Re: (OT) Asic Source example
-linux_lad
<bughunte...@gmail.com> wrote:
>-linux_lad wrote in news:HOadnZPm5o-NUxfa...@giganews.com:
>
>> ------------------------- begin message -------------------------
>>
>> On Wed, 02 Jan 2008 01:25:09 GMT, Dustin Cook
>> wrote:
>>
>>>
>>>Indeed. Yet, it's supposedly my "ego" that brings some
>>>wannabe-amateurs like linuxlad out of the woodwork. Yes, I know, I
>>>said amateur..
>>
>> I continue to be amazed by your resorcefulness in finding new ways to
>> rehash old arguments. Yes, it's true that you were correct in your
>> assertion that your language lacks fundamental features like the
>> ability to seed the random function properly. My bad for not
>> recognizing how primitive Asic is. It appears not to be capable of
>> floating point math either, so you have to burn lots of extra cycles
>> to simulate it.
>
>I guess you never looked at the archive or the manual that was made
>available to you. The random function can be seeded with randomize as the
>manual clearly explains. Asic itself has a small command set (80) built
>in, yes. However, thru the use of external libraries one can easily
>extend this to hundreds if not thousands of routines.
>
>Asic is also capable of floating point; aka decimal math; as defined in
>the manual.
>
>
>> I believe I apologized profusely for blaming you for the shortcomings
>> of your language, but instead of accepting it graciously, you continue
>
>Yes, I believe you did. I considered it your way of trying to evade from
>the points brought up. You *tried* to "educate" me on a langauge that
>you've never programmed in. Instead of apologizing for making an ass of
>yourself, you tried to blame Asic for your own ignorance concerning it.
Asic by default does not support floating point. It has to be turned
on, which means it's primitive by any standard. It also does not
support but a few math functions and the four basic operations. The
manual implies that it can support up to (only) five decimal places.
The author indicates that supports a subset of GWBASIC, which is
essentially a subset of QUICKBASIC. It's for beginners, not masters.
>
>Your not of the same calibre of programmer as I am, sir; And with the
I agree.
>assinine egotistical attitude you've displayed here, you never will be.
>> Your code:
>>
>> randomize
>> a=rnd(0)
>> a=a mod 1
>>
>> On the third line, you set a to 0. There is no reason to do this, you
>> could have just said "a=0", since any whole number mod 1 will return
>> zero.
>
>Wow. I could have done it several ways, your point? Are you ignorant
>enough to assume there is only one way to do something? Or are you
>wanting another skullfuck in Asic? :)
The point is you didn't even know what mod did. If you did know, you
could have just said:
a=0
instead of
>> a=rnd(0)
>> a=a mod 1
Any benefit you gained by setting "a" to a random number was lost when
you mod 1 it because the value is now zero.
>
>> a
>> lardass, he works as a security consultant at sophos, so that should
>> be a clear indication of his technical background. Casting insults
>
>Heh, I've had many conversations with ol Fitzy, He and I go back a very
>long time; and the insults are warranted my HLL only coding friend. Your
>pal nick here whom you respect so much is a "macro" freak. His speciality
>is macro viruses. He isn't actually ehm, *cough cough* a programmer. See
>alt.comp.virus for posts from ol Fitzy, and try not choke to death on the
>crow.
He's a paid consultant for a notable av company. You are a well known
troll. Embedded insults are never appropriate for anyone but sixteen
year old scriptkiddies with misshapen egos.
>
>> include that text in your code, and Who did you think it was going to
>> impress?
>
>You made the mistake of assuming the code was meant to impress someone.
>It wasn't. It was designed to annoy people, it was never finished, no
>virus of mine ever made use of any of it.
It was a brag.
>
>> Now, on your claims of being almost clairvoyant:
>
>WTF?
>
>> Really Dustin, you claim you can accurately determine precisely what
>> happens from a compiled binary? That's quite a marvelous skill. If
>
>
>http://www.informit.com/articles/article.aspx?p=353553&seqNum=7&rl=1
>http://searchcio-midmarket.techtarget.com/sDefinition/0,,sid183
>_gci507015,00.html
>http://www.itee.uq.edu.au/~csmweb/decompilation/disasm.html
>
>*snip* rest of uneducated ramblings from an HLL kiddy.
>
>> secret. There
>> would be no "warez", because all the major software companies'crown
>> jewels would be copied and reproduced for pennies.
>
>There would be no warez without what now? You confuse me.
Please Dustin, try to keep up. If any application could be reversed as
easily as you claim, there would be no commercial software because
there would be no economic incentive for writing it.
>
>
>> Different behaviors manifest between different versions and
>> functionality levels. There could be hundreds of supporting libraries
>> which would have to be analyzed too.
>
>Not necessarily. At some point, your program is going to decide whether
>the key is good or not right? I just have to ensure in the future that
>the einvornment says the key is good, whether i even have one or not. And
>if your executable code is based on a flag; and has executable code to
>complete the disabled functions (which isn't a smart thing to do,
>releasing fully functional yet crippled software) then one should be able
>to ensure that code runs, regardless of the result of your so called
>"complex" key verification routines.
You need to understand how public key encryption works. There isn't a
jump somewhere that decides if the key is vailid or not. The
application needs the second half of the key to decrypt and read the
protected code. Yes, lots of shareware can be cracked easily, but I
seriously doubt you have the ability to deconstruct and replicate
anything protected by me. I know it, in fact.
>
>> How come you're not the richest man in the world? How come the NSA
>
>Why is it, for someone who is in the warez scene; you don't know jack
>shit about cracking those blessed apps?
I'm not in the scene, and I know that your position is ridiculous. I
will prove it by demonstrating that you cannot crack my app. Sure,
someone might be able to if they could factor the public key, but you
can't. You can't even create your own recursion engine.
>
>> You claimed you did a complete analysis, but nowhere did you attempt
>> to
>> analyze the messages after they left the host. I have your original
>> analysis if you need a refresher on what you posted. I merely pointed
>
>A refresher on what I posted? *laughing*, Sir my original post had to be
>brought to your attention. Your the one who spoke before reading. :)
From your analysis:
begin
I have allowed both programs virtual access to a network, and
monitoring the packet data. I have found nothing encrypted, nothing
hidden, and no personal identification information that's any
different than what your machine would send to a server anyway.
Ie: As far as I can tell so far, neither program calls home, neither
program has routines to call home. Both programs pass along the
information you provide to the windows tcpip stack, they make no
effort to contact any servers/ips outside that string.
end
Nowhere did you mention any examination of the log files on the NNTP
server. In fact, it's highly unlikely you had any access to the logs.
As I have previously explained, the misbehavior I demonstrated would
not trigger any alerts under normal circumstances.
I have seen other people post suspicions that the message ID was
somehow adulterated. How did you verify it wasn't? You made no mention
of the code which generated the MID, and in fact, posted nothing but
your opinion. I don't even think you knew where to look because if you
did, you would have posted it.
>
>I analyzed the program; I found nothing malicious. and no malicious
>activities. If I had, It would happily be hunted by BugHunter. I am not
>biased when it concerns malicious software. I don't care who writes it.
I agree that you analyzed it. What I disagree with is that your
opinion without a shred of supporting documentation is enough for me
or anyone for that matter.
>
>> to even consider the most important issue, whether on not it was doing
>
>I'd suggest you re-read the post, if you think that's the case, sir. Or,
>find the original post with my analysis.
See above.
>
>> You also indicated that it was written in Visual C. That is incorrect,
>> it was written in Visual C . The programming languages C and C are
>> similar in some respects but are fundamentally different in other
>> ways. For instance, C does not support objects or classes, and C is
>> procedural (like Basic).
My signing engine stripped the pluses because I did not escape them.
PowerPost is written in Visual CPP (plus plus) but you stated Visual
C. There is a big difference between those languages.
>
>I don't know what your disagreing with...?
>
>>
>>>
>>>I'm sorry, but I can't help but call the guy an amateur, after that
>>>education he supposedly tried offering me on a language he has no clue
>>>about. Rather than just outright accept defeat, he'd rather blame the
>>>language for his own misassumptions concerning it.
>>
>> Asic is an antiquated and rarely used language. When was the last
>
>And this somehow changes what I said? :)
What it shows is that you have failed to advance your skill set and
remain hobbled in a technology that went out of style many years ago.
This is proof that you are not the master coder you make yourself out
to me. You are driving around town in a volkswagen beetle screaming
insults at bicyclists because you have modest driving skills.
>
>> Why have other languages taken over? There is a reason modern
>> applications aren't written in Asic. It's still a mystery to you,
>
>I don't believe any languages took anything from Asic, as Asic was never
>in any running that I know of. Applications are written in whatever
>language the author desires to write them in. Modern applications are
>even sometimes written in pure assembler. I know, scary; such an
>antiquated, limited (ehm, hehehe) language that it is too.
So why aren't any commercial products of note written in Asic? Why
have all the world's major vendors chosen other languages?
>
>Sir, really, your the only one here seriously trying to defend the side
>of ignorance with more ignorance. The more you post, the more you show us
>all that your a tool of the language, the language isn't the tool, alas,
>you are.
Says you.
>
>> If anyone had any doubts about your purpose here I think it should be
>> clear now.
>
>My purpose here? I'd strongly encourage you to read the original post
>which brought me here in the first place.
>
>> opprotunity to prove your skills. You don't even know decent Perl when
>> you see it, and you're trying to tell us you're a "coder"?
>
>I don't know any "coders" who would admit to writing primarily in a
>scripting language, sir. Your the exception.
It's not my primary language but I know it well and use it often. I
also use C, and C++ as needed. You will recall I demonstrated how to
seed the random number generator properly in CPP. Perl is one of the
best and most flexible languages in the world. Perl's extensibility is
vast. Millions of people agree with me.
Use C when you want it done fast, use Perl when you want it done
right.
Use Asic if you don't know anything else.
>
>Then again, no coding person I know personally or otherwise has ever told
>me that they could compile a win32 executable and NOT use APIs; and! do
>this magic with a programming language known as Delphi.
I don't Dustin, the Runtime does it for me. I have shown you how that
works but I'll be glad to post another example for you if you would
like a refresher. This is why the rest of the world has moved to RAD
environments.
>
>>
>> I'm beginning to think the only languages you have any understanding
>> of are
>
>Really now? Do you have even the first clue about the software I've
>written? Any fucking idea at all? Oh christ, listen; You don't know shit
>about disassembling anything, do you really think you know anything about
>what I understand vs what I don't? Give it up. You barely even know what
>happens when a win32 executable is built in a language you do program in.
