A hit piece on DSi by CORE
117 of 279 files
core
- Browsers may flag this download as unwanted or malicious. If unsure, scan it with VirusTotal.
-
Last modified Jan 30, 2014 6:08:19 PM
MD5 checksum 8c9a3589dc7e1a716ffc7c225133dc64
Mime type ISO-8859 text, with CRLF line terminators
Download lamedsi.txt
Size 64 kB
1998
- Text / Community drama
▄▄█▄▄▄
▄▄▓██▀██▓██▀▀
▀ ███▀ █▀ ▀▄▄ ▄█ ▄▄▄ ▄██▄▄ ▀
▀ ▄▓ ███ ▄ ▀ ▄████▄ ▀█▄ ▀██▄█▀█▓██ █▀ ▀█▓█ ▀▄ ▀
▄ ▄▄▄▄▄▓▓ ▄██ ▄▄▓▄ ▄ ▀▀█▀ ▀▄ █▓█ ██▀ ▀███▀ ▄ ▄██▀ ▓▓▄▄▄▄▄ ▄
▄ ▄▄▓▓▓▓▓▓▓▓▓ ▀███▄ ▀▀ ▄▄█▀ █ ▀▓ ▄██ ██ ▓▄▄ ▄█ ▀▀▀ ▄ ▓▓▓▓▓▓▓▓▓▓▄▄ ▄
▀ ▀▀▀▀▀▀▓▓▄ ▀▀███████▀ ▀██▄▄▄██▀ ▄██▓▄ ▀███▄▄▄█▀ ▄▓▀▀▀▀▀▀ ▀
▀▀ ▄ ▀▀▀ ▀▀█ ▀▀▀▀ ▓▀ roy<sac>
▀
PRESENTS
" ONE OF SCENE'S LAMEST GROUPS ... CALLED 'DSi' "
THE LAME SIDE INC.
A STORY ABOUT MONTHLY RIPS' OF CORE'S KEYMAKERS AND HOW THEY CHEATED
SPECiAL GUEST RIPPER: ALM_DETH, LEADER OF DSi
FEATURiNG: TONS OF EVIDENCE
TOPiCS
======
Part I : Introduction by the CORE Leader
Part II : What did DSi actually do in the last months?
Part III : SiraX/CORE explains the lame ripping process and how DSi
cheated for months.
Part IV : a) NEUTRAL analyses of CORE's & DSi's keymakers by the
cracking group (T)he (N)ameless (O)nes, Main keymaker
coder "Prophecy/TNO". VERY easy to understand evidence
for the normal scene user who has no cracking skills !
b) Example Analyses for crackers in ASM of DSi's and CORE's
keymaker
Part V : Final words from the CORE Leader
==========================
PART I : THE INTRODUCTiON
==========================
Happy Xmas & New Year, dear Warez Man!
Ouch - what's this ? Another txt from CORE that whimps around coz bad guys
steal our work ? Well, well... we stopped worrying about those time by time
serial-thieves that most of the "mass-regging" non-cracking groups feature.
We don't even say anything when GLOW sometimes includes our keyfiles like in
"Pic.Viewer.v1.81a-GLoW" without asking us (of coz lot of other so called
"util" groups do this too). Or if there are -IND releases nearly every day
with CORE serials or keymakers like in "122098 Time.On.Line.v3.3.Keygen.Only
-iND" or "Mpeg Player v1.x whatever". Just examples from the last days. It's
really funny that most site ppl don't notice that.A lot of scene util groups
do this frequently just to get a release from time to time - totally lame.
Call us nuts but CORE does monitore releases of other groups (especially
those smaller mass-reggers). The smaller mass-regging groups use/used frequ-
ently keymakers from real cracking groups like CORE, UCF, TNO, PC [..] to
create serials for their "Regged" releases. Well - the scene talked a lot
about this in the past (coz CORE forced the discussion with its TXT's) and
what we and other cracking groups did was to include a blacklist system in
our keymakers that won't create serialnumbers for names like "TRPS", "PGC"
[..]. (That doesn't mean they still use our keymakers today - but they did -
I don't care what they do lately). We included all groups that we ever
found stealing (may it only for one time) our serials. At the moment about
25(+) different groups. That's what the crackers did do against the abuse
of their keymakers. The warez scene itself seems not to care much about this
problem.
Hm.. but Thieves are clever. Sooo, if the keymaker won't create anymore
serials for the groupname why not ripping the keymaker itself? Hmm... CORE
floods you now for nearly 2 years with keymakers every day. Over 1700 key-
makers so far. In the last 3 months other groups started to produce also
a lot of keymakers. It's not that hard to learn to code keymakers especially
the easier ones. But u need to know some basic programming & cracking stuff.
So, we didn't wonder much at the beginning. No - we were happy coz quality
was rising! And the quality of cracks is very important. But then we noticed
that most of these keymakers were "follow-up" versions of keymaker-releases
from cracking groups that did code first a keymaker for the former program
version (the serial-routines didn't change in the newer versions).
One of CORE's crackers noticed this a few months ago for the first time.
Some no-name "10-Days-of-releases-and-never-saw-them-again" group released
two programs with "incl.keymaker" (16 Bit Dos-Style-Keymaker). CORE did code
two "keymaker.only" for the former versions. Our keymakers were unprotected.
They had a big CORE ASCII logo at their top. Well, the funny dude loaded the
keymaker in a resource editor, cutted the CORE logo out (but of coz he
couldn't change the now empty size) and put his group logo into the empty
space which was looking funny coz the logo was much too small for the big
empty page. Even if CORE's cracker wondered about this strange looking
keymaker he wouldn't have noticed that the dude ripped his former keymaker.
But our cracker got interested and hex-edited the keymaker to have a look at
it - and what did he see... his OWN Thank-you text to another CORE cracker
for helping him out on this keymaker. It was Vizion/CORE thanking JES/CORE
for helping him out on this keymaker. The dude forgot to cut this out coz
this text was part of the code itself and not shown to the end-user in the
keymaker-mask.
From this day on we began not only to check other groups' serials... we
started to watch also the "new-born" keymaker scene.
=====================================================
PART II : DSi's LAME ACT OF RIPPING CORE'S KEYMAKERS
=====================================================
Do you know DSi?
They released cool keymakers lately, didn't they?
I thought I know them. I had some nice talks with some of its members. When
we had problems with other groups making serials with our keymakers DSi was
often on CORE's side. This was prolly coz at this time DSi had some real
crackers e.g. Lomax. But...
One day we came upon evidence that DSi did steal CORE serials too - like so
many other groups did before. One example was "EZ Timer 3.0" from DSi.
The DSi Serial was:
username: DSI
serial : NSRXIS*
^^^
These three chars of the serial can be ANYTHING from the alphabet.
CORE did a keymaker for the former version. It was done by SiraX.
The keymaker created unique serials. But it put always "SRX"
after the "N". SiraX choosed these three letters coz of his name.
So evidence shows DSi used CORE's keymaker coz it's really strange
that someone would guess of exactly these three chars that SiraX
choosed coz of his nickname in the keymaker-routine.
This is only an example of the past. We came upon some of this cases. But
because DSi was always friendly to us we never said anything to the public.
