http://www.searchlores.org
http://www.fravia.org
   
         Petit image    Milan
Linux day

Reversing algos, reversing software, reversing reality


Free source! We'll find it by ourself if needs be

This is a somehow 'difficult' part to explain. People that are not in the know usually don't understand how important it is, for a seeker, to enter a 'blocked' database, or to try out useful software in its uncrippled form before deciding if it is worth buying or not.
The Linux world has fortunately the GNU. The Free Software Foundation is dedicated to eliminating restrictions on copying, redistribution, understanding and modification of computer programs. This is worth, correct and the very reason of the triumphing future of a free system like GNU/Linux. The word "free", in this sense, refers to the freedom to copy a program and give it away to your friends and co-workers; and the freedom to change a program as you wish, by having full access to source code.
So it should be in our future world of shared knowledge and mutual induced evolution, where what we know and what we give (NOT what we 'own' and what we hide) will be the only parameters worth noticing.
Free source! Thattaway, you can study the sourcecode and learn how such programs are written. Hence you may then be able to port it, you can improve it building on the shoulders of others, sharing your changes with them. This approach has proved so powerful that even the commercial powers that be cannot ignore the phenomenon any more. (Alas! Thorwald's apolitical 'Linux' kernel has 'stolen' the connection between the GNU project and aims and its own software... people shouldn't speak of 'Linux', they should always speak of 'GNU/Linux', to recall that the whole purpose of the new os, as its 'father' [Richard Stallman] said one hour ago, is to foster freedom, and sharing.

Free source, full access to source code, like in the GNU/Linux approach do not exist (yet) in the dark real world of the commercial bastards.

Unfortunately the windows world is the exact opposite.
In the windoze world the aim is to outlaw reverse engineering. Every application comes with an 'agreement' you are supposed to sign, where it is mostly explicity forbidden to reverse, disassemble or even study the guts of the program. Of course noone reads the stuff contained in these EULAs (end user license agreements).
They could actually have a clausel inside that impose you to give your firstborn son to the software company for what you know.
I suggest to those of you that are programmers to write inside your own EULAs something stating that commercial entities are bound to give you 50 dollars for every minute they use the software. A clever lawyer (an oxymoron, alas :-) would probably be able to scare some companies into paying.

Fortunately EULAs don't mean nothing and don't represent an obstacle at all, not even for your moral scruples: if you know how to reverse software, it is relatively easy to swap the texts on the buttons at the bottom before pressing them (you'll use for this the customizer, as explained below.
Thus, after having changed the text on the botton, you'll press onto your new "I don't agree" tag in order to proceed installing the software :-)

In the windoze world every little programmer seems to believe that his appz is the center of the universe and that he may have the right to use its hidden features in order to spy on his clients, eventually establishing hidden connections in the background and syphoning data onto his own server. They also cripple software, limit its use, and even recur to 'punitive actions' against anyone found having a copy of softice (a most powerful debugger) or of IDA (a most powerful diassembler) on his harddisk. You'll be able to find many examples of these malwares around.

Should we allow unauthorized third parties to spy on our searching patterns and private data? Of course not, and to avoid snoopers we have more weapons up our sleeves than simple web-users seem to believe possible.

The galactic power of reverse engineering

I wish, closing todays workshop, to show you a very simple technique to get rid of ANY advertismeent embedded in any software application whatsoever. Moreover I want to show you a technique so simple that even those among you that -alas for them- don't understand nothing of assembly and source code and software reversing techniques will be nevertheless able to get rid of the ads. Come to think of it, even their sons and beloved ones and friends and aunts will be able to do it.
As an added advantage, the big industry that was developing such pushing of advertisement sores through software (I frankly don't know how many million dollars they were supposed to make with these dirty deeds) is now once for all doomed, at least I hope, eheh.
Reverse engineers as medieval knights, helping unaware fellow humans in peril. I love the picture. More wizards than knights maybe.