I have only seen what you have posted. You can't even write your own
engine to recurse a folder. The app that you constantly whore around
has no automatic update ability, new definitions are released
manually. What you should have done is pull the updates with a simple
http request, but I bet you didn't because you can't.
>
>> basic derivatives. Is there any chance that you're nothing more than a
>> basic programmer who fell way behind and is now unable to catch up?
>
>Yea, sure; that's it. That's why I'm disassembling several win32
>executables that can do some nasty things and adding signature
>information to an antimalware tool. You forgot, shithead; In order for
>BugHunter to detect these things, I have to add the signatures. That's
>done by analyzing software. And heh, no, idiot, I don't have the source
>code for these either. I don't need it. Nobody who's serious about low
>level code would.
You have already admitted that you get your signatures from other
sources and supplement with your own analysis. I'll be glad to repost
that admission if you need another refresher. You have no hueristic
engine, you just check if the file size matches a known size and then
checksum to verify a match. Not really the work of a master
programmer, is it?
>
>Come back at me sir, when you do have something of substance. I'm tired
>of your stupidity, and your not going to be educating me or anyone else
>here anytime soon if you don't grow the fuck up. Delphi, without apis...
>Script Kiddy.
I did educate you, and any time you drop my name here or anywhere I
monitor, expect a response from me if it's convenient.
>
>> If you can only write code in archaic languages that have tiny (or no)
>> market share(s),do you really think that entitles you to the
>> superiority complex you have?
>
>No superiority complex here, Sir. It's a fact, I'm a better programmer
>than you. Atleast in so far as understanding low level code. You don't
>even know what your compiler is really doing. Your 0wned by your
>languages and not the way it should be.
I don't mind my languages doing the grunt work for me. My time is more
important to me and if I ever need to go low level I can or I can get
someone to do it for me. I have never needed to, and probably never
will.
From the Asic manual:
A S I C (tm) 5.00
"Its Almost Basic" Copyright (c) 1994
by 80/20 Software
All Rights Reserved
I think that says it all.
--
-linux_lad
http://www.spoofproof.org/verify.php?sig=b93188f5b13c95714f75c133b28d326f
(courtesy crosspost for 4Q)
4Q
audience. LinuxLad thrashes Dustbin's
ass with some code 101 basics.
I'm still waiting for Dustbin to thnxU,
acknowledge my kind explanation of
how to setup a stackframe under ASIC
in Assembly via C. The very least he
could do is write the ASIC part and
compile the application to demonstrate
he actually understood how the C-ASM
works *shrug* Guess he's just too
stupid!
http://groups.google.com/group/alt.comp.virus/msg/0b3c67622930ff20f
Anyway on with the show. This is how
things should be, Dustbin picks a fight
with someone he can't win and has his
arse exposed in public again.
4Q archives the posts for the Dustbin
story and narrates for the audience.
http://fourq.host.sk/chars/Dustin_Cook/
Enjoy the show
4Q
<Repost:>
4Q
> This post reposted for the wider
> audience. LinuxLad thrashes Dustbin's
> ass with some code 101 basics.
>
> I'm still waiting for Dustbin to thnxU,
> acknowledge my kind explanation of
> how to setup a stackframe under ASIC
> in Assembly via C. The very least he
> could do is write the ASIC part and
> compile the application to demonstrate
> he actually understood how the C-ASM
> works *shrug* Guess he's just too
> stupid!
>
>
link corrected
http://groups.google.com/group/alt.comp.virus/msg/0b3c6762930ff20f
<snip>
here is the repost (complete)
http://www.spoofproof.org/verify.php?sig=b93188f5b13c95714f75c133b28d326f
(courtesy crosspost for 4Q)
*note* Reinstalled the old faithful
Frontpage Express, so Dustbin Cook
webpage(s) will get a revamp complete
with all the latest news.
http://fourq.host.sk/chars/Dustin_Cook/
(before the week is out)
4Q
Dustin Cook
news:k26oo3t058m8e66l7...@4ax.com:
The fact you can turn on floating point math tends to support my claim
that Asic does support it, wouldn't you agree? GWBASIC is hardly a
subset of QuickBasic, QuickBasic is far more advanced. GWBASIC is better
compared to a commodore or a tandy or something of that generation. It's
more it's style.
I know many programs written in various dialects of basic that are of
the commercial software nature. It's a bit beyond our discussion tho.
>>Wow. I could have done it several ways, your point? Are you ignorant
>>enough to assume there is only one way to do something? Or are you
>>wanting another skullfuck in Asic? :)
>
> The point is you didn't even know what mod did. If you did know, you
> could have just said:
Not true, I had to quote for you from the asic manual regarding mod
command. the last time you tried to ehm, educate me concerning
programming in it.
> Any benefit you gained by setting "a" to a random number was lost when
> you mod 1 it because the value is now zero.
Not true, again. If I simply set a=0 instead of what I did, the result
is the same, but the code generated is not the same. IE: More junk code,
more aggrivation for hueristic scanners. Another topic, you likely don't
know jack shit about.
>>Heh, I've had many conversations with ol Fitzy, He and I go back a
>>very long time; and the insults are warranted my HLL only coding
>>friend. Your pal nick here whom you respect so much is a "macro"
>>freak. His speciality is macro viruses. He isn't actually ehm, *cough
>>cough* a programmer. See alt.comp.virus for posts from ol Fitzy, and
>>try not choke to death on the crow.
>
> He's a paid consultant for a notable av company. You are a well known
> troll. Embedded insults are never appropriate for anyone but sixteen
> year old scriptkiddies with misshapen egos.
What I said about him above still stands, sir. I am a well known virus
writer; hardly a troll. Thanks for crossposting this to alt.comp.virus.
:)
>>You made the mistake of assuming the code was meant to impress
>>someone. It wasn't. It was designed to annoy people, it was never
>>finished, no virus of mine ever made use of any of it.
>
> It was a brag.
It was code you laid into, thinking you could educate me on language you
know absolutely nothing about. It's not much code, mind you. You could
have found other things to complain about.
>>> Really Dustin, you claim you can accurately determine precisely
>>> what
>>> happens from a compiled binary? That's quite a marvelous skill. If
>>
>>
>>http://www.informit.com/articles/article.aspx?p=353553&seqNum=7&rl=1
>>http://searchcio-midmarket.techtarget.com/sDefinition/0,,sid183
>>_gci507015,00.html
>>http://www.itee.uq.edu.au/~csmweb/decompilation/disasm.html
>>
>>*snip* rest of uneducated ramblings from an HLL kiddy.
>>
>>> secret. There
>>> would be no "warez", because all the major software companies'crown
>>> jewels would be copied and reproduced for pennies.
>>
>>There would be no warez without what now? You confuse me.
>
> Please Dustin, try to keep up. If any application could be reversed as
> easily as you claim, there would be no commercial software because
> there would be no economic incentive for writing it.
Did I say any application could be reversed easily? No, I did not. I
said it's entirely possible to reverse engineer damn near anything, and
the warez/crack scene tends to support that claim.
You have no idea how virus writers/antivirus writers work, clearly.
We've been doing this for a very long time, reversing each others work,
for years. It's an ongoing battle.
> You need to understand how public key encryption works. There isn't a
> jump somewhere that decides if the key is vailid or not. The
> application needs the second half of the key to decrypt and read the
> protected code. Yes, lots of shareware can be cracked easily, but I
> seriously doubt you have the ability to deconstruct and replicate
> anything protected by me. I know it, in fact.
Name 3 commercial applications which have executable code uniquely
protected by this key method you speak of, Please.
> I'm not in the scene, and I know that your position is ridiculous. I
Ahah, and we get to the point. You aren't a cracker, you don't know how
things are cracked. Your hungup on the public/private crypto thing, and
for some reason, you think that's 100% security. Continue to believe
that if you wish.
> will prove it by demonstrating that you cannot crack my app. Sure,
Would I be cracking an application sir, or trying to reverse crypto? One
isn't the same as the other. And I see no valid point in cracking
anything that isn't of some value to me.
> Nowhere did you mention any examination of the log files on the NNTP
> server. In fact, it's highly unlikely you had any access to the logs.
> As I have previously explained, the misbehavior I demonstrated would
> not trigger any alerts under normal circumstances.
I ran my own nntp server on a fake network, here sir. The client was
provided access and welcome to try and post to whatever newsgroup it
desired.
> somehow adulterated. How did you verify it wasn't? You made no mention
Sir, this can easily be resolved for everyone if you can somehow provide
proof that the application, Sharkpost does something malicious. Nobody
else, including myself has found anything wrong with it. Perhaps you'll
be the first?
>>> You also indicated that it was written in Visual C. That is
>>> incorrect, it was written in Visual C . The programming languages C
>>> and C are similar in some respects but are fundamentally different
>>> in other ways. For instance, C does not support objects or classes,
>>> and C is procedural (like Basic).
>
> My signing engine stripped the pluses because I did not escape them.
> PowerPost is written in Visual CPP (plus plus) but you stated Visual
> C. There is a big difference between those languages.
Aside from the fact it was a typo on my part, what is your point?
>>And this somehow changes what I said? :)
>
> What it shows is that you have failed to advance your skill set and
> remain hobbled in a technology that went out of style many years ago.
> This is proof that you are not the master coder you make yourself out
> to me. You are driving around town in a volkswagen beetle screaming
> insults at bicyclists because you have modest driving skills.
AHAHAHAHAHAHAAAHAHAHAHAHA.
If only that was really the case, you'd probably sleep better at night.
:)
>>I don't believe any languages took anything from Asic, as Asic was
>>never in any running that I know of. Applications are written in
>>whatever language the author desires to write them in. Modern
>>applications are even sometimes written in pure assembler. I know,
>>scary; such an antiquated, limited (ehm, hehehe) language that it is
>>too.
>
> So why aren't any commercial products of note written in Asic? Why
> have all the world's major vendors chosen other languages?
I'm not sure it matters greatly to our discussion whether or not
commercial applications have ever been written in asic.
>>
>>Sir, really, your the only one here seriously trying to defend the
>>side of ignorance with more ignorance. The more you post, the more you
>>show us all that your a tool of the language, the language isn't the
>>tool, alas, you are.
>
> Says you.