I always went to Alm_Deth and asked him to care about this INTERNAL DSI
problem. But what I wondered about was that he ALWAYS denied first that DSi
had stolen anything. If it couldn't be proven 100% - just 99.9% - he said
"DSi is innocent". Every stupid cow would have accepted the evidence but Alm
asked again, again and again if there couldn't be a minimum chance that DSi
didn't do it.When I could bring 100% evidence there suddenly always appeared
some strange dude in the background (in alm's or Sting's brain) that emailed
his cracks to DSI. A lot of DSi Members didn't know this dude then.
================================================================
<SiraX> oh. it was d00gwood who emailed Sting the crack i think
<ivan> d00gwood ?
<ivan> never heard of him
<ivan> he is not in dsi
================================================================
Well, I stopped caring about ppl that create serials with CORE's keymakers
even if I still get angry sometimes. But too many ppl did it before.
But then we had this first DSi "Keymaker-accident" a few months ago...
CORE did a keymaker for a program called BlackBoard.Bla.bla.bla and a new
version came out and DSI released a keymaker for it. The serial routine
didn't change. What DSI did is that they changed the resource(dialog, text,
font type, font size...). However, they couldn't change the title bar of a
WARNING MESSAGE BOX which is at runtime. The warning message box had the
phrase "CORE's WARNING". After we contacted DSI, their leader Alm Deth
explained this with "A new cracker called 'CORE' joined DSi and did code the
keymaker! At the end of the CORE<->DSI discussion most DSi ppl accepted the
evidence and they wanted to kick this fake member "CORE" that emailed
his crack to sting. Of coz noone told me who really ripped the keymaker.
Well, DSi was always nice to us and so we let them go without any big
Boo-boo txt's orso. Hehe, this strange DSi cracker named "CORE" disappeared
of coz like a ghost and was never seen again. This was a few months ago. At
this point of time I thought for the first time that DSI's leaders Alm_Deth
aka Batman and Sting aka Bat-Woman are the real "internal problem" of DSi.
Then lately something strange happened. DSi started to put out a lot of key-
makers. DSi always had here and there a keymaker release but not in these
masses.
Their new keymakers are/were PE-LOCKNT and PE-Crypted (PE-Crypt is a product
from Random/CORE & Killa/CORE) and prolly world's best PE-crypter. This
protects the keymaker and changes the size of the exe, filling it up with
crap (makes it larger and better protected). We stopped to pe-encrypt our
keymakers coz we got a lot of emails lately from end-users that PE-Crypt
creates errors on WinNT 4.0R4+ if SoftIce Detection is enabled! Without the
Anti-SICE protection the crypting process is pretty useless coz u can still
trace through the whole shit with SICE. So, CORE's older and newest key-
makers are pretty unprotected. Just most of the June-October 1998 keymakers
are encrypted with SICE protection.
The new DSi keymakers that we checked were follow-up versions of our former
keymaker releases without any serial-routine changes in the new program
retails. Hambo/CORE was one of the first crackers who noticed that and down-
loaded a lot of DSi's keymakers. Last week he came upon a keymaker (Edit
Plus) from DSI where he could prove that the DSI one was a ripped version of
the older CORE keymaker. CORE's Co-Leader Dr. Rhui cared about this coz I
was away at this point of time. He talked to alm_deth and came to the concl-
usion that he met one of net's biggest lamers. Dr. Rhui tried to explain him
in 2 hours work that DSi used a routine in "their" keymaker that was NOT
part of the program that had been cracked - the special routine was ONLY PART
of CORE's former keymaker by Hambo/CORE. Mr. Alm Deth opened his ears and
what got on the left side in went on the right side out.
Of coz noone knows who does these strange DSi keymakers coz "Team DSi" does
them always. So it's impossible to catch the cracker to make a source-code
comparism of the keymaker-routines from CORE and DSi. But within all the
encryption stuff DSi forgot something very important ... to enable the SICE
protection. So CORE's crackers and other crackers we asked to analyse the
keymakers were able to trace with SICE through DSi's whole keymakers.
Tons of evidence for the public are waiting at the end of this TXT!
signed,
CORE'S LEADER
====================================
PART III: DSi's LAME RIPPING SUMMARY
(Text Composed By SiraX/CORE)
====================================
0) How I Discovered This
Since the last ripping incident, I didn't think DSi will do it again.
I guess I'm wrong. Two days ago, hambo mentioned to me about a program
called Vypress Messenger. The new version changed the protection. So
I duped it and noticed DSi already released a keygen. Then hambo/CORE
told me it's a key file now. So, out of curiosity and expecting DSi
probably released an old keymaker, I downloaded their release. I ran the
keygen. WHOAAA. How similar it is to my old vypress messenger keygen.
I looked closer, IT IS MINE! The next thing you know,I started to check
their archive directory on XXX. And found a shit load of ripped ones
from CORE. So they're still doing this since the last ripping incident.
Once a LAMER, always a LAMER.
1) What They Ripped From CORE
a) Mainly some of my old, unprotected keygens which still work for the
new versions now. I found about 18 so far. There are more.
b) Hambo's keymakers. I found 2 already. There will be more.
2) How They Did IT
What they did is that they take an unprotected exe and open it using a
resource editor. Then manipulate text, font type and size, delete EXIT
button on the dialog box and icons and save the changes. This will
only affect the look of the keygen and of couse the size of the exe. But
code is unchanged.
3) How Long They Have Been Doing This
I believe they have been doing it for about maybe 4 month.
4) Who's the LAME ASS?
Personally, I believe all these are done by Alm_Deth (Batman). And other
lame leaders in DSi probably also know what's going. It's very hard for
me to believe after the last incident(BlackBoard) nobody asked questions
on Alm_Deth's story about a new member named "CORE" joined them and
ripped our keymaker.So I think ivan and sting or other members know what
the fuck alm_lamer is doing. The damn entire group is lame.
5) Are We SURE?
a) If you compare the core keymakers and dsi ripped keymakers.The overall
look is the same. Only my keymakers and Hambo's have been ripped. In
hambo's keymaker, he puts his name on the bottom left corner. And I
put my nick on the bottom right corner. If you take dsi's ripped key-
makers, you'll see that if it's ripped from hambo, the word "DSI" will
be on the left side. And if it's from me, the word "DSI" will be on
the right side. Put yourself in a cracker's position,why would you do
this differently. And how coincidental it is to have them like us.
b) Because of the resource editing, many of their ripped keymakers look
so ODD. For example, in hambo's keygen, he puts "Hambo/CORE" at the
lower left corner, aligned to the left. Then they change it to "DSi". The thing
would be positioned to the middle of the dialog box because when you
type, the name goes from right to left. Their changed font is so
ugly relative to the size of the keymaker.
c) In many of our keymakers, there are warning messages when an invalid
input is entered. In the ripped keymakers, the format of the messages
are identical. Of course, they changed the warning message text using
the resource editor. And for some of them, they're even exactly the
same. How coincidental!
