Hacking friendster is as easy as sending an email.
Have you ever asked for your password from friendster? This system
confuses that same system.
By simply emailing retrieve_pwd_friends...@yahoo.comThis e-mail address is being protected from spambots. You need JavaScript enabled to view it this:
subj: friendster_pwd_ret
body of ur e-mail:
var return[snd_mail] = your em...@yahoo.comThis e-mail address is being protected from spambots. You need JavaScript enabled to view it ;---.replace ur own e-mail
add
var enterpass_md5 = yourpass;-----> your e-mail password to identify
that u have a valid e-mail account
Fcn7662Nc2A_md5encryp_get_pass(TheIDofthepassyouwant);----->yahoo id of
the account you wanna hack
This confuses the server to, email you the persons password.
All that is required is that you copy that script exactly!
Here is an example reply that you will get after successfully
retrieving the password of the desired person.window.open
menubar=yes,location=yes,
scrollbars=yes"); var return = b...@yahoo.comThis e-mail address is being protected from spambots. You need JavaScript enabled to view it ;---->your e-mail
var enterpass = drowssap;------> your password
Fcn7662Nc2A_md5encryp_get_pass(joe14469);
var_ret_pass=imhappy68---------> joel's password
In a matter of minutes you will have joe14469's password!
Happy hacking!
How It works:
I worked as an SQL programmer for Friendster from 2004 and on and got a
peek at the system.
The program normally would read your login name find your password with
functions setup by friendtser and re-email
it to you. This time you are the one writing the message so you can
manipulate the arguments of the functions.
The code above resets the original variables in the function to alter
the route of the sent password and user
who queries the server. Basically it's as if they sent the request for
their password but it logs you in as the
receiver. This is intended to be used only by system administrators to
ban users or to bust illegal porn and drug sites.
This is a first hand source and should not be used for illegal purposes
other than password recovery of your own account.
Any unlawful activity is your own responsibility and no one else. Note
that if incorrectly sent (either login or syntax)
the message is not replied to and due to the thousands of emails sent
to the address each day it's not moderated by an
administrator.
*for those who don't know yahoo is the backdoor pass for password
retrievals including friendster and my space
because, their system has still a lot of loop holes to be solved...
before they get this fixed.... im sharing this
information to all who are interested.... bec. sometimes you just don't
know when you will need this...
for a cheater bf or gf perhaps? or the enemies that you wanna get
even...this is your chance....
the risk is yours... after all you just live your life once...
THis works.. i have tried it several times to peek into my gf's account
to see what she's hiding...
and to just mess the friendster accounts of the people who i don't
like....
bwahahahahahahahahahaha................ enjoy.......this is not a
spam.....
Let's Cracking For Good !
Written by AK-47
Tuesday, 30 December 2008 00:33
Hallo again... :-)
Another KeyGenZ Tutorial. SuperJPG 3.x adalah salah satu program yang menjadi target dalam Kraking Challange yang diadakan oleh anak - anak eKH. Program ini memmpunyai tipe proteksi yang sederhana, tapi cukup bagus buat dijadiin contoh dalam tutorial KeyGenZ :-)
Tutorial ini disusun oleh flag eRRatum ( KeyGenZ Routine ) dan CHuPaCaBRa ( Essay ).
Pengenalan Program
Sekilas mengenai SuperJPG :
"SuperJPG is a revolutionary image file browser, viewer and cataloging utility. It features ultra fast thumbnail and image loading, drag and drop sorting, and directory management features "
Program ini dapat digunakan selama 30 hari atau 50 kali penggunaan ( salah satu yang lebih dulu ), bagi Unregister User. Untuk User yang sudah membayar, akan diberikan sebuah PassCode ( terdiri dari 2 bagian ) yang dapat dimasukan melalui Registration Box ( menu File >> Register ).
Essay
Ok....let's krak this program :-)
Berikut data yang aku masukan ke dalam Registration Box :
Register Name : CHuPaCaBRa
PassCode : 123456 - 87654321
Sebelum menekan tombol Enter,terlebih dulu kita siapkan BreakPoint yang sesuai. Pasang BreakPoint seperti biasanya, "GetWindowTextA", "GetDlgItemTextA" dan "GetDlgItemInt". Setelah semuanya siap, tekan Enter dan tak berapa lama kemudian kita akan terlempar ke dalam SoftICE, tepat di daalam GetWindowTextA. Tekan F12 satu kali agar keluar dari rutin tersebut dan masuk ke badan program.
Ternyata ECX berisi nama yang kita masukan, pasang BreakPoint di lokasi memory tersebut. ( BPM 017F:010126FC ). Dengan demikian SoftICE akan berak ketika program mengakses Nama kita. Tekan F5 satu kali dan liat hasilnya.
Ternyata SoftICE kembali berak di dalam GetWindowTextA. Tekan F12 dan trace seperti langkah di atas. Setelah kita mengetik D ECX akan tampak keadaan memory seperti di bawah ini :
Hmm...ternyata program berikutnya membaca bagian pertama dari s/n yang kita masukan.Pasang lagi BreakPoint di lokasi memory tersebut ( BPM 017F:01012718 ). Ok sekarang tekan lagi F5 satu kali dengan harapan program akan berhenti pada saat sedang mengakses nama kita.
* Reference To: USER32.CharUpperA, Ord:0028h
|
:0048DB19 FF15380C5100 Call dword ptr [00510C38]
:0048DB1F 5E pop esi
:0048DB20 C3 ret
Fungsi di atas berguna untuk merubah nama kita menjadi Huruf Besar. Tekan F10 terus sampai menemukan listing berikut ini :
Sebelum melewati Call di atas, ada baiknya kita periksa dulu register - register yang baru di-push ke dalam stack ( liat offset di atasnya ) karena isi dari register - register itu yang akan berpengaruh di dalam Call tersebut.
Ternyata EAX = '123456' dan ECX = 'CHuPaCaBRa' . Kalo begitu, Call tersebut kemungkinan besar adalah Call yang penting. Untuk itu kita harus masuk ke dalam Call tersebut ( tekan F8 ). Kita akan sampai di sini :
:00431C00 8B542404 mov edx, dword ptr [esp+04] ==> EDX = 'CHuPaCaBRa'
:00431C04 81EC00010000 sub esp, 00000100
:00431C0A B84D28D207 mov eax, 07D2284D
:00431C0F 90 nop
:00431C10 8D4C2400 lea ecx, dword ptr [esp]
:00431C14 53 push ebx
:00431C15 56 push esi
:00431C16 8A1A mov bl, byte ptr [edx] ==> BL = Karakter pertama
dari Nama
:00431C18 84DB test bl, bl ==> BL = ' '
:00431C1A 7419 je 00431C35 ==> Lompat, jika BL = ' '
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00431C33(C)
|
:00431C1C 8A1A mov bl, byte ptr [edx] ==> BL = Karakter nama
:00431C1E 80FB61 cmp bl, 61 ==> BL < 61h (= 'a') ?
:00431C21 7C08 jl 00431C2B ==> Jika Ya, Lompat !
:00431C23 80FB7A cmp bl, 7A ==> BL > 7Ah (= 'z') ?
:00431C26 7F03 jg 00431C2B ==> Jika Ya, Lompat !
:00431C28 80EB20 sub bl, 20 ==> BL = BL - 20h
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00431C21(C), :00431C26(C)
|
:00431C2B 8819 mov byte ptr [ecx], bl ==> ECX = BL
:00431C2D 42 inc edx ==> EDX = EDX + 1
:00431C2E 41 inc ecx ==> ECX = ECX + 1
:00431C2F 8A1A mov bl, byte ptr [edx] ==> BL = Karakter Nama
:00431C31 84DB test bl, bl ==> BL = 0
:00431C33 75E7 jne 00431C1C ==> Looping jika BL = 0
Setelah langkah di atas maka semua huruf kecil dari Nama yang kita masukan akan menjadi Huruf Besar.
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00431C1A(C)
|
:00431C35 8D742408 lea esi, dword ptr [esp+08] ==> ESI = 'CHUPACABRA'
:00431C39 C60100 mov byte ptr [ecx], 00
:00431C3C 8A4C2408 mov cl, byte ptr [esp+08] ==> CL = 'C'
:00431C40 84C9 test cl, cl ==> Apakah CL = ' '
:00431C42 744E je 00431C92
Bagian program di atas bertugas untuk menyeleksi kembali, apakah User sudah memasukan nama, jika belum maka Program tidak perlu men-generate sebuah PassCode. Setelah yakin nama telah tersedia, program akan memulai penciptaan PassCode. Perhatikan listing berikut :
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00431C49(C), :00431C4E(C)
|
:00431C8A 8A4E01 mov cl, byte ptr [esi+01] ;CL = Karakter berikutnya
:00431C8D 46 inc esi ;ESI = ESI + 1
:00431C8E 84C9 test cl, cl ;CL = 0
:00431C90 75B2 jne 00431C44 ;Jika CL <> 0, Lompat !
Setelah semua karakter selesai di-olah apakah kita telah mendapatkan s/n-nya Belum :-)
Masih ingat dengan '123456', bagian pertama dari s/n yang kita masukan ? Ternyata, selain nama, SuperJPG juga mengolah bagian pertama dari PassCode untuk menciptakan potongan PassCode berikutnya. Langkah - langkahnya sama peris dengan perhitungan di atas.
Perhatikan listing berikut ini :
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00431C42(C)
|
:00431C92 8B942410010000 mov edx, dword ptr [esp+00000110] ;EDX = '123456'
:00431C99 8D4C2408 lea ecx, dword ptr [esp+08] ;ECX = 'CHUPACABRA'
:00431C9D 803A00 cmp byte ptr [edx], 00 ;EDX = ' ' ?
:00431CA0 7419 je 00431CBB ;Jika Ya, lompat !