Actually, your own words say it. This post here is your best one tho:
LinuxLad wrote:
"The fact that whatever we produce may or may not run in an ancient dos
environment is really not a concern. The purpose of the application
would be to run in the 16 bit DOS or Win32 console environment that
exists on most Windows-based workstations and servers. There aren't a
lot of malware apps for DOS so I'm not too worried about SysAdmins
demanding we support a DOS machine that only talks NetBUI. It think it
will run just fine in the PE environment too. There will be no api
calls or interrupts in this app, it will be a single self-contained
standalone executable. Most everything I write can compile down to a
single exe. "
Hey 4Q, I know your reading along; any comments to this post of his? :)
> It's not my primary language but I know it well and use it often. I
> also use C, and C++ as needed. You will recall I demonstrated how to
> seed the random number generator properly in CPP. Perl is one of the
> best and most flexible languages in the world. Perl's extensibility is
> vast. Millions of people agree with me.
Millions of people are owned by the latest spyware, trojan and/or worms
too. Millions of people think global warming is a myth. And we won't
even go to what millions of people think the afterlife is supposed to
be. :)
> Use C when you want it done fast, use Perl when you want it done
> right.
>
> Use Asic if you don't know anything else.
LoL! Nice try. :)
>>
>>Then again, no coding person I know personally or otherwise has ever
>>told me that they could compile a win32 executable and NOT use APIs;
>>and! do this magic with a programming language known as Delphi.
>
> I don't Dustin, the Runtime does it for me. I have shown you how that
> works but I'll be glad to post another example for you if you would
> like a refresher. This is why the rest of the world has moved to RAD
> environments.
You don't? Lol, what you actually wrote I saved, only because it's
hillarious to me.
LinuxLad wrote:
"The fact that whatever we produce may or may not run in an ancient dos
environment is really not a concern. The purpose of the application
would be to run in the 16 bit DOS or Win32 console environment that
exists on most Windows-based workstations and servers. There aren't a
lot of malware apps for DOS so I'm not too worried about SysAdmins
demanding we support a DOS machine that only talks NetBUI. It think it
will run just fine in the PE environment too. There will be no api
calls or interrupts in this app, it will be a single self-contained
standalone executable. Most everything I write can compile down to a
single exe. "
Face it, script kiddy, you are a tool of delphi, it 0wns you, not the
other way around. You use API calls, whether you realize it not when
writing anything HLL in windows.
> I have only seen what you have posted. You can't even write your own
> engine to recurse a folder. The app that you constantly whore around
> has no automatic update ability, new definitions are released
> manually. What you should have done is pull the updates with a simple
> http request, but I bet you didn't because you can't.
BugHunter has no networking support of any kind. It doesn't talk to any
tcpip stack. How do you propose it should pull a simple http request
from DOS? :) I chose to use locate.com for it's user flexability, not
because I couldn't emulate what it does. See any ini file for details.
Their's a reason bughunter uses it.
>>
>>> basic derivatives. Is there any chance that you're nothing more than
>>> a basic programmer who fell way behind and is now unable to catch
>>> up?
>>
>>Yea, sure; that's it. That's why I'm disassembling several win32
>>executables that can do some nasty things and adding signature
>>information to an antimalware tool. You forgot, shithead; In order for
>>BugHunter to detect these things, I have to add the signatures. That's
>>done by analyzing software. And heh, no, idiot, I don't have the
>>source code for these either. I don't need it. Nobody who's serious
>>about low level code would.
>
> You have already admitted that you get your signatures from other
> sources and supplement with your own analysis. I'll be glad to repost
> that admission if you need another refresher. You have no hueristic
> engine, you just check if the file size matches a known size and then
> checksum to verify a match. Not really the work of a master
> programmer, is it?
Actually, what I said was that I get samples (not signatures) from all
over. The samples would be the suspect files. My signature system like
most everyone elses is proprietary in nature; and thus, I wouldn't be
able to get them from other sources. Samples son, samples, not
signatures. The supplement you speak of is a bit more involved. First, I
need to ensure I have a complete executable, not an intended, not a
partial but aborted download; I don't want to waste time scanning for
non functional code. I was doing it by hand, but I finally got around to
writing this to help. Source included:
http://bughunter.it-mate.co.uk/exevalid.zip
It's very simple in what it does, but probably beyond you.
I suppose you'll correct my math in it too, But I'd be careful in doing
so. :)
Once I determine I have a pile of real executables, I scan them with
bughunter, any matches are deleted, obviously. Once that's done, the
next step is fun: http://bughunter.it-mate.co.uk/genname2.zip
they are sorted in sequential order based on extension. A signature is
then taken from each after verification that I don't have duplicates
(I'm still doing this by hand for now).
Each file is then tested in sandboxie v3.21 and vmware v5 running 98se
and windows xp sp2. Any files they generate in kind are collected for
analysis too.
Once this is completed, the file is submitted to 3 antivirus sites, for
their opinion. If many of them flag it as something in particular, I
usuaully won't go any further, the signature generated is added to
BugHunter with a description. If few of them flag it, it's moved to the
later disassembly folder where it's taken apart by hand and examined the
old fashioned way.
> I did educate you, and any time you drop my name here or anywhere I
> monitor, expect a response from me if it's convenient.
To be honest, I pulled a 4Q. I was hoping you'd initiate cross-posting
to alt.comp.virus. :) Much better peer review here. You'll be exposed to
others who can/do code. :)
> I don't mind my languages doing the grunt work for me. My time is more
> important to me and if I ever need to go low level I can or I can get
> someone to do it for me. I have never needed to, and probably never
> will.
Translation: You don't need to be in control.
From an author who writes in asic:
Routines for ASIC Compiler written By:
Mr. Charles P. White, 26, Oakdene, Stourport-On-Severn, Worcs
DY13 9NF. ENGLAND.
All routines are supplied AS-IS, without warrenty, expressed or
implied.
This package combines both collections ASIC-F1 and ASIC-F2!!
Please send 6 pounds sterling for Registration.
The ASIC COMPILER is very good for many tasks. The code you write
is very close to the code that one would write in assembler.
Using Lables, and Single Line Commands are all part of the
assemblers way of doing things. As you will [ or have ] noticed,
the COM code produced is very small INDEED!
With a little bit of thought, you can create some very fast
commercial looking programms. I've put together some routines that
will get you up and running FAST with some interesting effects. You
can add then as routines to you stuff.
--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2e
Email.: bughunte...@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
Dustin Cook
news:MPG.21f5bfd0e...@news.sharkpost.org:
> This post, Dustin Cook <bughunte...@gmail.com>
> Message-ID:<<Xns9A25B9DF73A...@69.28.186.121>>
> may be monitored for quality assurance:
>|
>|> If you can only write code in archaic languages that have tiny (or
>|> no) market share(s),do you really think that entitles you to the
>|> superiority complex you have?
>|
>|No superiority complex here, Sir. It's a fact, I'm a better programmer
>|than you. Atleast in so far as understanding low level code. You don't
>|even know what your compiler is really doing. Your 0wned by your
>|languages and not the way it should be.
>
> Thank you for the most hilarious laugh I've _ever_ read.
Your welcome Apostle. Linuxlad has taken it upon himself to cross-post
alt.comp.virus in an effort to get help from my peers and the infamous
4Q. I've had to crosspost my reply there so people understand LinuxLad
isn't taking me to task, but it's fun to see him try. :)
> Watching you take John Davis to task for his overblown mouth and
> limited intelligence was indeed great. It reminded me of when I used
> to beat the shit out him rubbing his nose in his own ignorance and
> stupidity. It's one of the reasons why he has this obsession with me.
He can't help himself.
> He stepped into this conversation trying to discredit your knowledge
> and pronouce himself the superior coder, and left with his foot in his
> mouth, again, proving his hasn't the first clue what he is talking
> about.
Was this as funny for you as it was for me? :)
> Priceless.
I hope your paying attention 4Q; this is Apostle I'm quoting/responding
too, one of John's peers. :)
> Of course he'll try to spin this into a victory for himself, to
> pronouce himself the superior coder again, against anyone who dare
> question his abilities with either another "smoke and mirrors"
> challenge or a mountain a lies to cover his shortcomings.
He already is trying, see alt.comp.virus :)
Lezzie "Black Dragon" Paulin
"Dustin Cook" <bughunte...@gmail.com> wrote in message
news:Xns9A2673C70D1...@69.28.186.121...
> -linux_lad <jo...@linuxlad.nospam.org> wrote in
> news:k26oo3t058m8e66l7...@4ax.com:
>
>> On Mon, 14 Jan 2008 23:06:21 GMT, Dustin Cook
>> <bughunte...@gmail.com> wrote:
//////////////////SLAP\\\\\\\\\\\\\\\
my aching fucking asshole why dont you STFU k00k. youve made your mark
dustbin. i thought lezzie was a blowhard!
Dustin Cook
news:94238dde-2e7f-4f2f...@v29g2000hsf.googlegroups.com:
> This post reposted for the wider
> audience. LinuxLad thrashes Dustbin's
> ass with some code 101 basics.
I fixed your headers, 4Q; I ensure this post will goto John's homegroup;
that you really should read for yourself, before you assume this stool
pigeon is going to own me. :)
>
> Anyway on with the show. This is how
> things should be, Dustbin picks a fight
> with someone he can't win and has his
> arse exposed in public again.
HAHAHA. It's not quiet that way, but alas, you can try and spin it if you
want. Your obsessed with me. Practically your whole website is dedicated
to me. :)
> Enjoy the show
> 4Q
Oh, I am. Several are, most likely. Don't snip
alt.binaries.warez.ibm-pc.d from future headers, paco; your going to miss
out on the real fun. :)
spyvsspy
<bughunte...@gmail.com> wrote:
>4Q <paul...@hushmail.com> wrote in
>news:94238dde-2e7f-4f2f...@v29g2000hsf.googlegroups.com:
>
>> This post reposted for the wider
>> audience. LinuxLad thrashes Dustbin's
>> ass with some code 101 basics.
>
>I fixed your headers, 4Q; I ensure this post will goto John's homegroup;
>that you really should read for yourself, before you assume this stool
>pigeon is going to own me. :)
>
>>
>> Anyway on with the show. This is how
>> things should be, Dustbin picks a fight
>> with someone he can't win and has his
>> arse exposed in public again.
