimes +when you set a breakpoint at the comparing routine, softice will not +break. Try then to enter strings with a different length. Because +the program could be checking the length of the string you enter before +it compares the string itself. And other programs first isolate chars +from the string you enter and then compare those isolated chars, but +again they get compared at the locations stated in the examples above. + With VB5 programs i havent much experience, i only cracked one of +them. It was called Hitlist Pro v3.0. By patching the VB5 dll, I could +remove its 30 day timelimit just like it was a regular program. Of +course, the VB5 dll had to be placed in the Hitlist Pro main dir, +this to prevent other VB5 programs using the patched DLL. + + Thats it folks, you may contact me (if you know how ;--) on irc +with feedback and questions. + + + Big greets to : tHATDUDE, madmax!, cH, Teraphy, KillerBee,j0b, + StarDogg Champion,aCP,rANDOM and all the + others i forgot. + + Special greets and thanks to +ORC, fravia and gthorne and rest of +HCU + + + razzia [pc97] + date: 05-08-97 + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/textfiles.com/piracy/CRACKING/wincrack.txt b/textfiles.com/piracy/CRACKING/wincrack.txt new file mode 100644 index 00000000..105bcbe9 --- /dev/null +++ b/textfiles.com/piracy/CRACKING/wincrack.txt @@ -0,0 +1,315 @@ + 888 ,e, + e88'888 888,8, ,"Y88b e88'888 888 ee " 888 8e e88 888 + d888 '8 888 " "8" 888 d888 '8 888 P 888 888 88b d888 888 + Y888 , 888 ,ee 888 Y888 , 888 b 888 888 888 Y888 888 + "88,e8' 888 "88 888 "88,e8' 888 8b 888 888 888 "88 888 + , 88P + Qapla's cracking tutorial, version 0.1 rel 970209 "8",P" + + +1. Introduction +~~~~~~~~~~~~~~~ + +Welcome to my first attempt to write a Windows 95 cracking tutorial. + +This file is not meant as an introduction to either SoftIce, assembler +or cracking in general. I will assume that you have installed SoftIce +2.0 or 3.0 and that you are familiar with it. Some assembler and Win32 +API knowledge is also useful. If you are new to cracking, before +continuing please read some of the files on cracking already available +on the net, for example ED!SON's excellent tutorial. In his tutorial you +will find an introduction to SoftIce, how to load exports and much more. + + +2. The program +~~~~~~~~~~~~~~ + +In this tutorial, I will use a great little program that you probably +will find on the net by doing a simple search for it. The program is +called StartClean, and the version I use is 1.2. The program scans the +Windows 95 Start Menu and removes all shortcuts that don't point to +anything. This is actually a very handy utility for those with a lot +of software passing through their harddisks (like me), so this is one +of the few little utilities I actually use. Another great thing about +this program is that it is only 31kb, so it doesnt hog massive amounts +of my harddrive. You *might* find this program attached to this tutorial. + +When you start the program it will fire up with a little nag-screen asking +you to register it if you use it for more than 30 days. Even if we will +defeat this protection several times in this file, I'm asking you that +if you start using the program, please register it. The author deserves +the money he is asking for it. + + +3. The extremly simplistic approach +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In this section I will use a method that works with this program, +but it wont work with most other programs. I included it here to +show you that there is no need to make anything more difficult then +nessesary. (this is a good philosophy of life by the way :) + +Fire up the program, and press 'Register...' + +The program will show you a small dialog-box, asking you to enter your +name and secret code. Now enter your name and any code. I entered +"Qapla'97" and "115522". Press OK and it will tell you that the code was +incorrect. + +Now comes the interesting part. + +In the explorer press the right mouse button on the file, and select +Quick-View. A window will pop up with a lot of information about the +file. The section we are interested in is the 'Import Table'. Scroll +down until you reach this section. + +You will hopefully see something like this: + +Import Table +------------ + + COMCTL32.dll + Ordinal Function Name + ------- ------------- + + KERNEL32.dll + Ordinal Function Name + ------- ------------- + + 026c lstrcmpiA + 00d7 GetFileAttributesA + 026f lstrcpyA + 0045 DeleteFileA + 0269 lstrcmpA + 01c1 RemoveDirectoryA + . . + . . + . . + +This section displays the API's the file uses. By setting a breakpoint +on any of these you will be able to intercept the program when it uses +them. + +Here comes the good part. The program somewhere in the code probably +compares the code you entered with a pregenerated code, previously +calculated from the name you entered. + +What does the 'lstrcmpA' function do? Lets look in the API-reference +(the file I use is called Win32.hlp from the Win95-SDK, distributed +with most real development environments, for example Borlands excellent +Delphi 2.0) + +--- From Win32.hlp --- + +The lstrcmp function compares two character strings. The comparison is +case sensitive. + + int lstrcmp( + LPCTSTR lpString1, // address of first string + LPCTSTR lpString2 // address of second string + ); + + Parameters + + lpString1 + Points to the first null-terminated string to be compared. + + lpString2 + Points to the second null-terminated string to be compared. + + Return Value + + If the function succeeds and the string pointed to by lpString1 + is less than the string pointed to by lpString2, the return value + is negative; if the string pointed to by lpString1 is greater than + the string pointed to by lpString2, it is positive. If the strings + are equal, the return value is zero. + +---- End --- + + +So, lets try setting a breakpoint on 'lstrcmpA' + +Press ^D, and when the SoftIce screen appears type 'BPX lstrcmpA', +now press ^D again and press OK once more. + +blam, we were kicked back to SoftIce. + +** Break due to KERNEL32!lstrcmp + +Now press F12 to return to the calling function, and you should see +something like this: + . + . + . +0157:004011DD 50 PUSH EAX <- push your code on the stack +0157:004011DE 6830604000 PUSH 406030 <- push the right code on the stack +0157:004011E3 FF1520924000 CALL [KERNEL32!lstrcmp] <- compare them +0157:004011E9 85C0 TEST EAX, EAX +0157:004011EB 0F8580000000 JNZ 00401271 <- check if they were the same + . + . + +At this point we have two options: + +a) Patch the JNZ to NOP's - This will make the program register with + any code. This *may* introduce other + problems, most noteably it might have a + similar unpatched check in another part + of the program that you won't notice. + +b) Find out the code it - This is a much better way of working as + compared your code with you dont need to change the code and the + serial you find will probably work with + the next version of the software as well, + the crack will probably stop working when + you upgrade. + +Alternative (a) is left as an exercise to the reader :) + +Now type 'd 406030' <- this was the address it pushed on the stack, remember? + +The data-window will now display the correct code, in my case 1398-13026- +1211-249 + +As i said in the beginning of this section, setting a breakpoint on +string-compare API's will seldom work, as most programs use their own +routine for doing this. The next section will present another, very +similar approach to the same problem, but it will not rely on the +same API. + + +4. The hmemcpy-bpm approach +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +If you registered the program in the following section and wish to +'unregister' it, so you can try this approach as well, you can start +regedit, and delete the following key: + +HKEY_CURRENT_USER\SOFTWARE\Start Clean\Configuration + +Do a 'BC *' to clear all your existing breakpoints, and enter your name +in the registration-box once again. (be sure to use an incorrect code, +as we dont want to register it right now). Don't press OK yet. + +Now enter 'BPX hmemcpy', and press OK in the dialog. We will be back in +SoftIce. Note that we are no longer in the flat addressing mode. This is +protected mode 16bit code, ie in another context. We need to get back into +the flat code before we can search all memory, but before we do that we +will press ^D once again. The program just scanned our name this time, +and we are just interested in is setting a breakpoint to trap access to +the code we entered. + +We will shortly be back into softice again. Now press F12 a few times +until we reach the 32bit code. You will notice this by looking at the +addresses in the code window... + +0137:9EA6 <- this is a segmented 16-bit address. +0157:004011B5 <- this is a 32-bit flat address. + +When you reach this code we can scan for the text we entered in the +code-window. (you entered something unique didn't you, as we will be +searching all physical memory, and a code like 0000 will probably +be found in a lot of unrelated locations) + +Enter "s 0 l ffffffff 'your_code_here'" and press enter. + +Now two things can happen. either it finds your code in a low address, +(and this is what we are looking for), or it will find it somewhere +around 0x80000000 (this is Windows internal memory-space, and not what +we are looking for (Windows reserves the upper 2gig for internal use, +and non ring 0 code will only have access to memory in the lower part +of the address space)) + +When you found what looks like the right place in memory, (I found +it at 015f:0063f580), we will set a breakpoint for memory access there. + +Use 'BPM 0063f580' (or whatever address you found). + +Don't forget to 'BD hmemcpy' as well, as we will not be needing that +breakpoint any more. + +Press ^D and you it will stop right in the function that compares the +two strings. + +This method is usually much better than the previous, as it doesn't assume +that the program uses any specific API's. It is usually safe to set a +breakpoint on hmemcpy as almost all Win32-programs rely on this function +to retrieve information from dialogs. + + +5. Other ways +~~~~~~~~~~~~~ + +So, we have now defeated this program in two similar ways, and at this +point I am starting to realize my bad choice of program as this little +program doesn't contain any strange or non-standard things. It is rather +unusually simplistic. If you feel like making a keymaker, which is the +thing any *real* cracker would do, you can find the entrypoint to the +code-generating routine just above the call to lstrcmp. + + +A. Setting breakpoints +~~~~~~~~~~~~~~~~~~~~~~ + +In ED!SON's tutorial, the author talks about the problems of setting +breakpoints, especially when Norton Commander is active. When you +try to do a BPX GETDLGITEMTEXTA, you might get the 'No LDT' error. +DOS windows, and especially Norton Commander hogs much of the CPU +and if you are running them, there is a good chance you will end up +in a VDM instead of the PROT32-mode you want to be in. SoftIce 3.0 +seems to handle this much smarter, so if you are having problems +try installing the latest version of the debugger. This is an issue +of address-contexts and an extensive discussion on the topic can be +found in the documentation for SoftIce 3.0. If you are trying to set +a breakpoint in the code you are debugging and it doesnt work, try to +break on a general API, and press F12 until you reach the context you +are looking for, and then set the breakpoint. + + +B. Recommended reading +~~~~~~~~~~~~~~~~~~~~~~ + +The reason I wrote this tutorial is that during the last years, I have +read quite a few text on cracking by different authors. I always wanted +to make something similar to make a small contribution to this, and +hopefully make someone reach a higher level of knowledge in cracking. + +I would like to recommend some of the great text on cracking already +available on the net: + +* ED!SON's Cracking Tutorial - This is a great file that contains + an introduction to debugging, SoftIce + and cracking. If you havn't read it + yet, do so now. This file is *very* + recommended for everyone. + +* +ORC's Cracking Tutorials - These files are split up in lessons, + each one talking about a different + approach or side of cracking. Most + of the lessons are very much worth + reading, even if I dont agree with + him in the frequent discussions about + languages like Delphi or the world in + general :) They might be a bit hard + to find as he seems to be a bit + reluctant about placing all of them + on the net. + +C. Thanks +~~~~~~~~~ + +The author would like to thank the following persons for helping him +with debugging the text, and verifying the wannabee-cracker-author's +theory's... + +[prizna], odin- and kOUGER - thanks! + + +D. Contacting me +~~~~~~~~~~~~~~~~ +You dont, but you *might* be able to find me on US-EFnet IRC. +Check for the nick qapla, it might be me. + + +thank you for reading this far, I hope you enjoyed it. (c)1997, Qapla' diff --git a/textfiles.com/piracy/DREAMTEAM.1 b/textfiles.com/piracy/DREAMTEAM.1 new file mode 100644 index 00000000..db82ff5b --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM.1 @@ -0,0 +1,66 @@ + +T E X T F I L E S + +

Piracy Textfiles: The Dream Team

+

+

+ + + + + +
+
Filename
Size
Description of the Textfile
armor.nfo 8109
 THE DREAM TEAM: Armour-Geddon from Psygnosis (December 4th, 1992) +
bloodnet.nfo 6726
 THE DREAM TEAM: Blood-Net from Microprose (November 4th, 1993) +
bwing.nfo 5532
 THE DREAM TEAM: B-Wing Expansion Disk by LucasArts (October 28, 1993) +
candd.nfo 7007
 THE DREAM TEAM: Car and Driver from Electronic Arts (December 17th, 1992) +
crack.nfo 3777
 THE DREAM TEAM: Wild Wheels from Ocean +
dinotrn.nfo 5288
 THE DREAM TEAM: Dino Park Tycoon Trainer (August 14th, 1993) +
dr3.nfo 8578
 THE DREAM TEAM: Dragon's Lair III: the Curse of Mordread from Readysoft (December 5th, 1992) +
dream.nfo 5237
 THE DREAM TEAM: ELF From Ocean (June 10th, 1992) +
dream12.nfo 6960
 THE DREAM TEAM: ROME From Millenium (November 22nd 1992) +
dream2.nfo 5474
 THE DREAM TEAM: The Lost Vikings from Interplay (June 22nd, 1993) +
dream7.nfo 4979
 THE DREAM TEAM: Yo! Joe! From Hudson Software (September 11th, 1993) +
dream9.nfo 7134
 THE DREAM TEAM: Heartlight PC from X-Land (November 27th, 1992) +
euros.nfo 7431
 THE DREAM TEAM: Eurosoccer from Flair Software (December 15th, 1992) +
fireice.nfo 7412
 THE DREAM TEAM: Fire and Ice by Craftsgold (November 22, 1993) +
goblins3.nfo 5233
 THE DREAM TEAM: Goblins 3 English by Coktel Vision (November 16, 1993) +
golf.nfo 4689
 THE DREAM TEAM: International Golf from Ocean (June 10th, 1993) +
harrier.nfo 6903
 THE DREAM TEAM: Harrier Jump Set from Microprose (December 17th, 1992) +
kohan.nfo 6954
 THE DREAM TEAM: Koshan Conspiracy from UbiSoft (January 9th, 1993) +
laura.nfo 5825
 THE DREAM TEAM: Laura Bow II: The Dagger of Amon Ra by Sierra (June 24th, 1992) +
lost.nfo 6826
 THE DREAM TEAM: Lost in Time Part I from Coktel Vision (March 10th, 1993) +
msfs5.nfo 5198
 THE DREAM TEAM: Microsoft Flight Simulator 5.0 Release (August 26th, 1993) +
pinball.nfo 7280
 THE DREAM TEAM: Tristan Pinball from Littlewing (August 31st, 1992) +
premiere.nfo 6262
 THE DREAM TEAM: Premiere Manager from Gremlin Graphics (May 27th, 1993) +
riders.nfo 7619
 THE DREAM TEAM: Time Riders from TLC (August 24th, 1992) +
samurai.nfo 7710
 THE DREAM TEAM: The First Samurai from Vidisoft (October 11th, 1992) +
sextris.nfo 7165
 THE DREAM TEAM: Sex Tetris from Buena Software (September 5th, 1992) +
simphson.nfo 3786
 THE DREAM TEAM: The Simpsons from Konami +
spectre.nfo 6993
 THE DREAM TEAM: Spectre from Velocity (December 10th, 1992) +
sq5.nfo 7701
 THE DREAM TEAM: Space Quest V from Sierra Release (February 18th, 1993) +
tdt0192.nfo 4984
 THE DREAM TEAM: Paperboy II from Mindscape +
tdt0195.nfo 7227
 THE DREAM TEAM: Risky Woods from Electronic Arts (October 7th, 1992) +
tdt0292.nfo 4970
 THE DREAM TEAM: Super Space Invaders from Domark +
tdt0491.nfo 3907
 THE DREAM TEAM: Battle Command +
tdt0592.nfo 5783
 THE DREAM TEAM: Castle Wolfenstein 3-D Release Version (May 5th, 1992) +
tdt0593.nfo 4807
 THE DREAM TEAM: Railroad Tycoon Deluxe (June 13th, 1993) +
tdt0792.nfo 6517
 THE DREAM TEAM: Double Dragon III and Trainer (July 25th, 1992) +
tdt0793.nfo 4579
 THE DREAM TEAM: When 2 Worlds War by Impressions (July 16th, 1993) +
tdt0895.nfo 3023
 THE DREAM TEAM: The Patrician by Readysoft (August 3rd, 1995) +
tdt089~1.nfo 6774
 THE DREAM TEAM: Dinosauri Balls from AMWA Computer Company (August 9th, 1992) +
tdt0993.nfo 4947
 THE DREAM TEAM: The Great War from SSI (September 13th, 1993) +
tdt1092.nfo 7356
 THE DREAM TEAM: Captive from Mindscape Software (October 14th, 1992) +
tdt1192.nfo 6940
 THE DREAM TEAM: Curse of Enchantia from Core Design Limited (November 19th, 1992) +
tdt1291.nfo 4910
 THE DREAM TEAM: World Wrestling Federation from Ocean +
tdt1292.nfo 7300
 THE DREAM TEAM: The Incredible Machine from Sierra (December 2nd, 1992) +
tdt1293.nfo 5184
 THE DREAM TEAM: Star Trek Judgement Rites from Interplay (December 17th, 1993) +
tdtrain.nfo 4535
 THE DREAM TEAM: Flashback Mega Trainer (Hey, he needs an info form!) +
term2029.nfo 6427
 THE DREAM TEAM: Terminator 2029 Weapons Cheat (October 29th, 1992) +
tony3.nfo 6940
 THE DREAM TEAM: Tony La Russa Baseball II from SSI (March 12th, 1993) +
triviap.nfo 6795
 THE DREAM TEAM: Deluxe Trivial pursuit from Domark (November 19th, 1992) +
trodd.nfo 6033
 THE DREAM TEAM: Troddlers from Sales Curve (October 19, 1993) +
zack.nfo 7120
 THE DREAM TEAM: Contraption Zack from Mindcraft (November 28th, 1992) +

There are 51 files for a total of 312,846 bytes.

+ + diff --git a/textfiles.com/piracy/DREAMTEAM/.windex.html b/textfiles.com/piracy/DREAMTEAM/.windex.html new file mode 100644 index 00000000..b9bd7f0d --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/.windex.html @@ -0,0 +1,66 @@ + +T E X T F I L E S + +

Piracy Textfiles: The Dream Team

+

+

+ + + + + +
+
Filename
Size
Description of the Textfile
armor.nfo 8109
 THE DREAM TEAM: Armour-Geddon from Psygnosis (December 4th, 1992) +
bloodnet.nfo 6726
 THE DREAM TEAM: Blood-Net from Microprose (November 4th, 1993) +
bwing.nfo 5532
 THE DREAM TEAM: B-Wing Expansion Disk by LucasArts (October 28, 1993) +
candd.nfo 7007
 THE DREAM TEAM: Car and Driver from Electronic Arts (December 17th, 1992) +
crack.nfo 3777
 THE DREAM TEAM: Wild Wheels from Ocean +
dinotrn.nfo 5288
 THE DREAM TEAM: Dino Park Tycoon Trainer (August 14th, 1993) +
dr3.nfo 8578
 THE DREAM TEAM: Dragon's Lair III: the Curse of Mordread from Readysoft (December 5th, 1992) +
dream.nfo 5237
 THE DREAM TEAM: ELF From Ocean (June 10th, 1992) +
dream12.nfo 6960
 THE DREAM TEAM: ROME From Millenium (November 22nd 1992) +
dream2.nfo 5474
 THE DREAM TEAM: The Lost Vikings from Interplay (June 22nd, 1993) +
dream7.nfo 4979
 THE DREAM TEAM: Yo! Joe! From Hudson Software (September 11th, 1993) +
dream9.nfo 7134
 THE DREAM TEAM: Heartlight PC from X-Land (November 27th, 1992) +
euros.nfo 7431
 THE DREAM TEAM: Eurosoccer from Flair Software (December 15th, 1992) +
fireice.nfo 7412
 THE DREAM TEAM: Fire and Ice by Craftsgold (November 22, 1993) +
goblins3.nfo 5233
 THE DREAM TEAM: Goblins 3 English by Coktel Vision (November 16, 1993) +
golf.nfo 4689
 THE DREAM TEAM: International Golf from Ocean (June 10th, 1993) +
harrier.nfo 6903
 THE DREAM TEAM: Harrier Jump Set from Microprose (December 17th, 1992) +
kohan.nfo 6954
 THE DREAM TEAM: Koshan Conspiracy from UbiSoft (January 9th, 1993) +
laura.nfo 5825
 THE DREAM TEAM: Laura Bow II: The Dagger of Amon Ra by Sierra (June 24th, 1992) +
lost.nfo 6826
 THE DREAM TEAM: Lost in Time Part I from Coktel Vision (March 10th, 1993) +
msfs5.nfo 5198
 THE DREAM TEAM: Microsoft Flight Simulator 5.0 Release (August 26th, 1993) +
pinball.nfo 7280
 THE DREAM TEAM: Tristan Pinball from Littlewing (August 31st, 1992) +
premiere.nfo 6262
 THE DREAM TEAM: Premiere Manager from Gremlin Graphics (May 27th, 1993) +
riders.nfo 7619
 THE DREAM TEAM: Time Riders from TLC (August 24th, 1992) +
samurai.nfo 7710
 THE DREAM TEAM: The First Samurai from Vidisoft (October 11th, 1992) +
sextris.nfo 7165
 THE DREAM TEAM: Sex Tetris from Buena Software (September 5th, 1992) +
simphson.nfo 3786
 THE DREAM TEAM: The Simpsons from Konami +
spectre.nfo 6993
 THE DREAM TEAM: Spectre from Velocity (December 10th, 1992) +
sq5.nfo 7701
 THE DREAM TEAM: Space Quest V from Sierra Release (February 18th, 1993) +
tdt0192.nfo 4984
 THE DREAM TEAM: Paperboy II from Mindscape +
tdt0195.nfo 7227
 THE DREAM TEAM: Risky Woods from Electronic Arts (October 7th, 1992) +
tdt0292.nfo 4970
 THE DREAM TEAM: Super Space Invaders from Domark +
tdt0491.nfo 3907
 THE DREAM TEAM: Battle Command +
tdt0592.nfo 5783
 THE DREAM TEAM: Castle Wolfenstein 3-D Release Version (May 5th, 1992) +
tdt0593.nfo 4807
 THE DREAM TEAM: Railroad Tycoon Deluxe (June 13th, 1993) +
tdt0792.nfo 6517
 THE DREAM TEAM: Double Dragon III and Trainer (July 25th, 1992) +
tdt0793.nfo 4579
 THE DREAM TEAM: When 2 Worlds War by Impressions (July 16th, 1993) +
tdt0895.nfo 3023
 THE DREAM TEAM: The Patrician by Readysoft (August 3rd, 1995) +
tdt089~1.nfo 6774
 THE DREAM TEAM: Dinosauri Balls from AMWA Computer Company (August 9th, 1992) +
tdt0993.nfo 4947
 THE DREAM TEAM: The Great War from SSI (September 13th, 1993) +
tdt1092.nfo 7356
 THE DREAM TEAM: Captive from Mindscape Software (October 14th, 1992) +
tdt1192.nfo 6940
 THE DREAM TEAM: Curse of Enchantia from Core Design Limited (November 19th, 1992) +
tdt1291.nfo 4910
 THE DREAM TEAM: World Wrestling Federation from Ocean +
tdt1292.nfo 7300
 THE DREAM TEAM: The Incredible Machine from Sierra (December 2nd, 1992) +
tdt1293.nfo 5184
 THE DREAM TEAM: Star Trek Judgement Rites from Interplay (December 17th, 1993) +
tdtrain.nfo 4535
 THE DREAM TEAM: Flashback Mega Trainer (Hey, he needs an info form!) +
term2029.nfo 6427
 THE DREAM TEAM: Terminator 2029 Weapons Cheat (October 29th, 1992) +
tony3.nfo 6940
 THE DREAM TEAM: Tony La Russa Baseball II from SSI (March 12th, 1993) +
triviap.nfo 6795
 THE DREAM TEAM: Deluxe Trivial pursuit from Domark (November 19th, 1992) +
trodd.nfo 6033
 THE DREAM TEAM: Troddlers from Sales Curve (October 19, 1993) +
zack.nfo 7120
 THE DREAM TEAM: Contraption Zack from Mindcraft (November 28th, 1992) +

There are 51 files for a total of 312,846 bytes.

