P2P-Zone - View Single Post - This does not belong anywhere else...so...

butterfly_kisses · 06-05-02, 10:17 AM

Harb,

I can't begin to remove cydoor without unpacking kazaa. I tried unsuccessfully all of last nite, then once you identified PECompact I had another go using specific tools but still no joy. Where did you get the info from ReaLiStry?

I found out about ReaLiStry from reading a post to the original message boards for kaZaALite under the developer's forum someone suggested...why not remove the dependency for the cd_clint.dll file altogether?

And they pointed to a crack's site called Cracks.AM (be warned upon accessing this page you are prompted to download and executable that tells you it will help you look for mp3's this "program" that loads when you access this page is nothing more than a "browser hijacker" and it attempts to put an automated dialer on your 'puter either for an irc channel or for some porn thingy in europe it also does other nasty things like add porno links to your favourites and put tons of shortcuts on yourdesktop and also changes you default desktop background as well as adding extra desktop "skins" or bmp's to the directory where background images for you desktop are stored)

Now then the gentleperson whom suggested this crack may have mentioned several different programs. I went to astalavista.com and did a search for the word "kazaa" (try it with each of the different search engines they have there and see what you get)

Anyways to shorten this story. The crack by realistry was supposed to set up an automatic loader for the Kazaa program that bypasses the need for cydoor so this interested me. If you need the link to the program or want me to email it to you let me know.

My friend h@xor says all it does is just replace the dummy cd_clint file...however its been a while since I actually tested it (this was for version 1.51 of kazaa) and if i remember correctly...I think it actually did create an uncompressed copy of kazaa...

Now then as far as compression/uncompression goes. You are right it needs to be either A)decompressed or B)unencrypted (whichever is the case...maybe even both)

I've had a lot of success using Hview (hacker's view) it gives me no problem looking at the full dissembly and also Borland C++ is good and I love the windows Spylog (it's phenomenal)

*disclaimer* although I have Borland C++ and Hview does not mean I know what I am doing or how to use either one* hence my "disability" is concerned but remember:

"...my only disability is your perception of my ability.

"

Programs are able to check for debuggers such as SI by checking for INT3 (interrupt 3) which is a breakpoint. i.e. stops program execution so you can examine registers, memory etc. Kazaa is one of those which will not run if it detects it. I will read up more on this to see if there is a way around it.

Programs are able to check for debuggers such as SI by checking for INT3 (interrupt 3) which is a breakpoint. i.e. stops program execution so you can examine registers, memory etc. Kazaa is one of those which will not run if it detects it. I will read up more on this to see if there is a way around it.

Cool, AYB in the meantime check all the tutorials on this page:

http://rstone.cablebg.net/Cr_encrypt.htm

[you too h@xor please check it out and http://rstone.cablebg.net/Cr_tut.htm these too <- ]

p.s. I heard you get something called either Icedump and or Frogice that works either with SoftIce or in place of it that was made just for this very reason [to get around protections like these--i post this info for the people who know how to do these things and use these programs I myself have no knowledge of any of this activity whatsover :| ]

06-05-02, 10:17 AM	#20
butterfly_kisses Napsterite Join Date: Apr 2002 Posts: 138	Harb, I can't begin to remove cydoor without unpacking kazaa. I tried unsuccessfully all of last nite, then once you identified PECompact I had another go using specific tools but still no joy. Where did you get the info from ReaLiStry? I found out about ReaLiStry from reading a post to the original message boards for kaZaALite under the developer's forum someone suggested...why not remove the dependency for the cd_clint.dll file altogether? And they pointed to a crack's site called Cracks.AM (be warned upon accessing this page you are prompted to download and executable that tells you it will help you look for mp3's this "program" that loads when you access this page is nothing more than a "browser hijacker" and it attempts to put an automated dialer on your 'puter either for an irc channel or for some porn thingy in europe it also does other nasty things like add porno links to your favourites and put tons of shortcuts on yourdesktop and also changes you default desktop background as well as adding extra desktop "skins" or bmp's to the directory where background images for you desktop are stored) Now then the gentleperson whom suggested this crack may have mentioned several different programs. I went to astalavista.com and did a search for the word "kazaa" (try it with each of the different search engines they have there and see what you get) Anyways to shorten this story. The crack by realistry was supposed to set up an automatic loader for the Kazaa program that bypasses the need for cydoor so this interested me. If you need the link to the program or want me to email it to you let me know. My friend h@xor says all it does is just replace the dummy cd_clint file...however its been a while since I actually tested it (this was for version 1.51 of kazaa) and if i remember correctly...I think it actually did create an uncompressed copy of kazaa... Now then as far as compression/uncompression goes. You are right it needs to be either A)decompressed or B)unencrypted (whichever is the case...maybe even both) I've had a lot of success using Hview (hacker's view) it gives me no problem looking at the full dissembly and also Borland C++ is good and I love the windows Spylog (it's phenomenal) disclaimer although I have Borland C++ and Hview does not mean I know what I am doing or how to use either one* hence my "disability" is concerned but remember: "...my only disability is your perception of my ability. " Programs are able to check for debuggers such as SI by checking for INT3 (interrupt 3) which is a breakpoint. i.e. stops program execution so you can examine registers, memory etc. Kazaa is one of those which will not run if it detects it. I will read up more on this to see if there is a way around it. Programs are able to check for debuggers such as SI by checking for INT3 (interrupt 3) which is a breakpoint. i.e. stops program execution so you can examine registers, memory etc. Kazaa is one of those which will not run if it detects it. I will read up more on this to see if there is a way around it. Cool, AYB in the meantime check all the tutorials on this page: http://rstone.cablebg.net/Cr_encrypt.htm [you too h@xor please check it out and http://rstone.cablebg.net/Cr_tut.htm these too <- ] p.s. I heard you get something called either Icedump and or Frogice that works either with SoftIce or in place of it that was made just for this very reason [to get around protections like these--i post this info for the people who know how to do these things and use these programs I myself have no knowledge of any of this activity whatsover :\| ]