>
>HAHAHA. It's not quiet that way, but alas, you can try and spin it if you
>want. Your obsessed with me. Practically your whole website is dedicated
>to me. :)
>
>> Enjoy the show
>> 4Q
>
>Oh, I am. Several are, most likely. Don't snip
>alt.binaries.warez.ibm-pc.d from future headers, paco; your going to miss
>out on the real fun. :)
I'm wondering how someone that doesn't know the difference between
"your" and "you're" can claim they're intelligent enough to wipe their
ass?
Dustin Cook
Rockin! A grammar lame. You get... well shit, I'm out of cookies. So you
get nothing!
Lezzie "Black Dragon" Paulin
> 4Q <paul...@hushmail.com> wrote in
> news:94238dde-2e7f-4f2f...@v29g2000hsf.googlegroups.com:
>
>> This post reposted for the wider
>> audience. LinuxLad thrashes Dustbin's
>> ass with some code 101 basics.
>
> I fixed your headers, 4Q; I ensure this post will goto John's homegroup;
> that you really should read for yourself, before you assume this stool
> pigeon is going to own me. :)
give it up ya fuckin k00k its too late. many have recently claimed ownership
of your lame trolling ass.
kookkrusher
Subject: Re: TheApostle is caught lying again
From: observer <looking@thÃngs.com>
Date: Sun, 13 Jan 2008 11:36:08 +0000
Message-ID: <sbqc923qpqpc4e35u...@4ax.com>
******************************************************
On Sat, 12 Jan 2008 20:15:22 -0500, Leslie "TheApostle" Paulin
<likes-...@mailme.org> wrote:
> You sound like a pedophile. You argue like a pedophile.
From: TheApostle <likes-...@mailme.org>
Newsgroups: alt.binaries.warez.ibm-pc.d,alt.binaries.warez.linux
Subject: Re: NO CHRISTMAS for THE USENET GODLESS !! .. .
Date: Wed, 14 Dec 2005 16:34:40 -0500
Message-ID: <MPG.1e0a59f7b...@nnrp.mynews-ownsyou.com>
Any person who admits he knows how a pedophile thinks is a
pedophile. No other person could know how a pedophile thinks
but one of the same.
From: TheApostle <likes-...@mailme.org>
Newsgroups: alt.binaries.sounds.mp3.d,...
Subject: Re: Done deal now.
Date: Mon, 13 Jun 2005 17:42:23 -0400
Message-ID: <MPG.1d17c7bce...@nnrp.mynews-ownsyou.com>
How would you know what a pedophile thinks unless you are one.
Only a pedophile would know what a pedophile thinks.
From: TheApostle <likes-...@mailme.org>
Newsgroups: alt.binaries.warez.ibm-pc.d,alt.2600.warez,...
Subject: Re: Challenge to TheApostle: Give Us Your FINAL Answer
Date: Wed, 21 Dec 2005 18:20:50 -0500
Message-ID: <MPG.1e13ad5ca...@nnrp.mynews-ownsyou.com>
Why don't you try comprehending what you do read, stupid. I
keep
saying that only a pedophile would know how another pedophile
thinks.
> Expressing your SICK and DISGUSTING //slap//
From: TheApostle <likes-...@mailme.org>
Newsgroups: alt.binaries.sounds.mp3.d
Subject: Re: Kohout Jr.'s killfile having problems.
Date: Tue, 08 Feb 2005 04:54:28 GMT
Message-ID: <MPG.1c720f958...@news.asskicker.ca>
Stop thinking like a pedophile, sicko.
TheApostle
Message-ID:<<iveqo319ss13r2qt8...@4ax.com>>
may be monitored for quality assurance:
|
Hi, TheApisshole - Yes, we've already read these sniplets, and some took
babysteps so you could understand them the simple differences with "sounding"
and the other word "thinking" but unfortunately for you, these subjects
still remain out of your grasp of understanding. Clearly you still have some
confusion and some unresolved issues (ie:"B00tfucking").
I would be more than happy to take my time to further demonstrate how stupid
and ridiculous you are, while ridiculing you to no end, Alas all we would
benefit from that is watching you slink away under _yet_ again to licking
your wounds, crying, and shifting into another brand self-spanking new nym
from being humiliated and disgraced. <smiles> How many nyms are you at now?
To remind you of why you ran away, ya know from the last ass-kicking you got;
(a) The first quote(s) shows the child molester and kiddie porn poster Mjolner
(aka UFF) stating that he knows _how_ a pedophile thinks and me explaining
to him how exactly can he know how a pedophile thinks unless he is a
pedophile. That is simple and reasonable logic.
(b) The last quote, is me telling an MP3 nym-shifting troll (presumably you)
to stop projecting his pedophile thoughts into the newgroup. I'm not
professing to know what a pedophile thinks.
Neither of these quotes, which are presented out of context and maliciously
deceiptful intentions demonstrate anything you would like them to, but as I
explained to you before you ran away sobbing and crying, do keep on trying to
best me, lil one. Next time, do try and have someone else explain what you
reading so you are able to grasp it more readily and therefore you don't have
to suffer such a terrible defeat, again, at my hands. <WEFG>
--
X=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
Join the Pirate Party! http://www.pirate-party.us
Sharkpost Home http://www.sharkpost.net
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Pedophile-Supporter Jack 'GitRDunn' Cohen uses the First
Amendment Rights argument to protect the rights of kiddie
porn posters and pedophiles to post what they "likes".
From: Jack 'GitRDunn' Cohen <G...@RDunn.hk>
Newsgroups: alt.binaries.warez.ibm-pc.d
NNTP-Posting-Date: Fri, 11 Jan 2008 19:28:49 EST
Message-ID: <5RThj.26$6F6.8@trndny09>
I hate pedos and pervs as much as anyone else but I
don't have the right to stop them from their first
amendment rights to post what "they" like.
X=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
Mr. E
"TheApostle" <likes-...@mailme.org> wrote in message
news:MPG.21f70d7d5...@news.sharkpost.org...
Righto Pedo...I mean Jackass. All lies and quotes taken out of context?
You slobbering buffoon, your past bites you in the ass again!! LMFAO!!
Nice try though LeSs.
--
Why do k00ks, stalkers, and pedos call it a "hate site"?
Because k00ks, stalkers, and pedos hate it!
http://www.uffnet.com/
"like most of the rest of the world, Leslie puts
his pants on one leg at a time. unfortunately,
they're backwards, and he spends the rest
of the day wondering how his ass got so small."
-.inf.UZION
"Les takes a punting and keeps on fronting!"
-LSD
To verify that this post isn't forged, click here:
http://www.spoofproof.org/verify.php?sig=54c31210d4794e824c64c81a199712c0
Dustin Cook
news:MPG.21f6f62bd...@news.sharkpost.org:
> This post, Dustin Cook <bughunte...@gmail.com>
> Message-ID:<<Xns9A26761DEAB...@69.28.186.121>>
> may be monitored for quality assurance:
>|
>|4Q <paul...@hushmail.com> wrote in
>|news:94238dde-2e7f-4f2f...@v29g2000hsf.googlegroups.com:
>|
>|> This post reposted for the wider
>|> audience. LinuxLad thrashes Dustbin's
>|> ass with some code 101 basics.
>|
>|I fixed your headers, 4Q; I ensure this post will goto John's
>|homegroup; that you really should read for yourself, before you assume
>|this stool pigeon is going to own me. :)
>
> I never believed someone could humiliate themselves so quickly
> with one single statement, but after seeing 4Q's footchomping
> statement I am now a believer.
>
> "googlegroups.com:" <---------------------- <laffs out loud>
>
> I am just guessing, but 4Q demonstrates that he is this groups
> resident punching bag, am I wrong?
4Q is the infamous alt.comp.virus troll. He's supposed to keep vxers/ex
vxers in check with his idea of reality. LoL.
BuZZard
"Lezzie "Black Dragon" Paulin" <lez...@fuck.head> wrote in message
news:1200423...@sp6iad.superfeed.net...
I want da TROOPHHH!!!!
kookkrusher
TheApostle
Message-ID:<<q6oqo3d1tk3bek854...@4ax.com>>
may be monitored for quality assurance:
|
As already educated to you, I am obviously not professing to know what a
pedophile thinks (I leave that to the kiddie porn poster Mjolner). It is
me _telling_ (that's writing as it is shown in the quote) a MP3 group troll
(presumably you) to refrain from projecting his pedophile thoughts into the
newgroup.
I believe when you understand the difference of professing to know what a
pedophile thinks, and viewing a pedophile expressing his thoughts, you may
just gain an ounce of intelligence.
However, it has been my experience that sick perverts (like Jack "GitrDunn"
Cohen, Mjolner, and if you're the same MP3 group troll) all suffer from
limited intelligence.
|>Neither of these quotes, which are presented out of context and maliciously
|>deceiptful intentions demonstrate anything you would like them to, but as I
|>explained to you before you ran away sobbing and crying, do keep on trying to
|>best me, lil one. Next time, do try and have someone else explain what you
|>reading so you are able to grasp it more readily and therefore you don't have
|>to suffer such a terrible defeat, again, at my hands. <WEFG>
Please do have someone help you with your reading skills. Cya!
kookkrusher
<likes-...@mailme.org> wrote:
>This post, TheApostle <likes-...@mailme.org>
>Message-ID:<<MPG.21f72e42e...@news.sharkpost.org>>
>I forgot this and I believe this will be a better example to help someone
>like you, who has a hard time speaking with the grownups understand exactly
>what I am saying.
>
>Recently, Jack 'GitRDunn' Cohen expressed his pedophile thoughts about my
>pre-teen neice.
>
> From: GitRDunn <G...@RDunn.hk>
> Newsgroups: alt.binaries.warez.ibm-pc.d
> Date: Sat, 12 Jan 2008 19:54:55 GMT
> Message-ID: <jW8ij.81$s67.30@trndny05>
>
> "Your niece sounds like a tasty little morsel.
>
>Since he had _expressed_ these thoughts, I was able to tell him to keep his
>pedophile thoughts out of the group.
>
>It is not me professing to know how a pedophile thinks, merely me witnesssing
>the thoughts of a pedophile as he wrote them..
How did you recognize the thoughts of a pedophile when you yourself
claim you must be one to recognize their thinking? Tell it to someone
that believes your backpedaling, kook.