+ + diff --git a/textfiles.com/piracy/DREAMTEAM/armor.nfo b/textfiles.com/piracy/DREAMTEAM/armor.nfo new file mode 100644 index 00000000..60c97c86 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/armor.nfo @@ -0,0 +1,121 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents + + ARMOUR-GEDDON FROM PSYGNOSIS + + Ŀ + RELEASE INFORMATION + Ĵ + Supplied by : /-\ction /\/\an & MUNCHIE - UK BEST + Cracked by : [HARD CORE] - [THE DREAM TEAM 1992] + PROTECTION : PASSWORD LEVEL [1/10] + Date : 4th December 1992 + Graphics : VGA 256 COLORS + Sound : ALL + Game Size : 3 720kb disks, Installation needed + + + Yeah, finally the AWESOME game from PSYGNOSIS is here! Armour-Geddon is an + awesome war strategic action battle simulator with increadible cool graphics + and great sound. + + Mouse and at least 630kb of free memory needed with 256 color setup. You + probably have to use QEMM or DOS=HIGH in your config.sys + + After installation make sure to copy the file ARMOUR.COM to your game + directory... + + Yet another time TDT brings you a QUALITY game...It seems like we are the + only group on the scene right now that stay away from the kiddie games... + THG do it, INC always did it, RAZOR start to do it, and today PYRADICAL did + it. You must admitt that a group reputation wont improve by releasing shit + software... + + If you had problems playing our GOBLINS II ENGLISH earlier today make sure + to grab the file GOB2CRK.ZIP on every TDT bbs! + + Be sure to grab the other (YES there is more to come) game coming tonight + from TDT... + + Greetings goes to : FALLEN ANGEL (Will we get another another one today?) + BIG BALLS (John's car is faster that yours!!!) + MUNCHIE & ACTION MAN (Great job guys) + AXXIX (Welcome in the group + + Have fun and see you later in our next QUALITY crack! + + The Dream Team 1992 - Growing , Improving and KILLING the competition + + Ŀ + If you want the newest and hottest soft very fast please write to. No swap. + Now even more improved/faster/better. If you did write before, try again! + + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + If you live in france write to + B.P.13 + 95370 MONTIGNY, FRANCE + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ ITS-PRI-VATE ....... 7 Nodes ..... USA ...... + Twins ..................... 514-723-4351 ....... 3 Nodes ..... Canada ... + New Central Europe ........ ITS-PRI-VATE .......12 Nodes ..... Germany .. + C.N.S. .................... 414-832-1449 ....... 2 Nodes ..... USA ...... + Crewel Lye ................ 713-432-0779 ..................... USA ...... + Terrordome ................ 416-619-1717 ....... 3 Nodes ..... Canada ... + Lite House Express ........ 407-624-4329 ....... 4 Nodes ..... USA ...... + Ĵ + THE DREAM TEAM HEADQUARTERS + Ĵ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ..... Italy .... + Pandora's Box ............. 313-652-6137 ....... 5 Nodes ..... USA ...... + Realm Of Immortality ...... ITS-PRI-VATE ....... 3 Nodes ..... USA ...... + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ..... Sweden ... + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-252-7400 ....... 2 Nodes ..... Canada ... + The Vertigo File .......... 815-667-4892 ..................... USA ...... + Asynchrone Entry .......... 418-661-8321 ....... 2 Nodes ..... Canada ... + The Deep .................. 305-888-7724 ..................... USA ...... + Vicious Paradise .......... 804-486-1810 ..................... USA ...... + PJ Tower .................. 714-356-9506 ..................... USA ...... + Ultanet Carnage ........... 314-XXX-XXXX ..................... USA ...... + The Inferno BBS ........... 519-884-4960 ..................... Canada ... + Ĵ + WORLD FAMOUS DISTRIBUTION SITES + Ĵ + Pure Addiction ........ +(61)-3-571-0700 ....... 4 Nodes ..... Australia. + Free Q8 ................ +(965)-532-4360 ..................... Kuwait ... + Exodus BBS ............. +(352)-42-44-92 ..................... Luxembourg + Checkpoint Charlie ...... +(47)-42-67992 ..................... Norway ... + Parasite's Land ...... +(39)-935-958-196 ..................... Italy .... + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + Hard Core , Devious Doze , The Grim Reaper + Major Theft , Wolverine , Roger Wilco + Fallen Angel , Offset , Ironside , ActionMan , Dr. Q2 + Redskin , Freebird , Desert Rat , Spread , Black Rider , Nowayout + The Ghost Wind , Stroke , Snidely Whiplash , Sparkling Flash + Maximilian , Yip Yip , Dirty Bush , RON , Electron.. , Sought After + Buckaroo Banzai , Dr Crippen , Pepsi Man , Black Terror , Phil Thrust + Stingray , The Corporal , Great White/The Speed Racer , Dave & Chris + Soul Taker , S.S , AXXIX + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + UNDER RE-CONTRUCTION + + diff --git a/textfiles.com/piracy/DREAMTEAM/bloodnet.nfo b/textfiles.com/piracy/DREAMTEAM/bloodnet.nfo new file mode 100644 index 00000000..b5d90859 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/bloodnet.nfo @@ -0,0 +1,108 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + Ŀ + +:+ Bloodnet (c) Microprose +:+ + Ĵ + Cracker......: N/A Supplier...: MR.TDT + Game Overall.: 100% Date.......: 1993-11-04 + Graphics.....: VGA/MCGA 256 colors Sound......: Adlib/SB + + + A TDT QUALITY RELEASE + + Game notes: This is DEFINITLY the best game i played this YEAR. No biggie + about the graphics or the sound, but the gameplay is DEFINITLY + one kick ass story... + + You are a hacker/cyberpunk, which job is to infiltrate a big net- + work system. Going into Cybernet takes you into the CYBERWORLD + where you can hack systems, get trapped by data-spiders, + implement viruses, meet other hackers etc etc... + + Going around in the futuristic New York, where you can buy + Cyber-equipment, more weapons and trying to figure out why you + are on THE COMPANYS HITLIST, you better watch out for staying + out of trouble. + + Using the mouse you can scroll the New York map up and down, then + click on the target where you want to go. + + If you want to go somewhere in the network, you are asked for a + sequrity code, this is actually a part of the game. While you go + and play it, diffrent people trade or simple gives you diffrent + access codes. + + Also, don't forget to arm your party in time as when you are + standing face to face with a well pissed cyberpunk ready to + launch it lasergun at you, you wont get any chance to equip + yourself with weapons... + + This is looking like a long boring text, but as i played this + game for second day in a row, i wanted to give you guys a few + tips in the start, as the game may look confusing at beggining! + + Have fun a be sure to grab the other TDT releases coming soon... + + Group greetings : Pentagram - The only group together with The Dream Team + showing activities!!! + + Personal greetings: Fallen Angel, Waywayrd, Lefty, Torgall, Warchild & Hoson + + Welcome to : Beawulf our NEWEST US cracker and MARK TWAIN sysop! + + Goodbye's to : DEAD GOON - Fun while it lasted... + + The Dream Team cracking machine... + Ŀ + If you want to GET the latest IBM software then write to + TDT DISKS-BY-MAIL + PO BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + +:+ THE DREAM TEAM FULL BOARD LIST +:+ + ------------------------------ + Ĵ + UNLAWFUL ENTRY...............ITS-PRI-VATE.......8 NODES.......MEMBER/WHQ. + ALPHA 2010...................ITS-PRI-VATE.......6 NODES.......MEMBER..... + BEYOND AKIRA.................416-461-9101.......3 NODES.......MEMBER..... + Ĵ + DA HAUZE.....................ITS-PRI-VATE.......6 NODES.......BENELUX HQ. + ON THE EDGE..................ITS-PRI-VATE.......1 NODE........US HQ...... + SECOND FRONT.................+46-87987584.......2 NODES.......SWEDEN HQ.. + Ĵ + THE DEEP.....................305-888-7724.......2 NODES.......DISTRO..... + THE BACK ROOM................615-245-6617.......2 NODES.......DISTRO..... + REBEL ALLIANCE...............908-738-9281.......2 NODES.......DISTRO..... + REAGGE MUFFIN................+47-798-4551.......1 NODE........DISTRO..... + THE SKYTOPOLIS...............+41-44-31651.......1 NODE........DISTRO..... + GRAVEBEARD'S CASTLE..........601-939-7339.......4 NODES.......DISTRO..... + + + Ŀ + +:+ THE DREAM TEAM FULL MEMBER LIST +:+ + ------------------------------- + + HARD CORE & HOSON + + CYBER, BEN JAMMIN, BEOWULF, DEVIOUS DOZE, DR. MAGIC, EDWARD CHANG + EXCESSIVE KNIGHT, HOT TUNA, LiON, MAC BETH, MAJOR THEFT, MAVERICK + PABLO, REDSKIN, PHARAOH, ROGER WILCO, THE MAGIC ARTIST, THE GHOST WIND + + Ĵ + +:+ THE DREAM TEAM SPREADING TEAM +:+ + ----------------------------- + FIREHEAD + + RADICAL, SHADOW, SUN BLAZER, THE MASTER, THE ACE OF SPADES + ALWAYS DANGEROUS, SKYBUM + + + + TDT GIVES YOU THE BEST TITLES! diff --git a/textfiles.com/piracy/DREAMTEAM/bwing.nfo b/textfiles.com/piracy/DREAMTEAM/bwing.nfo new file mode 100644 index 00000000..3c558a7d --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/bwing.nfo @@ -0,0 +1,85 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + Ŀ + +:+ B-Wing Expansion Disk (c) Lucas Arts +:+ + Ĵ + Cracker......: N/A Supplier...: MR.TDT + Game Overall.: 85% Date.......: 1993-10-28 + Graphics.....: VGA/MCGA 256 colors Sound......: ALL + + + A TDT QUALITY RELEASE + + Crack notes: Here's another expansion for X-Wing, subst and install! + Never was a fav-o-X meself, but maybe some crazy dude + will like this one! + Have fun, I'm off to play Shadow Caster! + + Have fun a be sure to grab some more TDT releases coming your + way! + + Group greetings : PTG - That Shadow Caster was AWESOME! + FLT - Yeah, I figured you got rid of some people! + RAZOR 1911 - Hey, Kjetil! Call me I lost yer numba on + me answering machine! + + - Hoson + + Personal greetings: HARD CORE / WINSTON / DEAD GOON / SANDY / TMA / MAC BETH + + TDT - Satan is my nephew... + Ŀ + If you want to GET the latest IBM software then write to + TDT DISKS-BY-MAIL + PO BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + +:+ THE DREAM TEAM FULL BOARD LIST +:+ + ------------------------------ + Ĵ + UNLAWFUL ENTRY...............ITS-PRI-VATE.......8 NODES.......MEMBER/WHQ. + ALPHA 2010...................ITS-PRI-VATE.......6 NODES.......MEMBER..... + BEYOND AKIRA.................416-461-9101.......3 NODES.......MEMBER..... + EXALTED DEATH................ITS-PRI-VATE.......2 NODES.......MEMBER..... + Ĵ + DA HAUZE.....................ITS-PRI-VATE.......6 NODES.......BENELUX HQ. + ON THE EDGE..................ITS-PRI-VATE.......1 NODE........US HQ...... + MAPHIA.......................ITS-PRI-VATE.......4 NODES.......MEGA HQ.... + Ĵ + WIZARD'S TOWER...............419-874-5143.......3 NODES.......DISTRO..... + THE DEEP.....................305-888-7724.......2 NODES.......DISTRO..... + SECOND FRONT.................+46-87987584.......2 NODES.......DISTRO..... + THE BACK ROOM................615-245-6617.......2 NODES.......DISTRO..... + REBEL ALLIANCE...............908-738-9281.......2 NODES.......DISTRO..... + REAGGE MUFFIN................+47-798-4551.......1 NODE........DISTRO..... + THE SKYTOPOLIS...............+41-44-31651.......1 NODE........DISTRO..... + + + Ŀ + +:+ THE DREAM TEAM FULL MEMBER LIST +:+ + ------------------------------- + + HARD CORE & HOSON + + CYBER, BEN JAMMIN, DEAD GOON, DEVIOUS DOZE, DR. MAGIC, EDWARD CHANG + EXCESSIVE KNIGHT, HOT TUNA, LiON, MAC BETH, MAJOR THEFT, MAVERICK + PABLO, REDSKIN, PHARAOH, ROGER WILCO, THE MAGIC ARTIST + THE GHOST WIND & PIOTR ILNICKI + + Ĵ + +:+ THE DREAM TEAM SPREADING TEAM +:+ + ----------------------------- + + FIREHEAD, RADICAL, SHADOW, SUN BLAZER, THE MASTER, THE ACE OF SPADES + ALWAYS DANGEROUS, SKYBUM + + + + VI E SKEPTISKA! \ No newline at end of file diff --git a/textfiles.com/piracy/DREAMTEAM/candd.nfo b/textfiles.com/piracy/DREAMTEAM/candd.nfo new file mode 100644 index 00000000..8a715895 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/candd.nfo @@ -0,0 +1,106 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + CAR AND DRIVER FROM ELECTRONIC ARTS + + Ŀ + RELEASE INFORMATION + Ĵ + Supplied by : ROGER WILCO ............................................... + Date : 17th December 1992 ........................................ + Graphics : 256 VGA ................................................... + Sound : ALL ....................................................... + Game Size : 5 1.44Mb disks, Use Subst or Install From Floppies ........ + + + Another great game from THE DREAM TEAM! + + God, this is getting tedious... + We've been doing about 1 game a day+ for over 3 weeks now... + Hope you guys have liked the last 80+ Megz of games in the last 30 Days... + + This one is a Car and Driver Magazine... Looks worth checking out... + It lets you Test Drive the Top 10 cars in the world... + Good graphics, decent sound... You can even turn on diff radio stations + as you drive these different Exotic cars around the track... + This one came out of Europe, but is going to be distributed by + Electronic Arts in the U.S. ... + + Try it out... + + Greets: Roger Wilco (Thanks), Munchie (Good work, eh?), + Hard Core (You still asleep??), and to White Rose our new Courier... + + 80+ Megz, and more to come... + Had Enuff? + -=TDT=- World Domination '93 + + Ŀ + If you want the newest and hottest soft very fast please write to. No swap. + Now even more improved/faster/better. If you did write before, try again! + + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + If you live in france write for the LATEST to: + B.P.13 + 95370 MONTIGNY, FRANCE + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ ITS-PRI-VATE ....... 7 Nodes ... Major Theft. + Twins ..................... 514-723-4351 ....... 4 Nodes ... Spread ..... + New Central Europe ........ NOW- ON-LINE .......13 Nodes ... Phil Thrust. + Lite House Express ........ ITS-PRI-VATE ....... 4 Nodes ... Freebird ... + Terrordome ................ 416-619-1717 ....... 3 Nodes ... Stingray ... + Ĵ + THE DREAM TEAM HEADQUARTERS + Ĵ + Highland Board ............ ITS-PRI-VATE ....... 5 Nodes ... Ironside ... + Realm Of Immortality ...... ITS-PRI-VATE ....... 3 Nodes ... Sparkling F. + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ... Dirty Bush . + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-252-7400 ....... 2 Nodes ... Stroke ..... + The Vertigo File .......... 815-667-4892 ....... 2 Nodes ... Vertigo .... + Asynchrone Entry .......... 418-661-8321 ....... 2 Nodes ... Black Terror + The Deep .................. 305-888-7724 ................... Speed Racer. + Vicious Paradise .......... 804-486-1810 ................................ + PJ Tower .................. 714-356-9506 ................................ + Ultimate Carnage .......... 314-949-5823 ................... Devestator . + The Drop Zone ............. 504-769-8880 ................... Milamber ... + The Inferno BBS ........... 519-884-5071 ................................ + Ĵ + WORLD FAMOUS DISTRIBUTION SITES + Ĵ + Pure Addiction ........ +(61)-3-571-0700 ....... 4 Nodes ... Yip Yip .... + Free Q8 ................ +(965)-532-4360 ................... Desert Rat . + Exodus BBS ............. +(352)-42-44-92 ................... Redskin .... + Checkpoint Charlie ...... +(47)-42-67992 ................... Vandall .... + + Ŀ + THE DREAM TEAM MEMBERS [16 MEMBERS] + Ĵ + Hard Core + The Grim Reaper - Dr.Q2 - Sought After - Pepsi Man - Buckaroo Banzai + Munchie - Roger Wilco - Offset - ActionMan - Maximilian + S.S - Black Rider - SoulTaker - Dave & Chris - CYBER + Ĵ + THE DREAM TEAM COURIER SYSTEM [8 COURIERS] + Ĵ + Sharp - XAVIER X - Lord Disembowelment - Coyotes Memeber - Freak & Shogun + ROTOX - SKYBUM - White Rose + + + NO UPDATES - NO NONEGLISH GAMES - NO WINDOWS SHIT - NO CD ROM GAMES + + -*- Q U A L I T Y O N L Y -*- diff --git a/textfiles.com/piracy/DREAMTEAM/crack.nfo b/textfiles.com/piracy/DREAMTEAM/crack.nfo new file mode 100644 index 00000000..3b81393d --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/crack.nfo @@ -0,0 +1,70 @@ + + <>/<>/<>/<>/<>/<>/<>/<> THE DREAM TEAM & SKID ROW <>\<>\<>\<>\<>\<>\<>\<> + + P R E S E N T S + + WILD WHEELS FROM OCEAN + + Ŀ + GAME/CRACK INFORMATION + Ĵ + Cracker -> Cum Spreader + Game Supplied by -> Action Man + Protection -> Type Any Garbage + Display Screen -> EGA/VGA 256 + Sound Boards -> Speaker/Adlib/Roland + Game Overall -> 65% + + +Game Notes: After DeathBringer we are here to bring you another qualithy + crack! This game is similar to SPEEDBALL 2, but the diffrence + is that in this game you are driving a car. Many keys and + options are avalible. Just have fun! + + See you soon in our next crack... + + Start the game with the file 'WILD.EXE' + +Greetings : USA/FLT - INC - THG - TRSI + + + The Dream Team Members + are + Hard Core,ActionMan,Sandman,Slayer,Con Artist,Jammer + Roger Wilco,Dr Pepsi,Cum Spreader,Norrin Radd,Ranx,Touch Tone + and all sysops + + Skid Row Members + are + FFC - Stark - SubZero + + Ŀ + The Dream Team/Skid Row [ OUTSIDE US ] + ij + Hard City +46-PRI-VATE Hard Core + Turk 51 Zone +31-104-296515 TDB + NetWork +31-2550-31623 Papillon + Bloom County +46-300-40258 Opus + No Name 358-187-818-316 Snake Man 2 Nodes + Orange Juice +61-3571-1627 Yip Yip 3 Nodes + TWINS 514-723-1712 Spread + WareHouse +358-625-806 Disco + The Star Factory +46-8-7172761 B.B. King + Paint In Black +49-6565-4553 Stoned Warrior 3 Nodes + ij + The Dream Team/Skid Row [ US ] + ij + Motherboard One 714-971-0172 Touch Tone 5 Nodes + Pirates Ship 515-277-1906 Skeleton 2 Nodes + Revelation 301-423-7860 Ghost Wind 4 Nodes + Orions Belt 718-370-8890 Pluto + + + If you want to contact us write to + + TDT SWEDEN + BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + \ No newline at end of file diff --git a/textfiles.com/piracy/DREAMTEAM/dinotrn.nfo b/textfiles.com/piracy/DREAMTEAM/dinotrn.nfo new file mode 100644 index 00000000..43c4121e --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/dinotrn.nfo @@ -0,0 +1,80 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + DINO PARK TYCOON TRAINER + Ŀ + RELEASE INFO + Ĵ + Trainer......: Dark Overlord Supplier...: TDT + Game Overall.: 60% Date.......: 14TH OF AUGUST 1993 + Graphics.....: 256 COLOURS VGA Sound......: ALL + + + + Well my first release as a TDT member! Load up the TSR and it will + automatically keep your cash at 8 Million and something. I thought + this was the best way so you can buy anything you want and as much + as you want. Great to be aboard a great group - TDT! + + + Personal greetings: Shadow Stalker, The Unknown, Hardcore, + and The Rest Of The TDT guys. + + Group greetings goes to : THG, FAIRLIGHT, RAZ0R + + + The Dream Team - Some things lives forever... + Ŀ + If you want to have the NEWEST and HOTTEST IBM programs then write to + + TDT DISKS-BY-MAIL + PO. BOX 46 + S-37 464 STALOWA WOLA 6 + POLAND + + Ŀ + MEMBER BOARDS + Ĵ + UNLAWFUL ENTRY =*= ITS-AWE-SOME =*= 8 NODES =*= MEMBER + TWINS =*= 514-251-1838 =*= 4 NODES =*= MEMBER + ALPHA 2010 =*= ITS-AWE-SOME =*= 6 NODES =*= MEMBER + UNKNOWN ORIGIN =*= 214-UNK-NOWN =*= 2 NODES =*= MEMBER + EXALTED DEATH =*= 314-966-2270 =*= 2 NODES =*= MEMBER + SPLATTER HOUSE =*= 408-PRI-VATE =*= 1 NODES =*= MEMBER + Ĵ + SHOCK TO THE SYSTEM =*= +39-PRI-VATE =*= 5 NODES =*= ITALIAN HQ + GURU'S DREAM =*= +46-8-282760 =*= 9 NODES =*= SWEDISH HQ + PHONE HENGE =*= 407-586-0634 =*= 2 NODES =*= US HQ + DA HAUZE =*= +31-76719111 =*= 4 NODES =*= BENELUX HQ + LIGHTHOUSE SPEED =*= +49-PRI-VATE =*= 3 NODES =*= GERMAN HQ + Ĵ + THE CITADEL OF DARKNESS =*= +61-38993247 =*= 2 NODES =*= DISTRO + WIZARD'S TOWER =*= 419-874-2704 =*= 3 NODES =*= DISTRO + THE DEEP =*= 305-888-7724 =*= 2 NODES =*= DISTRO + THE LIQUOR CABINET =*= 214-368-7317 =*= 2 NODES =*= DISTRO + + Ŀ + THE DREAM TEAM FULL MEMBER LIST + Ĵ + + HARD CORE, HOSON, THE UNKNOWN, REDSKIN + + BLACK RIDER, BLOODY BUTCHER, BLUE LIQUID, CYBER, COOL HAND, DARK LORD, + DARK OVERLORD, DEAD GOON, DIABLO, EDWARD CHANG, INTREPID, INTREQ, + THE JET, MAC BETH, MAJOR THEFT, MARAUDING GOBLIN, MARTIAL ARTIST, + MAVERICK, NULL SET, ROGER WILCO, S.S, SPREAD, + THE MAGIC ARTIST, X + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + THE DREAM TEAM SPREADING TEAM + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + FIREHEAD, PETER FALK, MYSTIK TIGER, SCOUT, THE MASTER, RADICAL, ROTOX + + + + ONLY FOR THE FAME! + \ No newline at end of file diff --git a/textfiles.com/piracy/DREAMTEAM/dr3.nfo b/textfiles.com/piracy/DREAMTEAM/dr3.nfo new file mode 100644 index 00000000..9621e15b --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/dr3.nfo @@ -0,0 +1,127 @@ + + + -//- T H E D R E A M T E A M -\\- + + (Who else?!?) Proudly Presents: + + DRAGON'S LAIR III: THE CURSE OF MORDREAD FROM READYSOFT + + Ŀ + RELEASE INFORMATION + Ĵ + Supplied by : THE GRIM REAPER + Cracked by : [HARD CORE] - [THE DREAM TEAM 1992] + PROTECTION : EASY PASSWORD , WITH A DOUBLE CHECK WHICH THG FAILED ON... + Date : 5th December 1992 + Graphics : VGA 256 COLORS + Sound : ALL + Game Size : 5 1.44Mb's, Unzip into a Directory, and Run... + + + FINAL NOTES: You CANNOT just extract one or two files from our version and + use it on the THG version, they mixed their DATA disks, there- + for you need the whole TDT version! Thank you for choosing TDT! + + What can we say? THG had this one 5 Hours before us, but they !ROYALLY! + fucked up the crack on this one... I meant, it doesn't work for !SHIT!... + You do get to see a nice 5 seconds of play tho... + + So here we are with a 100% Crack... We couldn't re-release a smaller + version and be sure it would work, so here's the complete 100% cracked + version. + + Has been quite some time since Singe's Castle was released... + + In any case, to clear some confusion, Dragon's Lair II was titled: Time Warp + Singe's Castle wasn't released in the Arcades I don't think, so they didn't + call it Dragon's Lair III... This one is titled Dragon's Lair III: The + Curse of Mordread... as said above... and is TOTALLY new... of course... + This version even adds a few new animations not found in the original + Laser Disc Arcade version of DL3. + + So, looks like another big one from Readysoft... Graphics are awesome as + always w/full animation and digitized sound. The playability is + surprisingly a bit better than the old ones... I'd give it an 8/10... + Well worth trying out... + + Greets go out to: THG... Whooops... Your best people have retired... + Hard Core, Fallen Angel, Wolverine, Dr. Q2, + Vertigo, Soultaker, and Sparkling Flash... + + No DEMOs, No Updates, No Windows, No Kiddie Warez, + and No Foreign Language games you can't speak... + Only the BEST... + + Have fun, and see ya in our next QUALITY crack! + + Ŀ + If you want the newest and hottest soft very fast please write to. No swap. + Now even more improved/faster/better. If you did write before, try again! + + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + If you live in france write to + B.P.13 + 95370 MONTIGNY, FRANCE + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ ITS-PRI-VATE ....... 7 Nodes ..... USA ...... + Twins ..................... 514-723-4351 ....... 3 Nodes ..... Canada ... + New Central Europe ........ ITS-PRI-VATE .......12 Nodes ..... Germany .. + C.N.S. .................... 414-832-1449 ....... 2 Nodes ..... USA ...... + Crewel Lye ................ 713-432-0779 ..................... USA ...... + Terrordome ................ 416-619-1717 ....... 3 Nodes ..... Canada ... + Lite House Express ........ 407-624-4329 ....... 4 Nodes ..... USA ...... + Ĵ + THE DREAM TEAM HEADQUARTERS + Ĵ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ..... Italy .... + Pandora's Box ............. 313-652-6137 ....... 5 Nodes ..... USA ...... + Realm Of Immortality ...... ITS-PRI-VATE ....... 3 Nodes ..... USA ...... + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ..... Sweden ... + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-252-7400 ....... 2 Nodes ..... Canada ... + The Vertigo File .......... 815-667-4892 ..................... USA ...... + Asynchrone Entry .......... 418-661-8321 ....... 2 Nodes ..... Canada ... + The Deep .................. 305-888-7724 ..................... USA ...... + Vicious Paradise .......... 804-486-1810 ..................... USA ...... + PJ Tower .................. 714-356-9506 ..................... USA ...... + Ultimate Carnage .......... 314-XXX-XXXX ..................... USA ...... + The Inferno BBS ........... 519-884-4960 ..................... Canada ... + Ĵ + WORLD FAMOUS DISTRIBUTION SITES + Ĵ + Pure Addiction ........ +(61)-3-571-0700 ....... 4 Nodes ..... Australia. + Free Q8 ................ +(965)-532-4360 ..................... Kuwait ... + Exodus BBS ............. +(352)-42-44-92 ..................... Luxembourg + Checkpoint Charlie ...... +(47)-42-67992 ..................... Norway ... + Parasite's Land ...... +(39)-935-958-196 ..................... Italy .... + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + Hard Core , Devious Doze , The Grim Reaper + Major Theft , Wolverine , Roger Wilco + Fallen Angel , Offset , Ironside , ActionMan , Dr. Q2 + Redskin , Freebird , Desert Rat , Spread , Black Rider , Nowayout + The Ghost Wind , Stroke , Snidely Whiplash , Sparkling Flash + Maximilian , Yip Yip , Dirty Bush , RON , Electron.. , Sought After + Buckaroo Banzai , Dr Crippen , Pepsi Man , Black Terror , Phil Thrust + Stingray , The Corporal , Great White/The Speed Racer , Dave & Chris + Soul Taker and S.S + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + UNDER RE-CONTRUCTION + + + "ORIGINAL IDEA - [HARD CORE] - [THE DREAM TEAM 1992]" diff --git a/textfiles.com/piracy/DREAMTEAM/dream.nfo b/textfiles.com/piracy/DREAMTEAM/dream.nfo new file mode 100644 index 00000000..32828ff4 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/dream.nfo @@ -0,0 +1,72 @@ + + + -//- T H E D R E A M T E A M -\\- + + + -*- Proudly Present -*- + + - ELF - FROM OCEAN + + Ŀ + RELEASE INFORMATION + Ĵ + Cracked by : -no protection- + Packaged by : Devious Doze + Supplied by : Roger Wilco/TDT + Released : 10th June 1992 - 12:30 PM EST + Graphics : VGA / EGA / CGA + Sound : Sound Blaster / Adlib / Pc-Speaker + + Ŀ + RELEASE NOTES + + Playtested the game, and found no signs of copy protection... should + anyone find any at later stages then contact one of the Dream Team + members. Anyway the game is very nice.. for all those platform + adventurers. THE DREAM TEAM RULES IN 1992!! + Devious DoZe/THE DREAM TEAM'92!! + Ŀ + The Dream Team is always ready to take in new members. But we want only + the best. If you can supply games, make music (MOD) , or draw graphics + contact us by calling the nearest TDT bbs or write to our post box! + + Also if you are intrested in the newest and hottest make sure to write to + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + ActionMan, Asmodeus, Con Artist, Desert Rat, Devious Doze, Hard Core + IronSide, Jammer, Major Theft, Mr Thompson, Nightman, Offset, Paul, + Redskin, Roger Wilco, Snake Man, Spread, The Ghost Wind, Union Jack, + Yip Yip + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + Ace, Black Mischief, Crash Impact, Fallen Angel, Lord Of The Rings, + Mystic Vision, Night Shadow, Overlord, Pixel, Syzzo, Turbo Interceptor, + The Headman, Venom + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ 612-PRI-VATE ....... 5 Nodes ................ + Akira Project ........ 416-512-8566/8567 ....... 3 Nodes ................ + Revelation ................ 301-PRI-VATE ....... 5 Nodes ................ + East BBS ............... +(46)-8-940-614 ................................ + Twins ..................... 514-723-4351 ....... 2 Nodes ................ + No Name .............. +(49)-523-491-242 ................................ + Ĵ + DRISTRIBUTION SITES + Ĵ + Juve Rehab .......... +(358)-187-818-316 ....... 2 Nodes ................ + Free Q8 ................ +(965)-532-4360 ................................ + Highland Board ....... +(39)-362-901-606 ....... 3 Nodes ................ + Orange Juice ........... +(61)-357-10747 ....... 2 Nodes ................ + Hell ...................... 313-349-4933 ....... 2 Nodes ................ + Phase Shift ............... 604-732-4645 ................................ + + diff --git a/textfiles.com/piracy/DREAMTEAM/dream12.nfo b/textfiles.com/piracy/DREAMTEAM/dream12.nfo new file mode 100644 index 00000000..6c495de1 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/dream12.nfo @@ -0,0 +1,99 @@ + + + -//- T H E D R E A M T E A M -\\- + + + Proudly Presents + + R O M E f r o m M i l l e n i u m + + Ŀ + RELEASE INFORMATION + Ĵ + Supplied by : --*-- R O G E R W I L C O --*-- + Cracked by : ....ooOoo.... HARD CORE ....ooOoo.... + Date : 22nd November 1992 + Graphics : VGA 256 Colors + Sound : Adlib/Soundblaster/Speaker + Game Size : 3 720kb Disks, Installation needed + + + This is another kick ass game with full Soundblaster support and 256 colors + MCGA graphics. + + The Rome was a powerful nation. You are one of the poor slaves in that + society... The game begins when you get a mission from your master. But you + dont pay much attention to your master. You have bigger plans about becoming + the CEASAR of ROME. But the way is very dangerous and difficult. + + Greetings goes to: ICE CUBE - PYRADICAL - PIEMAN - S.S - DOZE - ACTION MAN + + Oh btw, Europeans do it better... + + Have fun and see you later in our next QUALITY crack! + + Ŀ + If you want the newest and hottest soft very fast please write to + + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + If you want the best disk-by-mail deal in FRANCE write to + B.P.13 + 95370 MONTIGNY, FRANCE + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ ITS-PRI-VATE ....... 7 Nodes ..... USA ...... + Revelation ................ ITS-PRI-VATE ....... 5 Nodes ..... USA ...... + Twins ..................... 514-723-4351 ....... 3 Nodes ..... Canada ... + New Central Europe ........ ITS-PRI-VATE .......12 Nodes ..... Germany .. + Central Nervous System .... 414-832-1449 ....... 2 Nodes ..... USA ...... + Crewel Lye ................ 713-432-0779 ..................... USA ...... + Ĵ + EUROPE AND SAUDI ARABIA'N DISTRIBUTION SITES + Ĵ + Orage Juice ........... +(61)-3-571-0700 ....... 4 Nodes ..... Australia + Free Q8 ................ +(965)-532-4360 ..................... Kuwait ... + Exodus BBS ............. +(352)-42-44-92 ..................... Luxembourg + Checkpoint Charlie ...... +(47)-42-67992 ..................... Norway ... + Ĵ + THE DREAM TEAM HEADQUARTERS + Ĵ + Lite House Express ........ 407-624-4329 ....... 4 Nodes ..... USA ...... + Pandora's Box ............. 313-652-6137 ....... 5 Nodes ..... USA ...... + Realm Of Immortality ...... ITS-PRI-VATE ....... 3 Nodes ..... USA ...... + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ..... Italy .... + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ..... Sweden ... + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-252-7400 ....... 2 Nodes ..... Canada ... + The Vertigo File .......... 815-667-4892 ..................... USA ...... + Members Only .............. ITS-PRI-VATE ....... 2 Nodes ..... USA ...... + Asynchrone Entry .......... 418-661-8321 ....... 2 Nodes ..... Canada ... + The Deep .................. 305-888-7724 ..................... USA ...... + Vicious Paradise .......... 804-486-1810 ..................... USA ...... + PJ Tower .................. 714-356-9506 ..................... USA ...... + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + Hard Core , Devious Doze , The Grim Reaper + Major Theft , Wolverine , Roger Wilco , The Corporal + Fallen Angel , Offset , Ironside , ActionMan , Dr. Q2 + Redskin , Phil Thrust , Desert Rat , Spread , Black Rider + The Ghost Wind , Stroke , Snidely Whiplash , Sparkling Flash + Maximilian , Yip Yip , Dirty Bush , RON , Electron.. , Sought After + Buckaroo Banzai , Dr Crippen , Pepsi Man , Black Terror + Great White/The Speed Racer + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + Soul Taker , Sharp , BOO , The Hexmaster , The Devestator + The Black Paladin , Freak & Shogun , Rotox , Q-Tip + \ No newline at end of file diff --git a/textfiles.com/piracy/DREAMTEAM/dream2.nfo b/textfiles.com/piracy/DREAMTEAM/dream2.nfo new file mode 100644 index 00000000..b77aea05 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/dream2.nfo @@ -0,0 +1,92 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + THE LOST VIKINGS FROM INTERPLAY + Ŀ + RELEASE INFO + Ĵ + Cracked by.. : HARD CORE.... ..... Supplier.. : DARK FORCE......... + Game Overall : 85% ............... Date...... : 22nd June 1993 .... + Graphics.... : VGA 256 COLORS .... Sound..... : All ............... + + + The Lost Vikings "They Just Want to go Home!" + + Well -TDT- is back with it's first release of the Summer. A Simple + doc-check that was quickly taken care of. After a Preview, a Snes and + Amiga version the game has finally come out. Once you get into this game + you will not be able to stop, Puzzles, Action and more. Thats it, Hope + To see you in another TDT Summer release soon. + + * Install Notes * + + - After you install the game, you will have to exit the install + program (either by alt-x or answer the questions wrong). + - Then copy the setup.exe file into the directory and run it. + + + Greetings to - TRSI / THG / RAZOR 1911 / THE UNTOUCHABLES + & PUBLIC ENEMY + + Personal Greetings to - Hard Core, Dr. Detergent, Spread & Major Theft + (May the force be with you all!) + + + * Box-Hype * + + - Prepare for hours of fun with hundreads of mind-blowing puzzles to play + and conquer. + - Jam through over 35 rip-roaring levels. + - Blast your way into different worlds,including Prehistoria, Egypt, The + Great Factory, Wacky World and more. + - Feel the power rush as you control the unique, radical moves of all + threee vikings. + - Each viking has his own definite attitude, too. Powerful runner Erik + The Swift, burly defender Olaf the stout, and the unyielding swordsman + Baleog the Fierce--come alive as the talk to each other in hysterical + cartoon captions. + - An infectious musical score with an incredible beat. + + + The Dream Team '93 - Nothing last forever....exept TDT! + Ŀ + If you want to catch the NEWEST and HOTTEST IBM programs then write to + + TDT DISK-BY-MAIL + PO. BOX 46 + S-37 464 STALOWA WOLA 6 + POLAND + + Ŀ + MEMBER BOARDS + Ĵ + UNLAWFUL ENTRY /./ ITS-PRI-VATE /./ 8 LINES /./ MEMBER + TWINS /./ 514-723-4351 /./ 4 LINES /./ MEMBER + ALPHA 2010 /./ 210-687-9660 /./ 6 LINES /./ MEMBER + FEAR & LOATHING /./ ITS-PRI-VATE /./ 6 LINES /./ MEMBER + Ĵ + HIGHLAND /./ +[39]-PRI-VATE /./ 5 LINES /./ ITALY HQ + GURU'S DREAM /./ +[46]-828-2760 /./ 5 LINES /./ SWEDEN HQ + PHONE HENGE /./ 407-586-0634 /./ 1 LINE /./ US HQ + Ĵ + GRAVE BEARD'S CASTLE /./ 601-939-0634 /./ 3 LINES /./ DISK SITE + THE CITADEL OF DARK. /./+[61]-3-899-3247 /./ 2 LINES /./ DISK SITE + DA HAUZE /./+[31]-76-71-9111 /./ 4 LINES /./ DISK SITE + + Ŀ + THE DREAM TEAM FULL MEMBER LIST + Ĵ + HARD CORE - DARK FORCE - SPREAD - MAJOR THEFT - MARTIAL ARTIST + DARK LORD - ROGER WILCO - REDSKIN - MAVERICK - DR. DETERGENT + DR.Q2 - BLACK RIDER - INTREQ - S.S - MARAUDIN GOBLIN + --------------------------------------------------------------------------- + SPREADERS + --------------------------------------------------------------------------- + [.ROTOX!.] - [.RADICAL.] - [.BUBBLE MAN.] - [.FIREHEAD.] - [.THE MASTER.] + + + -*- NO DUPES /%/ NO WINDOWS /%/ NO FRENCH GAMES /%/ NO KID GAMES -*- + \ No newline at end of file diff --git a/textfiles.com/piracy/DREAMTEAM/dream7.nfo b/textfiles.com/piracy/DREAMTEAM/dream7.nfo new file mode 100644 index 00000000..9b78e379 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/dream7.nfo @@ -0,0 +1,73 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + YO! JOE! FROM HUDSON SOFTWARE + Ŀ + RELEASE INFO + Ĵ + Cracker......: HARD CORE Supplier...: MR.TDT + Game Overall.: 80% Date.......: 11TH OF SEPTEMBER 1993 + Graphics.....: VGA 256 COLORS Sound......: MOST + + + Here comes another great one from your favourite group: THE DREAM TEAM! + + Yo! Joe from Hudson software is yet another jump&run cool game. The preview + was out a couple of months ago, but here comes the final MULTI-LANG. version! + + Personal greetings: Killerette, Phonestud, Hoson, Radical, Major Theft, + Redskin, Pharaoh, Devious Doze, Firehead! + + Group greetings goes to : THG - TRSI - RAZOR - FAIRLIGHT - PTG - NEXUS + + If you are a courier and is currently looking for a courier JOB in TDT, give + us a call at our mail box number : 404-395-2563 + + The Dream Team - Some things live forever... + Ŀ + If you want to GET the NEWEST and HOTTEST IBM programs then write to + + TDT DISKS-BY-MAIL + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + MEMBER BOARDS + Ĵ + UNLAWFUL ENTRY =*= ITS-AWE-SOME =*= 8 NODES =*= MEMBER + TWINS =*= 514-251-1838 =*= 4 NODES =*= MEMBER + ALPHA 2010 =*= ITS-AWE-SOME =*= 6 NODES =*= MEMBER + EXALTED DEATH =*= 314-966-2270 =*= 2 NODES =*= MEMBER + Ĵ + SHOCK TO THE SYSTEM =*= +39-PRI-VATE =*= 5 NODES =*= ITALIAN HQ + DA HAUZE =*= +31-PRI-VATE =*= 6 NODES =*= BENELUX HQ + BEYOND AKIRA =*= 416-461-9101 =*= 3 NODES =*= CANADIAN HQ + PHORTUNE 500 =*= 217-544-9539 =*= 1 NODE =*= US HQ + ON THE EDGE =*= ITS-PRI-VATE =*= 1 NODE =*= US HQ + Ĵ + WIZARD'S TOWER =*= 419-536-8206 =*= 3 NODES =*= DISTRO + THE DEEP =*= 305-888-7724 =*= 2 NODES =*= DISTRO + THE LIQUOR CABINET =*= 214-368-7317 =*= 2 NODES =*= DISTRO + SECOND FRONT =*= +46-87987584 =*= 2 NODES =*= DISTRO 9 + + Ŀ + THE DREAM TEAM FULL MEMBER LIST + Ĵ + + HARD CORE, HOSON, REDSKIN + + DEAD GOON, DEVIOUS DOZE, EDWARD CHANG, EXCESSIVE KNIGHT, MAC BETH + MAJOR THEFT, MAVERICK, ROGER WILCO, SPREAD, THE MAGIC ARTIST + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + THE DREAM TEAM SPREADING TEAM + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + FIREHEAD, RADICAL, PETER FALK, SCOUT, MASTER, X + + + + NO RULES THIS TIME, SINCE WE MAKE UP THE RULES FOR THE SCENE diff --git a/textfiles.com/piracy/DREAMTEAM/dream9.nfo b/textfiles.com/piracy/DREAMTEAM/dream9.nfo new file mode 100644 index 00000000..d30e551b --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/dream9.nfo @@ -0,0 +1,102 @@ + + + -//- T H E D R E A M T E A M -\\- + + + Proudly Presents + + Heartlight PC from X-LAND + + Ŀ + RELEASE INFORMATION + Ĵ + Supplied by : THE GRIM REAPER + Cracked by : N\A + Date : 27th November 1992 + Graphics : VGA 256 Colors + Sound : All + Game Size : 2 720kb Disk, Use Subst or Install from floppies + + + Sim Life, from Maxis... Another in the long Sim Series... In this one + you build your own ecosystem from the ground up, and give life to + creatures of your choice. Design plants and animals right at the genetic + level to influence how they look, ace and eventually evolve. + + WELCOME to our new dist site in 416 - TERRORDOME! + + Greets go out to: Noone, I'm in a Rush... + + Have fun and see you later in our next QUALITY crack! + + Ŀ + If you want the newest and hottest soft very fast please write to. No swap. + Now even more improved/faster/better. If you did write before, try again! + + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + If you live in france write to + B.P.13 + 95370 MONTIGNY, FRANCE + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ ITS-PRI-VATE ....... 7 Nodes ..... USA ...... + Twins ..................... 514-723-4351 ....... 3 Nodes ..... Canada ... + New Central Europe ........ ITS-PRI-VATE .......12 Nodes ..... Germany .. + C.N.S. .................... 414-832-1449 ....... 2 Nodes ..... USA ...... + Crewel Lye ................ 713-432-0779 ..................... USA ...... + Terrordome ................ 416-619-1717 ....... 3 Nodes ..... Canada ... + Lite House Express ........ 407-624-4329 ....... 4 Nodes ..... USA ...... + Ĵ + THE DREAM TEAM HEADQUARTERS + Ĵ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ..... Italy .... + Pandora's Box ............. 313-652-6137 ....... 5 Nodes ..... USA ...... + Realm Of Immortality ...... ITS-PRI-VATE ....... 3 Nodes ..... USA ...... + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ..... Sweden ... + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-252-7400 ....... 2 Nodes ..... Canada ... + The Vertigo File .......... 815-667-4892 ..................... USA ...... + Members Only .............. ITS-PRI-VATE ....... 2 Nodes ..... USA ...... + Asynchrone Entry .......... 418-661-8321 ....... 2 Nodes ..... Canada ... + The Deep .................. 305-888-7724 ..................... USA ...... + Vicious Paradise .......... 804-486-1810 ..................... USA ...... + PJ Tower .................. 714-356-9506 ..................... USA ...... + Ultanet Carnage ........... 314-XXX-XXXX ..................... USA ...... + The Inferno BBS ........... 519-884-4960 ..................... Canada ... + Ĵ + WORLD FAMOUS DISTRIBUTION SITES + Ĵ + Pure Addiction ........ +(61)-3-571-0700 ....... 4 Nodes ..... Australia + Free Q8 ................ +(965)-532-4360 ..................... Kuwait ... + Exodus BBS ............. +(352)-42-44-92 ..................... Luxembourg + Checkpoint Charlie ...... +(47)-42-67992 ..................... Norway ... + + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + Hard Core , Devious Doze , The Grim Reaper + Major Theft , Wolverine , Roger Wilco + Fallen Angel , Offset , Ironside , ActionMan , Dr. Q2 + Redskin , Freebird , Desert Rat , Spread , Black Rider + The Ghost Wind , Stroke , Snidely Whiplash , Sparkling Flash + Maximilian , Yip Yip , Dirty Bush , RON , Electron.. , Sought After + Buckaroo Banzai , Dr Crippen , Pepsi Man , Black Terror , Phil Thrust + Stingray , The Corporal , Great White/The Speed Racer , Dave & Chris + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + UNDER RE-CONTRUCTION + + + "ORIGINAL IDEA - [HARD CORE] - [THE DREAM TEAM 1992]" diff --git a/textfiles.com/piracy/DREAMTEAM/euros.nfo b/textfiles.com/piracy/DREAMTEAM/euros.nfo new file mode 100644 index 00000000..cd248c04 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/euros.nfo @@ -0,0 +1,115 @@ + + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + EUROSOCCER FROM FLAIR SOFTWARE + + Ŀ + RELEASE INFORMATION + Ĵ + Supplied by : ACTION MAN & MUNCHIE ...................................... + Cracked by : HARD CORE ................................................. + Date : 15th December 1992 (Still 16 days left!) .................. + Graphics : VGA 16 COLORS ............................................. + Sound : Speaker/Adlib/Soundblaster ................................ + Game Size : 2 720kb disks , Installation optional ..................... + + + TDT brings you todays crack called : European Soccer. Two player mode is + also avalible if you have a joystick handy. + + EGA or VGA graphics and Soundblaster/Adlib supported. + + You can choose to play with one of the best european soccer teams. After + the FLAIR SOFTWARE intro screen you have to wait like 10 seconds before the + game starts. On the password protection just hit return! Oh btw: Hold your + breath for tomorrow... + + Greetings Goes to CLUB TDT : FFC - ONYX - THE RENEGADE CHEMIST - HYDRO + R/\D/\R - CHAINSAW MASSACRE + + To start the game type EURO.COM + + TDT Scores last 5 days: Spectre + Conquest for Japan + World Wrestling Europe + Doughter Of Serpents + Magic Candle III + + An average of 1 TOP quality Game/Day!!! + + TDT's goal for end of 1992 will be to REsize the group and cut off the DEAD + meat, NO NEW dist sites accepted...If you want to be a part of TDT then you + have to wait until beginning of January 1993! + + Have fun, and see ya in our next QUALITY crack! + + Ŀ + If you want the newest and hottest soft very fast please write to. No swap. + Now even more improved/faster/better. If you did write before, try again! + + -*- The Dream Team. HOT! -*- + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + Vule Vu Koshe Avec Mua Write to Me! + B.P.13 + 95370 MONTIGNY, FRANCE + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ ITS-PRI-VATE ....... 7 Nodes ... Major Theft. + Twins ..................... 514-723-4351 ....... 3 Nodes ... Spread ..... + New Central Europe ........ NOW- ON-LINE .......13 Nodes ... Phil Thrust. + Lite House Express ........ ITS-PRI-VATE ....... 4 Nodes ... Freebird ... + Terrordome ................ 416-619-1717 ....... 3 Nodes ... Stingray ... + Ĵ + THE DREAM TEAM HEADQUARTERS + Ĵ + Highland Board ............ ITS-PRI-VATE ....... 5 Nodes ... Ironside ... + Realm Of Immortality ...... ITS-PRI-VATE ....... 3 Nodes ... Sparkling F. + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ... Dirty Bush . + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-252-7400 ....... 2 Nodes ... Stroke ..... + The Vertigo File .......... 815-667-4892 ....... 2 Nodes ... Vertigo .... + Asynchrone Entry .......... 418-661-8321 ....... 2 Nodes ... Black Terror + The Deep .................. 305-888-7724 ................... Speed Racer. + Vicious Paradise .......... 804-486-1810 ................................ + PJ Tower .................. 714-356-9506 ................................ + Ultimate Carnage .......... 314-949-5823 ................... Devestator . + The Drop Zone ............. 504-769-8880 ................... Milamber ... + The Inferno BBS ........... 519-884-5071 ................................ + Ĵ + WORLD FAMOUS DISTRIBUTION SITES + Ĵ + Pure Addiction ........ +(61)-3-571-0700 ....... 4 Nodes ... Yip Yip..... + Free Q8 ................ +(965)-532-4360 ................... Desert Rat . + Exodus BBS ............. +(352)-42-44-92 ................... Redskin .... + Checkpoint Charlie ...... +(47)-42-67992 ................... Vandall .... + + Ŀ + THE DREAM TEAM MEMBERS [16 MEMBERS] + Ĵ + Hard Core + The Grim Reaper - Dr.Q2 - Sought After - Pepsi Man - Buckaroo Banzai + Munchie - Roger Wilco - Offset - ActionMan - Maximilian + S.S - Black Rider - SoulTaker - Dave & Chris - CYBER + Ĵ + THE DREAM TEAM COURIER SYSTEM [7 COURIERS] + Ĵ + Sharp - XAVIER X - Lord Disembowelment - Coyotes Memeber - Freak & Shogun + ROTOX - SKYBUM + + + NO UPDATES - NO NONEGLISH GAMES - NO WINDOWS SHIT - NO CD ROM GAMES + + -*- Q U A L I T Y O N L Y -*- diff --git a/textfiles.com/piracy/DREAMTEAM/fireice.nfo b/textfiles.com/piracy/DREAMTEAM/fireice.nfo new file mode 100644 index 00000000..044e445e --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/fireice.nfo @@ -0,0 +1,118 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + Ŀ + +:+ Fire & Ice (c) Craftsgold +:+ + Ĵ + Cracked by.....: - Supplier...: MR.TDT + Packaged by.....: Look below Date.......: 1993-11-22 + + + Game notes/info: Looks great with very smooth scrolling. Has a nice tune & + seems to be one of thoose you a weekend to walk thru. + + Don't forget to grab Time Runners 5 earlier today by TDT + and the other games coming your way soon... + + NOTE! By some weird reason, the game goes thru IO adress + $330. And it may cause the computer freeze. If you + have an Adaptec 1542C or any other SCSI controller + with the IO adress $330 CHANGE it to something like + $200... + It's not our fault, we don't make them, we just + crack them! + + // Hard Core + + If you are CONFUSED with the CHANGES with TDT last week, here's brief info: + + MAPHIA BBS is the NEW WHQ. + If you cannot find your name or BBS in our MEMBER list, it means you got + the boot from the group, since you don't fit in our team. + + Group greetings: TRISTAR & RED SECTOR - PUBLIC ENEMY - FAIRLIGHT - NEXUS + + Personal greets: Maverick - Nice to see UK rock again + Hoson - Why did you shave your hair? + + Dr Magic/Fallen Angel/Brujjo/Candyman/Lion/Mac Beth + + The Dream Team cracking machine... + + Ŀ + If you want to GET the latest IBM software then write to: + + TDT DISKS-BY-MAIL + PO BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + D O Y O U B E L I E V E I N D R E A M S ? + + FOR IMMEDIATE CONTACT WITH TDT, LOGON GREYBEARD'S CASTLE USING THIS A/C; + + login id: THE DREAM TEAM + password: TDT + + LEAVE A (C)OMMENT TO THE SYSOP WITH YOUR VOICE NUMBER AND OTHER INFO YOU + THINK MIGHT INTEREST US. + + YOU MAY ALSO CONTACT HARD CORE OR HOSON ON ANY MAJOR BBS + + Ŀ + +:+ THE DREAM TEAM FULL BOARD LIST +:+ + ------------------------------ + Ĵ + !MAPHIA!.....................ITS-PRI-VATE.......5 NODES.......WORLD HQ... + GREYBEARD'S CASTLE...........601-939-7339.......4 NODES.......COURIER HQ. + Ĵ + ALPHA 2010...................ITS-PRI-VATE.......6 NODES.......USA HQ..... + SO-KRATES....................ITS-PRI-VATE.......4 NODES.......USA HQ..... + Ĵ + SECOND FRONT.................+46-87987584.......2 NODES.......SWEDISH HQ. + UNDERGROUND..................+39-PRI-VATE.......2 NODES.......ITALIAN HQ. + DA HAUZE.....................+31-HARDCORE.......6 NODES.......BENELUX HQ. + THE SKYTOPOLIS...............+41-44-31651.......1 NODE........SWISS HQ... + Ĵ + THE DEEP.....................305-888-7724.......2 NODES.......DISTRO..... + THE BACK ROOM................615-245-6617.......2 NODES.......DISTRO..... + REBEL ALLIANCE...............908-738-9281.......2 NODES.......DISTRO..... + + Ŀ + + +:+ THE DREAM TEAM FULL MEMBER LIST +:+ + ------------------------------- + + HARD CORE.....................................Has a big mustashe + HOSON...................................The only skinhead in TDT + + CYBER...............................................Shot himself + BEOWULF........................................Camping in Alaska + BRUJJO DIHITAL'...............Dreamin about Blackfoots and stuff + DR.MAGIC........................................Has no underwear + EXCESSIVE KNIGHT.....................Likes to buy Techno records + FALLEN ANGEL......................................Likes phonesex + HOT TUNA...................................Finally fixed his car + MAC BETH..........................................& french fries + MAVERICK.................................Likes to fart very loud + PABLO...............................................Never around + THE MAGIC ARTIST...........................Did blow himself away + THE GHOST WIND...............................Changed his haircut + ROGER WILCO..........................Just got back from hospital + LION............................................She has big tits + + Ĵ + + +:+ THE DREAM TEAM SPREADING TEAM +:+ + ----------------------------- + FIREHEAD + + SKYBUM, JUMPIN' JACK, SKYLARK, MOZARELLO, MISTER + RYU, TOADIE, LONE WOLF, TETRIS, SKINNY PUPPY + + + Leaving you with your best memories... diff --git a/textfiles.com/piracy/DREAMTEAM/goblins3.nfo b/textfiles.com/piracy/DREAMTEAM/goblins3.nfo new file mode 100644 index 00000000..bfecb01f --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/goblins3.nfo @@ -0,0 +1,83 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + Ŀ + +:+ Goblins 3 ENGLISH (c) Coktel Vision +:+ + Ĵ + Cracker......: HARD CORE Supplier...: MR.TDT + Game Overall.: 80% Date.......: 1993-11-16 + Graphics.....: VGA/MCGA 256 colors Sound......: Adlib/SB + + + A TDT QUALITY RELEASE + + Game notes: Finally, after our friends at SCOTCH released this one in FRENCH + TDT strikes with the FULLY english version of this fine game! + + Same sick humour, same characters, just new stories and a new + number on the box. + + Have fun a be sure to grab the other TDT releases coming soon... + + CRACK NOTE: To activate the crack, simply copy crack.com to the game + directory and run it, or run setup.exe one extra time once + installed! + + WALL STREET NEWS: TDT STOCK PRICE RISES! + + Personal greetings: Hoson, Firehead, Lefty, Beowulf... + + RF-SUX: How does it feel to be a virgin? Computers could kill your erection... + + The Dream Team cracking machine... + Ŀ + If you want to GET the latest IBM software then write to + TDT DISKS-BY-MAIL + PO BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + +:+ THE DREAM TEAM FULL BOARD LIST +:+ + ------------------------------ + Ĵ + UNLAWFUL ENTRY...............ITS-PRI-VATE.......8 NODES.......MEMBER/WHQ. + ALPHA 2010...................ITS-PRI-VATE.......6 NODES.......MEMBER..... + BEYOND AKIRA.................416-461-9101.......3 NODES.......MEMBER..... + Ĵ + DA HAUZE.....................ITS-PRI-VATE.......6 NODES.......BENELUX HQ. + ON THE EDGE..................ITS-PRI-VATE.......1 NODE........US HQ...... + SECOND FRONT.................+46-87987584.......2 NODES.......SWEDEN HQ.. + Ĵ + THE DEEP.....................305-888-7724.......2 NODES.......DISTRO..... + THE BACK ROOM................615-245-6617.......2 NODES.......DISTRO..... + REBEL ALLIANCE...............908-738-9281.......2 NODES.......DISTRO..... + THE SKYTOPOLIS...............+41-44-31651.......1 NODE........DISTRO..... + GRAVEBEARD'S CASTLE..........601-939-7339.......4 NODES.......DISTRO..... + + + Ŀ + +:+ THE DREAM TEAM FULL MEMBER LIST +:+ + ------------------------------- + + HARD CORE & HOSON + + *CYBER*,*BEN JAMMIN*, BEOWULF, *DEVIOUS DOZE*,*DR. MAGIC*, *EDWARD CHANG* + EXCESSIVE KNIGHT, HOT TUNA,*LiON*, MAC BETH, MAJOR THEFT, MAVERICK + PABLO, *PHARAOH*, *ROGER WILCO*, THE MAGIC ARTIST, THE GHOST WIND + + * - Means we might to kick you out soon + Ĵ + +:+ THE DREAM TEAM SPREADING TEAM +:+ + ----------------------------- + FIREHEAD + + RADICAL, THE SHADOW, SKYBUM, JUMPIN' JACK, MIST + + + + Have fun abusing AT&T...h0h0 diff --git a/textfiles.com/piracy/DREAMTEAM/golf.nfo b/textfiles.com/piracy/DREAMTEAM/golf.nfo new file mode 100644 index 00000000..04b7ea19 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/golf.nfo @@ -0,0 +1,71 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + INTERNATIONAL GOLF FROM OCEAN + Ŀ + RELEASE INFO + Ĵ + Cracked by.. : DR. DETERGENT ..... Supplier.. : HARD CORE (Really?) + Game Overall : 85% ............... Date...... : 10th June 1993 .... + Graphics.... : VGA 256 COLORS .... Sound..... : All ............... + + Another great game from OCEAN, and another Superb. crack from TDT! The + whole TDT crew welcome's Dr. Detergent... + + This is a very cool golf game just brought to you from the shelf! Screens and + sound is very well done. Must be classed as an ACE game for every golf fan + out there. Be sure to grab much more from TDT in near future!!! + + Greetings to the rest of TDT from Dr. Detergent! + + GROUP GREETINGS : Fairlight / Humble Guys / Razor / Untouchables / Trsi + + PERSONALL GREETINGS : ADRIAN & sisters - ( Ouch!) + ADREW ( You want to be next? tak!) + JOHN ( What did i tell you?) + HAMLET ( The German scene can't live without you...) + DIRK ( I think you were smiling too fast!) + + For additional greetings and info check out the intro! + + The Dream Team '93 - QUALITY, NOT QUANTITY... + Ŀ + If you want to catch the NEWEST and HOTTEST IBM programs then write to + + TDT DISK-BY-MAIL + PO. BOX 46 + S-37 464 STALOWA WOLA 6 + POLAND + + Ŀ + MEMBER BOARDS + Ĵ + UNLAWFUL ENTRY /./ ITS-PRI-VATE /./ 7 LINES /./ AMIEXPRESS + TWINS /./ 514-723-4351 /./ 4 LINES /./ AMIEXPRESS + ALPHA 2010 /./ 210-687-9660 /./ 4 LINES /./ PC BOARD + FEAR & LOATION /./ 205-302-0706 /./ 5 LINES /./ PC BOARD + Ĵ + HEADQUARTERS + Ĵ + HIGHLAND /./ +[39]-PRI-VATE /./ 5 LINES /./ PC BOARD + GURU'S DREAM /./ +[46]-828-2760 /./ 5 LINES /./ AMI EXPRESS + PHONE HENGE /./ 407-586-0634 /./ 1 LINE /./ CELERITY + FREE KUWAIT /./ +[965]-PRI-VATE /./ 2 LINES /./ AMI EXPRESS + THE CITADEL OF DARK. /./+[61]-3-899-3247 /./ 2 LINES /./ CELERITY + + Ŀ + THE DREAM TEAM FULL MEMBER LIST + Ĵ + HARD CORE - MAJOR THEFT - SPREAD - DESERT RAT - SILUS GUARDIAN + DARK LORD - ROGER WILCO - REDSKIN - MAVERICK - DR. DETERGENT + DR. Q2 - BLACK RIDER - MAVERICK - S.S - MARAUDIN GOBLIN + --------------------------------------------------------------------------- + SPREADERS + --------------------------------------------------------------------------- + [RADICAL......] - [BUBBLE MAN....] - [FIREHEAD......] - [THE MASTER.....] + + + -*- N O B U L L S H I T -*- \ No newline at end of file diff --git a/textfiles.com/piracy/DREAMTEAM/harrier.nfo b/textfiles.com/piracy/DREAMTEAM/harrier.nfo new file mode 100644 index 00000000..678887d2 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/harrier.nfo @@ -0,0 +1,103 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + HARRIER JUMP SET FROM MICROPROSE + + Ŀ + RELEASE INFORMATION + Ĵ + Supplied by : ACTION MAN & MUNCHIE ...................................... + Cracked by : HARD CORE ................................................. + Protection : Easy Password ............................................. + Date : 17th December 1992 (Still 13 days left!) .................. + Graphics : ALL ....................................................... + Sound : ALL ....................................................... + Game Size : 5 1.44Mb disks , Installation from floppies ............... + + + Another great game from THE DREAM TEAM! + + No time to talk babe, play the game, go ahead! + + Requirements are 601kb memory and 750kb EMS memory. + + The protection is as usual an easy password protection... + + Group Greetings: Welp, no greetings this time, no competition!!! + + CRACK INFO: To make the crack work, after installing the game copy the + file FRONTEND.EXE from DISK 1 to your game directory on the + HardDisk! + If you DONT do this, the game wont be unprotected.... + + Have fun, and see ya in our next QUALITY crack! + + Ŀ + If you want the newest and hottest soft very fast please write to. No swap. + Now even more improved/faster/better. If you did write before, try again! + + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + If you live in france write for the LATEST to: + B.P.13 + 95370 MONTIGNY, FRANCE + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ ITS-PRI-VATE ....... 7 Nodes ... Major Theft. + Twins ..................... 514-723-4351 ....... 4 Nodes ... Spread ..... + New Central Europe ........ NOW- ON-LINE .......13 Nodes ... Phil Thrust. + Lite House Express ........ ITS-PRI-VATE ....... 4 Nodes ... Freebird ... + Terrordome ................ 416-619-1717 ....... 3 Nodes ... Stingray ... + Ĵ + THE DREAM TEAM HEADQUARTERS + Ĵ + Highland Board ............ ITS-PRI-VATE ....... 5 Nodes ... Ironside ... + Realm Of Immortality ...... ITS-PRI-VATE ....... 3 Nodes ... Sparkling F. + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ... Dirty Bush . + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-252-7400 ....... 2 Nodes ... Stroke ..... + The Vertigo File .......... 815-667-4892 ....... 2 Nodes ... Vertigo .... + Asynchrone Entry .......... 418-661-8321 ....... 2 Nodes ... Black Terror + The Deep .................. 305-888-7724 ................... Speed Racer. + Vicious Paradise .......... 804-486-1810 ................................ + PJ Tower .................. 714-356-9506 ................................ + Ultimate Carnage .......... 314-949-5823 ................... Devestator . + The Drop Zone ............. 504-769-8880 ................... Milamber ... + The Inferno BBS ........... 519-884-5071 ................................ + Ĵ + WORLD FAMOUS DISTRIBUTION SITES + Ĵ + Pure Addiction ........ +(61)-3-571-0700 ....... 4 Nodes ... Yip Yip .... + Free Q8 ................ +(965)-532-4360 ................... Desert Rat . + Exodus BBS ............. +(352)-42-44-92 ................... Redskin .... + Checkpoint Charlie ...... +(47)-42-67992 ................... Vandall .... + + Ŀ + THE DREAM TEAM MEMBERS [16 MEMBERS] + Ĵ + Hard Core + The Grim Reaper - Dr.Q2 - Sought After - Pepsi Man - Buckaroo Banzai + Munchie - Roger Wilco - Offset - ActionMan - Maximilian + S.S - Black Rider - SoulTaker - Dave & Chris - CYBER + Ĵ + THE DREAM TEAM COURIER SYSTEM [8 COURIERS] + Ĵ + Sharp - XAVIER X - Lord Disembowelment - Coyotes Memeber - Freak & Shogun + ROTOX - SKYBUM - White Rose + + + NO UPDATES - NO NONEGLISH GAMES - NO WINDOWS SHIT - NO CD ROM GAMES + + -*- Q U A L I T Y O N L Y -*- diff --git a/textfiles.com/piracy/DREAMTEAM/kohan.nfo b/textfiles.com/piracy/DREAMTEAM/kohan.nfo new file mode 100644 index 00000000..2646b182 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/kohan.nfo @@ -0,0 +1,102 @@ + + + -//- T H E D R E A M T E A M -\\- + 1 9 9 3 + Proudly Presents: + + KOSHAN CONSPIRACY FROM UBI SOFT + (BAT II ENGLISH) + Ŀ + RELEASE INFORMATION + Ĵ + Supplied by.: THE GRIM REAPER......... Cracked by.: HARD CORE............ + Protection..: Easier Doc Check........ Date.......: 9th January 1993..... + Date........: 9th January 1992........ Sound......: ALL.................. + Graphics....: VGA 480*640 256 colors.. Size.......: 7 1.44MB Disks....... + + + A new kewl game from your favourite team! Once again TDT shows the scene in + which direction the group's should go. Another group did release the french + version of this game which was un-playable with a 150k french text file. + Here come's the FINAL SALES ENGLISH VERSION of BAT II! + + The game is very funny to play, you can walk around on the streets, flight + an air-craft, drive via-car, rob a pizza bar or shoot down old ladies... + + Absolute fun and perfect crack. The crack is included in the game, so just + do install the game and follow further instructions! Make sure your floppies + has label's like disk 1:BATII_1,disk 2:BATII_2 etc... + + Greetings : Redskin - Cool friend (ui ui) + The Grim Reaper - Good job! + Maximillian - Dr.Q2 - Soultaker - Pieman - Strider + + Group Greetings : RAZOR - Play fair + + TDT QUALITY , THE standard on IBM! + + Ŀ + If you want the newest and hottest soft very fast please write to. No swap. + Now even more improved/faster/better. If you did write before, try again! + + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + If you live in france write for the LATEST to: + B.P.13 + 95370 MONTIGNY, FRANCE + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ ITS-PRI-VATE ....... 7 Nodes ... Major Theft. + Twins ..................... 514-723-4351 ....... 4 Nodes ... Spread ..... + New Central Europe ........ NOW- ON-LINE .......13 Nodes ... Phil Thrust. + Lite House Express ........ ITS-PRI-VATE ....... 4 Nodes ... Freebird ... + Terrordome ................ 416-619-1717 ....... 3 Nodes ... Stingray ... + Ĵ + THE DREAM TEAM HEADQUARTERS + Ĵ + Highland Board ............ ITS-PRI-VATE ....... 5 Nodes ... Ironside ... + Realm Of Immortality ...... ITS-PRI-VATE ....... 3 Nodes ... Sparkling F. + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ... Dirty Bush . + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-252-7400 ....... 2 Nodes ... Stroke ..... + The Pristine Tower ........ 815-667-5088 ....... 2 Nodes ... Vertigo .... + Asynchrone Entry .......... 418-661-8321 ....... 2 Nodes ... Black Terror + The Deep .................. 305-888-7724 ................... Speed Racer. + Vicious Paradise .......... 804-486-1810 ................................ + PJ Tower .................. 714-356-9506 ................................ + Ultimate Carnage .......... 314-949-5823 ................... Devestator . + The Drop Zone ............. 504-769-8880 ................... Milamber ... + The Inferno BBS ........... 519-884-5071 ................................ + Ĵ + WORLD FAMOUS DISTRIBUTION SITES + Ĵ + Pure Addiction ........ +(61)-3-571-0700 ....... 4 Nodes ... Yip Yip .... + Free Q8 ................ +(965)-532-4360 ................... Desert Rat . + Checkpoint Charlie ...... +(47)-42-67992 ................... Vandall .... + + Ŀ + THE DREAM TEAM MEMBERS [16 MEMBERS] + Ĵ + Hard Core + The Grim Reaper - Dr.Q2 - Sought After - Pepsi Man - Buckaroo Banzai + Roger Wilco - Offset - ActionMan - Maximilian + Redskin - S.S - Black Rider - SoulTaker - Dave & Chris - CYBER + Ĵ + THE DREAM TEAM COURIER SYSTEM [9 COURIERS] + Ĵ + Sharp - XAVIER X - Lord Disembowelment - Coyotes Memeber - Freak & Shogun + ROTOX - SKYBUM - White Rose - BOO + + + NO UPDATES - NO NONEGLISH GAMES - NO WINDOWS GAMES - NO CD ROM GAMES + + -*- Q U A L I T Y O N L Y -*- diff --git a/textfiles.com/piracy/DREAMTEAM/laura.nfo b/textfiles.com/piracy/DREAMTEAM/laura.nfo new file mode 100644 index 00000000..e1c07158 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/laura.nfo @@ -0,0 +1,89 @@ + + + -//- T H E D R E A M T E A M 1992 -\\- + + + -*- Proudly Present -*- + + LAURA BOW II : THE DAGGER OF AMON RA + + Ŀ + RELEASE INFORMATION + Ĵ + Cracked by : ABACUS ( Cracked for VGA 256 color ) + Supplied by : WOLVERINE + Released : 24th June 1992 + Graphics : VGA / EGA / CGA + Sound : Roland / Soundblaster / Adlib / Pc-Speaker + + Ŀ + RELEASE NOTES + + Another great Sierra games. This is actually a new style of cracking.... + Game takes 10 minutes to install from floppies. + Make sure you have 64000 bytes free on your harddrive before you start! + To pass throu the beginning protection : + (1) copy the two files : DATA.TDT and VIEW.EXE to your SIERRA/RA directory + from DISK 1 + (2) Run the file VIEW.EXE in your sierra directory + (3) Start the game with 'RA' + + Play game and when the protection pops up: + + (1) Read the question and then press 'Q' + (2) Find god with matching word and memorize it + (3) Hit 'W' + (4) Now click on the matching god and continue the game + + Have fun and see you later in our next crack! + + Quick greetings : TRSi , iNC , Razor , THG , FLT + + Ŀ + The Dream Team is always ready to take in new members. But we want only + the best. If you can supply games, make music (MOD) , or draw graphics + contact us by calling the nearest TDT bbs or write to our post box! + + Also if you are intrested in the newest and hottest make sure to write to + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + ABACUS,Ace, ActionMan, Asmodeus, Con Artist, Desert Rat, Devious Doze + Hard Core, IronSide, Jammer, Major Theft, Mr Thompson, Nightman, Offset + Paul, Redskin, Roger Wilco, Snake Man, Spread, The Ghost Wind + Union Jack, Yip Yip + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + Black Mischief, Crash Impact, Fallen Angel, Lord Of The Rings + Marauder, Mystic Vision, Night Shadow, Overlord, Pixel, Syzzo + Turbo Interceptor, The Headman, Venom + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ 612-PRI-VATE ....... 5 Nodes ................ + Akira Project ........ 416-512-8566/8567 ....... 3 Nodes ................ + Revelation ................ 301-PRI-VATE ....... 5 Nodes ................ + East BBS ............... +(46)-8-940-614 ................................ + Twins ..................... 514-723-4351 ....... 3 Nodes ................ + No Name .............. +(49)-523-491-242 ................................ + Ĵ + DRISTRIBUTION SITES + Ĵ + Juve Rehab .......... +(358)-187-818-316 ....... 2 Nodes ................ + Free Q8 ................ +(965)-532-4360 ................................ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ................ + Orange Juice ........... +(61)-357-10747 ....... 3 Nodes ................ + Hell ...................... 313-349-4933 ....... 2 Nodes ................ + Cimmeria .............. +(90)-1-384-0863 ................................ + Maximum Security .......... 408-867-0747 ....... 3 Nodes ................ + Nirvana ................... 516-364-6257 ........4 Nodes ................ + + + TDT 1992 : Your Dream's Come Alive! diff --git a/textfiles.com/piracy/DREAMTEAM/lost.nfo b/textfiles.com/piracy/DREAMTEAM/lost.nfo new file mode 100644 index 00000000..69b59617 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/lost.nfo @@ -0,0 +1,98 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + LOST IN TIME PART I FROM COKTEL VISION *FRENCH* + Ŀ + RELEASE INFO + Ĵ + Cracked by..: HARD CORE .............. Supplier...: FLT FRANCE .......... + Game Overall: 70% .................... Date.......: 10th March 1993 ..... + Graphics....: VGA/MCGA 256 COLORS .... Sound......: All ................. + + After BAT 2, Ishar, Flashback, Eternam, Inca and lot's of others french games + that TDT had ways ahead of everyone else, but we didn't release them coz + they were french, the majority of TDT decided to make a new direction for TDT + + From this moment, The Dream Team will start to release NON-ENGLISH titles + ONLY when the ENGLISH version has NOT yet been out, and when the game is + still PLAYABLE. The word playable does have a lot of meanings, but this word + fits on this release for sure! + + The game is a point and click. The bad things in this is that the JOKERS + (hints) you are given are in french, and the objects are named in french, + but thats no problem since they are all visible and easy to recognise... + + You can install the game using SUBST from the hard disk, but make sure you + dont choose the advanced option button after all the disks are installed , + it can fuck up your hard disk, as it did for me... + + MAKE sure you copy the LOST.COM to your GAME directory after you have + installed the game, it's the CRACK PATCH for it...(ie to C:\COKTEL\LOST) + + Personal greetings: SPREAD - DR.Q2 - MOBY - REDSKIN - S.S - SILUS GUARDIAN + S.FLASH - MAJOR THEFT and MARTIAL ARTIST + + Greetings goes to : FAIRLIGHT - THG - RAZOR - UNT - TRSI - SKILLION + + THE DREAM TEAM - Friends Forever... + Ŀ + IF you want to contact THE DREAM TEAM then call this BBS: + Call : 612-755-1347 + Use username: APPLICATION + Password : TDT + Hit 'E' and enter message to: HARD CORE + + Ŀ + If you want the newest and hottest soft very fast write to (no swapping) + + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + MEMBER BOARDS + Ĵ + Unlawful Entry ............ 612-755-1347 .... 7 Nodes ... Major Theft ... + Twins ..................... 514-723-4351 .... 4 Nodes ... Spread ........ + New Central Europe ...... +(49)-TMP-DOWN ....13 Nodes ... Phil Thrust ... + Alpha 2010 ................ 210-687-9660 .... 4 Nodes ... Silus Guardian. + Ĵ + HEADQUARTERS + Ĵ + Highland Board .......... +(39)-PRI-VATE .... 5 Nodes ... Terminator .... + Realm Of Immortality ...... ITS-PRI-VATE .... 3 Nodes ... Sparkling Flash + Guru's Dream ............ +(46)-828-2760 .... 5 Nodes ... Dirty Bush .... + Ĵ + DISTRIBUTION SITES + Ĵ + Big Time .................. 519-TMP-DOWN .... 2 Nodes ... Stroke ........ + The Deep .................. 305-888-7724 .... ....... ... Great White ... + Athens .................... 510-827-1049 NUP: DIABLO. ... Aristotle ..... + GreyBeard's Castle ........ 601-939-7861 .... 2 Nodes ... Mark Twain .... + So'Krates ................. 310-836-0469 .... 2 Nodes ... Philosopher ... + Ĵ + WORLD FAMOUS DISTRIBUTION SITES + Ĵ + Free Q8 ................ +(965)-PRI-VATE .... 2 Nodes ... Desert Rat .... + Zero City III .......... +(61)-2724-4152 .... 2 Nodes ... Icepic ........ + DA HAUZE .............. +(31)-767-191-11 .... 4 Nodes ... Moby .......... + Desert Storm ........... +(966)-PRI-VATE .... ....... ... Amigo ......... + + Ŀ + HALL OF FAME + Ĵ + [HARD CORE.....] - [MAJOR THEFT....] - [SPREAD.......] - [ROGER WILCO...] + [DR.Q2.........] - [ACTION MAN.....] - [REDSKIN......] - [THE CORPORAL..] + [SILUS GUARDIAN] - [MOSAIC.........] - [S. FLASH.....] - [HITMAN........] + [S.S...........] - [MAVERICK.......] - [BLACK RIDER..] - [MARTIAL ARTIST] + Ĵ + SPREADERS + Ĵ + XAVIER X - Lord Disembowelment - Skybum - Coyotes Memeber - Freak - ROTOX + + + -*- Q U A L I T Y O N L Y -*- diff --git a/textfiles.com/piracy/DREAMTEAM/msfs5.nfo b/textfiles.com/piracy/DREAMTEAM/msfs5.nfo new file mode 100644 index 00000000..fc621986 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/msfs5.nfo @@ -0,0 +1,76 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + MICROSOFT FLIGHT SIMULATOR 5.0 RELEASE + Ŀ + RELEASE INFO + Ĵ + Cracker......: N/A Supplier...: MR.TDT + Game Overall.: 90% Date.......: 26TH OF AUGUST 1993 + Graphics.....: VGA 256 COLORS Sound......: MOST + + + Here comes another great one from your favourite group: THE DREAM TEAM! + + After many beta versions out there TDT come's with the FINAL RELEASE of this + KICK ASS game...You are probably familiar with this game and know whats it + all about, therefor its no need for a deep description! + + Personal greetings: Killerette, Phonestud, Hoson, Radical, Major Theft, + Redskin, Pharaoh, Devious Doze, Firehead! + + Group greetings goes to : THG - TRSI - RAZOR - FAIRLIGHT - PTG - NEXUS + + If you are a courier and is currently looking for a courier JOB in TDT, give + us a call at our mail box number : 404-395-2563 + + The Dream Team - Some things live forever... + Ŀ + If you want to GET the NEWEST and HOTTEST IBM programs then write to + + TDT DISKS-BY-MAIL + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + We do also carry CHEAP hardware and the latest VHS PAL movies... + + Ŀ + MEMBER BOARDS + Ĵ + UNLAWFUL ENTRY =*= ITS-AWE-SOME =*= 8 NODES =*= MEMBER + TWINS =*= 514-251-1838 =*= 4 NODES =*= MEMBER + ALPHA 2010 =*= ITS-AWE-SOME =*= 6 NODES =*= MEMBER + EXALTED DEATH =*= 314-966-2270 =*= 2 NODES =*= MEMBER + Ĵ + SHOCK TO THE SYSTEM =*= +39-PRI-VATE =*= 5 NODES =*= ITALIAN HQ + PHONE HENGE =*= 407-586-0634 =*= 2 NODES =*= US HQ + DA HAUZE =*= +31-PRI-VATE =*= 6 NODES =*= BENELUX HQ + LIGHTHOUSE SPEED =*= +49-PRI-VATE =*= 3 NODES =*= GERMAN HQ + BEYOND AKIRA =*= 416-461-9101 =*= 3 NODES =*= CANADIAN HQ + Ĵ + WIZARD'S TOWER =*= 419-874-2704 =*= 3 NODES =*= DISTRO + THE DEEP =*= 305-888-7724 =*= 2 NODES =*= DISTRO + THE LIQUOR CABINET =*= 214-368-7317 =*= 2 NODES =*= DISTRO + + Ŀ + THE DREAM TEAM FULL MEMBER LIST + Ĵ + + HARD CORE, HOSON, REDSKIN + + BLACK RIDER, BLUE LIQUID, DIABLO, DEAD GOON, DEVIOUS DOZE, EDWARD CHANG + EXCESSIVE KNIGHT, INTREQ, MAC BETH, MAJOR THEFT, MAVERICK + MARTIAL ARTIST, ROGER WILCO, S.S , SPREAD, THE MAGIC ARTIST + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + THE DREAM TEAM SPREADING TEAM + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + FIREHEAD, RADICAL + DIABLO, PETER FALK, MYSTIK TIGER, SCOUT, THE MASTER, ROTOX, X + + + + NO RULES THIS TIME, SINCE WE MAKE UP THE RULES FOR THE SCENE diff --git a/textfiles.com/piracy/DREAMTEAM/pinball.nfo b/textfiles.com/piracy/DREAMTEAM/pinball.nfo new file mode 100644 index 00000000..47973090 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/pinball.nfo @@ -0,0 +1,108 @@ + + + + + + + + + + + + + + [OFFSET] + + ProudlyPresent + + Tristan Pinball from Littlewing + + Ŀ + RELEASE INFORMATION + Ĵ + Cracked by : ABACUS + Supplied by : U.J + Released : 31th August 1992 + Graphics : 640*480 , 16 or 256 colors + Sound : Speaker/Adlib/Soundblaster + + Ŀ + RELEASE NOTES + + This is a new fresh and sweet pinball game for your IBM! There has not been + much of this type of game's on the IBM, but here we come's with TRISTAN... + It's not as good as Pinball Dreams on the amiga, but still a high quality + pinball game. Thanx must go to U.J for the great supply, good job! + + Another TDT US First... + + Greetings goes to: Irata/TRSI - Thanx for all help + INC - You never fuck up games, yeah right! + REST OF THE SCENE - Where are you? + + Yet another QUALITY release by TDT! + + Have fun and see you later in our next crack! + + Ŀ + If you like this release then write to us! Support the group that makes + this possible for you : THE DREAM TEAM + + Ŀ + The Dream Team is always ready to take in new members. But we want only + the best. If you can supply games, make music (MOD) , or draw graphics + contact us by calling the nearest TDT bbs or write to our post box! + + Also if you are intrested in the newest and hottest make sure to write to + us for a free program diskette + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + ABACUS, Ace, ActionMan, Asmodeus, Desert Rat, Califboy, Devious Doze + Hard Core, IronSide, Major Theft, Mr Thompson, Nightman, Offset + Pablo, Phil Thrust, Redskin, Roger Wilco, Snake Man + Spread, Stroke , The Ghost Wind, Union Jack, Wolverine, Yip Yip + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + Fallen Angel , Venom , Boo , Cuca , Marauder, Black Mischief, Pixel + The Headman, Lord Of the Rings, Turbo Interceptor, Syzzo, S.S , O-Z-Z-Y + Black Rider , Avenger , Cellat & Sledge - Freak & Shogun + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ 612-PRI-VATE ....... 6 Nodes ................ + Revelation ................ 301-PRI-VATE ....... 5 Nodes ................ + Akira Project ............. 416-512-8567 ....... 3 Nodes ................ + East BBS ............... +(46)-8-940-614 ................................ + Twins ..................... 514-723-4351 ....... 3 Nodes ................ + No Name BBS ........... +(49)-ELITE-CALL ................................ + New Central Europe ... +(49)-911-758-383 .......11 Nodes ................ + Central Nervous System .... 414-832-1449 ................................ + Ĵ + DISTRIBUTION SITES NORTH AMERICA + Ĵ + Hell ...................... 313-349-4933 ....... 2 Nodes ................ + The Underworld ............ 916-429-2232 ................................ + Lite House Express ........ 407-624-4329 ....... 2 Nodes ................ + Big Time .................. 519-978-3388 ................................ + The Fifth Dimension ....... 203-589-2269 ................................ + Pandora's Box ............. 313-652-2578 ....... 5 Nodes ................ + Ĵ + DISTRIBUTION SITES EUROPE AND SAUDI ARABIA + Ĵ + Juve Rehab .......... +(358)-187-818-316 ....... 2 Nodes ................ + Free Q8 ................ +(965)-532-4360 ................................ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ................ + Orange Juice ........... +(61)-357-10747 ....... 3 Nodes ................ + Cimmeria .............. +(90)-1-384-0863 ................................ + Exodus BBS ............. +(352)-42-44-92 ................................ + + + TDT 1992 : Your Dream's Come Alive! diff --git a/textfiles.com/piracy/DREAMTEAM/premiere.nfo b/textfiles.com/piracy/DREAMTEAM/premiere.nfo new file mode 100644 index 00000000..4dfb1030 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/premiere.nfo @@ -0,0 +1,89 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + PREMIERE MANAGER FROM GREMLIN GRAPHICS + Ŀ + RELEASE INFO + Ĵ + Cracked by..: HARD CORE .............. Supplier...: CAVALIER ............ + Game Overall: 40% .................... Date.......: 27th May 1993 ....... + Graphics....: VGA 256 COLORS ......... Sound......: All ................. + + + It's starting to move again for TDT... Your favourite cracking team has + finally woke up and is ready to conquer the world as in the old days! Be sure + to grab the many more cracks from The Dream Team in the near future. + + Skillion: You guys can't crack for shit, must have fucked up every release + you guys had the last 6 months... First lemmings 2, then flashback + and now ishar 2 french, the crack patch DOES NOT WORK. Wake up + or stop releasing fuck ups. + + Personal greetings : Fallen Angel , Maverick , Maximilien , Dr.Q2 and JFK + + Greetings goes to: SKILLION (Ever heard about silamarils before?) + Randall Flagg (Eat more spaghetti instead of bragging) + THG - NOT THIS TIME.. + FAIRLIGHT - RAZOR - TRSI - UNT + + THE DREAM TEAM - Friends Forever... + Ŀ + IF you want to contact THE DREAM TEAM then call this BBS: + Call : 612-755-1347 + Use username: APPLICATION + Password : TDT + Hit 'E' and enter message to: HARD CORE + + Ŀ + If you want to obtain the NEWEST and HOTTEST IBM programs then write to + + The Dream Team + PO. BOX 46 + S-37 464 STALOWA WOLA 6 + POLAND + ij + IF YOU LIVE IN FRANCE WRITE TO: SKID ROW + B.P 13 + 95370 MONTIGNY, FRANCE + + Ŀ + MEMBER BOARDS + Ĵ + Unlawful Entry ............ 612-755-1347 .... 7 Nodes ... Major Theft ... + Twins ..................... 514-723-4351 .... 4 Nodes ... Spread ........ + Alpha 2010 ................ 210-687-9660 .... 4 Nodes ... Silus Guardian. + Fear And Loation .......... 205-302-0706 .... 5 Nodes ... The Doctor .... + Ĵ + HEADQUARTERS + Ĵ + Highland Board .......... +(39)-PRI-VATE .... 5 Nodes ... Terminator .... + Realm Of Immortality ...... 415-PRI-VATE .... 3 Nodes ... Sparkling Flash + Guru's Dream ............ +(46)-828-2760 .... 5 Nodes ... Dirty Bush .... + Phone Henge ............... 407-586-0634 .... ....... ... Jinks ......... + Ĵ + DISTRIBUTION SITES + Ĵ + The Deep .................. 305-888-7724 .... ....... ... Great White ... + Athens .................... 510-827-1049 NUP: DIABLO. ... Aristotle ..... + GreyBeard's Castle ........ 601-939-7861 .... 2 Nodes ... Mark Twain .... + So'Krates ................. 310-836-0469 .... 2 Nodes ... Philosopher ... + Ĵ + WORLD FAMOUS DISTRIBUTION SITES + Ĵ + Free Q8 ................ +(965)-PRI-VATE .... 2 Nodes ... Desert Rat .... + Vanguardium ............ +(61)-2724-4152 .... 2 Nodes ... Icepic ........ + DA HAUZE .............. +(31)-767-191-11 .... 4 Nodes ... Moby .......... + + Ŀ + HALL OF FAME + Ĵ + [HARD CORE.....] - [MAJOR THEFT....] - [SPREAD.......] - [ROGER WILCO...] + [DR.Q2.........] - [MAVERICK.......] - [REDSKIN......] - [DARK LORD.....] + [SILUS GUARDIAN] - [MAXIMILIEN.....] - [S. FLASH.....] - [HITMAN........] + [S.S...........] - [THE CORPORAL...] - [BLACK RIDER..] - [MARTIAL ARTIST] + + + -*- Q U A L I T Y O N L Y -*- diff --git a/textfiles.com/piracy/DREAMTEAM/riders.nfo b/textfiles.com/piracy/DREAMTEAM/riders.nfo new file mode 100644 index 00000000..d81b3aeb --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/riders.nfo @@ -0,0 +1,117 @@ + + + + + + + + + + + + + + [OFFSET] + + ProudlyPresent + + Time Riders from TLC + + Ŀ + RELEASE INFORMATION + Ĵ + Supplied by : Wolverine + Released : 24th August 1992 + Graphics : VGA 256 colors + Sound : Roland / Soundblaster / Adlib / Pc-Speaker + + Ŀ + RELEASE NOTES + + Exellent graphics! Full 256 color, many pictures, good story, the game is + a hit... This game is a Sierra/Carmen type game where you walk around and + solve problems. Time Riders is definitely a good game, and if you like to + play the sierra games, go for this one! + + Many thanx goes to everyone that helps TDT to stay as the TOP QUALITY GROUP + + Compliments goes to - INC/FLT/RAZOR for dumping wares on the scene as + Chinese/German/Updates/CD-ROM/Compilations... + + Greetings goes to TRSI - Keeping up the quality + THG - Dont release shit + Extasy - For coming back + + To install this game: Either copy all disks to 4x720 3"1/2 floppies and + run install.exe on disk 1 + Or unzip all 4 disks into one directory, + type : SUBST A: . + Run install.exe + + + Yet another QUALITY release by TDT! + + Have fun and see you later in our next crack! + + Ŀ + If you like this release then write to us! Support the group that makes + this possible for you : THE DREAM TEAM + + Ŀ + The Dream Team is always ready to take in new members. But we want only + the best. If you can supply games, make music (MOD) , or draw graphics + contact us by calling the nearest TDT bbs or write to our post box! + + Also if you are intrested in the newest and hottest make sure to write to + us for a free program diskette + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + ABACUS, Ace, ActionMan, Asmodeus, Desert Rat, Califboy, Devious Doze + Hard Core, IronSide, Major Theft, Mr Thompson, Nightman, Offset + Pablo, Phil Thrust, Redskin, Roger Wilco, Snake Man + Spread, Stroke , The Ghost Wind, Union Jack, Wolverine, Yip Yip + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + Fallen Angel , Venom , Boo , Cuca , Marauder, Black Mischief, Pixel + The Headman, Lord Of the Rings, Turbo Interceptor, Syzzo, S.S , O-Z-Z-Y + Black Rider , Avenger , Cellat & Sledge + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ 612-PRI-VATE ....... 6 Nodes ................ + Revelation ................ 301-PRI-VATE ....... 5 Nodes ................ + Akira Project ............. 416-512-8567 ....... 3 Nodes ................ + East BBS ............... +(46)-8-940-614 ................................ + Twins ..................... 514-723-4351 ....... 3 Nodes ................ + No Name BBS ........... +(49)-ELITE-CALL ................................ + New Central Europe ... +(49)-911-758-383 .......11 Nodes ................ + Central Nervous System .... 414-832-1449 ................................ + Ĵ + DISTRIBUTION SITES NORTH AMERICA + Ĵ + Hell ...................... 313-349-4933 ....... 2 Nodes ................ + The Underworld ............ 916-429-2232 ................................ + Lite House Express ........ 407-624-4329 ....... 2 Nodes ................ + Big Time .................. 519-978-3388 ................................ + The Fifth Dimension ....... 203-589-2269 ................................ + Pandora's Box ............. 313-652-2578 ....... 5 Nodes ................ + Ĵ + DISTRIBUTION SITES EUROPE AND SAUDI ARABIA + Ĵ + Juve Rehab .......... +(358)-187-818-316 ....... 2 Nodes ................ + Free Q8 ................ +(965)-532-4360 ................................ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ................ + Orange Juice ........... +(61)-357-10747 ....... 3 Nodes ................ + Cimmeria .............. +(90)-1-384-0863 ................................ + Exodus BBS ............. +(352)-42-44-92 ................................ + + + TDT 1992 : Your Dream's Come Alive! diff --git a/textfiles.com/piracy/DREAMTEAM/samurai.nfo b/textfiles.com/piracy/DREAMTEAM/samurai.nfo new file mode 100644 index 00000000..e9f711d6 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/samurai.nfo @@ -0,0 +1,113 @@ + + + -//- T H E D R E A M T E A M -\\- + 1 9 9 2 + + ProudlyPresent + + The First Samurai from VIDI SOFT + + Ŀ + RELEASE INFORMATION + Ĵ + Cracked by : Hard Core + Supplied by : Maximilian + Released : 11th October 1992 + Graphics : VGA 256 colors + Sound : Soundblaster /Aldib/Speaker + + Ŀ + RELEASE NOTES + + Cool game! One of theese fun go around and figure things games. Reminds me + of GODS, but not same great graphics... + + Your master has been killed by an Evil guy who escaped into the future, you + are following him with the help of a magic samurai sword. For each level + you need to pick up 4 magic things. Then to activate them press 'B' when the + blue man is showing up. 'N' shows your status for actual level. Each level + is little bit tricky, and it took me 2 hours to play throu it and find the + copy protection which showed up at the end of each level. + + If you want to make a trainer this may help you (Helped me...): + CS:184 - Transformation On/Off (01/00) + CS:1CF - Guy's Energy E8 03 Should be full power + CS:141 - Sword's Energy E8 03 Should be full power + CS:184 - How many bells you have,put FF...heh.. + CS:394C - Magic Items, should be 4 + + Many thanx goes to our new supplier from europe MAXIMILIAN! + + Greetings goes to: Devious Doze, Bryn Rogers, Onyx, Chevy and Slave Lord + + Yet another QUALITY crack by TDT! + + Have fun and see you later in our next release! + Ŀ + Also if you are intrested in the newest and hottest make sure to write to + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + Want to be a DIST SITE? If you want to be in the BEST organized cracking + team then TDT is your choise. We offer you great support and quick upload + when releases comes. Ask any TDT DIST site on the scene! + CALL : 612-754-0266 (9600Bps only!) + On username ENTER : APPLICATION + Use Password : DISTSITE + Hit 'E' and enter message to : HARD CORE + Now write us your voice number, your name, a few word about your system + and something about what you can do for US...See you on There! + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ 612-PRI-VATE ....... 6 Nodes ................ + Revelation ................ 301-PRI-VATE ....... 5 Nodes ................ + Akira Project ............. 416-512-8567 ....... 3 Nodes ................ + Twins ..................... 514-723-4351 ....... 3 Nodes ................ + New Central Europe ....... +(49)-PRIVATE .......11 Nodes ................ + Central Nervous System .... 414-832-1449 ................................ + Hell ...................... 313-349-4933 ................................ + Ĵ + NORTH AMERICA DISTRIBUTION SITES + Ĵ + Lite House Express ........ 407-624-4329 ....... 2 Nodes ....HEADQUARTERS + Big Time .................. 519-252-7400 ................................ + The Vertigo File .......... 815-667-4892 ................................ + The Satanic Syndicate ..... 201-301-0952 ................................ + Pandora's Box ............. 313-652-6137 ....... 5 Nodes ................ + Realm of Immortality ...... 415-992-0945 ....... 3 Nodes ................ + Crewel Lye ................ 713-432-0779 ................................ + Members Only .............. 513-PRI-VATE ........2 Nodes ................ + Fort Nox .................. 508-658-6132 ................................ + Ĵ + EUROPE AND SAUDI ARABIA'N DISTRIBUTION SITES + Ĵ + Orage Juice ........... +(61)-3-571-0700 ....... 4 Nodes ................ + Juve Rehab .......... +(358)-187-818-316 ....... 2 Nodes ................ + Free Q8 ................ +(965)-532-4360 ................................ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ................ + Exodus BBS ............. +(352)-42-44-92 ................................ + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ................ + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + Hard Core , Devious Doze + Major Theft , Wolverine , Roger Wilco , The Corporal + Fallen Angel , Offset , Ironside , ActionMan , Dr. Q2 , Asmodeus + Union Jack , Redskin , Phil Thrust , Desert Rat , Spread , Snake Man + The Ghost Wind , Stroke , Whiplash Snidley , Sparkling Flash + Maximilian , Yip Yip , Dirty Bush , RON , Electron.. + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + Venom , Cuca , Turbo Interceptor , OMEN , BOO , The Hexmaster + Black Rider , Freak & Shogun , Overlord , Rotox , Q-Tip + + + + The Dream Team - Was There Ever A Choise? diff --git a/textfiles.com/piracy/DREAMTEAM/sextris.nfo b/textfiles.com/piracy/DREAMTEAM/sextris.nfo new file mode 100644 index 00000000..ef4a985a --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/sextris.nfo @@ -0,0 +1,107 @@ + + + + + + + + + + + + + + [OFFSET] + + ProudlyPresent + + + SEX TETRIS from Buena Software + + Ŀ + RELEASE INFORMATION + Ĵ + Supplied by : Roger Wilco + Released : 5rd September 1992 + Graphics : VGA/MCGA + Sound : Speaker + + Ŀ + RELEASE NOTES + + Probably the best tetris you ever played. You will get really stressed when + you can see the picture showing you more and more. Don't spend too much time + on this one, there is another game coming tonight... + + If you think the game is too hard and still want to view the pictures, then + simply run CHEAT.EXE...(If you are at least 21) + + Greetings to: Trsi / Razor 1922 / Firelight / The Handle Guys / INC'r + + + Yet another QUALITY release by TDT! + + Have fun and see you later in our next crack! + + Ŀ + If you like this release then write to us! Support the group that makes + this possible for you : THE DREAM TEAM + + Ŀ + The Dream Team is always ready to take in new members. But we want only + the best. If you can supply games, make music (MOD) , or draw graphics + contact us by calling the nearest TDT bbs or write to our post box! + + Also if you are intrested in the newest and hottest make sure to write to + us for a free program diskette + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + ABACUS, Ace, ActionMan, Asmodeus, Desert Rat, Califboy, Devious Doze + Fallen Angel, Hard Core, IronSide, Major Theft, Mr Thompson + Offset ,Pablo, Phil Thrust, Redskin, Roger Wilco, Snake Man + Spread, Stroke , The Ghost Wind, Union Jack, Wolverine, Yip Yip + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + Venom , Boo , Cuca , Marauder, Black Mischief, Pixel + The Headman, Turbo Interceptor, S.S , O-Z-Z-Y + Black Rider , Avenger , Cellat & Sledge - Freak & Shogun - Overlord + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ 612-PRI-VATE ....... 6 Nodes ................ + Revelation ................ 301-PRI-VATE ....... 5 Nodes ................ + Akira Project ............. 416-512-8567 ....... 3 Nodes ................ + East BBS ............... +(46)-8-940-614 ................................ + Twins ..................... 514-723-4351 ....... 3 Nodes ................ + No Name BBS ........... +(49)-ELITE-CALL ................................ + New Central Europe ... +(49)-911-758-383 .......11 Nodes ................ + Central Nervous System .... 414-832-1449 ................................ + Ĵ + NORTH AMERICA HEADQARTERS + Ĵ + Hell ...................... 313-349-4933 ....... 2 Nodes ................ + The Underworld ............ 916-429-2232 ................................ + Lite House Express ........ 407-624-4329 ....... 2 Nodes ................ + Big Time .................. 519-978-3388 ................................ + The Fifth Dimension ....... 203-589-2269 ................................ + Pandora's Box ............. 313-652-2578 ....... 5 Nodes ................ + Ĵ + EUROPE AND SAUDI ARABIA'N HEADQUARTERS + Ĵ + Juve Rehab .......... +(358)-187-818-316 ....... 2 Nodes ................ + Free Q8 ................ +(965)-532-4360 ................................ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ................ + Orange Juice ........... +(61)-357-10747 ....... 3 Nodes ................ + Cimmeria .............. +(90)-1-384-0863 ................................ + Exodus BBS ............. +(352)-42-44-92 ................................ + + + TDT 1992 : The Team of Your Dream's! diff --git a/textfiles.com/piracy/DREAMTEAM/simphson.nfo b/textfiles.com/piracy/DREAMTEAM/simphson.nfo new file mode 100644 index 00000000..10ff37c1 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/simphson.nfo @@ -0,0 +1,71 @@ + + <>/<>/<>/<>/<>/<>/<>/<> THE DREAM TEAM & SKID ROW <>\<>\<>\<>\<>\<>\<>\<> + + P R E S E N T S + + THE SIMPHSONS FROM KONAMI + + Ŀ + GAME/CRACK INFORMATION + Ĵ + Cracker : Hard Core + Game Supplied by : Mysterius Goblin + Protection : PW in the intro + Display Screen : EGA/VGA 256 + Sound Boards : Speaker/Adlib + Game Overall : 95% + + +Game Notes: Hahaha...This game is SO fun! Its not 95% for game, but for the + playability.... + Well, if you are a BIG simphsons fan as i am, then you'll + probably LOVE this. + + See you soon in our next crack! + + IF you are a high respected BBS and wants to join a growing + group, contact us on ANY TDT bbs today! + +Greetings : USA/FLT - INC - THG - TRSI + + + The Dream Team Members + are + Hard Core,ActionMan,Sandman,Slayer,Con Artist,Jammer + Roger Wilco,Dr Pepsi,Cum Spreader,Norrin Radd,Ranx,Touch Tone + and all sysops + + Skid Row Members + are + FFC - Stark - SubZero + + Ŀ + The Dream Team/Skid Row [ OUTSIDE US ] + ij + Hard City +46-PRI-VATE Hard Core + Turk 51 Zone +31-104-296515 TDB + NetWork +31-2550-31623 Papillon + Bloom County +46-300-40258 Opus + No Name 358-187-818-316 Snake Man 2 Nodes + Orange Juice +61-3571-1627 Yip Yip 3 Nodes + TWINS 514-723-1712 Spread + WareHouse +358-625-806 Disco + The Star Factory +46-8-7172761 B.B. King + Paint In Black +49-6565-4553 Stoned Warrior 4 Nodes + ij + The Dream Team/Skid Row [ US ] + ij + Motherboard One 714-971-0172 Touch Tone 6 Nodes + Pirates Ship 515-277-1906 Skeleton 2 Nodes + Revelation 301-423-7860 Ghost Wind 4 Nodes + Orions Belt 718-370-8890 Pluto + + + If you want to contact us write to + + TDT SWEDEN + BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + \ No newline at end of file diff --git a/textfiles.com/piracy/DREAMTEAM/spectre.nfo b/textfiles.com/piracy/DREAMTEAM/spectre.nfo new file mode 100644 index 00000000..0eb8dcad --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/spectre.nfo @@ -0,0 +1,100 @@ + + + -//- T H E D R E A M T E A M -\\- + + (Who else?!?) Proudly Presents: + + SPECTRE FROM VELOCITY + + Ŀ + RELEASE INFORMATION + Ĵ + Supplied by : THE GRIM REAPER + Date : 10th December 1992 + Graphics : VGA 256 COLORS + Sound : ALL + Game Size : 1 1.44Mb's Use Subst, or Install from Floppy... + + + Looks like a decent one... Check it out... + + No DEMOs, No Updates, No Windows, No Kiddie Warez, + and No Foreign Language games you can't speak... + Only the BEST... + + Greets go out to: Hard Core, Soultaker, Pepsi Man, Rambone, Dr. Q2, + and Stroke + + Have fun, and see ya in our next QUALITY crack! + + Ŀ + If you want the newest and hottest soft very fast please write to. No swap. + Now even more improved/faster/better. If you did write before, try again! + + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + If you live in france write to + B.P.13 + 95370 MONTIGNY, FRANCE + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ ITS-PRI-VATE ....... 7 Nodes ..... USA ...... + Twins ..................... 514-723-4351 ....... 3 Nodes ..... Canada ... + New Central Europe ........ ITS-PRI-VATE .......12 Nodes ..... Germany .. + C.N.S. .................... 414-832-1449 ....... 2 Nodes ..... USA ...... + Crewel Lye ................ 713-432-0779 ..................... USA ...... + Terrordome ................ 416-619-1717 ....... 3 Nodes ..... Canada ... + Lite House Express ........ 407-624-4329 ....... 4 Nodes ..... USA ...... + Ĵ + THE DREAM TEAM HEADQUARTERS + Ĵ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ..... Italy .... + Pandora's Box ............. 313-652-6137 ....... 5 Nodes ..... USA ...... + Realm Of Immortality ...... ITS-PRI-VATE ....... 3 Nodes ..... USA ...... + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ..... Sweden ... + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-252-7400 ....... 2 Nodes ..... Canada ... + The Vertigo File .......... 815-667-4892 ..................... USA ...... + Asynchrone Entry .......... 418-661-8321 ....... 2 Nodes ..... Canada ... + The Deep .................. 305-888-7724 ..................... USA ...... + Vicious Paradise .......... 804-486-1810 ..................... USA ...... + PJ Tower .................. 714-356-9506 ..................... USA ...... + Ultimate Carnage .......... 314-949-5823 ..................... USA ...... + The Inferno BBS ........... 519-884-5071 ..................... Canada ... + Ĵ + WORLD FAMOUS DISTRIBUTION SITES + Ĵ + Pure Addiction ........ +(61)-3-571-0700 ....... 4 Nodes ..... Australia. + Free Q8 ................ +(965)-532-4360 ..................... Kuwait ... + Exodus BBS ............. +(352)-42-44-92 ..................... Luxembourg + Checkpoint Charlie ...... +(47)-42-67992 ..................... Norway ... + Parasite's Land ...... +(39)-935-958-196 ..................... Italy .... + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + Hard Core , Devious Doze , The Grim Reaper + Major Theft , Wolverine , Roger Wilco + Fallen Angel , Offset , Ironside , ActionMan , Dr. Q2 + Redskin , Freebird , Desert Rat , Spread , Black Rider , Nowayout + The Ghost Wind , Stroke , Snidely Whiplash , Sparkling Flash + Maximilian , Yip Yip , Dirty Bush , RON , Electron.. , Sought After + Buckaroo Banzai , Dr Crippen , Pepsi Man , Black Terror , Phil Thrust + Stingray , The Corporal , Great White/The Speed Racer , Dave & Chris + Soul Taker and S.S + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + UNDER RE-CONTRUCTION + + + "ORIGINAL IDEA - [HARD CORE] - [THE DREAM TEAM 1992]" diff --git a/textfiles.com/piracy/DREAMTEAM/sq5.nfo b/textfiles.com/piracy/DREAMTEAM/sq5.nfo new file mode 100644 index 00000000..2dd21a1c --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/sq5.nfo @@ -0,0 +1,112 @@ + + + -//- T H E D R E A M T E A M -\\- + 1993 - 3RD YEAR ANIVERSARY ON IBM +-*- QUALITY FACTORY -*- Proudly Presents: -*- QUALITY FACTORY -*- + + Space Quest V from Sierra RELEASE + Ŀ + RELEASE INFO + Ĵ + Supplier....: THE GRIM REAPER......... Cracker....: ..................... + Protection..: PASSWORD PROTECTED...... Date.......: 18th Feb 1993........ + Graphics....: VGA 320*200 256 colors.. Size.......: 5 1.44Mb Disks....... + + + FINALLY, after 2 BETAS out by two unfamous groups, TDT slams our second + release this week with the RELEASE version of SPACE QUEST 5 from SIERRA!!! + + You've probably seen the previous and been almost dieing to get the final + copy, TDT comes at your resque... + + We didnt find any protection, but when you are about to travel in space, you + will need the coordinates, they are stored in the file SQ5CORDS.TDT, make + sure you get this one, the BETA coordinates are diffrent! + + Not much more to say, just make sure you unzip PKUNZIP -D -$ ZIPNAME A: + + Greetings MUST go to: Aftermath , STRIDER , Lincoln , JFK , OLDIE and all + our new mates out there! + + Group greetings : RAZOR 1911 - Was it quality or quantity? + TRSI - Exepct some more competition now in Germany... + FAIRLIGHT - Good luck with PE + PYRADICK - Blah! + + Check out the intro on DISK 5! + + TDT - Not only QUALITY, but QUALLITY THAT WORKS! + Ŀ + IF you want to contact THE DREAM TEAM then call this BBS: + Call : 612-755-1347 + Use username: APPLICATION + Password : TDT + Hit 'E' and enter message to: HARD CORE + + Ŀ + If you want the newest and hottest soft very fast write to (no swapping) + Why second hand and not from the best? + + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + If you live in france write to: + B.P.13 + 95370 MONTIGNY, FRANCE + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ ITS-PRI-VATE ....... 7 Nodes ... Major Theft. + Twins ..................... 514-723-4351 ....... 4 Nodes ... Spread ..... + New Central Europe ........ ITS-PRI-VATE .......13 Nodes ... Phil Thrust. + Lite House Express ........ ITS-PRI-VATE ....... 4 Nodes ... Freebird ... + Terrordome ................ 416-619-1717 ....... 3 Nodes ... Stingray ... + Ĵ + THE DREAM TEAM HEADQUARTERS + Ĵ + Highland Board ............ ITS-PRI-VATE ....... 5 Nodes ... Ironside ... + Realm Of Immortality ...... ITS-PRI-VATE ....... 3 Nodes ... Sparkling F. + Alliance ............ +(49)-30-8885-2713 ....... 4 Nodes ... MICHELANGELO + Guru's Dream ............ +(46)-828-2760 ....... 5 Nodes ... Dirty Bush . + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-252-7400 ....... 2 Nodes ... Stroke ..... + The Pristine Tower ........ 815-667-4892 ....... 2 Nodes ... Vertigo .... + The Deep .................. 305-888-7724 ................... Speed Racer. + PJ Tower .................. 714-356-9506 ................................ + Ultimate Carnage .......... 314-949-5823 ................... Devestator . + Infinite Ragnarok ......... 916-XXX-XXXX ....... 2 Nodes ... Jormungand . + Athens .................... 510-XXX-XXXX ................... Aristotele . + GreyBeard's Castle ........ 601-939-7861 ....... 2 Nodes ... Mark Twain . + Cold Fusion ............... 604-XXX-XXXX ................................ + Ĵ + WORLD FAMOUS DISTRIBUTION SITES + Ĵ + Pure Addiction .......... +(61)-PRI-VATE ....... 4 Nodes ... Yip Yip .... + Free Q8 ................ +(965)-532-4360 ................... Desert Rat . + Checkpoint Charlie ...... +(47)-426-7992 ................... Vandall .... + Zero City III .......... +(61)-2472-4310 ....... 2 Nodes ................ + + Ŀ + THE DREAM TEAM MEMBERS [13 SOULS] + Ĵ + HARD CORE + THE GRIM REAPER - DR.Q2 - ROGER WILCO - ACTION MAN + MAXIMILIEN - THE CORPORAL - REDSKIN - S.S - BLACK RIDER + BUCKAROO BANZAI - DAVE & CHRIS - MOSAIC + Ĵ + THE DREAM TEAM COURIER SYSTEM [10 DEVILS] + Ĵ + Sharp - XAVIER X - Lord Disembowelment - Coyotes Memeber - Freak + ROTOX - SKYBUM - White Rose - Coke - Centre + + + NO UPDATES - NO NONEGLISH GAMES - NO WINDOWS GAMES - NO FUCK UPS + + -*- Q U A L I T Y O N L Y -*- diff --git a/textfiles.com/piracy/DREAMTEAM/tdt0192.nfo b/textfiles.com/piracy/DREAMTEAM/tdt0192.nfo new file mode 100644 index 00000000..d18f598c --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt0192.nfo @@ -0,0 +1,73 @@ + + [/\/\/\- T H E D R E A M T E A M -/\/\/\] + + Proudly Presents + + Paper Boy II from Mindscape + + Ŀ + RELEASE INFORMATION - + Ĵ + Cracker : - + Game Supplied by : Action Man + Protection : None, but installation removed + Display Screen : EGA/VGA 16 Colors + Sound Boards : Speaker/Adlib/Soundblaster + Game Type : Arcade + + Ŀ + RELEASE COMMENT - + Ĵ + Use all four arrow keys to move the paper kid... Return throws out + the news papers to the subscribers! + Access Codes are 5738 for level 2 and 6479 for level 3! + The original has to be installed from floppies, but we here at TDT + think that thats very lame so we removed it and replaced it with + our own setup program which let's you run the game from harddrive + direct! + Confusion about TDT/SR: Skid Row didnt care so much about the pc + they were just exited to start but wasnt that big deal. So from 1992 + there will be TDT only... + Greetings: THG,INC,USA,FLT,VF,XEROX,TRSI,PE,NEUA, (In Random Order) + + Ŀ + THE DREAM TEAM EUROPEAN SECTION - + Ĵ + MEMBERS : Hard Core - ActionMan - Mr Thompson - TDB + Roger Wilco - The Jammer - Dr Pepsi - Desert Rat + SYSOPS : Opus - Stoned Warrior - Snake Man - B.B.King + COURIERS : BLAZE - Pixel - Yip Yip + Ĵ + BULLETIN BOARD SYSTEMS - + Ĵ + HARD CITY 46-PRI-VATE Hard Core + EAST BBS 46-894-0614 Mr Thompson + TURK 51 ZONE 31-104-296515 TDB + Paint In Black 49-6565-4553 Stoned Warrior 4 Nodes + Juve Rehab 358-187-818316 Snake Man 2 Nodes + Free Q8 965-532-4360 Desert Rat + + Ŀ + THE DREAM TEAM AMERICAN SECTION + Ĵ + MEMBERS : The Surge - Pluto - The Ghost Wind - Sandman - Con Artist + SYSOPS : The Skeleton - Spread - Pluto - Asmodius - Norrin Radd + COURIERS : Union Jack, want to be his partner? + Ĵ + BULLETIN BOARD SYSTEMS + Ĵ + REVELATION 301-423-1442 Ghost Wind 5 Nodes World HQ + TWINS 514-723-4351 Spread 2 Nodes + HELL 313-349-4933 Asmodeus CourierHome + PIRATES SHIP 515-277-1906 Skeleton 2 Nodes + ORIONS BELT 718-370-8890 Pluto + SIDE EFFECTS 408-942-0818 Norrin Radd CourierHome + THE CASINO ROYALE 604-261-3260 The Commandant + + + For getting all the latest cracks write to + The Dream Team + PO BOX 52 + 810 70 AELVKARLEBY + S W E D E N + diff --git a/textfiles.com/piracy/DREAMTEAM/tdt0195.nfo b/textfiles.com/piracy/DREAMTEAM/tdt0195.nfo new file mode 100644 index 00000000..2969ca1f --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt0195.nfo @@ -0,0 +1,107 @@ + + + -//- T H E D R E A M T E A M -\\- + 1 9 9 2 + + ProudlyPresent + + Risky Woods from Electronic Art's + + Ŀ + RELEASE INFORMATION + Ĵ + Cracked by : Hard Core + Supplied by : Roger Wilco + Released : 7th October 1992 + Graphics : VGA 256 colors + Sound : Soundblaster (Pro)/Roland MT-32/Adlib/Speaker + + Ŀ + RELEASE NOTES + + Most of you have probably played the preview of this awesome arcade game! + Music/Sound effects are great, and the scrolling is sweet on a 486 computer + It's a long awaited game and here it comes! + + The game has 9 levels and using the level trainer you can start from other + levels than the first one. + + Greetings goes to: Sought After, Vertigo and Officer of Sorrow, our new + TDT buddies... + INC - Dont steal this one like you did with the preview + We MARKED the game, so we will find out! + + Level trainer run the file 'LEVEL.COM' + + Be also sure to grab King's Quest 6 done by TDT yesterday... + + Yet another QUALITY crack by TDT! + + Have fun and see you later in our next release! + Ŀ + Also if you are intrested in the newest and hottest make sure to write to + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + Want to be a DIST SITE? If you want to be in the BEST organized cracking + team then TDT is your choise. We offer you great support and quick upload + when releases comes. Ask any TDT DIST site on the scene! + CALL : 612-754-0266 (9600Bps only!) + On username ENTER : APPLICATION + Use Password : DISTSITE + Hit 'E' and enter message to : HARD CORE + Now write us your voice number, your name, a few word about your system + and something about what you can do for US...See you on There! + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ 612-PRI-VATE ....... 6 Nodes ................ + Revelation ................ 301-PRI-VATE ....... 5 Nodes ................ + Akira Project ............. 416-512-8567 ....... 3 Nodes ................ + Twins ..................... 514-723-4351 ....... 3 Nodes ................ + New Central Europe ....... +(49)-PRIVATE .......11 Nodes ................ + Central Nervous System .... 414-832-1449 ................................ + Hell ...................... 313-349-4933 ................................ + Ĵ + NORTH AMERICA DISTRIBUTION SITES + Ĵ + Lite House Express ........ 407-624-4329 ....... 2 Nodes ....HEADQUARTERS + Big Time .................. 519-252-7400 ................................ + The Vertigo File .......... 815-667-4892 ................................ + The Satanic Syndicate ..... 201-301-0952 ................................ + Pandora's Box ............. 313-652-6137 ....... 5 Nodes ................ + Realm of Immortality ...... 415-992-0945 ....... 3 Nodes ................ + Crual Lie ................. 713-432-0779 ................................ + Ĵ + EUROPE AND SAUDI ARABIA'N DISTRIBUTION SITES + Ĵ + Orage Juice ........... +(61)-3-571-0700 ....... 4 Nodes ................ + Juve Rehab .......... +(358)-187-818-316 ....... 2 Nodes ................ + Free Q8 ................ +(965)-532-4360 ................................ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ................ + Exodus BBS ............. +(352)-42-44-92 ................................ + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ................ + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + Hard Core , Devious Doze + Major Theft , Wolverine , Roger Wilco , The Corporal + Fallen Angel , Offset , Ironside , ActionMan , Dr. Q2 , Asmodeus + Union Jack , Redskin , Phil Thrust , Desert Rat , Spread , Snake Man + The Ghost Wind , Stroke , Whiplash Snidley , Sparkling Flash + Yip Yip , Dirty Bush , RON + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + Venom , Cuca , Black Mischief , Turbo Interceptor + Black Rider , Freak & Shogun , Overlord , Rotox , Q-Tip + + + + The Dream Team - Was There Ever A Choise? + diff --git a/textfiles.com/piracy/DREAMTEAM/tdt0292.nfo b/textfiles.com/piracy/DREAMTEAM/tdt0292.nfo new file mode 100644 index 00000000..e72a38e1 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt0292.nfo @@ -0,0 +1,72 @@ + + -//-//- T H E D R E A M T E A M -\\-\\- + + Proudly Presents + + Super Space Invaders from Domark + and + Super Space Invaders Trainer + + Ŀ + RELEASE INFORMATION _ + Ĵ + Software Surgeon : - + Supplied by : /-\ction /\/\an + Protection : - + Game Graphics : CGA/EGA/VGA 16 colors + Sound Boards : Speaker/Adlib/Roland + Game Type : Shoot'em Up/Arcade + + Ŀ + RELEASE COMMENT - + + Finally the Super Space Invaders game is here! The long awaited legend con- + tinue... The game feature cow savings and 12 level of hot action. We have + also trained the game and played through the whole game with Hard Core's + trainer. To start the game and make the game run with trainer type 'RUNME' + to start play. Another Quality release by TDT! + + Greetings : Big Hairy Camel,Major Theft,Irata,Pieman,Roger Wilco + + NOTE! We are running a TDT-TSHIRT campaign right now, read the TSHIRT.BUY + file for more info... + Ŀ + If you want to get all the newest write to + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + _ -><- THE DREAM TEAM EUROPE -><- _ + Ĵ + Members : Hard Core, ActionMan, Roger Wilco, Jammer,Zelnik,Mr Thompson + Sysops : Stoned Warrior, Snake Man, Deser Rat, TDB + Couriers : Blaze, Pixel, Yip Yip,Stinger + Ĵ + Hard City .............+46-PRI-VATE...Hard Core ................HOME BBS. + East BBS ..............+46-894-0614...Mr Thompson ..............Sweden HQ + Turk 51 Zone ..........+31-104-296515.TDB ......................Holland HQ + Paint In Black ........+49-656-54553..Stoned Warrior ..4 Nodes..Dist Site + Juve Rehab ............358-187-818316.Snake Man .......2 Nodes..Dist Site + Free Q8 ...............965-532-4360...Desert Rat ...............Dist Site + + Ŀ + _ -><- THE DREAM TEAM AMERICAN SECTION -><- _ + Ĵ + Members : The Surge, GOD, Con Artist, Sledge Hammer, Sandman + Sysops : The Skeleton, Spread, Asmodius, The Commandant, Opus + Couriers : Union Jack, QuickSilver, The Unforgiven + Ĵ + Unlawful Entry ........612-754-0266...Major Theft .....5 Nodes..World HQ. + Warez for the Masses ..302-836-6175...Goobug/Perfect ..7 Nodes..USA HQ... + Pirates Ship ..........515-277-1906...Skeleton ........2 Nodes..USA HQ... + Twins .................514-723-4351...Spread ..........2 Nodes..Canada HQ + Head Trauma ...........416-824-7191...Sledge Hammer ...3 Nodes..Canada HQ + Hell ..................313-349-4933...Asmodeus ........2 Nodes..Couriers. + The Casino Royale .....604-261-3260...The Commandant ...........Dist Site + Hornet's Nest .........301-229-8032...Sting/Opus ...............Dist Site + + + If you want to become a Member or Dist Site, contact Hard Core on + Unlawful Entry - The Dream Team World Headquarters diff --git a/textfiles.com/piracy/DREAMTEAM/tdt0491.nfo b/textfiles.com/piracy/DREAMTEAM/tdt0491.nfo new file mode 100644 index 00000000..0265cccd --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt0491.nfo @@ -0,0 +1,67 @@ + NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! + + The Cooperation TDT/TRSI is now broken. It's now TDT and TRSI only... + + NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! + + <<>/<<>/<<>/<<> THE DREAM TEAM <>>\<>>\<>>\<>> + PRESENTS + B A T T L E C O M M A N D + + Ŀ + Crack made by : Hard Core + Game Supplied by : Roger Wilco + Protection : Password protection (1 byte crack!) + Display Screen : CGA/EGA/VGA 256 Colors + Sound Boards : Speaker/Adlib/Roland + Game Overall : 75% + + +Game Notes: One of the BEST 3-d games on the market right now. The grafics + is very well done and the vectors are very smooth. It seems + like these programmers has found some good 3-d calculations! + + Opearating keys are: [Q] - Up + [A] - Down + [O] - Left + [P] - Right + [F1] - [F10] - Check by yourself! + [SPACE] - Fire + + Watch our for DreamDox coming soon to a board near you! + +Greetings goes to: Warlord,Stalker,The Pieman,Strider,Silencer + + + The Dream Team members are + Hard Core,Con Artist,Angelface,The Jammer,Ranx + The Sandman,TDB,Spread,Touch Tone,Pluto + ActionMan,Roger Wilco,Skeleton,RADAR + + The Dream Team Spreaders + Alast(408) - Brodde(718) - Doctor Slasher(516) + Symetric Shadow(514) - Cryptic Lance(818) - Pixel(32) + + Ŀ + THE DREAM TEAM [US] SECTION + ij + Motherboard One 215-944-971 Touch Tone 5 Nodes + Beyond Imagination 703-730-1688 MaggotMan 1-800 + Orions Belt 718-966-5930 Pluto + Twins 514-723-17-12 Spread + Steal Haven ITS-NOW-DOWN Norrin Radd + Apocalypse 703-347-5412 POW + Skeleton's BBS 515-277-0016 Skeleton 2 Nodes + Dead Zone 714-520-9945 Radar + ij + THE DREAM TEAM [EUROPEAN] SECTION + ij + Hard City +46-PRI-VATE Hard Core + Turk 51 Zone +31-104-296515 TDB + P.M.C. 358-185-279-18 Snake Man 2 Nodes + + + The Dream Team US The Dream Team Europe + PO BOX 131843 PO BOX 52 + Staten Island, NY 10313 810 70 Aelvkarleby + USA Sweden \ No newline at end of file diff --git a/textfiles.com/piracy/DREAMTEAM/tdt0592.nfo b/textfiles.com/piracy/DREAMTEAM/tdt0592.nfo new file mode 100644 index 00000000..55d19ef4 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt0592.nfo @@ -0,0 +1,88 @@ + + + -//- T H E D R E A M T E A M -\\- + + + -*- Proudly Present -*- + + Castle Wolfstein 3-D Release Version + Ŀ + RELEASE INFORMATION + Ĵ + Cracked by : - Gfx support: VGA 256 Colors + Protection : - Snd support: Adlib/Sblaster + Supplied by : R/\D/\R Game Type : Arcade W/Pg-13 Rating + Release date: 5th May 1992 Publisher : Apogee + + Ŀ + RELEASE NOTES + + This is the Final release, unlike the beta version $yndicate about + 2-3 weeks ago! great game, and awesome sound + + + Nothing much more to say...Be sure to grab the other TDT releases coming + REALLY soon! + + -*- Welcome back REVELATION -*- + + Greetings : Dr.Q2, Fairlight, Razor, TRSI, Extacy and THG + + + Have fun and see you soon in our next quality release! + + Ŀ + If you want to get all the newest write to + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + THE DREAM TEAM EUROPE + Ĵ + Members : Hard Core, ActionMan, Roger Wilco, Jammer, Zelnik, Paul,Offsat + Sysops : Mr Thompson, Snake Man, Desert Rat, IronSide, Redskin + Couriers : Pixel, Yip Yip, Income, Head Banger, Venom + Ĵ + East BBS ............. +46-894-0614 ... Mr Thompson ............ ........ + Juve Rehab ........... 358-187-818316 . Snake Man .......2 Nodes ........ + Free Q8 .............. 965-532-4360 ... Desert Rat ............. ........ + Highland Board ....... +39-362-901606 . Ironside ........3 Nodes ........ + Bagdad Cafe .......... 352-424-492 .... Redskin ................ ........ + Orange Juice ......... +61-357-10747 .. Yip Yip .........2 Nodes ........ + No Name .............. +49-523-491242 . Paul ................... ........ + + Ŀ + THE DREAM TEAM NORTH AMERICA + Ĵ + Members : Radar, Con Artist, Major Theft, Union Jack, Big Hairy Camel + Sysops : The Ghost Wind, Spread, Asmodeus, Loverboy, Nightman + : Califboy, Pirate Pete + Couriers : Deviouse Doze, Lord of Rings, Turbo Interceptor, The Headman + : Overlord, Night Shadow, Fallen Angel, Black Mischief + Ĵ + UNLAWFUL ENTRY ....... 612-PRI-VARE.... Major Theft ....5 Nodes .TDT WHQ. + Revelation ........... 301-2CO-OL4U.... BHC/TGW ........5 Nodes ......... + Twins ................ 514-723-4351.... Spread .........2 Nodes ......... + Hell ................. 313-349-4933.... Asmodeus .......2 Nodes .Courier. + Involuntary Death .... 708-599-1537.... Loverboy .......2 Nodes ......... + Akira Project ........ 416-512-8567.... Deviouse Doze ..3 Nodes ......... + Purple Dragon II ..... 714-531-9819.... Nightman .......3 Nodes ......... + Phase Shift .......... 604-732-4645.... Pirate Pete ....2 Nodes ......... + The Underworld ....... 916-429-2232.... Califboy .............. ......... + + + If you want to contact us call Unlawful Entry TDT WHQ + To get an account there leave mail on any TDT bbs + + Ŀ + The Five Latest TDT Releases + Ĵ + World Class Rugby 5N ..... VGA[16]/ADLIB .... Audigemic ..... 1st May + Troon North Links Course . VGA[256]/Adlib ... Accolade ...... 27th April + Steel Empire ............. VGA[256]/Soundb .. El Art's ...... 15th April + Sea Rogue 2.95 RELEASE ... VGA[16]/Adl ...... Microprose .... 14th April + Battle Isle English ...... VGA[256]/Adlib ... Blue Byte ..... 13th April + + \ No newline at end of file diff --git a/textfiles.com/piracy/DREAMTEAM/tdt0593.nfo b/textfiles.com/piracy/DREAMTEAM/tdt0593.nfo new file mode 100644 index 00000000..9a712499 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt0593.nfo @@ -0,0 +1,92 @@ + + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + + Railroad Tycoon Deluxe. + + + + Ŀ + RELEASE INFO + Ĵ + Cracked by.. : Dr. Detergent ..... Supplier.. : ALF and Lefty...... + Game Overall : 80% ............... Date...... : 13th June 1993 .... + Graphics.... : VGA 256 COLORS .... Sound..... : All ............... + + + + Yet another crack... + + The install program should copy the crack file RRT.COM into the directory + that you're installing Railroad Tycoon Deluxe. If it doesn't, then simply + copy the file RRT.COM there - it's needed to crack the game. + + Crack was easy... This crack is the CLEANEST crack, guaranteed to work 100%! + All cracking is done cleanly in memory, no internal file modifications etc. + Whatever answer you select at the doc check, it'll take your answer and + replace it with the good one. So simply press enter when at the doc check. + + + Dat's it! + + + + GROUP GREETINGS : CARDINALS, EASTON, ECR, EXTINCT, FAIRLIGHT, INC, PE, + RAZOR, SKILLION, THG, TRSI, UNT, FC. + + + PERSONALL GREETINGS : ALF, Lefty - thanx 4 the suppliez! + + + Call Digital Systems Transferring - 514-973-6674 14.4 v32bis 2.2 gig + +############################################################################## + + + + The Dream Team '93 - QUALITY, NOT QUANTITY + + + Ŀ + If you want to catch the NEWEST and HOTTEST IBM programs then write to + + TDT DISK-BY-MAIL + PO. BOX 46 + S-37 464 STALOWA WOLA 6 + POLAND + + Ŀ + MEMBER BOARDS + Ĵ + UNLAWFUL ENTRY /./ ITS-PRI-VATE /./ 7 LINES /./ AMIEXPRESS + TWINS /./ 514-723-4351 /./ 4 LINES /./ AMIEXPRESS + ALPHA 2010 /./ 210-687-9660 /./ 4 LINES /./ PC BOARD + FEAR & LOATION /./ 205-302-0706 /./ 5 LINES /./ PC BOARD + Ĵ + HEADQUARTERS + Ĵ + HIGHLAND /./ +[39]-PRI-VATE /./ 5 LINES /./ PC BOARD + GURU'S DREAM /./ +[46]-828-2760 /./ 5 LINES /./ AMI EXPRESS + PHONE HENGE /./ 407-586-0634 /./ 1 LINE /./ CELERITY + FREE KUWAIT /./ +[965]-PRI-VATE /./ 2 LINES /./ AMI EXPRESS + THE CITADEL OF DARK. /./+[61]-3-899-3247 /./ 2 LINES /./ CELERITY + + Ŀ + THE DREAM TEAM FULL MEMBER LIST + Ĵ + HARD CORE - MAJOR THEFT - SPREAD - DESERT RAT - SILUS GUARDIAN + DARK LORD - ROGER WILCO - REDSKIN - MAVERICK - DR. DETERGENT + DR. Q2 - BLACK RIDER - MAVERICK - S.S - MARAUDIN GOBLIN + --------------------------------------------------------------------------- + SPREADERS + --------------------------------------------------------------------------- + [RADICAL......] - [BUBBLE MAN....] - [FIREHEAD......] - [THE MASTER.....] + + + -*- N O B U L L S H I T -*- + + diff --git a/textfiles.com/piracy/DREAMTEAM/tdt0792.nfo b/textfiles.com/piracy/DREAMTEAM/tdt0792.nfo new file mode 100644 index 00000000..f4c55ab5 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt0792.nfo @@ -0,0 +1,98 @@ + + + -//- T H E D R E A M T E A M 1992 -\\- + + + -*- Proudly Present -*- + + Double Dragon III + Trainer + + Ŀ + RELEASE INFORMATION + Ĵ + Trainer by : Hard Core + Released : 25th July 1992 + Graphics : VGA / EGA + Sound : Roland / Soundblaster / Adlib / Pc-Speaker + + Ŀ + RELEASE NOTES + + Yeah! This is really great action. If you think the game is too hard, start + it with the trainer. It gives you unlimited energy and credits. Time limit + still ticks tho. Leaving that for someone else...hehe + + Keys are : [SHIFT] + [ARROW] - Punch + Jump + [RETURN] + [ARROW] - Kick + [RETURN] + [SHIFT] + [ARROW] - Jump and kick + + Greetings must go out to: INC - You release so much shit + IDD - Night Ranger (Don't steal amiga dox and put + your name on it, thats VERY lame) + TRSI - We love you guys + FLT - Great comeback + + Extra greetings : Darwin/Dr No/Zodact - Nice to meet you guys last week... + Hope you guys got a nice trip to + Stockholm! + + Yet another release by TDT! + + Have fun and see you later in our next crack! + + Ŀ + If you like this release then write to us! Support the group that makes + this possible for you : THE DREAM TEAM + Ĵ + Greeting goes to the software companies, dont be sad, we just make you + guys a favour spreading your releases to countries you would never reach + + Ŀ + The Dream Team is always ready to take in new members. But we want only + the best. If you can supply games, make music (MOD) , or draw graphics + contact us by calling the nearest TDT bbs or write to our post box! + + Also if you are intrested in the newest and hottest make sure to write to + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + ABACUS, Ace, ActionMan, Asmodeus, Desert Rat, Devious Doze + Hard Core, IronSide, Major Theft, Mr Thompson, Nightman, Offset + Phil Thrust ,Pablo, Redskin, Roger Wilco, Snake Man, Spread + The Ghost Wind, Union Jack, Yip Yip + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + UNDER ORGANIZATION + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ 612-PRI-VATE ....... 6 Nodes ................ + Akira Project ........ 416-512-8566/8567 ....... 3 Nodes ................ + Revelation ................ 301-PRI-VATE ....... 5 Nodes ................ + East BBS ............... +(46)-8-940-614 ................................ + Twins ..................... 514-723-4351 ....... 3 Nodes ................ + No Name BBS ........... +(49)-ELITE-CALL ................................ + New Central Europe ...... +(49)-PRI-VATE ....... 7 Nodes ................ + Ĵ + DISTRIBUTION SITES + Ĵ + Juve Rehab .......... +(358)-187-818-316 ....... 2 Nodes ................ + Free Q8 ................ +(965)-532-4360 ................................ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ................ + Hell ...................... 313-349-4933 ....... 2 Nodes ................ + Orange Juice ........... +(61)-357-10747 ....... 3 Nodes ................ + Hell ...................... 313-349-4933 ....... 2 Nodes ................ + Cimmeria .............. +(90)-1-384-0863 ................................ + Exodus BBS ............. +(352)-42-44-92 ................................ + Big Time .................. 519-978-3388 ................................ + + + TDT 1992 : Your Dream's Come Alive! + diff --git a/textfiles.com/piracy/DREAMTEAM/tdt0793.nfo b/textfiles.com/piracy/DREAMTEAM/tdt0793.nfo new file mode 100644 index 00000000..4d56fa25 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt0793.nfo @@ -0,0 +1,73 @@ + + -> > > T H E D R E A M T E A M ' 91-93 < < <- + + + + + + + + + Proudly Presents - When 2 Worlds War U.S Release By Impressions + + Ŀ + Release Information Game Information + Ĵ + Cracked By : N/A................ Graphics : EGA/VGA............ + Supplied By : DARK FORCE......... Sound Cards : Ad-lib/Sb.......... + Release Date : July 16th 1993..... # of Disks : 2 HD's............. + + + Well here it is the USA Release of this great Strategy game, We at + First didnt think this was going to be worth our while but after comparing + this release to the 1 meg Razor release we decided to put it out.Anyone + could of had this, but by fluke we checked it and bam! Here is us, Updated, + complete and final. Hope you enjoy this release, hope to see you soon in + our next release. + + Greetings to - TRSI / THG / PE / RAZOR & FAIRLIGHT! + + Personal Greets to - Rygar, Hydro, Doze, Killer, Tiger & Shadolok! + + Anyone want good deals on Copiers? Leave me on Unlawful To FA!, and you + can get the best prices! + + + Ŀ + If you want to catch the NEWEST and HOTTEST IBM programs then write to + + TDT DISK-BY-MAIL + PO. BOX 46 + S-37 464 STALOWA WOLA 6 + POLAND + + Ŀ + > > > T H E D R E A M T E A M - B U L L E T I N B O A R D S < < < + Ĵ + Unlawful Entry ............ ITS-PRI-VATE ..... 8 Nodes ..... World HQ + Twins ..................... 514-723-4351 ..... 4 Nodes ..... Canadian HQ + Alpha 2010 ................ 210-687-9660 ..... 6 Nodes ..... US Mega-HQ + Fear & Loathing ........... ITS-PRI-VATE ..... 6 Nodes ..... US Mega-HQ + Ĵ + Ĵ + Highland .................. +39-PRI-VATE ..... 5 Nodes ..... Italian HQ + Guru's Dream .............. +46-828-2760 ..... 5 Nodes ..... Swedish HQ + Phone Henge ............... 407-586-0634 ..... 1 Nodes ..... American HQ + Ĵ + Ĵ + Grave Beard's Castle ...... 601-939-7861 ..... 3 Nodes ..... Dist Site + The Citadel of Dark ....... +61-38993247 ..... 2 Nodes ..... Dist Site + Da Hauze .................. +31-76719111 ..... 4 Nodes ..... Dist Site + + Ŀ + > > > T H E D R E A M T E A M - M E M B E R L I S T < < < + Ĵ + Hard Core, Spread, Major Theft, Roger Wilco, + Dark Force, Martial Artist, Dark Lord, Redskin, Maverick, Dr.Q2 + Dr. Detergent, Black Rider, Intreq, S.S, & Marauding Goblin + + Ŀ + COURIERS - Rotox, Radical, Bubble Man, Firehead, The Master & Mystik Tiger + + + \ No newline at end of file diff --git a/textfiles.com/piracy/DREAMTEAM/tdt0895.nfo b/textfiles.com/piracy/DREAMTEAM/tdt0895.nfo new file mode 100644 index 00000000..7aa2f047 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt0895.nfo @@ -0,0 +1,59 @@ + + + -//- T H E D R E A M T E A M -\\- + + PROUDLY PRESENT: + + **> * THE PATRICIAN *VESA* vG2 (C) READYSOFT [X/3] * <** +Ŀ + RELEASE INFORMATION - +Ĵ + Cracked By..: MR.TDT.................. Supplier...: DARK FORCE........... + Packaged....: THE SNIPER.............. Date.......: 3rd AUG 1995....... . + Graphics....: SVGA/VGA 256 COLORS..... Size.......: 3 x 1.44mb DISKS..... + + + RELEASE NOTES - + + Welcome folks to another cool release from the Team of your Dreams. + This one is a beauty! Finally, from the makers of Space Ace and Dragons + Lair, comes The Patrician VESA Version G2. Readysoft, actually, wasn't + intending on releasing this version due to some minor glitches, but we + managed to get our hands on it anyway. See you in our next fine release! + + Make a directory called PATR and unzip the files with the -d option. + + There were 5 original disks for this release, but for cracking reasons + they had to be installed and re-zipped with compression, thus giving us 3. + + + GAME NOTES - + + Set over two centuries of European history, The Patrician is an epic + saga of power and money. As a successful Patrician you must rise to the + top of the might Hanseatic League, the most powerful commercial + organization of the time. In the quest for power and wealth you must + run an international trading organisation and become a social force in + your community. + + + Enjoy, and look for more fine releases in the future! + + + PERSONAL GREETS - THE SPEED RACER, HOSON, HARD CORE & DARK FORCE. + + + ** To All Old TDT Members, The Dream Is Back. ** + ** Contact Us And You Can Re-Live The Experience ** + ** That The World Will Never Soon Forget, TDT. ** + + + THE DREAM TEAM - Friends Forever... + Ŀ + HALL OF FAME (ACTIVE MEMBERS) [X POSITIONS] + Ĵ + [..............] - [...............] - [.............] - [..............] + [ ** UNDER CONSTRUCTION AS OF 1995 ** ] + [..............] - [...............] - [.............] - [..............] + + -*- IN THE AGE OF DREAMS, A LONE FORCE RISES FROM THE ASHES, TDT -*- diff --git a/textfiles.com/piracy/DREAMTEAM/tdt089~1.nfo b/textfiles.com/piracy/DREAMTEAM/tdt089~1.nfo new file mode 100644 index 00000000..ae0a72a6 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt089~1.nfo @@ -0,0 +1,101 @@ + + + + + + + + + + + + + + [OFFSET] + + ProudlyPresent + + Dinosauri Balls from AMWA Computer Co. + + Ŀ + RELEASE INFORMATION + Ĵ + Cracked by : - + Released : 9th August 1992 + Graphics : VGA 256 colors + Sound : Pc-Speaker / Adlib ? + + Ŀ + RELEASE NOTES + + Dino Balls gives you a lesson in dinosouri history. The scanned background + is good looking, and the game gives you full 256 colors. Playing the game + reminds me of bubble bobble. After shooting the ball into pieces small + objects are falling which you can pick up and use... + + Greetings goes to : IRATA - FIREFOX - BLACK RIDER - OUR NEW FRIEND IN HK! + + Also, there is a new intro out... + + Yet another QUALITY release by TDT! + + Have fun and see you later in our next crack! + + Ŀ + If you like this release then write to us! Support the group that makes + this possible for you : THE DREAM TEAM + Ĵ + Greeting goes to the software companies, dont be sad, we just make you + guys a favour spreading your releases to countries you would never reach + + Ŀ + The Dream Team is always ready to take in new members. But we want only + the best. If you can supply games, make music (MOD) , or draw graphics + contact us by calling the nearest TDT bbs or write to our post box! + + Also if you are intrested in the newest and hottest make sure to write to + us for a free program diskette + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + ABACUS, Ace, ActionMan, Asmodeus, Desert Rat, Califboy, Devious Doze + Hard Core, IronSide, Major Theft, Mr Thompson, Nightman, Offset + Pablo, Phil Thrust, Redskin, Roger Wilco, Snake Man + Spread, Stroke , The Ghost Wind, Union Jack, Wolverine, Yip Yip + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + Fallen Angel , Venom , Boo , Cuca , Marauder, Black Mischief, Pixel + The Headman, Lord Of the Rings, Turbo Interceptor, Syzzo, S.S + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ 612-PRI-VATE ....... 6 Nodes ................ + Revelation ................ 301-PRI-VATE ....... 5 Nodes ................ + Akira Project ............. 416-512-8567 ....... 3 Nodes ................ + East BBS ............... +(46)-8-940-614 ................................ + Twins ..................... 514-723-4351 ....... 3 Nodes ................ + No Name BBS ........... +(49)-ELITE-CALL ................................ + New Central Europe ... +(49)-911-758-383 .......10 Nodes ................ + Ĵ + DISTRIBUTION SITES + Ĵ + Juve Rehab .......... +(358)-187-818-316 ....... 2 Nodes ................ + Free Q8 ................ +(965)-532-4360 ................................ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ................ + Hell ...................... 313-349-4933 ....... 2 Nodes ................ + The Underworld ............ 916-429-2232 ................................ + Orange Juice ........... +(61)-357-10747 ....... 3 Nodes ................ + Cimmeria .............. +(90)-1-384-0863 ................................ + Exodus BBS ............. +(352)-42-44-92 ................................ + Big Time .................. 519-978-3388 ................................ + Lite House Express ........ 407-624-4329 ....... 2 Nodes ................ + + + TDT 1992 : Your Dream's Come Alive! diff --git a/textfiles.com/piracy/DREAMTEAM/tdt0993.nfo b/textfiles.com/piracy/DREAMTEAM/tdt0993.nfo new file mode 100644 index 00000000..4f085b67 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt0993.nfo @@ -0,0 +1,73 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + THE GREATE WAR FROM SSi + Ŀ + RELEASE INFO + Ĵ + Cracker......: N/A Supplier...: MR.TDT + Game Overall.: 85% Date.......: 13TH OF SEPTEMBER 1993 + Graphics.....: VGA 256 COLORS Sound......: MOST + + + Here comes another great one from your favourite group: THE DREAM TEAM! + + This is a SUPERB new HOT SSi release... The game is about the second world + war with great animation's and playgame etc. To play the diffrent scenario's + the manual give's you special passwords, they are included in the file: + PASSWORD inside disk one... + + Personal greetings: Ben Jammin, Lord Cyric, Lefty, Killer, Warchild... + + Group greetings goes to : PTG - RAZOR - TRSI - FLT - THG + + If you are a supplier and want to supply TDT, give us a call at: 404-395-2563 + + The Dream Team - Some things live forever... + Ŀ + If you want to GET the NEWEST and HOTTEST IBM programs then write to + + TDT DISKS-BY-MAIL + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + MEMBER BOARDS + Ĵ + UNLAWFUL ENTRY =*= ITS-AWE-SOME =*= 8 NODES =*= MEMBER + TWINS =*= 514-251-1838 =*= 4 NODES =*= MEMBER + ALPHA 2010 =*= ITS-AWE-SOME =*= 6 NODES =*= MEMBER + EXALTED DEATH =*= 314-966-2270 =*= 2 NODES =*= MEMBER + Ĵ + SHOCK TO THE SYSTEM =*= +39-PRI-VATE =*= 5 NODES =*= ITALIAN HQ + DA HAUZE =*= +31-PRI-VATE =*= 6 NODES =*= BENELUX HQ + BEYOND AKIRA =*= 416-461-9101 =*= 3 NODES =*= CANADIAN HQ + CDS =*= 217-544-9539 =*= 1 NODE =*= US HQ + ON THE EDGE =*= ITS-PRI-VATE =*= 1 NODE =*= US HQ + Ĵ + WIZARD'S TOWER =*= 419-536-8206 =*= 3 NODES =*= DISTRO + THE DEEP =*= 305-888-7724 =*= 2 NODES =*= DISTRO + THE LIQUOR CABINET =*= 214-368-7317 =*= 2 NODES =*= DISTRO + SECOND FRONT =*= +46-87987584 =*= 2 NODES =*= DISTRO + + Ŀ + THE DREAM TEAM FULL MEMBER LIST + Ĵ + + HARD CORE, HOSON, REDSKIN + + BEN JAMMIN, DEAD GOON, DEVIOUS DOZE, EDWARD CHANG, EXCESSIVE KNIGHT + MAC BETH, MAJOR THEFT, MAVERICK, ROGER WILCO, THE MAGIC ARTIST + TRC (Sr) + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + THE DREAM TEAM SPREADING TEAM + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + FIREHEAD, RADICAL, PETER FALK, SCOUT, MASTER, X + + + + NO RULES THIS TIME, SINCE WE MAKE UP THE RULES FOR THE SCENE diff --git a/textfiles.com/piracy/DREAMTEAM/tdt1092.nfo b/textfiles.com/piracy/DREAMTEAM/tdt1092.nfo new file mode 100644 index 00000000..33163b18 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt1092.nfo @@ -0,0 +1,108 @@ + + + -//- T H E D R E A M T E A M -\\- + 1 9 9 2 + + ProudlyPresent + + Captive from Mindscape Software + + Ŀ + RELEASE INFORMATION + Ĵ + Cracked by : Hard Core + Supplied by : Munchie & Oldie + Released : 14th October 1992 + Graphics : VGA 256 colors + Sound : Soundblaster /Aldib/Speaker + + Ŀ + RELEASE NOTES + + Great game and superb story! We did playtest this game for 2 hours like the + First Samurai! The game has a password when you enter the computer, just + enter anything... We did also type in quick dox (Done by Munchie) so you + could easily finish the first level. + + Read the file README.TDT to get some quick dox, or even better,print it out! + + A short story, you have been banned for 250 years to the space, and your + mission is to find out where you are and why they did it to you, the quick + dox helps you finish the first level! + + + Greetings goes to: Fallen Angel - I told you we are back! + Munchie & Oldie - Good Job + All you fun guys from the application forms...heh + + + Yet another QUALITY crack by TDT! + + Have fun and see you later in our next release! + Ŀ + Also if you are intrested in the newest and hottest make sure to write to + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + Want to be a DIST SITE? + Well, its kinda too late now, we have got over 50! Applications within 2 + so we are VERY pleased with the response from you guys, the account on Un- + lawful will be close now and thanx to all of you for showing the intreset! + There is a lot of calls to be made so be patience... + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ 612-PRI-VATE ....... 6 Nodes ................ + Revelation ................ 301-PRI-VATE ....... 5 Nodes ................ + Akira Project ............. 416-512-8567 ....... 3 Nodes ................ + Twins ..................... 514-723-4351 ....... 3 Nodes ................ + New Central Europe ....... +(49)-PRIVATE .......11 Nodes ................ + Central Nervous System .... 414-832-1449 ................................ + Hell ...................... 313-349-4933 ....... 2 Nodes ................ + Ĵ + EUROPE AND SAUDI ARABIA'N DISTRIBUTION SITES + Ĵ + Orage Juice ........... +(61)-3-571-0700 ....... 4 Nodes ................ + Juve Rehab .......... +(358)-187-818-316 ....... 2 Nodes ................ + Free Q8 ................ +(965)-532-4360 ................................ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ................ + Exodus BBS ............. +(352)-42-44-92 ................................ + Ĵ + NOTRH AMERICAN HEADQUARTERS + Ĵ + Lite House Express ........ 407-624-4329 ....... 2 Nodes ................ + Pandora's Box ............. 313-652-6137 ....... 5 Nodes ................ + Realm Of Immortality ...... 415-992-0945 ....... 3 Nodes ................ + Guru's Dream ...........+(46)-8-28-27-60 ....... 5 Nodes ................ + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-252-7400 ................................ + The Vertigo File .......... 815-667-4892 ................................ + The Satanic Syndicate ..... 201-301-0952 ................................ + Crewel Lye ................ 713-432-0779 ................................ + Members Only .............. 513-PRI-VATE ........2 Nodes ................ + Fort Nox .................. 508-658-6132 ................................ + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + Hard Core , Devious Doze + Major Theft , Wolverine , Roger Wilco , The Corporal + Fallen Angel , Offset , Ironside , ActionMan , Dr. Q2 , Asmodeus + Union Jack , Redskin , Phil Thrust , Desert Rat , Spread , Snake Man + The Ghost Wind , Stroke , Snidely Whiplash , Sparkling Flash + Maximilian , Yip Yip , Dirty Bush , RON , Electron.. + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + Venom , Cuca , Turbo Interceptor , OMEN , BOO , The Hexmaster + Black Rider , Freak & Shogun , Overlord , Rotox , Q-Tip , Firefly + + + + The Dream Team - Was There Ever A Choise? diff --git a/textfiles.com/piracy/DREAMTEAM/tdt1192.nfo b/textfiles.com/piracy/DREAMTEAM/tdt1192.nfo new file mode 100644 index 00000000..c59b13e5 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt1192.nfo @@ -0,0 +1,97 @@ + + + -//- T H E D R E A M T E A M -\\- + IS BACK TO KICK ASS + -*- WITH -*- + CURSE OF ENCHANTIA FROM CORE DESIGN LIMITED + Ŀ + RELEASE INFORMATION + Ĵ + Released : 19th November 1992 + Graphics : VGA 256 COLORS + Sound : Adlib/Soundblaster/Speaker + Game Size : 4 1.44Mb Disks, Installation needed + + + Just when you guys thought we were gonna run out of games with 5 kick ass + releases in just 1 week, we are back again! + + This time with a killing graphics game from Core Design Limited. This game + is an point and click sierra type game. Its start's out when you are in + prison. Go around and watch everything, every corner etc...This is + definitly worth the download bytes.... + + To all of you that wonder where we got it from (its coming out tomorrow), + make a GUESS! + + Group greetings goes to: RAZOR 1911 - The only other group on the scene with + a pulse...even if you guy fuck up + sometimes! + + Have fun and see you later in our next QUALITY crack! + + Ŀ + If you want the newest and hottest soft very fast please write to + + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + If you want the best disk-by-mail deal in FRANCE write to + B.P.13 + 95370 MONTIGNY, FRANCE + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ YOU-CAN-DREAM....... 7 Nodes ..... USA ...... + Revelation ................ YOU-CAN-DREAM....... 5 Nodes ..... USA ...... + Twins ..................... 514-723-4351 ....... 3 Nodes ..... Canada ... + New Central Europe ........ YOU-CAN-DREAM.......12 Nodes ..... Germany .. + Central Nervous System .... 414-832-1449 ....... 2 Nodes ..... USA ...... + Crewel Lye ................ 713-432-0779 ..................... USA ...... + Ĵ + EUROPE AND SAUDI ARABIA'N DISTRIBUTION SITES + Ĵ + Orage Juice ........... +(61)-3-571-0700 ....... 4 Nodes ..... Australia + Free Q8 ................ +(965)-532-4360 ..................... Kuwait ... + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ..... Italy .... + Exodus BBS ............. +(352)-42-44-92 ..................... Luxembourg + Checkpoint Charlie ...... +(47)-42-67992 ..................... Norway ... + Ĵ + NORTH AMERICAN HEADQUARTERS + Ĵ + Lite House Express ........ 407-624-4329 ....... 4 Nodes ..... USA ...... + Pandora's Box ............. 313-652-6137 ....... 5 Nodes ..... USA ...... + Realm Of Immortality ...... YOU-CAN-DREAM....... 3 Nodes ..... USA ...... + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ..... Sweden ... + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-252-7400 ....... 2 Nodes ..... Canada ... + The Vertigo File .......... 815-667-4892 ..................... USA ...... + Members Only .............. YOU-CAN-DREAM....... 2 Nodes ..... USA ...... + Asynchrone Entry .......... 418-661-8321 ....... 2 Nodes ..... Canada ... + The Deep .................. 305-888-7724 ..................... USA ...... + Vicious Paradise .......... 804-486-1810 ..................... USA ...... + PJ Tower .................. 714-356-9506 ..................... USA ...... + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + Hard Core , Devious Doze , The Grim Reaper + Major Theft , Wolverine , Roger Wilco , The Corporal + Fallen Angel , Offset , Ironside , ActionMan , Dr. Q2 + Redskin , Phil Thrust , Desert Rat , Spread , Black Rider + The Ghost Wind , Stroke , Snidely Whiplash , Sparkling Flash + Maximilian , Yip Yip , Dirty Bush , RON , Electron.. , Sought After + Buckaroo Banzai , Dr Crippen , Pepsi Man , Black Terror + Great White/The Speed Racer + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + Soul Taker , Sharp , BOO , The Hexmaster , The Devestator + The Black Paladin , Freak & Shogun , Rotox , Q-Tip + \ No newline at end of file diff --git a/textfiles.com/piracy/DREAMTEAM/tdt1291.nfo b/textfiles.com/piracy/DREAMTEAM/tdt1291.nfo new file mode 100644 index 00000000..f088902c --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt1291.nfo @@ -0,0 +1,74 @@ + + <>/<>/<>/<>/<>/<>/<>/<> THE DREAM TEAM & SKID ROW <>\<>\<>\<>\<>\<>\<>\<> + + P R E S E N T S + + World Wrestling Federation from Ocean + + Ŀ + RELEASE INFORMATION + Ĵ + Cracker : Silicon Mage + Game Supplied by : Action Man + Protection : Password + Display Screen : EGA/VGA 16 Colors + Sound Boards : Speaker/Adlib + Game Overall : 70% + + Ŀ + RELEASE COMMENT + Ĵ + Yeah, i love to kick butt.... If you like to do the same, then go + get some food, shut the window, close the door and start up this + kick ass game! Its really hot for playing, not for the graphics(Yes + it goot), not for the sound (Thats ok too), but for the arcade feel- + ing... Have fun and see you soon in our next QUALITHY crack! + Don't forget to call HELL and SIDE EFFECTS our courier home + To contact us call out WHQ REVELETION, 5 nodes, 3+ gig... + + Ŀ + THE DREAM TEAM EUROPEAN SECTION + Ĵ + MEMBERS : Hard Core - ActionMan - Mr Thompson - TDB + Roger Wilco - The Jammer - Dr Pepsi - Desert Rat + SYSOPS : Opus - Stoned Warrior - Snake Man - B.B.King + COURIERS : BLAZE - Pixel - Yip Yip + Ĵ + BULLETIN BOARD SYSTEMS + Ĵ + HARD CITY 46-PRI-VATE Hard Core + EAST BBS 46-894-0614 Mr Thompson + BLOOM COUNTY 46-300-40258 Opus + The Star Factory 46-8-7172761 B.B. King + TURK 51 ZONE 31-104-296515 TDB + Paint In Black 49-6565-4553 Stoned Warrior 4 Nodes + ORANGE JUICE 61-357-11627 Yip Yip 3 Nodes + Jeriho Juventus 358-187-818316 Snake Man 2 Nodes + Free Q8 965-532-4360 Desert Rat + + Ŀ + THE DREAM TEAM AMERICAN SECTION + Ĵ + MEMBERS : The Surge - Pluto - The Ghost Wind - Sandman - Con Artist + SYSOPS : The Skeleton - Spread - Pluto - Esmodius - Norrin Radd + COURIERS : Reckless - LL Cool J - Union Jack + Ĵ + BULLETIN BOARD SYSTEMS + Ĵ + REVELATION 301-423-1442 Ghost Wind 5 Nodes + TWINS 514-723-1712 Spread + HELL 313-349-4933 Asmodeus + PIRATES SHIP 515-277-1906 Skeleton 2 Nodes + ORIONS BELT 718-370-8890 Pluto + SIDE EFFECTS 408-942-0818 Norrin Radd + + + For buying the latest games write to + + TDT UK + P.O. BOX 2416 + BROXBOURNE + HERTS. + EN10-6NF + THE UNITED KINGDOM + \ No newline at end of file diff --git a/textfiles.com/piracy/DREAMTEAM/tdt1292.nfo b/textfiles.com/piracy/DREAMTEAM/tdt1292.nfo new file mode 100644 index 00000000..f897f4aa --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt1292.nfo @@ -0,0 +1,106 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents + + THE INCREDIBLE MACHINE From SIERRA + + Ŀ + RELEASE INFORMATION + Ĵ + Supplied by : THE GRIM REAPER + Cracked by : HARD CORE + Date : 2nd December 1992 + Graphics : SVGA 16 + Sound : ALL + Game Size : 1 1.2 MB, Install from Floppy, or use Subst... + + + THE INCREDIBLE MACHINE From Sierra + This game looks pretty cool... Different from all of the same old same + old stuff we've been seeing lately... + + Want to build a better mousetrap? All it takes are bike-riding monkeys, + treadmill mice and a few bowling balls. Genius and junk are combined to + solve the convoluted contraptions in The Incredible Machine... + + Greets go out to: HARD CORE - Munchie - ActionMan - Pepsi Man + + RAZOR - We doubled them, you doubled us, they doubled you, we doubled us, + they doubled them...who really cares?! As long as the CRACKS are + WORKING!!! + + PYRADICAL - Step back! + + Have fun and see you later in our next QUALITY crack! + + Ŀ + If you want the newest and hottest soft very fast please write to. No swap. + Now even more improved/faster/better. If you did write before, try again! + + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + If you live in france write to + B.P.13 + 95370 MONTIGNY, FRANCE + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ ITS-PRI-VATE ....... 7 Nodes ..... USA ...... + Twins ..................... 514-723-4351 ....... 3 Nodes ..... Canada ... + New Central Europe ........ ITS-PRI-VATE .......12 Nodes ..... Germany .. + C.N.S. .................... 414-832-1449 ....... 2 Nodes ..... USA ...... + Crewel Lye ................ 713-432-0779 ..................... USA ...... + Terrordome ................ 416-619-1717 ....... 3 Nodes ..... Canada ... + Lite House Express ........ 407-624-4329 ....... 4 Nodes ..... USA ...... + Ĵ + THE DREAM TEAM HEADQUARTERS + Ĵ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ..... Italy .... + Pandora's Box ............. 313-652-6137 ....... 5 Nodes ..... USA ...... + Realm Of Immortality ...... ITS-PRI-VATE ....... 3 Nodes ..... USA ...... + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ..... Sweden ... + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-252-7400 ....... 2 Nodes ..... Canada ... + The Vertigo File .......... 815-667-4892 ..................... USA ...... + Asynchrone Entry .......... 418-661-8321 ....... 2 Nodes ..... Canada ... + The Deep .................. 305-888-7724 ..................... USA ...... + Vicious Paradise .......... 804-486-1810 ..................... USA ...... + PJ Tower .................. 714-356-9506 ..................... USA ...... + Ultanet Carnage ........... 314-XXX-XXXX ..................... USA ...... + The Inferno BBS ........... 519-884-4960 ..................... Canada ... + Ĵ + WORLD FAMOUS DISTRIBUTION SITES + Ĵ + Pure Addiction ........ +(61)-3-571-0700 ....... 4 Nodes ..... Australia. + Free Q8 ................ +(965)-532-4360 ..................... Kuwait ... + Exodus BBS ............. +(352)-42-44-92 ..................... Luxembourg + Checkpoint Charlie ...... +(47)-42-67992 ..................... Norway ... + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + Hard Core , Devious Doze , The Grim Reaper + Major Theft , Wolverine , Roger Wilco + Fallen Angel , Offset , Ironside , ActionMan , Dr. Q2 + Redskin , Freebird , Desert Rat , Spread , Black Rider + The Ghost Wind , Stroke , Snidely Whiplash , Sparkling Flash + Maximilian , Yip Yip , Dirty Bush , RON , Electron.. , Sought After + Buckaroo Banzai , Dr Crippen , Pepsi Man , Black Terror , Phil Thrust + Stingray , The Corporal , Great White/The Speed Racer , Dave & Chris + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + UNDER RE-CONTRUCTION + + + "ORIGINAL IDEA - [HARD CORE] - [THE DREAM TEAM 1992]" diff --git a/textfiles.com/piracy/DREAMTEAM/tdt1293.nfo b/textfiles.com/piracy/DREAMTEAM/tdt1293.nfo new file mode 100644 index 00000000..cda83efa --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdt1293.nfo @@ -0,0 +1,89 @@ + + + -//- T H E D R E A M T E A M -\\- + + + Proudly Presents: + + Ŀ + Release Title: Star Trek: Judgement Rites Cracked By...: -- + Copyright (c): Interplay Supplied By..: MR.TDT/MAS + Released On..: 17 Dec 1993 Packaged By..: SOME DUDE + + + + [/] GAME NOTES [\] + + 11 disks, won't work under windows, docs forthcoming, etc. + + Very cool Star Trek game! Yeah! + + Sorry, this NFO is way out of date, updated version + coming in docs i hope, ya? + + + Group greetings: TRISTAR & RED SECTOR - RAZOR 1911 - PUBLIC ENEMY - PTG + +(generic) + Personal greets: Hard Core - GRiM - Nitro - NiKO - The Ghost Wind - LiON + + Extra greets to: Celestial Wizard! Call our new TDT board Celestial Tower! + +(some dude sez:) + yoyo to satanic rob, ben out of jail, art, kevin, jon, russell, robert, + jesus, and a bunch of other people. + + + + + [/] THE DREAM TEAM [\] + Ŀ + Write to us! If you want the greatest and hottest titles on the IBM, + just write to: (don't forget to include your phonenumber!) + + TDT DISKS-BY-MAIL + Box 52 + 811 70 AELVKARLEBY + SWEDEN + + + + + [/] USA BOARDS [\] + Ŀ + Ĵ + [/] EUROPEAN BOARDS [\] + Ĵ + Ĵ + [/] DiSTRiBUTiON SiTES [\] + Ĵ + + + + [/] CURRENT MEMBERS [\] + Ŀ + (in alphabetical order) + + HARD CORE 'n HOSON + + Beowulf, Brujjo Dihital', Cyber, Dr.MAGIC, Excessive Knight, + Fallen Angel, Hot Tuna, LiON, Mac Beth, Maverick, Pablo, + Roger Wilco, The Ghost Wind, and The Magic Artist + + + + + [/] COURiERS [\] + Ŀ + (in order of appearance) + + FIRE HEAD + + Skybum, Jumpin' Jack, Skylark, Mozarello, Mister, RYU, Toadie, Tetris, + Lone Wolf, and Skinny Puppy + + + + + We are searching for traders that work with 3 or more lines... Interested? + Then write a message to 'HOSON' on any major BBS in the USA. diff --git a/textfiles.com/piracy/DREAMTEAM/tdtrain.nfo b/textfiles.com/piracy/DREAMTEAM/tdtrain.nfo new file mode 100644 index 00000000..c19376b6 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tdtrain.nfo @@ -0,0 +1,106 @@ +Hey I NEED AN INFO FORM!!! + +Flash Back Mega Trainer.. By Martial Artist / TDT (Yeah!) + +To whom it may concern... +This is a really cool game. Play it, the trainer makes it REALLY FUN. +This Trainer may be a little late, that is because of a few reasons. +1) Just joined TDT +2) waited to get a trainer loader screen going (didn't happen) +3) screwing around with the game made it even better + +Included in this package are. +FBTRN.COM < the trainer itself +FBPATCH.EXE < a crack patch. + +I included a crack patch, because I noticed that a ways through the game +it does another SECURITY CHECK.. My crack patch solves this. + +INSTRUCTIONS: + +FBPATCH.EXE < put this file in your Flash Back Directory and run it + This will patch the FB.EXE file so that you will get by + the SECOND (FLT?? nice one!) DOC CHECK in the game. + +FBTRN.COM < put this file in your Flash Back Directory and run it. + This will enable you to use the following keys during game play. + + F1: pressing this key moves yer little guy 16 pixels to the right. + this is great because it lets you go through unopened doors. + it even puts you through walls. + + F2: pressing this key moves yer dude 16 pixels to the left. + + F3: pressing this key moves yer boy 16 pixels down. + + F4: pressing this key moves yer man 32 pixels up. + if there is a platform above you, move yer guy in the direction + of the platform while you keep hitting F4, this will make yer + guy walk up and diagonally, so you can get to anywhere in the + screen.. + + Insert: Pressing this moves yer man to the upper left corner of the + screen. + Delete: Pressing this moves yer man to the lower left corner of the + screen. + Home: Pressing this moves yer man to the upper right corner of the + screen. + End: Pressing this moves yer man to the lower right corner of the + screen. + These are all very useful keys, as it gets you places instantly, and gets + you out of a lot of jams too. + +The above keys are really fun and very useful, they can also be very dangerous. +Be careful how you use them or you might find yourself on another planet. +Remember what keys to what. + + F5: Pressing this key gives yer little dude 254 health points.. + you can press it anytime to regenerate the points. + +Well that is it.. The keys make it REALLY fun, TRUST ME!!!! + +INFORMATION FROM MARTIAL ARTIST!!!!!!! +Well I guess this is my official resignation to Public Enemy, as you can see +I joined the Legendary TDT. +Why do I resign PE?? well a lot of reasons, some of which you don't need to +know, but things are just too chaotic over there, I don't even know who +the hell I would call to tell that I am resigning. +But doesn't matter, I am with a group now I can feel I can live with. +No hard feelings to anyone, + +Hawk >> hmmm just didn't call me, you understand this more than anyone... + +I would mention other PE members, but the only other one I talked to was +Flash, and he was always sleeping on the phone.. + +I am glad you let me in Hard Core!!!!! hopefully we can get some cool shit +out like this trainer.... + +Personal Greetings>> + +Hard Core > Right on man.. so those logos?? gotta get the trainer loader goin. +The Hawk > gimme a call and I will tell you why I left. +Network > RAVE ON! hey I told you to get the fuck outta my .nfo files +Butcher > Hey you ugly piece of texan meat... hows it goin man... +DEATHLOK > my apprentice, to be making trainers soon as well. +Seismic Interference > left right left right, halt... 3 more years bwahahah +Hare > whathappenedtoyou +Warchild > hope all goes well with yer plans +Skillion > like da invincibilty in yer Flash Back trainer. like mine better tho +The Witch King > what happened to you????? i have a fone you know. +Renegade Chemist > at least Razor foned me once in awhile. 4.0??? +Zeus > (My dog, thought I would greet him, great dane.. cool huh) not rily +Group Greet to IEC (Chaos9, Sir Shadowcat, Consolidated) + + +By the way, for those of you who care.. orthogonal means perpendicular, which +means the cross product of the 2 vectors are zero DAMNIT!!!!!!!!!!! + +FUCK I GOT BUSTED FOR DRINKING AND DRIVING LAST WEEEEKK AAARRRHGHGGHGHGHGH +that's a year of no driving... shit... Deathlok will hafta cart me around! + +Later... +Call The Faultline (403)-288-8402 (403)-258-2534 + + + diff --git a/textfiles.com/piracy/DREAMTEAM/term2029.nfo b/textfiles.com/piracy/DREAMTEAM/term2029.nfo new file mode 100644 index 00000000..6e0b4715 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/term2029.nfo @@ -0,0 +1,94 @@ + + + -//- T H E D R E A M T E A M -\\- + 1 9 9 2 + + ProudlyPresent + + Terminator 2029 weapons cheat + + Ŀ + RELEASE INFORMATION + Ĵ + Written by : Buckaroo Banzai + Released : 29th October 1992 + + Ŀ + RELEASE NOTES + + This is the only trainer for T2029 that I have seen. It takes away all of + those annoying features like heat drain and gives you unlimited missles and + gerenades. + + Simply change the 2029.BAT to say 2029CHT.COM instead of TERM.EXE but keep + all of the command line information the same. + + Look for more great cheats and TDT and Echo Mirage + + Have fun and see you later in our next release! + Ŀ + Also if you are intrested in the newest and hottest make sure to write to + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + Want to be a DIST SITE? If you want to be in the BEST organized cracking + team then TDT is your choise. We offer you great support and quick upload + when releases comes. Ask any TDT DIST site on the scene! + CALL : 612-754-0266 (9600Bps only!) + On username ENTER : APPLICATION + Use Password : DISTSITE + Hit 'E' and enter message to : HARD CORE + Now write us your voice number, your name, a few word about your system + and something about what you can do for US...See you on There! + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ 612-PRI-VATE ....... 6 Nodes ................ + Revelation ................ HAVE-PROBLEM ....... 5 Nodes ................ + Akira Project ............. 416-512-8567 ....... 3 Nodes ................ + Twins ..................... 514-723-4351 ....... 3 Nodes ................ + New Central Europe ....... +(49)-PRIVATE .......11 Nodes ................ + Central Nervous System .... 414-832-1449 ................................ + Hell ...................... 313-349-4933 ................................ + Ĵ + NORTH AMERICA DISTRIBUTION SITES + Ĵ + Lite House Express ........ 407-624-4329 ....... 2 Nodes ....HEADQUARTERS + Big Time .................. 519-252-7400 ................................ + Beyond Gates of Hell ...... 203-589-2269 ................................ + Pandora's Box ............. 313-652-6137 ....... 5 Nodes ................ + Realm of Immortality ...... 415-992-0945 ....... 3 Nodes ................ + Ĵ + EUROPE AND SAUDI ARABIA'N DISTRIBUTION SITES + Ĵ + Orage Juice ........... +(61)-3-571-0700 ....... 4 Nodes ................ + Juve Rehab .......... +(358)-187-818-316 ....... 2 Nodes ................ + Free Q8 ................ +(965)-532-4360 ................................ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ................ + Exodus BBS ............. +(352)-42-44-92 ................................ + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ................ + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + Hard Core , Devious Doze + Major Theft , Wolverine , Roger Wilco , The Corporal + Fallen Angel , Offset , Ironside , ActionMan , Dr. Q2 , Asmodeus + Union Jack , Redskin , Phil Thrust , Desert Rat , Spread , Snake Man + The Ghost Wind , Stroke , War Hammer , Whiplash Snidley , Sparkling Flash + Yip Yip , Dirty Bush , RON , Buckaroo Banzai + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + Venom , Cuca , Black Mischief , Turbo Interceptor + Black Rider , Freak & Shogun , Overlord , Rotox , Q-Tip + + + + The Dream Team - Was There Ever A Choise? + + \ No newline at end of file diff --git a/textfiles.com/piracy/DREAMTEAM/tony3.nfo b/textfiles.com/piracy/DREAMTEAM/tony3.nfo new file mode 100644 index 00000000..1ee89ce5 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/tony3.nfo @@ -0,0 +1,102 @@ + + + -//- T H E D R E A M T E A M -\\- + 1993 - 3RD YEAR ANIVERSARY ON IBM +-*- QUALITY FACTORY -*- Proudly Presents: -*- QUALITY FACTORY -*- + + TONY LA RUSSA BASEBALL II FROM SSI! + Ŀ + RELEASE INFO + Ĵ + Cracker.....: HARD CORE............... Supplier...: NAMYOT............... + Protection..: PASSWORD................ Date.......: 12th March 1993...... + Graphics....: EGA/VGA................. Size.......: 6 1.44Mb Disks....... + + + Tony La Russa Strikes back with another one in his BASEBALL series...1993's + SUPER BOWL became pretty popular in the whole world! Releasing this second + part was quite understanding after all... + + Read the KEYS in the file TONY.KEY + + The crack was pretty easy and is stoored in the game, therefor no stinking + patch-file needed! + + Make sure when you install the game that you will use: PKUNZIP -D -$ zipfile + The game will be looking for the volume labels.. + + Have fun guys and see you soon around! + + Special greetings goes to: S.S - HITMAN - AMIGO - GML/TU - MOBY - DAVE&CHRIS + + GROUP GREETINGS : THE HUMBLE GUYS - RAZOR 1911 - SKILLION - UNTOUCHABLES + + TDT '93 - BRINGING YOU CLASSIC GAMES... + Ŀ + IF you want to contact THE DREAM TEAM then call this BBS: + Call : 612-755-1347 + Use username: APPLICATION + Password : TDT + Hit 'E' and enter message to: HARD CORE + + Ŀ + If you want the newest and hottest soft very fast write to (no swapping) + Why second hand and not from the best? + + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ ITS-PRI-VATE .... 7 Nodes ... Major Theft.... + Twins ..................... 514-723-4351 .... 4 Nodes ... Spread ........ + New Central Europe ........ ITS-PRI-VATE ....13 Nodes ... Phil Thrust.... + Lite House Express ........ ITS-PRI-VATE .... 4 Nodes ... Freebird ...... + Terrordome ................ 416-619-1717 .... 3 Nodes ... Stingray ...... + Alpha 2010 ................ 210-687-9660 .... 4 Nodes ... Silus Guardian. + Ĵ + THE DREAM TEAM HEADQUARTERS + Ĵ + Highland Board ............ ITS-PRI-VATE .... 5 Nodes ... Ironside ...... + Realm Of Immortality ...... ITS-PRI-VATE .... 3 Nodes ... Sparkling Flash + Guru's Dream ............ +(46)-828-2760 .... 5 Nodes ... Dirty Bush .... + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-254-6377 .... 2 Nodes ... Stroke ........ + The Deep .................. 305-888-7724 ................ Great White ... + Ultimate Carnage .......... 314-949-5823 ................ Devestator .... + Athens .................... 510-827-1049 .... DIABLO..... Aristotle ..... + GreyBeard's Castle ........ 601-939-7861 .... 2 Nodes ... Mark Twain .... + Cold Fusion ............... 604-XXX-XXXX .................Agape ......... + THE BOARD ................. 310-836-0469 .... 2 Nodes ... Philosopher ... + Ĵ + WORLD FAMOUS DISTRIBUTION SITES + Ĵ + Free Q8 ................ +(965)-532-4360 ................ Desert Rat .... + Checkpoint Charlie ...... +(47)-426-7992 ................ Vandall ....... + Zero City III .......... +(61)-2724-4152 .... 2 Nodes ... Icepick........ + Bevery Hills BBS ..... +(49)-893-143-165 .... 4 Nodes ... Dave&Chris .... + THE BOARD ............. +(31)-767-191-11 .... 4 Nodes ... Moby .......... + + Ŀ + THE DREAM TEAM MEMBERS [14 SOULS] + Ĵ + HARD CORE + THE GRIM REAPER - DR.Q2 - ROGER WILCO - ACTION MAN + MAXIMILIEN - THE CORPORAL - REDSKIN - S.S - BLACK RIDER + MICHELANGELO - MOSAIC - CYBER - HITMAN + Ĵ + THE DREAM TEAM COURIER SYSTEM [10 DEVILS] + Ĵ + White Rose - XAVIER X - Lord Disembowelment - Warchild - Skybum + Coyotes Memeber - Freak - ROTOX - Coke - Centre + + + NO UPDATES - NO NON-ENGLISH GAMES - NO WINDOWS GAMES - NO FUCK'UPS + + -*- Q U A L I T Y O N L Y -*- diff --git a/textfiles.com/piracy/DREAMTEAM/triviap.nfo b/textfiles.com/piracy/DREAMTEAM/triviap.nfo new file mode 100644 index 00000000..13e733cd --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/triviap.nfo @@ -0,0 +1,91 @@ + + + -//- T H E D R E A M T E A M -\\- + IS BACK TO KICK ASS + -*- WITH -*- + DELUXE TRIVIAL PURUIT FROM DOMARK + Ŀ + RELEASE INFORMATION + Ĵ + Cracked by : N/A + Supplied by : MUNCHIE + Released : 19th November 1992 + Graphics : EGA/VGA + Sound : ADLIB/SPEAKER + + + TDT is back again today, with Domark's Deluxe Trvial Puruit. VGA and + ADLIB sound make this an exciting game, however playing among friends seems + to be the best way, as answers are revealed after you give up on the + question. You and your friends are on your honor when asked if you got the + question right. Anyways a nice game, hope you enjoy it and see you soon in + our next release. + + Just unzip the file(s) into a directory and run TP! + + Greetings to - TRSI (Welcome Home Big Balls) and DOZE good luck! + Ŀ + If you want the newest and hottest soft very fast please write to + + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + Ŀ + If you want the best disk-by-mail deal in FRANCE write to + B.P.13 + 95370 MONTIGNY, FRANCE + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ YOU-CAN-DREAM....... 7 Nodes ..... USA ...... + Revelation ................ YOU-CAN-DREAM....... 5 Nodes ..... USA ...... + Twins ..................... 514-723-4351 ....... 3 Nodes ..... Canada ... + New Central Europe ........ YOU-CAN-DREAM.......12 Nodes ..... Germany .. + Central Nervous System .... 414-832-1449 ....... 2 Nodes ..... USA ...... + Crewel Lye ................ 713-432-0779 ..................... USA ...... + Ĵ + EUROPE AND SAUDI ARABIA'N DISTRIBUTION SITES + Ĵ + Orage Juice ........... +(61)-3-571-0700 ....... 4 Nodes ..... Australia + Free Q8 ................ +(965)-532-4360 ..................... Kuwait ... + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ..... Italy .... + Exodus BBS ............. +(352)-42-44-92 ..................... Luxembourg + Checkpoint Charlie ...... +(47)-42-67992 ..................... Norway ... + Ĵ + NORTH AMERICAN HEADQUARTERS + Ĵ + Lite House Express ........ 407-624-4329 ....... 4 Nodes ..... USA ...... + Pandora's Box ............. 313-652-6137 ....... 5 Nodes ..... USA ...... + Realm Of Immortality ...... YOU-CAN-DREAM....... 3 Nodes ..... USA ...... + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ..... Sweden ... + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-252-7400 ....... 2 Nodes ..... Canada ... + The Vertigo File .......... 815-667-4892 ..................... USA ...... + Members Only .............. YOU-CAN-DREAM....... 2 Nodes ..... USA ...... + Asynchrone Entry .......... 418-661-8321 ....... 2 Nodes ..... Canada ... + The Deep .................. 305-888-7724 ..................... USA ...... + Vicious Paradise .......... 804-486-1810 ..................... USA ...... + PJ Tower .................. 714-356-9506 ..................... USA ...... + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + Hard Core , Devious Doze , The Grim Reaper + Major Theft , Wolverine , Roger Wilco , The Corporal + Fallen Angel , Offset , Ironside , ActionMan , Dr. Q2 + Redskin , Phil Thrust , Desert Rat , Spread , Black Rider + The Ghost Wind , Stroke , Snidely Whiplash , Sparkling Flash + Maximilian , Yip Yip , Dirty Bush , RON , Electron.. , Sought After + Buckaroo Banzai , Dr Crippen , Pepsi Man , Black Terror + Great White/The Speed Racer + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + Soul Taker , Sharp , BOO , The Hexmaster , The Devestator + The Black Paladin , Freak & Shogun , Rotox , Q-Tip +  \ No newline at end of file diff --git a/textfiles.com/piracy/DREAMTEAM/trodd.nfo b/textfiles.com/piracy/DREAMTEAM/trodd.nfo new file mode 100644 index 00000000..8b39b11b --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/trodd.nfo @@ -0,0 +1,96 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents: + + Ŀ + +:+ Troddlers (c) Sales Curve +:+ + Ĵ + Cracker......: HARD CORE Supplier...: MR.TDT + Game Overall.: 85% Date.......: 1993-10-19 + Graphics.....: VGA/MCGA 256 colors Sound......: Adlib/SB + + + A TDT QUALITY RELEASE + + Game notes: After Lemmings, Humans, One Step Beyond etc the new version of + this type of games is here... Troddlers is based on same idea as + thoose other games + + On the manual-protection just hit RETURN to bybass it... + + We did also include all the level passwords in the file:PASSWORD + + Watch out for more fine releases from your favourite crackers + coming your way later today! + + Make sure to run TDTINTRO.EXE to check out our newest production! + + Have fun... + + Group greetings : TRSI - Good job on Jurrasic Park (We got beaten by 1 hour) + PTG - Global Domination nice game + FLT - Lame comeback - 2 fuckups + RAZ0R - Quarterpole, still only 10% of the releases...h0h0 + THG - Good job on the latest SSi game + + Personal greetings: HOS0N / TGW / BLUEWATER / MOBY / SKYLARK / LES MANLEY + BEN JAMMIN - What is going on??? + + Hydro & Fallen Angel : On IBM & CONSOLE - WE rule Canada. It's fucken lame + (MEGA COOP h0h0h0) calling our supplier while he is uploading to Unlawful + Entry and trying to make him stop the upload. JERKOFFS + + The Dream Team cracking machine... + Ŀ + If you want to GET the latest IBM software then write to + TDT DISKS-BY-MAIL + PO BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + +:+ THE DREAM TEAM FULL BOARD LIST +:+ + ------------------------------ + Ĵ + UNLAWFUL ENTRY...............ITS-PRI-VATE.......8 NODES.......MEMBER/WHQ. + ALPHA 2010...................ITS-PRI-VATE.......6 NODES.......MEMBER..... + BEYOND AKIRA.................416-461-9101.......3 NODES.......MEMBER..... + EXALTED DEATH................ITS-PRI-VATE.......2 NODES.......MEMBER..... + Ĵ + DA HAUZE.....................ITS-PRI-VATE.......6 NODES.......BENELUX HQ. + ON THE EDGE..................ITS-PRI-VATE.......1 NODE........US HQ...... + MAPHIA.......................ITS-PRI-VATE.......4 NODES.......MEGA HQ.... + Ĵ + WIZARD'S TOWER...............419-874-5143.......3 NODES.......DISTRO..... + THE DEEP.....................305-888-7724.......2 NODES.......DISTRO..... + SECOND FRONT.................+46-87987584.......2 NODES.......DISTRO..... + THE BACK ROOM................615-245-6617.......2 NODES.......DISTRO..... + BRAD'S BBS...................908-738-9281.......2 NODES.......DISTRO..... + REAGGE MUFFIN................+47-798-4551.......1 NODE........DISTRO..... + THE SKYTOPOLIS...............+41-44-31651.......1 NODE........DISTRO..... + + + Ŀ + +:+ THE DREAM TEAM FULL MEMBER LIST +:+ + ------------------------------- + + HARD CORE & HOSON + + CYBER, BEN JAMMIN, DEAD GOON, DEVIOUS DOZE, DR. MAGIC, EDWARD CHANG + EXCESSIVE KNIGHT, HOT TUNA, LiON, MAC BETH, MAJOR THEFT, MAVERICK + PABLO, REDSKIN, PHARAOH, ROGER WILCO, THE MAGIC ARTIST + THE GHOST WIND & PIOTR ILNICKI + + Ĵ + +:+ THE DREAM TEAM SPREADING TEAM +:+ + ----------------------------- + + FIREHEAD, RADICAL, SHADOW, SUN BLAZER, THE MASTER, THE ACE OF SPADES + ALWAYS DANGEROUS, SKYBUM + + + + DAS ROLLING COMPANY! diff --git a/textfiles.com/piracy/DREAMTEAM/zack.nfo b/textfiles.com/piracy/DREAMTEAM/zack.nfo new file mode 100644 index 00000000..ddc87088 --- /dev/null +++ b/textfiles.com/piracy/DREAMTEAM/zack.nfo @@ -0,0 +1,104 @@ + + + -//- T H E D R E A M T E A M -\\- + + Proudly Presents + + CONTRAPTION ZACK FROM MINDCRAFT + + Ŀ + RELEASE INFORMATION + Ĵ + Supplied by : THE GRIM REAPER + Date : 28th November 1992 + Graphics : VGA 256 Colors + Sound : ALL + Game Size : 2 1.2Mb Disks, installation needed + + + CONTRAPTION From Mindcraft + This is a build your own invention type game that is supposed to be the + equivalent of Sierra's upcoming The Incredible Machine... + + Be sure to grab the other Latest Releases from -=TDT=-: + + Aces Of The Pacific: World War II 1946 + Links 386 Pro Mauna Kea: The Island of Hawaii + Sim Life + AV-8B Harrier Assault + and More On The Way!!! + + Greets go out to: HARD CORE - Munchi - Action Man - Wolverine - Pepsi Man + + Have fun and see you later in our next QUALITY crack! + + Ŀ + If you want the newest and hottest soft very fast please write to. No swap. + Now even more improved/faster/better. If you did write before, try again! + + The Dream Team + PO. BOX 52 + 810 70 AELVKARLEBY + SWEDEN + + + Ŀ + If you live in france write to + B.P.13 + 95370 MONTIGNY, FRANCE + + Ŀ + THE DREAM TEAM MEMBER BOARDS + Ĵ + Unlawful Entry ............ ITS-PRI-VATE ....... 7 Nodes ..... USA ...... + Twins ..................... 514-723-4351 ....... 3 Nodes ..... Canada ... + New Central Europe ........ ITS-PRI-VATE .......12 Nodes ..... Germany .. + C.N.S. .................... 414-832-1449 ....... 2 Nodes ..... USA ...... + Crewel Lye ................ 713-432-0779 ..................... USA ...... + Terrordome ................ 416-619-1717 ....... 3 Nodes ..... Canada ... + Lite House Express ........ 407-624-4329 ....... 4 Nodes ..... USA ...... + Ĵ + THE DREAM TEAM HEADQUARTERS + Ĵ + Highland Board ........ +(39)-362-554422 ....... 4 Nodes ..... Italy .... + Pandora's Box ............. 313-652-6137 ....... 5 Nodes ..... USA ...... + Realm Of Immortality ...... ITS-PRI-VATE ....... 3 Nodes ..... USA ...... + Guru's Dream .......... +(46)-8-28-27-60 ....... 5 Nodes ..... Sweden ... + Ĵ + NORTH AMERICAN DISTRIBUTION SITES + Ĵ + Big Time .................. 519-252-7400 ....... 2 Nodes ..... Canada ... + The Vertigo File .......... 815-667-4892 ..................... USA ...... + Members Only .............. ITS-PRI-VATE ....... 2 Nodes ..... USA ...... + Asynchrone Entry .......... 418-661-8321 ....... 2 Nodes ..... Canada ... + The Deep .................. 305-888-7724 ..................... USA ...... + Vicious Paradise .......... 804-486-1810 ..................... USA ...... + PJ Tower .................. 714-356-9506 ..................... USA ...... + Ultanet Carnage ........... 314-XXX-XXXX ..................... USA ...... + The Inferno BBS ........... 519-884-4960 ..................... Canada ... + Ĵ + WORLD FAMOUS DISTRIBUTION SITES + Ĵ + Pure Addiction ........ +(61)-3-571-0700 ....... 4 Nodes ..... Australia. + Free Q8 ................ +(965)-532-4360 ..................... Kuwait ... + Exodus BBS ............. +(352)-42-44-92 ..................... Luxembourg + Checkpoint Charlie ...... +(47)-42-67992 ..................... Norway ... + + Ŀ + THE DREAM TEAM MEMBERS + Ĵ + Hard Core , Devious Doze , The Grim Reaper + Major Theft , Wolverine , Roger Wilco + Fallen Angel , Offset , Ironside , ActionMan , Dr. Q2 + Redskin , Freebird , Desert Rat , Spread , Black Rider + The Ghost Wind , Stroke , Snidely Whiplash , Sparkling Flash + Maximilian , Yip Yip , Dirty Bush , RON , Electron.. , Sought After + Buckaroo Banzai , Dr Crippen , Pepsi Man , Black Terror , Phil Thrust + Stingray , The Corporal , Great White/The Speed Racer , Dave & Chris + Ĵ + THE DREAM TEAM COURIER SYSTEM + Ĵ + UNDER RE-CONTRUCTION + + + "ORIGINAL IDEA - [HARD CORE] - [THE DREAM TEAM 1992]" diff --git a/textfiles.com/piracy/FAIRLIGHT.1 b/textfiles.com/piracy/FAIRLIGHT.1 new file mode 100644 index 00000000..0a86122c --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT.1 @@ -0,0 +1,62 @@ + +T E X T F I L E S + +