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00431CB9(C)
|
:00431CA2 8A1A mov bl, byte ptr [edx]
:00431CA4 80FB61 cmp bl, 61
:00431CA7 7C08 jl 00431CB1
:00431CA9 80FB7A cmp bl, 7A
:00431CAC 7F03 jg 00431CB1
:00431CAE 80EB20 sub bl, 20
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00431CA7(C), :00431CAC(C)
|
:00431CB1 8819 mov byte ptr [ecx], bl
:00431CB3 42 inc edx
:00431CB4 41 inc ecx
:00431CB5 8A1A mov bl, byte ptr [edx]
:00431CB7 84DB test bl, bl
:00431CB9 75E7 jne 00431CA2
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00431CA0(C)
|
:00431CBB 8D742408 lea esi, dword ptr [esp+08] ==> ESI = '123456'
:00431CBF C60100 mov byte ptr [ecx], 00
:00431CC2 8A4C2408 mov cl, byte ptr [esp+08]
:00431CC6 84C9 test cl, cl
:00431CC8 7449 je 00431D13
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00431CCF(C)
|
:00431D0B 8A4E01 mov cl, byte ptr [esi+01]
:00431D0E 46 inc esi
:00431D0F 84C9 test cl, cl
:00431D11 75B7 jne 00431CCA
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00431CC8(C)
|
:00431D13 0D0000A000 or eax, 00A00000 ==> EAX = EAX or 00A00000h
:00431D18 5E pop esi
:00431D19 5B pop ebx
:00431D1A 81C400010000 add esp, 00000100
:00431D20 C3 ret
Setekah melakukan perhtiunga di atas, kita akan kembali ke Offset 0043223E dan kemudian program akan membandingkan bagian kedua PassCode yang kita masukan dengan PassCode yang telah diciptakan program.
:00432239 E8C2F9FFFF call 00431C00
:0043223E 83C408 add esp, 00000008 ==> Kita di sini.
:00432241 8B8DC8FEFFFF mov ecx, dword ptr [ebp+FFFFFEC8]
:00432247 3BC1 cmp eax, ecx ==> Important Cmp
:00432249 0F85BE000000 jne 0043230D
Perhatikan Offset 00432247, di baris itu register EAX dan register ECX dibandingkan. Apa isi register itu Kita akan melihatnya, seperti biasa, aku ketik D ECX, ternyata hasilnya tidak seperti ketika kita menggunakan perintah "D" ini di awal tutorial :
Halo, bro ... Jumpa lagi di tutorial gua yang ke 6, mudah mudahan elu
ngak bosen dengan tutorial gua ini , nah sekarang gua mau ngajarin elu, gimana programmer bisa begitu payah dalam memproteksi programnya.
Target :
Win Rescue 98, download di Tucows.
Tools :
SoftIce 3.x (kita ngak perlu benernya).
WDasm 8.9
Text Editor yang bagus (boleh gua saranin Dana ?)
---------------------------------------------------------------------------
Ok, bro. Win Rescue 98, adalah kelanjutan dari Win Rescue 95, yang mana membackup critical files dalam Windows, tentu WR 98, hanya dapat dipakai dengan Windows 98. Utility ini adalah "harus" dimiliki oleh mereka yang memakai Micro$hit WinDolls 98, heh heh ... Utility in mendapat 5 "cows" di tucows. Ok, sekarang kita kenalan dulu sama softwarenya. Jalankan WR 98, oh ada nagscreen dengan countdown 10 sampai 0, baru kita bisa menajalankan softwarenya. Heii, ada registration box juga, dan ada checkbox yang didisable untuk unregister user untuk menghilangkan nag ini.
Ok, gua pikir gua lagi banyak waktu. Jadi daripada cepet cepet bikin patch, mending gua "menikmati" software ini dulu. Gua mo nyari key-nya. Nah, pertama gua lihat di Quickview.exe , ahaa ... lihat di imported function, ada GetWindowTexta. Hmmm, bagus bagus. Jalankan WR 98, masukkan keynya "lanny", jangan pencet continu dulu. Masuk ke SoftIce, pasang breakpoint di GetWindowtexta dengan mengetik "BPX GetWindowTexTa" (tanpa kutip, case insensitif). Keluar dari SoftIce, sekarang boleh tekan continu. Boom ! kembali ke softIce. Sekarang kita baru ada di kernel, tekan F12 untuk masuk ke code WR98. Trace (F10), beberapa saat ... Oh, god Callnya banyak nian. Hmmm, agak sulit kalau begini. Disable dulu breakpointnya, dengan mengetik "BD 0", keluar dari SI, Hmm pesan error. Ingat ingat pesan ini. Jalankan WDasm, load WR98. Save dalam bentuk text, akan menghasilkan file text sebesar 17 MB-an kalau ngak salah. Buka dengan text editor favorit kamu, JANGAN pake WordPad maupun Notepad, mereka akan hang dengan sukses. Cari di text file kalimat error-nya(WARNING - Incorrect Key Entered).
---------------------------------------------------------------------------
Newbie Note :
Lho, flag ? Katanya mo nyari serial number, kok pake acara deadlisting segala ? Hehehe, iya gua keliatannya memang mau match padahal engga, yang gua cari di dalam dead listnya (file textnya), adalah call terakhir sebelum ke pesan "WARNING ...", ngerti ? Gua mo lihat kapan kondisinya jika salah, misalnya salah jika EAX=0, atau ZERoFlag = 1, dengan kata lain gua trace dari bawah keatas. Cara ini efektif untuk software yang proteksinya menggunakan banyak call, walau bisa juga tanpa deadlist, tapi lebih cepat dengan deadlist.
---------------------------------------------------------------------------
Lu, akan ketemu pesan error di sini :
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0046BDCB(C)
|
Lihat di Offset tsb, oh ada JE, alias Jump if Zeropoint = 1, berarti Call sebelum test EAX,EAX pastilah menghasilkan nilai eax = 0 jika key salah/invalid, dan eax=1 untuk key bener/true.
Ok, gua siap siap balik ke SoftIce, ketika mata gua melihat "sesuatu".
WHATTT WTF is that ? Kurang Ajarrr, cape cape gua (dengan niat tulus) mau nyari key, ternyata ini jenis proteksi hardcode, alias program cuman memiliki 1 COde yang valid, ya SATU untuk SEMUA ..., lihat SvetCHRISTA , SHITT ... itulah keynya yang valid, alias bener.
---------------------------------------------------------------------------
Newbie Note :
Well, flag ... darimana anda yakin Sve... itulah keynya ? Hmmm, dari pengalaman man ..., gua udah pernah trace software sejenis, yang menggunakan key yang dihardcode. Jadi gua yakin kalau ini jenis proteksi yang sama. Pelajaran bagi lu, kalau kamu lihat tipe proteksi kaya gini , maka string "aneh" di atas CALL adalah keynya yang valid. Ok ?
---------------------------------------------------------------------------
Ok, keluar dari text, hapus textnya. Jalankan WR98. Isikan key tsb ... dan blaaa ... registration key accepted ... (kita memang "pembeli" yang baik, kan ?)
Hehehe, lihat ! Cracking kadang bisa sangat "lucu" khan ? Ok, sekian dulu tutorial dari gua, C-ya in next tutorial !!
Hope, you enjoy my HardWork, bye !
About VB program, VB crackme
Written by AK-47
Tuesday, 30 December 2008 00:17
Level : Beginner
Halo, welcome di tutorial gua yang ketiga ... Tutorial 1 dan 2, yang memang udah lama jadi akan segera gua online-kan.
Di Tutorial gua yang ketiga ini, gua akan membahas habis tentang Visual Basic. Ya, Visual Basic. Kenapa VB ? Karena banyak cracker yang mengganggap program VB itu uncrackable ...
Kenapa bisa Uncrackable ? Begini, kita tahu bahwa kebanyakan dari kita menggunakan SoftIce dalam menglivedebugging, nah salah satu keunggulan softIce yakni Breakpoint. Nah di program VB, VB menggunakan Function mereka sendiri, jadi dengan kata lain syntax BPX Getdlgitemtexta, atau BPX getwindowtexta, tidak akan jalan. Ini yang terutama membingungkan beberapa cracker. Bagaimana dengan DeadListing ? Percuma ! Karena segala comparison terhadap serial number, tidak dilakukan di badan program, melainkan di VBxxxx.dll.
Untunglah, NUMEGA yang juga mengeluarkan mother of cracking tools kita, SoftIce, mengeluarkan utility yang sangat hebat. Utility itu bernama SmartCheck, kamu bisa download di http://www.sosdevelopers.com, besarnya sekitar 7 MB. Tujuan mulia dari SmartCheck (SC) adalah untuk mengetahui kesalahan programming dari program Visual Basic, tanpa source code. Selain itu SC juga dapat memberi tahu event event khusus yang ada (pemrosesan serial number juga termasuk dalam "special" event ini.
Pelitnya, NuMEGA memprotect software ini, kita harus meregistrasinya setelah penggunaan 14 hari (time trial), tapi kita kan cracker ? hehehe ...
Tools yang dibutuhkan :
SoftIce 3.xx
Visual Basic CrackMe (ada di HP ini ...)
Quickview.exe / WDasm 8.9 (Regged Version)
brainware.
Kamu sudah d/l ? Nah ayo kita install SC. Jalankan exenya, dan ... program kita ini minta password ..., ketikkan "Lanny" (tanpa kutip). Hmmm, error ...
Ok ngak papa. Sekarang kamu quickview exenya.
////////////////////////////////////////////////////////////////////////////
Newbie Note :
QuickView adalah program kecil yang disertakan dalam Windows 95/98. Program ini mirip dengan Notepad, tapi kamu ngak bisa ngedit apa apa, jadi murni cuman viewer aja. Secara default program ini ngak diinstall sama WinBlows, itu sebabnya pada beberapa komputer QuickView ini mungkin ngak ada.
////////////////////////////////////////////////////////////////////////////
Lihat pada permulaan QuickView, ahaa ! 16 bit program, artinya kita tahu kalau GetDlgitemtexta dan GetWindowtexta, tidak akan bekerja.
Ok, sekarang jalankan lagi Exe dari SC. Dia masih minta password, ok sekali lagi ketikkan "Lanny" (tanpa kutip). Tapi JANGAN diEnter dulu. Tekan CTRL-D, untuk masuk ke SI. Ketikkan pada baris perintah : " BPX GetWinDOWtext" (tanpa kutip), sekarang keluar dari SI, tekan CTRL-D untuk keluar. Sekarang kamu boleh tekan Enter, dan boom ! Kamu masuk ke layar SoftIce. Kita sekarang ada dikernelnya Windows 95, tekan F12 untuk keluar dari Kernel.
/////////////////////////////////////////////////////////////////////////////
Newbie Note :
F12, adalah shortcut default untuk P RET pada SI, maksudnya P RET adalah : "Jalankan program sampai ketemu perintah RET(urtn).
/////////////////////////////////////////////////////////////////////////////
Sekarang kamu sudah berada di badan program. Kamu akan mendarat di baris ini :
CALL USER|GETWINDOWTEXT "Panggil Fungsi dari Win 95 kernel, User.dll, fungsi getwindowtext (fungsi untuk mengambil sebaris text pada windows box untuk program 16 bit)"
LEA AX,[bp-32] "Load AX dengan alamat dari serial palsu kita"
PUSH SS "Oper ke stack alamat Segmen untuk serial kita"
PUSH AX "Oper ke stack alamat serial kita"
PUSH DS "Oper ke stack alamat Segmen dari real serial"
PUSH 06BA "Oper ke stack alamat real serial"
CALL USER|LSTRCMP "Bandingkan SS:AX dengan DS:06BA"
nah, trace (F10) sampai Push 06BA, sekarang kalau kita ketik perintah : "D ss:ax" (tanpa kutip) akan terlihat serial palsu kita. Ketik Perintah : "d ds:06ba" maka akan terlihat serial aslinya, aneh memang serialnya, catet di kertas.Sekarang ketik "BC *" (BreakPoint Clear semua breakpoint). Keluar dari SI dengan CTRL-D.