TheApostle
Message-ID:<<hopqo3l588n7tp5e6...@4ax.com>>
may be monitored for quality assurance:
|
|>
|>Recently, Jack 'GitRDunn' Cohen expressed his pedophile thoughts about my
|>pre-teen neice.
|>
|> From: GitRDunn <G...@RDunn.hk>
|> Newsgroups: alt.binaries.warez.ibm-pc.d
|> Date: Sat, 12 Jan 2008 19:54:55 GMT
|> Message-ID: <jW8ij.81$s67.30@trndny05>
|>
|> "Your niece sounds like a tasty little morsel.
|>
|>Since he had _expressed_ these thoughts, I was able to tell him to keep his
|>pedophile thoughts out of the group.
|>
|>It is not me professing to know how a pedophile thinks, merely me witnesssing
|>the thoughts of a pedophile as he wrote them..
|
|How did you recognize the thoughts of a pedophile when you yourself
|claim you must be one to recognize their thinking? Tell it to someone
|that believes your backpedaling, kook.
Are you really this stupid - you must be.
First off,
No, I did not claim that I could not recognize the thoughts of a pedophile.
If you were to tell me that you wanted to have sexual relations with a enfant
child - clearly those would be one of the many pedophile thoughts you are
expressing.
Secondly,
Read this closely.
I'm not professing to know what a pedophile thinks.
That does not mean that I cannot recognize the thoughts of a pediophile when
they are freely expressing those thoughts in a public group. I am edcuated
enough to know that when a grown adult has sexual fantasies about young
children he is a pedophile.
When he expresses these thoughts - he is expressing his pedophile thoughts.
You, on the other hand do not know very much, and I feel sorry that you have
to continually humiliate yourself. Even more so with the beliefs that a reply
to a person is a "Bootfuck" and educating your stupid ass is a "backpedal".
A "Backpedal" is when a person changes their position.
"It means to try to reverse direction in a metaphorical sense. It is
often used to describe someone who says something and then tries to
take it back. Politicians are often accused of back peddling when they
say something controversial. The metaphor comes from riding a bicycle.
If you try to make it go in reverse you can peddle backwards, but on
most bikes the gears just spin futilely. Which is the same result as
trying to unsay something you've already said. It is futile."
Similar to when Bill Clinton had stated that he had no had sexual intercourse
with that woman, and later changed his story to state he had. Or President GW
Bush had said that Iraq had weapons of mass destruction and now they do not.
I have not changed my position.
I have stated I do not profess to know what pedophile think. I have stated
that many pedophiles have _expressed_ their thoughts in these groups and I
have had words with them urging them to keep their sexual fantasies out of
these groups.
This is how you "BOOTFUCK" someone --- I hope you're taking notes <smiles>
Do..... try again. <laughs out loud>
kookkrusher
Give it up kook. We all watched you defend a pedo for months on end.
Do you always jump to the defense of someone you don't know when
others confront him with his past?
4Q
> may be monitored for quality assurance:
> |
> |TheApostle <likes-...@mailme.org> wrote in
> |news:MPG.21f6f62bd...@news.sharkpost.org:
> |
> |> This post, Dustin Cook <bughunte...@gmail.com>
> |> Message-ID:<<Xns9A26761DEAB...@69.28.186.121>>
> |> may be monitored for quality assurance:
> |>|
> |>|4Q <paul...@hushmail.com> wrote in
> |>|news:94238dde-2e7f-4f2f...@v29g2000hsf.googlegroups.com:
> |>|
> |>|> This post reposted for the wider
> |>|> audience. LinuxLad thrashes Dustbin's
> |>|> ass with some code 101 basics.
> |>|
> |>|I fixed your headers, 4Q; I ensure this post will goto John's
> |>|homegroup; that you really should read for yourself, before you assume
> |>|this stool pigeon is going to own me. :)
> |>
> |> I never believed someone could humiliate themselves so quickly
> |> with one single statement, but after seeing 4Q's footchomping
> |> statement I am now a believer.
> |>
> |> "googlegroups.com:" <---------------------- <laffs out loud>
> |>
> |> I am just guessing, but 4Q demonstrates that he is this groups
> |> resident punching bag, am I wrong?
> |
> |4Q is the infamous alt.comp.virus troll.
>
> 11 years all because I upset his fragile widdle feelings, or perhaps
> it was because I was a looked up to and he was is anothing. Now that
> is ownership!! He's created websites about me, replies to every single
> one of my posts and believes I am around every corner.
*heh* Very amusing. It's a pity I can't
read or write posts in the alt.binary
groups (via the Google system) I'm sure
it's very entertaining. I've got no
idea who all these names that keep
popping up are.
I've figured out that you are the owner
of Sharkpost (sounds like an interesting
application, I might coderip some the
code so I can dump 4Q site directly into
the Google archives)
You seem to have a few enemies over
there in the alt.binary groups. Shame you've decided to get into bed
with
Dustbin Cook, you do know the guy is a
raving loon and confirmed kOOk?
4Q ( Recreational Troll )
Dustin Cook
news:f8235ef4-1db3-4dfc...@e4g2000hsg.googlegroups.com:
You have no excuse for not getting a real nntp client and usenet
provider.
> I've figured out that you are the owner
> of Sharkpost (sounds like an interesting
> application, I might coderip some the
> code so I can dump 4Q site directly into
> the Google archives)
You figured wrong. He didn't author SharkPost. Bill did. :)
> You seem to have a few enemies over
> there in the alt.binary groups. Shame you've decided to get into bed
ahahaha... Sure, thing 4Q; good luck. :)
-linux_lad
<bughunte...@gmail.com> wrote:
>
>The fact you can turn on floating point math tends to support my claim
>that Asic does support it, wouldn't you agree? GWBASIC is hardly a
>subset of QuickBasic, QuickBasic is far more advanced. GWBASIC is better
>compared to a commodore or a tandy or something of that generation. It's
>more it's style.
What I said is that it appears not to support floating point. The fact
that it only does as an afterthought is semantics. And by susbset, I
mean that it only supports a portion of the superior language's
fucntionality. They are not disparate languages Dustin, they are all
dialects of Basic.
>
>I know many programs written in various dialects of basic that are of
>the commercial software nature. It's a bit beyond our discussion tho.
I agree, the discussion here is about Asic.
>
>>>Wow. I could have done it several ways, your point? Are you ignorant
>>>enough to assume there is only one way to do something? Or are you
>>>wanting another skullfuck in Asic? :)
>>
>> The point is you didn't even know what mod did. If you did know, you
>> could have just said:
>
>Not true, I had to quote for you from the asic manual regarding mod
>command. the last time you tried to ehm, educate me concerning
>programming in it.
If you had known, you would not have done it.
>
>> Any benefit you gained by setting "a" to a random number was lost when
>> you mod 1 it because the value is now zero.
>
>Not true, again. If I simply set a=0 instead of what I did, the result
>is the same, but the code generated is not the same. IE: More junk code,
>more aggrivation for hueristic scanners. Another topic, you likely don't
>know jack shit about.
From the point of view of the compiler, it does not matter what the
value of "a" was before you set it to zero by dividing it by 1.
you said
let a = 6433
let a = 6433 mod 1
so now "a" is zero. You made a trip to rand and then did some math for
an end result that added nothing to the functionality of the program.
>>
>> He's a paid consultant for a notable av company. You are a well known
>> troll. Embedded insults are never appropriate for anyone but sixteen
>> year old scriptkiddies with misshapen egos.
>
>What I said about him above still stands, sir. I am a well known virus
>writer; hardly a troll. Thanks for crossposting this to alt.comp.virus.
>:)
You are a well known troll, but you are an obscure virus writer. And
not a very good one either, I'll add.
>
>>>You made the mistake of assuming the code was meant to impress
>>>someone. It wasn't. It was designed to annoy people, it was never
>>>finished, no virus of mine ever made use of any of it.
>>
>> It was a brag.
>
>It was code you laid into, thinking you could educate me on language you
>know absolutely nothing about. It's not much code, mind you. You could
>have found other things to complain about.
>
>>>> Really Dustin, you claim you can accurately determine precisely
>>>> what
>>>> happens from a compiled binary? That's quite a marvelous skill. If
>>>
>>>
>>>http://www.informit.com/articles/article.aspx?p=353553&seqNum=7&rl=1
>>>http://searchcio-midmarket.techtarget.com/sDefinition/0,,sid183
>>>_gci507015,00.html
>>>http://www.itee.uq.edu.au/~csmweb/decompilation/disasm.html
>>>
>>>*snip* rest of uneducated ramblings from an HLL kiddy.
>>>
>>>> secret. There
>>>> would be no "warez", because all the major software companies'crown
>>>> jewels would be copied and reproduced for pennies.
>>>
>>>There would be no warez without what now? You confuse me.
>>
>> Please Dustin, try to keep up. If any application could be reversed as
>> easily as you claim, there would be no commercial software because
>> there would be no economic incentive for writing it.
>
>Did I say any application could be reversed easily? No, I did not. I
>said it's entirely possible to reverse engineer damn near anything, and
>the warez/crack scene tends to support that claim.
You have consistently claimed that you can make an accurate
determination of what goes on. While you may be able to form some
general ideas, you simply cannot form an accurate analysis on any
complex operations. If this were possible, it would be easy to turn
compiled binaries into source code.
Cracking a protected software package and making an accurate
determination on everything that's happening are two vastly different
things.
>
>You have no idea how virus writers/antivirus writers work, clearly.
>We've been doing this for a very long time, reversing each others work,
>for years. It's an ongoing battle.
I have explained to you how it's done Dustin.
>
>> You need to understand how public key encryption works. There isn't a
>> jump somewhere that decides if the key is vailid or not. The
>> application needs the second half of the key to decrypt and read the
>> protected code. Yes, lots of shareware can be cracked easily, but I
>> seriously doubt you have the ability to deconstruct and replicate
>> anything protected by me. I know it, in fact.
>
>Name 3 commercial applications which have executable code uniquely
>protected by this key method you speak of, Please.
SAS
DB2
Hyperion
QRM
NetApp
EMC
CiscoOS
SonicOS
HPOV
Many digital cable and satellite systems are also protected with
public keys.
Ok Dustin, class is in session again.
Here's how apps are protected with public key technology.
Developer creates app with certain functions encrypted to the
project's public key. Those functions are encrypted and the function
simply returns null until decrypted in the protected memory block
In general terms (and very limited detail):
user downloads and installs software
software generates unique machine ID
request license from vendor with unique machine ID
key is generated by vendor (part of the private key)
key encrypted with machine key supplied by user and sent back (usually
two or more levels)
key recieved and installed by user
key decrypted with unique machine ID
protected functions decrypted into protected memory
unless the key is decrypted, those protected functions aren't ever
decrypted. You can disassemble until the cows come home. There is no
password to guess, you need the private key to get those functions
decrypted. No private key, no worky.