Some examples, see DSi's ripped Addsoft keygen from Hambo and AZZ Card
File keygen from me.
d) STRONG POINT: the one thing which proves their LAME ACT 100% is if you
trace it through every pair of keymakers (ours and the ripped), the
dissassembled code, code offset, function call and EVERYTHING ELSE are
100% identical. And this happens for EVERY RIPPED keymaker. We'll put
some evidence at the end of this text file. AND from all dupe-release
lists, our keymakers always come out before their ripped ones (that
are follow-up versions).
e) STRONG POINT: another proof which proves this 100% is that hambo left
a mark in his keymaker (Edit Plus). First, pretend DSi's ripped ver-
sion is not ours. The mark proves that they traced hambo's keymaker
and then made one. But as a matter of fact, IT IS ACTUALLY HAMBO's
KEYMAKER. Just the font, text changed.
f) In some of my keymakers, the name and serial text boxes are no aligned
at the right side. DSi's ripped one show the same thing.
g) They used PELOCKNT and PE-Crypt on the ripped keymakers just to make
people think that since the file size and hex cod e are different, so
the keymakers are not the same. BUT the fact THAT TRACING UNDER SICE
IS IDENTICAL for every damn keymaker proves this don't matter.
h) Many other things which can be listed. I can write an essay on this.
But I think these are enough for a proof.
6) What Should We Do?
Even though I believe the lame act is done by alm_deth only. But I truely
believe other leaders know what he's doing. It's really a shame for the
scene.
7) What does CORE do ?
Let the SCENE know what kind of lame shit they're doing!
Also SCENE should know that WARP is better than DSI.
8) To DSI, PLEASE TAKE CORE off your greeting list, I feel ashamed to be
greeted by such a group like YOU!
bye,
SIRAX/CORE
===============================
PART IV (ORIGINAL ANALYSES TXT)
===============================
██▓▓▒▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒▒▓▓██
██▓▓▒▒░░ NEUTRAL ANALYSES OF DSi KEYGENS BY PROPHECY [tNO] ░░▒▒▓▓██
██▓▓▒▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒▒▓▓██
┌────────────────────────────── ───── ─── ─
│ Intro
└───────────
I have been asked by CORE to analyse some keygens of DSi which have
been suspected by CORE as ripped versions of CORE keygens. The reason i
have been asked to analyse the keygens is to bring a neutral 3rd party
analyses of the situation to the public.
CORE gave me some release names to start with...
================================================
Addsoft.v2.25.Keymaker.Only-DSi
All.Calc.v1.62.Keymaker.Only-DSi
AZZ.Cardfile.v2.1x.Keymaker.Only-DSi
CD.BOX.Labeler.v3.1.4.Keymaker.Only-DSi
E-News.v1.31.Win9xNT.Keygen.Only-DSi
EditPlus.v1.21.Win9xNT.Keymaker.Only-DSi
HelpMatic.Pro.v1.22.Win9xNT.Keymaker.Only-DSi
HM.View.v2.3.Keymaker.Only-DSi
Joggler.v1.06x.Keymaker.Only-DSi
Kyodai.Mahjongg.v6.42.Keymaker.Only-DSi
LinkBot.Pro.v3.6b.Keymaker.Only-DSi
SBNews.News.Robot.v6.3.Win9xNT.Keymaker.Only-DSi
The.File.Chopper.v2.2.Keymaker.Only-DSi
Vypress.Messenger.v2.1.2.Incl.Keymaker-DSi
WinPop.Plus.v1.3.121.Keymaker.Only-DSi
================================================
┌────────────────────────────── ───── ─── ─
│ Note to the average scene dude
└───────────
I know most of you aren't crackers, so i'm gonna explain what DSi did to
CORE's keygens by using an anology from every day life.
Let's say you got a car. You're a bit of a car buff so you know everything
about your baby... everything ranging from the color of the paintwork, type
of tyres, color of the seats, style of bumper bar, number plate, type of
engine, type of brakes, type of hub caps, type of headlights, type of
wind screen wipers.. basically you're da shit ;)
Then one day... some mother fucker steals your precious baby. So you jump
in your mate's car.. in the hope you can find it. Well for a while you
had no luck and you're beginning to lose hope of ever finding your car
again... then one day... you're cruising through DSi's part of town.... and
hello you spot a car that looks fucking similar to your baby.
So you jam on da brakes and step da fuck out of da car. You look at this
car parked outside DSi's house.. ok different paintjob... different tyres.
But fuck that bumper bar looks damn similar... as do those headlights. Then
you notice shit the warrant of fitness sticker is on the same spot in the upper
left hand corner of the windscreen.. and u remember that the lock (that little
plastic thing u press to lock da door) on the back left door was broken a long
time ago... and shit this lock is broken too.
Hmmmm but then you notice the sheepskin rugs on the seats have been removed..
and those hub caps are different and the car has been lowered.
But remember that you're da shit... you know everything about your damn car..
and you say man if i could look under the bonnet of this car.. check out the
engine and da mechanics inside, i could say without a fucking doubt that this
is my baby these mofos have stolen.
So what are you waitin round for? You open up da bonnet have a look inside..
shit same double overhead cam fuel injected 4 cylinder 1.6 litre engine.. and
hey that's the exact same battery your car had.. then fuck there's that new
fuel starter kit you installed last weekend. Oh man you already KNOW this is
your baby.. then you have a look at one of the gaskets... fuck that gasket
has a small crack in the exact same place your gasket did.
Now you open up the boot... (lucky these lamers ain't changed da locks on
da car... your keys still werk fine) well what do you see, you're fucking
car jack with your name on it.
Now.. you think fuck this.... and open up da car.. turn da key in da ignition...
roar.. ahh that sweet fucking growl of the engine... the exact same way your
car growled.. and fuck it's the same smell in the car too.... and fuck... same
radio and fuck .. same fucking everything.
Now you're mad.... you get back out of da car... you get your automatic
ready... and check yer grenades, before walkin up to da DSi house with the
intent to make the bastard who stole your baby, and the other bastards who
knew about it all along, PAY FUCKING DEARLY... TO BE CONTINUED!
Conclusion: THIS IS YOUR FUCKING CAR.
┌────────────────────────────── ───── ─── ─
│ Another note
└───────────
I've broken my analyses of the keygens down into Visual Analysis and Analysis
of tracing with Softice.... Here's what they mean:
Visual => inspecting the car from the outside... same bumperbar, different
paintjob... same broken lock, different hub caps
in terms of the keygen this means:
-> inspecting the keygen but not going under da bonnet
Tracing => looking under the bonnet.. same engine, same battery
with same crack in gasket, same fucking everything
Softice
in terms on the keygen this means:
-> using softice to look under da bonnet of the keygen
┌────────────────────────────── ───── ─── ─
│ Analysis 1: WinPop Plus
└───────────
CORE's Title: WinPop Plus v1.0.x Keymaker
Author: SiraX/CORE
DSi's Title: WinPop Plus v1.3.121
Author: Unknown (only "DSi" is mentioned)
=> Visual analysis: [looking at da car from da outside]
=-=-=-=-=-=-=-=-
* THIS KEYGEN HAS AN EXIT BUTTON. When you press TAB it cycles
between the name edit box, the code edit box and the EXIT
button.
IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT. BUT, when you
press TAB it cycles between the name edit box, the code edit
box, then the focus disappears, and you must press
tab again before reaching the name edit box again. This is
because the focus actually goes to the EXIT button which is
still there but just hidden.
* both have text in bottom right hand corner of screen
* the DSi text in bottom right looks unnatural
* BOTH let you only enter maximum 20 chars
* both have same style of layout
* the font used by DSi does not suit the layout
* both have same default windows icon
* DSi keygens do not show the cracker's name. Only the
letters DSi... so that the culprit can not be
identified
* CONCLUSION: already suggestive that DSi ripped the keygen (ie you
can just look at it and fucking tell they ripped it)..... same
bumperbar, same broken lock, different paintjob
=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* both use EXACT SAME code at EXACT SAME offset to read in the name
* both have the EXACT SAME code to generate the serial at the
EXACT SAME location. Both use the EXACT SAME variable names.
eg [edx*4+ebp-88]. Both use EXACT SAME registers for the
serial algorithm. Both have EXACT SAME jump locations
* CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
(ie 100% DEFINATELY GUARANTEED. There is NO WAY this COULD POSSIBLY
NOT BE A RIPPED KEYGEN..... Same engine, same crack in da gasket,
same battery... same fucking everything.
┌────────────────────────────── ───── ─── ─
│ Analysis 2: Vypress Messenger
└───────────
CORE's Title: Vypress Messenger v2.0.8 Keymaker
Author: SiraX/CORE
DSi's Title: Vypress Messenger v2.1.x [KEYGEn]
Author: Unknown (only "DSi" is mentioned)
=> Visual analysis: [looking at da car from da outside]
=-=-=-=-=-=-=-=-
* THIS KEYGEN HAS AN EXIT BUTTON. When you press TAB it cycles
between the name edit box, the code edit box and the EXIT
button.
IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT. BUT, when you
press TAB it cycles between the name edit box, the code edit
box, then the focus disappears, and you must press
tab again before reaching the name edit box again. This is
because the focus actually goes to the EXIT button which is
still there but just hidden.
* both have text in bottom right hand corner of screen
* BOTH let you only enter maximum 20 chars
* both have same style of layout
* the DSi font does not suit the layout
* both have same default windows icon
* DSi keygens do not show the cracker's name. Only the
letters DSi... so that the culprit can not be
identified
* CONCLUSION: already suggestive that DSi ripped the keygen
=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* both use EXACT SAME code at EXACT SAME offset to read in the name
* both have the EXACT SAME code to generate the serial at the
EXACT SAME location. Both use the EXACT SAME variable names.
Both use EXACT SAME registers for the serial algorithm. Both
have EXACT SAME jump locations
* CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
(ie 100% DEFINATELY GUARANTEED. There is NO WAY this COULD POSSIBLY
NOT BE A RIPPED KEYGEN)
┌────────────────────────────── ───── ─── ─
│ Analysis 3: AddSoft
└───────────
CORE's Title: AddSoft v2.21 *KeyGen*
Author: Hambo/CORE
DSi's Title: AddSoft v2.25 [KEYGEN]
Author: Unknown (only "DSi" is mentioned)
=> Visual analysis: [looking at da car from da outside]
=-=-=-=-=-=-=-=-
* THIS KEYGEN HAS AN EXIT BUTTON. When you press TAB it cycles
between the name edit box, the code edit box and the EXIT
button.
IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT. BUT, when you
press TAB it cycles between the name edit box, the code edit
box, then the focus disappears, and you must press
tab again before reaching the name edit box again. This is
because the focus actually goes to the EXIT button which is
still there but just hidden.
* For some reason, when i was loading Hambo's keygen for
another check, it crashed when u entered more than 3
chars. DSI's KEYGEN ALSO CRASHED IN THE EXACT SAME WAY.
(Normally both keygens work great, but this time they BOTH
didn't)
* BOTH HAVE TEXT IN BOTTOM LEFT HAND CORNER. This is
because Hambo/CORE's keygens have the text in bottom
left and SiraX/CORE's keygens have text in bottom
right. To me this is enough evidence that the keygen
is ripped [as the others have text in the bottom right
because they were done by SiraX]
* BOTH let you enter "unlimited" chars (254 characters)
* both have same style of layout
* the DSi font does not suit the layout
* both have same default windows icon
* THE DSi TEXT IN BOTTOM LEFT LOOKS REALLY OUT OF PLACE
* BOTH Display a text saying 3 chars or more in the Reg number
edit box while you have entered less than 3 chars (the text
is not identical)
* DSi keygens do not show the cracker's name. Only the
letters DSi... so that the culprit can not be
identified
* CONCLUSION: already suggestive that DSi ripped the keygen
=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* both use EXACT SAME code at EXACT SAME offset to read in the name
* both have the EXACT SAME code to generate the serial at the
EXACT SAME location. Both use the EXACT SAME variable names.
Both use EXACT SAME registers for the serial algorithm. Both
have EXACT SAME jump locations
* CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
(ie 100% DEFINATELY GUARANTEED. There is NO WAY this COULD POSSIBLY
NOT BE A RIPPED KEYGEN)
┌────────────────────────────── ───── ─── ─
│ Analysis 4: AllCalc
└───────────
CORE's Title: AllCalc v1.51 Keymaker
Author: SiraX/CORE
DSi's Title: All Calc v1.62 [KEYGEn]
Author: Unknown (only "DSi" is mentioned)
=> Visual analysis: [looking at da car from da outside]
=-=-=-=-=-=-=-=-
* THIS KEYGEN HAS AN EXIT BUTTON. When you press TAB it cycles
between the name edit box, the code edit box and the EXIT
button.
IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT. BUT, when you
press TAB it cycles between the name edit box, the code edit
box, then the focus disappears, and you must press
tab again before reaching the name edit box again. This is
because the focus actually goes to the EXIT button which is
still there but just hidden.
* both have text in bottom left hand corner of screen
* BOTH let you only enter "unlimited" (254 characters)
* both have same style of layout
* the DSi font does not suit the layout
* both have same default windows icon
* both have extremely similar error messages eg:
-> CORE: Pin number must be exactly 7 characters long!
-> DSi: Pin# must be exactly seven characters long!
* DSi keygens do not show the cracker's name. Only the
letters DSi... so that the culprit can not be
identified
* CONCLUSION: already suggestive that DSi ripped the keygen
=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* both use EXACT SAME code at EXACT SAME offset to read in the name
* both have the EXACT SAME code to generate the serial at the
EXACT SAME location. Both use the EXACT SAME variable names.
Both use EXACT SAME registers for the serial algorithm. Both
have EXACT SAME jump locations
* CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
(ie 100% DEFINATELY GUARANTEED. There is NO WAY this COULD POSSIBLY
NOT BE A RIPPED KEYGEN)
┌────────────────────────────── ───── ─── ─
│ Analysis 5: AZZ Card File
└───────────
CORE's Title: AZZ Card File v2.0 - KEYMAKER -
Author: SiraX/CORE
DSi's Title: AZZ Card File v2.1x [KEYGEn]
Author: Unknown (only "DSi" is mentioned)
=> Visual analysis: [looking at da car from da outside]
=-=-=-=-=-=-=-=-
* THIS KEYGEN HAS AN EXIT BUTTON. When you press TAB it cycles
between the name edit box, the code edit box and the EXIT
button.
IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT. BUT, when you
press TAB it cycles between the name edit box, the code edit
box, then the focus disappears, and you must press
tab again before reaching the name edit box again. This is
because the focus actually goes to the EXIT button which is
still there but just hidden.
* both have text in bottom right hand corner of screen
* BOTH THE KEYGENS ___CRASH___ IF YOU ENTER MORE THAN
17 CHARS HOW MUCH MORE FUCKING EVIDENCE DO YOU NEED
* both have same style of layout
* the DSi font does not suit the layout
* DSi text in bottom right looks strange and out of place
* both have same default windows icon
* BOTH HAVE THE SAME FUCKING ERROR MESSAGES:
-> CORE: Invalid Character! Valid Characters: A-Z, 0-9, Space
-> DSi: Invalid Character! Valid Characters: A-Z, 0-9, Space
* DSi keygens do not show the cracker's name. Only the
letters DSi... so that the culprit can not be
identified
* CONCLUSION: already suggestive that DSi ripped the keygen
=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-> i don't even know why i bothered looking under the bonnet for this one
* both use EXACT SAME code at EXACT SAME offset to read in the name
* both have the EXACT SAME code to generate the serial at the
EXACT SAME location. Both use the EXACT SAME variable names.
Both use EXACT SAME registers for the serial algorithm. Both
have EXACT SAME jump locations
* CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
(ie 100% DEFINATELY GUARANTEED. There is NO WAY this COULD POSSIBLY
NOT BE A RIPPED KEYGEN)
┌────────────────────────────── ───── ─── ─
│ Analysis 6: CD BOX Labeler
└───────────
CORE's Title: CD BOX Labeler v3.1.1 KEYMAKER
Author: SiraX/CORE
DSi's Title: CD BOX Labeler v3.1.4 [KEYGEn]
Author: Unknown (only "DSi" is mentioned)
=> Visual analysis:
=-=-=-=-=-=-=-=-
* THIS KEYGEN HAS AN EXIT BUTTON. When you press TAB it cycles
between the name edit box, the code edit box and the EXIT
button.
IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT. BUT, when you
press TAB it cycles between the name edit box, the code edit
box, then the focus disappears, and you must press
tab again before reaching the name edit box again. This is
because the focus actually goes to the EXIT button which is
still there but just hidden.
* both have text in bottom right hand corner of screen
* BOTH let you only enter maximum 20 chars
* both have same style of layout
* the font used by DSi does not suit the layout
* both have same default windows icon
* the DSi text in bottom right looks unnatural and out of place
* DSi keygens do not show the cracker's name. Only the
letters DSi... so that the culprit can not be
identified
* CONCLUSION: already suggestive that DSi ripped the keygen
=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* both use EXACT SAME code at EXACT SAME offset to read in the name
* both have the EXACT SAME code to generate the serial at the
EXACT SAME location. Both use the EXACT SAME variable names.
Both use EXACT SAME registers for the serial algorithm. Both
have EXACT SAME jump locations
* CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
(ie 100% DEFINATELY GUARANTEED. There is NO WAY this COULD POSSIBLY
NOT BE A RIPPED KEYGEN)
┌────────────────────────────── ───── ─── ─
│ Analysis 7: E-News
└───────────
CORE's Title: E-News v1.1 KEYMAKER
Author: SiraX/CORE
DSi's Title: E-News v1.31 [KEYGEn]
Author: Unknown (only "DSi" is mentioned)
=> Visual analysis:
=-=-=-=-=-=-=-=-
* THIS KEYGEN HAS AN EXIT BUTTON. When you press TAB it cycles
between the name edit box, the code edit box and the EXIT
button.
IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT. BUT, when you
press TAB it cycles between the name edit box, the code edit
box, then the focus disappears, and you must press
tab again before reaching the name edit box again. This is
because the focus actually goes to the EXIT button which is
still there but just hidden.
* both have text in bottom right hand corner of screen
* BOTH let you only enter maximum 20 chars
* both have same style of layout
* the font used by DSi does not suit the layout
* both have same default windows icon
* the DSi text in bottom right looks unnatural and out of place
* DSi keygens do not show the cracker's name. Only the
letters DSi... so that the culprit can not be
identified
* CONCLUSION: already suggestive that DSi ripped the keygen
=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* both use EXACT SAME code at EXACT SAME offset to read in the name
* both have the EXACT SAME code to generate the serial at the
EXACT SAME location. Both use the EXACT SAME variable names.
Both use EXACT SAME registers for the serial algorithm. Both
have EXACT SAME jump locations
* CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
(ie 100% DEFINATELY GUARANTEED. There is NO WAY this COULD POSSIBLY
NOT BE A RIPPED KEYGEN)
┌────────────────────────────── ───── ─── ─
│ Analysis 8: Joggler
└───────────
CORE's Title: Joggler v1.06 Keymaker By Sirax
Author: SiraX/CORE
DSi's Title: Joggler v1.06x[KEYGEn] <-- looks messy hmmmm
Author: Unknown (only "DSi" is mentioned)
=> Visual analysis:
=-=-=-=-=-=-=-=-
* THIS KEYGEN HAS AN EXIT BUTTON. When you press TAB it cycles
between the name edit box, the code edit box and the EXIT
button.
IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT. BUT, when you
press TAB it cycles between the name edit box, the code edit
box, then the focus disappears, and you must press
tab again before reaching the name edit box again. This is
because the focus actually goes to the EXIT button which is
still there but just hidden.
* both have text in bottom right hand corner of screen
* BOTH let you only enter maximum 20 chars
* both have same style of layout
* the font used by DSi does not suit the layout
* both have same default windows icon
* the DSi text in bottom right looks unnatural and out of place
* DSi keygens do not show the cracker's name. Only the
letters DSi... so that the culprit can not be
identified
* CONCLUSION: already suggestive that DSi ripped the keygen
=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* both use EXACT SAME code at EXACT SAME offset to read in the name
* both have the EXACT SAME code to generate the serial at the
EXACT SAME location. Both use the EXACT SAME variable names.
Both use EXACT SAME registers for the serial algorithm. Both
have EXACT SAME jump locations
* CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
(ie 100% DEFINATELY GUARANTEED. There is NO WAY this COULD POSSIBLY
NOT BE A RIPPED KEYGEN)
┌────────────────────────────── ───── ─── ─
│ Analysis 9: LinkBot
└───────────
CORE's Title: LinkBot v3.6.x - Keymaker -
Author: SiraX/CORE
DSi's Title: LinkBot v3.6b -=[KEYGEn]=-
Author: Unknown (only "DSi" is mentioned)
=> Visual analysis:
=-=-=-=-=-=-=-=-
* THIS KEYGEN HAS AN EXIT BUTTON. When you press TAB it cycles
between the name edit box, the code edit box and the EXIT
button.
IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT. BUT, when you
press TAB it cycles between the name edit box, the code edit
box, then the focus disappears, and you must press
tab again before reaching the name edit box again. This is
because the focus actually goes to the EXIT button which is
still there but just hidden.