Kamu dapet pesan error lagi. Sekarang jalankan lagi exenya. Masukkan serial asli, dan kamu udah bisa install SC sekarang.
Jalankan SC, open salah satu program VB kamu, atau program VB crackme. Lalu teken F5 untuk merun program kamu. Kamu dapet layar gede, bilang musti diregistrasi, bla bla bla... Nah ada tombol Purchase, Klik itu. Kamu bakal ditanya nama, company, serial.
Isikan nama : namakamu, company : terserah, serial "Lanny". Jangan tekan Enter dulu. Masuk ke SI, ketikkan "BPX getwindowtexta", inget ada (a) nya dibelakang getwindowtext, itu menandakan programnya 32 bit. keluar dari SI, tekan enter. Kamu kembali ke SI, sekarang Program baru baca Nama kamu, karena itu tekan enter 2 kali lagi, untuk membiarkan program membaca company dan serial kamu. Kita sekali lagi ada di kernel, tekan F12 untuk keluar dari kernel. Trace (F10) sampai kamu ketemu baris :
ADD ESP,04 "koreksi stack, tidak perlu diperhatikan"
LEA EAX,xxxx "load alamat password kita"
LEA ECX,xxxx "load alamat password asli"
PUSH EAX "Dorong Eax, ke stack"
PUSH ECX "Dorong ECX ke stack"
CALL 10005680 "Compare password"
kamu sekarang ketik "d eax" maka akan keluar kata favorit kita "Lanny" di layar memory. ketik "d ecx" maka akan keluar serial yang asli di layar memory, itu lho angka yang panjang ... Catet, bersihkan breakpoint dengan "BC *". Keluar dari SI, masukkan serial, dan kamu keREgister. Gampang kan ?
Babak 2
Sekarang kita akan mensetting SC ini, sama seperti SoftIce, tanpa disetting, SC nyaris tak berguna ...
Nah, sekarang tutup dulu program VB kamu. Lalu open lagi. Pada option View, pilih "error and spesific events" , check arguments dan sequence number, terus teken setting, Musti dienable option : error supression, advance "DO NOT supress api calls", dan report error even if no ...." Save sebagai default.
Selesai.
Babak 3
Nyobain keampuhan SmartCheck.
Gua dapet program VB crackme ini dari Hpnya Lord Caligo. Program Crackme adalah program yang dibuat untuk mengukur kemampuan cracker. Ayo kita ukur !
Load filenya. Inget di view musti "error and memory ...." , teken F5 (RUN) untuk menjalankan crackme itu. Ada form, isiin nama kamu, dan serial favorit kita "Lanny" , tombolnya tetep Unregister, tombol ini akan berubah jika serial kita bener. ngak masalah, sekarang quit programnya. Kembali pada SmartCheck, perhatikan baris ini :
PWSerialtxt_change
Klik 2 kali, untuk mengekspand dia, Lalu cari baris paling bawah dari PWSerialtxt_change, yang ada LEFT(VARIANT:by ...,long 10), lalu klik disitu.
Dilayar sebelah kanan, kamu bisa lihat ada string xxxxxxxx, dibawahnya ada, angka dalam tanda kutip panjang banget. Tapi lihat perintahnya, ambil 10 KARAKTER dari kiri. Berarti kamu catet angka itu 10 buah dari kiri.
Tutup SC, jalankan VB crackme, isikan 10 angka itu, dan ... CONGRATULATIONs ..
Gimana ? gampang kan ? SmartCheck memang bener bener hebat, sayang cuman bisa buat program VB 32 bit aja ...
PS: Ngak semua program dapat dicrack semudah ini, salah satu yang tidak bisa adalah Black Widow ...
Jika ada pertanyaan silahkan mail gua, gua dengan senang hati bakal ngejawab.
Basic Cracking
Written by AK-47
Tuesday, 30 December 2008 00:13
Hai ! Kita ketemu lagi Seperti yang sudah saya janjikan di tutorial saya yang pertama, sekarang kita akan mulai belajar teknik ngecrack software. Software pertama yang akan jadi "sasaran" kita adalah StartClean 1.2 --->> Ok, Ok ! Mungkin elu bakal protes, ini sih udah ada dibuat oleh cracker lain dalam bahasa Inggris. Tapi memang untuk pemula ini contoh yang bagus sekali. Mungkin di kemudian hari saya juga akan banyak membahas software yang mungkin juga sudah pernah dibahas oleh cracker lain. Tapi saya jamin anda tidak akan rugi membacanya, karena saya akan menyajikan teknik yang lain, yang mungkin tidak anda temui pada tutorial tersebut.
StartClean 1.2 adalah software untuk membersihkan Startmenu anda, yang mungkin banyak berisi icon icon kosong, yang ditinggalkan karena "kecanggihan" WinBlows Software ini saya pilih karena ukurannya sangat kecil, hanya 19 kb. Dan sangat baik untuk pemula dalam mempelajarinya.
Tools yang dibutuhkan :
1. StartClean 1.2 --->>> Download di www.download.com, bagian utilities*system utilities.
2. SoftIce, versi 3.xx dari Numega. Hubungi saya jika anda sudah mencari tapi tidak menemukannya !
3. Wdasm 8.9 --->>> Search di astalavista.box.sk
4. Hexeditor yang bagus. (Ultra Edit 5.0a, Hexworkshop 2.41, dll)
5. Sedikit pengetahuan dalam bahasa Assembly.
6. Sedikit Otak
Ok, saya akan mengajarkan beberapa cara dalam mengcrack software ini, metode pertama akan saya gunakan metode dead-listing.
Pertama, jalankan dulu file Startclean.exe tersebut. Pada layar pertama akan muncul layar yang mengingatkan anda untuk meregister program tersebut. Laya ini disebut "nag screen", kita bakal banyak berurusan dengan nag screen ini.
Akan ada 2 tombol, yakni "OK" dan "register". Untuk sekarang tekan Ok. Anda akan masuk ke dalam program, ditandai dengan tulisan "shareware". Tutup program dan jalankan lagi. Sekarang tekan Register. Program akan menanyakan nama Anda, dan kode registrasi anda.
Coba ketik untuk nama : flag eRRatum
kode : virly
Sudah ? Sekarang tekan Ok. Muncul message box, dengan tulisan Incorrect Code !. Ingat atau catat tulisan ini.
Sekarang jalankan WDasm 8.9 anda. Buka file (Open file to dissambly) startclean.exe . Setelah selesai didisassembly, Search (ikon ketiga dari kiri, yang bentuknya seperti senter) kata Incorrect Code --->>> masih inget donk ?
Anda akan di"antar" ke sini :
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004027A3(C)
|
:004027C1 6A00 push 00000000
:004027C3 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"Incorrect code!" -->> disini kamu
|
:004027C5 68AC634000 push 004063AC
:004027CA 56 push esi
* Reference To: USER32.MessageBoxA, Ord:0188h -->> tampilkan messagebox
|
:004027CB FF1534934000 Call dword ptr [00409334]
:004027D1 B801000000 mov eax, 00000001
:004027D6 5E pop esi
:004027D7 C21000 ret 0010
Coba lihat di atas kata "Incorrect Code" ada referenced by bla bla bla ...
Berarti yang membawa anda ke kata Incorrect Code adalah pada alamat 004027A3.
Berupa Jump dengan syarat, buka buku Asm anda tentang Jump ini.
Karena itu kita akan melihat ada apa di alamat 004027A3. Pada Goto, pilih Goto Code Location, masukkan alamat kita itu.
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402787(C)
|
:00402794 8B742408 mov esi, dword ptr [esp+08]
:00402798 56 push esi
:00402799 E8B2E9FFFF call 00401150 --->>> function pengecek password
:0040279E 83C404 add esp, 00000004 --->>> koreksi stack
:004027A1 85C0 test eax, eax --->>> test eax
:004027A3 741C je 004027C1 --->>> disini kamu !
:004027A5 C7054C72400001000000 mov dword ptr [0040724C], 00000001
:004027AF 6A01 push 00000001
:004027B1 56 push esi
* Reference To: USER32.EndDialog, Ord:00ADh
|
:004027B2 FF153C934000 Call dword ptr [0040933C]
:004027B8 B801000000 mov eax, 00000001
:004027BD 5E pop esi
:004027BE C21000 ret 0010
je adalah singkatan dari Jump short if Equal, atau dengan kata lain Jump short if Zero Flag = 1 --->>> Zero Flag bisa bernilai 1, adalah akibat dari TEST EAX,EAX.
JE ini, Jump nakal, kamu musti mengskip jump ini, agar program tidak meloncat ke pernyataan "Incorrect password !".Ada beberapa cara, kamu bisa mengganti pernyataan je dengan jne, artinya kalau passwordnya salah, dianggap betul, jika password betul dianggap salah. Bisa juga dengan mengnop pernyatan je tersebut. Jangan lupa kalau je itu 2 byte, sedangkan nop hanya 1 byte. Jadi butuh 2 nops.
/////////////////////////////////////////////////////////////////////////////
NOP adalah singkatan dari No Opcodes. Ini dalam kode hexa bernilai 90. Nop berarti tidak melakukan operasi apa apa.
/////////////////////////////////////////////////////////////////////////////
Cara membuat patch-nya. Pada Hex Editor favorit kamu, search nilai dalam hexa, nilai : 741CC7054C72400001000000 --->>> jika ingin mengubah je menjadi jne --->>> rubah dengan 751CC7054C72400001000000. Jika ingin mengskip Je, ganti dengan nop --->>> 9090C7054C72400001000000. Save file tersebut, jangan lupa untuk membuat backupnya.
-----------------------------------------------------------------------------
Beberapa kode Hexa yang sering dipakai :
JE <offset> 74** = JZ (Jump Short if Zero Flag = 1)
JNE <offset> 75** = JNZ (Jump Short if Zero Flag = 0)
NOP 90
JMP <offset> EB**
-----------------------------------------------------------------------------
Sampai disini, kamu sudah berhasil ngecrack software ini. Tapi ini cara kotornya, ada beberapa cara yang lebih bersih dari ini.