Piracy Textfiles: Fairlight

+

+"Where Dreams Come True", until they were busted in 1992. +

+ + + + + +
+
Filename
Size
Description of the Textfile
big22.nfo 7749
 FAIRLIGHT: Big 22 (January 5, 1993) +
elitetrn.nfo 10483
 FAIRLIGHT: Elite II Trainer (October 27, 1993) +
eob2edit.nfo 9773
 FAIRLIGHT: Eye of the Beholder II Character Editor by Buckaroo Banzai +
flash100.nfo 4813
 FAIRLIGHT: Flashback 100 Percent Crackpatch and English Text (April 25, 1993) +
flt.nf1 6204
 FAIRLIGHT: Dungeon Master (July 18, 1992) +
flt.nfo 10673
 FAIRLIGHT: A Line in the Sand by SSI +
flt0592.nfo 7275
 FAIRLIGHT: Out of This World by Interplay (May 2, 1992) +
flt059~1.nfo 8203
 FAIRLIGHT: Tubular Worlds from Dongleware Trainer (May 7, 1994) +
flt1.nfo 9990
 FAIRLIGHT: Cool World by Ocean (November 19, 1992) +
flt1092.nfo 8116
 FAIRLIGHT: King's Quest VI Complete Solve +
flt1093.nfo 6876
 FAIRLIGHT: Positronic Bridge (October 13, 1993) +
flt1291.nfo 11083
 FAIRLIGHT: SupaPlex from Digital Integration LTD (Plus News) +
flt3.nfo 8422
 FAIRLIGHT: Cyber Empires by SSI (September 14, 1992) +
flt4.nfo 10897
 FAIRLIGHT: LA Law by Capstone (December 3, 1992) +
flt5.nfo 6604
 FAIRLIGHT: Barbie by H-Tech Expressions (July 10, 1992) +
fltpc.nfo 8060
 FAIRLIGHT: Castle of Dr. Brain Codes from Sierra On-Line +
global.nfo 7057
 FAIRLIGHT: Global Effect by Millenium (June 1st, 1992) +
gnb.nfo 8580
 FAIRLIGHT: Great Naval Battles by SSI (September 26, 1992) +
goblins.nfo 10361
 FAIRLIGHT: Goblins from CVS +
hoy3vga.nfo 8892
 FAIRLIGHT: Hoyles Book of Games III from Sierra On-Line +
hunt.nfo 3680
 FAIRLIGHT: Hunt for Red October +
infernal.nfo 10623
 INFERNAL AFFAIRS: Prince of Persia 2 Trainer and Dox (April 27, 1993) +
luigi.nfo 7617
 FAIRLIGHT: Luigi and Spaghetti from Spain (January 4, 1993) +
mael.nfo 8532
 FAIRLIGHT: Maelstrom (November 18, 1992) +
obitus.nfo 8669
 FAIRLIGHT: Obitus, from Psygnosis (January 27, 1991) +
obitusdx.nfo 8033
 FAIRLIGHT: Obitus Complete Documentation from Psygnoisis (January 28, 1991) +
pq3-dox.nfo 4268
 FAIRLIGHT: Complete Police Quest III Documentation (And Board List) +
pq3hints.nfo 4543
 FAIRLIGHT: Police Quest III Hints and Solutions from Sierra +
shadow.nfo 6046
 FAIRLIGHT: Shadowgate for Windows from Electronic Arts (December 5, 1992) +
shadow2.nfo 11356
 FAIRLIGHT: Shadowgate for Windows from Electronic Arts (December 5, 1992) +
siege.nfo 6204
 FAIRLIGHT: Siege by Mindcraft (July 18, 1992) +
simparc.nfo 11415
 FAIRLIGHT: The Simpsons Arcade Game from Konami +
steel.nfo 8670
 FAIRLIGHT: Steel Empire from Silicon Knights (April 15, 1992) +
steel2.nfo 7284
 FAIRLIGHT: Steel Empire from Silicon Knights (April 15, 1992) +
trn.nfo 8523
 FAIRLIGHT: Cannon Fodder from Sensible Software Trainer (May 1, 1994) +
vegas.nfo 16660
 FAIRLIGHT: Vegas Games for Windows by New World Computing (July 15, 1992) +
vegas2.nfo 6523
 FAIRLIGHT: Vegas Games for Windows by New World Computing (July 15, 1992) +
vrs-dox.nfo 9982
 FAIRLIGHT: Complete Virtual Reality Studio Dox from Domark +
willhnts.nfo 9528
 FAIRLIGHT: Willy Beamish Hints and Solve +
word-dox.nfo 3298
 FAIRLIGHT: Complete Wordtris Documentation +
wordtris.nfo 4924
 FAIRLIGHT: Wordtris by Spectrum Holobyte +

There are 41 files for a total of 336,489 bytes.

+Important Credit: A portion of these files came from a site called the +Defacto2 Scene Archive, +and were acquired and saved by the folks of that group. They've done a +wonderful job on the site, and it is highly reccommended that you check +it out. + + diff --git a/textfiles.com/piracy/FAIRLIGHT/.windex.html b/textfiles.com/piracy/FAIRLIGHT/.windex.html new file mode 100644 index 00000000..8f96c23d --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/.windex.html @@ -0,0 +1,62 @@ + +T E X T F I L E S + +

Piracy Textfiles: Fairlight

+

+"Where Dreams Come True", until they were busted in 1992. +

+ + + + + +
+
Filename
Size
Description of the Textfile
big22.nfo 7749
 FAIRLIGHT: Big 22 (January 5, 1993) +
elitetrn.nfo 10483
 FAIRLIGHT: Elite II Trainer (October 27, 1993) +
eob2edit.nfo 9773
 FAIRLIGHT: Eye of the Beholder II Character Editor by Buckaroo Banzai +
flash100.nfo 4813
 FAIRLIGHT: Flashback 100 Percent Crackpatch and English Text (April 25, 1993) +
flt.nf1 6204
 FAIRLIGHT: Dungeon Master (July 18, 1992) +
flt.nfo 10673
 FAIRLIGHT: A Line in the Sand by SSI +
flt0592.nfo 7275
 FAIRLIGHT: Out of This World by Interplay (May 2, 1992) +
flt059~1.nfo 8203
 FAIRLIGHT: Tubular Worlds from Dongleware Trainer (May 7, 1994) +
flt1.nfo 9990
 FAIRLIGHT: Cool World by Ocean (November 19, 1992) +
flt1092.nfo 8116
 FAIRLIGHT: King's Quest VI Complete Solve +
flt1093.nfo 6876
 FAIRLIGHT: Positronic Bridge (October 13, 1993) +
flt1291.nfo 11083
 FAIRLIGHT: SupaPlex from Digital Integration LTD (Plus News) +
flt3.nfo 8422
 FAIRLIGHT: Cyber Empires by SSI (September 14, 1992) +
flt4.nfo 10897
 FAIRLIGHT: LA Law by Capstone (December 3, 1992) +
flt5.nfo 6604
 FAIRLIGHT: Barbie by H-Tech Expressions (July 10, 1992) +
fltpc.nfo 8060
 FAIRLIGHT: Castle of Dr. Brain Codes from Sierra On-Line +
global.nfo 7057
 FAIRLIGHT: Global Effect by Millenium (June 1st, 1992) +
gnb.nfo 8580
 FAIRLIGHT: Great Naval Battles by SSI (September 26, 1992) +
goblins.nfo 10361
 FAIRLIGHT: Goblins from CVS +
hoy3vga.nfo 8892
 FAIRLIGHT: Hoyles Book of Games III from Sierra On-Line +
hunt.nfo 3680
 FAIRLIGHT: Hunt for Red October +
infernal.nfo 10623
 INFERNAL AFFAIRS: Prince of Persia 2 Trainer and Dox (April 27, 1993) +
luigi.nfo 7617
 FAIRLIGHT: Luigi and Spaghetti from Spain (January 4, 1993) +
mael.nfo 8532
 FAIRLIGHT: Maelstrom (November 18, 1992) +
obitus.nfo 8669
 FAIRLIGHT: Obitus, from Psygnosis (January 27, 1991) +
obitusdx.nfo 8033
 FAIRLIGHT: Obitus Complete Documentation from Psygnoisis (January 28, 1991) +
pq3-dox.nfo 4268
 FAIRLIGHT: Complete Police Quest III Documentation (And Board List) +
pq3hints.nfo 4543
 FAIRLIGHT: Police Quest III Hints and Solutions from Sierra +
shadow.nfo 6046
 FAIRLIGHT: Shadowgate for Windows from Electronic Arts (December 5, 1992) +
shadow2.nfo 11356
 FAIRLIGHT: Shadowgate for Windows from Electronic Arts (December 5, 1992) +
siege.nfo 6204
 FAIRLIGHT: Siege by Mindcraft (July 18, 1992) +
simparc.nfo 11415
 FAIRLIGHT: The Simpsons Arcade Game from Konami +
steel.nfo 8670
 FAIRLIGHT: Steel Empire from Silicon Knights (April 15, 1992) +
steel2.nfo 7284
 FAIRLIGHT: Steel Empire from Silicon Knights (April 15, 1992) +
trn.nfo 8523
 FAIRLIGHT: Cannon Fodder from Sensible Software Trainer (May 1, 1994) +
vegas.nfo 16660
 FAIRLIGHT: Vegas Games for Windows by New World Computing (July 15, 1992) +
vegas2.nfo 6523
 FAIRLIGHT: Vegas Games for Windows by New World Computing (July 15, 1992) +
vrs-dox.nfo 9982
 FAIRLIGHT: Complete Virtual Reality Studio Dox from Domark +
willhnts.nfo 9528
 FAIRLIGHT: Willy Beamish Hints and Solve +
word-dox.nfo 3298
 FAIRLIGHT: Complete Wordtris Documentation +
wordtris.nfo 4924
 FAIRLIGHT: Wordtris by Spectrum Holobyte +

There are 41 files for a total of 336,489 bytes.