* both have text in bottom right hand corner of screen
* BOTH let you only enter maximum 20 chars
* both have same style of layout
* the font used by DSi does not suit the layout
* both have same default windows icon
* the DSi text in bottom right looks unnatural and out of place
* VERY SIMILAR ERROR MESSAGES
-> CORE: Serial: an integer between 1900 & 100000000
-> DSi: MUST Be An Integer Between 1900 & 100000000
* DUE TO THE LARGE FONT DSi USED TO TRY AND MAKE THE KEYGEN
DIFFERENT, THE DSI ERROR MESSAGE SCROLLS OFF THE EDGE
OF THE EDIT BOX AND LOOKS LIKE THIS:
-> DSi: MUST Be An Integer Between 1900 & 1000000
THUS THE ERROR MESSAGE IS DISPLAYED INCORRECTLY - the error
message is an error itself
* DSi keygens do not show the cracker's name. Only the
letters DSi... so that the culprit can not be
identified
* CONCLUSION: already suggestive that DSi ripped the keygen
=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* both use EXACT SAME code at EXACT SAME offset to read in the name
* both have the EXACT SAME code to generate the serial at the
EXACT SAME location. Both use the EXACT SAME variable names.
Both use EXACT SAME registers for the serial algorithm. Both
have EXACT SAME jump locations
* CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
(ie 100% DEFINATELY GUARANTEED. There is NO WAY this COULD POSSIBLY
NOT BE A RIPPED KEYGEN)
┌────────────────────────────── ───── ─── ─
│ Analysis 10: The File Chopper
└───────────
CORE's Title: The File Chopper v2.1 *KeyGen*
Author: Hambo/CORE
DSi's Title: The File Chopper v2.2 [KEYGEn]
Author: Unknown (only "DSi" is mentioned)
=> Visual analysis:
=-=-=-=-=-=-=-=-
* THIS KEYGEN HAS AN EXIT BUTTON. When you press TAB it cycles
between the name edit box, the code edit box and the EXIT
button.
IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT. BUT, when you
press TAB it cycles between the name edit box, the code edit
box, then the focus disappears, and you must press
tab again before reaching the name edit box again. This is
because the focus actually goes to the EXIT button which is
still there but just hidden.
* both have text in bottom LEFT hand corner of screen (because
this one is a keygen by Hambo, not SiraX)
* BOTH let you only enter "unlimited chars" (254 chars) (because
this keygen is by Hambo who uses unlimited chars, whereas
SiraX uses 20 chars max).
* both have same style of layout
* the font used by DSi does not suit the layout
* both have same default windows icon
* the DSi text in bottom LEFT looks unnatural and out of place
* Whereas SiraX leaves the code box blank until the user has
entered in enough to characters to start producing a valid
code, Hambo puts in a message. In this keygen Hambo's message
is:
-> User Name: Any Chars That You Like...
COINCIDENTALLY DSi's KEYGEN ALSO has an error message (whereas
usually it was left blank as with SiraX's keygen). DSi's error
message is:
-> NAME: Use any Chars that you LiKE...
which is very similar to Hambo's error message
* DSi keygens do not show the cracker's name. Only the
letters DSi... so that the culprit can not be
identified
* CONCLUSION: already suggestive that DSi ripped the keygen
=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* both use EXACT SAME code at EXACT SAME offset to read in the name
* both have the EXACT SAME code to generate the serial at the
EXACT SAME location. Both use the EXACT SAME variable names.
Both use EXACT SAME registers for the serial algorithm. Both
have EXACT SAME jump locations
* CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
(ie 100% DEFINATELY GUARANTEED. There is NO WAY this COULD POSSIBLY
NOT BE A RIPPED KEYGEN)
┌────────────────────────────── ───── ─── ─
│ Analysis 11: Kyodai Mahjongg
└───────────
CORE's Title: Kyodai Mahjongg v4.52 Keymaker By SiraX
Author: SiraX/CORE
DSi's Title: Kyodai Mahjongg v6.42[KEYGEn]
Author: Unknown (only "DSi" is mentioned)
=> Visual analysis:
=-=-=-=-=-=-=-=-
* THIS KEYGEN HAS AN EXIT BUTTON. When you press TAB it cycles
between the name edit box, the code edit box and the EXIT
button.
IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT. BUT, when you
press TAB it cycles between the name edit box, the code edit
box, then the focus disappears, and you must press
tab again before reaching the name edit box again. This is
because the focus actually goes to the EXIT button which is
still there but just hidden.
* both have text in bottom right hand corner of screen
* BOTH let you only enter maximum 20 chars
* both have same style of layout
* the font used by DSi does not suit the layout
* both have same default windows icon
* the DSi text in bottom right looks unnatural and out of place
* DSi keygens do not show the cracker's name. Only the
letters DSi... so that the culprit can not be
identified
* CONCLUSION: already suggestive that DSi ripped the keygen
=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* both use EXACT SAME code at EXACT SAME offset to read in the name
* both have the EXACT SAME code to generate the serial at the
EXACT SAME location. Both use the EXACT SAME variable names.
Both use EXACT SAME registers for the serial algorithm. Both
have EXACT SAME jump locations
* CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
(ie 100% DEFINATELY GUARANTEED. There is NO WAY this COULD POSSIBLY
NOT BE A RIPPED KEYGEN)
┌────────────────────────────── ───── ─── ─
│ Analysis 12: HMView
└───────────
CORE's Title: HMView v2..04 Keymaker by SiraX
Author: SiraX/CORE
DSi's Title: HMView v2.3 [KEYGEn]
Author: Unknown (only "DSi" is mentioned)
=> Visual analysis:
=-=-=-=-=-=-=-=-
* THIS KEYGEN HAS AN EXIT BUTTON. When you press TAB it cycles
between the name edit box, the code edit box and the EXIT
button.
IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT. BUT, when you
press TAB it cycles between the name edit box, the code edit
box, then the focus disappears, and you must press
tab again before reaching the name edit box again. This is
because the focus actually goes to the EXIT button which is
still there but just hidden.
* both have text in bottom right hand corner of screen
* in the keygen by CORE you can enter "unlimited" characters (even
though usually SiraX's keygens limit you to 20 chars). IN THE
DSi KEYGEN IT IS ALSO COINCIDENTALLY UNLIMITED
* The Layout of the CORE keygen is like this:
┌──────────┐ ┌──────────┐
│ Name │ │ Company │
└──────────┘ └──────────┘
┌─────────────────────────┐
│ Regcode │
└─────────────────────────┘
THE DSi LAYOUT IS IDENTICAL.
* both have same style of layout
* the font used by DSi does not suit the layout
* both have same default windows icon
* the DSi text in bottom right looks unnatural and out of place
* DSi keygens do not show the cracker's name. Only the
letters DSi... so that the culprit can not be
identified
* CONCLUSION: already suggestive that DSi ripped the keygen
=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* both use EXACT SAME code at EXACT SAME offset to read in the name
* both have the EXACT SAME code to generate the serial at the
EXACT SAME location. Both use the EXACT SAME variable names.