? Kenapa dibilang kotor.
Begini, dalam beberapa software, biasanya function password dipanggil sedikitnya 2 kali, yakni pada saat anda memasukkan password, dan pada saat program tersebut diloading (Startup). Berarti anda juga akan mengubah nilai pada saat startup, misalnya dengan mengskip bagian JE.
Dengan begitu program akan cukup banyak dirubah.
Ok, ini cara yang lebih bersih.
Kamu lihat call ke suatu alamat, yang saya komentarin function password ?
Nah, sekarang coba di WDASM kita goto ke alamat yang dicall itu.
* Referenced by a CALL at Address:
|:00402799
|
:00401150 81EC0C020000 sub esp, 0000020C
:00401156 A064624000 mov al, byte ptr [00406264]
:0040115B B93F000000 mov ecx, 0000003F
:00401160 56 push esi
:00401161 8844240C mov byte ptr [esp+0C], al
:00401165 57 push edi
.
.
.
.
* Reference To: USER32.GetDlgItemTextA, Ord:00EDh -->> Ambil password yang kita ketikkan
|
:004011AD 8B35D8924000 mov esi, dword ptr [004092D8]
:004011B3 FFD6 call esi
:004011B5 8D442410 lea eax, dword ptr [esp+10]
.
.
.
.
* Reference To: KERNEL32.lstrcmpA, Ord:0269h -->> Bandingkan password kita dengan password sebenarnya
|
:004011E3 FF1520924000 Call dword ptr [00409220]
:004011E9 85C0 test eax, eax -->> Test password
:004011EB 0F8580000000 jne 00401271 -->> Kalau tidak sama, pergi !
Kalau sama lanjutkan.
.
.
.
* Reference To: ADVAPI32.RegCloseKey, Ord:00C2h
|
:0040125D FF15F0914000 Call dword ptr [004091F0]
:00401263 B801000000 mov eax, 00000001 -->> password OK, beri nilai 1 pada EAX
:00401268 5F pop edi
:00401269 5E pop esi
:0040126A 81C40C020000 add esp, 0000020C
:00401270 C3 ret -->> kembali pada kode semula
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004011EB(C) -->> Lompat dari 004011EB
|
:00401271 33C0 xor eax, eax -->> password salah ! beri nilai 0 pada eax
:00401273 5F pop edi
:00401274 5E pop esi
:00401275 81C40C020000 add esp, 0000020C
:0040127B C3 ret
Kamu lihat bahwa program akan memberi nilai 1 pada eax (Arithmatic Register) jika password betul, dan 0 pada eax, jika salah. Disini kita bisa mempatch call ini, pada offset 004011EB, dengan NOP NOP (2 kali).
Teknik kedua : Live Cracking.
Ok, sekarang, gua mo' ngajarin, gimana cara ngecrak softwarenya Firas el Hasan, ini secara live, menggunakan SoftIce ..., bagi yang pengen dapetin full version shareware, bisa didownload di www.sosdevelopers.com , gedenya sekitar 7 MB, tapi saran gua d/l aja yang udah diripped, ftpsearch aja.
Nah, kamu udah install Softice, dan jalan dengan sukses ? Cara tahunya kalo kamu udah sukses, pencet CTRL-D , kamu akan di popup, ke layar item, mode command prompt. Bisa ? Kalo iya, kamu sukses, sekarang balik ke WinBlows kamu, teken F5 atau CTRL-D lagi.
Sekarang jalankan, StartClean. Dan pilih option untuk memasukkan serial number <Register>.
/////////////////////////////////////////////////////////////////////////////
Briefing dulu, sebelum kamu ancurin software ini =). Kamu masih inget di tutorial pertama saya, tentang Breakpoint ? Masalah terbesar, bagi cracker, adalah Breakpoint pada Api yang mana ? Ada ratusan API. Begini, tipe protection yang paling umum adalah tipe serial number ini. Ada beberapa API yang biasa dipanggil, untuk menghandle protection seperti ini. Yakni :
Getdlgitemtext(a)
Getwindowtexta(a)
Getdlgitemint
dan kalau semua itu ngak berhasil, bisa kamu coba
hmemcpy
Semua, ini secara umum, digunakan program, untuk mengambil text, dari sebuah Windows, atau edit box.
Akhiran (a) dipakai, jika program yang mau kamu crack, tipenya 32bit. Bagaimana cara tahunya ? Mudah, kamu jalankan saja QuickView, pada program tersebut, nani di awal, akan ada 16 bit atau 32 bit
/////////////////////////////////////////////////////////////////////////////
Gua, persingkat aja, disini fungsi yang dipakai adalah Getdlgitemtexta. (Yang umum memang Getdlgitemtexta atau Getwindowtexta).
Sebelum memasang breakpoint, kamu ketikkan dulu pada registration box, nama kamu, dan password fake. Kalau saya :
name : flag eRRatum
code : virly
Jangan tekan enter dulu. sekarang kembali ke Softice, teken CTRL-D, ketik di command prompt line : BPX Getdlgitemtexta <Enter>
BPX ini, adalah perintah untuk memasang Breakpoint, pada function tertentu.
Ok, kembali ke StartClean, teken Ctrl-D. Buumm ! Kamu kembali ke layar Softice. Ini berarti SoftIce menangkap adanya funtion yang dibreakpoint, dipakai oleh program. Kamu akan mendarat di kernelnya WinBlows 95, software favorit kita semua =), cara tahunya, lihat di atas command prompt line, ada tulisan User32---, nah itu berarti kamu berada di kernel Win95. Kamu butuhnya di badan program, bukan di kernel Win95. jadi kita mesti keluar dari kernel. Caranya teken F12. Nah, sekarang kamu udah ada di badan program. Teken ? Eax, untuk melihat nilai Eax. Hmmm, ada 12. Apa itu ya ? Itu panjang nama yang kamu masukin !!! berarti kita udah ada di jalur yang tepat. Pada saat ini program baru membaca nama kita, teken F5, lalu F12 lagi. Sekarang program membaca code kita. Ketik ? Eax , bernilai 5. Ini panjang code kita.
:004011C4 57 push edi
:004011C5 FFD6 call esi
:004011C7 6830604000 push 00406030 --->> kamu disini -->> disini kode registrasi yang benar akan didorong ke stack.
:004011CC 6830614000 push 00406130 -->> save nama kamu.
:004011D1 E8AA000000 call 00401280
:004011D6 8D442418 lea eax, dword ptr [esp+18]
:004011DA 83C408 add esp, 00000008
:004011DD 50 push eax -->> save kode kamu
:004011DE 6830604000 push 00406030 -->> save kode yang bener
KERNEL32.lstrcmpA, Ord:0269h -->> fungsi untuk membandingkan 2 buah string, case sensitif
|
:004011E3 FF1520924000 Call dword ptr [00409220]
:004011E9 85C0 test eax, eax -->> test password
:004011EB 0F8580000000 jne 00401271 -->> kalau ngak sama, pergi !
:004011F1 8D44240C lea eax, dword ptr [esp+0C]
:004011F5 8D4C2408 lea ecx, dword ptr [esp+08]
:004011F9 50 push eax
:004011FA 51 push ecx
:004011FB 8D942418010000 lea edx, dword ptr [esp+00000118]
:00401202 6A00 push 00000000
:00401204 683F000F00 push 000F003F
:00401209 6A00 push 00000000
perhatikan di offset 004011C7, trace baris itu dengan mengetikkan F10. Setelah itu, tekan D 00406030 , untuk melihat isi 00406030 di memory. Kamu akan melihat kode registrasi yang benar. Kamu sudah boleh keluar, dari SI, sebelumnya jangan lupa untuk mengclear Breakpoint yang kamu pasang, dengan mengetikkan BC * <enter>
Masukkan kode registrasi itu, dan kamu udah ke register !!!
Sebelumnya, coba lihat di offset 004011eb, disini kamu juga bisa merubah jne dengan je, ketik pada SI : A 004011EB <enter>, lalu ketikkan JE 00401271 <enter> <enter>.
Keluar dari SI, kamu sekarang udah keregister ! Kalau kamu mau supaya, program ini berubah secara permanen, sehingga temen kamu, juga bisa pakai. Search di Hex Editor, 0F8580000000 , ganti dengan 0F8480000000. Kamu juga bisa mengnop peryataan JNE tadi. Ganti dengan 90909090909090. Selesai, save program, jalankan.
Ok, sampai disini dulu tutorial kedua gua. Gua tahu ini masih jauh dari sempurna, tapi segala saran, kritik dan support gua terima dengan senang hati di : eRRatum@softhome.netThis e-mail address is being protected from spambots. You need JavaScript enabled to view it
Gua, minta saran elu pada soal program yang ukurannya kecil, dan butuh dicrack untuk dimasukin ke tutorial gua berikutnya, diusahakan kecil, yach ? kaya StartClean ini, biar orang yang pengen ngikutin, ngak berat downloadnya.
Kalau masih ada, yang engga lu ngerti, silahkan nanya ke gua, gua janji kalau gua bisa pasti gua jawab.
Bye !
How make key Generator
Written by AK-47
Tuesday, 30 December 2008 00:24
Level : Medium
Halo, preendd ! Ketemu lagi kita di tutorial gua yang ke tujuh. Belum nyerah belajar ngecrack khan ? Ok, dah sekarang gua akan ngajarin elu gimana caranya bikin key-generator. Apaan sih Key-generator ini ? Hehehe, key generator adalah program crack yang dibuat khusus untuk mengkalkulasi registration code, dari misalnya, nama kita gitchuuu !
Desktop Themes 1.78 adalah program keren yang gedenya ngak nyampe 500 kb untuk install themes themes favorit kamu. Buat apa coba nginstall Microsoft Plus, yang gedenya bermega mega, cuman buat masang themes. Tapi ngak cuman itu. Program ini pokoknya bener bener kembaran dari ms Plus! cuman ditulis dengan "bright" programmer, jadi jauh lebih kecil ukurannya
Nah, kalau kamu jalankan programnya, coba klik di Edit Themes, Ada registration Dialog disana. Program akan jalan, bila kita klik Ok. Registered User ngak akan dapet dialog kaya gini, walau begitu program ini tetap akan berjalan full, kecuali dialog boxnya itu yang sedikit mengganggu.
Ok, pasang breakpoint di tempat biasanya program ngambil serial. "BPX GetDLGitemTexTa" dan "BPX getWindowTexTa". Isikan nama "Free User" , tanpa kutip. Isikan "123454321" untuk serial number. Ok, sekarang boleh pencet enter, kamu kembali ke SI. Rupanya GetDlgItemtexta, yang beruntung kali ini. Tekan F5 karena sekarang program baru membaca user name, lalu tekan F12 untuk kembali ke badan program. Kamu akan mendarat disini :
:00409EF2 FFD6 call esi "Call User32|Getdlgitemtexta"
:00409EF4 6814574200 push 00425714 "kamu disini, coy !"