Let's take as a practical example: webferret, a 'free' software bot that you can (and should: it works very well) use to search the web. It is a very simple bot, yet useful even for experienced searchers. You can download for 'free' this software, but it has unfortunately an horrible bug: a small window opens inside it and pushes awful advertising banners into your eyes until they get sore.
Moreover all these appz use their banners ALSO in order to track your habits: the clicking patterns of those among you that are really so stupid as to fall for advert banners are of course registered, grepped and sold to third parties.

How would you proceed to 'ameliorate' this appz?
There are so many ways... a very simple one is through the width of the offensive banner.
Look at the window dimensions: 63 height * 473 pixels width. (You can use either softice's hwnd -x command or a good ruler like sruler, or, again, simply the customizer itself).
The two decimal numbers translate into 0x3F and Ox1D9 in hexadecimal and these values are the starting point (the 'hook') you would use to really reverse (or 'crack') this target
If you want to reverse this target as a software reverser would do, feel free to read my essay frav_023.htm for a complete explanation. As a side note for non-reversers savvy: keep always in mind that there exict the so called 'Procustes' method against all kind of advertisement banners. Indeed, in similar cases, once you find the correct location it would probably suffice to change the width byte sequence (1d9, i.e. 'slack' 1d8/1da... or whatever) to a zero byte sequence in order to "mutilate" the advertisement width reducing the banner to an invisible - and well-deserved - width of zero pixel :-)
Of course disabling once for ever the offending advertisement window is even better than having it nuked but still working and pumping ads in the background.
If you don't know how to disable windows and don't have the time to learn how to reverse engineer software (a pity, if you ask me) you have as a MUCH more simple alternative the approach I would like to teach you today: download the customizer, a truly wondrous application, from my site and use its 'hide window' or 'disable window' or even 'minimize window' functions against any 'advertisement culprit' target, like Webferret. Eheh:-)

The customizer's customization

Have a look by yourself at the big screen behind my shoulders and gasp in awe at the mighty power of software reverse engineering (even at such a superficial and simpleton level):
Of course no real software reverser would loose so much time on this target, once you learn the art, you'll be able to find the culprit routines just 'feeling' the code and kill them changing - more often that you would believe - a single byte.
I only wanted to show you a silly, extremely simple and very easy example of the galactic power that software reverse engineering can give... even to zombies.
Free from the chains that your software would like to impose on you, you'll be able to recreate, at least in part, the free GNU atmosphere that you can enjoy in the GNU/Linux world.
Probably too much power for single individuals.
No wonder that the commercial powers and their political lackeys in our parliaments are trying to outlaw these techniques and the very tools we use (and abuse) to perform this art.

The secret path to reality cracking

This is not only true for software.
The world around us is full of codes you are not supposed even to understand, least you may try to reverse them. They are there in order to control you and guarantee profits for somebody other. Codebars, embedded chips, pattern tracking algos, email grepping facilities, supermarkets' 'advantage' cards, pension funds pyramid schemes, a plethora of lotteries you'r mathematically certain to lose money into, mode, trends, pushed advertisement, even subliminal techniques... every single bait, of course, masked behind a supposed 'free' or 'cheap' usage. We should, I believe, always try to explain what's really going on 'under the hood' to the zombies and slaves roaming around and bumping from one consuming opportunity into the other, like flies against the walls of an upside-down glass.
We should in particular teach our children to look behind the facades of the Potjomkin villages of this nice 'open' e-society we are condemned to live into.

But the time I have been allowed to use for this conference is almost finished, and we are now far away from searching techniques and software reversing approaches, even if those techniques can be VERY powerful means in order to reach the aims I'm trying to describe.

They want a static world of hidden features and codes you are not supposed even to understand, where they will be free to push advertisements down your throath at whim, making profit out of that. We want a world of shared knowledge and evolution. A world where 'know' will mean a lot and 'own' won't mean much. We will win.
to basic
(c) 2000: [fravia+], all rights reserved