You might be able to get ahold of a working key and then find a way to
get the working decrypted code out of the secure memory, but it's
pretty tough. Simply beyond your capability.
>
>> I'm not in the scene, and I know that your position is ridiculous. I
>
>Ahah, and we get to the point. You aren't a cracker, you don't know how
>things are cracked. Your hungup on the public/private crypto thing, and
>for some reason, you think that's 100% security. Continue to believe
>that if you wish.
Please see above. Nothing is ever perfectly secure, but as far as
people like you are concerned, it is functionally secure.
>
>> will prove it by demonstrating that you cannot crack my app. Sure,
>
>Would I be cracking an application sir, or trying to reverse crypto? One
>isn't the same as the other. And I see no valid point in cracking
>anything that isn't of some value to me.
You will be reversing a licensing protection scheme, like it were some
piece of shareware that needed a license to activate all of its
features. The only value to you is that you will have proven you are a
cracker. In reality you will not accept the challenge and invent some
silly pretext because you may finally understand why this is not the
same as returning zero on a license check.
You will have to be able to break a large RSA key. I don't think you
or anyone you know can.
>
>> Nowhere did you mention any examination of the log files on the NNTP
>> server. In fact, it's highly unlikely you had any access to the logs.
>> As I have previously explained, the misbehavior I demonstrated would
>> not trigger any alerts under normal circumstances.
>
>I ran my own nntp server on a fake network, here sir. The client was
>provided access and welcome to try and post to whatever newsgroup it
>desired.
If you had, you would have said so, and would have provided logs to
that affect. You only adopted that claim after I explained how it
could be done.
>
>> somehow adulterated. How did you verify it wasn't? You made no mention
>
>Sir, this can easily be resolved for everyone if you can somehow provide
>proof that the application, Sharkpost does something malicious. Nobody
>else, including myself has found anything wrong with it. Perhaps you'll
>be the first?
I'm not saying it is or isn't malicious. I'm saying that you are not
qualified to make the determination or insult people who question your
judgement.
>>>> You also indicated that it was written in Visual C. That is
>>>> incorrect, it was written in Visual C . The programming languages C
>>>> and C are similar in some respects but are fundamentally different
>>>> in other ways. For instance, C does not support objects or classes,
>>>> and C is procedural (like Basic).
>>
>> My signing engine stripped the pluses because I did not escape them.
>> PowerPost is written in Visual CPP (plus plus) but you stated Visual
>> C. There is a big difference between those languages.
>
>Aside from the fact it was a typo on my part, what is your point?
I don't think it was a typo. You're using that as a defense.
>
>>>And this somehow changes what I said? :)
>>
>> What it shows is that you have failed to advance your skill set and
>> remain hobbled in a technology that went out of style many years ago.
>> This is proof that you are not the master coder you make yourself out
>> to me. You are driving around town in a volkswagen beetle screaming
>> insults at bicyclists because you have modest driving skills.
>
>AHAHAHAHAHAHAAAHAHAHAHAHA.
Not really funny, it's sad in my view, but if you want to bust out a
maniacal laugh, you have my permission.
>
>If only that was really the case, you'd probably sleep better at night.
>:)
I sleep OK.
>
>>>I don't believe any languages took anything from Asic, as Asic was
>>>never in any running that I know of. Applications are written in
>>>whatever language the author desires to write them in. Modern
>>>applications are even sometimes written in pure assembler. I know,
>>>scary; such an antiquated, limited (ehm, hehehe) language that it is
>>>too.
>>
>> So why aren't any commercial products of note written in Asic? Why
>> have all the world's major vendors chosen other languages?
>
>I'm not sure it matters greatly to our discussion whether or not
>commercial applications have ever been written in asic.
It matters because you have suggested it's the best language for the
projects you undertake. It matters because you want us to believe that
you have voluntarily chosen Asic over all the other superior languages
in the world. It matters because you use the term "non-coders" as an
insult.
>Hey 4Q, I know your reading along; any comments to this post of his? :)
>
>> It's not my primary language but I know it well and use it often. I
>> also use C, and C++ as needed. You will recall I demonstrated how to
>> seed the random number generator properly in CPP. Perl is one of the
>> best and most flexible languages in the world. Perl's extensibility is
>> vast. Millions of people agree with me.
>
>Millions of people are owned by the latest spyware, trojan and/or worms
>too. Millions of people think global warming is a myth. And we won't
>even go to what millions of people think the afterlife is supposed to
>be. :)
Is that your way of suggesting I'm wrong? Do you really disagree that
your 1994 limited function basic is a serious contender in this
networked world?
>
>>>
>>>Then again, no coding person I know personally or otherwise has ever
>>>told me that they could compile a win32 executable and NOT use APIs;
>>>and! do this magic with a programming language known as Delphi.
>>
>> I don't Dustin, the Runtime does it for me. I have shown you how that
>> works but I'll be glad to post another example for you if you would
>> like a refresher. This is why the rest of the world has moved to RAD
>> environments.
>
>You don't? Lol, what you actually wrote I saved, only because it's
>hillarious to me.
You keep reposting it because you have nothing else.
>
>LinuxLad wrote:
>
>"The fact that whatever we produce may or may not run in an ancient dos
>environment is really not a concern. The purpose of the application
>would be to run in the 16 bit DOS or Win32 console environment that
>exists on most Windows-based workstations and servers. There aren't a
>lot of malware apps for DOS so I'm not too worried about SysAdmins
>demanding we support a DOS machine that only talks NetBUI. It think it
>will run just fine in the PE environment too. There will be no api
>calls or interrupts in this app, it will be a single self-contained
>standalone executable. Most everything I write can compile down to a
>single exe. "
>
>Face it, script kiddy, you are a tool of delphi, it 0wns you, not the
>other way around. You use API calls, whether you realize it not when
>writing anything HLL in windows.
You continue to ignore that I have explained that the API work is done
via the runtime. I have also offerred to show you. The most commonly
used features of the WinAPI are wrapped in functions.
>
>> I have only seen what you have posted. You can't even write your own
>> engine to recurse a folder. The app that you constantly whore around
>> has no automatic update ability, new definitions are released
>> manually. What you should have done is pull the updates with a simple
>> http request, but I bet you didn't because you can't.
>
>BugHunter has no networking support of any kind. It doesn't talk to any
I know. It can't.
>tcpip stack. How do you propose it should pull a simple http request
>from DOS? :) I chose to use locate.com for it's user flexability, not
Not a lot of dos workstations around, but the you can talk to tcpip
from dos. Ever hear of BartPE? Modern languages also support system
calls so you can use the operating system to do some of your if your
language can't.
>because I couldn't emulate what it does. See any ini file for details.
>Their's a reason bughunter uses it.
I know. Another reason why you shouldn't be slamming me for using
modern languages.
<snip>
>
>> I did educate you, and any time you drop my name here or anywhere I
>> monitor, expect a response from me if it's convenient.
>
>To be honest, I pulled a 4Q. I was hoping you'd initiate cross-posting
>to alt.comp.virus. :) Much better peer review here. You'll be exposed to
>others who can/do code. :)
How's that working out for you?
>
>> I don't mind my languages doing the grunt work for me. My time is more
>> important to me and if I ever need to go low level I can or I can get
>> someone to do it for me. I have never needed to, and probably never
>> will.
>
>Translation: You don't need to be in control.
I'm in enough control, and I'm not prevented from more control if I
need it. It does the job for me and I never say, "dang, I can't do
that". For all this talk about control, you can't recurse or talk to
a net. Should you be crowing about control?
--
-linux_lad
http://www.spoofproof.org/verify.php?sig=c3334620af0ee7ab60da1656a0a14fef
duhstinsupercoder
I notice DUHstin claims that a simple integer assignment will produce
more compiler "junk code" than his many cycle rnd/mod routines. I'll
bet Akula caught that one too. <bfg> At least DUHstin knows what the
modulo function does now. That's some progress.
So DUHstin is compiling DOS programs? I wonder if he's aware that
Vista is the end of the road for 32bit Windows and 16bit code does not
run on 64bit Windows? His coding days may be over soon because I don't
think he can handle the learning curve needed for OOP.
4Q
> This post, 4Q <paul...@hushmail.com>
> Message-ID:<<f8235ef4-1db3-4dfc...@e4g2000hsg.googlegroups.com>>
>
> |It's a pity I can't read or write posts in the alt.binary groups (via the
> |Google system) I'm sure it's very entertaining.
>
>
> |I've got no idea who all these names that keep popping up are.
>
>
> |I've figured out that you are the owner of Sharkpost (sounds like an interesting
> |application, I might coderip some the code so I can dump 4Q site directly into
> |the Google archives)
>
> not the owner of Sharkpost (re:clueless) I only maintain the website..
>
> |You seem to have a few enemies over there in the alt.binary groups.
>
>
> |Shame you've decided to get into bed with Dustbin Cook,
>
>
> |you do know the guy is a raving loon and confirmed kOOk?
>
>
> |4Q ( Recreational Troll )
>
*haha* I like the fiesty ones.
You're the type that never stops wriggling.
Welcome, welcome ;]]
4Q
Lezzie "Black Dragon" Paulin
> This post, <KooK Krusher>
> Message-ID:<<mosqo3lo46pig56u9...@4ax.com>>
> may be monitored for quality assurance:
> |
> |<likes-...@mailme.org> wrote:
> To a simpleton like you, that may be defending people, however
> to educated people, it's questioning the evidence and not taking
> what they say as truth based on their already admitted errors.
work it lezzie. cross post your stupid shit all over the place so EVERYONE
can see how fucking stupid you are!! LMAO!
Dustin Cook
news:6bvqo31d5rvlo40oa...@4ax.com:
> I agree, the discussion here is about Asic.
Okay then.
>>Not true, I had to quote for you from the asic manual regarding mod
>>command. the last time you tried to ehm, educate me concerning
>>programming in it.
>
> If you had known, you would not have done it.
*laughing*. Alright then. I'm not going to do a he/she said thing. We'll
let this exchange portion stand as is.
>>
>>> Any benefit you gained by setting "a" to a random number was lost
when
>>> you mod 1 it because the value is now zero.