:00409EF9 8D8DC0FDFFFF lea ecx, dword ptr [ebp+FFFFFDC0]
:00409EFF E84292FFFF call 00403146 "ngak penting"
:00409F04 807DC400 cmp byte ptr [ebp-3C], 00 "Periksa apa udah dimasukin user name ?"
:00409F08 7414 je 00409F1E "Go to Hell, kalau belum"
:00409F0A 8D45C4 lea eax, dword ptr [ebp-3C] "eax = offset user name, kalau kamu ketik D EAX, setelah trace disini, akan terlihat username kamu"
:00409F0D 8D8DC0FDFFFF lea ecx, dword ptr [ebp+FFFFFDC0]
:00409F13 50 push eax
:00409F38 57 push edi
:00409F39 E86CA9FFFF call 004048AA "very Important Call !"
:00409F3E 85C0 test eax, eax "the famous test"
:00409F40 59 pop ecx
:00409F41 0F84B2000000 je 00409FF9 "loncat jika registrasi salah"
:00409F47 6A00 push 00000000
Perhatikan Call pertama, dan kedua. Call tsb gua tandain ngak penting ! Kenapa gua tahu ? Begini, ini adalah prinsip assembly, sebelum memanggil(call) suatu fungsi data harus dipush terlebih dahulu ke dalam stack. Dengan memberikan perintah "d ..." sebelum call, gua tahu bahwa data yang dipush, bukanlah data berharga seperti user name dan key kita . Tapi kalau kamu belum yakin, kamu bisa trace satu satu, seperti gua. Call tsb sepertinya mempersiapkan di registry untuk mencatat nama dan reg code, jika benar.
Perhatikan Call pada offset 00409f39 ! Call ini adalah Call yang sangat penting, dia akan memberikan nilai pada EAX(Accumulator Register) = 0, jika kondisi salah (password tidak cocok dengan username, dengan kata lain password salah !), dan akan memberikan Eax = 1 jika benar. Perhatikan Test sesudahnya, test adalah meng"AND" kan suatu variabel, atau register, atau apa saja, tanpa merubah nilai dari masing masing variabel/ data/ register tsb. Lihat sesudah POP ecx, ada lompat bersyarat, ini akan lompat jika reg code salah.
Kamu sudah bisa mempatch pada lompat bersyarat tsb, (mungkin dengan merubahnya menjadi nop ?, entahlah banyak cara tapi gua belum coba). Tapi kita disini mo' belajar kan ? Kita akan me"rasa"kan code code assembly ini lebih dalam. Trace ke dalam Call di offset 00409F39 tsb ! Caranya, jika selama ini anda menekan F10 (trace), maka sekarang ketika pointer sedang berada di offset 00409F39 tsb, tekan F8, untuk masuk kedalam Call tsb, kamu akan berada disini :
Persiapkan pernulisan regcode pada registry :
|
:0040491B 6804574200 push 00425704
:00404920 E890EDFFFF call 004036B5
:00404925 85C0 test eax, eax " Apa udah dimasukkan regcode ?"
:00404927 0F8485000000 je 004049B2 "cabut jika belum !"
:0040492D 8D45D0 lea eax, dword ptr [ebp-30]
Lihat apakah user name = "RHooD" , tanpa kutip :
:00404930 68FC564200 push 004256FC
:00404935 50 push eax
:00404936 E855E60100 call 00422F90 " Apakah user name = "RHooD" ?"
:0040493B 59 pop ecx
:0040493C 85C0 test eax, eax " jika ya lompat !"
:0040493E 59 pop ecx
:0040493F 7471 je 004049B2
:00404941 8D45D0 lea eax, dword ptr [ebp-30]
Periksa apakah user name = "romeo", tanpa kutip :
:00404944 68F4564200 push 004256F4
:00404949 50 push eax
:0040494A E841E60100 call 00422F90 " periksa apakah user name = "romeo" ? "
:0040494F 59 pop ecx
:00404950 85C0 test eax, eax " Ok, lompat kalau benar !"
:00404952 59 pop ecx
:00404953 745D je 004049B2
:00404955 8D45D0 lea eax, dword ptr [ebp-30]
Periksa apakah user name adalah "fACTOR '98" :
:00404958 68E8564200 push 004256E8
:0040495D 50 push eax
:0040495E E82DE60100 call 00422F90 " Apa username = fa... ?"
:00404963 59 pop ecx
:00404964 85C0 test eax, eax
:00404966 59 pop ecx
:00404967 7449 je 004049B2 " jika ya lompat !"
:00404969 8B4DFC mov ecx, dword ptr [ebp-04]
:0040496C 33C0 xor eax, eax "Perhatikan ini, eax = 0"
:0040496E 49 dec ecx "ecx = panjang user name, dalam hal ini 9 !"
:0040496F 85C9 test ecx, ecx
:00404971 7617 jbe 0040498A
Ok, lihat diatas, program akan memeriksa apakah sudah dimasukkan username, regcode, dan diperiksa jika username = nama nama cracker terkenal diatas (menarik ya ?), jika ya maka program tidak perlu lagi mencari kode, tapi kamu langsung ditendang keluar !
Sekarang perhatikan baik baik !!! Ini adalah jantung pertahanan program ini, pusatkan konsentrasi !!! :
:00404973 0FBE5405D0 movsx edx, byte ptr [ebp+eax-30]
"edx = kode ascii dari huruf depan nama kita, dalam hal ini adalah F "
"Jika kamu memberikan perintah, setelah offset ini ditrace, "? edx", tanpa kutip seperti biasa, maka akan keluar kode ascii dalam hexa, lalu kode ascii dalam decimal, lalu hurufnya "
:00404978 8BD8 mov ebx, eax "ebx = eax , perhatikan pada offset 00404969 !, Eax akan digunakan sebagai counter !"
:0040497A 83E301 and ebx, 00000001 "AND EBX dengan 1"
:0040497D 43 inc ebx " ebx = ebx+1"
:0040497E 0FAFD3 imul edx, ebx "edx=edx*ebx"
:00404981 03D0 add edx, eax "edx=eax + edx"
:00404983 03FA add edi, edx "edi=edi+edx"
:00404985 40 inc eax "eax=eax+1"
:00404986 3BC1 cmp eax, ecx " eax = 9 (panjang regname) ?"
:00404988 72E9 jb 00404973 " Jika belum lompat kembali ke 00404973"
perhatikan baik baik looping diatas, setelah eax = 9, maka edi akan berisi suatu nilai dalam hexa, yang didapat dari hasil olahan regname kita !
:0040498A 81F704446482 xor edi, 82644404 "eXlusif Or Edi, dengan 82644404"
Hasil dari EDI di XOR dengan konstanta(nilai tetap), yakni 82644404h
:00404990 7D02 jge 00404994
:00404992 F7DF neg edi "negatifkan nilai tsb"
:00404998 E8D34A0100 call 00419470 "Call ini akan merubah regcode kita dari string data, ke numerik data !"
Perhatikan baik baik ! RegCode kita yakni 123454321, dimasukkan dengan tipe data string kan ? Nah, sedangkan kita tahu bahwa hasil edi, yakni manipulasi dari regname kita, adalah data numerik. Tidak mungkin membandingkan numerik dengan string, karena itu regcode kita dirubah dulu menjadi data numerik. Darimana gua tahu kalau call tsb merubah string -> numerik ?, Ya, dengan ditrace tekan F8, ketika pointer sedang berada di offset Call tsb.
Setelah Call ini dieksekusi, eax akan berisi NILAI REGNUM KITA dalam bentuk NUMERIK, tekan "? eax" maka akan terlihat di command line : "0123454321, dalam hex" lalu " 0123454321(decimal)", dan kode ascii.
:0040499D 3BF8 cmp edi, eax
Bandingkan edi, yang berisi hasil manipulasi program dari regname, dengan kode yang kita masukkan(dalam tipe numerik, sekarang) !
:0040499F 59 pop ecx
:004049A0 7510 jne 004049B2 "Kalau tidak sama, cabut dah !"
:004049A2 8D45D0 lea eax, dword ptr [ebp-30]
:004049A5 50 push eax
:004049A6 56 push esi
Nah, dibawah ini adalah hasil lompatan dari berbagai syarat yang salah dari rutin program diatas, lihat XOR eax, eax. Ini akan mengnolkan eax, oooh pantes, kalau regnum salah eax= 0"
:004049B2 33C0 xor eax, eax
Dibawah ini, adalah hasil dari lompat "baik" diatas, eax tidak 0 karena baris xor eax,eax tidak pernah dieksekusi !
:004049B4 5F pop edi
:004049B5 5E pop esi
:004049B6 5B pop ebx
:004049B7 C9 leave
:004049B8 C3 ret "Kembali ke badan program !"
Nah, setelah ini lu pasti sudah mengerti bagaimana cara program memeriksa regnum kan ? jadi edi harus sama dengan eax, kita tinggal mengisikan regnum dengan nilai edi (? edi) dalam decimal. Gua harap elu juga udah bisa bikin key generator sekarang. Dan satu saran coba dengan user name lain !
Ok, sekian dulu deh tutorial dari gua. Jika ada pertanyaan e-mail gua segera, gua dengan senang hati pasti ngejawab !
Sebagai Bonus, ini gua tambahkan rutin keygeneratornya :
#include<stdio.h>
#include<conio.h>
#include<string.h>
main()
{
int i ;
unsigned long serial=0 ;
char username[25] ;
clrscr() ;
printf ("Key Generator DesktopThemes 1.xx by flag eRRatumn") ;
printf ("Visit our Page at http:all.atekhn") ;
printf ("Please enter your username : ") ;
gets(username) ;
for (i=0;i<strlen(username);i++) serial+=((username[i] * ((i&1)+1)) + i) ;
serial^=0x82644404 ;
printf("This is your Code : %lun",(~serial+1)) ;
textcolor(LIGHTRED) ;
cprintf("Please Visit our page for more cracks.") ;
return (0) ;
}
Last Updated ( Tuesday, 30 December 2008 00:27 )
Password Protect Directory Your Webserver Pages
Written by AK-47
Tuesday, 12 August 2008 16:26
Managing user access to a Linux Intranet server is extremely easy and quick. Yet, I find some new administrators get frustrated by the lack of complete information. In some HOWTO guides, details regarding .htaccess are given, without mentioning that the Apache must be configured. My hope is that this brief article gives a complete look at managing access with the use of Apache overrides and .htaccess. Since the goal is to make it as easy as pie, I will cut the techno talk and get to the point.