+Important Credit: A portion of these files came from a site called the +Defacto2 Scene Archive, +and were acquired and saved by the folks of that group. They've done a +wonderful job on the site, and it is highly reccommended that you check +it out. + + diff --git a/textfiles.com/piracy/FAIRLIGHT/big22.nfo b/textfiles.com/piracy/FAIRLIGHT/big22.nfo new file mode 100644 index 00000000..9ab6ce2e --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/big22.nfo @@ -0,0 +1,146 @@ + + + . + + + + ߲۲ ۲ ۲ ۲ ۲ ۲ ۲ ۲۲۲ + ܲ ߲ + ߱ ߱ ߱ + + + When Dreams Come True + + + + + + + + + + + + -PROUDLY PRESENTS- +ķ + BIG 22 +Ķ + Supplied by: THE PATTON Written by: ?????? + Cracked by: The TERMINATOR Protection: DOC CHECK + Packaged by: BLADE RUNNER Graphics/Sound: VGA/SB & ADLIB + Release Date: 1/05/93 12am Game Type: Card Game + Rating: CARD GAME YEAh # of Disks: 3 +Ķ + Game Notes: Well this is an Asian CARD game we put it out because it + is easy to play. Just type 'Crack' and a way you go. + THE Truth: The truth about Sinisiter is that it is only a courier group + The two main Courier leaders left FLT to make a new group, + they took many our couriers and with them many of our sites + Many of our site were miss informed by Sin. Members that + Say that Flt is dead.. Well we are not! NO FLT SUPPLIERS + Left the group. Just the couriers did. So all the that were + Misinformed Will be getting FLT support... Sinisiter IS JUST + Another Courier group.. To sinisiter I just say thanxs!!!! + You Guys make our work much easier.... You cut the useless + FAT out.. THANXS FOR PUTTING US ON A DIET. PEACE IN '93 +Ķ + Greets go out to: FAIRLIGHT AMIGA and THE HUMBLE GUYS +Ľ + + + ķ + Ķ -FLT- President + Ľ + + - Ford Perfect - + + ķ + Ķ -FLT- Senior Staff + Ľ + + Blade Runner, Orion, THE HAWK, VenoM + + ķ + Ķ -FLT- Members + Ľ + + Berserker, Beach Bum, FILA, Gank Master + Nemsis Enforcer, Night Ranger, Jack, Onyx + Silencer, Sicko, The Patton, Tom Brokaw + Macblue, Dark Bader, Hologram + The Terminator + + ķ + Ķ -FLT- Cheats/Trainers + Ľ + + Hare Krishna, Patch, Phoniex + Rescue Raider + + ķ + Ķ -FLT- Senior Couriers + Ľ + + Flyboy, Jester, Avalanche, Master Disaster + + ķ + Ķ -FLT- Couriers + Ľ + + Doom, Night Blade, Overseerer, Shadow Lord, + Butter Ball, Olan, Lion, Budsky, Mad Dog + Steel Thunder, Natas, Ranks + + + +ķ + -=FLT=- Boards +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + The Bog World HQ 312/???.???? Sicko + Digital Wasteland U.K. HQ +44-81BACKUP! Night Ranger + My Boomin' System (4 Nodes) Canadian HQ 514/PRI.VATE Blade Runner +Ķ + Body Count Member Board DIEGRIMREAPER VenoM + Rising Sun Member Board 813/YOU.WISH Orion + The Hood (2 Nodes) Member Board 416/YOU.WISH Berserker +Ľ + Def Con 4 Dist. Site 201/XXX.XXXX Devastor + Fourth Reich Dist. Site 916/XXX.XXXX Prince of Sin + Twilight Zone Dist. Site 504/XXX.XXXX Jack Flash + Tower Knowledge Dist. Site 404/XXX.XXXX The Sage + + + + + + + + + + + + +ķ + FAIRLIGHT is currently accepting Dist. Sites call Lithium logon on as + FAIRLIGHT APPLY password FAIRLIGHT. Leave your board #, voice #, and + best time to get in touch with you. + get in touch with you. + + FAIRLIGHT is looking for good couriers, if you are interested then logon + MBS with the account mentioned above. And leave your alias, name, + voice # and time to call. + + FAIRLIGHT is also looking for people that can Scan Docs, Code Loaders, + Make MODS, Crack, and Supply. If you are one of these people then call + Lithium with the FAIRLIGHT APPLY account and leave what you can do and + how to get ahold of you. + + CALL 514-937-2005 + + FAIRLIGHT 'When Dreams Come True' +Ľ + *** IF YOU LIKE THIS GAME, BUY IT! SOFTWARE AUTHORS DESERVE SUPPORT *** + + diff --git a/textfiles.com/piracy/FAIRLIGHT/elitetrn.nfo b/textfiles.com/piracy/FAIRLIGHT/elitetrn.nfo new file mode 100644 index 00000000..bec2dc98 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/elitetrn.nfo @@ -0,0 +1,190 @@ + + + + + + + + + + + + + + + + + + ANSiJED + + + + + ķ + Elite II Trainer + Ķ + Trained By: Martial Artist / FLT Written By: Gametek + Release Date: 10/27/93 Graphics: VGA + Packaged By: Martial Artist + Ķ + Ķ + Greets: Ben Jammin, The Shapeshifter, Ironbrand, Storm Lord, CRiMSON, + Mr. Goodwrench + Ľ + + Yo hey, Well I hope there are not too many more of these out there now + I liked this game on the C64, Never really understood it.. still don't + This trainer would have been much faster and BETTER if I really knew what + the point of this game was. But whatever, here it is anyhow... + + Place the file 'elitetrn.com' in your ELITE II directory + type ELITETRN to run the trainer.. + + While in the game, you can press Keypad-5 to get a help screen + Press Keypad-5 to get out of the help screen. + + Keypad-1 - Increases your money by the millions every time you press it + I cannot remember the number it gives you about + 1,600,000 $$$ when you press it.. it would be a normal figure + but they are using some stupid type of floating point decimal. + + Keypad-2 This gives you unlimited missiles.. + It used to give you dummymine, proximitymine, homing missile + smart missile, naval missile and a nuclear missile... + but That was unstable because it is differen't for all ships. + + Keypad-3 This increases your ships HOLDS by 1 everytime pressed + It is not updated on the screen immediately + + Keypad-4 ** this works when you start at the beginning, when you choose 1 + and start in the ROSS 154 system with an Eagle Long Range Fighter. + (might work with other ships.. not quite sure, dont have the + patience) + anyhow.. when you are in a front view and you press this key + (maybe a few times) you should see your % of shields being raised + if you don't then it probably isnt wise to use it... + This is best for beginners, so you dont die immediately.. + + + Anyhow, that's about it.. it took awile, there were some bugs, but I found them + fairly fast when I figured out they were with the memory re-allocation.. + (lame fucking bugs) + + Sooo Personal Greetings to: + + Hi.T.Moonweed - Thanx for the source to your FLAMES that I could destroy + and kill and maim to make my own creation in the trainer + screen.. and for the senseless fone calls.. Bollox + + Billy Wizz - CALL ME, I lost your address.. those tapes got fucked up + (Haggis peice of shit) + + Ben Jammin - Wow, looks like I joined ITU after all???? + + Warchild - Hey man, well looks like I joined you as well after all!!? + + Network - You Raving bastard, what's up, if you ever phreak gimme + a call, I still have those QEDIT macros you want + + Hard Core - Well man, it's a shame you couldn't get me a courier... + missin out on all these trainers... + (why the fuck would you let a cock sucker like hoson + Take over TDT???? bad move) + + Devious Doze - I Will be in Toronto some time soon.. for new years + Then I can finally meet you. + + Mystik Tiger - Hey man.. Want to hear from you soon.. gotta talk about + Mystik.. + + VLA - Think I will be joining you guys soon to release source + Code of lot's of shit.. should be cool.. + + Factory - Thanx for the stuff man.. + + Shadow Master - Can't you phreak yourself (always using people geeeeze) + + Digital Fuhrer- Well here it is.. LATE but it's here (hey I gotta sleep) + + Quazar - Yo hey, so those ansi's suuure would be nice + + Chaos 9 - My friend.. we will rock halloween. + + Renegade Chemist - What's up man... how's college + + Butcher - It's been a long time.. how's the industrial parts going? + + Witch Kind - Gimme a call.. or did your phreak nigger (Gangsta Rok) + die or something + + Gangsta Rok - just kidding your not a nigger (unless Ken gets ahold of you) + + TO ALL Call my bbs, cauze it's dieing.. + The Faultine (see number below) + + + + Ŀ + Ĵ -= FLT Staff =- + + Strider, Warchild, + War Master, Bainster, Fourth Reich, Forced Entry, + General Zennor, Icepic, Rupert, Avalon, Lightning Hopkins, + Cetis, White Rose, + + + Ŀ + Ĵ -= FLT Trainer/Dox =- + + Digital Fuhrer, Shadow Master, Quazar, + Martial Artist, Mason King, + Byte Spiker, Factory + + Ŀ + Ĵ -=FLT=- Couriers + + + Nueromage, Vanilla Ice, Blitzkreig, Holo Dream, + Duke, Sassy, The Dutchmen + + ķ + - Fairlight Boards - + Ķ + BOARD NAME POSITION NUMBER SYSOP + Ķ + World HQ /PRI.VATE + Courier HQ /PRI.VATE + Craftworld Can HQ /PRI.VATE Slum Dweller + The City U.S.H.Q. 813/PRI.VATE Bainster + Vangaardium Aust HQ +61 /PRI.VATE Icepic + The CyberReich Trainer HQ 404/PRI.VATE Digital Fuhrer + Ķ + Legion of Doom Dist Site 203/XXX.XXXX The Phantom + Mechanical Resistance Dist Site 708/XXX.XXXX Mr. Goodwrench + Hemispheres Dist Site 404/XXX.XXXX Radar + Annihilation Nation Dist Site 403/XXX.XXXX Liquid Flesh + X Factor Dist Site /XXX.XXXX Manufactor + Devil's Nightmare Dist Site /XXX.XXXX Elminator + Demilitarized Zone Dist Site /XXX.XXXX Mercenary + Mother Load Dist Site ITS/PRI.VATE + Muscle Beach Dist Site 203/XXX.XXXX Jp + Ľ + ķ + - Trainer Division - + Ķ + BOARD NAME POSITION NUMBER SYSOP + Ķ + The Fault Line Canadian HQ 403/288.5635 Martial Artist + 403/288.8402 + Ķ + Hydrogen Palace Dist Site 613/XXX.XXXX LoRD NuKE + APPLY NOW! Dist Site XXX/XXX.XXXX + APPLY NOW! Dist Site XXX/XXX.XXXX + Ľ + + ķ + + Fairlight / FLT Trainers are looking for DISTRIBUTION SITES.. Apply NOW! + If you're not satisfied with your current group, then let us know! + + Ľ diff --git a/textfiles.com/piracy/FAIRLIGHT/eob2edit.nfo b/textfiles.com/piracy/FAIRLIGHT/eob2edit.nfo new file mode 100644 index 00000000..1fd686d3 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/eob2edit.nfo @@ -0,0 +1,160 @@ + Ŀ + USA/FLT United Software Association USA/FLT + Fairlight PC Division + USA Cheats Department + + Proudly Presents + + Eye of The Beholder ][ Character Editor + + By + + USA/FLT Buckaroo Banzai USA/FLT + +Ŀ + + Cheat Notes: Read the eob2edit.dox for all the info. Thanks Buckaroo! + + +Ŀ + + What's Up With USA/FLT? + ~~~~~~~~~~~~~~~~~~~~~~~ + Still need more couriers... Fill out an app and get it to us. + + +Ŀ + + Greets: INC, TC, CH + + + + - USA/FLT Senior Staff - + + Genesis, Silencer, The NotSoHumble Babe + + + - USA/FLT Members - + + Black Jack, Buckaroo Banzai, Fire, General Zennor, HAL9000, Harry Lime, + Lord Blix, Lord Sterling, Marko Ramius, Minor Threat, R. Bubba + Magillicutty, Repo Man, Static, The Guch and The Necromancer + + + - FairLight PC Members - + + Strider + + + - The USA-DoX Team - + + Caramon, FAThead, Genesis, Kublai Khan, Repo Man + + + - USA/FLT Couriers - + + -Senior- + + Heavy Metal and Tomkat + + -Normal- + + Alexis Machine, Dr. Crippen, Morpheus and Scorch + + -Trial- + + Egocentrix and Electric Element + +Ŀ + - USA/FLT Boards - +Ĵ + BOARD NAME POSITION NUMBER SYSOP +Ĵ + BBS-A-Holic Western Home 213/PRI.VATE Genesis + Enterprize Elite Eastern Home 313/PRI.VATE Static / The NSH Babe +Ĵ + The Mudd Club Member Board 713/347.1416 Lord Blix + The Inferno Member Board 416/493.9927 Harry Lime + The Rush Board Member Board 313/348.6057 The Necromancer + House Of Lords Member Board 714/681.9219 Lord Sterling + Radioactive Decay Member Board 213/923.4447 Repo Man + Infinity Member Board 914/229.8483 Fire + High Intensity Member Board 512/385.4912 Marko Ramius +Ĵ + World of Mirage Dist Site 718/898.8421 The Widowmaker + The Richter Scale Dist Site 516/754.6402 Earthquake + Elysium BBS Dist Site 508/468.7636 Squire + Khaotic Attractor Dist Site 508/970.5306 Mr Wyzard + The Powerdome Dist Site 901/872.3715 Electron + Modular Madness Dist Site 512/219.8045 Fatal Error + The Paki's Smell Dist Site 604/261.8182 Skeleton Secretary + Cloak & Dagger Dist Site 516/791.2156 Surak + The 4th Dimension Dist Site 813/948.1635 Time Traveler + The Krack House Dist Site 614/882.5546 Rainman + + +Ŀ + - USA/FLT Support Nodes - +Ĵ + + The World Of Krynn - Down River Elite - Amiga World - The End + + + + So you wanna be a USA Dist Site or Member huh? + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + If you are interested in becoming a USA/FLT Dist Site or Member, please + contact Genesis at BBS-A-Holic or TNSH Babe at Enterprise Elite. Tell + us what you have to offer to USA/FLT and you will be considered. All + of our members and dist sites are completely functional. This means + they all help the group in some way. If you can't or don't want to do + anything to help out, and just want to sit there and run a dist site, + then forget it. But if think you have something to offer and you want + to help the newest up and coming group reach the top, give us a call. + USA/FLT Support Nodes are also available, inquire any Senior Staff + Member for details, or call the VMB and leave your info. + + + So you wanna be a USA Courier huh? + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Fill out a USA/FLT courier application and send it up to + BBS-A-Holic, private for Genesis. + +Ŀ + + You may contact us by mail at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + USA/Fairlight + 35526 Grand River, Suite 121 + Farmington Hills, MI 48335 + + OR + + Fairlight + P.O. Box 6 + 23600 Hollviken + Sweden + +Ĵ + + You may contact us by phone at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + The USA/Fairlight VMB + + 716-987-1151 + +Ĵ + + *** S P E C I A L O F F E R *** + + VHS Movies Available - Write To Address Below For Info: + + Skid Row + Postrestante + 8450 Hammel + Denmark + + + diff --git a/textfiles.com/piracy/FAIRLIGHT/flash100.nfo b/textfiles.com/piracy/FAIRLIGHT/flash100.nfo new file mode 100644 index 00000000..80782175 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/flash100.nfo @@ -0,0 +1,76 @@ + + + + + + + + + + + + + + + + + ANSiJED + + + + + +ķ + PRESENTS: FlashBack 100% crackpatch and English Text +Ķ + Supplied By: - Written By: Black Shadow + Cracked By: Black Shadow Graphics: 8/10 + Packaged By: Black Shadow Sound: 7/10 + Release Date: 04/25/93 Rating: 10/10 +Ķ + + Game Notes: Well, well.. I guess there was a second protection afterall. + Just copy 'FLTFLASH.COM' to the FB directory and then copy + 'FR_CINE.TXT' to the DATA directory, and then run the + FLTFLASH.COM proggy to completely crack the game.. + Have fun with this... /Black Shadow + + PS. A full 100% English version will be released soon... + PPS. A file with the levelcodes is also included... + +Ķ + Greets: The Dream Team,Razor 1911,Hybrid +Ľ + + + Ŀ + Ĵ PROUD FAiRLiGHT MEMBERS: + + + STRIDER, BLACK SHADOW + + Dragon, Will Stanton, Axel & Striker + + +ķ + PROUD FAiRLiGHT BULLETIN BOARDS: +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + Seventh Heaven European HQ +46-40-303408 Black Shadow + Dragon's Lair - Node 1 Swedish HQ +46-42-162417 Dragon + - Node 2 +46-42-162419 + Dyer's Eve Swedish HQ +46-8-7618456 Will Stanton +Ķ + Road to Nowhere (4 Nodes) Support Board 310-947-3299 The Legend +Ķ + ** SPACE FOR RENT ** Distrib. Site ** YOUR NUMBER HERE ** +Ľ + +ķ + FAiRLiGHT is looking for LOYAL MEMBERS who are dedicated to QUALITY! + Call : 7th Heaven - EHQ - +46-40-303408 or + Write to : FAiRLiGHT , P.O. Box 6 , 236 00 Hollviken, Sweden +Ľ + + *** IF YOU LIKE THIS SOFTWARE, BUY IT! SOFTWARE AUTHORS DESERVE SUPPORT *** diff --git a/textfiles.com/piracy/FAIRLIGHT/flt.nf1 b/textfiles.com/piracy/FAIRLIGHT/flt.nf1 new file mode 100644 index 00000000..4b078371 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/flt.nf1 @@ -0,0 +1,105 @@ + + + + + + + + + + + + + + + + + ANSiJED + + + + + +ķ + PRESENTS: Dungeon Master +Ķ + Supplied By: Mournblade/Flashback Written By: FTL + Cracked By: N/A Graphics: VGA/EGA + Packaged By: Heretic Sound: SB/Adlib/Tandy/SS/PC + Release Date: 07/18/92 Rating: 7/10 +Ķ + + Game Notes: This is not quite as good as the amiga version, but here it + is anyway. A good D&D type game. We played it for an hour + or so and found no protection. + + Bragging to put you into one of the most detailed dungeons + ever, this is sure to be a favorite of the adventure game + players. + +Ķ + Greets: Catalyst, Grimstalk, Strider and Mournblade! +Ľ + + + + Ŀ + Ĵ -=FLT=- Senior Staff + + + Heretic, Mournblade, Strider + + Ŀ + Ĵ -=FLT=- Members + + + Grimstalk (Courier Co-Ordinator), Lord Blix, VenoM, + R. Bubba Magillicutty, FlashBack, Ryec, Kintaro, Doc Holiday, + Hagbard Celine, Skeleton Secretary & Wolverine + + Ŀ + Ĵ -=FLT=- Couriers + + + Catalyst, Coyotes Member, Felonius Monk, Gank Master, + Lord Nelson, Mind Bomb, Pharoah & The Sleepwalker + + Ŀ + Ĵ -=FLT=- Docs & Cheats + + + EarthQuake, Tank + + +ķ + -=FLT=- Boards +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + Whirlwind World HQ 416/PRI.VATE Heretic + The BANE Of The BLACK SWORD Courier H.Q. XXX/PRI.VATE Mournblade + Apocalypse (3 Nodes) U.S. HQ 703/PRI.VATE P.O.W. +Ķ + Body Count Member Board 516/PRI.VATE VenoM + Marvel Universe Member Board 215/PRI.VATE Wolverine + Neo-Tokyo Member Board 604/PRI.VATE Skeleton Sec. + The Outer Limits Member Board 313/PRI.VATE FlashBack +Ķ + D'M0B Dist Site 604/XXX.XXXX Chaos Master + Pirate Mind Station Dist Site 314/567.3833 Felonius Monk + Purple Haze Dist Site 313/XXX.XXXX Speedball + Psychonuerosis Dist Site 301/946.3835 Gank Master + The Prison Dist Site 615/758.8731 The Warden + The Richter Scale Dist Site 516/XXX.XXXX EarthQuake + The World of Krynn Dist Site 313/XXX.XXXX Caramon + Wintermute Dist Site 514/XXX.XXXX Case +Ľ + +ķ + + Fairlight needs good people. Couriers, Distribution Sites etc. If you're + not satisfied with your current job let us know! FLT Rockin' 92'! + +Ľ + + \ No newline at end of file diff --git a/textfiles.com/piracy/FAIRLIGHT/flt.nfo b/textfiles.com/piracy/FAIRLIGHT/flt.nfo new file mode 100644 index 00000000..ace505c9 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/flt.nfo @@ -0,0 +1,185 @@ + + + . + + + + ߲۲ ۲ ۲ ۲ ۲ ۲ ۲ ۲۲۲ + ܲ ߲ + ߱ ߱ ߱ + + + When Dreams Come True + + + + + + + + + + + + -PROUDLY PRESENTS- +ķ + A Line in the Sand +Ķ + Supplied by: FORD PERFECT Written by: SSI + Cracked by: SIR TERMINATOR Protection: Doc Check + Packaged by: SIR Blade Runner Graphics/Sound: ALL + Release Date: Dec 17. Game Type: Strategy + Rating: 5/10 # of Disks: 1 +Ķ + + + Game Note: This is another release by FLT. + + + +Ķ + Greets go out to: All FLT COURIERS... PEACE to all the OP's +Ľ + + ķ + Ķ -FLT- Main Organizers + Ľ + + FLT Euro Division - STRIDER + FLT USA Division - Ford Perfect + + ķ + Ķ -FLT- Senior Staff + Ľ + + Blade Runner, Nuclear War, ORION + THE HAWK, VenoM + + ķ + Ķ -FLT- Members + Ľ + + ACE, Berserker, Beach Bum, Black Shadow, Califboy + Dennis the Menace, Nuclear War, Doctor Bombay, Flashback + FILA, Iceberg, Jack, Kingpin, Larual & Hardy, MICHELANGELO + New Kids, Night Ranger UK, Orion, RADAR, Rifleman, Selim & Rudi + Shadow Angel, Silencer, SkaTeMasTer, Sparky, Subzero + The Terminator, Tom Brokaw, Ufonaut, Union Jack + + ķ + Ķ -FLT- Senior Couriers + Ľ + + Dirty Frank, Doctor Bombay, Dorian Hawkmoon + Fourth Reich, Gank Master, Mind Bomb + Overlord, Pagan + + ķ + Ķ -FLT- Couriers + Ľ + + Always Dangerous, Arch Angel, Armoured Saint, Avalanche + Darkstar, Doom, Enforcer, Fear, Flyboy, Fresh Kid Ice, Fugazi + Fugazi, Genicide, Genocide, Ghost Pilot, Godfather, Havok, Insector X + James Bomb, JC Poon, Jester, King Meat, Lips, Malachai, Master of Diaster + Nightblade, Oolan, Pagan, Plague, Raging Bull, Raven, Rick Hunter, Rougue + Sai Kotic, Shadowlord, Stalker, Steel Thunder, The Destroyer, The Judge + The Outcast, Touchtone, Traumatic Breakdown, Unsettled Soul, Viper + X-Man, Zakafein + + ķ + Ķ -FLT- Cheats/Trainers + Ľ + + The Phoney Coders + Hare Krishna, Patch + Rescue Raider, The Phrophet, The Weasel + + + ķ + Ķ -FLT- DOXS + Ľ + + Crystal Warrior & Kublai Khan + Fourth Reich, Hellspawn, Hell Bound + HELLION + +ķ + -=FLT=- Boards +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + Body Count World HQ 516/DIE.MIKE VenoM + Digital Wasteland U.K. HQ +44-81BACKUP! Night Ranger + Unlimited Access (3 Nodes) German HQ +49-30BACKUP! Sparky + My Boomin' System (4 Nodes) Canadian HQ 514/PRI.VATE Blade Runner + HMS Bounty (4 Nodes) US West Cour HQ 714/PRI.VATE Fletcher + Sin City (6 Nodes) US East Cour HQ 813/PRI.VATE Hellion +Ķ + Crime Ring Member Board 714/YOU.WISH Kingpin + Golden Spires Member Board 416/YOU.WISH Master-Tech + Harmony Skates (2 Nodes) Member Board 718/ViS.iONX SkateMaster + Lithium Member Board 813/YOU.WISH Shadow Angel + Manhattan Project (2 Nodes) Member Board 503/YOU.WISH Rifleman + Narcotik Illusion Member Board 703/YOU.WISH Con Artist + Pirate Mind Station Member Board 314/YOU.WISH Felonius Monk + Rising Sun Member Board 813/YOU.WISH Orion + The Outer Limits (2 Nodes) Member Board 313/YOU.WISH FlashBack + The Hood (2 Nodes) Member Board 416/YOU.WISH Berserker + UnderWorld Member Board 916/YOU.WISH Califboy +Ķ + After Midnight Dist Site 310/XXX.XXXX The Painter + Bubba Land Dist Site 407/XXX.XXXX Bubba + Covert Action ][ Dist Site 818/XXX.XXXX Contra + CyberWars Dist Site 908/XXX.XXXX Fearless Leadr + Eldar's Craftworld Dist Site 418/XXX.XXXX Slum Dweller + Enigma Dist Site 201/XXX.XXXX Holy Avenger + Fourth Reich Dist Site 916/XXX.XXXX Prince of Sin + Gator Crator Dist Site 318/XXX.XXXX Gatorman + Infinite Ragnarok Dist Site 916/XXX.XXXX Jormungand + Private Collection Dist Site 305/XXX.XXXX Wild Child + Park Centeral Dist Site 708/XXX.XXXX Silver V + Second Sight Dist Site 416/XXX.XXXX Phalon + The City Dist Site 813/XXX.XXXX The Bainster + The Game Grid Dist Site 513/XXX.XXXX Tron + The Prison Dist Site 615/XXX.XXXX The Warden + The Sewer Dist Site +47/67.33292 Phoenix + The Wooden Boxcar Dist Site 606/XXX.XXXX Packrat + Tower of Knowledge Dist Site 404/XXX.XXXX The Sage + Twilight Zone Dist Site 504/XXX.XXXX Jack Flash + Wintermute Dist Site 514/XXX.XXXX Case +Ľ + + + + + + + + + + + + +ķ + FAIRLIGHT is currently accepting Dist. Sites call Lithium logon on as + FAIRLIGHT APPLY password FAIRLIGHT. Leave your board #, voice #, and + best time to get in touch with you. + get in touch with you. + + FAIRLIGHT is looking for good couriers, if you are interested then logon + Lithium with the account mentioned above. And leave your alias, name, + voice # and time to call. + + FAIRLIGHT is also looking for people that can Scan Docs, Code Loaders, + Make MODS, Crack, and Supply. If you are one of these people then call + Lithium with the FAIRLIGHT APPLY account and leave what you can do and + how to get ahold of you. + + Lithium - 813-799-4417 + + FAIRLIGHT 'When Dreams Come True' +Ľ + *** IF YOU LIKE THIS GAME, BUY IT! SOFTWARE AUTHORS DESERVE SUPPORT *** + + diff --git a/textfiles.com/piracy/FAIRLIGHT/flt0592.nfo b/textfiles.com/piracy/FAIRLIGHT/flt0592.nfo new file mode 100644 index 00000000..efd809b8 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/flt0592.nfo @@ -0,0 +1,113 @@ + + + + + + + + + + + P R O U D L Y P R E S E N T S + + .....OUT OF THIS WORLD..... + + Ŀ + Program By: InterPlay Graphic Support: MOST + Ĵ + Cracked By: R. Bubba Magillicutty Sound Supported: FULL/ALL + Ĵ + Date of Release: May 2nd ,1992 Controls: Keyboard/Mouse/Joystick + Ĵ + + Protection: All Scripts. Only Mr. Bubba's Touch was good enough. + ~~~~~~~~~~ + + + + Game Hype: This is the US version and has 30 more screens (we heard) + ~~~~~~~~~~ and full sound and graphics support. A definite Keeper! + We kept it for a few days to check it out....... + + + Installation: Same as Another World. + ~~~~~~~~~~~~~ + + Shout outs: Go out to Ice Nine for Supplying and couriering, and + ~~~~~~~~~ not being at the prom! + + + + + Fairlight PC Division Staff + ~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Senior Staff: STRIDER, NEMESIS ENFORCER, TRICK LORD + HERETIC, BLADE RUNNER + + Members: PSYLOCKE, THE TERMINATOR, GRIMSTALK + FIRE, NIGHTSTICK, BUCKAROO BANZAI + MARKO RAMIUS, BLACK JACK, MINOR THREAT + HEAVY METAL, DOCTOR CRIPPEN, HARDWIRE + THE NECROMANCER, COYOTES MEMBER, MR. MIXTY + ALEXIS MACHINE, SILENT ASSASSIN, LORD STERLING + MIDNIGHT MODIFIER, ICE NINE + + + + FAIRLIGHT PC DISTRIBUTION ۲ + Ŀ + Board Name Phone Number SysOp INFO/NUP + Ĵ + Rivendell 217/PRI.VATE Trick Lord World HQ + Whirlwind 416/PRI.VATE Heretic Canada HQ + My Boomin'System 514/PRI.VATE Blade Runner Courier HQ + F/X 914/PRI.VATE Fire Eastern HQ + Ĵ + Paki's Smell 604/PRI.VATE Skeleton Secretary + Modular Madness 512/PRI.VATE Fatal Error + Dark Star ITS/PRI.VATE Warhawk + Power Surge ITS/PRI.VATE Ice Nine + Pirate Domain 416/762.1765 Union Jack + Quaratine ITS/PRI.VATE Night Stick + Virtual Reality ITS/PRI.VATE Midnight Modifier + Siren of Death ITS/PRI.VATE Darkman + d'M0b ITS/PRI.VATE Chaos Master + Richter Scale 516/754.6402 Earthquake + Street Spyders 713/266.8330 Maverick 'Beam Me Up' + The Lab 514/858.1326 Pr. Sinister + Marvel Universe 215/758.8644 Wolverine + + + Look for our new Trainers and Cheats division coming to + a theater near you! We just keep getting better and better... + ************* + + -->>> NEED A LIFE? WELL.... <<<-- + Call our WORLD HEADQUARTERS listed above. + The NUP for Rivendell-217 is 'originals'. + Now accepting new users...maybe. + + Ŀ + + You may contact us by mail at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + -->>FAIRLIGHT PC<<-- -->FLT AMIGA/PC<-- -->>FLT AMIGA<<-- + =================================================================== + FAIRLIGHT PC AMERICA FAIRLIGHT WORLD HQ FAIRLIGHT AMERICA + PO BOX 6864 PO BOX 6 PO BOX 268 + CHAMPAIGN, IL 61826-6864 23600 HOLLVIKEN AMISSVILLE, VA 22002 + U.S.A. SWEDEN U.S.A. + + You may contact us by phone at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + 716-987-1151 + + + + + Look for some wicked Fairlight Releases coming to an INC site near YOU! + + \ No newline at end of file diff --git a/textfiles.com/piracy/FAIRLIGHT/flt059~1.nfo b/textfiles.com/piracy/FAIRLIGHT/flt059~1.nfo new file mode 100644 index 00000000..2cbf315d --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/flt059~1.nfo @@ -0,0 +1,125 @@ + + + + + + + + + + + + + + + + + + + ANSiJED + + + + + +ķ + PRESENTS: TUBULAR WORLDS FROM DONGLEWARE [+1] TRAINER +Ķ + Supplied By: TRSI Written By: Fornicator + Cracked By: - Graphics: -/10 + Packaged By: Ken Buddha Sound: -/10 + Release Date: 05/07/94 Rating: -/10 +Ķ + Decent game. + + FairLight is re-structuring for maximum efficiency! FairLight is dedicated + to quality and not quantity. We extend a courteous hand to fellow groups + in the pirate community. Always looking for talented and loyal people. + + If you are interested in contributing call the FairLight 24HR VMB at + + 619-497-1580 + +Ķ + Greets go out to all cool FairLight members and to all other cool people +Ľ + + Ŀ + Ĵ FAiRLiGHT PC PRESIDENT + + + BLACK SHADOW + + Ŀ + Ĵ FAiRLiGHT PC VICE PRESIDENT + + + STRIDER + + Ŀ + Ĵ FAiRLiGHT PC MEMBERS + + + Judge, Ken Buddha, Moocher, Genius, Exolon, + Fornicator, Coroner, Lust Lord, Ranx, + Splatt, Skol and JBM + + Ŀ + Ĵ FAiRLiGHT PC COURIER TEAM + + + Rebound,Screwball + +ķ + PROUD FAiRLiGHT BULLETIN BOARDS: +Ķ + BOARD NAME POSITION NODES NUMBER SYSOP +Ķ + 7th Heaven European HQ 2 +46-Private Black Shadow + +46-Private (With TERBO!) + 2nd Phobia Member Board 1 +46-Private Judge + Realms of Death Member Board 1 +xx-Private Unlisted + +Ķ + ** SPACE FOR RENT ** Distrib. Site ** YOUR NUMBER HERE ** +Ľ +ķ + + FAIRLIGHT TRADING, INC IS YOUR BEST SOURCE FOR CONSOLE BACK-UP UNITS + AND IS THE LARGEST DISTRIBUTOR FOR FRONT FAR EAST CORP. WE STOCK + THE FOLLOWING UNITS ; SUPER WILD CARD & SUPER MAGIC DRIVE! + + WE ARE LOOKING FOR RE-SELLERS WORLDWIDE! CALL US *NOW* : + + U.S.A. ; 1-800-FAIRLIGHT + INTERNATIONAL ; 1-619-282-5311 + 24HRS FAX ; 1-619-282-1780 + +Ľ +ķ + + Call the FairLight Party-Girls 24 hrs! Live 1-on-1 action!! + + 1-900-288-9155 + 9735 + + $3.99 per min. Must be 18 yrs. Procall Co. (602) 631-0615 + +Ľ +ķ + + Write to FairLight : + + FairLight, P.O. Box 5, 1410 Waterloo, Belgium + +Ľ +ķ + FAiRLiGHT is looking for LOYAL MEMBERS who are dedicated to QUALITY! + Call : 7th Heaven - EHQ + Write to : FAiRLiGHT PC, P.O. Box 6 , 236 00 Hollviken, Sweden + Don't write if you want to have games and stuff, only membership + applications and such will be looked at, all other mail will be + trashed... And we don't SELL games so don't even think about it! +Ľ + + *** IF YOU LIKE THIS SOFTWARE, BUY IT! SOFTWARE AUTHORS DESERVE SUPPORT *** + \ No newline at end of file diff --git a/textfiles.com/piracy/FAIRLIGHT/flt1.nfo b/textfiles.com/piracy/FAIRLIGHT/flt1.nfo new file mode 100644 index 00000000..968f3e2e --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/flt1.nfo @@ -0,0 +1,174 @@ + + + . + + + + ߲۲ ۲ ۲ ۲ ۲ ۲ ۲ ۲۲۲ + ܲ ߲ + ߱ ߱ ߱ + + + When Dreams Come True + + + + + + + + + + + + -PROUDLY PRESENTS- +ķ + Cool World +Ķ + Supplied by: FILA/New Kids Written by: OCEAN + Cracked by: ONYX Protection: Copy Lock 2 + Packaged by: THE HAWK Grahpics/Sound: VGA 16/256 + Release Date: 11/19/92 Game Type: ARCADE + Rating: COOL # of Disks: 2 (1.2 Megs) +Ķ + Game Notes: This is a pretty cool jump & run arcade game and fun + to play. It even has SMOOTH scrolling on my 486/33. + Look for a trainer out tonight. + + + Group Notes: Anyone interested in joining PhelonyNet (FIDO compatible) + send EMail to Crusher or SkateMaster. + + + Personal Greets: ONYX, Blade Runner/THE TERMINATOR (Having Fun GUYS??) +Ķ + Greets go out to: TriStar RedSector, The Humble Guys, and XEROX +Ľ + + ķ + Ķ -FLT- Main Organizers + Ľ + + FLT Euro Division - STRIDER + FLT USA Division - Ford Perfect + + ķ + Ķ -FLT- Senior Staff + Ľ + + Blade Runner, Con Artist, Silent Stalker + THE HAWK , VenoM + + ķ + Ķ -FLT- Members + Ľ + + ACE, Berserker, Beach Bum, Black Shadow, Califboy, Crusher + Dennis the Menace, Doctor Bombay, Flashback, FILA, Iceberg + Jack, Kingpin, Larual & Hardy, MICHELANGELO, Night Ranger UK + Orion, RADAR, Rifleman, Selim & Rudi, Shadow Angel, SkaTeMasTer + Sparky, Subzero, The Terminator, Tom Brokaw, Ufonaut, Union Jack + + ķ + Ķ -FLT- Senior Couriers + Ľ + + Dirty Frank, Doctor Bombay, Dorian Hawkmoon + Fourth Reich, Gank Master, Overlord + + ķ + Ķ -FLT- Couriers + Ľ + + Always Dangerous, Arch Angel, Avalanche, Budski + Confucious, Dark Star, Destroyer, Doom, Enforcer, Flyboy + Ghost Pilot, Godfather, Havok, James Bomb, Jester, King Meat + Master of Diaster, Night Blade, Pagan, Plague, Raging Bull + Rick Hunter, SaiKotic, Stalker, Steel Thunder, The Destroyer + The Outcast, Touchtone, Traumatic Breakdown + Unsettled Soul, Viper, X-Man, Zakafein + + ķ + Ķ -FLT- Cheats/Trainers + Ľ + + The Phoney Coders + Hare Krishna, Patch + The Phrophet, The Weasel + + ķ + Ķ -FLT- DOXS + Ľ + + Crystal Warrior & Kublai Khan + Fourth Reich, Hellspawn, Hell Bound + HELLION +ķ + -=FLT=- Boards +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + Body Count World HQ 516/DIE.MIKE VenoM + Golden Spires Canadian HQ 416/PRI.VATE Master-Tech + Unlimited Access (3 Nodes) German HQ +49-30BACKUP! Sparky + My Boomin' System (4 Nodes) Can. Courier HQ 514/PRI.VATE Blade Runner + HMS Bounty (4 Nodes) US West Cour HQ 714/PRI.VATE Fletcher + Sin City (6 Nodes) US East Cour HQ 813/PRI.VATE Hellion +Ķ + Crime Ring Member Board 714/YOU.WISH Kingpin + Eyes Of The Dragon Member Board 207/YOU.WISH Crusher + Harmony Skates (2 Nodes) Member Board 718/ViS.iONX SkateMaster + Lithium Member Board 813/YOU.WISH Shadow Angel + Manahattan Project Member Board 502/YOU.WISH Rifleman + Rising Sun Member Board 813/YOU.WISH Orion + The Outer Limits (2 Nodes) Member Board 313/YOU.WISH FlashBack + The Hood (2 Nodes) Member Board 416/YOU.WISH Berserker +Ķ + After Midnight Dist Site 310/XXX.XXXX The Painter + Bubba Land Dist Site 407/XXX.XXXX Bubba + Covert Action ][ Dist Site 818/XXX.XXXX Contra + CyberWars Dist Site 908/XXX.XXXX Fearless Leadr + Eldar's Craftworld Dist Site 418/XXX.XXXX Slum Dweller + Enigma Dist Site 201/XXX.XXXX Holy Avenger + Fourth Reich Dist Site 916/XXX.XXXX Prince of Sin + Gator Crator Dist Site 318/XXX.XXXX Gatorman + Infinite Ragnarok Dist Site 916/XXX.XXXX Jormungand + Park Centeral Dist Site 708/XXX.XXXX Silver X + Second Sight Dist Site 416/XXX.XXXX Phalon + The Game Grid Dist Site 513/XXX.XXXX Tron + The Prison Dist Site 615/XXX.XXXX The Warden + The Sewer Dist Site +47/67.33292 Phoenix + Twilight Zone Dist Site 504/XXX.XXXX Jack Flash + Wintermute Dist Site 514/XXX.XXXX Case +Ľ + + + + + + + + + + + + +ķ + FAIRLIGHT is currently accepting Dist. Sites call Sin City, logon on as + VISITOR password FAIRLIGHT. Leave your board #, voice #, and best time to + get in touch with you. + + FAIRLIGHT is looking for good couriers, if you are interested then logon + Sin City with the account mentioned above. And leave your alias, name, + voice # and time to call. + + FAIRLIGHT is also looking for people that can Scan Docs, Code Loaders, + Make MODS, Crack, and Supply. If you are one of these people then call + Sin City with the VISITOR account and leave what you can do and how to + get ahold of you. + + FAIRLIGHT 'When Dreams Come True' +Ľ + *** IF YOU LIKE THIS GAME, BUY IT! SOFTWARE AUTHORS DESERVE SUPPORT *** + + diff --git a/textfiles.com/piracy/FAIRLIGHT/flt1092.nfo b/textfiles.com/piracy/FAIRLIGHT/flt1092.nfo new file mode 100644 index 00000000..13a3a46e --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/flt1092.nfo @@ -0,0 +1,130 @@ + + + + + + + + + + + + + + + + ANSiJED + + + + + +ķ + PRESENTS: King's Quest VI Complete SOLVE +Ķ + Supplied By: Kublai Khan Written By: Sierra + Cracked By: N/A Graphics: 256 VGA + Packaged By: Kublai Khan Sound: ALL + Release Date: 10/05/92 Rating: N/A +Ķ + + Doc Notes: Well, here is the complete Solve/Walkthru for the 'not + yet' released King's Quest VI: Heir Today, Gone Tommorow. + Check out our new Dox viewer system! + + + + + Group Notes: Wonder who's gonna release it. (Duh?) + + + +Ķ + Greets: SkaTeMasTer, Black Spyrit, and the rest... +Ľ + + + Ŀ + Ĵ -=FLT=- Senior Staff + + + MOURNBLD, Strider + + Ŀ + Ĵ -=FLT=- Members + + + Blade Runner, Con Artist, Crusher, FlashBack, Ford Perfect + The Gh0dess, Hannibal Lektor, The Hawk, Lord Blix, Night Ranger + Night Ranger UK, Orion, Skeleton Secretary + The Terminator, VenoM, Wolverine + + Ŀ + Ĵ -=FLT=- Senior Couriers + + + Berserker, Doctor Bombay, Shadow Angel, SkaTeMasTer + + Ŀ + Ĵ -=FLT=- Couriers + + + Arch Angel, Battle Axe, Coyotes Member, Cross, Destroyer + Dirty Frank, Feedback, Hellion, James Bomb, Kinetic Energy + Lethal Injection, Mind Bomb, Mystic Whiz + Prince of Sin, Sherlock Ohms + + Ŀ + Ĵ -=FLT=- Docs, Cheats & VGA + + + Dr. Crippen, Eloi, Hare Krishna, Network, + Revelation, Tank, The Weasel + + +ķ + -=FLT=- Boards +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + The BANE Of The BLACK SWORD World HQ XXX/PRI.VATE MOURNBLD + Golden Spires Canadian HQ 416/PRI.VATE Master-Tech + My Boomin' System (4 Nodes) Can. Courier HQ 514/PRI.VATE Blade Runner + HMS Bounty (4 Nodes) U.S. Courier HQ 714/PRI.VATE Fletcher +Ķ + Body Count Member Board 516/DIE.FEDS VenoM + Eyes Of The Dragon Member Board 207/YOU.WISH Crusher + Marvel Universe Member Board 215/YOU.WISH Wolverine + Neo-Tokyo Member Board 604/YOU.WISH Skeleton Sec. + Nuclear Wastelandz Member Board 011/YOU.WISH Night Rang UK + The Nectar Base Member Board 602/YOU.WISH The Gh0dess + The Outer Limits (2 Nodes) Member Board 313/YOU.WISH FlashBack +Ķ + Beyond The Realm Of Reality Dist Site 310/869.9484 Legend Master + Bubba Land Dist Site 407/XXX.XXXX Bubba + The Burrows Dist Site 310/XXX.XXXX Weasel + CyberWars Dist Site 908/654.1290 Fearless Leade + Eldar's Craftworld Dist Site 418/XXX.XXXX Slum Dweller + Enigma Dist Site 201/XXX.XXXX Holy Avenger + Hydrogen Palace Dist Site 613/XXX.XXXX LoRD NuKE + Medieval Crypt Dist Site 214/XXX.XXXX Medieval Magi + Infinite Ragnarok Dist Site 916/863.1040 Jormungand + Inn Of The Last Home Dist Site 705/XXX.XXXX Caramon Majere + Pirate Mind Station Dist Site 314/567.3833 Felonius Monk + Rest In Peace Dist Site 513/XXX.XXXX Nuclear War + Rising Sun Dist Site 813/XXX.XXXX Orion + Second Sight Dist Site 416/XXX.XXXX Phalon + The Prison Dist Site 615/XXX.XXXX The Warden + Wintermute Dist Site 514/XXX.XXXX Case +Ľ + +ķ + + Fairlight is looking for DISTRIBUTION SITES... Apply NOW at the VMB!!! + If you're not satisfied with your current group, then let us know!!! + Fairlight P.O. BOX 43 Flat Rock, MI 48134 -=FLT=- Rockin '92 + The Fairlight VMB 1(800) 888-4117 Box 6958# + +Ľ + *** IF YOU LIKE THIS GAME, BUY IT! SOFTWARE AUTHORS DESERVE SUPPORT *** + \ No newline at end of file diff --git a/textfiles.com/piracy/FAIRLIGHT/flt1093.nfo b/textfiles.com/piracy/FAIRLIGHT/flt1093.nfo new file mode 100644 index 00000000..46964238 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/flt1093.nfo @@ -0,0 +1,122 @@ + + + + + + + + + + + + + + + + + + + ANSiJED + + + + +ķ + Positronic Bridge +Ķ + Supplied By: TRC/Wolfric Written By: Positronic Software + Cracked By: Gron Graphics: SVGA + Packaged By: CyberChrist Sound: None + Release Date: 10/13/93 Rating: 6/10 +Ķ + Well, this is a nice-looking bridge game if you are into card games. Just + unzip into a directory and install. The game doesn't have much in the way + of sound, but the graphics are nice. Look out for more games from us in + the next few days! -CC +Ķ + Greets: Warchild, Der Schatten, Spaceman Spiff, Heretic, Black Mischief + Shardik, Disk Killer, Rifleman, Avalon. +Ľ + + + Ŀ + Ĵ -=FLT=- President + + + Heretic + + Ŀ + Ĵ -=FLT=- Vice-President + + + CyberChrist + + Ŀ + Ĵ -=FLT=- Senior Staff + + + The Renegade Chemist, Shardik, Warchild, Raider, Der Schatten, + Disk Killer, Fourth Reich, Forced Entry + + + Ŀ + Ĵ -=FLT=- Euro Division + + + Strider, Black Shadow + + Ŀ + Ĵ -=FLT=- Members + + + Wizard, Escape Key, WarMaster, Dream Wraith, Vengeance + Avalon, Rupert, Lightning Hopkins, Cetis, Catalyst + PerSuader, Endeveron, General Zennor, Gron + Mad Doctor, Bash, Rip Torn, Merlin + + Ŀ + Ĵ -=FLT=- Courier Coordinators + + + Black Mischief + + Ŀ + Ĵ -=FLT=- Couriers + + + Nueromage, BloodWych, Sensei, Grandmaster Flash, Black Stealth + Vanilla Ice, 96 Faces, Blitzkreig, Holo Dream, Duke + Sassy, Ralph, Zork, Donatello, The Dutchmen + +ķ + - Fairlight Boards - +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + T.N.T World HQ 503/PRI.VATE Disk Killer + M.L.o.R. Courier HQ 804/PRI.VATE Escape Key + Unlimited Power Can HQ 905/PRI.VATE Raider + Data Security Consultants U.S.H.Q. 217/PRI.VATE TRC + Vangaardium Aust HQ +61 /PRI.VATE Ice Pick +Ķ + Legion of Doom Dist Site 203/XXX.XXXX The Phantom + The Tower of Knowledge Dist Site 404/XXX.XXXX The Sage + Rebel Alliance Dist Site 914/XXX.XXXX Red Raider + The Prison Dist Site 615/XXX.XXXX The Warden + Orange Road Dist Site 604/XXX.XXXX Skeleton Scty + Mechanical Resistance Dist Site 708/XXX.XXXX Mr. Goodwrench + Alien Nation Dist Site 813/XXX.XXXX Evil Enforcer + Hemispheres Dist Site 404/XXX.XXXX Radar + The Arcade Dist Site 914/XXX.XXXX Robocop + Annihilation Nation Dist Site 403/XXX.XXXX Liquid Flesh + Metal Works Dist Site 318/XXX.XXXX Heavy Metal +Ľ + +ķ + + Fairlight is looking for DISTRIBUTION SITES... Apply NOW! + If you're not satisfied with your current group, then let us know! + Fairlight P.O. Box 68059 Blakely PO, Hamilton, ONT, L8M 3M7 + +Ľ + *** IF YOU LIKE THIS GAME, BUY IT! SOFTWARE AUTHORS DESERVE SUPPORT *** diff --git a/textfiles.com/piracy/FAIRLIGHT/flt1291.nfo b/textfiles.com/piracy/FAIRLIGHT/flt1291.nfo new file mode 100644 index 00000000..db8679ba --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/flt1291.nfo @@ -0,0 +1,176 @@ + Ŀ + USA/FLT United Software Association USA/FLT + Fairlight PC Division + + Proudly Presents + + SupaPlex + + From + + USA/FLT Digital Integration, LTD. USA/FLT + +Ŀ + + Supplied: The Dreamer + Cracked: The Dreamer + + Game Notes: This game is a trip, you'll really dig it. Don't be fooled + by the size of this file, this game has some awesome VGA + graphics, soundblaster and roland support and some intense + action! The game is like a fast-paced, balls-out version + of pac-man in 3-D. Well it's sorta like that, but there's + much, much more to it. A few weird things about the game: + It didn't work for me unless I had my mouse driver loaded, + and with the mouse I could only control the pointer on the + set up screen, not the game itself. While playing the game + you need to use either the joystick or the keyboard. Also, + before playing make sure you select the controls option + from the main screen to set up your sound board and controls. + This is an import, so don't expect any original dox. Just + play the game awhile and you will get the hang of it... It's + a pretty addictive and enjoyable game anyway. + + +Ŀ + + What's Up With USA/FLT? + ~~~~~~~~~~~~~~~~~~~~~~~ + Still need more couriers... Fill out an app and get it to us. + + +Ŀ + + Greets: INC, TC, CH + + + + - USA/FLT Senior Staff - + + Genesis, Silencer, The NotSoHumble Babe + + + - USA/FLT Members - + + Black Jack, Buckaroo Banzai, Fire, General Zennor, HAL9000, Harry Lime, + Lord Blix, Lord Sterling, Marko Ramius, Minor Threat, R. Bubba + Magillicutty, Repo Man, Static, The Guch and The Necromancer + + + - FairLight PC Members - + + Strider + + + - The USA-DoX Team - + + Caramon, FAThead, Genesis, Kublai Khan, Repo Man + + + - USA/FLT Couriers - + + -Senior- + + Heavy Metal and Tomkat + + -Normal- + + Alexis Machine, Dr. Crippen, Morpheus and Scorch + + -Trial- + + Egocentrix and Electric Element + +Ŀ + - USA/FLT Boards - +Ĵ + BOARD NAME POSITION NUMBER SYSOP +Ĵ + BBS-A-Holic Western Home 213/PRI.VATE Genesis + Enterprize Elite Eastern Home 313/PRI.VATE Static / The NSH Babe +Ĵ + The Mudd Club Member Board 713/347.1416 Lord Blix + The Inferno Member Board 416/493.9927 Harry Lime + The Rush Board Member Board 313/348.6057 The Necromancer + House Of Lords Member Board 714/681.9219 Lord Sterling + Radioactive Decay Member Board 213/923.4447 Repo Man + Infinity Member Board 914/229.8483 Fire + High Intensity Member Board 512/385.4912 Marko Ramius +Ĵ + World of Mirage Dist Site 718/898.8421 The Widowmaker + The Richter Scale Dist Site 516/754.6402 Earthquake + Elysium BBS Dist Site 508/468.7636 Squire + Khaotic Attractor Dist Site 508/970.5306 Mr Wyzard + The Powerdome Dist Site 901/872.3715 Electron + Modular Madness Dist Site 512/219.8045 Fatal Error + The Paki's Smell Dist Site 604/261.8182 Skeleton Secretary + Cloak & Dagger Dist Site 516/791.2156 Surak + The 4th Dimension Dist Site 813/948.1635 Time Traveler + The Krack House Dist Site 614/882.5546 Rainman + + +Ŀ + - USA/FLT Support Nodes - +Ĵ + + The World Of Krynn - Down River Elite - Amiga World - The End + + + + So you wanna be a USA Dist Site or Member huh? + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + If you are interested in becoming a USA/FLT Dist Site or Member, please + contact Genesis at BBS-A-Holic or TNSH Babe at Enterprise Elite. Tell + us what you have to offer to USA/FLT and you will be considered. All + of our members and dist sites are completely functional. This means + they all help the group in some way. If you can't or don't want to do + anything to help out, and just want to sit there and run a dist site, + then forget it. But if think you have something to offer and you want + to help the newest up and coming group reach the top, give us a call. + USA/FLT Support Nodes are also available, inquire any Senior Staff + Member for details, or call the VMB and leave your info. + + + So you wanna be a USA Courier huh? + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Fill out a USA/FLT courier application and send it up to + BBS-A-Holic, private for Genesis. + +Ŀ + + You may contact us by mail at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + USA/Fairlight + 35526 Grand River, Suite 121 + Farmington Hills, MI 48335 + + OR + + Fairlight + P.O. Box 6 + 23600 Hollviken + Sweden + +Ĵ + + You may contact us by phone at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + The USA/Fairlight VMB + + 716-987-1151 + +Ĵ + + *** S P E C I A L O F F E R *** + + VHS Movies Available - Write To Address Below For Info: + + Skid Row + Postrestante + 8450 Hammel + Denmark + + + diff --git a/textfiles.com/piracy/FAIRLIGHT/flt3.nfo b/textfiles.com/piracy/FAIRLIGHT/flt3.nfo new file mode 100644 index 00000000..6afd4522 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/flt3.nfo @@ -0,0 +1,130 @@ + + + + + + + + + + + + + + + + + ANSiJED + + + + + +ķ + PRESENTS: Cyber Empires +Ķ + Supplied By: Ford Perfect Written By: SSI + Cracked By: HAL9000 Graphics: 256 VGA + Packaged By: Crusher Sound: ALL + Release Date: 09/14/92 Rating: 9/10 +Ķ + + Game Notes: This is the latest from SSI. Cyber Empires is a strategic + game of world conquest full of explosive action. It + features cybernetic arcade action in a global style. Hope + you all enjoy this one... + + Thanks again go out to KingPin for the Killer FLT V-X Menus. + + + Group Notes: FAIRLIGHT, here to stay and DOMINATE!!! + + Special Greets: HAL9000 - Thanks for removing the doc check for us! + +Ķ + Greets: Ford Perfect, Orion, Shadow Angel, VenoM, The Hawk, FLT Couriers +Ľ + + + + Ŀ + Ĵ -=FLT=- Senior Staff + + + MOURNBLD, Strider + + Ŀ + Ĵ -=FLT=- Members + + + Blade Runner, Con Artist, Crusher, FlashBack, Ford Perfect + The Gh0dess, The Hawk, Heretic, Lord Blix, The Madman + Night Ranger, Skeleton Secretary, The Terminator + VenoM, Wolverine + + Ŀ + Ĵ -=FLT=- Senior Couriers + + + Orion, RoboCop, Shadow Angel, Warlock Bones + + Ŀ + Ĵ -=FLT=- Couriers + + + ArchAngel, Battle Axe, Berserker, Coyotes Member, Cross + Destroyer, Dirty Frank, Dr. Bombay, Eliott Nes, Felonius Monk + Hellion, Kinetic Energy, Lethal Injection, Mind Bomb + Sherlock Ohms, Skatemaster + + Ŀ + Ĵ -=FLT=- Docs, Cheats & VGA + + + Dr. Crippen, Hare Krishna, Revelation, Tank + +ķ + -=FLT=- Boards +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + The BANE Of The BLACK SWORD World HQ XXX/PRI.VATE MOURNBLD + Golden Spires Canadian HQ 416/PRI.VATE Master-Tech + My Boomin' System (4 Nodes) Can. Courier HQ 514/PRI.VATE Blade Runner + HMS Bounty (4 Nodes) U.S. Courier HQ 714/PRI.VATE Fletcher +Ķ + Body Count Member Board 516/DIE.FEDS VenoM + Eyes Of The Dragon Member Board 207/YOU.WISH Crusher + Marvel Universe Member Board 215/YOU.WISH Wolverine + Neo-Tokyo Member Board 604/YOU.WISH Skeleton Sec. + The Nectar Base Member Board 602/YOU.WISH The Gh0dess + The Outer Limits (2 Nodes) Member Board 313/YOU.WISH FlashBack +Ķ + Battle Field Dist Site 706/XXX.XXXX Buck Blazer + Beyond The Realm Of Reality Dist Site 310/869.9484 Legend Master + The Burroughs Dist Site 310/XXX.XXXX Weasel + Carbon Nation Dist Site 708/965.8965 Pepsi Man + Cygnus-X Dist Site 305/XXX.XXXX Spike + CyberWars Dist Site 908/654.1290 Fearless Leade + Eldar's Craftworld Dist Site 418/XXX.XXXX Slum Dweller + Enigma Dist Site 201/XXX.XXXX Holy Avenger + Hydrogen Palace Dist Site 613/XXX.XXXX LoRD NuKE + Infinite Ragnarok Dist Site 916/XXX.XXXX Jormungand + Inn Of The Last Home Dist Site 705/XXX.XXXX Caramon Majere + Pirate Mind Station Dist Site 314/567.3833 Felonius Monk + Rest In Peace Dist Site 513/XXX.XXXX Nuclear War + Second Site Dist Site 416/XXX.XXXX Phalon + The Prison Dist Site 615/XXX.XXXX The Warden + The World Of Krynn Dist Site 313/XXX.XXXX Caramon + Wintermute Dist Site 514/XXX.XXXX Case +Ľ + +ķ + + Fairlight is looking for DISTRIBUTION SITES... Apply NOW at the VMB!!! + If you're not satisfied with your current group, then let us know!!! + Fairlight P.O. BOX 43 Flat Rock, MI 48134 -=FLT=- Rockin '92 + The Fairlight VMB 1(800) 356-1547 Box 4221# + +Ľ + *** IF YOU LIKE THIS GAME, BUY IT! SOFTWARE AUTHORS DESERVE SUPPORT *** diff --git a/textfiles.com/piracy/FAIRLIGHT/flt4.nfo b/textfiles.com/piracy/FAIRLIGHT/flt4.nfo new file mode 100644 index 00000000..d671f3e9 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/flt4.nfo @@ -0,0 +1,188 @@ + + + . + + + + ߲۲ ۲ ۲ ۲ ۲ ۲ ۲ ۲۲۲ + ܲ ߲ + ߱ ߱ ߱ + + + When Dreams Come True + + + + + + + + + + + + -PROUDLY PRESENTS- +ķ + L.A. Law +Ķ + Supplied by: THE HAWK Written by: Capstone + Cracked by: N/A Protection: Shrink Wrap + Packaged by: THE HAWK Graphics/Sound: VGA/SB & ADLIB + Release Date: 12/03/92 Game Type: Adventure Type + Rating: 8/10 # of Disks: 3(720k) +Ķ + Game Notes: Well the game pretty cool, you basically go around tring to + solve your court cases and prove that your client is incoennt + The game has some pretty cool digitized pictures. + Look for more FAiRLiGHT Releases today!!! + + + Group Notes: To those you thought/wished we were dead??? DREAM ON! + + + Personal Greets: Perptual Demise, Orion, Sicko, R/\D/\R, and Silencer +Ķ + Greets go out to: Pyradical, TRSi, Crystal, and MiNiSTRY. +Ľ + + ķ + Ķ -FLT- Main Organizers + Ľ + + FLT Euro Division - STRIDER + FLT USA Division - Ford Perfect + + ķ + Ķ -FLT- Senior Staff + Ľ + + Blade Runner, Con Artist, Silent Stalker + THE HAWK, VenoM + + ķ + Ķ -FLT- Members + Ľ + + ACE, Berserker, Beach Bum, Califboy, Flashback, FILA + Iceberg, ICE-T, Jack, Kingpin, MICHELANGELO, New Kid + Night Ranger, Orion, RADAR, Rifleman, Shadow Angel + SkaTeMasTer, Sparky, The Terminator + Tom Brokaw, Ufonaut, Union Jack + + ķ + Ķ -FLT- Senior Couriers + Ľ + + Dirty Frank, Doctor Bombay, Dorian Hawkmoon + Fourth Reich, Gank Master, Mind Bomb + Overlord, Pagan + + ķ + Ķ -FLT- Couriers + Ľ + + Always Dangerous, Arch Angel, Armoured Saint, Avalanche + Darkstar, Doom, Enforcer, Fear, Flyboy, Fresh Kid Ice, Fugazi + Fugazi, Genicide, Genocide, Ghost Pilot, Godfather, Havok, Insector X + James Bomb, JC Poon, Jester, King Meat, Lips, Malachai, Master of Diaster + Nightblade, Oolan, Plague, Raging Bull, Raven, Rick Hunter, Rougue + Sai Kotic, Shadowlord, Stalker, Steel Thunder, The Destroyer, The Judge + The Outcast, Touchtone, Traumatic Breakdown, Unsettled Soul, Viper + X-Man, Zakafein + + ķ + Ķ -FLT- Cheats/Trainers + Ľ + + The Phoney Coders + Hare Krishna, Patch + Rescue Raider, The Phrophet, The Weasel + + + ķ + Ķ -FLT- DOXS + Ľ + + Crystal Warrior & Kublai Khan + Fourth Reich, Hellspawn, Hell Bound + HELLION + +ķ + -=FLT=- Boards +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + Body Count World HQ 516/DIE.MIKE VenoM + Digital Wasteland U.K. HQ +44-81BACKUP! Night Ranger + Unlimited Access (3 Nodes) German HQ +49-30BACKUP! Sparky + My Boomin' System (4 Nodes) Canadian HQ 514/PRI.VATE Blade Runner + HMS Bounty (4 Nodes) US West Cour HQ 714/PRI.VATE Fletcher + Sin City (6 Nodes) US East Cour HQ 813/PRI.VATE Hellion +Ķ + Crime Ring Member Board 714/YOU.WISH Kingpin + Golden Spires Member Board 416/YOU.WISH Master-Tech + Harmony Skates (2 Nodes) Member Board 718/ViS.iONX SkateMaster + Lithium Member Board 813/YOU.WISH Shadow Angel + Manhattan Project (2 Nodes) Member Board 503/YOU.WISH Rifleman + Narcotik Illusion Member Board 703/YOU.WISH Con Artist + Pirate Mind Station Member Board 314/YOU.WISH Felonius Monk + Rising Sun Member Board 813/YOU.WISH Orion + The Outer Limits (2 Nodes) Member Board 313/YOU.WISH FlashBack + The Hood (2 Nodes) Member Board 416/YOU.WISH Berserker + UnderWorld Member Board 916/YOU.WISH Califboy +Ķ + After Midnight Dist Site 310/XXX.XXXX The Painter + Bubba Land Dist Site 407/XXX.XXXX Bubba + Covert Action ][ Dist Site 818/XXX.XXXX Contra + CyberWars Dist Site 908/XXX.XXXX Fearless Leadr + Eldar's Craftworld Dist Site 418/XXX.XXXX Slum Dweller + Enigma Dist Site 201/XXX.XXXX Holy Avenger + Fourth Reich Dist Site 916/XXX.XXXX Prince of Sin + Gator Crator Dist Site 318/XXX.XXXX Gatorman + Infinite Ragnarok Dist Site 916/XXX.XXXX Jormungand + Private Collection Dist Site 305/XXX.XXXX Wild Child + Park Centeral Dist Site 708/XXX.XXXX Silver V + Second Sight Dist Site 416/XXX.XXXX Phalon + The City Dist Site 813/XXX.XXXX The Bainster + The Game Grid Dist Site 513/XXX.XXXX Tron + The Prison Dist Site 615/XXX.XXXX The Warden + The Sewer Dist Site +47/67.33292 Phoenix + The Wooden Boxcar Dist Site 606/XXX.XXXX Packrat + Tower of Knowledge Dist Site 404/XXX.XXXX The Sage + Twilight Zone Dist Site 504/XXX.XXXX Jack Flash + Wintermute Dist Site 514/XXX.XXXX Case +Ľ + + + + + + + + + + + + +ķ + FAIRLIGHT is currently accepting Dist. Sites call Lithium logon on as + FAIRLIGHT APPLY password FAIRLIGHT. Leave your board #, voice #, and + best time to get in touch with you. + get in touch with you. + + FAIRLIGHT is looking for good couriers, if you are interested then logon + Lithium with the account mentioned above. And leave your alias, name, + voice # and time to call. + + FAIRLIGHT is also looking for people that can Scan Docs, Code Loaders, + Make MODS, Crack, and Supply. If you are one of these people then call + Lithium with the FAIRLIGHT APPLY account and leave what you can do and + how to get ahold of you. + + Lithium - 813-799-4417 + + FAIRLIGHT 'When Dreams Come True' +Ľ + *** IF YOU LIKE THIS GAME, BUY IT! SOFTWARE AUTHORS DESERVE SUPPORT *** + + diff --git a/textfiles.com/piracy/FAIRLIGHT/flt5.nfo b/textfiles.com/piracy/FAIRLIGHT/flt5.nfo new file mode 100644 index 00000000..bbe1e840 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/flt5.nfo @@ -0,0 +1,109 @@ + + + + + + + + + + + + + + + + + ANSiJED + + + + + +ķ + PRESENTS: Barbie +Ķ + Supplied By: Mournblade,Flashback Written By: HI-TECH Expressions + Cracked By: N/A Graphics: EGA/CGA/TGA/MCGA + Packaged By: VenoM Sound: PC Speaker + Release Date: 07/10/92 Rating: 5/10 +Ķ + + Game Notes: Although this is not for everybody, I am sure that this will + make someone's child very happy, and they count too. As a + matter of policy, Fairlight will support Children's Programs + as well as the regular games. + + To play the game run START.BAT. If you own a Tandy computer, + type GAME.EXE TANDY, from the DOS prompt. To Jump press + 'Ctrl' or 'Shift'. To select charms press the Space Bar, + and to use them hit the Space Bar. + + + +Ķ + Greets: Heretic, Crash Impact, and -=TDT=- +Ľ + + + + Ŀ + Ĵ -=FLT=- Senior Staff + + + Heretic, Kintaro, Mournblade, Strider + + Ŀ + Ĵ -=FLT=- Members + + + Grimstalk (Courier Co-Ordinator), R. Bubba Magillicutty, + Lord Blix, Hagbard Celine, VenoM, FlashBack, + Ryec, Wolverine, & Doc Holiday + + Ŀ + Ĵ -=FLT=- Couriers + + + Catalyst, Coyotes Member, Gank Master, Jam Jobe, Lord Nelson + Mind Bomb, Felonius Monk, Lord Toxin & The Sleepwalker + + Ŀ + Ĵ -=FLT=- Docs & Cheats + + + EarthQuake, Tank + + +ķ + -=FLT=- Boards +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + Whirlwind World HQ 416/XXX.XXXX Heretic + Lysergic Delusions U.S. HQ West 510/XXX.XXXX Kintaro + The Bane of the Black Sword Coming Soon XXX/XXX.XXXX Mournblade + Apocalypse (3 Nodes) U.S. HQ East 703/XXX.XXXX P.O.W. +Ķ + Body Count Member Board 516/XXX.XXXX VenoM + Marvel Universe Member Board 215/XXX.XXXX Wolverine + The Outer Limits Member Board 313/XXX.XXXX FlashBack +Ķ + D'M0B Dist Site 604/XXX.XXXX Chaos Master + Neo-Tokyo Dist Site 604/XXX.XXXX Skeleton Sec. + Pirate Mind Station Dist Site 314/XXX.XXXX Felonius Monk + Purple Haze Dist Site 313/XXX.XXXX Speedball + Psychonuerosis Dist Site 301/XXX.XXXX Gank Master + The Prison Dist Site 615/XXX.XXXX The Warden + The Richter Scale Dist Site 516/XXX.XXXX EarthQuake + The World of Krynn Dist Site 313/XXX.XXXX Caramon + Wintermute Dist Site 514/XXX.XXXX Case +Ľ + +ķ + + We are currently looking for a few good Couriers. Send all applications + to Grimstalk at Whirlwind, or look for our 1-800 VMB coming soon. + +Ľ + diff --git a/textfiles.com/piracy/FAIRLIGHT/fltpc.nfo b/textfiles.com/piracy/FAIRLIGHT/fltpc.nfo new file mode 100644 index 00000000..3c9815ba --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/fltpc.nfo @@ -0,0 +1,181 @@ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + USA/FLT United Software Association USA/FLT + Fairlight PC Division + + Proudly Presents + + Castle of Dr. Brain Codes + + From + + Sierra On-Line + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Code Notes: Well Sierra does it again... Once agian they managed to + integrate some type of sneaky copy protection into the game. + The copy protection is integrated as part of one of the + puzzles. The first time it comes up is when you are + inside the Castle and try to get through one of the doors. + You get keywords from solving the puzzles, then when you + try to get through the main door, you have to decode the + keywords into a code with funky symbols and input the + code to pass the door. The enclosed GIF is a scan of + the decoder part of the manual. Print it out and use + it to decode the keywords you are given. This shit + might pop up in other parts of the game too, we don't + know yet, but this GIF will get you past it wherever + it shows up. + + Before any of you go off half-cocked and bitch about us + not cracking this, keep in mind that to crack this game + would mean to solve the puzzle. That would make the + game just a bit pointless, since it is a puzzle game. + + We still need Christmas Couriers! Only a few courier positions + left! We are in need of couriers available in the DAYTIME. If + you are available during weekdays and interested in couriering + for USA/FLT, please fill out the enclosed USACOUR.APP and send + it on up to BBS-A-Holic. + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + Greets: INC, Razor, TDT/SR, TRSI + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + - USA Members - + + The NotSoHumble Babe, Silencer, Genesis, Lord Blix, Harry Lime, Static, + The Necromancer, R. Bubba Magillicutty, Mad Gib, The Guch, + Lord Sterling and Repo Man + + + - FairLight PC Members - + + Strider + + + - The USA-DoX Team - + + Genesis, Repo Man, FAThead, Kublai Khan + + + - USA/FLT Couriers - + + Morpheus, Crime Slave, Dr. Crippen, Heavy Metal, Prizm, Live Wire, + Scorch, Ice Cube, TomKat + + + - USA/FLT Boards - + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + BOARD NAME POSITION NUMBER SYSOP +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + BBS-A-Holic Western Home 213-PRI-VATE Genesis + Enterprize Elite Eastern Home 313-PRI-VATE Static / The NSH Babe + The Mudd Club Member Board 713-347-1416 Lord Blix + The Inferno Member Board 416-493-9927 Harry Lime + The Rush Board Member Board 313-348-6057 The Necromancer + House Of Lords Member Board 714-681-9219 Lord Sterling + Radioactive Decay Member Board 213-923-4447 Repo Man + tHe CrAcK iN tImE Dist Site 2o1-573-o449 The Punisher + Support HQ Dist Site 415-692-6037 X-Terminator + The Red Sector Dist Site 713-952-7682 The Guardian + World of Mirage Dist Site 718-898-8421 The Widowmaker + The Richter Scale Dist Site 516-754-6402 Earthquake + Elysium BBS Dist Site 508-468-7636 Squire + Khaotic Attractor Dist Site 508-970-5306 Mr Wyzard + The Powerdome Dist Site 901-872-3715 Electron + Digital Reich Dist Site 716-621-7240 Live Wire +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + -*****************************************- + = SPECIAL ANNOUNCEMENT FROM LORD STERLING = + -*****************************************- + + As you may have noticed, my name has been showing up in both THG's + and USA's .NFO files. Effectively, this obviously concocted much + confusion. Personally, I don't know what's going on. My guess, + it's a canny way of THG's endeavor to ask me back, I wish I knew! + + Since THG's Member eradication, which included me, I have NOT + been in contact with ANY of the THG Members neither directly nor + indirectly. When USA formed, I was right there with them. Almost + immediately after THG learned I was in this new Ex-THG Member's + Group, I was conveniently put right back into the THG .NFO file as + a Member; like nothing happened, right? My name has been popping + in and out of the THG .NFO since the beginning of USA's + establishment. It's thoroughly confused me as well as all of you + that have been paying attention. I'll continue to support ONLY + one group ... USA/FLT! + + Regards, + + Lord Sterling + + To the Head Honcho at THG: + + Please save us all the confusion. From now on, omit me from your + .NFO files. Much Appreciated! + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + + So you wanna be a USA Dist Site or Member huh? + + If you are interested in becoming a USA/FLT Dist Site or Member, please + contact Genesis at BBS-A-Holic or TNSH Babe at Enterprise Elite. Tell + us what you have to offer to USA/FLT and you will be considered. All + of our members and dist sites are completely functional. If you can't + or don't want to do anything to help out, and just want to sit there + and run a dist site, then forget it. But if think you have something to + offer and you want to help the newest up and coming group reach the top, + give us a call. + + + So you wanna be a USA Courier huh? + + Fill out a USA/FLT courier application and send it up to + BBS-A-Holic, private for Genesis. + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + You may contact us by mail at: + + USA/Fairlight + 35526 Grand River, Suite 121 + Farmington Hills, MI 48335 + + -OR- + + Fairlight + P.O. Box 6 + 23600 Hollviken + Sweden + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + You may contact us by phone at: + + The USA/Fairlight VMB + + 716-987-1151 + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + *** S P E C I A L O F F E R *** + + VHS Movies Available - Write To Address Below For Info: + + Skid Row + Postrestante + 8450 Hammel + Denmark + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + "All's Fair In Love And Warez" + (Except Stealing Other Groups Releases) + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- diff --git a/textfiles.com/piracy/FAIRLIGHT/global.nfo b/textfiles.com/piracy/FAIRLIGHT/global.nfo new file mode 100644 index 00000000..4c5881b6 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/global.nfo @@ -0,0 +1,111 @@ + + + + + + + + + + + P R O U D L Y P R E S E N T S + + Global Effect + + Ŀ + Program By: Millennium Graphic Support: VGA + Ĵ + Cracked By: The Terminator Sound Supported: Adlib/SB/Roland + Ĵ + Date of Release: June 1st, 1992 Controls: Mouse + Ĵ + + Protection: Waste of time. Less than 2 Minutes, Blades went over the + ~~~~~~~~~~ protection without debugging the game. L8r! + + Installation: UnZIP using the '-d' option. If you want to change your + ~~~~~~~~~~~~~ configuration, run INSTALL.EXE... + + Greets: Congrats to RAZOR for not double-releasing Aces of the Pacific. + ~~~~~~~ Oh, yeah, and we had a bet on who would release 'The Four + Crystals of Trazere' first. Too bad TDT beat you on that + game a few months ago (Legends). You guys should really check + what you release before you put it out...Same exact game but + different name...Awesome, man :-() + + + + + Fairlight PC Division Staff + ~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Senior Staff: STRIDER, HERETIC, TRICK LORD, BLADE RUNNER + + Courier Coordinator: PSYLOCKE + + Members: THE TERMINATOR, GRIMSTALK, DOCTOR CRIPPEN + PROFESSOR SINISTER, WOLVERINE, ALEXIS MACHINE + HAGBARD CELINE, UNION JACK + + Senior Couriers: HEAVY METAL, COYOTES MEMBER + MR. MIXTY, SILENT ASSASSIN + + Couriers: THE SLEEPWALKER, KARRION + CATALYST, LORD NELSON + + Loaders and Cheats: THE NECROMANCER, BLACKJACK, TANK + + + FAIRLIGHT PC DISTRIBUTION ۲ + Ŀ + Board Name Phone Number SysOp INFO/NUP + Ĵ + The Bastille 217/YOU.WISH Trick Lord World HQ + Whirlwind 416/YOU.WISH Heretic Canada HQ + My BoOMin' System 514/YOU.WISH Blade Runner Courier HQ + Ĵ + Neo Tokyo 604/PRI.VATE Skeleton Secretary Distribution + Pirate Mind Station 314/PRI.VATE Felonius Monk Distribution + d'M0b 604/PRI.VATE Chaos Master Distribution + Richter Scale 516/PRI.VATE Earthquake Distribution + Marvel Universe 215/PRI.VATE Wolverine Distribution + The World of Krynn 313/PRI.VATE Caramon Distribution + Purple Haze 313/PRI.VATE Speedball Distribution + The Outer Limits 313/PRI.VATE Flashback Distribution + The Prison 615/PRI.VATE The Warden Distribution + + + Ŀ + We are currently looking for sites to carry the new Ethereal-Net. Fill + out the included application called ETHEREAL.APP and send it up to your + favorite FairLighT board. Thank you! + + + ************************************************************* + Fairlight is looking for distribution sites around the + world. If you think you have what it takes contact us at the + places designated below. Serious enquiries only please! + ************************************************************* + + -->>> NEED A LIFE? WELL.... <<<-- + Call our WORLD HEADQUARTERS listed above. + Now accepting new users...maybe. + + Ŀ + + You may contact us by mail at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + -->>FAIRLIGHT PC<<-- -->FLT AMIGA/PC<-- -->>FLT AMIGA<<-- + =================================================================== + FAIRLIGHT PC AMERICA FAIRLIGHT WORLD HQ FAIRLIGHT AMERICA + PO BOX 6864 PO BOX 6 PO BOX 268 + CHAMPAIGN, IL 61826-6864 23600 HOLLVIKEN AMISSVILLE, VA 22002 + U.S.A. SWEDEN U.S.A. + + You may contact us by phone at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + 716-987-1151 + + diff --git a/textfiles.com/piracy/FAIRLIGHT/gnb.nfo b/textfiles.com/piracy/FAIRLIGHT/gnb.nfo new file mode 100644 index 00000000..f0253999 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/gnb.nfo @@ -0,0 +1,132 @@ + + + + + + + + + + + + + + + + + ANSiJED + + + + + +ķ + PRESENTS: Great Naval Battles +Ķ + Supplied By: Ford Perfect Written By: SSI + Cracked By: The Terminator Graphics: 256 VGA + Packaged By: Night Ranger Sound: ALL + Release Date: 09/26/92 Rating: 9/10 +Ķ + + Game Notes: Here's another great release from SSI and Fairlight. + Spactacular graphics and great sound give this one a + rating of 9. Hope ya like this one.. + + + + + Group Notes: FAIRLIGHT, taking over the world with quality releases! + + + +Ķ + Greets: Ford Perfect, Night Ranger UK, The Hawk, Doctor Bombay, Mournblade +Ľ + + + + Ŀ + Ĵ -=FLT=- Senior Staff + + + MOURNBLD, Strider + + Ŀ + Ĵ -=FLT=- Members + + + Blade Runner, Con Artist, Crusher, FlashBack, Ford Perfect + The Gh0dess, Hannibal Lektor, The Hawk, Lord Blix, Night Ranger, + Night Ranger UK, The Madman, Skeleton Secretary, + The Terminator, VenoM, Wolverine + + Ŀ + Ĵ -=FLT=- Senior Couriers + + + Berserker, Orion, Shadow Angel, SkaTeMasTer + + Ŀ + Ĵ -=FLT=- Couriers + + + Arch Angel, Battle Axe, Coyotes Member, Cross, Destroyer + Dirty Frank, Doctor Bombay, Elliot Nes, Feedback, + Felonius Monk, Hellion, Kinetic Energy, Lethal Injection, + Mind Bomb, RoboCop, Sherlock Ohms, Warlock Bones + + Ŀ + Ĵ -=FLT=- Docs, Cheats & VGA + + + Dr. Crippen, Eloi, Hare Krishna, Network, + Pepsi Man, Revelation, Tank, The Weasel + +ķ + -=FLT=- Boards +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + The BANE Of The BLACK SWORD World HQ XXX/PRI.VATE MOURNBLD + Golden Spires Canadian HQ 416/PRI.VATE Master-Tech + My Boomin' System (4 Nodes) Can. Courier HQ 514/PRI.VATE Blade Runner + HMS Bounty (4 Nodes) U.S. Courier HQ 714/PRI.VATE Fletcher +Ķ + Body Count Member Board 516/DIE.FEDS VenoM + Eyes Of The Dragon Member Board 207/YOU.WISH Crusher + Marvel Universe Member Board 215/YOU.WISH Wolverine + Neo-Tokyo Member Board 604/YOU.WISH Skeleton Sec. + Nuclear Wastelandz Member Board 011/YOU.WISH Night Rang UK + The Nectar Base Member Board 602/YOU.WISH The Gh0dess + The Outer Limits (2 Nodes) Member Board 313/YOU.WISH FlashBack +Ķ + Battle Field Dist Site 706/XXX.XXXX Buck Blazer + Beyond The Realm Of Reality Dist Site 310/869.9484 Legend Master + Bubba Land Dist Site 407/XXX.XXXX Bubba + The Burroughs Dist Site 310/XXX.XXXX Weasel + Carbon Nation Dist Site 708/965.8965 Pepsi Man + CyberWars Dist Site 908/654.1290 Fearless Leade + Eldar's Craftworld Dist Site 418/XXX.XXXX Slum Dweller + Enigma Dist Site 201/XXX.XXXX Holy Avenger + Hydrogen Palace Dist Site 613/XXX.XXXX LoRD NuKE + Medieval Crypt Dist Site 214/XXX.XXXX Medieval Magi + Infinite Ragnarok Dist Site 916/863.1040 Jormungand + Inn Of The Last Home Dist Site 705/XXX.XXXX Caramon Majere + Pirate Mind Station Dist Site 314/567.3833 Felonius Monk + Rest In Peace Dist Site 513/XXX.XXXX Nuclear War + Rising Sun Dist Site 813/XXX.XXXX Orion + Second Sight Dist Site 416/XXX.XXXX Phalon + The Prison Dist Site 615/XXX.XXXX The Warden + Wintermute Dist Site 514/XXX.XXXX Case +Ľ + +ķ + + Fairlight is looking for DISTRIBUTION SITES... Apply NOW at the VMB!!! + If you're not satisfied with your current group, then let us know!!! + Fairlight P.O. BOX 43 Flat Rock, MI 48134 -=FLT=- Rockin '92 + The Fairlight VMB 1(800) 356-1547 Box 4221# + +Ľ + *** IF YOU LIKE THIS GAME, BUY IT! SOFTWARE AUTHORS DESERVE SUPPORT *** diff --git a/textfiles.com/piracy/FAIRLIGHT/goblins.nfo b/textfiles.com/piracy/FAIRLIGHT/goblins.nfo new file mode 100644 index 00000000..34869c8e --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/goblins.nfo @@ -0,0 +1,167 @@ + Ŀ + USA/FLT United Software Association USA/FLT + Fairlight PC Division + + Proudly Presents + + Goblins + + From + + USA/FLT C.V.S. USA/FLT + +Ŀ + + Supplied: INC + Cracked: Hal 9000 + + Cracking Notes: This game was worse than Sierra protection! It had + password protection right at the beginning but it was + sure tough to crack. The usual: VGA, SB, Adlib. Enjoy! + + +Ŀ + + What's Up With USA/FLT? + ~~~~~~~~~~~~~~~~~~~~~~~ + Still need more couriers... Fill out an app and get it to us. + + +Ŀ + + Greets INC - Well, what can we say to you, Merry Christmas guys, and + that also goes for TDT, TRSI, and everyone else. + Genesis - There, is this better! Have a good time today! + + + + - USA/FLT Senior Staff - + + Genesis, Silencer, The NotSoHumble Babe + + + - USA/FLT Members - + + Black Jack, Buckaroo Banzai, Fire, HAL9000, Harry Lime, Lord Blix, Lord + Sterling, Marko Ramius, Minor Threat, R. Bubba Magillicutty, Repo Man, + Static, The Guch and The Necromancer + + + - FairLight PC Members - + + Strider + + + - The USA-DoX Team - + + Caramon, FAThead, Genesis, Kublai Khan, Repo Man + + + - USA/FLT Couriers - + + -Senior- + + Heavy Metal and Tomkat + + -Normal- + + Alexis Machine, Dr. Crippen, Morpheus and Scorch + + -Trial- + + Egocentrix and Electric Element + +Ŀ + - USA/FLT Boards - +Ĵ + BOARD NAME POSITION NUMBER SYSOP +Ĵ + BBS-A-Holic Western Home 213/PRI.VATE Genesis + Enterprize Elite Eastern Home 313/PRI.VATE Static / The NSH Babe +Ĵ + The Mudd Club Member Board 713/347.1416 Lord Blix + The Inferno Member Board 416/493.9927 Harry Lime + The Rush Board Member Board 313/348.6057 The Necromancer + House Of Lords Member Board 714/681.9219 Lord Sterling + Radioactive Decay Member Board 213/923.4447 Repo Man + Infinity Member Board 914/229.8483 Fire + High Intensity Member Board 512/385.4912 Marko Ramius +Ĵ + World of Mirage Dist Site 718/898.8421 The Widowmaker + The Richter Scale Dist Site 516/754.6402 Earthquake + Elysium BBS Dist Site 508/468.7636 Squire + Khaotic Attractor Dist Site 508/970.5306 Mr Wyzard + The Powerdome Dist Site 901/872.3715 Electron + Arachnophobia Dist Site +31/40817579 GML/TU + Modular Madness Dist Site 512/219.8045 Fatal Error + The Paki's Smell Dist Site 604/261.8182 Skeleton Secretary + Cloak & Dagger Dist Site 516/791.2156 Surak + The 4th Dimension Dist Site 813/948.1635 Time Traveler + The Krack House Dist Site 614/882.5546 Rain Man + + +Ŀ + - USA/FLT Support Nodes - +Ĵ + + The World Of Krynn - Down River Elite - Amiga World - The End + + + + So you wanna be a USA Dist Site or Member huh? + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + If you are interested in becoming a USA/FLT Dist Site or Member, please + contact Genesis at BBS-A-Holic or TNSH Babe at Enterprise Elite. Tell + us what you have to offer to USA/FLT and you will be considered. All + of our members and dist sites are completely functional. This means + they all help the group in some way. If you can't or don't want to do + anything to help out, and just want to sit there and run a dist site, + then forget it. But if think you have something to offer and you want + to help the newest up and coming group reach the top, give us a call. + USA/FLT Support Nodes are also available, inquire any Senior Staff + Member for details, or call the VMB and leave your info. + + + So you wanna be a USA Courier huh? + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Fill out a USA/FLT courier application and send it up to + BBS-A-Holic, private for Genesis. + +Ŀ + + You may contact us by mail at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + USA/Fairlight + 35526 Grand River, Suite 121 + Farmington Hills, MI 48335 + + OR + + Fairlight + P.O. Box 6 + 23600 Hollviken + Sweden + +Ĵ + + You may contact us by phone at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + The USA/Fairlight VMB + + 716-987-1151 + +Ĵ + + *** S P E C I A L O F F E R *** + + VHS Movies Available - Write To Address Below For Info: + + Skid Row + Postrestante + 8450 Hammel + Denmark + + + diff --git a/textfiles.com/piracy/FAIRLIGHT/hoy3vga.nfo b/textfiles.com/piracy/FAIRLIGHT/hoy3vga.nfo new file mode 100644 index 00000000..427c3878 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/hoy3vga.nfo @@ -0,0 +1,159 @@ + Ŀ + USA/FLT United Software Association USA/FLT + Fairlight PC Division + + Proudly Presents + + Hoyles Book Of Games ]I[ - VGA + + From + + USA/FLT Sierra On-Line USA/FLT + +Ŀ + + Game Notes: Well we haven't had much luck with spotting the protection in + Sierra games prior to release lately, but we did play this one + for about an hour and a half before releasing it, and we found + no protection whatsoever. So if you do by any chance find any + protection please let us know and we'll fix it, or have our + favorite freelance cracker, Mad Scientist do it for us. + + +Ŀ + + What's Up With USA/FLT? + ~~~~~~~~~~~~~~~~~~~~~~~ + We still need Christmas Couriers! Only a few courier positions + left! We are in need of couriers available in the DAYTIME. If + you are available during weekdays and interested in couriering + for USA/FLT, please fill out the enclosed USACOUR.APP and send + it on up to BBS-A-Holic. + + Call The VMB - 716/987.1151 + + +Ŀ + + Greets: INC, Razor, TDT/SR, TRSI + + Cool Hand - It was good talking to you. Thanks for calling. + + Mad Scientist - Dude, you are a great cracker, no one doubts that. + To my knowledge none of our members said you could + not crack Dr. Brain, as you allege. I'm sorry + there are all these bad feelings between you and + USA. I wish I knew what we ever did to you to + cause you to be so hateful towards us. There's + really no reason for it, dude... With your talent + you should have nothing to prove. + + + + - USA/FLT Senior Staff - + + Genesis, The NotSoHumble Babe, Silencer + + + - USA/FLT Members - + + The Guch, Harry Lime, Lord Sterling, The Necromancer, R. Bubba Magillicutty, + Repo Man and Static + + + - FairLight PC Members - + + Strider + + + - The USA-DoX Team - + + Genesis, Repo Man, FAThead, Kublai Khan + + + - USA/FLT Couriers - + + Dr. Crippen, Heavy Metal, Ice Cube, Live Wire, Scorch, and Tomkat + +Ŀ + - USA/FLT Boards - +Ĵ + BOARD NAME POSITION NUMBER SYSOP +Ĵ + BBS-A-Holic Western Home 213-PRI-VATE Genesis + Enterprize Elite Eastern Home 313-PRI-VATE Static / The NSH Babe +Ĵ + The Inferno Member Board 416-493-9927 Harry Lime + The Rush Board Member Board 313-348-6057 The Necromancer + House Of Lords Member Board 714-681-9219 Lord Sterling + Radioactive Decay Member Board 213-923-4447 Repo Man +Ĵ + The Red Sector Dist Site 713-952-7682 The Guardian + World of Mirage Dist Site 718-898-8421 The Widowmaker + The Richter Scale Dist Site 516-754-6402 Earthquake + Elysium BBS Dist Site 508-468-7636 Squire + Khaotic Attractor Dist Site 508-970-5306 Mr Wyzard + The Powerdome Dist Site 901-872-3715 Electron + Digital Reich Dist Site 716-621-7240 Live Wire + + +Ŀ + - USA/FLT Support Nodes - +Ĵ + + The World Of Krynn - Down River Elite + + + + So you wanna be a USA Dist Site or Member huh? + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + If you are interested in becoming a USA/FLT Dist Site or Member, please + contact Genesis at BBS-A-Holic or TNSH Babe at Enterprise Elite. Tell + us what you have to offer to USA/FLT and you will be considered. All + of our members and dist sites are completely functional. This means + they all help the group in some way. If you can't or don't want to do + anything to help out, and just want to sit there and run a dist site, + then forget it. But if think you have something to offer and you want + to help the newest up and coming group reach the top, give us a call. + USA/FLT Support Nodes are also available, inquire any Senior Staff + Member for details. + + + So you wanna be a USA Courier huh? + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Fill out a USA/FLT courier application and send it up to + BBS-A-Holic, private for Genesis. + + + You may contact us by mail at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + USA/Fairlight + 35526 Grand River, Suite 121 + Farmington Hills, MI 48335 + + OR + + Fairlight + P.O. Box 6 + 23600 Hollviken + Sweden + + + You may contact us by phone at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + The USA/Fairlight VMB + + 716-987-1151 + + + *** S P E C I A L O F F E R *** + + VHS Movies Available - Write To Address Below For Info: + + Skid Row + Postrestante + 8450 Hammel + Denmark + diff --git a/textfiles.com/piracy/FAIRLIGHT/hunt.nfo b/textfiles.com/piracy/FAIRLIGHT/hunt.nfo new file mode 100644 index 00000000..e2a7951f --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/hunt.nfo @@ -0,0 +1,103 @@ +FAIRLIGHT PRESENTS THEIR FIRST IBM +RELEASE. HOPEFULLY MANY MORE WILL +FOLLOW... + +Ŀ + 'HUNT FOR THE RED OCTOBER!' + + +SUPPLIED BY : STRIDER OF FAIRLIGHT +CRACKED BY : NOONE, NO PROTECTION +RELEASE DATE: FRIDAY, 8TH OF FEBRUARY 1991, 7.00 PM +GRAPHICS : CGA, EGA, TGA, VGA +SOUND : INTERNAL, ADLIB + +CALL OUR FAIRLIGHT BOARDS : + +FAIRLIGHT WORLD HQ (AMIGA/IBM) - IRON FORTRESS - 508-798-3363 +FAIRLIGHT EURO HQ (AMIGA/IBM) - THE DUNGEON - +46-40435924 + +WE ARE NOW STARTING OUT ON IBM... WE ARE LOOKING FOR SOME GOOD CODERS, +CRACKERS AND ORIGINAL SUPPLIERS... DO YOU WANT TO HELP THE LEGEND OF +THE C64, AND AMIGA TO BE REALLY GREAT ON IBM AS WELL? THEN CALL : + +STRIDER OF FAIRLIGHT AT : +46-40496094, OR LEAVE MAIL ON ANY OF OUR BOARDS! + +OR LEAVE US MAIL ON OUR VOICE MAIL SYSTEM ON : 1-800-866-7668 (408-371-8401) + VMB NO. '*487' + +FOR A FULL SIZE POSTER OF STRIDER SEND A HST MODEM TO THE NEAREST FAIRLIGHT +SLAVE... HAHAHA.... + +HERE'S SOME QUICK DOX FOR Y'ALL.... +----------------------------------- + +SILENTLY, BENEATH THE CHILLY ATLANTIC WATERS, RUSSIA'S TOP SECRET NUCLEAR +MISSILE SUBMARINE THE 'RED OCTOBER' IS HEADING WEST..... + +'RED OCTOBER' IS ARMED WITH 26 SS-N-20 SCUD.. UHM.. I MEAN, SEAHAWK MISSILES +CAPABLE OF DESTROYING 200 CITIES AND IS THE PRIDE OF THE SOVIET NAVY. AS THE +MOST SENIOR OF RUSSIAN SUBMARINE COMMANDERS YOU ARE ORDERED TO TEST THE +LATEST IN SOVIET NAVAL TECHNOLOGY - A SUBMARINE SO POWERFUL AND SO QUIET, +WITH ITS UNIQUE AND REVOLUTIONARY CATERPILLAR DRIVE SYSTEM, THAT IT IS +ALMOST IMPOSSIBLE TO DETECT. + +YOUR HAND PICKED OFFICERS ARE TOTALLY LOYAL AND WILL RISK THEIR LIVES FOR +YOU, BUT THE ENLISTED CREW KNOW NOTHING ABOUT YOUR MISSION... TO DEFECT!! + +THE US NAVY IS UNSURE OF YOUR REAL INTENTIONS BUT IS CONVINCED BY JACK RYAN, +SENIOR INTELLIGENCE OFFICIAL AT THE CIA, THAT YOUR DEFECTION IS TRUE. + +UNFORTUNATELY THE SOVIET RED BANNER FLEET, ONE OF THE MOST POWERFUL FLEETS +IN THE WORLD, HAS ORDERS TO PURSUE AND DESTROY YOU - AT ANY COST! + +IN THIS DEADLY BATTLE OF SURVIVAL YOU MUST SUCCESSFULLY COMPLETE FIVE LEVELS +OF ACTION... + +LEVEL 1 +------- +YOU MUST DELIVER JACK RYAN, ON TO THE USS DALLAS SUBMARINE IN MID-ATLANTIC. +THE WEATHER IS BAD; JACK HATES FLYING; GALE FORCE WINDS AND LOW FUEL BRINGS +INCREASED DANGER TO JACK. ONE FALSE MOVE AND JACK IS DEAD AND THE MISSION +ABORTED! + +LEVEL 2 +------- + +NAVIGATE THE TREACHEROUS REYKJANES RIDGE, ONE OF THE KEY RIDGES IN RED +ROUTE ONE. YOU WILL NEED TO NAVIGATE THROUGH DEEP AND NARROW CHANNELS; +AVOID HEAT SEEKING AUTOMATIC GUIDED MISSILES AND MINES AND REMAIN +UNDETECTED. + +LEVEL 3 +------- + +SUCCESSFULLY GUIDE JACK RYAN TO RENDEZVOUS WITH THE RED OCTOBER FROM A MINI- +SUB WHERE GREAT PRECISION AND SKILL IS ESSENTIAL. + +LEVEL 4 +------- + +FACE THE FINAL (OR SO YOU THINK) CONFRONTATION WITH THE SOVIET RED BANNER +FLEET. THE FULL FORCE OF THEY NAVY CONFRONTS YOU - HOMING MISSILES, DEPTH +CHARGES AND TOTALLY DEDICATED SUBMARINE COMMANDERS IN PURSUIT. YOU WILL +BE STOPPED..... + +LEVEL 5 +------- + +FINALLY YOU HAVE SUCCEEDED - OR HAVE YOU!? AWAIT THE ULTIMATE CHALLENGE! +CAN YOU AND THE PRECIOUS 'RED OCTOBER' SURVIVE!? + +REMEMBER, YOU HAVE SOME VERY SPECIAL AND POWERFUL WEAPONS; YOU ALSO HAVE THE +UNIQUE, NEARLY UNDETECTABLE CATERPILLAR DRIVE SYSTEM AND THE ADVANTAGE OF +STEALTH. USE THEM ALL CAREFULLY AND YOU MIGHT SURVIVE. + +- "THE AMERICANS WANT THE 'RED OCTOBER'." +- "THE RUSSIANS WANT HER BACK!" + +THE MOST INCREDIBLE CHASE IN HISTORY BEGINS... THE HUNT IS ON!!!! + + + + \ No newline at end of file diff --git a/textfiles.com/piracy/FAIRLIGHT/infernal.nfo b/textfiles.com/piracy/FAIRLIGHT/infernal.nfo new file mode 100644 index 00000000..ffd52aea --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/infernal.nfo @@ -0,0 +1,141 @@ + ___ ________ ___ ________ + / /\ / __ /\ /\ \ /\ __ \ + / / / / __/ / / \ \ \ \ \ \__ \ + / / / / / / / / \ \ \ \ \ \ \ \ + /__/ / /__/ /__/ / \ \__\ \ \__\ \__\ + \__\/ . \__\/\__\/ . . \/__/ . \/__/\/__/ + + + + + + + + + + + + + + + F⥒ - FFS + ۱۱ + ۱۱ + ۱۱۱ + ۱۱۲۱߱ + ۱ + + + + ۲ ۲ + ޲ ۲ + ۲ + ޱ ۲ ۱ + ݲ ۲ޱ + + + ݱޱ۱ ۱۱ޱݲ +Ŀ Ŀ +Ĵ ޱ ݱ۱۱ ۱ Ĵ +Ĵ ߱߱߱߱߱߱߱ Ĵ +Ŀ ߲ ۰ ۲ Ĵ +Ŀ ߲ Ĵ +Ŀ ޲ TerminatorX1993 +Ŀ Ĵ +Ĵ +Ĵ +Ĵ P R I N C E O F P E R I A 2 Ĵ +Ĵ * Trainer & DoX * Ĵ +Ĵ +Ĵ +Ĵ * INFERNAL AFFAIRS * Ĵ +Ĵ ;-] tHE nONE sLEEPING gODS [-; Ĵ +Ĵ +Ĵ +Ĵ Program Prince of Peria 2 Ĵ Supplier Errand / FiST Ĵ +Ĵ Company Broderbund Ĵ Packager TerminatorX Ĵ +Ĵ Display VGA Ĵ Proctection N/A Ĵ +Ĵ Sound All Ĵ Cracker N/A Ĵ +Ĵ Labels None Ĵ ReleasDate 04-27-93 Ĵ +Ĵ +Ĵ +Ĵ * wE rELEASE eVERYTHING tHAT'S qUALITY iN qUANTITY * Ĵ +Ĵ + + Ĵ + Ĵ * RELEASE NOTES *- Ĵ + Ĵ +Ŀ +Ĵ +Ĵ Have Fun And Check Out ! Ĵ +Ĵ + + Ĵ + Ĵ * Inf.Aff.STAFF * Ĵ + Ĵ +Ŀ +Ĵ +Ĵ RatMan, Patch, Traveler, Enforcer, FiST Ĵ +Ĵ Errand, Disrupted Soul, TerminatorX [MEMBERs][8]Ĵ +Ĵ +Ĵ David Marshall, Ranik, JMagic, The Alchemist, Ĵ +Ĵ Penman, The XXXXX, MELTdown [SPREADERs][7]Ĵ +Ĵ + + Ĵ + Ĵ * N O T E S * Ĵ + Ĵ +Ŀ +Ĵ +Ĵ We still searching for cool Dist.Sites so get in contact with us! Ĵ +Ĵ Specially Sites in the US accepted. Also Sysops of I-Net Sites can Ĵ +Ĵ apply. So contact us today ! Ĵ +Ĵ Ĵ +Ĵ Contact us at: LeGION Of DoOM Ĵ +Ĵ login with user: Anonymous Ĵ +Ĵ passwd: Applicat. Ĵ +Ĵ Ĵ +Ĵ Tell what u can do for us. Ĵ +Ĵ Why idling arround when u can proove that you are Elite ? Ĵ +Ĵ + + Ĵ + Ĵ !CALL OUR BOARDS WORLDWIDE! Ĵ + Ĵ +Ŀ +Ĵ + M E M B E R B O A R D SĴ +Ĵ.Untamed Metal ............ MEM.BErO.NLY ...... I-WHQ .. TerminatorX ....Ĵ +Ĵ.Legion Of Doom ......... THeFOCK.EN.KEW.L1 .. I-EuHQ .. Dis.Soul, TermX.Ĵ +Ĵ.DeadZone ................ +358-VE-RYkEWL ... 2 Nodes .. Traveler .......Ĵ +Ĵ.The Fight Hell .......... +341-TFH-HELL .... 2 Nodes .. Disrupted Soul .Ĵ +Ĵ.The Dark Half ........... (412)-PRi-VATE ... 1 Nodes .. Ratman .........Ĵ +Ĵ +Ĵ + D I S T. S I T E S Ĵ +Ĵ.KnoWarez ................. HER.E.wE.Go! .. I-3 Nodes .. David Marshall..Ĵ +Ĵ.Alkaline ............... ITS.TO.oPRiVA.TE! .... InET .. Ranik ..........Ĵ +Ĵ.LedZeppelin .......... ANoTHER.PRiVATE.0N.E! .. InET .. The XXXXX ......Ĵ +Ĵ.The Power ................ ITS-PRI-VATE .... 3 Nodes .. MELTdown .......Ĵ +Ĵ.The Black Unicorn ....... +(204)-NOO-OOOO .. 3 Nodes .. The Alchemist ..Ĵ +Ĵ.Meat Express ............. +358-ASK-4IT .... 1 Nodes .. JMagic .........Ĵ +Ĵ.Alkalinity ............... 716-NOT-4YOU .... X Nodes .. Penman .........Ĵ +Ĵ + + Ĵ + Ĵ * G R E E T I N G S * Ĵ + Ĵ +Ŀ +Ĵ +Ĵ GrEEtiNgS gO To: Stingray6, Dr.Donatelo, InsaneTTM, Rad, ChemGOD, AlC, Ĵ +Ĵ Warchild, Corp, GothMog, FordPr, Zax, Bond007 Ĵ +Ĵ Ĵ +Ĵ Group Greets: RZR, TdT, HaSP, SkilLIoN, UnTOuchABLeS, UnITed CoUrIErs, Ĵ +Ĵ tRIO, ExCiDE, aSA, SeCT, ToAo ...... and da resta Ĵ +Ĵ Ĵ +Ĵ +Ĵ +Ĵ SUPPORT THE COMPANIES THAT RELEASE QUALITY SOFTWARE! Ĵ +Ĵ * If you like this stuff, please buy the original. * Ĵ +Ĵ + \ No newline at end of file diff --git a/textfiles.com/piracy/FAIRLIGHT/luigi.nfo b/textfiles.com/piracy/FAIRLIGHT/luigi.nfo new file mode 100644 index 00000000..0a013e24 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/luigi.nfo @@ -0,0 +1,144 @@ + + + . + + + + ߲۲ ۲ ۲ ۲ ۲ ۲ ۲ ۲۲۲ + ܲ ߲ + ߱ ߱ ߱ + + + When Dreams Come True + + + + + + + + + + + + -PROUDLY PRESENTS- +ķ + Luigi and Spaghetti +Ķ + Supplied by: MacBlue & Dark Bader Written by: ?????? + Cracked by: The TERMINATOR Protection: Screwed UP (NTSC) + Packaged by: THE HAWK Graphics/Sound: VGA/SB & ADLIB + Release Date: 1/04/93 Game Type: Arcade Game + Rating: EXCELLENT ACRADE # of Disks: 2 (1.2) +Ķ + Game Notes: Well this is an AWESOME Arcade game from SPAIN. Cool music + awesome graphics, joystick or keyboard controlled. Really + cool. And it is allready trained with unlimited lives. Watch + Luigi trun in to Superman? Check this one out.!! + NOTE- JUST UNZIP into a Directory and type START to play + ALSO be sure to get the new PKZip/Unzip 2.04 to + unzip this and future FLT releases. + + Group Notes: Well the reconstruction is done look for FAIRLIGHT in 93' + From THE HAWK to SINISITER- YOU GUYS SUCK !!!!!! + + Personal Greets: Blade Runner, Ford Perfect, Silencer, Terminator, & Onyx +Ķ + Greets go out to: FAIRLIGHT AMIGA and THE HUMBLE GUYS +Ľ + + + ķ + Ķ -FLT- President + Ľ + + - Ford Perfect - + + ķ + Ķ -FLT- Senior Staff + Ľ + + Blade Runner, Orion, THE HAWK, VenoM + + ķ + Ķ -FLT- Members + Ľ + + Berserker, Beach Bum, FILA, Gank Master + Nemsis Enforcer, Night Ranger, Jack, Onyx + Silencer, Sicko, The Patton, Tom Brokaw + The Terminator + + ķ + Ķ -FLT- Cheats/Trainers + Ľ + + Hare Krishna, Patch, Phoniex + Rescue Raider + + ķ + Ķ -FLT- Senior Couriers + Ľ + + Flyboy, Jester, Avalanche, Master Disaster + + ķ + Ķ -FLT- Couriers + Ľ + + Doom, Night Blade, Overseerer, Shadow Lord, Dark Bader + Butter Ball, Olan, Lion, MacBlue, Budsky, Mad Dog + Steel Thunder, Natas, Ranks + + + +ķ + -=FLT=- Boards +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + The Bog World HQ 312/???.???? Sicko + Digital Wasteland U.K. HQ +44-81BACKUP! Night Ranger + My Boomin' System (4 Nodes) Canadian HQ 514/PRI.VATE Blade Runner +Ķ + Body Count Member Board DIEGRIMREAPER VenoM + Rising Sun Member Board 813/YOU.WISH Orion + The Hood (2 Nodes) Member Board 416/YOU.WISH Berserker +Ľ + Def Con 4 Dist. Site 201/XXX.XXXX Devastor + Fourth Reich Dist. Site 916/XXX.XXXX Prince of Sin + Twilight Zone Dist. Site 504/XXX.XXXX Jack Flash + Tower Knowledge Dist. Site 404/XXX.XXXX The Sage + + + + + + + + + + + + +ķ + FAIRLIGHT is currently accepting Dist. Sites call The BoG logon on as + FAIRLIGHT APPLY password FAIRLIGHT. Leave your board #, voice #, and + best time to get in touch with you. + get in touch with you. + + FAIRLIGHT is looking for good couriers, if you are interested then logon + Lithium with the account mentioned above. And leave your alias, name, + voice # and time to call. + + FAIRLIGHT is also looking for people that can Scan Docs, Code Loaders, + Make MODS, Crack, and Supply. If you are one of these people then call + Lithium with the FAIRLIGHT APPLY account and leave what you can do and + how to get ahold of you. + + + FAIRLIGHT 'When Dreams Come True' +Ľ + *** IF YOU LIKE THIS GAME, BUY IT! SOFTWARE AUTHORS DESERVE SUPPORT *** + + diff --git a/textfiles.com/piracy/FAIRLIGHT/mael.nfo b/textfiles.com/piracy/FAIRLIGHT/mael.nfo new file mode 100644 index 00000000..f8c64799 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/mael.nfo @@ -0,0 +1,141 @@ + + + + + + + + + + + + + + + + + + ANSiJED + + + + + + +ķ + PRESENTS: Maelstrom +Ķ + Supplied By: Razor 7-11 Written By: + Cracked By: THE Terminator Protection: Doc checks + Packaged By: Blade Runner Graphics: VGA\EGA + Release Date: 10-18-92 Sound: Adlib/Sound Blaster + Rating: 6/10 # of Disks: +Ķ + Crack: read crack.nfo or just run the tsr + It took longer to install this one,than to crack it. + + Group Notes: We at Flt have decided to FUCK The Wares Report ! We will not + Upload our stuff first to the wares report Due to 5 major + Reason. 1) HE is a INC SITE 2) He is not multi-node 3: He is + a Inc site 4)His bbs is always crashing on couriers besides + only Inc courier have no problems. 5) Who makes all these + Rules anyways? hmmm.. Anyways we don't want Razor 7-11 Megs +Ķ + Greets: James BOMB and The Couriers with out you we would Not be # 1 +Ľ + + + + Ŀ + Ĵ -=FLT=- Presidents + + + FAIRLIGHT - STRIDER + FAIRLIGHT PC - Ford Perfect + + + Ŀ + Ĵ -=FLT=- Senior Staff + + + Blade Runner, FlashBack, Night Ranger + THE HAWK, VenoM + + Ŀ + Ĵ -=FLT=- Members + + + ACE, Con Artist, Crusher, Dennise the Meance, F.I.L.A. + Hannibal Lektor, Night Ranger UK, Orion, Skelton Secretary + Shadow Angel, The Goddess, The Terminator, Wolverine + + Ŀ + Ĵ -=FLT=- Senior Couriers + + + Berserker, Doctor Bombay, SkaTeMasTer + + Ŀ + Ĵ -=FLT=- Couriers + + + Arch Angel, Bandieto, Chaos, Coyotes Member, Cross, Dark Star + Destroyer, Dirty Frank, Feedback, Hellion, James Bomb + Kinetic Energy, Lethal Injection, Mind Bomb, Mystic Whiz + Pagan, Popeye, Prince of Sin, Raging Bull, Sai Kotic + Sherlock Ohms, Sleepwalker + + Ŀ + Ĵ -=FLT=- Docs, Cheats & VGA + + + Crystal Warrior, Dr. Crippen, Eloi, Hare Krishna, Kublai Khan + Network, Revelation, Tank, The Weasel + + +ķ + -=FLT=- Boards +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + Body Count World HQ 516/DIE.MIKE VenoM + Golden Spires Canadian HQ 416/PRI.VATE Master-Tech + My Boomin' System (4 Nodes) Can. Courier HQ 514/Die.FEDS Blade Runner + HMS Bounty (4 Nodes) US West Cour HQ 714/PRI.VATE Fletcher + Sin City (6 Nodes) US East Cour HQ 813/PRI.VATE Hellion +Ķ + Eyes Of The Dragon Member Board 207/YOU.WISH Crusher + Lithum Member Board 813/YOU.WISH Shadow Angel + Marvel Universe Member Board 215/YOU.WISH Wolverine + Neo-Tokyo Member Board 604/YOU.WISH Skeleton Sec. + Nuclear Wastelandz Member Board 011/YOU.WISH Night Rang UK + The Nectar Base Member Board 602/YOU.WISH The Gh0dess + The Outer Limits (2 Nodes) Member Board 313/YOU.WISH FlashBack +Ķ + Beyond The Realm Of Reality Dist Site 310/869.9484 Legend Master + Bubba Land Dist Site 407/XXX.XXXX Bubba + The Burrows Dist Site 310/XXX.XXXX Weasel + CyberWars Dist Site 908/654.1290 Fearless Leade + Eldar's Craftworld Dist Site 418/XXX.XXXX Slum Dweller + Enigma Dist Site 201/XXX.XXXX Holy Avenger + Hydrogen Palace Dist Site 613/XXX.XXXX LoRD NuKE + Medieval Crypt Dist Site 214/XXX.XXXX Medieval Magi + Infinite Ragnarok Dist Site 916/863.1040 Jormungand + Inn Of The Last Home Dist Site 705/XXX.XXXX Caramon Majere + Medieval Crypt Dist Site 214/XXX.XXXX Medieval Magi + Pirate Mind Station Dist Site 314/567.3833 Felonius Monk + Rising Sun Dist Site 813/XXX.XXXX Orion + Second Sight Dist Site 416/XXX.XXXX Phalon + The Game Grid Dist Site 513/XXX.XXXX Tron + The Prison Dist Site 615/XXX.XXXX The Warden + Wintermute Dist Site 514/XXX.XXXX Case +Ľ + +ķ + + Fairlight is looking for DISTRIBUTION SITES... We will only courier + To our sites only!! We won't waste time with the INC Report any more!!! + Fairlight P.O. BOX 43 Flat Rock, MI 48134 -=FLT=- Rockin '92 + +Ľ + *** IF YOU LIKE THIS GAME, BUY IT! SOFTWARE AUTHORS DESERVE SUPPORT *** diff --git a/textfiles.com/piracy/FAIRLIGHT/obitus.nfo b/textfiles.com/piracy/FAIRLIGHT/obitus.nfo new file mode 100644 index 00000000..7f16ff70 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/obitus.nfo @@ -0,0 +1,136 @@ + Ŀ + USA/FLT United Software Association USA/FLT + Fairlight PC Division + + Proudly Presents + + Obitus + + From + + USA/FLT Psygnosis USA/FLT + +Ŀ + Supplied: The Patriot Sound: Adlib/SB/PCSpk Packaged: Genesis + Cracked: HAL9000 Graphics: CGA/EGA/VGA Date: 1/27/91 + Protection: Doc Check Controls: Kbd/Jystk/Mouse Rating: 7/10 +Ĵ + + Game Notes: You might remember the demo of this that was released by TDT + last September. Well here's the game finally. It looks like + a fairly decent RPG. Have fun. + + Game Hype: You are in the depths of your worse nightmare, but this time, + there is no waking up... Lost and alone, in a dangerous and + alien world, you must discover where you are, who you are, + how you got here, and you are going to get out. This is + your challenge. + + +Ŀ + + Greets: Patriot, thanks for the ware dude! + + +Ŀ + + What's up with USA/FLT? + ~~~~~~~~~~~~~~~~~~~~~~~ + Have you called the USA/FLT VMB lately to say hi? 716/987.1151 + + + + - USA/FLT Senior Staff - + + Genesis, Silencer, The NotSoHumble Babe + + + - USA/FLT Members - + + Black Jack, Eclipse, Fire, HAL9000, Harry Lime, Lord Sterling, Marko Ramius, + Minor Threat, R. Bubba Magillicutty, Repo Man, Static, The Guch and + The Necromancer + + + - FairLight PC Members - + + Strider + + + - The USA-DoX Team - + + Caramon, FAThead, Genesis, Kublai Khan, Repo Man + + + - USA/FLT Couriers - + + -Senior- + + Heavy Metal and Tomkat + + -Elite- + + Alexis Machine, Dr. Crippen, Electric Element and Scorch + + -Trial- + + Egocentrix, Mr. Mixty and Psylocke + +Ŀ + - USA/FLT Boards - +Ĵ + BOARD NAME POSITION NUMBER SYSOP +Ĵ + BBS-A-Holic Western Home 310/PRI.VATE Genesis + Enterprize Elite Eastern Home 313/PRI.VATE Static / The NSH Babe + Apocalypse(5 Nodes) Courier Home 703/825.6517 POW +Ĵ + The Inferno Member Board 416/493.9927 Harry Lime + The Rush Board Member Board 313/348.6057 The Necromancer + Infinity Member Board 914/229.8483 Fire + High Intensity Member Board 512/385.4912 Marko Ramius + The World Of Krynn Member Board 313/PRI.VATE Caramon +Ĵ + World of Mirage Dist Site 718/PRI.VATE The Widowmaker + The Richter Scale Dist Site 516/PRI.VATE Earthquake + Elysium BBS Dist Site 508/PRI.VATE Squire + Khaotic Attractor Dist Site 508/PRI.VATE Mr Wyzard + Modular Madness Dist Site 512/PRI.VATE Fatal Error + Rivendell Dist Site 217/356.2221 Trick Lord + The Paki's Smell Dist Site 604/261.8182 Skeleton Secretary + Cloak & Dagger Dist Site 516/791.2156 Surak + The 4th Dimension Dist Site 813/948.1635 Time Traveler + The Krack House Dist Site 614/882.5546 Rainman + Suburbia Dist Site 214/258.6634 The Chairman + +Ŀ + - USA/FLT Support Nodes - +Ĵ + + Down River Elite - Amiga World - The End - The Fifth Dimension + + +Ŀ + + You may contact us by mail at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + USA/Fairlight + 35526 Grand River, Suite 121 + Farmington Hills, MI 48335 + + OR + + Fairlight + P.O. Box 6 + 23600 Hollviken + Sweden + +Ĵ + + You may contact us by phone at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + The USA/Fairlight VMB + + 716-987-1151 + + diff --git a/textfiles.com/piracy/FAIRLIGHT/obitusdx.nfo b/textfiles.com/piracy/FAIRLIGHT/obitusdx.nfo new file mode 100644 index 00000000..9dc15866 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/obitusdx.nfo @@ -0,0 +1,128 @@ + Ŀ + USA/FLT United Software Association USA/FLT + Fairlight PC Division + + Proudly Presents + + Obitus Complete Documentation + + From + + USA/FLT Psygnosis USA/FLT + +Ŀ + Supplied: Patriot Method: Hand-Typed Packaged: Genesis + Created: Patriot Extras: None Date: 1/28/91 +Ĵ + + Doc Notes: This is the complete game manual for Obitus... Not much else + to say! + + +Ŀ + + Greets: Patriot, Great job on the dox, buddy! + + +Ŀ + + What's up with USA/FLT? + ~~~~~~~~~~~~~~~~~~~~~~~ + Have you called the USA/FLT VMB lately to say hi? 716/987.1151 + + + + - USA/FLT Senior Staff - + + Genesis, Silencer, The NotSoHumble Babe + + + - USA/FLT Members - + + Black Jack, Eclipse, Fire, HAL9000, Harry Lime, Lord Sterling, Marko Ramius, + Minor Threat, R. Bubba Magillicutty, Repo Man, Static, The Guch and + The Necromancer + + + - FairLight PC Members - + + Strider + + + - The USA-DoX Team - + + Caramon, FAThead, Genesis, Kublai Khan, Repo Man + + + - USA/FLT Couriers - + + -Senior- + + Heavy Metal and Tomkat + + -Elite- + + Alexis Machine, Dr. Crippen, Electric Element and Scorch + + -Trial- + + Egocentrix, Mr. Mixty and Psylocke + +Ŀ + - USA/FLT Boards - +Ĵ + BOARD NAME POSITION NUMBER SYSOP +Ĵ + BBS-A-Holic Western Home 310/PRI.VATE Genesis + Enterprize Elite Eastern Home 313/PRI.VATE Static / The NSH Babe + Apocalypse(5 Nodes) Courier Home 703/825.6517 POW +Ĵ + The Inferno Member Board 416/493.9927 Harry Lime + The Rush Board Member Board 313/348.6057 The Necromancer + Infinity Member Board 914/229.8483 Fire + High Intensity Member Board 512/385.4912 Marko Ramius + The World Of Krynn Member Board 313/PRI.VATE Caramon +Ĵ + World of Mirage Dist Site 718/PRI.VATE The Widowmaker + The Richter Scale Dist Site 516/PRI.VATE Earthquake + Elysium BBS Dist Site 508/PRI.VATE Squire + Khaotic Attractor Dist Site 508/PRI.VATE Mr Wyzard + Modular Madness Dist Site 512/PRI.VATE Fatal Error + Rivendell Dist Site 217/356.2221 Trick Lord + The Paki's Smell Dist Site 604/261.8182 Skeleton Secretary + Cloak & Dagger Dist Site 516/791.2156 Surak + The 4th Dimension Dist Site 813/948.1635 Time Traveler + The Krack House Dist Site 614/882.5546 Rainman + Suburbia Dist Site 214/258.6634 The Chairman + +Ŀ + - USA/FLT Support Nodes - +Ĵ + + Down River Elite - Amiga World - The End - The Fifth Dimension + + +Ŀ + + You may contact us by mail at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + USA/Fairlight + 35526 Grand River, Suite 121 + Farmington Hills, MI 48335 + + OR + + Fairlight + P.O. Box 6 + 23600 Hollviken + Sweden + +Ĵ + + You may contact us by phone at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + The USA/Fairlight VMB + + 716-987-1151 + + diff --git a/textfiles.com/piracy/FAIRLIGHT/pq3-dox.nfo b/textfiles.com/piracy/FAIRLIGHT/pq3-dox.nfo new file mode 100644 index 00000000..7acb6422 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/pq3-dox.nfo @@ -0,0 +1,101 @@ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + USA/FLT United Software Association USA/FLT + Fairlight PC Division + USA-DoX Department + + Proudly Presents + + Complete Police Quest ]I[ Dox + + from + + Sierra + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + - USA Members - + + The NotSoHumble Babe, Silencer, Genesis, Lord Blix, Suicidal, Harry Lime + Lord Sterling, R. Bubba Magillicutty, Mad Gib, The Guch + The Necromancer, Snuggles, Static + + + - FairLight PC Members - + + Strider & Drone No.5 + + + - USA/FLT Couriers - + + Morpheus, The Bartender, Crime Slave, Snuggles + + + - USA/FLT Boards - + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + BOARD NAME POSITION NUMBER SYSOP +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + BBS-A-Holic Western Home 213-PRI-VATE Genesis + Enterprize Elite Eastern Home 313-442-7543 Static / The NSH Babe + The Mudd Club Member Board 713-347-1416 Lord Blix + The Inferno Member Board 416-841-1933 Harry Lime + House Of Lords Member Board 714-681-9219 Lord Sterling + The Rush Board Member Board 313-348-6057 The Necromancer + Hidden Empire Dist Site 301-926-6131 The Emperor + tHe CrAcK iN tImE Dist Site 2o1-573-o449 The Punisher + Support HQ Dist Site 415-692-6037 X-Terminator + The Red Sector Dist Site 713-952-7682 The Guardian + Radioactive Decay Dist Site 213-923-4447 Repo Man + World of Mirage Dist Site 718-UNK-NOWN The Widowmaker +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +Doc Notes: Here are the complete dox and map for Police Quest ]I[: The Kindred. + In case we forgot to put it in the dox, Sonny's locker code is 776. + The map is included here in GIF format, viewable seperately. These + dox should be really helpful, we hope you like em. Have fun! + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + Greets: INC, THG, Razor, PE, NEUA - Hi to everyone! + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + So you wanna be a Dist Site or Member huh? + + If you are interested in becoming a USA/FLT Dist Site or Member, please + contact Genesis at BBS-A-Holic or TNSH Babe at Enterprise Elite. Tell + us what you have to offer to USA/FLT and you will be considered. All + of our members and dist sites are completely functional. If you can't + or don't want to do anything to help out, and just want to sit there + and run a dist site, then forget it. But if think you have something to + offer and you want to help the newest up and coming group reach the top, + give us a call. + + + So you wanna be a Courier huh? + + Fill out a USA/FLT courier application and send it up to one of the Home + boards reserved for our courier leader, Suicidal. + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + You may contact us by mail at: + + USA/Fairlight + 35526 Grand River, Suite 104 + Farmington Hills, MI 48335 + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + You may contact us by phone at: + + The USA/Fairlight VMB + + 716-987-1151 + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + "All's Fair In Love And Warez" + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + diff --git a/textfiles.com/piracy/FAIRLIGHT/pq3hints.nfo b/textfiles.com/piracy/FAIRLIGHT/pq3hints.nfo new file mode 100644 index 00000000..2b6bb1f9 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/pq3hints.nfo @@ -0,0 +1,106 @@ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + USA/FLT United Software Association USA/FLT + Fairlight PC Division + USA-DoX Department + + Proudly Presents + + Police Quest ]I[ Hints/Solve + + from + + Sierra + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + - USA Members - + + The NotSoHumble Babe, Silencer, Genesis, Lord Blix, Suicidal, Harry Lime + Lord Sterling, R. Bubba Magillicutty, Mad Gib, The Guch + The Necromancer, Snuggles, Static + + + - FairLight PC Members - + + Strider & Drone No.5 + + + - USA/FLT Couriers - + + Morpheus, The Bartender, Crime Slave, Snuggles + + + - USA/FLT Boards - + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + BOARD NAME POSITION NUMBER SYSOP +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + BBS-A-Holic Western Home 213-PRI-VATE Genesis + Enterprize Elite Eastern Home 313-442-7543 Static / The NSH Babe + The Mudd Club Member Board 713-347-1416 Lord Blix + The Inferno Member Board 416-841-1933 Harry Lime + The Rush Board Member Board 313-348-6057 The Necromancer + House Of Lords Member Board 714-681-9219 Lord Sterling + Hidden Empire Dist Site 301-926-6131 The Emperor + tHe CrAcK iN tImE Dist Site 2o1-573-o449 The Punisher + Support HQ Dist Site 415-692-6037 X-Terminator + The Red Sector Dist Site 713-952-7682 The Guardian + Radioactive Decay Dist Site 213-923-4447 Repo Man + World of Mirage Dist Site 718-UNK-NOWN The Widowmaker +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +Game Notes: OK here are the Police Quest ]I[ Hints/Solve from the Sierra BBS. + They're all done up in a nice, clean little menu driven format + for ya. Be sure to pick up the latest from USA/FLT - Willy + Beamish from Dynamix. Call your favorite USA boards now! + + Call our VMB - 716-987-1151 + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +Greets: We're too damn busy releasing wares and dox to think up any new greets + right now... Just a quick hi to all the groups, INC, THG, Razor, PE + FiRM, and TDT/TRSI... you're all doing a great job. Lots of good + competition out there lately... + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + So you wanna be a Dist Site or Member huh? + + If you are interested in becoming a USA/FLT Dist Site or Member, please + contact Genesis at BBS-A-Holic or TNSH Babe at Enterprise Elite. Tell + us what you have to offer to USA/FLT and you will be considered. All + of our members and dist sites are completely functional. If you can't + or don't want to do anything to help out, and just want to sit there + and run a dist site, then forget it. But if think you have something to + offer and you want to help the newest up and coming group reach the top, + give us a call. + + + So you wanna be a Courier huh? + + Fill out a USA/FLT courier application and send it up to one of the Home + boards reserved for our courier leader, Suicidal. + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + You may contact us by mail at: + + USA/Fairlight + 35526 Grand River, Suite 104 + Farmington Hills, MI 48335 + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + You may contact us by phone at: + + The USA/Fairlight VMB + + 716-987-1151 + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + "All's Fair In Love And Warez" + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + diff --git a/textfiles.com/piracy/FAIRLIGHT/shadow.nfo b/textfiles.com/piracy/FAIRLIGHT/shadow.nfo new file mode 100644 index 00000000..1b7ec041 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/shadow.nfo @@ -0,0 +1,104 @@ + ____________/\ /\_ ___ /\____ /\_. ___/|___ /\________ + \_______ \/ | o\ /o \ / o| . \_/o|__//o ______/ + /o | \ | \\ // | > / ||___|\ // \// |_____ + // _______/ | \\// \/ || : \// \ | \ + // | / | \\ | \ | \ \ : \ + \ _____| \_____________/___________/____________/_______/_________ / + \| __/\________ /\_____ __/\________ /\_____ /\___ \| + : \ o ______/ /o \ \ o ______//o \ / | o\ : + . // __)__ // | \ // __)__// | | \ / | \\ . + // | \// | \// | \ | | \/\___ \\ + / | \ | \ | \ | | \ | \\ + \ ____________/_____|______/____________/__|_|_____/_________ / + \| -=PRESENTS=- |/ + Ŀ + The Shadow of Yserbius & The Fates of Twinion + + Ŀ Ŀ + Company SIERRA Supplier Axiom Codex + Display SVGA Cracker N/A + Sound ALL Packager Califboy + Rating 8 Protection None Found + #ofDisks 9 Date 09-30-93 + + Ŀ + RELEASE NOTES + + Well We tried this one out and found it to be 2 games in 1 for use either + by themselves or with the Sierra Network, we didn't see any protection.. but + in Sierra's usual style we expect there may be some protection there.. so if + you find it let us know and we'll have a crack out ASAP. + See yahh...... + Califboy + + NOTE: As usual Unzip with -d -$... it never hurts.. + TSN Disks 1-5 are needed for the installation of these games + so they have been included.. if you already had these disks.. we + apologize but like most people... we Didn't already have them + + THANKS goes out to AXIOM CODEX.. good job on the original + + Group Notes : Greets to all who deserve it you know who you are, + Greets to all the new members! If you were left out it will be straight soon + + Greets to Our Newest BBS KraftWerke! + + +Personal Greets : Brawley Brawler, Undertaker, Terra-X, Iceman, Godfather, + Dray, Cypher, Phonestud, Corsair, SOULTAKER, Speed Master, + Axiom Codex, and Trustee + + + *NOTE*: If we have accidentally left you out of the info file + we apologize, please let us know if we did! + + Ŀ + PUBLIC ENEMY Leaders and Members + Ŀ + Speed Master, Rakim, Blade Runner + Ĵ + Axiom Codex, Brawly Brawler, Califboy, Cypher, Exdous + Iceman, Killerette, Rhino, Red Wolf, Beowulf + Godfather, The Terminator, Union Jack + + Ŀ + PUBLIC ENEMY Spreaders + Ŀ + Black Dragon, Dark Passion, FAB, Dream Wraith + Malpha, Nephilim, Trustee, Timebuster, Aykin&Bartman + + + + + Ŀ + Name Status Number Nodes Sysop + Ĵ + Sancutary WHQ 708-969-8325 5 Speed Master + My Boomin' System CHQ 514-GET-REAL 4 Blade Runner + Twilight BBS EHQ 49-214ELITE! 4 Twilight + UnderWorld MEMBER 916-XXX-XXXX 2 Califboy + KraftWerke MEMBER 916-XXX-XXXX 1 Undertaker + + + + + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + IF YOU ARE INTERESTED IN BEING A DISTRIBUTION SITE, COURIER, CRACKER + CODER OR THINK YOU HAVE SOMETHING TO OFFER THE GROUP, WHICH WOULD + BE HELPFULLY AND PRODUCTIVITY. THEN LOG ONTO SANCUTARY UNDER THE + ACCOUNT : PUBLIC ENEMY + PASSWORD: #1 + BE SURE TO LEAVE YOUR ALIAS, FIRST NAME, VOICE #, AND BEST TIME + TO BE CALLED. + >>> NOTE <<<: If you leave a BBS # ONLY the chances are you won't hear + from us. + OR write to: Public Enemy + P.O. Box 106 + Downers Grove, Ill 60515 + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + ** IF YOU HAVE REVIEWED THIS GAME AND ENJOY IT, BUY IT! ** + ** SOFTWARE AUTHORS DESERVE SUPPORT ** + + \ No newline at end of file diff --git a/textfiles.com/piracy/FAIRLIGHT/shadow2.nfo b/textfiles.com/piracy/FAIRLIGHT/shadow2.nfo new file mode 100644 index 00000000..53cc54d4 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/shadow2.nfo @@ -0,0 +1,195 @@ + + + . + + + + ߲۲ ۲ ۲ ۲ ۲ ۲ ۲ ۲۲۲ + ܲ ߲ + ߱ ߱ ߱ + + + When Dreams Come True + + + + + + + + + + + + -PROUDLY PRESENTS- +ķ + Shadowgate For Windows +Ķ + Supplied by: Ford Perfect Written by: Electronic Arts + Cracked by: Silent Stalker Protection: Condom + Packaged by: The Hawk Graphics/Sound: Usual + Release Date: 12/05/92 Game Type: RPG + Rating: 7/10 # of Disks: 5 +Ķ + Game Notes: A most interesting game for windows. You must stop the evil + Warlock Lord from raising the Behemoth and taken over the + world. This is a good one to add for people who swear by + windows! Save your game often, because you are going to need + it! + Unzip to floppy and then start windows. From Windows program + manager, bring down file and click on run. Then switch to the + drive you have the files on, and run setup.exe. + + Group Notes: Razor nice job. TDT nice try. Double releasing + your own release from last year?? That's a new one. + + + Personal Greets: TRON, Con Artist, White Rose, Orion, & Shadow Angel +Ķ + Group Greets: Razor, no one else deserves one. +Ľ + + ķ + Ķ -FLT- Main Organizers + Ľ + + FLT Euro Division - STRIDER + FLT USA Division - Ford Perfect + + ķ + Ķ -FLT- Senior Staff + Ľ + + Blade Runner, Con Artist, Silent Stalker + THE HAWK, VenoM + + ķ + Ķ -FLT- Members + Ľ + + ACE, Berserker, Beach Bum, Black Shadow, Califboy + Dennis the Menace, Flashback, FILA, Iceberg, Jack, Kingpin + Larual & Hardy, MICHELANGELO, New Kids, Night Ranger UK + Nuclear War, Orion, RADAR, Rifleman, Selim & Rudi + Shadow Angel, Silencer, SkaTeMasTer, Sparky, Subzero + The Terminator, Tom Brokaw, Ufonaut, Union Jack + + ķ + Ķ -FLT- Senior Couriers + Ľ + + Doctor Bombay, Dorian Hawkmoon + Fourth Reich, Gank Master, Mind Bomb + Overlord, Pagan + + ķ + Ķ -FLT- Couriers + Ľ + + Always Dangerous, Arch Angel, Avalanche, Dirty Frank + Doom, Enforcer, Fear, Flyboy, Fresh Kid Ice, Fugazi + Genicide, Genocide, Ghost Pilot, Godfather, Havok, Insector X + JC Poon, Jester, King Meat, Lips, Malachai, Master of Diaster + Nightblade, Oolan, Pagan, Plague, Raging Bull, Raven, Rick Hunter, Rougue + Sai Kotic, Shadowlord, Stalker, Steel Thunder, The Destroyer, The Judge + The Outcast, Touchtone, Traumatic Breakdown, Unsettled Soul + X-Man, Zakafein + + + ķ + Ķ -FLT- Cheats/Trainers + Ľ + + The Phoney Coders + Hare Krishna, Patch + Rescue Raider, The Phrophet, The Weasel + + + ķ + Ķ -FLT- DOX + Ľ + + Crystal Warrior, Kublai Khan + Fourth Reich, Hellspawn, Hell Bound + HELLION + +ķ + -=FLT=- Boards +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + Body Count World HQ 516/DIE.MIKE VenoM + Nuclear Wastelandz U.K. HQ +44-81BACKUP! Night Ranger + Unlimited Access (3 Nodes) German HQ +49-30BACKUP! Sparky + My Boomin' System (4 Nodes) Canadian HQ 514/PRI.VATE Blade Runner + HMS Bounty (4 Nodes) US West Cour HQ 714/PRI.VATE Fletcher + Sin City (6 Nodes) US East Cour HQ 813/PRI.VATE Hellion +Ķ + Crime Ring Member Board 714/YOU.WISH Kingpin + Golden Spires Member Board 416/YOU.WISH Master-Tech + Harmony Skates (2 Nodes) Member Board 718/ViS.iONX SkateMaster + Lithium Member Board 813/YOU.WISH Shadow Angel + Manhattan Project (2 Nodes) Member Board 503/YOU.WISH Rifleman + Narcotik Illusion Member Board 703/YOU.WISH Con Artist + Pirate Mind Station Member Board 314/YOU.WISH Felonius Monk + Rising Sun Member Board 813/YOU.WISH Orion + The Outer Limits (2 Nodes) Member Board 313/YOU.WISH FlashBack + The Hood (2 Nodes) Member Board 416/YOU.WISH Berserker + UnderWorld Member Board 916/YOU.WISH Califboy +Ķ + After Midnight Dist Site 310/XXX.XXXX The Painter + Bubba Land Dist Site 407/XXX.XXXX Bubba + Covert Action ][ Dist Site 818/XXX.XXXX Contra + CyberWars Dist Site 908/XXX.XXXX Fearless Leadr + Eldar's Craftworld Dist Site 418/XXX.XXXX Slum Dweller + Enigma Dist Site 201/XXX.XXXX Holy Avenger + Fatal Psychosis Dist Site 812/XXX.XXXX Gothmog + Fourth Reich Dist Site 916/XXX.XXXX Prince of Sin + Gator Crator Dist Site 318/XXX.XXXX Gatorman + Infinite Ragnarok Dist Site 916/XXX.XXXX Jormungand + Park Central Dist Site 708/XXX.XXXX Silver V + Private Collection Dist Site 305/XXX.XXXX Wild Child + Psycho Net Dist Site 616/XXX.XXXX Service + Second Sight Dist Site 416/XXX.XXXX Phalon + The City Dist Site 813/XXX.XXXX The Bainster + The Game Grid Dist Site 513/XXX.XXXX Tron + The Prison Dist Site 615/XXX.XXXX The Warden + The Sewer Dist Site +47/67.33292 Phoenix + The Wooden Boxcar Dist Site 606/XXX.XXXX Packrat + Tower of Knowledge Dist Site 404/XXX.XXXX The Sage + Twilight Zone Dist Site 504/XXX.XXXX Jack Flash + Wintermute Dist Site 514/XXX.XXXX Case +Ľ + + + + + + + + + + + + +ķ + FAIRLIGHT is currently accepting Dist. Sites call Lithium logon on as + FAIRLIGHT APPLY password FAIRLIGHT. Leave your board #, voice #, and + best time to get in touch with you. + + FAIRLIGHT is looking for good couriers, if you are interested then logon + Lithium with the account mentioned above. Leave your alias, name, + voice # and time to call. + + FAIRLIGHT is also looking for people that can Scan Docs, Code Loaders, + Make MODS, Crack, and Supply. If you are one of these people then call + Lithium with the FAIRLIGHT APPLY account and leave what you can do and + how to get ahold of you. + + Lithium - 813-799-4417 + + FAIRLIGHT 'When Dreams Come True' +Ľ + *** IF YOU LIKE THIS GAME, BUY IT! SOFTWARE AUTHORS DESERVE SUPPORT *** + + diff --git a/textfiles.com/piracy/FAIRLIGHT/siege.nfo b/textfiles.com/piracy/FAIRLIGHT/siege.nfo new file mode 100644 index 00000000..1b2a291e --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/siege.nfo @@ -0,0 +1,105 @@ + + + + + + + + + + + + + + + + + ANSiJED + + + + + +ķ + PRESENTS: Siege +Ķ + Supplied By: Mournblade/Flashback Written By: Mindcraft + Cracked By: N/A Graphics: VGA256/ALL + Packaged By: Heretic Sound: ALL + Release Date: 07/18/92 Rating: 9/10 +Ķ + + Game Notes: This is probably the release of the month. 256 color VGA + + sound, and it looks awsome. You must have a mouse to play. + You can play the role of the attacker or defender and with + 2+ megs of ram you'll experience wicked digitized sound. + 4 elaborate castle designs with 24 intense senarios and + troop types ranging from dwarven warriors to giant spiders. + Comes complete with built-in senario editor. This game ROCKS! + +Ķ + Greets: Catalyst, Grimstalk, Strider, Venom and Mournblade! +Ľ + + + + Ŀ + Ĵ -=FLT=- Senior Staff + + + Heretic, Mournblade, Strider + + Ŀ + Ĵ -=FLT=- Members + + + Grimstalk (Courier Co-Ordinator), Lord Blix, VenoM, + R. Bubba Magillicutty, FlashBack, Ryec, Kintaro, Doc Holiday, + Hagbard Celine, Skeleton Secretary & Wolverine + + Ŀ + Ĵ -=FLT=- Couriers + + + Catalyst, Coyotes Member, Felonius Monk, Gank Master, + Lord Nelson, Mind Bomb, Pharoah & The Sleepwalker + + Ŀ + Ĵ -=FLT=- Docs & Cheats + + + EarthQuake, Tank + + +ķ + -=FLT=- Boards +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + Whirlwind World HQ 416/PRI.VATE Heretic + The BANE Of The BLACK SWORD Courier H.Q. XXX/PRI.VATE Mournblade + Apocalypse (3 Nodes) U.S. HQ 703/PRI.VATE P.O.W. +Ķ + Body Count Member Board 516/PRI.VATE VenoM + Marvel Universe Member Board 215/PRI.VATE Wolverine + Neo-Tokyo Member Board 604/PRI.VATE Skeleton Sec. + The Outer Limits Member Board 313/PRI.VATE FlashBack +Ķ + D'M0B Dist Site 604/XXX.XXXX Chaos Master + Pirate Mind Station Dist Site 314/567.3833 Felonius Monk + Purple Haze Dist Site 313/XXX.XXXX Speedball + Psychonuerosis Dist Site 301/946.3835 Gank Master + The Prison Dist Site 615/758.8731 The Warden + The Richter Scale Dist Site 516/XXX.XXXX EarthQuake + The World of Krynn Dist Site 313/XXX.XXXX Caramon + Wintermute Dist Site 514/XXX.XXXX Case +Ľ + +ķ + + Fairlight needs good people. Couriers, Distribution Sites etc. If you're + not satisfied with your current job let us know! FLT Rockin' 92'! + +Ľ + + \ No newline at end of file diff --git a/textfiles.com/piracy/FAIRLIGHT/simparc.nfo b/textfiles.com/piracy/FAIRLIGHT/simparc.nfo new file mode 100644 index 00000000..96ac21be --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/simparc.nfo @@ -0,0 +1,180 @@ + Ŀ + USA/FLT United Software Association USA/FLT + Fairlight PC Division + + Proudly Presents + + The Simpsons Arcade Game + + From + + USA/FLT Konami USA/FLT + +Ŀ + + Supplied: Genesis + Cracked: HAL9000 + + Game Notes: Simpsons Arcade from Konami. Pretty easy crack, password + protection at the beginning of the game... Took Hal 5 minutes. + One thing, the graphics are choppy and the game locks up from + time to time on my 286. On my 386 the game runs a hell of a + lot better, with no lockups; and on TNSH Babe's 286 it seems + to run ok too, so I guess it's just my system. So if you + have problems, try booting clean or try a different computer. + + Game hype off the box: + ~~~~~~~~~~~~~~~~~~~~~~ + Theme music from the hit television series, as well as crisp + 3-D graphics delights us with the Simpsons unique vibrant + animation. The arcade hit featuring the family that plays + together, but will they stay together? Make room in your + house for America's most animated family. The Simpsons + sensational action arcade game is here for the home computer. + With Homer, Marge, Bart and Lisa racing to reunite the family + after Maggie is nabbed during a jewel heist. So choose a + Simpson character and trek through all 8 arcade levels. + + +Ŀ + + What's Up With USA/FLT? + ~~~~~~~~~~~~~~~~~~~~~~~ + Still need more couriers... Fill out an app and get it to us. + + +Ŀ + + Greets: Y'all + + + + - USA/FLT Senior Staff - + + Genesis, Silencer, The NotSoHumble Babe + + + - USA/FLT Members - + + Black Jack, Buckaroo Banzai, Fire, General Zennor, HAL9000, Harry Lime, + Lord Blix, Lord Sterling, Marko Ramius, Minor Threat, R. Bubba + Magillicutty, Repo Man, Static, The Guch and The Necromancer + + + - FairLight PC Members - + + Strider + + + - The USA-DoX Team - + + Caramon, FAThead, Genesis, Kublai Khan, Repo Man + + + - USA/FLT Couriers - + + -Senior- + + Heavy Metal and Tomkat + + -Normal- + + Alexis Machine, Dr. Crippen, Morpheus and Scorch + + -Trial- + + Egocentrix and Electric Element + +Ŀ + - USA/FLT Boards - +Ĵ + BOARD NAME POSITION NUMBER SYSOP +Ĵ + BBS-A-Holic Western Home 213/PRI.VATE Genesis + Enterprize Elite Eastern Home 313/PRI.VATE Static / The NSH Babe +Ĵ + The Mudd Club Member Board 713/347.1416 Lord Blix + The Inferno Member Board 416/493.9927 Harry Lime + The Rush Board Member Board 313/348.6057 The Necromancer + House Of Lords Member Board 714/681.9219 Lord Sterling + Radioactive Decay Member Board 213/923.4447 Repo Man + Infinity Member Board 914/229.8483 Fire + High Intensity Member Board 512/385.4912 Marko Ramius +Ĵ + World of Mirage Dist Site 718/898.8421 The Widowmaker + The Richter Scale Dist Site 516/754.6402 Earthquake + Elysium BBS Dist Site 508/468.7636 Squire + Khaotic Attractor Dist Site 508/970.5306 Mr Wyzard + The Powerdome Dist Site 901/872.3715 Electron + Modular Madness Dist Site 512/219.8045 Fatal Error + The Paki's Smell Dist Site 604/261.8182 Skeleton Secretary + Cloak & Dagger Dist Site 516/791.2156 Surak + The 4th Dimension Dist Site 813/948.1635 Time Traveler + The Krack House Dist Site 614/882.5546 Rainman + + +Ŀ + - USA/FLT Support Nodes - +Ĵ + + The World Of Krynn - Down River Elite - Amiga World - The End + + + + So you wanna be a USA Dist Site or Member huh? + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + If you are interested in becoming a USA/FLT Dist Site or Member, please + contact Genesis at BBS-A-Holic or TNSH Babe at Enterprise Elite. Tell + us what you have to offer to USA/FLT and you will be considered. All + of our members and dist sites are completely functional. This means + they all help the group in some way. If you can't or don't want to do + anything to help out, and just want to sit there and run a dist site, + then forget it. But if think you have something to offer and you want + to help the newest up and coming group reach the top, give us a call. + USA/FLT Support Nodes are also available, inquire any Senior Staff + Member for details, or call the VMB and leave your info. + + + So you wanna be a USA Courier huh? + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Fill out a USA/FLT courier application and send it up to + BBS-A-Holic, private for Genesis. + +Ŀ + + You may contact us by mail at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + USA/Fairlight + 35526 Grand River, Suite 121 + Farmington Hills, MI 48335 + + OR + + Fairlight + P.O. Box 6 + 23600 Hollviken + Sweden + +Ĵ + + You may contact us by phone at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + The USA/Fairlight VMB + + 716-987-1151 + +Ĵ + + *** S P E C I A L O F F E R *** + + VHS Movies Available - Write To Address Below For Info: + + Skid Row + Postrestante + 8450 Hammel + Denmark + + + diff --git a/textfiles.com/piracy/FAIRLIGHT/steel.nfo b/textfiles.com/piracy/FAIRLIGHT/steel.nfo new file mode 100644 index 00000000..f1455f73 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/steel.nfo @@ -0,0 +1,144 @@ + + + ۲ ۲ ۲ + ۱ ۱ ۱ + ۰ ۰ ۰ + + ۰ ۰ ۰ + ۱ ۱ ۱ Roy + P R E S E N T S ۲ ۲ ۲ SAC + + + + ķ + ķ + -/\- STEEL PANTHERS *CD-RiP* (c) SSI -/\- + Ľ + Ľ + + + [ RLAS INFORMATION ]ķ + ķ + DATE : [ 10/03/95 ] [ PM ] CRACKER : FANFAN & CO + Ķ + SUPPLIER: THE MAD JAMMER! PACKAGER : FANFAN LATULIPE + Ķ + ORIGINAL: CD-RiP > 10 DISKS GAME TYPE: WARGAME + Ķ + MINIMUM REQUIREMENTS: + 486-33 / DOS / 8 MB RAM / 126 MB HD + Ľ + Ľ + + + [ RLAS NOTS ]ķ + ķ + Ľ + + TDU-JAM! proudly presents: STEEL PANTHERS from SSI! This is an + awesome wargame! The interface is user friendly, and the graphics + sweet and comprehensible. Brought to you by the #1 CD-Ripping team + TDU-JAM!!! Enjoy... + + CD-RiP: The animations and CD-Soundtrack were ripped, but the game + is complete. + + Run TDUJAM.EXE to install the game, and SETSOUND.EXE to configure + your sound card. Run STEEL.EXE to play. Do not forget to run our + cool intro, TDUINTRO.EXE... + + Enjoy and expect much more coming soon from TDU-JAM! + + + FANFAN LATULIPE / TDU-JAM! + + ķ + ...IF YOU LIKE THIS SOFTWARE PLEASE TAKE IT UPON YOURSELF TO BUY IT... + Ľ + + GROUP NEWS : * We greet ASSAULT, DYTEC, SAC, RAZOR, and all + the PC Scene! + + * We are dedicated in bringing you the best in PC + games entertainment! If you have something to offer + and want to be a part of the BEST group, contact us + immediately! + + ķ + Ľ + Ľ + + + [ WE 'B' JAMMING ]ķ + ķ + Ľ + + Fanfan la Tulipe, Werner & Tardy + + Brainbox, Code Breaker, Dark Knight, Dr Insanity, Faceless, Fatman, + Ginger the Cat, General Lee, HaMMeR!!, Johnny Cyberpunk, Hans, Knox, + Liquid Khaos, The Mad Jammer, Raider, Roger Wilco, Roland, Roy, Shadow Master, + The Bandit, The Pressman, The Toyman, The Viper, Whistler, WiLD THiNG, + Wolverine. + + Anti-Derivative, Color Crimson, Criminal Overlord, DarkStar, Death Angel, + Dendybar, Deuce's Wild, Grady, Grinder, Hybrid, Jopiter, Legion, Lord Rook, + Ones Wally, Skinypuppy, Stingray, Viral Overlord. + + ķ + Ľ + Ľ + + + [ GNSiS bOARDS ]͸ + ͸ + - [ hEADqUARTERS ] - + ; + THE DiGiTAL UNDERGROUND . iTS-PRi-VATE .. 8 NoDES . FANFAN LATULIPE\BRAINBOX + ELUSIVE DREAMS .......... iTS-PRi-VATE .. 8 NoDES .............. TOYMAN\KNOX + 2112 .................... iTS-PRi-VATE .. 9 NoDES ............... ANALOG KID + + Ŀ + - [ mEMBER bOARDS ] - + + 2ND FACE ................ iTS-PRi-VATE . 8 NoDES ...... RAMBO\W&T + CLOSED SOCIETY .......... iTS-PRi-VATE . 3 NoDES ............ ROY + SOUTHERN WASTELANDS ..... iTS-PRi-VATE . 4 NoDES ......... LEGION + UNLIMITED POWER ......... iTS-PRi-VATE . 5 NoDES ......... RAIDER + VAX MUSEUM .............. iTS-PRi-VATE . 2 NoDES ..... ONES WALLY + THE WALL ................ iTS-PRi-VATE . 8 NoDES ......... ROLAND + + Ŀ + - [ bOARDS ] - + + CESSPOOL ................ iTS-PRi-VATE . 2 NoDES ........... GANGREEN + SCOOTER DOME ............ iTS-PRi-VATE . 2 NoDES ............ SCOOTER + + Ŀ + - [ aFFILIATES ] - + + ATOMIC TOWER ............ iTS-PRi-VATE . 3 NoDES ........ DEATH ANGEL + COFFEESHOP .............. iTS-PRi-VATE . 1 NoDE ............ JOPITER + INCOGNITO ............... iTS-PRi-VATE . 3 NoDES ...... COLOR CRIMSON + NO ESCAPE ............... iTS-PRi-VATE . 2 NoDES .. CRIMINAL OVERLORD + + Ŀ + + ; + ; + + + [ PLEASE NOTE ]ķ + ķ + Anybody interested in being a part of the our new group: + Leave a Member a Message on Any BBS we frequent. + (You must leave a detailed message with name and voice # to be contacted!) + Ľ + ķ + Interested in Console Copiers? For the best prices call: + 1-718-854-5877 + Ľ + ķ + - /\ - "WE REDEFINE QUALITY!!!" /\ - + Ľ + Ľ diff --git a/textfiles.com/piracy/FAIRLIGHT/steel2.nfo b/textfiles.com/piracy/FAIRLIGHT/steel2.nfo new file mode 100644 index 00000000..524d8a9e --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/steel2.nfo @@ -0,0 +1,116 @@ + + + + + + + + + + + + P R O U D L Y P R E S E N T S + + STEEL EMPIRE + .............. + + Ŀ + Program By: Silicon Knights Graphic Support: VGA/EGA + Ĵ + Cracked By: THE TERMINATOR Sound Supported: SB/ADLIB + Ĵ + Date of Release: 15th April 1992 Controls: JOYSTICK/MOUSE/KEYB + Ĵ + + Protecion: Simple Doc Check + ~~~~~~~~~~ + + + + Game Type: Strategy Game + ~~~~~~~~~~ + + + + + Installation: Unzip into any directory + ~~~~~~~~~~~~~ + + + + + Comments: An allright game + ~~~~~~~~~ + + + + + + + + + Fairlight PC Division Staff + ~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Senior Staff: STRIDER, NEMESIS ENFORCER, TRICK LORD + + Members: PSYLOCKE, BLADE RUNNER, THE TERMINATOR + HERETIC, THE NECROMANCER, FIRE, NIGHT STICK + MARKO RAMIUS, BLACK JACK, MINOR THREAT + HEAVY METAL, DOCTOR CRIPPEN, GRIMSTALK + HARDWIRE, COYOTES MEMBER, SILENT ASSASSIN + ALEXIS MACHINE, MR. MIXTY, LORD STERLING + + + + FAIRLIGHT PC DISTRIBUTION ۲ + Ŀ + Board Name Phone Number SysOp NUP + Ĵ + Rivendell (WHQ) 217/356.2221 Trick Lord 'friend' + Ĵ + Whirlwind (CHQ) 416/PRI.VATE Heretic + Paki's Smell 604/PRI.VATE Skeleton Secretary + Modular Madness 512/PRI.VATE Fatal Error + F/X 914/PRI.VATE Fire + My Boomin'System 514/PRI.VATE Blade Runner + Elysium 508/PRI.VATE Squire + Richter Scale 516/754.6402 Earthquake + Street Spyders 713/266.8330 Maverick 'Beam Me Up' + The Lab 514/858.1326 Pr. Sinister + d'M0b 604/922.7318 Chaos Master 'HUH?' + Marvel Universe 215/758.8644 Wolverine + + -->>> WANNA BE ON THIS LIST? <<<-- + Call our World H.Q. listed above. + + + Ŀ + + You may contact us by mail at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + -->>FAIRLIGHT PC<<-- -->FLT AMIGA/PC<-- -->>FLT AMIGA<<-- + =================================================================== + FAIRLIGHT PC AMERICA FAIRLIGHT WORLD HQ FAIRLIGHT AMERICA + PO BOX 6864 PO BOX 6 PO BOX 268 + CHAMPAIGN, IL 61826-6864 23600 HOLLVIKEN AMISSVILLE, VA 22002 + U.S.A. SWEDEN U.S.A. + + You may contact us by phone at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + 716-987-1151 + + + + + /> Greet to Inc(Neil I back),Razor and To DR. Shareware and Hal 0.9 + Still making patches for doors... Hey dudes look for our other release + today. + + Thanks to Black Spirit for the logo. + + + Hasta Dudes, + Blade Runner diff --git a/textfiles.com/piracy/FAIRLIGHT/trn.nfo b/textfiles.com/piracy/FAIRLIGHT/trn.nfo new file mode 100644 index 00000000..b362a6c1 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/trn.nfo @@ -0,0 +1,129 @@ + + + + + + + + + + + + + + + + + + + ANSiJED + + + + + +ķ + PRESENTS: CANNON FODDER FROM SENSIBLE SOFTWARE [+2] TRAINER +Ķ + Supplied By: TRSI Written By: Fornicator + Cracked By: - Graphics: -/10 + Packaged By: Ken Buddha Sound: -/10 + Release Date: 05/01/94 Rating: -/10 +Ķ + Lovely game, and even lovelier with a Fairlight trainer for it. + Infinite rockets, infinite grenades, everything a man needs. + + Note: If you load a game, you have to select a weapon before the trainer + becomes active, but I guess you knew that. + + FairLight is re-structuring for maximum efficiency! FairLight is dedicated + to quality and not quantity. We extend a courteous hand to fellow groups + in the pirate community. Always looking for talented and loyal people. + + If you are interested in contributing call the FairLight 24HR VMB at + + 619-497-1580 + +Ķ + Greets go out to all cool FairLight members and to all other cool people +Ľ + + Ŀ + Ĵ FAiRLiGHT PC PRESIDENT + + + BLACK SHADOW + + Ŀ + Ĵ FAiRLiGHT PC VICE PRESIDENT + + + STRIDER + + Ŀ + Ĵ FAiRLiGHT PC MEMBERS + + + Judge, Ken Buddha, Moocher, Genius, Exolon, + Fornicator, Coroner, Lust Lord, Ranx, + Splatt, Skol and JBM + + Ŀ + Ĵ FAiRLiGHT PC COURIER TEAM + + + Rebound,Screwball + +ķ + PROUD FAiRLiGHT BULLETIN BOARDS: +Ķ + BOARD NAME POSITION NODES NUMBER SYSOP +Ķ + 7th Heaven European HQ 2 +46-Private Black Shadow + +46-Private (With TERBO!) + 2nd Phobia Member Board 1 +46-Private Judge + Realms of Death Member Board 1 +xx-Private Unlisted + +Ķ + ** SPACE FOR RENT ** Distrib. Site ** YOUR NUMBER HERE ** +Ľ +ķ + + FAIRLIGHT TRADING, INC IS YOUR BEST SOURCE FOR CONSOLE BACK-UP UNITS + AND IS THE LARGEST DISTRIBUTOR FOR FRONT FAR EAST CORP. WE STOCK + THE FOLLOWING UNITS ; SUPER WILD CARD & SUPER MAGIC DRIVE! + + WE ARE LOOKING FOR RE-SELLERS WORLDWIDE! CALL US *NOW* : + + U.S.A. ; 1-800-FAIRLIGHT + INTERNATIONAL ; 1-619-282-5311 + 24HRS FAX ; 1-619-282-1780 + +Ľ +ķ + + Call the FairLight Party-Girls 24 hrs! Live 1-on-1 action!! + + 1-900-288-9155 + 9735 + + $3.99 per min. Must be 18 yrs. Procall Co. (602) 631-0615 + +Ľ +ķ + + Write to FairLight : + + FairLight, P.O. Box 5, 1410 Waterloo, Belgium + +Ľ +ķ + FAiRLiGHT is looking for LOYAL MEMBERS who are dedicated to QUALITY! + Call : 7th Heaven - EHQ + Write to : FAiRLiGHT PC, P.O. Box 6 , 236 00 Hollviken, Sweden + Don't write if you want to have games and stuff, only membership + applications and such will be looked at, all other mail will be + trashed... And we don't SELL games so don't even think about it! +Ľ + + *** IF YOU LIKE THIS SOFTWARE, BUY IT! SOFTWARE AUTHORS DESERVE SUPPORT *** + \ No newline at end of file diff --git a/textfiles.com/piracy/FAIRLIGHT/vegas.nfo b/textfiles.com/piracy/FAIRLIGHT/vegas.nfo new file mode 100644 index 00000000..17ab1180 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/vegas.nfo @@ -0,0 +1,225 @@ + + + + + + + + + + + + + + + + + + 1 9 1 1 + + + Ŀ + + Razor 1911 Proudly Presents: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + Las Vegas Super Casino for Windows + (c) Cosmi Corporation + + + + Ŀ + + Supplied By : EOS Release Date : 26 August 1995 + Game Type : gambling Game Rating : 6.5/10 + + Ĵ + + Cracked By : -- Protection Type : none found + Crack Patch : -- Install Method : subst or floppy + + Ĵ + + Game Notes & Crack Information + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + Here's a title for the recreational as well as the the hard core + gamblers out there. This collection of five casino games includes + amusing features such as celebrity sightings, piano music and + a variety of drinks to make you feel like you're actually in + one of the trashy downtown Vegas casinos. There are also enough + blackjack and poker variations for you to tip the odds in your + favor. Can't count your way through a six-deck shoot? Don't worry. + Only Rain Man can. Play with one deck. Change the odds. The casino + is in your hands. + + + + EOS/R ) + + + There are still plenty of time left for you to order your very own + Razor shirt, so fill out the RZRSHIRT.TXT carefully, and send your + order forms in ASAP. It's not to be missed! + + + + Ŀ + + Razor 1911 Greetings + ~~~~~~~~~~~~~~~~~~~~~~ + Personal Greetz to: + + The GEcko. Troll. The Speed Racer. Hot Tuna. Beowulf. Sector9. Pharaoh + Sternone. Third Son. Ustasa. The Undertaker. Cobra. Fatal Error. Toast + Captain Blood. Roland. and Blitzkrieg-X. + + + + Ŀ + + The Gods at Razor 1911 Are: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + Abrasax. Beowulf. Blitzkrieg-X. Cameron Hodge. Cobra. Dr.Magic + Druidkin. EOS. Evil Current. Faldo. The GEcko. High Density. Hojoe + Hot Tuna. Hula. Illegal Error. Kilroy. Masters. Misha. Pharaoh + Pitbull. Roland. Sector 9. Sharp. Snake. The Speed Racer. Sternone + Third Son. Troll. Troops. The Undertaker. Vivid. Wayward + + + + Ŀ + + Razor 1911: Director(s) of Internet Operations + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + Illegal Error + + + Razor 1911: Director of Courier Operations + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + Ustasa + + Razor 1911 : The Elites of the Trading Scene + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + Captain Blood. Elvin Nox. Fatal Error. Hero. Janno. Jester King. + Lunatic Genius. The Master. Pioneer. The Punisher. Ralph + Raw Liquid. Toast. Tomas. Ustasa. Vivid. Ware Maker. + + + + Ŀ + + World-Famous Razor 1911 Boards + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + The Gods Realm World HQ 1O Node(s) Razor Staff + + Akira Canadian HQ 1O Node(s) Pharaoh + Southern Comfort USA HQ O5 Node(s) Cobra + + The Tribe European HQ O8 Node(s) Sternone + The Graveyard UK HQ O4 Node(s) The Undertaker + + Menzoberrazan Member Board O3 Node(s) Pitbull + Reggae Muffin Member Board O3 Node(s) IE/Sector9 + RockCreek Member Board O4 Node(s) Third Son + Snake's Place Member Board O6 Node(s) Snake + Street Spydrs Member Board O4 Node(s) Maverick/GEcko + The Wall Member Board O7 Node(s) Roland/TGW + + Citadel of Chaos Affiliate O4 Node(s) The Punisher + The Crypt Affiliate O3 Node(s) Spectre/Blade + The Haunted House Affiliate 15 Node(s) The Master + Little Vegas Affiliate O3 Node(s) Casino Man + Sin Affiliate O2 Node(s) Mindshrinker + Toxic Dump Affiliate O2 Node(s) Toast/Darkwing + Lunatic Asylum Affiliate O3 Node(s) Lunatic Genius + + + + Ŀ + + So, You're Interested in Becoming a Razor 1911 Courier. + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + Razor 1911 is always on the lookout for talented new couriers. If you + think you are good enough to join the ranks of the elite, fill out one + of our courier applications (file courier.app in this release) and get + it up to us on one of our boards. + + So, You're Interested in Becoming a Razor 1911 Affiliate. + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + If you run a 3+ node board and are ready to contribute to the success + of the oldest cracking group on the IBM, get in touch with us. All of + our sysops are actively participating in the success of the group, so + if you plan to just sit there and run a board, forget it. Logon to our + application account and leave us your name and a voice number where you + can be reached. If you do not leave us your voice information, you will + not be contacted at all! + + + + Ŀ + + You May Reach us Via Modem At: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + (405)843-8501 + Logon : RAZOR + Pword : RAZOR + + Or Via E-mail At: + ~~~~~~~~~~~~~~~~~~~ + an285616@anon.penet.fi + + (Or simply ask to join #RAZOR on IRC) + + + + Ŀ + + For the very best price in .DAT tapes call: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + (416) 461-8111 Logon: CUSTOMER Pword: DAT + + + + Remember, SUPPORT THE COMPANIES THAT PRODUCE QUALITY SOFTWARE, if you + enjoyed this product, BUY IT! SOFTWARE AUTHORS DESERVE SUPPORT!! + diff --git a/textfiles.com/piracy/FAIRLIGHT/vegas2.nfo b/textfiles.com/piracy/FAIRLIGHT/vegas2.nfo new file mode 100644 index 00000000..bd260ee6 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/vegas2.nfo @@ -0,0 +1,108 @@ + + + + + + + + + + + + + + + + + ANSiJED + + + + + +ķ + PRESENTS: Vegas Games for Windows +Ķ + Supplied By: Mournblade/Flashback Written By: New World Computing + Cracked By: N/A Graphics: VGA/EGA/MCGA + Packaged By: VenoM Sound: PC Speaker + Release Date: 07/15/92 Rating: 6/10 +Ķ + + Game Notes: Installation for this game is simple. Just unzip VEGASFLT.ZIP + on to a floppy and go in to Windows Program Manager File menu. + Choose run and type a:setup, and your all set. This games is + easy to play and has decent graphics. + + + + + + + + +Ķ + Greets: Heretic, GrimStalk, Gank Master, RAZOR and TDT! +Ľ + + + + Ŀ + Ĵ -=FLT=- Senior Staff + + + Heretic, Mournblade, Strider + + Ŀ + Ĵ -=FLT=- Members + + + Grimstalk (Courier Co-Ordinator), Lord Blix, VenoM, + R. Bubba Magillicutty, FlashBack, Ryec, Kintaro, Doc Holiday, + Hagbard Celine, Skeleton Secretary & Wolverine + + Ŀ + Ĵ -=FLT=- Couriers + + + Catalyst, Coyotes Member, Felonius Monk, Gank Master, + Lord Nelson, Mind Bomb, Pharoah & The Sleepwalker + + Ŀ + Ĵ -=FLT=- Docs & Cheats + + + EarthQuake, Tank + + +ķ + -=FLT=- Boards +Ķ + BOARD NAME POSITION NUMBER SYSOP +Ķ + Whirlwind World HQ 416/PRI.VATE Heretic + The BANE Of The BLACK SWORD Courier H.Q. XXX/PRI.VATE Mournblade + Apocalypse (3 Nodes) U.S. HQ 703/PRI.VATE P.O.W. +Ķ + Body Count Member Board 516/PRI.VATE VenoM + Marvel Universe Member Board 215/PRI.VATE Wolverine + Neo-Tokyo Member Board 604/PRI.VATE Skeleton Sec. + The Outer Limits Member Board 313/PRI.VATE FlashBack +Ķ + D'M0B Dist Site 604/XXX.XXXX Chaos Master + Pirate Mind Station Dist Site 314/567.3833 Felonius Monk + Purple Haze Dist Site 313/XXX.XXXX Speedball + Psychonuerosis Dist Site 301/946.3835 Gank Master + The Prison Dist Site 615/758.8731 The Warden + The Richter Scale Dist Site 516/XXX.XXXX EarthQuake + The World of Krynn Dist Site 313/XXX.XXXX Caramon + Wintermute Dist Site 514/XXX.XXXX Case +Ľ + +ķ + + We are currently looking for a few good Couriers. Send all applications + to Grimstalk at Whirlwind, or look for our 1-800 VMB coming soon. + +Ľ + diff --git a/textfiles.com/piracy/FAIRLIGHT/vrs-dox.nfo b/textfiles.com/piracy/FAIRLIGHT/vrs-dox.nfo new file mode 100644 index 00000000..9065fd2e --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/vrs-dox.nfo @@ -0,0 +1,156 @@ + Ŀ + USA/FLT United Software Association USA/FLT + Fairlight PC Division + USA-DoX Department + + Proudly Presents + + Complete Virtual Reality Studio Dox + + From + + USA/FLT Domark USA/FLT + +Ŀ + + Doc Notes: The Virtual Reality Studio is a pretty complex programming tool + and is practically useless without this manual. I'm sure these + dox will save many of you from having to go out and buy the + software. Hope you find them useful. + + +Ŀ + + What's Up With USA/FLT? + ~~~~~~~~~~~~~~~~~~~~~~~ + Christmas is nearly upon us. If you find yourself on Christmas + vacation with nothing to do and would like to help out USA/FLT, + please fill out a USACOUR.APP and send it up to BBS-A-Holic. + You can be a USA/FLT Christmas Courier during December, or stay + on with us as a regular courier after Christmas, if you like. + + Call The VMB - 716/987.1151 + + +Ŀ + + Greets: A very emphatic "Thanks!" goes to Caramon for doing these dox. + Great job, dude! + + + + - USA/FLT Senior Staff - + + Genesis, Silencer, The NotSoHumble Babe + + + - USA/FLT Members - + + Black Jack, Buckaroo Banzai, Fire, Harry Lime, Lord Blix, Lord Sterling, + Marko Ramius, Minor Threat, R. Bubba Magillicutty, Repo Man, Static, + The Guch and The Necromancer + + + - FairLight PC Members - + + Strider + + + - The USA-DoX Team - + + FAThead, Genesis, Kublai Khan, Repo Man + + + - USA/FLT Couriers - + + Alexis Machine, Dr. Crippen, Heavy Metal, Morpheus, Scorch, and Tomkat + +Ŀ + - USA/FLT Boards - +Ĵ + BOARD NAME POSITION NUMBER SYSOP +Ĵ + BBS-A-Holic Western Home 213-PRI-VATE Genesis + Enterprize Elite Eastern Home 313-PRI-VATE Static / The NSH Babe +Ĵ + The Inferno Member Board 416-493-9927 Harry Lime + The Rush Board Member Board 313-348-6057 The Necromancer + House Of Lords Member Board 714-681-9219 Lord Sterling + Radioactive Decay Member Board 213-923-4447 Repo Man + Infinity Member Board 914-229-8483 Fire + High Intensity Member Board 512-385-4912 Marko Ramius +Ĵ + World of Mirage Dist Site 718-898-8421 The Widowmaker + The Richter Scale Dist Site 516-754-6402 Earthquake + Elysium BBS Dist Site 508-468-7636 Squire + Khaotic Attractor Dist Site 508-970-5306 Mr Wyzard + The Powerdome Dist Site 901-872-3715 Electron + Arachnophobia Dist Site +31-40817579 GML/TU + Modular Madness Dist Site 512-219-8045 Fatal Error + + +Ŀ + - USA/FLT Support Nodes - +Ĵ + + The World Of Krynn - Down River Elite - Amiga World + + + + So you wanna be a USA Dist Site or Member huh? + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + If you are interested in becoming a USA/FLT Dist Site or Member, please + contact Genesis at BBS-A-Holic or TNSH Babe at Enterprise Elite. Tell + us what you have to offer to USA/FLT and you will be considered. All + of our members and dist sites are completely functional. This means + they all help the group in some way. If you can't or don't want to do + anything to help out, and just want to sit there and run a dist site, + then forget it. But if think you have something to offer and you want + to help the newest up and coming group reach the top, give us a call. + USA/FLT Support Nodes are also available, inquire any Senior Staff + Member for details, or call the VMB and leave your info. + + + So you wanna be a USA Courier huh? + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Fill out a USA/FLT courier application and send it up to + BBS-A-Holic, private for Genesis. + +Ŀ + + You may contact us by mail at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + USA/Fairlight + 35526 Grand River, Suite 121 + Farmington Hills, MI 48335 + + OR + + Fairlight + P.O. Box 6 + 23600 Hollviken + Sweden + +Ĵ + + You may contact us by phone at: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + The USA/Fairlight VMB + + 716-987-1151 + +Ĵ + + *** S P E C I A L O F F E R *** + + VHS Movies Available - Write To Address Below For Info: + + Skid Row + Postrestante + 8450 Hammel + Denmark + + + diff --git a/textfiles.com/piracy/FAIRLIGHT/willhnts.nfo b/textfiles.com/piracy/FAIRLIGHT/willhnts.nfo new file mode 100644 index 00000000..50d2ffde --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/willhnts.nfo @@ -0,0 +1,184 @@ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + USA/FLT United Software Association USA/FLT + Fairlight PC Division + USA-DoX Department + + Proudly Presents + + Willy Beamish Hints/Solve + + from + + Dynamix + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + - USA Members - + + The NotSoHumble Babe, Silencer, Genesis, Lord Blix, Suicidal, Harry Lime + Static, The Necromancer, R. Bubba Magillicutty, Mad Gib, The Guch + Lord Sterling, Snuggles + + + - FairLight PC Members - + + Strider & Drone No.5 + + + - USA/FLT Couriers - + + Morpheus, The Bartender, Crime Slave, Snuggles, Dr. Crippen, Heavy Metal + Live Wire + + + Thanks to The Guardian for his undying support. We appreciate you... really + we do... + + + + - USA/FLT Boards - + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + BOARD NAME POSITION NUMBER SYSOP +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + BBS-A-Holic Western Home 213-PRI-VATE Genesis + Enterprize Elite Eastern Home 313-442-7543 Static / The NSH Babe + The Mudd Club Member Board 713-347-1416 Lord Blix + The Inferno Member Board 416-841-1933 Harry Lime + The Rush Board Member Board 313-348-6057 The Necromancer + House Of Lords Member Board 714-681-9219 Lord Sterling + Hidden Empire Dist Site 301-926-6131 The Emperor + tHe CrAcK iN tImE Dist Site 2o1-573-o449 The Punisher + Support HQ Dist Site 415-692-6037 X-Terminator + The Red Sector Dist Site 713-952-7682 The Guardian + Radioactive Decay Dist Site 213-923-4447 Repo Man + World of Mirage Dist Site 718-898-8421 The Widowmaker +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +Game Notes: Here are the Hints/Solve from the Sierra BBS done up in a nice, + stylin little menu-driven format for ya. This game is one of the + best and funnest Dynamix games I've ever played. Hope you enjoy + the game and the hints/solve. USA/FLT has been working hard this + week putting out wares faster than you can download them. We + haven't let up yet, and there's still more to come from us this + week, so keep calling your favorite USA/FLT Dist Sites daily to + make sure you get all the latest and greatest! Looks like the + Christmas Warez Season is finally upon us! + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +Greets: Greets to all LEGITIMATE and ALIVE groups - INC, Razor, PE and + TDT/TRSI... you're all doing a great job. Lots of good competition + out there lately... + + Greets to our newest couriers - Dr. Crippen and Heavy Metal - Welcome + aboard guys! + +Fuck You's: A big FUCK YOU goes out to the deadest group on the scene these + days, even deader than NEUA, The Humble Geeks, and specifically + Pieman and Slavelord. THG died after losing the people who + currently form USA, and ever since USA started kicking their ass + with the latest releases, THG has held this petty little bullshit + grudge against us. The Pitts and Slave's Den have become two + total anti-USA boards - from the one-liners to the voting questions + they do nothing but slander USA, and spew their mindless and petty + bullshit about how we suck and they rule. Why do they do this? + What have we done to piss them off so much? One thing - we're + whipping their lame little asses in the warez game and killing + their group. The only thing THG is capable of releasing these + days is wares they can steal from other groups! Yes USA put + Willy Beamish up on the Pitts, and what do you know, our version + is left unvalidated for 6 hours, then deleted, then mysteriously, + THG's version of Willy Beamish appears - and it has been + validated immediately! You don't believe THG would do such a + thing? Well ask INC about that, they've done it to INC several + times... ask THG couriers about it too, they saw what happened + with the Beamish release, shit ask anyone who calls the Pitts + about it, it was so obvious to everyone! THG is so fucking dead + right now, they have to steal their wares from other groups or + they can't release anything at all! + + If you're a courier or member of another group, we strongly urge + you - DO NOT send your wares up to Pitts or Slave Den! These + no talent, deperate little dirtbags will STEAL YOUR WARE and put + some lame little half-assed THG NFO file in it and release it as + their OWN! You've been warned! + + It's time for the pirate world to revolt against THG. They have + pulled this shit one too many times. The pirate world is sick + and tired of their inflated ego's and petty bullshit. It's + time to boycott THG and all of their boards. Shit they can't + release anything but 6 hour old stolen wares anyway, so what does + it matter. + + We're a little pissed about this as you can see, but we really + shouldn't be, considering that what THG did with Beamish was + so blatant and obvious to everyone, and considering that their + group is deader than shit right now... THG is on their way out, + folks, and the funny thing is the dumb fuckers brought this all + down upon themselves. THG is THE MOST HATED group in the world + right now, not just by us, but by anyone with half a brain and + an ounce of integrity. Let's put these unscrupulous, petty little + rodents away for good - JOIN THE BOYCOTT OF THG AND THG BOARDS! + DON'T CALL THEM, DON'T UPLOAD TO THEM, DON'T ACKNOWLEDGE THEIR + PITIFUL EXISTANCE! We can put an end to these scumbags once and + for all if we all pull together on this one... Let's make it + happen. The next ware THG steals might be from your group! Let's + bury these assholes before they do it again to you or to us, or + to anyone. They have no right to do this to people... let's not + let them get away with this, for to do so will be condoning it + and making it easier for them to do it again! + + USA has tried our best to be cool about the THG split up from + the very start. We never wanted a war over this, we never wanted + to strike out against THG, but this is the absolute last straw. + We're going to try not to drag this out any farther, but we're + not gonna sit here and let THG talk shit about us and steal our + wares without defending ourselves any longer. If THG shuts up + about USA and leaves our wares alone we won't have any more to + say on this subject. + + - USA Senior Staff + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + So you wanna be a Dist Site or Member huh? + + If you are interested in becoming a USA/FLT Dist Site or Member, please + contact Genesis at BBS-A-Holic or TNSH Babe at Enterprise Elite. Tell + us what you have to offer to USA/FLT and you will be considered. All + of our members and dist sites are completely functional. If you can't + or don't want to do anything to help out, and just want to sit there + and run a dist site, then forget it. But if think you have something to + offer and you want to help the newest up and coming group reach the top, + give us a call. + + + So you wanna be a Courier huh? + + Fill out a USA/FLT courier application and send it up to one of the Home + boards reserved for our courier leader, Suicidal. + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + You may contact us by mail at: + + USA Fairlight + 35526 Grand River, Suite 104 P.O. Box 6 + Farmington Hills, MI 48335 23600 Hollviken Sweden + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + You may contact us by phone at: + + The USA/Fairlight VMB + + 716-987-1151 + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + "All's Fair In Love And Warez" + (Except Stealing Other Groups Releases) + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + diff --git a/textfiles.com/piracy/FAIRLIGHT/word-dox.nfo b/textfiles.com/piracy/FAIRLIGHT/word-dox.nfo new file mode 100644 index 00000000..ec58f77b --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/word-dox.nfo @@ -0,0 +1,76 @@ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + USA/FLT United Software Association USA/FLT + Fairlight PC Division + + Proudly Presents + + Complete Wordtris Dox + + from + + Spectrum Holobyte + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + - USA Members - + + The NotSoHumble Babe, Silencer, Genesis, Suicidal, Strider, R. Bubba + Magillicutty, The Necromancer, Static, Harry Lime, Drone #5, Captain Kirk + + + - USA Couriers - + + Morpheus, The Bartender, Crime Slave, Snuggles + + + - USA Boards - + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + BOARD NAME POSITION NUMBER SYSOP +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + BBS-A-Holic Western Home 213-PRI-VATE Genesis + Enterprize Elite Eastern Home 313-442-7543 Static / The NSH Babe + The Inferno Member Board 416-841-1933 Harry Lime + The Rush Board Member Board 313-348-6057 The Necromancer + Hidden Empire Dist Site 301-926-6131 The Emperor + tHe CrAcK iN tImE Dist Site 2o1-573-o449 The Punisher + Support HQ Dist Site 415-692-6037 X-Terminator + The Red Sector Dist Site 713-952-7682 The Guardian + Radioactive Decay Dist Site 213-923-4447 Repo Man +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + Doc Notes: Here are the COMPLETE dox for Wordtris. This game is highly + addictive, and the head to head modem option is a blast. Enjoy! + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + So you wanna be a Dist Site or Member huh? + + If you are interested in becoming a USA/FLT Dist Site or Member, please + contact Genesis at BBS-A-Holic or TNSH Babe at Enterprise Elite. Tell + us what you have to offer to USA/FLT and you will be considered. All + of our members and dist sites are completely functional. If you can't + or don't want to do anything to help out, and just want to sit there + and run a dist site, then forget it. But if think you have something to + offer and you want to help the newest up and coming group reach the top, + give us a call. + + + So you wanna be a Courier huh? + + Fill out a USA/FLT courier application and send it up to one of the Home + boards reserved for our courier leader, Suicidal. + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + You may contact us by mail at: + + USA/Fairlight + 35526 Grand River, Suite 104 + Farmington Hills, MI 48335 + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + "All's Fair In Love And Warez" + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- diff --git a/textfiles.com/piracy/FAIRLIGHT/wordtris.nfo b/textfiles.com/piracy/FAIRLIGHT/wordtris.nfo new file mode 100644 index 00000000..7554e686 --- /dev/null +++ b/textfiles.com/piracy/FAIRLIGHT/wordtris.nfo @@ -0,0 +1,110 @@ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + USA/FLT United Software Association USA/FLT + Fairlight PC Division + + Proudly Presents + + Wordtris + + by + + Spectrum Holobyte + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + - USA Members - + + The NotSoHumble Babe, Silencer, Genesis, Suicidal, Strider, R. Bubba + Magillicutty, The Necromancer, Static, Harry Lime, Drone #5, Captain Kirk + + + - USA Couriers - + + Morpheus, The Bartender, Crime Slave, Snuggles + + + - USA Boards - + +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + BOARD NAME POSITION NUMBER SYSOP +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + BBS-A-Holic Western Home 213-PRI-VATE Genesis + Enterprize Elite Eastern Home 313-442-7543 Static / The NSH Babe + The Inferno Member Board 416-841-1933 Harry Lime + The Rush Board Member Board 313-348-6057 The Necromancer + Hidden Empire Dist Site 301-926-6131 The Emperor + tHe CrAcK iN tImE Dist Site 2o1-573-o449 The Punisher + Support HQ Dist Site 415-692-6037 X-Terminator + The Red Sector Dist Site 713-952-7682 The Guardian + Radioactive Decay Dist Site 213-923-4447 Repo Man +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +Game Notes: OK here's the latest "tris" game from Spectrum Holobyte. You + may have caught the demo of this that was floating around last + month. It's a fairly decent game and has 256-VGA, Soundblaster + and Roland support. Have fun! + + A few words on Larry 5 - This game is a BITCH to crack. We are + working on a crack for it, and it's my understanding that about + every other crack group out there is also working on it, so there + should be a fix out soon, so hang in there. SCD-Dox put the + scanned doc check codes out so pick those up if you're desperate + to play the game before the crack is released. + + Welcome to our newest Dist Site- Radioactive Decay, SysOp: Repo Man + + +Greets: INC - Heard you ordered Larry 5 and your supplier was able to download + the USA version before the UPS man even got to his house... haha + + RAZOR - Here's another one you "could" have released. Tsk tsk. + + THG - Thanks for the "Don't get too big for your pants" advice. Maybe + you should practice what you preach. + + TRSI/TDT - Reader Rabbit ][ - Wow! The new NEUA! + + Nimbus - Blow me - _/\!/\_ + + Bookie - > +T E X T F I L E S + +