>>
>>Not true, again. If I simply set a=0 instead of what I did, the result
>>is the same, but the code generated is not the same. IE: More junk
code,
>>more aggrivation for hueristic scanners. Another topic, you likely
don't
>>know jack shit about.
>
> From the point of view of the compiler, it does not matter what the
> value of "a" was before you set it to zero by dividing it by 1.
Actually, it does.
The compiler will generate two seperate executables depending on whether
or not you do
a=1
or
a=6433
a=a mod 1
> you said
> let a = 6433
> let a = 6433 mod 1
> so now "a" is zero. You made a trip to rand and then did some math for
> an end result that added nothing to the functionality of the program.
We are discussing Asic, specifically; when presenting source code, please
use compilable source. Yours isn't to Asic syntax specification. *shrug*
The source agreed, added nothing of any sort of functionality to the
program. It did however generate do nothing code for a hueristic scanner
to muddle thru; making the chances of not catching me even higher.
You have to consider what the program was eventually going to be placed
in. Quit thinking of it from a commercial software point of view. It
wasn't something people wanted on their machines.
>
>>>
>>> He's a paid consultant for a notable av company. You are a well known
>>> troll. Embedded insults are never appropriate for anyone but sixteen
>>> year old scriptkiddies with misshapen egos.
>>
>>What I said about him above still stands, sir. I am a well known virus
>>writer; hardly a troll. Thanks for crossposting this to alt.comp.virus.
>>:)
>
> You are a well known troll, but you are an obscure virus writer. And
> not a very good one either, I'll add.
Oh, I'm known mainly for virus writing and back in the BBS days, for..
ehm, well, other things. I intend to on changing those nasty aspects tho,
with BugHunter. Regarding how well my viruses were written. *shrug*, the
last one is 8 years old now, I have no real interest in continuing them,
or providing functional code which could be abused.
As you have no knowledge of low level programming whatsoever, I'd be
surprised if you could actually write a virus from scratch using a
language that nobody else wrote one in, entirely on your own, without the
benefit of any tutorials to guide you along the way. Heh. Then we could
fairly compare on that aspect, without putting anyone's data at risk.
Until then...
>>Did I say any application could be reversed easily? No, I did not. I
>>said it's entirely possible to reverse engineer damn near anything, and
>>the warez/crack scene tends to support that claim.
>
> You have consistently claimed that you can make an accurate
> determination of what goes on. While you may be able to form some
> general ideas, you simply cannot form an accurate analysis on any
> complex operations. If this were possible, it would be easy to turn
> compiled binaries into source code.
Source code for what language specifically john? You do understand, the
computer doesn't actually (or even care) know visual c++ or perl, right?
That compiler turns your precious source code into a binary, sometimes
with the support of internal/external linkers. The binary can be
translated back to assembler; which is the next step up from machine
code; what the computer does actually understand and cares about. You can
take that binary and analyze it using software like IDA Pro (the freeware
edition works fine) and yes, you can make an accurate determination of
what's going on. Let me give you a really easy example, and a very nice
freeware program link at the same time.
http://www.webwasher.de/download/fileinsight/tutorial.html
Really, this program is absolutely fantastic; and the tutorial is great.
It will explain better than me obviously how this ehm, magic you seem to
think it is I claim to have, works.
> Cracking a protected software package and making an accurate
> determination on everything that's happening are two vastly different
> things.
Not always.
>>
>>You have no idea how virus writers/antivirus writers work, clearly.
>>We've been doing this for a very long time, reversing each others work,
>>for years. It's an ongoing battle.
>
> I have explained to you how it's done Dustin.
No John. I'm sorry, but you've explained nothing of the sort.
>>Name 3 commercial applications which have executable code uniquely
>>protected by this key method you speak of, Please.
>
> SAS
> DB2
> Hyperion
> QRM
> NetApp
> EMC
> CiscoOS
> SonicOS
> HPOV
*shrug* I'm not familiar with any of them.
Thanks for the information. I'll check it out.
> Many digital cable and satellite systems are also protected with
> public keys.
>
> Ok Dustin, class is in session again.
>
> Here's how apps are protected with public key technology.
> Developer creates app with certain functions encrypted to the
> project's public key. Those functions are encrypted and the function
> simply returns null until decrypted in the protected memory block
>
> In general terms (and very limited detail):
> user downloads and installs software
> software generates unique machine ID
> request license from vendor with unique machine ID
> key is generated by vendor (part of the private key)
> key encrypted with machine key supplied by user and sent back (usually
> two or more levels)
> key recieved and installed by user
> key decrypted with unique machine ID
> protected functions decrypted into protected memory
>
> unless the key is decrypted, those protected functions aren't ever
> decrypted. You can disassemble until the cows come home. There is no
> password to guess, you need the private key to get those functions
> decrypted. No private key, no worky.
Alright. Fine, from the time taken to crack crypto aspect; say I have to
get a valid key. Once I do, tho, your ehm, in protected memory ready for
the taking? :)
> You might be able to get ahold of a working key and then find a way to
> get the working decrypted code out of the secure memory, but it's
> pretty tough. Simply beyond your capability.
Oh... I don't think your in any position to determine what my
capabilities are, sir. No offense, meant that is.
>
>
>>
>>> I'm not in the scene, and I know that your position is ridiculous. I
>>
>>Ahah, and we get to the point. You aren't a cracker, you don't know how
>>things are cracked. Your hungup on the public/private crypto thing, and
>>for some reason, you think that's 100% security. Continue to believe
>>that if you wish.
>
> Please see above. Nothing is ever perfectly secure, but as far as
> people like you are concerned, it is functionally secure.
Sir, if software was crack proof as you claim to think, almost everyone
would write crackproof software by now.
> You will be reversing a licensing protection scheme, like it were some
> piece of shareware that needed a license to activate all of its
Crypto then...
> features. The only value to you is that you will have proven you are a
> cracker. In reality you will not accept the challenge and invent some
> silly pretext because you may finally understand why this is not the
> same as returning zero on a license check.
Proven I'm a cracker? Wow. proven this to who exactly?
> You will have to be able to break a large RSA key. I don't think you
> or anyone you know can.
I don't think I or anyone I know or even don't know ever claimed they
could. *laughing*.
>>
>>> Nowhere did you mention any examination of the log files on the NNTP
>>> server. In fact, it's highly unlikely you had any access to the logs.
>>> As I have previously explained, the misbehavior I demonstrated would
>>> not trigger any alerts under normal circumstances.
>>
>>I ran my own nntp server on a fake network, here sir. The client was
>>provided access and welcome to try and post to whatever newsgroup it
>>desired.
>
> If you had, you would have said so, and would have provided logs to
> that affect. You only adopted that claim after I explained how it
> could be done.
John, that's not true obviously. Another individual (Black Dragon I
think?) mentioned how I did it, after you explained one of the programs
mentioned that I used didn't exist for Windows; of course it does and
someone (not me this time) laughingly had to point that out for you, but
alas...
You asked in more specific terms how I analyzed the software, I stopped
when you said a particular program didn't exist for windows. :) I mean,
shit... If the software's own website wouldn't convince you, how the hell
am I going to be able too? heh heh.
Ping 4Q: Are you paying attention bro? You sure picked a dense one this
time. :)
>>
>>> somehow adulterated. How did you verify it wasn't? You made no
mention
>>
>>Sir, this can easily be resolved for everyone if you can somehow
provide
>>proof that the application, Sharkpost does something malicious. Nobody
>>else, including myself has found anything wrong with it. Perhaps you'll
>>be the first?
>
> I'm not saying it is or isn't malicious. I'm saying that you are not
> qualified to make the determination or insult people who question your
> judgement.
hahahahahaahahahahaaha. I'm an antimalware utility author sir. I'm
certainly "qualified" to handle malicious code and determine whether or
not said code is malicious or potentially can be. I'm not new in this
scene sir, having retired from the other side of it; where you are
clearly lacking knowledge in.
As far as insulting people goes, hey, if you don't like what I say or how
I say it, you can killfile me, or respond and just say so. Their is no
need to talk shit and act like some billy badass is going to school
little ol Dustin. Heh.
>
>>>>> You also indicated that it was written in Visual C. That is
>>>>> incorrect, it was written in Visual C . The programming languages C
>>>>> and C are similar in some respects but are fundamentally different
>>>>> in other ways. For instance, C does not support objects or classes,
>>>>> and C is procedural (like Basic).
>>>
>>> My signing engine stripped the pluses because I did not escape them.
>>> PowerPost is written in Visual CPP (plus plus) but you stated Visual
>>> C. There is a big difference between those languages.
>>
>>Aside from the fact it was a typo on my part, what is your point?
>
> I don't think it was a typo. You're using that as a defense.
For the sake of discussion, I'm going to let this one stand as is too.
>>
>>>>And this somehow changes what I said? :)
>>>
>>> What it shows is that you have failed to advance your skill set and
>>> remain hobbled in a technology that went out of style many years ago.
>>> This is proof that you are not the master coder you make yourself out
>>> to me. You are driving around town in a volkswagen beetle screaming
>>> insults at bicyclists because you have modest driving skills.
>>
>>AHAHAHAHAHAHAAAHAHAHAHAHA.
>
> Not really funny, it's sad in my view, but if you want to bust out a
> maniacal laugh, you have my permission.
Oh, but it's very funny. You claim to have a more advanced skillset, but
you don't know what is going on with the binary that is generated from
your source code. You just don't see the irony.
>>I'm not sure it matters greatly to our discussion whether or not
>>commercial applications have ever been written in asic.
>
> It matters because you have suggested it's the best language for the
> projects you undertake. It matters because you want us to believe that
> you have voluntarily chosen Asic over all the other superior languages
> in the world. It matters because you use the term "non-coders" as an
> insult.
I have? Hmm, I think I said this once before; I use Asic because *I* like
using it. It served me well in my virus writing career; and it's done
good work for other things I use it for.
I have said for years that I like using Asic, no secret here. I don't
think I've ever said it's the best for anything specific however. If you
can find a post where I actually said that, I'd like to see it.
>
>
>>Hey 4Q, I know your reading along; any comments to this post of his? :)
>>
>>> It's not my primary language but I know it well and use it often. I
>>> also use C, and C++ as needed. You will recall I demonstrated how to
>>> seed the random number generator properly in CPP. Perl is one of the
>>> best and most flexible languages in the world. Perl's extensibility
is
>>> vast. Millions of people agree with me.