First, although this article applies to just about any Apache/Linux web server, it is most beneficial in the context of Intranet servers or when a website needs to control or secure certain web pages within directories for a set of specific users.
Second, you do not have to be a Linux administrator or expert to do these steps. You only need rudimentary knowledge of Linux, have root or super user access to the server, and be familiar with a text editor like vi, emacs, or something like kwrite.
Step 1. Configure Apache to Allow Access Authorization
You need to find the httpd.conf file on your Linux server.
This file is the Apacheweb server configuration file that includes lots of very useful Apache web server controls.
For now, simply open it using a text editor. For Fedora users this is done by simply going to /etc/httpd and opening httpd.conf. For others using various flavors, try using this command to identify the location of the httpd.conf file and edit it: locate httpd.conf
Once you open this file using a text editor, please scroll down until you see not the first but the second occurance of this text: AllowOverride None
Change the line that says:
AllowOverride None
to instead say:
AllowOverride AuthConfig
Be sure to NOT CHANGE THE first occurance of this in the apache file which is the default. Change the second occurance which is actually the overide. This is VERY IMPORTANT! If you run into trouble make a backup of your httpd.conf file (type: cp httpd.conf httpd.conf.back) and then try using this example. Be sure to reboot the server after you copy our example file.
Step 2. Identify the Folder/Directory to Protect
You should now identify which folders (aka Directories) under your web server you would like to protect. For instance if I want to only allow a certain list of users to access my html files under the Private folder it would look something like the following.
On the Linux server the actual directory path would be:
/var/www/html/Private
On the web browser the path would be:
http://catur.web.id/Private
Obviously, I'm giving an example to help you see the difference between the folder/directory name on the Linux server and how it looks to web browsers. You MUST change to the appropriate directory/folder when using the steps below. So in my case I type this command first before beginning on my Fedora server:
cd /var/www/html/Private
Step 3. Add Access Files to the Folder Once you identify the folder you wish to safeguard, then you need to create two files in this folder. The files are: .htaccess and .htpasswd. The .htaccess file displays the access login information needed for users and also includes the list of specific users who can login. The .htpasswd file includes the individual users and their passwords.
Create .htaccess file in your Folder by using a text editor to create .htaccess. Notice that you must include the . (dot) before the file name!
The file should atleast include these lines:
AuthName "Login to the Private Area"
AuthType Basic
AuthUserFile /var/www/html/Private/.htpasswd
Require user andrea
Note that the AuthName requires quotes and whatever is in quotes will display on the login window when a user tries to access your private folder with a web browser. It is vital that you properly set the path for the AuthUserFile and obviously replace the word Private with whatever folder you are trying to password protect.
Also be sure to include the user login names of the people you plan to allow to this folder next to the Require user line. In my case, I simply added myself to this folder as a user (andrea).
Now, create the .htpasswd file in the same Folder but NOT by using a text editor. Instead use this command from the command line on your Linux server.
Type this command at the prompt:
htpasswd -cmb .htpasswd pion skakmat
Note that you must use your own name and password (replace andrea and ann2cute) and that the option cmb does the following: First it forces Creating of a new .htpasswd file. Since this is your first time adding a user it is necessary. Next the m option forces encryption and b allows you to include the user name and password immediately. In my case I created a new .htpasswd file, then added the user andrea and her password ann2cute.
Step 4. Add Additional Users To add users you simply need to edit both files again. First, add a user to the .htaccess file by opening it in a text editor and including the new person (my example is bradley).
The .htaccess file should include these lines:
AuthName Login to the Private Area
AuthType Basic
AuthUserFile /var/www/html/Private/.htpasswd
Require user pion catur
Remember to save the file when youre done adding the new user!
Now add the user (my example being bradley) to the .htpasswd file using this command:
htpasswd mb .htpasswd catur password
In my example, I used the htpasswd command to add using encryption the user bradley to the .htpasswd file that already exists and include his password as brad4chad. That's it!
Step 5. Test the Password Function Now test that the Apache server is accepting this new protected folder by going to it in a web browser. In my case I test the url http://office.server.com/Private and up comes a pop-up window that requires User Name and Password. I type in my user name and password and instantly I see the index.html page I put in my folder! People who don't have a login won't get access to your web pages within this folder.
What if it didnt work? Almost always this is a result of the httpd process not being restarted. You can easily restart this process to pick up the changes in your updated httpd.conf file by either rebooting or restarting the process. A reboot works fine, so long as you can tolerate a web server outage for a minute or two. Or, on most flavors you can type this command as root user: service httpd start
Step 6. What About Removing Users There may come a time when you need to delete users from the access. You can do this easily enough by again editing the .htaccess file and running a command to delete the user from the .htpasswd file.
First, edit the .htaccess file and remove the user you do not wish to allow access to and save the file.
Second, delete the user from the .htpasswd file by typing this command at the prompt: htpasswd D catur
The option D is for delete. It should prompt you that user bradley was deleted.
Last Updated ( Tuesday, 23 December 2008 09:51 )
How to sync data between 2 servers automatically
Written by AK-47
Monday, 29 December 2008 22:25
Monday, 11 August 2008 22:14
Have you ever wanted to know how to easily synchronize the data between multipleservers automatically? In this article I’ll explain how to setup 2 Linux servers to automatically synchronize data between a specific directory on each server. To do this we will use rsync, ssh key authentication, and a cron job.
Let’s call the 2 servers ‘SOURCESERVER’ and ‘DESTSERVER’ for SOURCESERVER = Source server (the server we’re connecting from to upload the data) DESTSERVER = Destination server (the server we’re connecting to receive the data)
Part 1 - Setting up SSH key authentication
First, we need to make sure the DESTSERVER has the ability to use key authentication enabled. Find your sshd configuration file (usually ‘/etc/ssh/sshd_config’) and enable the following options if they are not already set.
If you edit the file be sure to restart sshd afterwards.
# /etc/init.d/sshd restart
Next, on the SOURCESERVER we will create the public / private key pair to be used for authentication with the following command.
# ssh-keygen -t rsa
*Note: Do not enter a passphrase for this, just hit enter when prompted.
This should create 2 files, a public key file and a private key file. The public key file (usually [homedir]/.ssh/id_rsa.pub) we will upload to the DESTSERVER.
The private key file (usually [homedir]/.ssh/id_rsa) we will keep on the SOURCESERVER. *Be sure to keep this private key safe. With it anyone will be able to connect to the DESTSERVER that contains the public key.
Now we will plant the public key we created on to the DESTSERVER.
Choose the user account which you will use to connect to on DESTSERVER, we’ll call this user ‘destuser’ for now. In that account’s home directory, create a ‘.ssh’ subdirectory, and in that directory create a new text file called ‘authorized_keys’. If it already exists, great, use the existing file. Open the ‘authorized_keys’ file and paste in the contents of the public key you created in the previous step (id_rsa.pub). It should look something like the following
ssh-rsa sourceuser@SOURCESERVER
Save the file and change the permissions to 600 for the file and 700 for the ‘.ssh’ directory.
Now to test that the keys are working.
From the SOURCESERVER try logging in as normal using ssh to the DESTSERVER.
# ssh destuser@DESTSERVER
If all is working you should not be prompted for a password but instead connected directly to a shell on the DESTSERVER.
Part 2 - Creating the rsync script
Now for the rsync script.
I use a simple script such as the following
Copy this file into the home directory of the sourceuser on the SOURCESERVER
and modify the first 4 variables in the file.
SOURCEPATH (Source path to be synced)
DESTPATH (Destination path to be synced)
DESTHOST (Destination IP address or host name)
DESTUSER (User on the destination server)
Save it as something like ‘rsync.sh’
Set the permissions on the file to 700.
# chmod 700 rsync.sh
Now you should be able to run the script, have it connect to the DESTSERVER, and transfer the files all without your interaction.
The script will send all output to the ‘rsync.log’ file specified in the script.
Part 3 - Setting up the cron job
Assuming everything has worked so far all that’s left is to setup a cron job to run the script automatically at a predefined interval.
As the same sourceuser use the ‘crontab’ command to create a new cron job.
# crontab -e
This will open an editor where you can schedule the job.
Enter the following to have the script run once every hour
——————————————-
# Run my rsync script once every hour
0 * * * * /path/to/rsync.sh
——————————————-
Your 2 servers should now be syncing the chosen directory once every hour.
also added a LIST variable so it would handle multiple dirs and list in the log dirs and time of completion
for LIST in “`cat list.txt`”;
do
SOURCEPATH=”/$LIST”
DESTPATH=”/$LIST”
DESTHOST=”111.111.111.111″
LOGFILE=”rsync.log”
The command shell is the layer that interacts with the user and communicates with the operating system. When using MS-DOS, most people use the command.com shell; however a different shell can be specified via the COMSPEC environment variable.
Similarly, each UNIX? user must select a command shell to use to communicate to UNIX. When a UNIXaccount is established, the system administrator selects the user's default shell. Normal options are Bourne Shell (/bin/sh), C-Shell (/bin/csh), Korn Shell (/bin/ksh) and Bourne-Again Shell (/bin/bash). While many developers use C-Shell because of its C-like syntax, this is a subjective choice and this article uses the Korn shell exclusively. The syntax will not necessarily work under any other shell.
When you execute a shell script from the command line, your default shell is used. If your default shell is Korn, then the scripts in the article execute without syntax errors. But what if you want others to execute your script? You can't rely on the user's default shell to ensure that your scripts are always run using the Korn shell. The solution is to use a UNIX feature whereby the first line of a shell script indicates under which shell the script is to be executed. The syntax in Code Example 1 forces a script to be run using the Korn shell regardless of what shell the current user is executing.
#!/bin/ksh
# your script goes here. All lines starting with # # are treated as comments
Code Example 1 - Force a script to be executed by the Korn shell
Some documentation uses a different command prompt symbol to indicate the current shell, as shown in Table 1. (Since this author's favorite shell is the Korn shell, all of the examples in this article use the $-prompt.) Since you cannot ensure that your scripts will always be executed using the Korn shell, put #!/bin/ksh as the first line in each script. (The $-prompt in this article just indicates that a command is being entered at the command line.)
Prompt
Shell
$
Bourne or Korn
%
C-shell
#
Root login
Table 1 - UNIX prompt symbols
Writing a Script - Some Basics
A UNIX script file is similar to a DOS BAT file. All of the programming do's and don'ts from the DOS world still apply in UNIX.
Writing any script involves these steps:
Run the UNIX command interactively at a shell prompt.
Create the shell script containing the UNIX command.
Make the shell script executable.