.NFO and Information Files from The Humble Guys

+

+

+ + + + + +
+
Filename
Size
Description of the Textfile
aces.nfo 3757
 THE HUMBLE GUYS: Aces of the Pacific by Dynamix +
alley.nfo 4311
 THE HUMBLE GUYS: Armor Alley by Three-Sixty Software +
arachna.nfo 4779
 THE HUMBLE GUYS: Arachnaphobia by Disney Software +
arborea.nfo 3749
 THE HUMBLE GUYS: Crystals of Arborea by Silmarils +
atf.nfo 7209
 THE HUMBLE GUYS: ATF-II Simulator +
atf2.nfo 2600
 THE HUMBLE GUYS: ATF-II Simulator +
bards3.nfo 3846
 THE HUMBLE GUYS: Bard's Tale 3: Thief of Fate from Electronic Arts +
batman.nfo 7749
 THE HUMBLE GUYS: Batman Returns by Park Place Development +
batman2.nfo 3977
 THE HUMBLE GUYS: Batman Returns by Park Place Development +
bchess2.nfo 2549
 THE HUMBLE GUYS: Battle Chess 2: Chinese Chess +
beasty.nfo 3549
 THE HUMBLE GUYS: Altered Beasty Boy by Sega +
benc.nfo 4612
 THE HUMBLE GUYS: Bill Elliott's NASCAR Challenge from Konami +
billy.nfo 4638
 THE HUMBLE GUYS: The Legend of Billy the Kid from Ocean +
blades.nfo 3958
 THE HUMBLE GUYS: Legend of Arkania: Blades of Destiny from US Gold +
bladewar.nfo 3609
 THE HUMBLE GUYS: Blade Warrior from Imageworks +
blitz.nfo 2776
 THE HUMBLE GUYS: Blitzkreig in the Ardeness +
blow.nfo 5514
 THE HUMBLE GUYS: Low BLow II by Electronic Arts +
bodyblow.nfo 7890
 THE HUMBLE GUYS: Body Blows from Team 17 Software +
btechii.nfo 2725
 THE HUMBLE GUYS: Battletech II: Crescent's Revenge +
bubble.nfo 598
 THE HUMBLE GUYS: Bubble Bobble by Fabulous Furlough +
califor2.nfo 3649
 THE HUMBLE GUYS: California Games 2 from Epyx Software +
ceasar.nfo 2310
 THE HUMBLE GUYS: Ceasar's Palace +
checkit.nfo 7133
 THE HUMBLE GUYS: Checkit Pro +
combat.nfo 5032
 THE HUMBLE GUYS: Operation Com-Bat from merit +
commanch.nfo 8309
 THE HUMBLE GUYS: Maximum Overkill Data Disk 1 +
continum.nfo 3811
 THE HUMBLE GUYS: Continuum from Data East/Infogrammes +
covert.nfo 3711
 THE HUMBLE GUYS: COvert Action by Microprose +
crime.nfo 4591
 THE HUMBLE GUYS: Crime Does Not Pay from Titus +
darkspyr.nfo 3805
 THE HUMBLE GUYS: Dark Spyre from Electronic Zoo +
dasboot.nfo 3996
 THE HUMBLE GUYS: Das Boot from Three Sixty Software +
double.nfo 3665
 THE HUMBLE GUYS: Double Tetris from Taiwan +
draglr2.nfo 3959
 THE HUMBLE GUYS: Dragon's Lair II: Time Warp from ReadySoft +
earthrse.nfo 1523
 THE HUMBLE GUYS: Earthrise by Interstel +
elite.nfo 4886
 THE HUMBLE GUYS: Elite from Realtime +
fight.nfo 4102
 THE HUMBLE GUYS: 4D Sports Boxing from Microprose +
firefor2.nfo 2765
 THE HUMBLE GUYS: Fire and Forget II +
fruit.nfo 5093
 THE HUMBLE GUYS: Arcade Fruit Machine from Zeppelin Games +
future.nfo 2463
 THE HUMBLE GUYS: Back to the Future Part 2 +
geisha.nfo 4015
 THE HUMBLE GUYS: Geisha +
generic.nfo 4425
 THE HUMBLE GUYS: Generic Information File +
glory.nfo 3738
 THE HUMBLE GUYS: Galleons of Glory from broderbund +
goldaxe.nfo 3768
 THE HUMBLE GUYS: Golden Axe by Sega +
gp500ii.nfo 4722
 THE HUMBLE GUYS: Gran Priz 500 II from Microids +
grem2new.nfo 5122
 THE HUMBLE GUYS: Gremlins II: The New Batch from Hi Tech Expressions +
gs2000.nfo 4853
 THE HUMBLE GUYS: Gunship 2000 from Microprose +
hack.nfo 7373
 THE HUMBLE GUYS: Dungeon Hack from Strategic Simulations, Inc. +
hexsider.nfo 4505
 THE HUMBLE GUYS: Hexsider from UBIsoft +
historik.nfo 4846
 THE HUMBLE GUYS: prehistorik from Titus +
hound.nfo 5299
 THE HUMBLE GUYS: The Hound of Shadow from Electronic Arts +
hpatrol.nfo 2647
 THE HUMBLE GUYS: Highway patrol 2 +
ikari.nfo 2594
 THE HUMBLE GUYS: Ikari Warriors 3 +
intro10.nfo 5102
 THE HUMBLE GUYS: THG Intro Maker 1.0 from THG +
intruder.nfo 2521
 THE HUMBLE GUYS: Flight of the Intruder +
ironman.nfo 3675
 THE HUMBLE GUYS: Ivan Ironman Stewart's Super Off-Road Racer from Virgin Games +
jf2rel.nfo 4903
 THE HUMBLE GUYS: Jet Fighter II (The Release) Velocity +
jimpower.nfo 8003
 THE HUMBLE GUYS: Jimpower: The Lost Dimension in 3D from Loricels +
joemont.nfo 3771
 THE HUMBLE GUYS: Joe Montana Football from Sega +
kgb.nfo 5599
 THE HUMBLE GUYS: KGB from Virgin +
kickoff2.nfo 3577
 THE HUMBLE GUYS: Kick Off 2 +
kingq1.nfo 2733
 THE HUMBLE GUYS: King's Quest I (SCI Version) from Sierra +
kpcom.nfo 5165
 THE HUMBLE GUYS: Kidpix Companion Disk from Broderbund +
lemmings.nfo 4867
 THE HUMBLE GUYS: Lemmings, by Psygnosis +
lightcor.nfo 3797
 THE HUMBLE GUYS: Light Corridor from infogames +
manager.nfo 3944
 THE HUMBLE GUYS: The manager from US Gold 2000 +
mbj.nfo 4481
 THE HUMBLE GUYS: Might Bombjack from Elite +
megadox.nfo 3514
 THE HUMBLE GUYS: Mega Lo Mania Full Documentation from UBISoft +
metal.nfo 4714
 THE HUMBLE GUYS: Metal Mutants from Similris +
mlomania.nfo 3508
 THE HUMBLE GUYS: Mega-Lo-Mania from UBISoft +
monty.nfo 2596
 THE HUMBLE GUYS: Monty Python's Flying Circus from Virgin Games +
moonbase.nfo 3770
 THE HUMBLE GUYS: Moon Base Simulator +
murder.nfo 3600
 THE HUMBLE GUYS: Murder from US Gold +
night.nfo 3602
 THE HUMBLE GUYS: Night Hunter by UBISoft +
nightbrd.nfo 4235
 THE HUMBLE GUYS: Night Breed The Arcade Game from Ocean Software +
ninja.nfo 4589
 THE HUMBLE GUYS: Ninja Rabbit +
ninja2.nfo 2325
 THE HUMBLE GUYS: The Last Ninja 2 +
nukewar.nfo 1961
 THE HUMBLE GUYS: Nuclear War by New World Computing +
objction.nfo 4215
 THE HUMBLE GUYS: Objection by Transmedia +
overlord.nfo 4086
 THE HUMBLE GUYS: Overlord from Virgin/Mastertronic +
patrol.nfo 4141
 THE HUMBLE GUYS: Stormlord from Hewson +
penthse.nfo 3579
 THE HUMBLE GUYS: Penthouse Jigsaw by Polarware +
pickpile.nfo 4540
 THE HUMBLE GUYS: Pick and Pile from Ubisoft +
piction.nfo 1828
 THE HUMBLE GUYS: Pictionary +
popup.nfo 3846
 THE HUMBLE GUYS: Pop-Up from InfoGrammes +
predator.nfo 4856
 THE HUMBLE GUYS: Predator 2 from Imageworks +
prince.nfo 2961
 THE HUMBLE GUYS: Prince of Persia from Broderbund +
princetr.nfo 1148
 THE HUMBLE GUYS: Prince of Persia Trainer +
racrally.nfo 7282
 THE HUMBLE GUYS: Network Q RAC Rally from Europress +
read.thg 953
 THE HUMBLE GUYS: The Humble Guys Ask for Help +
robocod.nfo 9313
 THE HUMBLE GUYS: Robocod from Millenium +
robot.nfo 4243
 THE HUMBLE GUYS: Escape from the Planet of the Robot Monsters from Tengen +
sfii.nfo 8751
 THE HUMBLE GUYS: Stick Fighter 2.0 from Millenium +
simant.nfo 3054
 THE HUMBLE GUYS: Sim Ant from Maxis +
sito.nfo 4833
 THE HUMBLE GUYS: Sito Somebody's 500 CC Gran prix +
snoopy.nfo 2433
 THE HUMBLE GUYS: Snoopy +
sowdox.nfo 3739
 THE HUMBLE GUYS: Spoils of War: The Complete Documentation by Empire +
space18.nfo 4295
 THE HUMBLE GUYS: Space 1889 from Paragon Software +
spidey.nfo 4314
 THE HUMBLE GUYS: The Amazing Spider Man from Paragon +
spoils.nfo 4392
 THE HUMBLE GUYS: Spoils of War by Internecine +
storm.nfo 4445
 THE HUMBLE GUYS: Stormlord from Hewson +
stunrun.nfo 3636
 THE HUMBLE GUYS: Stun Runner from Domark +
subbuteo.nfo 4212
 THE HUMBLE GUYS: Subbuteo from Goliath Games +
superc.nfo 3818
 THE HUMBLE GUYS: Super C +
t2trn.nfo 7602
 THE HUMBLE GUYS: Terminator II Arcade Trainer from Virgin +
td3data.nfo 3849
 THE HUMBLE GUYS: Test Drive 3 Cars and Roads I from Accolade +
test.txt 981
 THE HUMBLE GUYS: Duck Tales from Disney +
thg.nfo 8511
 THE HUMBLE GUYS: El Fish from Maxis/Midscape +
tomcat.nfo 4526
 THE HUMBLE GUYS: F-14 Tomcat from Activision +
tracy.nfo 3854
 THE HUMBLE GUYS: Dick Tracy from Titus +
troika.nfo 4100
 THE HUMBLE GUY: Troika Fix +
turntrnr.nfo 4043
 THE HUMBLE GUYS: Turn n Burn Trainer +
ty.nfo 3546
 THE HUMBLE GUYS: Team Yankee +
umsii.nfo 3857
 THE HUMBLE GUYS: universal Military Simulator II from Microprose +
vallahal.nfo 5446
 THE HUMBLE GUYS: Valhalla, from Optyk +
wcii.nfo 4168
 THE HUMBLE GUYS: Wing Commander Secret Missions Disk II from Origin +
weird.nfo 3381
 THE HUMBLE GUYS: Weird Dreams from Microprose +
world.nfo 3688
 THE HUMBLE GUYS: World Circuit Formula One Grand Prix by Microprose +
x-wing.nfo 6796
 THE HUMBLE GUYS: X-Wing from Lucasfilms +
zeliard.nfo 3440
 THE HUMBLE GUYS: Zeliard from Sierra +

There are 118 files for a total of 498,358 bytes.

+Important Credit: A portion of these files came from a site called the +Defacto2 Scene Archive, +and were acquired and saved by the folks of that group. They've done a +wonderful job on the site, and it is highly reccommended that you check +it out. + + diff --git a/textfiles.com/piracy/HUMBLE/.windex.html b/textfiles.com/piracy/HUMBLE/.windex.html new file mode 100644 index 00000000..eebc1ab6 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/.windex.html @@ -0,0 +1,138 @@ + +T E X T F I L E S + +

.NFO and Information Files from The Humble Guys

+

+

+ + + + + +
+
Filename
Size
Description of the Textfile
aces.nfo 3757
 THE HUMBLE GUYS: Aces of the Pacific by Dynamix +
alley.nfo 4311
 THE HUMBLE GUYS: Armor Alley by Three-Sixty Software +
arachna.nfo 4779
 THE HUMBLE GUYS: Arachnaphobia by Disney Software +
arborea.nfo 3749
 THE HUMBLE GUYS: Crystals of Arborea by Silmarils +
atf.nfo 7209
 THE HUMBLE GUYS: ATF-II Simulator +
atf2.nfo 2600
 THE HUMBLE GUYS: ATF-II Simulator +
bards3.nfo 3846
 THE HUMBLE GUYS: Bard's Tale 3: Thief of Fate from Electronic Arts +
batman.nfo 7749
 THE HUMBLE GUYS: Batman Returns by Park Place Development +
batman2.nfo 3977
 THE HUMBLE GUYS: Batman Returns by Park Place Development +
bchess2.nfo 2549
 THE HUMBLE GUYS: Battle Chess 2: Chinese Chess +
beasty.nfo 3549
 THE HUMBLE GUYS: Altered Beasty Boy by Sega +
benc.nfo 4612
 THE HUMBLE GUYS: Bill Elliott's NASCAR Challenge from Konami +
billy.nfo 4638
 THE HUMBLE GUYS: The Legend of Billy the Kid from Ocean +
blades.nfo 3958
 THE HUMBLE GUYS: Legend of Arkania: Blades of Destiny from US Gold +
bladewar.nfo 3609
 THE HUMBLE GUYS: Blade Warrior from Imageworks +
blitz.nfo 2776
 THE HUMBLE GUYS: Blitzkreig in the Ardeness +
blow.nfo 5514
 THE HUMBLE GUYS: Low BLow II by Electronic Arts +
bodyblow.nfo 7890
 THE HUMBLE GUYS: Body Blows from Team 17 Software +
btechii.nfo 2725
 THE HUMBLE GUYS: Battletech II: Crescent's Revenge +
bubble.nfo 598
 THE HUMBLE GUYS: Bubble Bobble by Fabulous Furlough +
califor2.nfo 3649
 THE HUMBLE GUYS: California Games 2 from Epyx Software +
ceasar.nfo 2310
 THE HUMBLE GUYS: Ceasar's Palace +
checkit.nfo 7133
 THE HUMBLE GUYS: Checkit Pro +
combat.nfo 5032
 THE HUMBLE GUYS: Operation Com-Bat from merit +
commanch.nfo 8309
 THE HUMBLE GUYS: Maximum Overkill Data Disk 1 +
continum.nfo 3811
 THE HUMBLE GUYS: Continuum from Data East/Infogrammes +
covert.nfo 3711
 THE HUMBLE GUYS: COvert Action by Microprose +
crime.nfo 4591
 THE HUMBLE GUYS: Crime Does Not Pay from Titus +
darkspyr.nfo 3805
 THE HUMBLE GUYS: Dark Spyre from Electronic Zoo +
dasboot.nfo 3996
 THE HUMBLE GUYS: Das Boot from Three Sixty Software +
double.nfo 3665
 THE HUMBLE GUYS: Double Tetris from Taiwan +
draglr2.nfo 3959
 THE HUMBLE GUYS: Dragon's Lair II: Time Warp from ReadySoft +
earthrse.nfo 1523
 THE HUMBLE GUYS: Earthrise by Interstel +
elite.nfo 4886
 THE HUMBLE GUYS: Elite from Realtime +
fight.nfo 4102
 THE HUMBLE GUYS: 4D Sports Boxing from Microprose +
firefor2.nfo 2765
 THE HUMBLE GUYS: Fire and Forget II +
fruit.nfo 5093
 THE HUMBLE GUYS: Arcade Fruit Machine from Zeppelin Games +
future.nfo 2463
 THE HUMBLE GUYS: Back to the Future Part 2 +
geisha.nfo 4015
 THE HUMBLE GUYS: Geisha +
generic.nfo 4425
 THE HUMBLE GUYS: Generic Information File +
glory.nfo 3738
 THE HUMBLE GUYS: Galleons of Glory from broderbund +
goldaxe.nfo 3768
 THE HUMBLE GUYS: Golden Axe by Sega +
gp500ii.nfo 4722
 THE HUMBLE GUYS: Gran Priz 500 II from Microids +
grem2new.nfo 5122
 THE HUMBLE GUYS: Gremlins II: The New Batch from Hi Tech Expressions +
gs2000.nfo 4853
 THE HUMBLE GUYS: Gunship 2000 from Microprose +
hack.nfo 7373
 THE HUMBLE GUYS: Dungeon Hack from Strategic Simulations, Inc. +
hexsider.nfo 4505
 THE HUMBLE GUYS: Hexsider from UBIsoft +
historik.nfo 4846
 THE HUMBLE GUYS: prehistorik from Titus +
hound.nfo 5299
 THE HUMBLE GUYS: The Hound of Shadow from Electronic Arts +
hpatrol.nfo 2647
 THE HUMBLE GUYS: Highway patrol 2 +
ikari.nfo 2594
 THE HUMBLE GUYS: Ikari Warriors 3 +
intro10.nfo 5102
 THE HUMBLE GUYS: THG Intro Maker 1.0 from THG +
intruder.nfo 2521
 THE HUMBLE GUYS: Flight of the Intruder +
ironman.nfo 3675
 THE HUMBLE GUYS: Ivan Ironman Stewart's Super Off-Road Racer from Virgin Games +
jf2rel.nfo 4903
 THE HUMBLE GUYS: Jet Fighter II (The Release) Velocity +
jimpower.nfo 8003
 THE HUMBLE GUYS: Jimpower: The Lost Dimension in 3D from Loricels +
joemont.nfo 3771
 THE HUMBLE GUYS: Joe Montana Football from Sega +
kgb.nfo 5599
 THE HUMBLE GUYS: KGB from Virgin +
kickoff2.nfo 3577
 THE HUMBLE GUYS: Kick Off 2 +
kingq1.nfo 2733
 THE HUMBLE GUYS: King's Quest I (SCI Version) from Sierra +
kpcom.nfo 5165
 THE HUMBLE GUYS: Kidpix Companion Disk from Broderbund +
lemmings.nfo 4867
 THE HUMBLE GUYS: Lemmings, by Psygnosis +
lightcor.nfo 3797
 THE HUMBLE GUYS: Light Corridor from infogames +
manager.nfo 3944
 THE HUMBLE GUYS: The manager from US Gold 2000 +
mbj.nfo 4481
 THE HUMBLE GUYS: Might Bombjack from Elite +
megadox.nfo 3514
 THE HUMBLE GUYS: Mega Lo Mania Full Documentation from UBISoft +
metal.nfo 4714
 THE HUMBLE GUYS: Metal Mutants from Similris +
mlomania.nfo 3508
 THE HUMBLE GUYS: Mega-Lo-Mania from UBISoft +
monty.nfo 2596
 THE HUMBLE GUYS: Monty Python's Flying Circus from Virgin Games +
moonbase.nfo 3770
 THE HUMBLE GUYS: Moon Base Simulator +
murder.nfo 3600
 THE HUMBLE GUYS: Murder from US Gold +
night.nfo 3602
 THE HUMBLE GUYS: Night Hunter by UBISoft +
nightbrd.nfo 4235
 THE HUMBLE GUYS: Night Breed The Arcade Game from Ocean Software +
ninja.nfo 4589
 THE HUMBLE GUYS: Ninja Rabbit +
ninja2.nfo 2325
 THE HUMBLE GUYS: The Last Ninja 2 +
nukewar.nfo 1961
 THE HUMBLE GUYS: Nuclear War by New World Computing +
objction.nfo 4215
 THE HUMBLE GUYS: Objection by Transmedia +
overlord.nfo 4086
 THE HUMBLE GUYS: Overlord from Virgin/Mastertronic +
patrol.nfo 4141
 THE HUMBLE GUYS: Stormlord from Hewson +
penthse.nfo 3579
 THE HUMBLE GUYS: Penthouse Jigsaw by Polarware +
pickpile.nfo 4540
 THE HUMBLE GUYS: Pick and Pile from Ubisoft +
piction.nfo 1828
 THE HUMBLE GUYS: Pictionary +
popup.nfo 3846
 THE HUMBLE GUYS: Pop-Up from InfoGrammes +
predator.nfo 4856
 THE HUMBLE GUYS: Predator 2 from Imageworks +
prince.nfo 2961
 THE HUMBLE GUYS: Prince of Persia from Broderbund +
princetr.nfo 1148
 THE HUMBLE GUYS: Prince of Persia Trainer +
racrally.nfo 7282
 THE HUMBLE GUYS: Network Q RAC Rally from Europress +
read.thg 953
 THE HUMBLE GUYS: The Humble Guys Ask for Help +
robocod.nfo 9313
 THE HUMBLE GUYS: Robocod from Millenium +
robot.nfo 4243
 THE HUMBLE GUYS: Escape from the Planet of the Robot Monsters from Tengen +
sfii.nfo 8751
 THE HUMBLE GUYS: Stick Fighter 2.0 from Millenium +
simant.nfo 3054
 THE HUMBLE GUYS: Sim Ant from Maxis +
sito.nfo 4833
 THE HUMBLE GUYS: Sito Somebody's 500 CC Gran prix +
snoopy.nfo 2433
 THE HUMBLE GUYS: Snoopy +
sowdox.nfo 3739
 THE HUMBLE GUYS: Spoils of War: The Complete Documentation by Empire +
space18.nfo 4295
 THE HUMBLE GUYS: Space 1889 from Paragon Software +
spidey.nfo 4314
 THE HUMBLE GUYS: The Amazing Spider Man from Paragon +
spoils.nfo 4392
 THE HUMBLE GUYS: Spoils of War by Internecine +
storm.nfo 4445
 THE HUMBLE GUYS: Stormlord from Hewson +
stunrun.nfo 3636
 THE HUMBLE GUYS: Stun Runner from Domark +
subbuteo.nfo 4212
 THE HUMBLE GUYS: Subbuteo from Goliath Games +
superc.nfo 3818
 THE HUMBLE GUYS: Super C +
t2trn.nfo 7602
 THE HUMBLE GUYS: Terminator II Arcade Trainer from Virgin +
td3data.nfo 3849
 THE HUMBLE GUYS: Test Drive 3 Cars and Roads I from Accolade +
test.txt 981
 THE HUMBLE GUYS: Duck Tales from Disney +
thg.nfo 8511
 THE HUMBLE GUYS: El Fish from Maxis/Midscape +
tomcat.nfo 4526
 THE HUMBLE GUYS: F-14 Tomcat from Activision +
tracy.nfo 3854
 THE HUMBLE GUYS: Dick Tracy from Titus +
troika.nfo 4100
 THE HUMBLE GUY: Troika Fix +
turntrnr.nfo 4043
 THE HUMBLE GUYS: Turn n Burn Trainer +
ty.nfo 3546
 THE HUMBLE GUYS: Team Yankee +
umsii.nfo 3857
 THE HUMBLE GUYS: universal Military Simulator II from Microprose +
vallahal.nfo 5446
 THE HUMBLE GUYS: Valhalla, from Optyk +
wcii.nfo 4168
 THE HUMBLE GUYS: Wing Commander Secret Missions Disk II from Origin +
weird.nfo 3381
 THE HUMBLE GUYS: Weird Dreams from Microprose +
world.nfo 3688
 THE HUMBLE GUYS: World Circuit Formula One Grand Prix by Microprose +
x-wing.nfo 6796
 THE HUMBLE GUYS: X-Wing from Lucasfilms +
zeliard.nfo 3440
 THE HUMBLE GUYS: Zeliard from Sierra +

There are 118 files for a total of 498,358 bytes.