Both use EXACT SAME registers for the serial algorithm. Both
have EXACT SAME jump locations
* CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
(ie 100% DEFINATELY GUARANTEED. There is NO WAY this COULD POSSIBLY
NOT BE A RIPPED KEYGEN)
┌────────────────────────────── ───── ─── ─
│ Analysis 13: HelpMatic Pro
└───────────
CORE's Title: HelpMatic Pro v1.21 Keymaker
Author: SiraX/CORE
DSi's Title: HelpMatic Pro v1.22 [KEYGEn]
Author: Unknown (only "DSi" is mentioned)
=> Visual analysis:
=-=-=-=-=-=-=-=-
* THIS KEYGEN HAS AN EXIT BUTTON. When you press TAB it cycles
between the name edit box, the code edit box and the EXIT
button.
IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT. BUT, when you
press TAB it cycles between the name edit box, the code edit
box, then the focus disappears, and you must press
tab again before reaching the name edit box again. This is
because the focus actually goes to the EXIT button which is
still there but just hidden.
* both have text in bottom right hand corner of screen
* in the keygen by CORE you can enter "unlimited" characters (even
though usually SiraX's keygens limit you to 20 chars). IN THE
DSi KEYGEN IT IS ALSO COINCIDENTALLY UNLIMITED
* both have same style of layout
* the font used by DSi does not suit the layout
* both have same default windows icon
* the DSi text in bottom right looks unnatural and out of place
* DSi keygens do not show the cracker's name. Only the
letters DSi... so that the culprit can not be
identified
* CONCLUSION: already suggestive that DSi ripped the keygen
=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* both use EXACT SAME code at EXACT SAME offset to read in the name
* both have the EXACT SAME code to generate the serial at the
EXACT SAME location. Both use the EXACT SAME variable names.
Both use EXACT SAME registers for the serial algorithm. Both
have EXACT SAME jump locations
* CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
(ie 100% DEFINATELY GUARANTEED. There is NO WAY this COULD POSSIBLY
NOT BE A RIPPED KEYGEN)
┌────────────────────────────── ───── ─── ─
│ Analysis 14: SBNews Robot
└───────────
CORE's Title: SBNews Robot v6.2 *KeyGen*
Author: Hambo/CORE
DSi's Title: SBNews Robot v6.3 [KEYGEn]
Author: Unknown (only "DSi" is mentioned)
=> Visual analysis:
=-=-=-=-=-=-=-=-
* THIS KEYGEN HAS AN EXIT BUTTON. When you press TAB it cycles
between the name edit box, the code edit box and the EXIT
button.
IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT. BUT, when you
press TAB it cycles between the name edit box, the code edit
box, then the focus disappears, and you must press
tab again before reaching the name edit box again. This is
because the focus actually goes to the EXIT button which is
still there but just hidden.
* both have text in bottom LEFT hand corner of screen
* both let you enter "unlimited" amount of chars
* both have same style of layout
* the font used by DSi does not suit the layout
* both have same default windows icon
* the DSi text in bottom LEFT looks unnatural and out of place
* Whereas SiraX leaves the code box blank until the user has
entered in enough to characters to start producing a valid
code, Hambo puts in a message. In this keygen Hambo's message
is:
-> email address: any chars u like...
COINCIDENTALLY DSi's KEYGEN ALSO has an error message (whereas
usually it was left blank as with SiraX's keygen). DSi's error
message is:
-> Email Address: Enter Any Chars!...
which is VERY SIMILAR to Hambo's error message
* DSi keygens do not show the cracker's name. Only the
letters DSi... so that the culprit can not be
identified
* CONCLUSION: already suggestive that DSi ripped the keygen
=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* both use EXACT SAME code at EXACT SAME offset to read in the name
* both have the EXACT SAME code to generate the serial at the
EXACT SAME location. Both use the EXACT SAME variable names.
Both use EXACT SAME registers for the serial algorithm. Both
have EXACT SAME jump locations
* CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
(ie 100% DEFINATELY GUARANTEED. There is NO WAY this COULD POSSIBLY
NOT BE A RIPPED KEYGEN)
┌────────────────────────────── ───── ─── ─
│ Analysis 15: EditPlus
└───────────
CORE's Title: EditPlus v1.2 *KeyGen*
Author: Hambo/CORE
DSi's Title: EditPlus v1.21 KEYGEn
Author: Unknown (only "DSi" is mentioned)
=> Visual analysis:
=-=-=-=-=-=-=-=-
* THIS KEYGEN HAS AN EXIT BUTTON. When you press TAB it cycles
between the name edit box, the code edit box and the EXIT
button.
IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT. BUT, when you
press TAB it cycles between the name edit box, the code edit
box, then the focus disappears, and you must press
tab again before reaching the name edit box again. This is
because the focus actually goes to the EXIT button which is
still there but just hidden.
* both have text in bottom LEFT hand corner of screen
* both let you enter "unlimited" amount of chars
* both have same style of layout
* the font used by DSi does not suit the layout
* both have same default windows icon
* the DSi text in bottom LEFT looks unnatural and out of place
* Whereas SiraX leaves the code box blank until the user has
entered in enough to characters to start producing a valid
code, Hambo puts in a message. In this keygen Hambo's message
is:
-> User Name: Between 1 to 255 Chars
COINCIDENTALLY DSi's KEYGEN ALSO has an error message (whereas
usually it was left blank as with SiraX's keygen). DSi's error
message is:
-> USER NAME: Must be 1 to 255 Chars
which is VERY SIMILAR to Hambo's error message
* DSi keygens do not show the cracker's name. Only the
letters DSi... so that the culprit can not be
identified
* CONCLUSION: already suggestive that DSi ripped the keygen
=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* both use EXACT SAME code at EXACT SAME offset to read in the name
* both have the EXACT SAME code to generate the serial at the
EXACT SAME location. Both use the EXACT SAME variable names.
Both use EXACT SAME registers for the serial algorithm. Both
have EXACT SAME jump locations
* DUE TO THE NATURE OF THE ALGORITHM USED IN EDITPLUS, PART OF YOUR
CODE CAN BE GENERATED FROM ANYTHING YOU WANT. HAMBO CHOSE TO
GENERATE IT IN A CERTAIN WAY FROM THE NAME THAT THE PERSON ENTERED.
DSI'S KEYGEN DOES THE _EXACT_ _SAME_ _FUCKING_ _THING_.
* CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
(ie 100% DEFINATELY GUARANTEED. There is NO WAY this COULD POSSIBLY
NOT BE A RIPPED KEYGEN)
┌────────────────────────────── ───── ─── ─
│ Analysis xxx
└───────────
=> 15 is enough to prove that this isn't some one-off occurance. There
are MORE KNOWN RIPPED KEYGENS... all are like the above (ie similar
interface, and the code used to generate the serial is identical, and
located at the exact same offset).
There are UNDOUBTEDLY MORE RIPPED KEYGENS which CORE and/or other
neutral parties have not yet discovered.
┌────────────────────────────── ───── ─── ─
│ Detailed Analysis
└───────────
=> If your not a cracker, skip to the next section before something
bad happens ;)
I'm going to go over AllCalc. This program requires a 7 decimal
digit number as the PIN. It then generates an unlock code based
on the pin.