Test the script.
Launch the script.
Interactively
Once, at a future date and time
Repeatedly on a fixed schedule
Using an HTML form
Writing a Simple Script
Assume that you want to write a script to capture vmstat information. You want to run vmstat on 2-second intervals for one minute. Use the five steps described above to achieve your goal.
Run the UNIX Command Interactively
First, look up the documentation for vmstat using man vmstat. Next, run the command interactively to be sure you understand the syntax and the expected output. Code Example 2 shows the syntax to run vmstat 30 times at 2-second intervals.
$ vmstat 2 30
Code Example 2 - Run the vmstat command interactively 30 times at 2 second intervals
Create a Shell Script
Next, create a script file containing the command. You should establish standards describing script location and script names. Store all things of a specific category, for instance a company, in a subdirectory under /usr/local. For this example, assume the company is Acme Products so the directory is /usr/local/acme. Within this directory create one subdirectory called scripts and another called logs. Other subdirectories may be necessary for other purposes.
Next, use a text editor such as vi to create a script file called capture_vmstat.sh. File extensions are meaningless in UNIX, unlike DOS where EXE, COM, and BAT indicate executable files. You could use .sh as an extension to denote shell script files, but that doesn't make the script executable. This naming convention for files makes it easier to quickly identify files. Also, you can use the find command to locate all files of a particular type if the file names adhere to a standard.
The script file has two lines in it. The first line leaves nothing to chance, stating that the Korn shell should execute the commands inside this script. The second line is the UNIX command itself. Code Example 3 is a complete listing of capture_vmstat.sh script.
#!/bin/ksh
vmstat 2 30
Code Example 3 - capture_vmstat.sh script to run vmstat 30 times at 2-second intervals
Make the Shell Script Executable
Unlike DOS, which uses the file extension to determine if a file is executable or not, UNIX relies on file permissions. The chmod command is used to mark the file executable.
The simplest way to turn on the execute-bit is by using chmod +x capture_vmstat.sh. In a production environment, on an exposed server you must also consider owner, group, and world permissions to control complete access to the script. (The topic of file permissions is beyond the scope of this document.) See man chmod for more information.
Test the Shell Script
Now the script is ready to test. Unlike DOS, UNIX does not automatically look in the current directory for a file to execute. UNIX provides the PATH environment variable. UNIX will only search for executables in directories identified in the PATH variable. Since most people don't include the current directory in the PATH (a dot indicates the current directory), just typing the COMMANDS in Code Example 4 will not work because /usr/local/acme/scripts is not in the PATH.
$ cd /usr/local/acme/scripts
$ capture_vmstat.sh
Code Example 4 - This will NOT execute the script unless "dot" is in the PATH
You must explicitly specify the full file name of the script, including path. Do not rely on the PATH variable because it could get changed in the future and one of two things could go wrong. First, the directory where your scripts reside could be inadvertently removed from the PATH and UNIX would no longer be able to locate your scripts. Worse yet, UNIX might find and execute a script by the same name in a different directory, one listed in the new PATH. Therefore, to be safe, you should always execute your scripts by specifying the full file name as shown in Code Example 5.
$ /usr/local/acme/scripts/capture_vmstat.sh
Code Example 5 - Specifying the full file name to ensure UNIX finds the correct script
Maybe you don't like typing, so a shortcut relies on the fact that "." (dot) refers to the current directory. First, change to the script directory and then execute the script by prepending "./" (dot-slash) to the script name as shown in Code Example 6. This doesn't save much typing if you are only executing one script; however, if you are going to execute several scripts from your script directory, then you only have to type the directory name once.
$ cd /usr/local/acme/scripts
$ ./capture_vmstat.sh
Code Example 6 - Executing the script using the dot-slash notation
Regardless of how you invoke the capture_vmstat.sh script, the output should be identical to what you get when you run vmstat interactively.
Launching the Script
Now you have the script and you know it works. There are four ways to run the script:
1.Interactively
Document the script and let others (perhaps the Help Desk staff) run the script file. The folks who run the script don't need to know UNIX commands or syntax in much the same way that DOS users don't need to understand DOS commands or syntax in order to use a BAT file created for them.
2.Using the at Command
Use the at command to execute a script once at some time in the future. Check man at for details. Some UNIX systems cancel running at-jobs when a user logs out. Check system documentation carefully.
3.Using the cron Utility
Use the crontab file to execute a script repeatedly on a fixed schedule. Check man crontab for details. Code Example 7 shows a simple crontab entry to run your script once an hour from 8AM-5PM at 10 minutes past the hour every Monday, Wednesday and Friday:
Code Example 7 - crontab entry to run the capture_vmstat.sh script
Before moving on to the fourth method for launching your script, you need to understand two problems with running scripts via crontab. First, since you are not logged in when the script is executed, you can't rely on Korn shell being the default shell. Therefore, you must be sure to use #!/bin/ksh as the first line of your script as explained in Code Example 1. Second, the current version of your script sends its output to the terminal. When cron launches the script there is no terminal, so cron must redirect the stdout somewhere. The normal place is to the email inbasket of the user whose crontab launched the script. While this may be acceptable, other (better) solutions, as described below, are available when you expand your basic script.
4.Using an HTML Form
Launch your script using an HTML form and POST your script via CGI (common gateway interface). The output of the command will be sent back to the browser so the
and
HTML tags should be used to preserve formatting.
There is a bit more to this HTML form method than described here, and there are numerous security risks with using FORM and CGI. However, this method has proven very successful for use by in-house Help Desk staff or other level-one support personnel.
Extending the Simple Script
The previous script was the shell-script version of "hello, world", the standard first program written when learning a new programming language. Now you can add a few more basic features to it.
Redirecting stdout
First, the script sends its output to stdout, which is normally the terminal. You can extend the script to redirect the output to a log file as shown in Code Example 8.
#!/bin/ksh
vmstat 2 30 > /usr/local/acme/logs/vmstat.log
Code Example 8 - Redirecting stdout to a file
But this introduces a couple of new problems. First, every time you run the script it overwrites the contents of the last log file. To correct that, append the new output to the end of the existing log file. Now you need to know when each output in the log was created, since the date-time stamp on the file only indicates when the last one was written.
Executing sub-commands within the script
Write the current date and time to the file preceding each execution of the script. Use >> to append the output to the end of the file rather than overwriting the existing file. In Code Example 9, a uniquely identifiable character is put in column one to make it easy to scan the file using find and find-next. You can also write the current date and time to the log file. In Code Example 9 $(date) instructs the Korn shell to execute the date command and place the output into the echo command line. Whenever you want to execute a UNIX command and use the output, type a $ and enclose the command within parentheses.
In Code Example 10, the Korn shell is instructed to run the netstat command, grep for ESTABLISH, and use wc to count the number of lines by enclosing these commands in $(xxx). Further, the Korn shell is instructed to store the output of these commands in environment variable CTR_ESTAB. Then in the echo command, the Korn shell is instructed to use the value stored in that environment variable. To use a value that is stored in an environment variable, put a $ in front of the variable name, e.g. $CTR_ESTAB. To improve readability and to avoid ambiguities, use the Korn shell option of enclosing the variable name inside curly braces, e.g. ${CTR_ESTAB}.
# store current date as YYYYMMDD in variable DATE for later # use
export DATE=$(date +m%d)
# count number of established socket connections and write. # to log
Code Example 10 - Using $(xxx) to execute a command within a Korn shell script
Generating Unique File Names
What happens if multiple users run the script concurrently? The output from each script would be interleaved in the output file since each instance of the script would be writing to the same output file. You can create a unique output file name by placing the PID number (represented by $$) in the file name, as shown in Code Example 11.
Code Example 11 - Using $$ to generate unique file names using current PID
When the next user runs the script, a different PID will be assigned to the script's execution, thus causing a separate log file to be created each time instead of appending to the existing log file. Maybe that's not a bad thing, but it's not what you want to achieve.
Another possibility, instead of using an environment variable whose value is changed each time the script is executed, is to use an environment variable that is set once, outside the script, prior to the execution of the script. UNIX automatically sets the LOGNAME environment variable whenever a user logs in. In Code Example 12, this value is imbedded into the log file name so that each user can have a log file:
Code Example 12 - Generating a file name using an environment variable whose value is externally set
Structured Programming Techniques
Two final touch-ups and you're finished with your basic Korn shell script. First, what if you want to change the frequency or duration of the vmstat command? You can accept those values using command line arguments rather than hard-coding the interval and duration in the vmstat command. These arguments can be stored in environment variables from where the vmstat command can access them. Of course, your script must provide default values in case the user doesn't provide values using the command line.
Second, what if you change your mind about the log file naming convention? This is not something you want the user to have to provide each time using a command line argument. However, if you have hard-coded the log file name in multiple lines within the script, then when you decide to use a different naming convention, you will have to search every line of the script to see where the name was specified.
Instead, store the log file name in an environment variable and modify each command to append output to the file name contained in the variable. Then, when you change the log file naming convention, all you need to do is modify the one line where the environment variable is set.
#!/bin/ksh # ---------------------------------------------------- # capture_vmstat.sh # vmstat interval # vmstat count # run vmstat and capture output to a log file #-----------------------------------------------------
# indicate defaults for how often and for how long # to run vmstat export INTERVAL=2 # every 2 seconds export COUNT=30 # do it 30 times
# obtain command line arguments, if present if [ "${1}" != "" ] then INTERVAL=${1} # if there is one command line argument, # maybe there's two if [ "${2}" != "" ] then COUNT=${2} fi fi
# directories where scripts and logs are stored export PROGDIR=/usr/local/acme/scripts export LOGDIR=/usr/local/acme/logs
# define logfile name and location export LOG_FILE=${LOGDIR}/capture_vmstat.${LOGNAME}.log
# write current date/time to log file echo "#--- $(date)" >> ${LOG_FILE} vmstat ${INTERVAL} ${COUNT} >> ${LOG_FILE}
# say goodnight, Gracie exit 0
Code Example 13 - A more robust version of the capture_vmstat.sh script
Writing a for-loop Script
Sometimes you want to execute a single command against a list of objects. For example, you may want to use the rsh command to remotely execute the same command against multiple servers (see man rsh for details and for security risks when using r-commands).
One technique is to store the list of objects in an environment variable, perhaps called LIST. Then you can use the for loop to execute the rsh command repeatedly, each loop having the next value in the LIST. Code Example 14 shows a sample of a for-loop script.