+Important Credit: A portion of these files came from a site called the +Defacto2 Scene Archive, +and were acquired and saved by the folks of that group. They've done a +wonderful job on the site, and it is highly reccommended that you check +it out. + + diff --git a/textfiles.com/piracy/HUMBLE/aces.nfo b/textfiles.com/piracy/HUMBLE/aces.nfo new file mode 100644 index 00000000..95f3cec2 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/aces.nfo @@ -0,0 +1,59 @@ + + Aces of the Pacific + by Dynamix + +ͻ + Protection None + Graphics VGA/EGA/CGA + Controls Keyboard/Mouse/Joystick + Sound Most + Supplier Not you +ͼ + + + This Requires a 386sx & at least 2 meg of ram... + It looks like a good game, and we couldn't find any protection + + + [ Members ]Ŀ + Fabulous Furlough Thinks he's retired + The PieMaN Sysop of The P.I.T.S. + The Slavelord Sysop of The Slaveden + The Mad Scientist Protection Eradication Engineer + JROK THG Protection Eradication Engineer + Night Writer THG Member! + Eddie Haskel Sysop of SpamLand + BamBam Sysop of DownTown + Barimor Sysop of The Final Frontier + Predator Sysop of Iron Fortress + Mr. Plato Sysop of Plato's Place + The Toyman Sysop of Elusive Dream + The Iceman Sysop of The Ice Castle + Bryn Rogers Sysop of The Demon's Forge + Hi.T.Moonweed Sysop of The Flying Teapot + Sauron THG/fx crew + Lord Zombie THG/fx crew + + [ Member Boards ]Ŀ + The Slaveden (2 nodes) (904) 331-1038 The Slavelord + SpamLand (3 nodes) (508) 831-0131 Eddie Haskel + Plato's Place (6 Nodes) (618) 254-5263 Mr. Plato + The P.I.T.S. (5 Nodes) (718) THE-PITS The PieMaN + DownTown +31-5750-29313 BamBam + The Inferno (416) 841-1933 Black Plague + The Final Frontier (602) 730-5193 Barimor + Elusive Dream (4 Nodes) (317) - The Toyman + The Ice Castle +47 - The Iceman + The Demon's Forge +44 282-22514 Bryn Rogers + The Flying Teapot +44 603-767543 Hi.T.Moonweed + + [ Distribution Sites ]Ŀ + Skull Isle (514) 647-3096 Skoal Bandit + Concrete Sea (901) 274-0019 Razor Face + Cloud Nine Elite () - Nimbus + The Real World (206) - Mack The Hack + The Eclipse BBS () - The Mustang + Big City Lights () - The Hook + Piper's Pit (203) - Rowdy Roddy Piper + Covert Society (206) 946-6666 The Lizard + diff --git a/textfiles.com/piracy/HUMBLE/alley.nfo b/textfiles.com/piracy/HUMBLE/alley.nfo new file mode 100644 index 00000000..10da58a5 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/alley.nfo @@ -0,0 +1,88 @@ + Armor Alley + From Three-Sixty Software + + +Cracking: Somewhat Complex Serial Number Check +Graphics: EGA/CGA/Tandy/Monocrome Herc +Controls: Keyboard/Mouse/????? +Sound: You Tell me + +Cracking/Game Notes: They took every keypress & check it in the Serial Number +routine, if it was ok, they loaded the registers & returned to allow you to +choose the "Personalize" Option.. Just enter whatever you like and choose +"Personalize", now you'll have your name up in lights!! + +Greets: Neil - Got that stuff changed to Blue Label Yet?? +Some quick greetz go to Basket Case - Hang Tight Dude! + + The Humble Guys are: + Candyman, Fabulous Furlough, NightWriter, The Slavelord, + Predator, Mr. Plato, Fletcher Christian, BamBam, Lord Zombie, + Eddie Haskel, Funakoshi, Wico, JROK, Mace Mandella, Belgarion, + The Humble Babe, Harry Lime, Black Plague, MALZAM, + Lord Sterling, Sauron, and George, The PieMaN + + Our Humble Couriers are : + High Roller, The Mogur, Con Artist, Blood Reviver, Lord Exterminator, + Heavy Metal, Skoal Bandit, ForkBeard The Pirate, Master Frodo, Silencer, + Prince of Thieves, Quick Silver, Kane KK + + +-----------------+ + |The Humble Boards| + +---------------------+-----------------+------------------------+ +Members |The Slave Den (904) 331-1038 The Slavelord | + |SpamLand (3 nodes) (508) 831-0131 Eddie Haskel | + |Plato's Place (6 nodes) (618) 254-5263 Mr. Plato | + |The P.I.T.S. (5 Nodes) (718) THE-PITS The PieMaN | + |HMS Bounty (3 nodes) () - Fletch | + |Iron Fortress () - Predator | +Boards |DownTown +31-5750-29313 BamBam | + |Festering Pit (206) 481-2728 Belgarion | + |Inner Circle +46-31-304142 Wico | + |The Inferno (416) 841-1933 Black Plague | + |House of Lords (714) 681-9219 Lord Sterling | + |Enterprise Elite (313) 442-7543 The Humble Babe | + +----------------------------------------------------------------+ +Dist. |Elusive Dream (317) 452-1257 The Toyman | + |The Ice Castle +47 PRI-VATE The Iceman | +Sites |Black Ice (904) 377-1325 Chaos | + |The Cove (317) 743-1168 Viper | + |BBS a Holic (213) PRI-VATE Genesis | + |Dark Data Security +39 2 29519751 Tom Cat | + |Maximum Security (408) 867-5139 The Warden | + |Skull Island (514) 647-3096 Skoal Bandit | + |Concrete Sea (901) 274-0019 Razor Face | + |Red October (415) 935-8720 Captain Ramius | + +----------------------------------------------------------------+ + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! The Humble Guys! + P.O.Box 24541 or P.O.Box 12207 + Nashville, TN 37202 Mill Creek, WA 98012 + + + +Send us any letters thanking us for being so incredibly great!! We know +you guys worship the ground we walk above, but it's good for you guys +to tell us. All letters will be posted on the LSDnet (tm) arts and letters +section! Please send any computer hardware you don't need! We can use it! +Especially modems and hard drives!! + +* Note * All Letter Bombs will be returned to sender. + +Call The Humble Guys Voice Mail Box! 615-664-1952! Leave us a message! + +Look for The Humble Review magazine coming soon to a BBS near you! + +Remember, you too can be either Humble Courier, a Humble Franchise, +a THG Distribution site, or even possibly a member. + +Contact The PieMaN on The PITS if You Interested! + +Also, Call the Humble 900 number - 1-900-535-4200 ext. 780 +NOTE! $2.00 per minute. Updated EVERY Monday Morning!! +Kiddies under 18 MUST have their parents Permission! + diff --git a/textfiles.com/piracy/HUMBLE/arachna.nfo b/textfiles.com/piracy/HUMBLE/arachna.nfo new file mode 100644 index 00000000..a372317e --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/arachna.nfo @@ -0,0 +1,91 @@ + Arachnaphobia + From Disney Software + + +Cracking: Name this Spider! +Graphics: CGA/EGA/VGA/Tandy +Controls: Keyboard/You Tell ME! +Sound: Honker, Disney Sound box for the Parallel port + +Cracking/Game Notes: Interesting protection, if you tried to trace over a +RETF to go back to the root program, it would crap out Soft-ice to the same +address EVERY time.. Nice idea.. Too bad.. 3 byte crack.. + +Greets: +Some quick greetz go to Harry Lime & Black Plague - Welcome Aboard!! + + +The Humble Guys are: The Candyman, Fabulous Furlough, NightWriter, Magnetic +The Slavelord, Predator, Mr. Plato, Fletcher Christian, Lord Blix, Barimor, +The Viper, BamBam, Lord Zombie, The Guch, Eddie Haskel, Funakoshi, Wico, +The Humble Sysop, Drool Master Rick, JROK, Mr.M, Mace Mandella, Belgarion, +The Humble Babe, Harry Lime, Black Plague and our HUMBLE leader, Gods +Gift to the IBM ! + + +-----------------+ + |The Humble Boards| + +---------------------+-----------------+------------------------+ +Members |Candyland (***) ***-**** The Candyman | + |The Slave Den (904) 376-1117 The Slavelord | + |HMS Bounty (2 nodes) (215) 873-7287 Fletch | + |The Humble Review (319) 372-5987 The Humble Sysop | + |Plato's Place (3 nodes) (618) 254-5263 Mr. Plato | + |Iron Fortress (508) 798-5492 Predator | + |SpamLand (508) 831-0131 Eddie Haskel | + Boards |Final Frontier (602) 491-0703 Barimor | + |DownTown 31-5750-29313 BamBam | + |TinselTown Rebellion (713) 453-2153 The Viper | + |Enterprize Elite (313) 442-7543 The Humble Babe | + |Festering Pit (206) 481-2728 Belgarion | + |Inner Circle +46-31-304142 Wico | + |The Inferno (416) 841-1933 Black Plague | + +----------------------------------------------------------------+ +Dist. |The P.I.T.S. (3 Nodes) (718) THE-PITS The PieMaN | + | (718) PRI-VATE Don't U DARE Call! | + |Elusive Dream (317) 452-1257 The Toyman | + Sites |The Wall (716) PRI-VATE Pink Floyd | + |Twilight Zone (617) ???-???? Raistlin | + |The Ice Castle (+47) PRI-VATE The Iceman | + |Black Ice BBS (904) 377-1325 Chaos | + |Paradise City (416) 479-9879 Mongolian Cannibal | + |Swindler's Stronghold (703) 722-6051 Loan $hark | + |Software Conspiracy (305) 235-4335 Sparrowhawk | + |The Phortress System I (914) 221-0035 The FREEZE | + |The Phortress System II (914) 227-6847 Mephistopheles | + |Access Denied! (313) 977-5880 Access | + |The Cove (317) 743-1168 Viper | + |BBS a Holic (213) PRI-VATE Genesis | + |Dark Data Security (+39) 2 29519751 Tom Cat | + |Maximum Security (408) 867-5139 The Warden | + +----------------------------------------------------------------+ + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! The Humble Guys! + P.O.Box 24541 or Post Restante + Nashville, TN 37202 p.o. box 99960 + 7200 NA Zutphen Holland + + + +Send us any letters thanking us for being so incredibly great!! We know +you guys worship the ground we walk above, but it's good for you guys +to tell us. All letters will be posted on the LSDnet (tm) arts and letters +section! Please send any computer hardware you don't need! We can use it! +Especially modems and hard drives!! + +* Note * All Letter Bombs will be returned to sender. + +Call The Humble Guys Voice Mail Box! 615-664-1952! Leave us a message! + +Look for The Humble Review magazine coming soon to a BBS near you! + +Remember, you too can be either Humble Spittle, a Humble Slave, a +Humble Franchise, a THG Distribution site, or even possibly a member. +Contact us on Enterprize Elite if you are interested! + +Also, Call the Humble 900 number - 1-900-535-4200 ext. 780 +NOTE! $2.00 per minute. Updated EVERY Monday Morning!! + diff --git a/textfiles.com/piracy/HUMBLE/arborea.nfo b/textfiles.com/piracy/HUMBLE/arborea.nfo new file mode 100644 index 00000000..3aacd25e --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/arborea.nfo @@ -0,0 +1,83 @@ + Crystals of Arborea + Silmarils + Supplied by Funakoshi Sensei + + +GRAPHICS:CGA/VGA +CONTROLS:Mouse/Joystick preferred, if you use Keyboard your on your own! +SOUND:Might have Adlib (?) +CRACK:Simple disk check thingy (3 bytes) + + +A SPECIAL HUMBLE YAHOO TO: All our NEW! contacts in Japan & Taiwan + +GREETS TO: RBM - You EVER gonna fix Joe Montana? + + + + + + The Humble Guys are: + + The Candyman, Fabulous Furlough, NightWriter, + The Slavelord, Predator, Mr. Plato, Fletcher Christian, + Lord Blix, Barimor, The Viper, BamBam, Lord Zombie, The Guch, + Eddie Haskel, BigBobRob, Funakashi, The Humble Sysop, Drool Master Rick, + Jrok, Mr. M and God's Gift to the IBM, Mace Mandella + + Ŀ + The Members Boards and Humble Distribution Sites + Ĵ +HOME BOARD-Candyland (XXX) XXX-XXXX The Candyman + The Slave Den (904) 376-1117 The Slavelord + HMS Bounty (215) 873-7287 Fletch + Plato's Place (618) 254-5263 Mr. Plato + Iron Fortress (508) 798-3363 Predator + SpamLand (508) 831-0131 Eddie Haskel + Final Frontier (602) 491-0703 Barimor + DownTown 31-5750-29313 BamBam + TinselTown Rebellion (713) 453-2153 The Viper + The Humble Review (319) 372-5987 The Humble Sysop + The Drool Bucket (615) 331-9782 Drool Master Rick + Ĵ + The Badlands (904) PRI-VATE Lowrider + The P.I.T.S. (718) THE-PITS The Pieman + Elusive Dream (317) 452-1257 The Toyman + The Wall (716) PRI-VATE Pink Panther + Twilight Zone (617) 288-2597 Raistlin + The Ice Castle 47-PRI-VATE The Iceman + Black Ice BBS (904) 377-1325 Chaos + Elm Street BBS (214) 407-1801 Freddy Krueger + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! The Humble Guys! + P.O.Box 24541 or post restante + Nashville, TN 37202 p.o. box 99960 + 7200 NA Zutphen Holland + +Send us your hate mail! We LOVE to get your hate mail! All hate mail sent +to the P.O. Box will be sent out on the LSDNet (tm) THG Arts and Letters +Section! + +* Note * All Letter Bombs will be returned to sender. + +Call The Humble Guys Voice Mail Box! 615-664-1952! Leave us a message! + +If you have a fax, and want the docs for your latest game, contact +Drool Master Rick and get in on the Humble Fax Network. + +Look for The Humble Review magazine comming soon to a BBS near you! + +Remember, you too can be either Humble Spittle, a Humble Slave, a +Humble Franchise, a THG Distribution site, or even possibly a member. +Contact us on Candyland, The Slave Den, or Downtown BBS if you are +interested! + +P.S. - The Humble Guys are ALWAYS looking for artists for their Intros! +If you have any artistic ability give one of our boards a call. + + + diff --git a/textfiles.com/piracy/HUMBLE/atf.nfo b/textfiles.com/piracy/HUMBLE/atf.nfo new file mode 100644 index 00000000..6b66efb9 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/atf.nfo @@ -0,0 +1,130 @@ + + + + ܱ ۲ + ߲ ۲ ۲ ۲ ۲ ۲ ܱ + ۱ ۲ ۲ ۲ ߲ ۲ _ + ۲ ۲ ۱ ۲ ۲ ۲Rs + ۲ ۲ ۰ ۲ ߲ ۱Oa + ۱ ۱ ۰Yc + ۰ ۲ ۲ ۱ - + ۱۲ ۲ ߲ ۲ ۲ + ۲۱ ۲ ۲ ۲ + ۲ ߱ ߲ ۲ ۲ + ۲ ߱ + + + + + + [ NAPALM PC PRESENTS ]Ŀ + + Advanced Tactical Fighters (c) Electronic Arts + + Ĵ + Supplier: Hannibal Release Dat : 3/27/96 + Packager: Prophet Game Type : 3D Flight Simulation + Stripper: Hannibal Protection : CD-CHECK + Cracker : Lost Soul Disks : 19 + Ĵ + System Requirements: 486/33, 8 MB RAM, 30 MB HD + + + Release Notes: + ~~~~~~~~~~~~~~ + This simulation is based on exclusive, authentic and up-to-date information + from Jane's information group (the world's largest publisher of military + information), it includes a fully interactive aircraft guide with blue + prints, weapons information, engine diagrams, and cockpit layouts. Advanced + 3D graphics and digitized special effects add to the realism. Also multiple + states of damage (watch your target explode into bits) and digital + explosions. Modem and network play lets up to 8 players dogfight in + authentically detailed F-22's. + + + + CD-Rip Info: + ~~~~~~~~~~~~ + All animations/speech were taken out, but the rest is here. + + + Installation Notes: + ~~~~~~~~~~~~~~~~~~~ + Unpack the files, make sure you copy the AF.EXE in the zip over the old + AF.EXE in \ATF\, after that run ATF.BAT and start flying! + + Note: Take a look at the ATF.DOX! + + + Also the Abuse release from us is the FINAL/STORE version unlike previous + releases of Abuse were all betas. + + + Ŀ + -/- NAPALM MEMBERSHIP -\- + + + + Chainsaw Massacre, Cirion, The Comanche, Cyberphreak, Dark Star + David & Goliath, Daviolator, Dr. Detergent, The Ghost Wind + Gilby, Hannibal, Physco Stik, Lost Soul, Mach One + Mithrandir, Ol' Dirty Bastard, Prophet + Raptor, Starman, Tinox, Wolverine + + + Napalm Couriers + ~~~~~~~~~~~~~~~ + Coordinators: Beelzebub - Darkforce - The Dutchmen + + Anthrax, Archvile, Bash, Darkside, Demon Lord, DK, Duro, The GodFather + The Operator, Osmosis, OutHouse, Pericles, The Pep, Phat + Phoenix, Rom Racer, Shatter Star, Tornado + + + * NOTE: All Sysops of Napalm boards are FULL members. * + + Ŀ + -/- NAPALM'S WORLD WIDE BULLETIN BOARDS -\- + + + X-Factor 1O Node(s) World HQ Longshot + + TEMPORARY DOWN Node(s) United States HQ + 2112 10 Node(s) Eastern US HQ Analog Kid + The Warp Zone 9 Node(s) Western US HQ TWZ Staff + + SpellBound 9 Node(s) European HQ Cruger + + Info SuperHighway 4 Node(s) Member Board Zino/Lost Soul + Stranger Than Fiction 6 Node(s) Member Board Sinister Dexter/TGW + + Underground Insanity 5 Node(s) Affiliated Board Kreep/Bishop + Carnel Infatuation 5 Node(s) Affiliated Board Stratocaster + Manifest Destiny 3 Node(s) Affiliated Board Tornado + DeathScape 2 Node(s) Affiliated Board Rom Racer + + YOU COULD BE HERE +2 Node(s) Dist Site YOU + + CxxxxxRxxx Cxxxxx FTP Site World HQ Cxxxxx + Dxxxxxxx FTP Site USA HQ Cxxxxxxxxxx + + Ŀ + -/- INFORMATION -\- + + + We are dedicated in bringing you the best in PC games entertainment! + If you have something to offer us and want to be part of Napalm, contact + us immediately! + + IF YOU WANT TO GET IN TOUCH WITH US HERE IS HOW TO DO IT: + + On the internet, e-mail prophet@dazeclub.stu.rpi.edu, or on IRC look + for either: DarkForce, Beelzebub, The Dutchmen, Dviolator, Hannibal_ + + + + + Uncopyright (u) by Napalm 1996 + + ** IF YOU LIKE THIS GAME, BUY IT! SOFTWARE AUTHORS DESERVES SUPPORT! ** + diff --git a/textfiles.com/piracy/HUMBLE/atf2.nfo b/textfiles.com/piracy/HUMBLE/atf2.nfo new file mode 100644 index 00000000..e749c5ad --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/atf2.nfo @@ -0,0 +1,55 @@ + ATF-II Simulator + Cracked by Lord Blix + + +Graphics: EGA/VGA +Sound: High-Tech Quasi-Random Internal Speaker +Controls: Several + + +Cracking Notes: This bastard kicks on the A: for a second and keeps + it going. + + + +-----------------+ + |The Humble Boards| + +---------------------+-----------------+------------------------+ + |Candyland (615) 834-3333 Candyman | + |HMS Bounty (3 nodes) (215) 873-7287 Fletch | + |The Badlands (904) PRI-VATE Lowrider | + |The Slave Den (904) 376-1117 The Spamlord | + |Plato's Place (4 nodes) (618) 254-5263 Mr. Plato | + |The P.I.T.S. (718) THE-PITS The PieMaN | + |The Crack in Time (201) 573-0449 Master Blaster | + |Edge of Insanity (206) 868-1435 The Shocker | + |Iron Fortress (508) 798-3363 Predator | + |SpamLand (508) 831-0131 Eddie Haskel | + |Fucked up (305) 227-4110 Bart Simpson | + |Ghost Shadow (213) 221-6861 Ghost Master | + |Elusive Dream (317) 452-1257 The Toyman | + |Final Frontier (602) 491-0703 Barimor | + |Tensiltown Rebellion (713) 453-2153 The Viper | + |The Wall (716) 691-5945 Pink Floyd | + |Black Ice (904) 377-1325 Chaos | + |Downtown +31-5750-29313 Bam Bam | + |The Ice Castle +47 Private The Ice Man | + |Elm Street BBS (214) 407-1801 Freddy Krueger | + +----------------------------------------------------------------+ + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! The Humble Guys! + P.O.Box 24541 Post RESTANTE + Nashville, TN 37202 P. O. Box 99960 + 7200 NA + Zutphen Holland + +Send us anything that you deem appropriate. If you can supply us with games, +give us a call at any of the above listed boards. + +Also, Call The Humble Guys! Voice Mailbox - 615-664-1952, +Leave us a message, tell us what you think. + + diff --git a/textfiles.com/piracy/HUMBLE/bards3.nfo b/textfiles.com/piracy/HUMBLE/bards3.nfo new file mode 100644 index 00000000..eea11c19 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/bards3.nfo @@ -0,0 +1,85 @@ + Bard's Tale 3: Thief of Fate + From Electronic Arts + + +GRAPHICS:Tndy/Cga/Ega/Composite or Tv (Har Har) +CONTROLS:Keyboard +SOUND:Most +CRACK: Yes + +A SPECIAL HUMBLE YAHOO TO: NEUA - We missed you while you were gone. + $yndicate - Both of them! + PE - Is it dead yet? + Neil - See you Tuesday! + +GREETS TO: Our New Contact at EAD Thanks for This ONE! And the NEW (and + improved) Humble Slave #1 - {Welcome to the winning team Amy} + + + + + + The Humble Guys are: + + The Candyman, Fabulous Furlough, NightWriter, + The Slavelord, Predator, Mr. Plato, Fletcher Christian, + Lord Blix, Barimor, The Viper, BamBam, Lord Zombie, The Guch, + Eddie Haskel, BigBobRob, Funakashi, The Humble Sysop, Drool Master Rick, + Jrok, Mr. M and God's Gift to the IBM, Mace Mandella + + Ŀ + The Members Boards and Humble Distribution Sites + Ĵ +HOME BOARD-Candyland (XXX) XXX-XXXX The Candyman + The Slave Den (904) 376-1117 The Slavelord + HMS Bounty (215) 873-7287 Fletch + Plato's Place (618) 254-5263 Mr. Plato + Iron Fortress (508) 798-3363 Predator + SpamLand (508) 831-0131 Eddie Haskel + Final Frontier (602) 491-0703 Barimor + DownTown 31-5750-29313 BamBam + TinselTown Rebellion (713) 453-2153 The Viper + The Humble Review (319) 372-5987 The Humble Sysop + The Drool Bucket (615) 331-9782 Drool Master Rick + Ĵ + The Badlands (904) PRI-VATE Lowrider + The P.I.T.S. (718) THE-PITS The Pieman + Elusive Dream (317) 452-1257 The Toyman + The Wall (716) PRI-VATE Pink Panther + Twilight Zone (617) 288-2597 Raistlin + The Ice Castle 47-PRI-VATE The Iceman + Black Ice BBS (904) 377-1325 Chaos + Elm Street BBS (214) 407-1801 Freddy Krueger + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! The Humble Guys! + P.O.Box 24541 or post restante + Nashville, TN 37202 p.o. box 99960 + 7200 NA Zutphen Holland + +Send us your hate mail! We LOVE to get your hate mail! All hate mail sent +to the P.O. Box will be sent out on the LSDNet (tm) THG Arts and Letters +Section! + +* Note * All Letter Bombs will be returned to sender. + +Call The Humble Guys Voice Mail Box! 615-664-1952! Leave us a message! + +If you have a fax, and want the docs for your latest game, contact +Drool Master Rick and get in on the Humble Fax Network. + +Look for The Humble Review magazine comming soon to a BBS near you! + +Remember, you too can be either Humble Spittle, a Humble Slave, a +Humble Franchise, a THG Distribution site, or even possibly a member. +Contact us on Candyland, The Slave Den, or Downtown BBS if you are +interested! + +P.S. - The Humble Guys are ALWAYS looking for artists for their Intros! +If you have any artistic ability give one of our boards a call. + + + diff --git a/textfiles.com/piracy/HUMBLE/batman.nfo b/textfiles.com/piracy/HUMBLE/batman.nfo new file mode 100644 index 00000000..0c04389e --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/batman.nfo @@ -0,0 +1,137 @@ + + + + + + + + + + + + + + + + + + ͵Proudly PresentsĿ + -+- The Adventures of Batman and Robin -+- + + + + ͸ +Ŀ + +  RELEASE INFORMATION  + + + Ŀ + SuPPLiER : A God CRaCKeR : n/a + ReLeaSeD : 12/24/95 PaCKaGeR : Third Son... + LaNGuaGe : ENGLISH # of DiSCs : 24 + GRaPHiCs : [X] VGA [X] SVGA ENViRoNMeNT : [ ] MS-DOS [X] Win [X] Win95 + SouNDs : [X] Adlib [X] SB [X] SBPro [X] SB16 [X] PAS [X] Roland [X] GUS + RaTInGs : ۰ + + + + + ͸ +ڳ  RELEASE & INSTALLATION NOTES  +͵ + BLaDE presents " The Adventures of Batman and Robin " from Sound Source + Interactive! For two heroic crime Fighters, their job is never done. For + three colorful villians, there is nowhere to run! It's educational! It's + totally action packed! It's a totally interactive reading experience for + children five and up! + + Create a directory called BATMAN, place all the arj files in there and + the install.exe. Type INSTALL and you are ready to play in Windows. Only + the video was ripped. The game is installed so create a program group + in Windows. The program is setup for C: drive but adjust the .ini files + for a different drive. And most of all, HAVE FUN! + + + + Greets Go To: The Gecko - How are those " Strip Bars " anyway! :) + The Speed Racer - I think you should go for a Vette! + Pharaoh - Akira. THE fastest in the world! + DruidKin - The best on the iNET! + ZPat - I miss you man...!! + Sir Alf - Keep DruidKin in line will ya! + + And everybody who gets to sleep on a regular basis! + + + Groups + RAZOR 1911 - Others come and go... But Razor 1911 lives on! + PWA - THE best in Utilities! + RiSC - The ART of Trading! + + * Special Greets to all the Traders that Spread our warez * + + + + W E A R E + +  B L A D E R U N N E R S  + Ŀ + Ŀ + FOUNDING MEMBERS + +  ALiEN SoN  THiRD SoN  + ---- + + + Ŀ + Ŀ +  SENIOR MEMBERS  + + Gunga Fat. Captain Blood. Urick + and Toast + + + Ŀ + Ŀ + COURiER TEM +  Toast..... CC  + GuNGa FaT + Roast + IronEagle + Fortune + + ---- + + +  BLaDE RuNNeRS HEADQUARTERS SiTES Ŀ + + The ROCK THiRD SoN 6 NoDES ITSPRIVATE The WORLD HQ + BiG BoBBeRS ALiEN SoN 2 NoDES ITSPRIVATE The USA HQ + PRiVaTe CoLLeCTioN WiLDCHiLD 6 NoDES ITSPRIVATE DiSTRo SiTe + BLaCK OPiuM EViLiVe 2 NoDES ITSPRIVATE DiSTRo SiTe + + + + -- A little INFO -- + BLADE RUNNERS are looking for people dedicated to making the scene + the best it can be. This group is very well organized and is + looking for new members that will help the group in all areas. + Couriers are needed most. If you would like to apply for + a group that has it's SHIT together then give our Courier HQ + a Call and leave Feedback to The Wiz... + + Want to be a Site for BLADE?? sure not a problem.. We are accepting + sites but you must be willing to offer something to the group.. + Don't expect to sit back on your ass and just receive the warez. + If you can then contact the Courier HQ and let us know what you can + offer.. If not don't bother calling!! + + + Ŀ + If you liked this software then please BUY it.. If you didn't then + trash it. Support Software authors and warez that work!! + Blade Runners is NOT in any way compensated for their work. We do + it for fun. + + \ No newline at end of file diff --git a/textfiles.com/piracy/HUMBLE/batman2.nfo b/textfiles.com/piracy/HUMBLE/batman2.nfo new file mode 100644 index 00000000..68f7326c --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/batman2.nfo @@ -0,0 +1,61 @@ + Batman Returns + by Park Place Development + +ͻ + Protection Nothing Apparent + Graphics MCGA 320x200x256 + Controls Moose (?) + Sound Adlib/Sound Blaster + Supplier Expert +ͼ + +All I know is that it's really big. 17 megs installed. The sound sucks, +the graphics are decent, and I'll be damned if I can figure this fucker out. +Good luck. + + Greets to BAD: Nice Mag! Pie loved the GIF. + + [ Members ]Ŀ + Fabulous Furlough Starring in Deliverance II + The PiePersoN Sexual Deviate (right Bitch?) + The Mad Scientist Duplication Deterrent Removal Expert + JROK Protection Eradication Engineer + Eddie Haskel Sysop of SpamLand + BamBam Sysop of DownTown + Bryn Rogers Sysop of The Demon's Forge + Hi.T.Moonweed Sysop of The Flying Teapot + Sauron THG/fx crew + The Mustang Sysop of The Eclipse + Hydro PR Man! + Rawhide Protection Eradication Engineer + Expert |<-Rad d00d + Mad Marvin THG Doc-meister + Law and Order Party Copyright Infringement Specialist + + [ THG Peasants ]Ŀ + DeLiRiouS NoMaD President of the THG Fan Club + The Slavelord Official THG Virus Tester + + [ Member Boards ]Ŀ + The P.I.T.S. (5 Nodes) () - The PiePersoN + SpamLand (3 nodes) () - Eddie Haskel + DownTown (1 lousy node) +-- BamBam + The Demon's Forge + - Bryn Rogers + The Flying Teapot (2 Nodes) + - Hi.T.Moonweed + The Eclipse BBS (2 Nodes) () - The Mustang + Private Society () - Mad Marvin + + [ Distribution Sites ]Ŀ + Skull Isle () - Skoal Bandit + Concrete Sea () - Razor Face + The Real World () - Mack The Hack + Piper's Pit () - Rowdy Roddy Piper + Covert Society () - The Lizard + Big City Lights () - The Hook + Midnight Blues () - Bitch + The Arena () - Roman + Cloak -/\/- Dagger () - Surak + The Garden of Eden () - Excessive Freddie + Thunder BBS () - Thunder + + \ No newline at end of file diff --git a/textfiles.com/piracy/HUMBLE/bchess2.nfo b/textfiles.com/piracy/HUMBLE/bchess2.nfo new file mode 100644 index 00000000..c53e14f0 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/bchess2.nfo @@ -0,0 +1,56 @@ + Battle Chess 2: Chinese Chess + Broken by Fabulous Furlough + Supplied by Plato + Thanks for your Patience! + + +GRAPHICS:CGA/EGA/VGA/TDY +SOUND:Soundblaster/Adlib/PC +CONTROLS:Mouse/Keyboard/Joystick + +CRACKING NOTES: GOD! this was easy! go buy the original if you want to learn + to crack, this is the game! + + + + + +-----------------+ + |The Humble Boards| + +---------------------+-----------------+------------------------+ + |Candyland (615) 834-3333 Candyman | + |HMS Bounty (3 nodes) (215) 873-7287 Fletch | + |The Badlands (904) PRI-VATE Lowrider | + |The Slave Den (904) 376-1117 The Spamlord | + |Plato's Place (4 nodes) (618) 254-5263 Mr. Plato | + |The P.I.T.S. (718) THE-PITS The Pieman | + |The Crack in Time (201) 573-0449 Master Blaster | + |Edge of Insanity (206) 868-1435 The Shocker | + |Iron Fortress (508) 798-3363 Predator | + |SpamLand (508) 831-0131 Eddie Haskel | + |Fucked up (305) 227-4110 Bart Simpson | + |Ghost Shadow (213) 221-6861 Ghost Master | + |Elusive Dream (317) 452-1257 The Toyman | + |Final Frontier (602) 491-0703 Barimor | + |Tensiltown Rebellion (713) 453-2153 The Viper | + |The Wall (716) 691-5945 Pink Floyd | + |Black Ice (904) 377-1325 Chaos | + |Downtown +31-5750-29313 Bam Bam | + |Ice Castle +44 Private Ice Man | + +----------------------------------------------------------------+ + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! The Humble Guys! + P.O.Box 24541 Post RESTANTE + Nashville, TN 37202 P. O. Box 99960 + 7200 NA + Zutphen Holland + +Send us anything that you deem appropriate. If you can supply us with games, +give us a call at any of the above listed boards. + +Also, Call The Humble Guys! Voice Mailbox - 615-664-1952, +Leave us a message, tell us what you think. + diff --git a/textfiles.com/piracy/HUMBLE/beasty.nfo b/textfiles.com/piracy/HUMBLE/beasty.nfo new file mode 100644 index 00000000..4e9650c2 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/beasty.nfo @@ -0,0 +1,67 @@ + Altered Beasty Boy by Sega + Cracked by R. Bubba Magillicutty and Fabulous Furlough + +GRAPHICS: HGC/CGA/TDY/EGA/"VGA" +SOUND: IBM/TDY/Adlib +CONTROLS: Keyboard/Joystick +SPAM: Not tonight, you give me a head-ache. + +NOTES: + Press F1 from the title screen for a key quick-reference. The adlib +sounds just like the arcade game, except the lame "roar" when you change. + +CRACKING NOTES: + This one was interesting. A little different from the traditional +Sega protection, but not much. It has two methods - running from floppy uses +a traditional INT 13-based read, then runs part of the code it read in (or +just uses the info to tell it where to jump to.) If you install to a hard +drive, it modifies the root directory around the directory name where you +installed it. We forced it to think it was always on a hard drive. It also +checked to see if it was running from a directory right below the root dir. +It wouldn't let you run it in something below that, i.e. you couldn't install +it to \games\beasty. Now you can. You're welcome. + This was sort of a co-crack. Actually, we pretty much both did it +separately. Fabulous Furlough had it almost working but didn't know it when +he called me and gave it to me. He got it far enough to get a "FILE NOT +FOUND" error from LOAD. But it turned out that it always does that if you +don't let it get called by BEAST. I had more fun with it. I ran the ACCESS +thing which modifies your hard drive root dir. It refused to run under +Compaq DOS. Of course both computers here run Compaq DOS. So I booted up +with a floppy, cracked the ACCESS install program, and got it to run. That's +when I told FF that you can't just run LOAD. From there we both fixed it up +on our own, giving each other bad advice along the way to make cracking it +take longer. + + - RBM + +Greets from R. Bubba Magillicutty to Portashop! Thanks for the help! +Greets from Fabulous Furlough to Grey Ghost! Good job with Power Drift. +Greets from The Spamlord to Line Noise. Parlez-vous Francais? + + Ŀ + The Humble Boards + ľĿ + Candyland (615) 333-6561 + The Computer is Your Friend (415) 234-4588 + HMS Bounty (215) 873-7287 + HMS Bounty Line 2 (215) 873-8620 + The Badlands (904) PRI-VATE + The Slave Den (904) 376-1117 + Plato's Place node 1 - 14.4 (618) 254-5263 + The P.I.T.S. (718) 921-3107 + Edge of Insanity (206) 868-1435 + Iron Fortress (508) 798-3363 + The Theory (305) 628-0315 + Lala Land (508) 831-0131 + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! + P.O.Box 24541 + Nashville, TN 37202 + +We're not getting enough hate mail in the P.O. Box! Please send us some +really nasty letters or we won't feel properly despised. The meanest one +will make it into the next NFO file. Have a nice day! diff --git a/textfiles.com/piracy/HUMBLE/benc.nfo b/textfiles.com/piracy/HUMBLE/benc.nfo new file mode 100644 index 00000000..e2850768 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/benc.nfo @@ -0,0 +1,90 @@ + Bill Elliott's NASCAR Challenge + From Konami + + +Crack: Name this Track +Graphics: CGA/EGA/TDY/VGA +Controls: Joystick/Mouse/Keyboard +Sound: Regular/Unleaded/Premium + +Cracking/Game Notes: + + This looks like the INDY 500 of NASCAR Racing GREAT graphics. + The protection was exactly the same as Stunts, (Mainly because it + is the SAME type). It is kinda ironic, I spent a while today + looking through Stunts (I had no idea the protection was the same). + Anyway, they have tables of the Op codes that the program uses, and + they write out odd-ball code to get a byte from their file, and do a + calculation on it, and us that value to pull the byte out of the table + and put it in the program. Sounds easy enough right? Well, the + statement that they use to pull the byte out of the table is the part + that keeps me from byte-cracking this. It is something to the tune + of: MOV AX,[DX+BP+FE02]. And last but not least, the + calculations that they do to get the offset won't allow you to access + every byte. FUN FUN FUN! + + +The Humble Guys are: The Candyman, Fabulous Furlough, NightWriter, Magnetic +The Slavelord, Predator, Mr. Plato, Fletcher Christian, Lord Blix, Barimor, +The Viper, BamBam, Lord Zombie, The Guch, Eddie Haskel, Funakoshi, Wico +The Humble Sysop, Drool Master Rick, Jrok, Mr.M, Mace Mandella, Belgarion, +The Humble Babe and our HUMBLE leader, Gods Gift to the IBM! + + +-----------------+ + |The Humble Boards| + +---------------------+-----------------+------------------------+ +Members |Candyland (***) ***-**** The Candyman | + |The Slave Den (904) 376-1117 The Slavelord | + |HMS Bounty (2 nodes) (215) 873-7287 Fletch | + |The Humble Review (319) 372-5987 The Humble Sysop | + |Plato's Place (3 nodes) (618) 254-5263 Mr. Plato | + |Iron Fortress (508) 798-3363 Predator | + |SpamLand (508) 831-0131 Eddie Haskel | + Boards |Final Frontier (602) 491-0703 Barimor | + |DownTown 31-5750-29313 BamBam | + |TinselTown Rebellion (713) 453-2153 The Viper | + |Enterprize Elite (313) 427-8755 The Humble Babe | + |Festering Pit (206) 481-2728 Belgarion | + |----------------------------------------------------------------| +Dist. |The P.I.T.S. (2 Nodes) (718) 921-3107 The PieMaN | + | (718) PRI-VATE Don't U DARE Call! | + |Elusive Dream (317) 452-1257 The Toyman | + Sites |The Wall (716) PRI-VATE Pink Floyd | + |Twilight Zone (617) ???-???? Raistlin | + |The Ice Castle 47-PRI-VATE The Iceman | + |Black Ice BBS (904) 377-1325 Chaos | + |Paradise City (416) 479-9879 Mongolian Cannibal | + |Swindler's Stronghold (703) 722-6051 Loan $hark | + |Software Conspiracy (305) 235-4335 Sparrowhawk | + |The Fortress System I (914) 221-0035 The FREEZE | + |The Fortress System II (914) 227-6847 Mephistopheles | + +----------------------------------------------------------------+ + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! The Humble Guys! + P.O.Box 24541 or post restante + Nashville, TN 37202 p.o. box 99960 + 7200 NA Zutphen Holland + + + +Send us any letters thanking us for being so incredibly great!! We know +you guys worship the ground we walk above, but it's good for you guys +to tell us. All letters will be posted on the LSDnet (tm) arts and letters +section! Please send any computer hardware you dont need! We can use it! +Especially modems and hard drives!! + +* Note * All Letter Bombs will be returned to sender. + +Call The Humble Guys Voice Mail Box! 615-664-1952! Leave us a message! + +Look for The Humble Review magazine comming soon to a BBS near you! + +Remember, you too can be either Humble Spittle, a Humble Slave, a +Humble Franchise, a THG Distribution site, or even possibly a member. +Contact us on Enterprize Elite if you are interested! + + diff --git a/textfiles.com/piracy/HUMBLE/billy.nfo b/textfiles.com/piracy/HUMBLE/billy.nfo new file mode 100644 index 00000000..2e350c57 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/billy.nfo @@ -0,0 +1,91 @@ + The Legend of Billy the Kid + From Ocean Inc. + + +Cracked by: Belgarion, with prompting from Jrok +Supplier: George (Call his board: Darkstar +49-821-994227) +Crack: Simple Doc Check +Graphics: 16 Color VGA / ???? +Controls: Mouse / Keyboard +Sound: ALL + +Cracking/Game Notes: + + Jrok walked me through this on the phone, and I cracked it with PC + Tools. It was just a simple doc check, that popped up, when you go + to rob a bank. All files need to be copied into a directory called + x:\BILLY>. When you run the program, type "HUGE /i", and then + configure it accordingly. Each time you run the program, you'll + need to use "HUGE.EXE". It's in German, but it shouldn't be to hard + to figure out. We figured out that you need to go to Santa Fe, and + rob the bank. Have fun with it.... + + Belgarion + +The Humble Guys are: The Candyman, Fabulous Furlough, NightWriter, Magnetic +The Slavelord, Predator, Mr. Plato, Fletcher Christian, Lord Blix, Barimor, +The Viper, BamBam, Lord Zombie, The Guch, Eddie Haskel, Funakoshi, Wico +The Humble Sysop, Drool Master Rick, Jrok, Mr.M, Mace Mandella, Belgarion, +The Humble Babe and our HUMBLE leader, Gods Gift to the IBM! + + +-----------------+ + |The Humble Boards| + +---------------------+-----------------+------------------------+ +Members |Candyland (***) ***-**** The Candyman | + |The Slave Den (904) 376-1117 The Slavelord | + |HMS Bounty (2 nodes) (215) 873-7287 Fletch | + |The Humble Review (319) 372-5987 The Humble Sysop | + |Plato's Place (3 nodes) (618) 254-5263 Mr. Plato | + |Iron Fortress (508) 798-3363 Predator | + |SpamLand (508) 831-0131 Eddie Haskel | + Boards |Final Frontier (602) 491-0703 Barimor | + |DownTown 31-5750-29313 BamBam | + |TinselTown Rebellion (713) 453-2153 The Viper | + |Enterprize Elite (313) 442-7543 The Humble Babe | + *|Festering Pit (206) 481-2728 Belgarion | + +----------------------------------------------------------------+ +Dist. |The P.I.T.S. (2 Nodes) (718) 921-3107 The PieMaN | + | (718) PRI-VATE Don't U DARE Call! | + |Elusive Dream (317) 452-1257 The Toyman | + Sites |The Wall (716) PRI-VATE Pink Floyd | + |Twilight Zone (617) ???-???? Raistlin | + |The Ice Castle 47-PRI-VATE The Iceman | + |Black Ice BBS (904) 377-1325 Chaos | + |Paradise City (416) 479-9879 Mongolian Cannibal | + |Swindler's Stronghold (703) 722-6051 Loan $hark | + |Software Conspiracy (305) 235-4335 Sparrowhawk | + |The Phortress System I (914) 221-0035 The FREEZE | + |The Phortress System II (914) 227-6847 Mephistopheles | + |Access Denied! (313) 977-5880 Access | + |The Cove (317) 743-1168 Viper | + + ---------------------------------------------------------------+ + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! The Humble Guys! + P.O.Box 24541 or Post Restante + Nashville, TN 37202 p.o. box 99960 + 7200 NA Zutphen Holland + + + +Send us any letters thanking us for being so incredibly great!! We know +you guys worship the ground we walk above, but it's good for you guys +to tell us. All letters will be posted on the LSDnet (tm) arts and letters +section! Please send any computer hardware you don't need! We can use it! +Especially modems and hard drives!! + +* Note * All Letter Bombs will be returned to sender. + +Call The Humble Guys Voice Mail Box! 615-664-1952! Leave us a message! + +Look for The Humble Review magazine coming soon to a BBS near you! + +Remember, you too can be either Humble Spittle, a Humble Slave, a +Humble Franchise, a THG Distribution site, or even possibly a member. +Contact us on Enterprize Elite if you are interested! + +Also, Call the Humble 900 number - 1-900-535-4200 ext. 780 +NOTE! $2.00 per minute. diff --git a/textfiles.com/piracy/HUMBLE/blades.nfo b/textfiles.com/piracy/HUMBLE/blades.nfo new file mode 100644 index 00000000..ca4d9f8c --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/blades.nfo @@ -0,0 +1,64 @@ + Legend of Arkania: Blades of Destiny + From US Gold + +ͻ + Protection Doc-Check + Cracked by Shoes + Graphics VGA 256k. + Controls Rodent + Sound Honker/Soundblaster + Supplier Uk's Finest! +ͼ + +Ok to install this you have to unzip with volume labels (-$) and then +install from floppy. Then copy the cracked SCHICKM.EXE from Blades-1.zip +over the installed one. + +This is the English version of Das Schartz Auge. The English version is +being distributed by US Gold and they havent changed the name in the +game or the Intro yet. However the actual game itself is 100% English +and not a eta. + +Many Thanx to Shoes and The Druid for helping me get this sucker +cracked. + + - Hi.T. + + [ Members ]Ŀ + Fabulous Furlough Thinks he's retired + The PieMaN Sysop of The P.I.T.S. + The Mad Scientist Protection Eradication Engineer + JROK Protection Eradication Engineer + Night Writer THG Member! + Eddie Haskel Sysop of SpamLand + BamBam Sysop of DownTown + Barimor Sysop of The Final Frontier + The Iceman Sysop of The Ice Castle + Bryn Rogers Sysop of The Demon's Forge + Hi.T.Moonweed Sysop of The Flying Teapot + Sauron THG/fx crew + Lord Zombie THG/fx crew + The Mustang Sysop of The Eclipse + Hydro THG Member! + + [ Member Boards ]Ŀ + SpamLand (3 nodes) (XXX) XXX-XXXX Eddie Haskel + The P.I.T.S. (5 Nodes) (XXX) XXX-XXXX The PieMaN + DownTown +XX-XXXX-XXXXX BamBam + The Final Frontier (XXX) XXX-XXXX Barimor + The Ice Castle +XX XXX-XXXX The Iceman + The Demon's Forge +XX XXX-XXXXX Bryn Rogers + The Flying Teapot (2 Nodes) +XX XXX-XXXXXX Hi.T.Moonweed + The Eclipse BBS (2 Nodes) () - The Mustang + + [ Distribution Sites ]Ŀ + Skull Isle (XXX) XXX-XXXX Skoal Bandit + Concrete Sea (XXX) XXX-XXXX Razor Face + The Real World (XXX) - Mack The Hack + Piper's Pit (XXX) - Rowdy Roddy Piper + Covert Society (XXX) XXX-XXXX The Lizard + Private Society (XXX) XXX-XXXX Mad Marvin + + +If you need to reach any of these fine THG boards, and are presently part of +the community, you will already know how to do this. diff --git a/textfiles.com/piracy/HUMBLE/bladewar.nfo b/textfiles.com/piracy/HUMBLE/bladewar.nfo new file mode 100644 index 00000000..4f5f1f2b --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/bladewar.nfo @@ -0,0 +1,77 @@ + Blade Warrior + From ImageWorks + Broken by JROK + + + +GRAPHICS:CGA/EGA/VGA - 256 color/Tandy +CONTROLS:Keyboard/Mouse/Joystick +SOUND:Maybe +CRACK:A standard Rob Nothern Copylock PC - simple really + + + The Humble Guys are: + + The Candyman, Fabulous Furlough, NightWriter, + The Slavelord, Predator, Mr. Plato, Fletcher Christian, + Lord Blix, Barimor, The Viper, BamBam, Lord Zombie, The Guch, + Eddie Haskel, BigBobRob, Funakashi, The Humble Sysop, Drool Master Rick, + Jrok, Mr. M and God's Gift to the IBM, Mace Mandella + + Ŀ + The Members Boards and Humble Distribution Sites + Ĵ +HOME BOARD-Candyland (615) 834-3333 The Candyman + The Slave Den (904) 376-1117 The Slavelord + HMS Bounty (215) 873-7287 Fletch + Plato's Place (618) 254-5263 Mr. Plato + Iron Fortress (508) 798-3363 Predator + SpamLand (508) 831-0131 Eddie Haskel + Final Frontier (602) 491-0703 Barimor + DownTown 31-5750-29313 BamBam + TinselTown Rebellion (713) 453-2153 The Viper + The Humble Review (319) 372-5987 The Humble Sysop + The Drool Bucket (615) 331-9782 Drool Master Rick + Ĵ + The Badlands (904) PRI-VATE Lowrider + The P.I.T.S. (718) THE-PITS The Pieman + Elusive Dream (317) 452-1257 The Toyman + The Wall (716) PRI-VATE Pink Panther + Twilight Zone (617) 288-2597 Raistlin + The Ice Castle 47-PRI-VATE The Iceman + Black Ice BBS (904) 377-1325 Chaos + Elm Street BBS (214) 407-1801 Freddy Krueger + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! The Humble Guys! + P.O.Box 24541 or post restante + Nashville, TN 37202 p.o. box 99960 + 7200 NA Zutphen Holland + +Send us your hate mail! We LOVE to get your hate mail! All hate mail sent +to the P.O. Box will be sent out on the LSDNet (tm) THG Arts and Letters +Section! + +* Note * All Letter Bombs will be returned to sender. + +Call The Humble Guys Voice Mail Box! 615-664-1952! Leave us a message! + +If you have a fax, and want the docs for your latest game, contact +Drool Master Rick and get in on the Humble Fax Network. + +Look for The Humble Review magazine comming soon to a BBS near you! + +Remember, you too can be either Humble Spittle, a Humble Slave, a +Humble Franchise, a THG Distribution site, or even possibly a member. +Contact us on Candyland, The Slave Den, or Downtown BBS if you are +interested! + +P.S. - The Humble Guys are ALWAYS looking for artists for their Intros! +If you have any artistic ability give one of our boards a call. + + + + \ No newline at end of file diff --git a/textfiles.com/piracy/HUMBLE/blitz.nfo b/textfiles.com/piracy/HUMBLE/blitz.nfo new file mode 100644 index 00000000..eff90630 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/blitz.nfo @@ -0,0 +1,55 @@ + BlitzKreig in the Ardeness + (Or Something Like That..) + + +GRAPHICS:CGA/EGA/VGA +SOUND:The Ultra Hi-Fi IBM PC Honker +CONTROLS:Keyboard/Mouse(Highly Recommended) + +CRACKING NOTES:Don't know what to say about this one really. The only reason + it was cracked and released is because no one has seen it + on the boards. This game looks like a project that was never + finished. Its got file dates from 1986 in there, and file + dates as late as May or June 1990. 4 years to finish a game.. + (And not an excellent one at that..) + Anyhow, it HAD a doc check in the beginning, and it has been + completely removed. Enjoy it if you wish.. + Oh, and read the README.DOC if you have any other questions. + We have no DOCS for the game, so don't expect any.. + + + + +-----------------+ + |The Humble Boards| + +---------------------+-----------------+------------------------+ + |Candyland (615) 834-3333 Candyman | + |HMS Bounty (215) 873-7287 Fletch | + |HMS Bounty Line 2 (215) 873-8620 Still Fletch | + |The Badlands (904) PRI-VATE Lowrider | + |The Slave Den (904) 376-1117 The Spamlord | + |Plato's Place (3 nodes) (618) 254-5263 Mr. Plato | + |The P.I.T.S. (718) THE-PITS The Pieman | + |The Crack in Time (201) 573-0449 Master Blaster | + |Edge of Insanity (206) 868-1435 The Shocker | + |Iron Fortress (508) 798-3363 Predator | + |SpamLand (508) 831-0131 Eddie Haskel | + |Fucked up (305) 227-4110 Bart Simpson | + |Ghost Shadow (213) 221-6861 Ghost Master | + |Elusive Dream (317) 452-1257 The Toyman | + |Final Frontier (602) 491-0703 Barimor | + |TinselTown Rebellion (713) 453-2153 The Viper | + |The Wall (716) 691-5945 Pink Floyd | + +----------------------------------------------------------------+ + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! + P.O.Box 24541 + Nashville, TN 37202 + +Send us anything that you deem appropriate. If you can supply us with games, +give us a call at any of the above listed boards. + + \ No newline at end of file diff --git a/textfiles.com/piracy/HUMBLE/blow.nfo b/textfiles.com/piracy/HUMBLE/blow.nfo new file mode 100644 index 00000000..2a2c4c62 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/blow.nfo @@ -0,0 +1,103 @@ + + + + + + + + + + + ViG/U + + + + \/\ Yet another fine Release from The Humble Team! /\/ + + 'LOW BLOW ][ by ELECTRONIC ARTS' + +ͻ + Protection Bogus DOC Check + Graphics VGA + Controls Moose Required! + Sound Adlib/Sound Blaster/Roland + Supplier THE GRIM REAPER +ͼ + + OK Dude, A Nice Boxing Arcade Game with VGA graphics and ADLIB Sound.. + Give it a try.. The Doc check is fake...This is the Second part of + Low Blow I.. + + + [ Members ]Ŀ + Fabulous Furlough Starring in Deliverance II + The PiePersoN Sexual Deviate (right Bitch?) + The Mad Scientist Duplication Deterrent Removal Expert + JROK Protection Eradication Engineer + Eddie Haskel Sysop of SpamLand + BamBam Sysop of DownTown + Bryn Rogers Wheres My Walking Frame? + Hi.T.Moonweed Sysop of The Flying Teapot + Sauron THG/fx crew + The Mustang Sysop of The Eclipse + XXXXX Hidden + Rawhide Protection Eradication Engineer + Expert |<-Rad d00d + Mad Marvin THG Doc-meister + Law and Order Party Copyright Infringement Specialist + + [ THG Peasants ]Ŀ + DeLiriouS NomaD Catering The Pie Fest '93 + The Slavelord Official THG Virus Tester + Led THG Courier Peasant #2 + StormTrooper THG Courier Peasant #3 + Dreamscape THG (Over Weight) Courier Peasant #4 + Skol! THG Courier Peasant #5 + + [ Member Boards ]Ŀ + The P.I.T.S. (5 Nodes) () - The PiePersoN + SpamLand (3 nodes) () - Eddie Haskel + DownTown (1 lousy node) +-- BamBam + The Flying Teapot (2 Nodes) + - Hi.T.Moonweed + The Eclipse BBS (2 Nodes) () - The Mustang + Private Society () - Mad Marvin + + [ Distribution Sites ]Ŀ + Skull Isle () - Skoal Bandit + Concrete Sea () - Razor Face + The Real World () - Mack The Hack + Piper's Pit (2Nodes) () - Rowdy Roddy Piper + Covert Society () - The Lizard + Big City Lights () - The Hook + Midnight Blues (2Nodes) () - Bitch + The Arena () - Roman + Cloak -/\/- Dagger () - Surak + The Garden of Eden () - Excessive Freddie + C.C.S BBS () - Thunder + The Boxer Rebellion () - The Boxer + Cyberspace (2Nodes) () - Fearless Leader + + + + + + + + + + + + + + + + + + + +Ŀ + This file was distributed via The Lexicon of the Cabal / The Lexicon CAE + + + + \ No newline at end of file diff --git a/textfiles.com/piracy/HUMBLE/bodyblow.nfo b/textfiles.com/piracy/HUMBLE/bodyblow.nfo new file mode 100644 index 00000000..b38b1749 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/bodyblow.nfo @@ -0,0 +1,125 @@ + + + ܰ߱۲ + ܰ߰߰ + ߲ܰ߰ ߲ܰ + ߲ ܰ ܲܰ + ߲۲ ߱ ܰ + ߱ ܰ߰ ߰ + ߲ ߲۰ ߲ ߲ + ۲ ߲ ۱ ۲ ۱ + ۰ ߲۲ ۲ ߲۲ ۲ Slum + + + + + + + Yet another fine Release from The Humble Team! + + ͵ Body Blows From Team 17 Software + + + ͻ + Protection Doc Check.. + Graphics VGA + Controls Joystick/Keys + Sound SB/Adlib + Supplier Uk's Finest + ͼ + + Well youve probably seen the demo for this floating around.. but heres + the final version.. Team 17's first game for the PC and its pretty sweet + about the best SF2 type beat em up seen so far on the PC.. Pretty much + similar to the Amiga version except you can have a max of 8 players on this + version compared to the Amiga.. + + Once the game has installed copy the enclosed BB.EXE over the top of the + original one... + + After Installing the game its probably an idea to reboot before trying to + play the dam thing as it insisted on corrupting the graphics when i tried + it on my machine off the original... + + Many thanks for Fab for doing such a quick job on this, looks the average + is safe still heh.. + + - Hi.T. + + + + + Ŀ + Fabulous Furlough Busy Playing Nintendo + The PiePersoN Beats Little Kittens With Sticks + JROK Protection Eradication Engineer + Eddie Haskel Sysop of SpamLand + BamBam Fucked Pebbles Up The Ass + Bryn Rogers Lost his false Teeth + Hi.T.Moonweed Doing all the hard work + The Mustang Inside Sweet Thing?? + Hydro Creaming his Courgette + Rawhide Having fun with his Au pair girl + The Witch King Hates Ugly PCboards + Gangsta Rok THG (Lack Of) Public Relations + Law and Order Party Deep (Throat) KGB Agent + Joebee Turned Down For Moped Rental + Delerious Nomad THG Janitorial Towel Washer + Beast Doing all the hard work + MickySoft SysOp of The Final Frontier + + + + + + + Ŀ + X TASE & RALPH (Supreme Spreaders!) + Shocker - Untouchable - Bullwinkle - Mellow Man + Forced Entry - Stormtrooper - Mother Turtle - Specs + Hurricane - Red Alert - Lion Heart + + + + + + Ŀ + -+- In The United States Of America -+- + Ĵ + The P.I.T.S. (6 Nodes) () - The PieMan + SpamLand (3 nodes) () - Eddie Haskel + The Eclipse (3 Nodes) () - The Mustang + Final Frontier (4 Nodes) () - MickySoft + R.I.O.T. Control () - Gangsta Rok + The Dwelling (2 Nodes) () - Delerious Nomad + Ĵ + -+- In Europe And Beyond! -+- + Ĵ + The Flying Teapot (2 Nodes) +-- Hi.T.Moonweed + Arcadia (4 Nodes) +-- Beast + DownTown (3 nodes) +-- BamBam + No Name BBS (2 Nodes) + - OFF-LINE Pablo + + + + + + Ŀ + Skull Isle () - Skoal Bandit + Concrete Sea () - Razor Face + The Real World () - Mack The Hack + Piper's Pit (2 Nodes) () - Rowdy Roddy Piper + Covert Society () - The Lizard + Big City Lights () - The Hook + Midnight Blues (2 Nodes) () - Bitch + The Arena () - Roman + The Garden of Delight +-- Excessive Freddie + Thunder BBS () - Thunder + The Boxer Rebellion () - The Boxer + Cyberwars (2 Nodes) () - Fearless Leader + Mode 1o1 () - The Prof. + Carnage + - - Illicit Trader + Horror House + - - Thunder Droid + + + "We're So Glad we're better than you!" - THG'93! diff --git a/textfiles.com/piracy/HUMBLE/btechii.nfo b/textfiles.com/piracy/HUMBLE/btechii.nfo new file mode 100644 index 00000000..0525ca6b --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/btechii.nfo @@ -0,0 +1,56 @@ + Battle Tech II: Crescents Revenge + +Cracking Notes:No Crack Needed +Graphics:You name it, we got it. +Sound:IBM, Adlib, Roland, Covox, Sound Bastard, etc.. + + This is the long awaited Battle Tech II. Yes, not only do we own europe, + but we DO own U.S.A. too. + + Political Bullshit, PE I dont know what you're talking about with this + SlaveBeg.TXT shit, but if you REALLY think I would quit THG, + then dream on.. + + Greets to The Humble Bitch and Backdoor Bandit, you guys do a hell of a + job in making INC look so bad that they won't be around much longer. + Thanks guys! + + More Greets to: Lord Zmobie, Barimor, The Viperdude, Candyman, + The Mad Scientist. + + A Big Humble Guys Yahoo goes out to Lord Blix for his invaluable work + and help in this past week. + + +-----------------+ + |The Humble Boards| + +---------------------+-----------------+------------------------+ + * |Candyland (615) 834-3333 Candyman | + * |HMS Bounty (215) 873-7287 Fletch | + |The Badlands (904) PRI-VATE Lowrider | + * |The Slave Den (904) 376-1117 The Spamlord | + |Plato's Place (3 nodes) (618) 254-5263 Mr. Plato | + |The P.I.T.S. (718) THE-PITS The Pieman | + * |Iron Fortress (508) 798-3363 Predator | + * |SpamLand (508) 831-0131 Eddie Haskel | + |Elusive Dream (317) 452-1257 The Toyman | + * |Final Frontier (602) 491-0703 Barimor | + |LakeSide Park (203) 929-7437 Mr. Xerox | + |The Wall (716) PRI-VATE Pink Panther (heh) | + * |Tinseltown Rebellion (713) 453-2153 The Viper | + |Twilight Zone (617) ???-???? Raistlin (Another 1)| + * |DownTown 31-5750-29313 BamBam | + |The Ice Castle 47-PRI-VATE The Iceman | + |Black Ice BBS (904) 377-1325 Chaos | + +----------------------------------------------------------------+ + '*' denotes this THG board is run by a REAL Humble Guy. + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! + P.O.Box 24541 + Nashville, TN 37202 + +Send us anything that you deem appropriate. If you can supply us with games, +give us a call at any of the above listed boards. + \ No newline at end of file diff --git a/textfiles.com/piracy/HUMBLE/bubble.nfo b/textfiles.com/piracy/HUMBLE/bubble.nfo new file mode 100644 index 00000000..193177a1 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/bubble.nfo @@ -0,0 +1,20 @@ +Bubble Bobble by Nova Logic Through Taito + +Broken by Fabulous Furlough + +Normal Taito Loader - 5 minutes + +Greets to: INC, NYC, Petra, PTL (where are you Guys??), PSI, FiRM + +A Big Yahoo goes out to Nikademus! + +Call These: + + Candyland - 615-333-6561 + Tye Dye Control Central - 615-XXX-XXXX <- Moving + Ozone BBS - 313-689-2876 + +Call The Humble Guys! Voice Mailbox - 615-664-1952 + +For an 8X10 Glossy of your Favorite Humble Guys Memeber, Send a Self Addressed +Stamped Envelope to The Humble Guys! P.O.Box 24541 Nashville, TN 37202 \ No newline at end of file diff --git a/textfiles.com/piracy/HUMBLE/califor2.nfo b/textfiles.com/piracy/HUMBLE/califor2.nfo new file mode 100644 index 00000000..5878bb8c --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/califor2.nfo @@ -0,0 +1,75 @@ + California Games 2 + EPYX Software (Therrrrre Baaaaaack!) + + +Crack: Simple Tie-Dye Protection +Graphics: CGA/EGA/VGA/MCGA/TDY +Controls: Everything +Sound: Adlib Available? - this is what the package Says + +Cracking/Game Notes: + + Pretty Simple crack Really, 2.5 K of Confusion code + 3 lines to change to crack it. + + +The Humble Guys are: The Candyman, Fabulous Furlough, NightWriter, Wico +The Slavelord, Predator, Mr. Plato, Fletcher Christian, Lord Blix, Barimor, +The Viper, BamBam, Lord Zombie, The Guch, BigBobRob, Eddie Haskel, Funakashi, +The Humble Sysop, Drool Master Rick, Jrok, Mr.M, Mace Mandela, Belgarion,and +our HUMBLE leader, Gods Gift to the IBM! + + +-----------------+ + |The Humble Boards| + +---------------------+-----------------+------------------------+ +Members |Candyland (***) ***-**** The Candyman | + |The Slave Den (904) 376-1117 The Slavelord | + |HMS Bounty (215) 873-7287 Fletch | + |The Humble Review (319) 372-5987 The Humble Sysop | + |Plato's Place (3 nodes) (618) 254-5263 Mr. Plato | + |Iron Fortress (508) 798-3363 Predator | + |SpamLand (508) 831-0131 Eddie Haskel | + Boards |Final Frontier (602) 491-0703 Barimor | + |DownTown 31-5750-29313 BamBam | + |TinsleTown Rebellion (713) 453-2153 The Viper | + |----------------------------------------------------------------| +Dist. |The Badlands (904) PRI-VATE Lowrider | + |The P.I.T.S. (2 Nodes) (718) THE-PITS The PieMaN | + |Elusive Dream (317) 452-1257 The Toyman | + Sites |The Wall (716) PRI-VATE Pink Panther (heh) | + |Twilight Zone (617) ???-???? Raistlin (Another 1)| + |The Ice Castle 47-PRI-VATE The Iceman | + |Black Ice BBS (904) 377-1325 Chaos | + |Enterprize Elite (313) 427-8755 Static | + |Paradise City (416) 479-9879 Mongolian Cannibal | + |Gangzterz Paradize 46-313-041-42 Wico | + +----------------------------------------------------------------+ + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! The Humble Guys! + P.O.Box 24541 or post restante + Nashville, TN 37202 p.o. box 99960 + 7200 NA Zutphen Holland + + + +Send us any letters thanking us for being so incredibly great!! We know +you guys worship the ground we walk above, but it's good for you guys +to tell us. All letters will be posted on the LSDnet (tm) arts and letters +section! Please send any computer hardware you dont need! We can use it! +Especially modems and hard drives!! + +* Note * All Letter Bombs will be returned to sender. + +Call The Humble Guys Voice Mail Box! 615-664-1952! Leave us a message! + +Look for The Humble Review magazine comming soon to a BBS near you! + +Remember, you too can be either Humble Spittle, a Humble Slave, a +Humble Franchise, a THG Distribution site, or even possibly a member. +Contact us on Candyland, The Slave Den, or Downtown BBS if you are +interested! + diff --git a/textfiles.com/piracy/HUMBLE/ceasar.nfo b/textfiles.com/piracy/HUMBLE/ceasar.nfo new file mode 100644 index 00000000..08216d72 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/ceasar.nfo @@ -0,0 +1,52 @@ + Ceasar's Palace + Supplied by THE HUMBLE GUYS! + With Special Help from The Blademan + + +GRAPHICS: CGA/EGA +SOUND: hooter +CONTROLS: fingers + +CRACKING NOTES: what crack? if it ain't broke, don't fix it. + +GREETS TO: nobody. this is a half-assed casino game thing that's not + worth saying hello in. + + + +-----------------+ + |The Humble Boards| + +---------------------+-----------------+------------------------+ + |Candyland (615) 834-3333 Candyman | + |HMS Bounty (3 nodes) (215) 873-7287 Fletch | + |The Badlands (904) PRI-VATE Lowrider | + |The Slave Den (904) 376-1117 The Spamlord | + |Plato's Place (4 nodes) (618) 254-5263 Mr. Plato | + |The P.I.T.S. (718) THE-PITS The PieMaN | + |Iron Fortress (508) 798-3363 Predator | + |SpamLand (508) 831-0131 Eddie Haskel | + |Elusive Dream (317) 452-1257 The Toyman | + |Final Frontier (602) 491-0703 Barimor | + |Tonsiltown Rebellion (713) 453-2153 The Viper | + |The Wall (716) 691-5945 Pink Floyd | + |Black Ice (904) 377-1325 Chaos | + |Downtown +31-5750-29313 Bam Bam | + |The Ice Castle +47 Private The Ice Man | + +----------------------------------------------------------------+ + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! The Humble Guys! + P.O.Box 24541 Post RESTANTE + Nashville, TN 37202 P. O. Box 99960 + 7200 NA + Zutphen Holland + +Send us anything that you deem appropriate. If you can supply us with games, +give us a call at any of the above listed boards. + +Also, Call The Humble Guys! Voice Mailbox - 615-664-1952, +Leave us a message, tell us what you think. + + diff --git a/textfiles.com/piracy/HUMBLE/checkit.nfo b/textfiles.com/piracy/HUMBLE/checkit.nfo new file mode 100644 index 00000000..60b459ef --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/checkit.nfo @@ -0,0 +1,113 @@ + + + ܰ߱۲ + ܰ߰߰ + ߲ܰ߰ ߲ܰ + ߲ ܰ ܲܰ + ߲۲ ߱ ܰ + ߱ ܰ߰ ߰ + ߲ ߲۰ ߲ ߲ + ۲ ߲ ۱ ۲ ۱ + ۰ ߲۲ ۲ ߲۲ ۲ Slum + + + + + + + Yet another fine Release from The Humble Team! + + Checkit Pro + + ͻ + Protection Serial Numba + Graphics VGA + Controls Moose, Keyboard + Sound Honker + Deprotected General Lee + Supplier ????????????? + Rating 1-10 [10] Nice Compi Tester + All Ratings are done on a 486-33 + ͼ + +Cracking Notes: + + I just removed the SNR, the stuff should run in every directory ! + General Lee + + +Greets to : The PiePersoN, and Bryn Rogers .. also I would like to greet +our new members Witch King, Joebee,Gangsta RoK..welcome to THG! + +The Piefest was Great! for all you that missed it maybe next year.. DN + + + + + + Ŀ + Fabulous Furlough Starring in Deliverance II + The PiePersoN Sexual Deviate (right Bitch?) + The Mad Scientist Duplication Deterrent Removal Expert + JROK Protection Eradication Engineer + Eddie Haskel Sysop of SpamLand + BamBam Sysop of DownTown + Bryn Rogers Wearing Rubber Underwear. + Hi.T.Moonweed Sysop of The Flying Teapot. + The Mustang Sysop of The Eclipse + Hydro Doing the Five-knuckle Shuffle. + The Witch King The THG FrockMaster + Rawhide Protection Eradication Engineer + Expert /<-Rad d00d + Mad Marvin THG Doc-meister + Law and Order Party Copyright Infringement Specialist + General Lee Duplication Deterrent Removal Expert + Gangsta RoK THG Frockette + Joebee Can't find his car!! Missing the key? + + + + + + Ŀ + DeLirious NomaD Master of Peasants! this week + The Slavelord Official THG Virus Tester + Led THG Courier Peasant #2 + Stormtrooper THG Courier Peasant #3 + Dreamscape THG Courier Peasant #4 + Skol! THG Courier Peasant #5 + Shocker THG Courier Peasant #6 + X TASE/TRiAD THG Courier Peasant #7 + + + + + + Ŀ + The P.I.T.S. (5 Nodes) () - The PiePersoN + SpamLand (3 nodes) () - Eddie Haskel + DownTown (3 nodes) +-- BamBam + The Flying Teapot (2 Nodes) + - Hi.T.Moonweed + Private Society () - Mad Marvin + + + + + + Ŀ + Skull Isle () - Skoal Bandit + Concrete Sea () - Razor Face + The Real World () - Mack The Hack + Piper's Pit (2Nodes) () - Rowdy Roddy Piper + Covert Society () - The Lizard + Big City Lights () - The Hook + Midnight Blues (2Nodes) () - Bitch + The Arena () - Roman + Cloak -/\/- Dagger () - Surak + The Garden of Eden +-- Excessive Freddie + Thunder BBS () - Thunder + The Boxer Rebellion () - The Boxer + Cyberwars (2Nodes) () - Fearless Leader + + + Have a Nice day:) diff --git a/textfiles.com/piracy/HUMBLE/combat.nfo b/textfiles.com/piracy/HUMBLE/combat.nfo new file mode 100644 index 00000000..5d1cac6f --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/combat.nfo @@ -0,0 +1,95 @@ + Operation ComBat + From Merit Software + + +Cracking: Simple Doc check, Made EXTREMELY clean in 10 minutes. +Graphics: CGA/EGA/Tandy +Controls: Mouse/Keyboard +Sound: You Tell ME! + +Cracking/Game Notes: VERY Simple doc check, the reason it took 10 minutes was +that I ate some Great Chinese Food from Across the street. +"Five Flavor Chicken With a GREAT Egg roll, and Won Ton Soup".. YUM!! +This game was out on the AMIGA an eternity ago, (The crack was lousy though). +Well, here it is, you can play it over the modem, I know there are folks out +there looking for anything that works over the modem.. + +Greets: +Some quick greetz go to the Crew at That GREAT Chinese Place, the GREATEST +suppliers on the face of the Earth! + + +The Humble Guys are: The Candyman, Fabulous Furlough, NightWriter, Magnetic +The Slavelord, Predator, Mr. Plato, Fletcher Christian, Lord Blix, Barimor, +The Viper, BamBam, Lord Zombie, The Guch, Eddie Haskel, Funakoshi, Wico, +The Humble Sysop, Drool Master Rick, JROK, Mr.M, Mace Mandella, Belgarion, +The Humble Babe, Harry Lime, Black Plague and our HUMBLE leader, Gods +Gift to the IBM ! + + +-----------------+ + |The Humble Boards| + +---------------------+-----------------+------------------------+ +Members |Candyland (***) ***-**** The Candyman | + |The Slave Den (904) 376-1117 The Slavelord | + |HMS Bounty (2 nodes) (215) 873-7287 Fletch | + |The Humble Review (319) 372-5987 The Humble Sysop | + |Plato's Place (3 nodes) (618) 254-5263 Mr. Plato | + |Iron Fortress (508) 798-5492 Predator | + |SpamLand (508) 831-0131 Eddie Haskel | + Boards |Final Frontier (602) 491-0703 Barimor | + |DownTown 31-5750-29313 BamBam | + |TinselTown Rebellion (713) 453-2153 The Viper | + |Enterprize Elite (313) 442-7543 The Humble Babe | + |Festering Pit (206) 481-2728 Belgarion | + |Inner Circle +46-31-304142 Wico | + |The Inferno (416) 841-1933 Black Plague | + +----------------------------------------------------------------+ +Dist. |The P.I.T.S. (3 Nodes) (718) THE-PITS The PieMaN | + | (718) PRI-VATE Don't U DARE Call! | + |Elusive Dream (317) 452-1257 The Toyman | + Sites |The Wall (716) PRI-VATE Pink Floyd | + |Twilight Zone (617) ???-???? Raistlin | + |The Ice Castle (+47) PRI-VATE The Iceman | + |Black Ice BBS (904) 377-1325 Chaos | + |Paradise City (416) 479-9879 Mongolian Cannibal | + |Swindler's Stronghold (703) 722-6051 Loan $hark | + |Software Conspiracy (305) 235-4335 Sparrowhawk | + |The Phortress System I (914) 221-0035 The FREEZE | + |The Phortress System II (914) 227-6847 Mephistopheles | + |Access Denied! (313) 977-5880 Access | + |The Cove (317) 743-1168 Viper | + |BBS a Holic (213) PRI-VATE Genesis | + |Dark Data Security (+39) 2 29519751 Tom Cat | + |Maximum Security (408) 867-5139 The Warden | + +----------------------------------------------------------------+ + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! The Humble Guys! + P.O.Box 24541 or Post Restante + Nashville, TN 37202 p.o. box 99960 + 7200 NA Zutphen Holland + + + +Send us any letters thanking us for being so incredibly great!! We know +you guys worship the ground we walk above, but it's good for you guys +to tell us. All letters will be posted on the LSDnet (tm) arts and letters +section! Please send any computer hardware you don't need! We can use it! +Especially modems and hard drives!! + +* Note * All Letter Bombs will be returned to sender. + +Call The Humble Guys Voice Mail Box! 615-664-1952! Leave us a message! + +Look for The Humble Review magazine coming soon to a BBS near you! + +Remember, you too can be either Humble Spittle, a Humble Slave, a +Humble Franchise, a THG Distribution site, or even possibly a member. +Contact us on Enterprize Elite if you are interested! + +Also, Call the Humble 900 number - 1-900-535-4200 ext. 780 +NOTE! $2.00 per minute. Updated EVERY Monday Morning!! + diff --git a/textfiles.com/piracy/HUMBLE/commanch.nfo b/textfiles.com/piracy/HUMBLE/commanch.nfo new file mode 100644 index 00000000..302cc271 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/commanch.nfo @@ -0,0 +1,126 @@ + + + ܰ߱۲ + ܰ߰߰ + ߲ܰ߰ ߲ܰ + ߲ ܰ ܲܰ + ߲۲ ߱ ܰ + ߱ ܰ߰ ߰ + ߲ ߲۰ ߲ ߲ + ۲ ߲ ۱ ۲ ۱ + ۰ ߲۲ ۲ ߲۲ ۲ Slum + + + + + + + Yet another fine Release from The Humble Team! + + Maximum Overkill : Data Disk 1 + Full Release + + ͻ + Protection None + Graphics Very Pretty + Controls Joystick, Keyboard, Meeses + Sound All + Deprotected Trojan Ribbed + Supplier The WiTCH KiNG + Rating 1-10 [9] + ͼ + +Game Notes: This data disk takes you further into the envelope with 30 new + missions and new terrain. Arctic assaults to high noon fire-fights + in desert terrain, will thrill you. New missions, new etrrain, new + enemies, new tactics....this has it all! + +Greets: PieMan, Law & Order Party, Delerious Nomad, Joebee, Fabulous Furlough, + Gatekeeper, Master of Puppets, Gansta Rok! + + +Note : Escape key.......Money, equipment.....these things do not make one cool! + + + + + + + Ŀ + Fabulous Furlough Busy Playing Nintendo + The PiePersoN Beats Little Kittens With Sticks + The Mad Scientist Duplication Deterrent Removal Expert + JROK Protection Eradication Engineer + Iceman Who The Hell Is He? + Eddie Haskel Sysop of SpamLand + BamBam Fucked Pebbles Up The Ass + Bryn Rogers Wants To Move To New York + Hi.T.Moonweed Smoked Too Much Moonweed + The Mustang Sysop of The Eclipse + Hydro Doing the Five-knuckle Shuffle + The Witch King Waiting To Return Joebee's Car + Gangsta Rok THG (Lack Of) Public Relations + Law and Order Party Deep (Throat) KGB Agent + General Lee Duplication Deterrent Removal Expert + Joebee Turned Down For Moped Rental + Delerious Nomad THG Janitorial Towel Washer + Fourth Reich Killed Hitler, Fucked Ava + Tormented Soul Wishes He Knew About This + + + + + + Ŀ + The Slavelord Official THG Virus Tester + StormTrooper THG Courier Peasant #2 + Led THG Courier Peasant #3 + Dreamscape THG Courier Peasant #4 + Skol! THG Courier Peasant #5 + Shocker THG Courier Peasant #6 + X TASE/TRiAD THG Courier Peasant #7 + Sniper THG Courier Peasant #8 + Bullwinkle THG Courier Peasant #9 + Mellow Man THG Courier Peasant #10 + Untouchable THG Courier Peasant #11 + Lost Rider THG Courier Peasant #12 + Forced Entry THG Courier Peasant #13 + + + + + + Ŀ + The P.I.T.S. (5 Nodes) () - The PiePersoN + SpamLand (3 nodes) () - Eddie Haskel + DownTown (3 nodes) +-- BamBam + The Flying Teapot (2 Nodes) + - Hi.T.Moonweed + The Dwelling (2 Nodes) () - Delerious Nomad + R.I.O.T. Control () - Gangsta Rok + + + + + + Ŀ + Skull Isle () - Skoal Bandit + Concrete Sea () - Razor Face + The Real World () - Mack The Hack + Piper's Pit (2Nodes) () - Rowdy Roddy Piper + Covert Society () - The Lizard + Big City Lights () - The Hook + The Eclipse (2Nodes) () - The Mustang + Midnight Blues (2Nodes) () - Bitch + The Arena () - Roman + Cloak -/\/- Dagger () - Surak + The Garden of Eden +-- Excessive Freddie + Thunder BBS () - Thunder + The Boxer Rebellion () - The Boxer + Cyberwars (2Nodes) () - Fearless Leader + Mode 1o1 () - The Prof. + Cloud Nine Elite () - Nimbus + The Persian Gulf () - The Goblin + Infiniti Node ]I[ (2Nodes) () - Cazzaza + Soul Of The Hunter () - Tormented Soul + The Private Collection () - Wildchild + diff --git a/textfiles.com/piracy/HUMBLE/continum.nfo b/textfiles.com/piracy/HUMBLE/continum.nfo new file mode 100644 index 00000000..e775b833 --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/continum.nfo @@ -0,0 +1,84 @@ + Continuum + From Data East/Infogrammes + Broken by Fabulous Furlough + + +GRAPHICS:HERC/CGA/EGA/VGA +CONTROLS:Joystick/Keyboard +SOUND:Yes +CRACK: One of the Neatest Doc checks I've seen recently, so I didn't take it out + just press the enter key 3 times, or feel free to play with it. + + +A SPECIAL HUMBLE YAHOO TO: All the Humble Fans Everywhere + +GREETS TO: INC - Geez, if it wasn't for Taiwan, you guys would be DEAD! + + + + + + The Humble Guys are: + + The Candyman, Fabulous Furlough, NightWriter, + The Slavelord, Predator, Mr. Plato, Fletcher Christian, + Lord Blix, Barimor, The Viper, BamBam, Lord Zombie, The Guch, + Eddie Haskel, BigBobRob, Funakashi, The Humble Sysop, Drool Master Rick, + Daniel, Jrok, Mr. M and Mace Mandella + + Ŀ + The Members Boards and Humble Distribution Sites + Ĵ +HOME BOARD-Candyland (XXX) XXX-XXXX The Candyman + The Slave Den (904) 376-1117 The Slavelord + HMS Bounty (215) 873-7287 Fletch + Plato's Place (618) 254-5263 Mr. Plato + Iron Fortress (508) 798-3363 Predator + SpamLand (508) 831-0131 Eddie Haskel + Final Frontier (602) 491-0703 Barimor + DownTown 31-5750-29313 BamBam + TinselTown Rebellion (713) 453-2153 The Viper + The Humble Review (319) 372-5987 The Humble Sysop + The Drool Bucket (615) 331-9782 Drool Master Rick + Ĵ + The Badlands (904) PRI-VATE Lowrider + The P.I.T.S. (718) THE-PITS The Pieman + Elusive Dream (317) 452-1257 The Toyman + The Wall (716) PRI-VATE Pink Panther + Twilight Zone (617) 288-2597 Raistlin + The Ice Castle 47-PRI-VATE The Iceman + Black Ice BBS (904) 377-1325 Chaos + Elm Street BBS (214) 407-1801 Freddy Krueger + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! The Humble Guys! + P.O.Box 24541 or post restante + Nashville, TN 37202 p.o. box 99960 + 7200 NA Zutphen Holland + +Send us your hate mail! We LOVE to get your hate mail! All hate mail sent +to the P.O. Box will be sent out on the LSDNet (tm) THG Arts and Letters +Section! + +* Note * All Letter Bombs will be returned to sender. + +Call The Humble Guys Voice Mail Box! 615-664-1952! Leave us a message! + +If you have a fax, and want the docs for your latest game, contact +Drool Master Rick and get in on the Humble Fax Network. + +Look for The Humble Review magazine comming soon to a BBS near you! + +Remember, you too can be either Humble Spittle, a Humble Slave, a +Humble Franchise, a THG Distribution site, or even possibly a member. +Contact us on Candyland, The Slave Den, or Downtown BBS if you are +interested! + +P.S. - The Humble Guys are ALWAYS looking for artists for their Intros! +If you have any artistic ability give one of our boards a call. + + + diff --git a/textfiles.com/piracy/HUMBLE/covert.nfo b/textfiles.com/piracy/HUMBLE/covert.nfo new file mode 100644 index 00000000..bb55aa1c --- /dev/null +++ b/textfiles.com/piracy/HUMBLE/covert.nfo @@ -0,0 +1,80 @@ + Covert Action + By Microprose + Broken by Fabulous Furlough + +GRAPHICS:CGA/EGA/MCGA/VGA (256 Color)/Tandy +CONTROLS:Keyboard &| Joystick +SOUND:Adlib/SB/Speaker/NONE/Roland +CRACK: Simple Name the Director of the CIA question + + +A SPECIAL HUMBLE YAHOO TO: All the Humble Spittle! + +GREETS TO: All our European Contacts, you guys are Cookin'! + + + + The Humble Guys are: + + The Candyman, Fabulous Furlough, NightWriter, + The Slavelord, Predator, Mr. Plato, Fletcher Christian, + Lord Blix, Barimor, The Viper, BamBam, Lord Zombie, The Guch, + Eddie Haskel, BigBobRob, Funakashi, The Humble Sysop, Drool Master Rick, + Mr. M and God's Gift to the IBM + + Ŀ + The Members Boards and Humble Distribution Sites + Ĵ +HOME BOARD-Candyland (615) 834-3333 The Candyman + The Slave Den (904) 376-1117 The Slavelord + HMS Bounty (215) 873-7287 Fletch + Plato's Place (618) 254-5263 Mr. Plato + Iron Fortress (508) 798-3363 Predator + SpamLand (508) 831-0131 Eddie Haskel + Final Frontier (602) 491-0703 Barimor + DownTown 31-5750-29313 BamBam + TinselTown Rebellion (713) 453-2153 The Viper + The Humble Review (319) 372-5987 The Humble Sysop + The Drool Bucket (615) 331-9782 Drool Master Rick + Ĵ + The Badlands (904) PRI-VATE Lowrider + The P.I.T.S. (718) THE-PITS The Pieman + Elusive Dream (317) 452-1257 The Toyman + The Wall (716) PRI-VATE Pink Panther + Twilight Zone (617) 288-2597 Raistlin + The Ice Castle 47-PRI-VATE The Iceman + Black Ice BBS (904) 377-1325 Chaos + Elm Street BBS (214) 407-1801 Freddy Krueger + + +For an 8x10 glossy of your favorite Humble Guys member, send a self-addressed +stamped envelope to: + + The Humble Guys! The Humble Guys! + P.O.Box 24541 or post restante + Nashville, TN 37202 p.o. box 99960 + 7200 NA Zutphen Holland + +Send us your hate mail! We LOVE to get your hate mail! All hate mail sent +to the P.O. Box will be sent out on the LSDNet (tm) THG Arts and Letters +Section! + +* Note * All Letter Bombs will be returned to sender. + +Call The Humble Guys Voice Mail Box! 615-664-1952! Leave us a message! + +If you have a fax, and want the docs for your latest game, contact +Drool Master Rick and get in on the Humble Fax Network. + +Look for The Humble Review magazine comming soon to a BBS near you! + +Remember, you too can be either Humble Spittle, a Humble Slave, a +Humble Franchise, a THG Distribution site, or even possibly a member. +Contact us on Candyland, The Slave Den, or Downtown BBS if you are +interested! + +P.S. - The Humble Guys are ALWAYS looking for artists for their Intros! +If you have any artistic ability give one of our boards a call. + + +