First set a bpx on getdlgitemtexta. They both break on this API and
the names are read in at the exact same location in both cases
When you break you see this:
BOTH HAVE EXACT CORE's DSI's
SAME OFFSET!!!! KEYGEN KEYGEN
vvvvvvvvvvvvv
0137:0040106A LEA EDI,[EBP-34] ;same loc LEA EDI,[EBP-34]
0137:0040106D OR ECX,-01 for vars OR ECX,-01
0137:00401070 XOR EAX,EAX XOR EAX,EAX
0137:00401072 REPNZ SCASB REPNZ SCASB
0137:00401074 NOT ECX NOT ECX
0137:00401076 DEC ECX DEC ECX
0137:00401077 JZ 00401086 JZ 00401086
0137:00401079 LEA EAX,[EBP-34] LEA EAX,[EBP-34]
0137:0040107C PUSH EAX PUSH EAX
0137:0040107D CALL 004010DC ;same loc for CALL 004010DC
0137:00401082 POP ECX calls POP ECX
0137:00401083 PUSH EAX PUSH EAX
0137:00401084 JMP 0040108B ; same loc JMP 0040108B
. for jmp
.
.
=> As you can see so far, THE EXACT SAME CODE OCCURS AT THE EXACT SAME
OFFSET!!!!!!
=> Here is the check to see if the user has entered only decimal digits:
0137:004010FD MOV AL,[ESI+EDX] ; mov char MOV AL,[ESI+EDX]
0137:00401100 CMP AL,30 of pin CMP AL,30
0137:00401102 JL 00401294 JL 00401294
0137:00401108 CMP AL,39 CMP AL,39
0137:0040110A JG 00401294 JG 00401294
0137:00401110 MOV EDI,ESI MOV EDI,ESI
0137:00401112 MOV ECX,EBX MOV ECX,EBX
0137:00401114 XOR EAX,EAX XOR EAX,EAX
0137:00401116 INC EDX INC EDX
0137:00401117 REPNZ SCASB ; strlen() REPNZ SCASB
0137:00401119 NOT ECX NOT ECX
0137:0040111B DEC ECX DEC ECX
0137:0040111C CMP EDX,ECX CMP EDX,ECX
0137:0040111E JB 004010FD JB 004010FD
=> AGAIN YOU SEE THE CODE IS IDENTICAL AND OCCURING AT THE EXACT SAME
LOCATION.
=> Here is the where the check to make the sure the PIN is 7 digits long:
0137:0040112B CMP ECX,07 CMP ECX,07
0137:0040112E JNZ 0040128A JNZ 0040128A
=> THIS HAPPENS AT THE EXACT SAME ADDRESS AND THEY BOTH JUMP TO THE EXACT
SAME LOCATION IF ECX!=7.
=> I could go on but this EASILY demonstrates that this keygen was ripped.
NEEDLESS TO SAY, THE ENTIRE REST OF THE SERIAL ALGORITHM HAPPENS AT THE
EXACT SAME LOCATIONS USING THE EXACT SAME CODE.
All other keygens in this text have been analysed in the exact same
fashion, and all were found to have IDENTICAL CODE OCCURING AT
IDENTICAL LOCATIONS.
┌────────────────────────────── ───── ─── ─
│ Final Words from Prophecy/TNO
└───────────
I'm just the neutral dude... this is CORE's ball game... but i'd like
to say... i use to think WARP was the lamest fucking group in the scene
after they used one of my keygens.... but i was wrong... DSi is the
lamest group in the scene. After making such a big deal about WARP
using their keygens, you'd think they would be the last people to
be ripping keygens themselves. If DSi have ANY HONOUR LEFT AT ALL,
they should disband.
======================================
PART V: FINAL WORDS FROM CORE'S LEADER
======================================
Well - of coz the normal scene can't do anything vs. this abuse. I know
DSi is not the only group that rips keymakers and steals serials. We took
DSi as an example coz DSi got REALLY WORSE lately!!! Bah... and I thought
you were friends! Kick this damn lame leadership and/or close your group!
You can site-ban a group like DSi but in 90% of the cases ppl don't even
notice that keymakers get ripped or serials stolen.I encourage all Crackers
to secure their keymakers with some basic encryption and BLACKLIST all known
groupnames. Mark your keymakers with special things that can't get ripped or
changed easy. Build in SICE Protection! Most rippers know just some basic
coding stuff- so they are lost when the keymaker has some traps which proves
that they ripped the keymaker.
MSG TO DSi: AND DON'T WRITE NOW A "FUCKING-LAME-ANSWER-TXT" THAT SAYS:
"CORE DOES FEAR THE COMPETITION ! CORE DOES LOSE GROUND ! THEY LIE !
THEY WRITE THIS COZ THEY PHEAR WE BECOME L33TER ...BLA BLA BLA [..]"
So many other groups did say this before in their answer txt's or on their
flame-webpages. And where are they now? Where is that cool cracking group
called DONLGE? Keep calm and close ur damn lame group. It was once a nice
group with nice ppl. Now, what I can see is totally lame! And don't even
think about re-uniting under a new name with the same shit!
CORE does care a shit about competition! We care about friendship among our
crackers and about our work. But we HATE IT when other groups steal our
work!
90% of CORE's members do something REAL and spend very much free-time on
cracking FOR THE SCENE AND THE END-USERS. CORE's ppl don't sit all day
long in front of the computer and are waiting for some shit to courier. We
do this for the scene's benefit and our crackers are seeking for knowledge.
The big difference between CORE and so many other groups that release stuff
to the scene is: CORE HAS REAL CRACKERS ! And very good ones, too.
What ever you all may think out there...we think the scene becomes more and
more worse every day.Credits... credits...fame...fame...that's all most ppl
can think of. The scene gets more and more plug & play!
I fear that the real Crackers will be lost some day with their view of the
scene.
Isn't it funny? When i look into the future I see Crackers that crack
keymakers of cracking groups .. hehe ...perhaps it's the price for crackers
to pay for starting to turn the wheel of cracking.
And to make it all perfect DSi has the NFO-note of the year 1998:
││ While other groups give u REGGED shit, (Like LAME WARP using OUR ││
││ keygens to register newer versions) we spend time to make you ││
││ your very own personal keygen, which is harder then simply using ││
││ someone else's hard work to register with. ││
││ ││
││ Please dont use this keygen to release regged later versions! ││
││ Would be kinda LAME like WARP if u know what i mean. Spend your ││
││ effort making keygens, and appreciate those who do!
Buahahahaha .. you should write "we spend time to rip you your very own
personal keygen [..]"
Of coz WARP ripped also a lot in the past from CORE or other real cracking
groups but you DSI dudes are not a SINGLE BYTE better than WARP. I think
you are even MUCH MORE worse!You do the ripping shit just more clever than
others.
Well, we'll also look now at other groups, that produce keymakers lately
(if they always carded their releases in the past and don't have real
crackers).
Whoever reads this TXT ... think about it ... save your scene!
I wonder if DSi will also answer in a txt like the other ripper-groups did
before ... bitching at CORE. Whatever, I won't answer on it - like always!
You're so lame... ignoring your existence is the best thing all scene ppl
can do!
THE
CORE LEADER
[email protected]