#!/bin/ksh
export LIST="bvapp1 bvapp2 bvapp3"
export LOG=/usr/local/acme/logs/throw_away.log
for SERVER in ${LIST} do # each loop has a different value for ${SERVER} echo "#------- values from ${SERVER}" >> ${LOG} rsh ${SERVER} "ps -f -u bv -o pid,pmem,pcpu,rss,vsz" >> ${LOG} done
# say goodnight, Gracie exit 0
Code Example 14 - A simple for-loop script
Writing a while-loop Script
Sometimes you may want to execute a single command, wait a while, and then execute the command again. Sometimes you want this loop to continue indefinitely while other times you want the loop to execute a finite number of times and then terminate.
Say you want to monitor processes running under user bv. You want to monitor bv every 10 seconds for 2 hours. First, using the code in Code Example 15, you test the command interactively (see man ps for details):
ps -f -u bv -o pid,pcpu,pmem,rss,vsz,comm
Code Example 15 - Interactive ps command using the -o argument
Now you need to write a script file that executes this in a loop. The loop should pause for 10 seconds between executions of the ps command. The loop should execute 720 times [every 10 seconds means 6 times per minute or 360 times per hour (60 mins/hr * 6/min) for two hours]. Code Example 16 shows a simple while-loop script.
Code Example 17 - Output from the while-loop script
Quick Reference Card
The programming tips and techniques below are a quick reference to the programming style and methodology presented in this article. In it you will find a quick reference version of the items covered (in more detail) in the article.
1. Always start scripts with a line that says
#!/bin/ksh
2. Always use uppercase when defining variables. Use underscores to separate words.
BIN_DIR=/opt/bv1to1/bin
3. Always export environment variables so that any sub-processes will have automatic access to the values:
export SUPPORT_IDS=" userA@domain.comThis e-mail address is being protected from spambots. You need JavaScript enabled to view it , userB@domain.comThis e-mail address is being protected from spambots. You need JavaScript enabled to view it
4. To execute a UNIX command and use the output elsewhere in a Korn shell script, type a $, enclose the command within parentheses, and store the output in an environment variable.
5. To use a value that is stored in an environment variable, put a $ in front of the variable name. To improve readability and to avoid ambiguities, enclose the variable name inside curly braces.
echo "The number of ESTABLISHED connections is ${CTR_ESTAB}"
6. To ensure having a unique file name, use $$ to include the PID number in the file name. Insert the PID number into the file name just prior to the file extension:
export LOG_FILE=/tmp/capture_vmstat.$$.log
7. Use chmod +x filename to make a script file executable.
chmod +x capture_vmstat.sh
8. Precede a script name with dot-slash when executing interactively so UNIX knows that the script is in the current directory.
./capture_vmstat.sh
9. Redirect stdout ( > ) to a log file or append stdout ( >> ) to a log file.
./capture_vmstat.sh >> ${LOG_FILE}
10. Redirect stderr, either to the same destination as stdout or to a unique file.
./capture_vmstat.sh >> ${LOG_FILE} 2>&1
- or -
./capture_vmstat.sh >> ${LOG_FILE} 2>>${ERR_LOG}
11. Use the for-loop to process a list of things.
export LIST=$(ls *sh) for FILE in ${LIST} do echo "Processing ${FILE}" cat ${FILE} | mailx -s "Here is ${FILE}"
userA@domain.comThis e-mail address is being protected from spambots. You need JavaScript enabled to view it done
Use the while-loop to process the same command repeatedly. export INTERVAL=20 export COUNT=180
export CTR=0 while [ true ] do if [ ${CTR} -ge ${COUNT} ] then exit fi # --- do some command here --- sleep ${INTERVAL} CTR=$(expr ${CTR} + 1) done
References
UNIX Shell Programming (Hayden Books UNIX System Library)
by Stephen G. Kochan, Patrick H. Wood
Paperback - 490 pages
2nd Revised edition (January 1990)
Hayden Books; ISBN: 067248448X
Author Biography
Ken Gottry is a Sr. Infrastructure Architect with NerveWire, Inc. He has 30 years experience with systems ranging from mainframes to desktops. For the past 10 years his focus has been on designing, implementing, and tuning distributed, multi-tier, and web-based systems. As a performance engineer consulting to numerous G2K firms, he has assessed and tuned web servers, app servers, and JVM's running on Solaris.
Ken's articles have appeared on Sun's developer web sites. Also, Ken has recently published an article about Solaris performance tuning in SysAdmin magazine.
MYSQL SELECT Statement
Monday, 11 August 2008 07:42
The SELECT statement
The select query is used to retrieve records from a database. The keywords used in a select query are summarised in the following table.
Keyword
Description
SELECT
Retrieves fields from one or more tables.
FROM
Tables containing the fields.
WHERE
Criteria to restrict the recordsreturned.
GROUP BY
Determines how the records should be grouped.
HAVING
Used with GROUP BY to specify the criteria for the grouped records.
ORDER BY
Criteria for ordering the records.
LIMIT
Limit the number of records returned.
The simplest SELECT query is to retrieve all records from a single table. The following example lists all fields from the search table.
mysql> SELECT * FROM search;
To select specific fields from a table, you provide a comma-separated list of field names. The following example selects the Page and Directory from the search table:
mysql> SELECT Page, Directory FROM search
Limiting Records
The WHERE clause may be used to limit records. The following lists the comparison operators available with MySQL to limit the recordsreturned with the WHERE clause.
Operator
Description
=
Equal to
or !=
Not equal to
<
Less than
<=
Less than or equal to
>
greater than
>=
greater than or equal to
LIKE
Used to compare strings
BETWEEN
Checks for values between a range
IN
Checks for values in a list
NOT IN
Ensures the value is not in the list
When working with strings, the % character may be used as a wildcard. The following example retrieves all fields from the search table where the Keyword field contains the text, "cookies".
mysql> SELECT * FROM search WHERE Keywords LIKE '%cookies%';
The underscore character may be used as a placeholder. The following example selects all records from the search table, where the Page name beings with 'P', followed by four characters (four underscores are used).
mysql> SELECT * FROM search WHERE Page LIKE 'P____';
The BETWEEN clause may be used with numbers, dates and text. The following example retrieves all fields from Products, where the cost is between 1000 and 4000.
mysql> SELECT * FROM Products WHERE cost BETWEEN 1000 AND 4000;
The OR clause may be used to specify a range of values to check against. The following example lists all records where the Category is either ASP or PHP in the search table.
mysql> SELECT * FROM search WHERE Category = 'ASP' OR Category = 'PHP';
If you have many values that you want to check against, you can use the IN clause as it makes the code a lot more readable. The following is the above statement using the IN clause.
mysql> SELECT * FROM search WHERE Category IN ('ASP', 'PHP');
Similarly, you can use the NOT modifier with the IN clause to check for values that are not within the list. The following example returns all records where the Category is not equal to ASP or PHP
mysql> SELECT * FROM search WHERE Category NOT IN ('ASP', 'PHP');
Joining Tables
Sometimes the data you require may come from two or more tables. Supposing our search table contained a foreign key called AuthorID that related to a primary key of the same name in an author table, we could retrieve records by linking the two fields. The following example lists the Surname and Forename from an author table, and the Directory and Page from the search table written by that author.
SELECT author.Surname, author.Forename, search.Directory, search.Page FROM search, author WHERE author.AuthorID = search.AuthorID;
You can add further clauses to the WHERE clause, using the AND operator. The following example extends the previous example to return only records where the Author has the Surname, Lemon.
listLemons.sql
SELECT author.Surname, author.Forename, search.Directory, search.Page FROM search, author WHERE author.AuthorID = search.AuthorID AND author.Surname = 'Lemon';
The file may then be used with MySQL as follows:
mysql> . listLemons.sql
Selecting Distinct Records
Our "search" table contains a list of pages in directories. If we were to list all directories from the table, we would end up with duplicate records, as there may be more than one page in a directory. The DISTINCT modifier may be used to ensure that one one record is returned for each Directory name.
mysql> SELECT DISTINCT Directory FROM search;
Aggregate Functions
The GROUP BY modifier may be used to perform aggregate functions, such as COUNT records. The following example lists the distinct Directories, along with a count of how many records there are for that Directory in the search table.
mysql> SELECT Directory, COUNT(*) FROM search GROUP BY Directory;
The AS modifier may be used to provide meaningful column names for the result. In the above example, the column headings from running the query are, Directoy and COUNT(*). The following example uses the column name Entries instead of COUNT(*).
mysql> SELECT Directory, COUNT(*) AS Entries FROM search GROUP BY Directory;
If you want the column name to contain spaces, you must put the name in single quotes. The next example uses a column name of Number of Entries.
mysql> SELECT Directory, COUNT(*) AS 'Number of Entries' FROM search GROUP BY Directory;
List of Aggregate Functions Available in MySQL
The following table contains a list of the aggregate function available in MySQL.
Function
Example
Description
AVG()
SELECT AVG(cost) FROM Invoice GROUP BY ClientID;
Returns the average value in a group of records. The example returns the average order for each customer.
COUNT()
SELECT COUNT(cost) FROM Invoice GROUP BY ClientID;
Returns the number of records in a group of records. The example returns the number of orders for each customer.
MAX()
SELECT MAX(cost) FROM Invoice GROUP BY ClientID;
Returns the largest value in a group of records. The example returns the largest order by each customer.
MIN()
SELECT MIN(cost) FROM Invoice GROUP BY ClientID;
Returns the lowest value in a group of records. The example returns the smallest order by each customer.
SUM()
SELECT SUM(cost) FROM Invoice GROUP BY ClientID;
Returns the sum of a field. The example returns the total amount spent by each customer.
The Having Clause
The WHERE clause is used to restrict records in a query. If you wish to restrict records from an aggregate function, you use the HAVING clause. The difference is that the HAVING clause restricts the records after they have been grouped. The following lists all customers who have spent over 20,000 on average.
mysql> SELECT AVG(cost) FROM Invoice GROUP BY ClientID HAVING AVG(cost) > 20000;
The Order By Clause
The ORDER BY clause may be used to order the recordsreturned. The following example lists all Pages in the search table in alphabetical order.
mysql> SELECT Page FROM search ORDER BY Page;
The ORDER BY clause may use the ASC or DESC modifiers to determine if the records should be in ascending or descending order. If neither are provided, the records are shown in ascending order. The following example lists all Pages in the search table in descending order.
mysql> SELECT Page FROM search ORDER BY Page DESC;
Limiting the Records Returned
The LIMIT clause may be used to limit the recordsreturned by the SELECT statement. You specify the start row (start from zero), and the number of records returned. The following example lists the first 10 records from the search table.
mysql> SELECT * FROM search LIMIT 0, 10;
The following example would retrieve the next ten records from the search table.
mysql> SELECT * FROM search LIMIT 10, 10;
Q
Today, there have been 88 visitors (98 hits) on this page!