>>
>>Millions of people are owned by the latest spyware, trojan and/or worms
>>too. Millions of people think global warming is a myth. And we won't
>>even go to what millions of people think the afterlife is supposed to
>>be. :)
>
> Is that your way of suggesting I'm wrong? Do you really disagree that
> your 1994 limited function basic is a serious contender in this
> networked world?
Hmm. Are you just skimming my responses John? I already told you that
Asic was never even a player, let alone contender in anything then;
certainly not now. It's just a nifty language I picked up years ago, and
have made good use of since. I've got several other obscure by your
standards languages too, I suppose.
By the way, you said that Asic only supports 4 math commands; that's only
partially true. Asic allows direct communication at the hardware level;
in english John, you can get the cpu to do other math functions such as
xor, for you. For example:
print"1: ";
input a&;
print""
print"2: ";
input b&;
print""
print"Result: ";
ax=a&
bx=b&
rem XOR AX, BX - result in AX
SETREGS (AX,BX,NA,NA,NA,NA,NA,NA,NA)
CODE &HEX31, &HEXD8
GETREGS (AX,NA,NA,NA,NA,NA,NA,NA,NA)
rem convert integer regs to long int's
a&=AX
rem correct negative integer's
IF a&<0& THEN
b&=65536&+b&
ENDIF
print a&
>
>
>>
>>>>
>>>>Then again, no coding person I know personally or otherwise has ever
>>>>told me that they could compile a win32 executable and NOT use APIs;
>>>>and! do this magic with a programming language known as Delphi.
>>>
>>> I don't Dustin, the Runtime does it for me. I have shown you how that
>>> works but I'll be glad to post another example for you if you would
>>> like a refresher. This is why the rest of the world has moved to RAD
>>> environments.
>>
>>You don't? Lol, what you actually wrote I saved, only because it's
>>hillarious to me.
>
> You keep reposting it because you have nothing else.
Nah, I keep reposting it for a few reasons. They would be:
1. It's funny.
2. It serves as an amusing occasional reminder of the knowledge level
that you actually do possess; without me having to repeat myself so many
times; your words speak volumes.
>>Face it, script kiddy, you are a tool of delphi, it 0wns you, not the
>>other way around. You use API calls, whether you realize it not when
>>writing anything HLL in windows.
>
> You continue to ignore that I have explained that the API work is done
> via the runtime. I have also offerred to show you. The most commonly
> used features of the WinAPI are wrapped in functions.
Wow, John. You continue to ignore the fact your paragraph long speel is
bullshit; and I called you on it. You won't be explaining how the API
works to me anytime soon, not with the skillset you actually do have.
Well, short of getting help from someone else you won't.. lol
>>
>>> I have only seen what you have posted. You can't even write your own
>>> engine to recurse a folder. The app that you constantly whore around
>>> has no automatic update ability, new definitions are released
>>> manually. What you should have done is pull the updates with a simple
>>> http request, but I bet you didn't because you can't.
>>
>>BugHunter has no networking support of any kind. It doesn't talk to any
>
> I know. It can't.
Not really true, it could; I choose for it not too. :)
>>tcpip stack. How do you propose it should pull a simple http request
>>from DOS? :) I chose to use locate.com for it's user flexability, not
>
> Not a lot of dos workstations around, but the you can talk to tcpip
> from dos. Ever hear of BartPE? Modern languages also support system
> calls so you can use the operating system to do some of your if your
> language can't.
>
>>because I couldn't emulate what it does. See any ini file for details.
>>Their's a reason bughunter uses it.
>
> I know. Another reason why you shouldn't be slamming me for using
> modern languages.
Nice, partial quoting. :) Here's what I actually said:
"I chose to use locate.com for it's user flexability, not
because I couldn't emulate what it does. See any ini file for details.
Their's a reason bughunter uses it."
I'll make it easier for you, I can do what locate.com does, and remove
the program entirely, if I wanted; I choose not too. Is that rewording
easier for you, John? :)
>>> I did educate you, and any time you drop my name here or anywhere I
>>> monitor, expect a response from me if it's convenient.
>>
>>To be honest, I pulled a 4Q. I was hoping you'd initiate cross-posting
>>to alt.comp.virus. :) Much better peer review here. You'll be exposed
to
>>others who can/do code. :)
>
> How's that working out for you?
So far, John; excellent. Did you actually think you'd be doing me any
harm? either way? seriously? :)
I did the harm to myself years ago, writing and releasing nasty programs.
Nothing you do is ever going to compare to it. LoL.
>>Translation: You don't need to be in control.
>
> I'm in enough control, and I'm not prevented from more control if I
> need it. It does the job for me and I never say, "dang, I can't do
> that". For all this talk about control, you can't recurse or talk to
> a net. Should you be crowing about control?
When you partially quote what I said, it certainly looks like I said
that. However, that isn't what I actually said, John. I said I chose to
use locate.com instead of my own routines, for my own reasons, and since
you really want to push the issue, I'll go ahead and fork them over:
Locate.com is more configurable than what I had functional at the time,
locate.com allows the user more control over what drives/folders/types of
folders BugHunter is allowed to look in; No need in doing this aspect
myself, John. I already had recursion going, but nearly no user control;
I switched my routines offline in support of locate.com for it's
flexibilty; It helps with the user readable configuration files BugHunter
supports.
On the network aspect, I can write applications in Asic to access a tcpip
connection, I have before.
I really can't help the fact you misunderstand what BugHunter does and is
for as reasons to try and assume *I* can't do this or that, it's just...
shrug, stupidity on your part, John.
4Q
> -linux_lad <jo...@linuxlad.nospam.org> wrote in
> news:6bvqo31d5rvlo40oa...@4ax.com:
>
<snip>
> >>Hey 4Q, I know your reading along; any comments to this post of his? :)
Yep. you are ducking and diving like a
fucker as per usual.
<snip>
>
> On the network aspect, I can write applications in Asic to access a tcpip
> connection, I have before.
>
Talking shit again Dustbin? Why don't
you post this network code and prove
you're not as lame as most people think.
*waits for Dustin "Socket" Cook*
4Q
Nym of the Day
> Oh, I'm known mainly for //////SLAP\\\\\\
mainly for being a k00k and asshole.
Dustin Cook
@sp3lax.superfeed.net:
It's okay sock; tell us how you really feel. :)
degaussed
<bughunte...@gmail.com> wrote:
>"Nym of the Day" <bil...@fuck.head> wrote in news:1200512855_93
>@sp3lax.superfeed.net:
>
>> "Dustin Cook" <bughunte...@gmail.com> wrote in message
>> news:Xns9A277B3A7C5...@69.28.186.121...
>>
>>> Oh, I'm known mainly for //////SLAP\\\\\\
>>
>> mainly for being a k00k and asshole.
>>
>>
>It's okay sock; tell us how you really feel. :)
It is rather humorous to see the fools pull all the socks out of the
drawer these days isn't it. At least in the old days they had the
courage to try and stand a stale sock up for more than a few posts.
These socks don't even justify more than an amusing look at the filth
they are.
--
@@@@@@@@@ @@@@@@@@ @@@@@@@
@@@@@@@@@ @@@@@@@@@ @@@@@@@@
@@ @@ @@ @@ @@
@@ @@@@@@@@ @@@@@@@@
@@ @@@@@@@@@ @@@@@@@@
@@ @@ @@ @@ @@@
@@ @@ @@ @@ @@@
@@ @@@@@@@@@ @@@@@@@@
@@ @@@@@@@ @@@@@@@
-=- The Blind Bob -=-
Poking fun at uffie since "for a long time"
Zeke
bughunte...@gmail.com says...
> TheApostle <likes-...@mailme.org> wrote in
> news:MPG.21f6f62bd...@news.sharkpost.org:
>
> > This post, Dustin Cook <bughunte...@gmail.com>
> > Message-ID:<<Xns9A26761DEAB...@69.28.186.121>>
> > may be monitored for quality assurance:
> >|
> >|4Q <paul...@hushmail.com> wrote in
> >|news:94238dde-2e7f-4f2f...@v29g2000hsf.googlegroups.com:
> >|
> >|> This post reposted for the wider
> >|> audience. LinuxLad thrashes Dustbin's
> >|> ass with some code 101 basics.
> >|
> >|I fixed your headers, 4Q; I ensure this post will goto John's
> >|homegroup; that you really should read for yourself, before you assume
> >|this stool pigeon is going to own me. :)
> >
> > I never believed someone could humiliate themselves so quickly
> > with one single statement, but after seeing 4Q's footchomping
> > statement I am now a believer.
> >
> > "googlegroups.com:" <---------------------- <laffs out loud>
> >
> > I am just guessing, but 4Q demonstrates that he is this groups
> > resident punching bag, am I wrong?
>
> 4Q is the infamous alt.comp.virus troll. He's supposed to keep vxers/ex
> vxers in check with his idea of reality. LoL.
Too funny... you calling someone else a troll! That is a truly fine
example of the "Pot calling the Kettle Black".
>
>
>
>
Zeke
bughunte...@gmail.com says...
> "Nym of the Day" <bil...@fuck.head> wrote in news:1200512855_93
> @sp3lax.superfeed.net:
>
> > "Dustin Cook" <bughunte...@gmail.com> wrote in message
> > news:Xns9A277B3A7C5...@69.28.186.121...
> >
> >> Oh, I'm known mainly for //////SLAP\\\\\\
> >
> > mainly for being a k00k and asshole.
> >
> >
> It's okay sock; tell us how you really feel. :)
>
>
>
4Q
> @j78g2000hsd.googlegroups.com>>
<snip>
> You're a AUK wannabe. A fool who thinks he can troll.
> Please do continue to humiliate yourself. I will enjoy
> watching the show.
You are the *show*. You haven't stopped
dancing since you got here! Have you
got a fucking nervous twitch or sumthin?
I've never seen anyone as keen as you,
dive straight in the boat and start
searching around for a hook to swallow.
Face it Les you've been here a day and
it's already your new home group ;]]
http://fourq.host.sk/img/Les_TheApauling.jpg If the face fits wear
it.
4Q
Dustin Cook
news:3d7d3932-2637-405f...@e6g2000prf.googlegroups.com:
> Dustbin Cook wrote:
>> -linux_lad <jo...@linuxlad.nospam.org> wrote in
>> news:6bvqo31d5rvlo40oa...@4ax.com:
>>
>
> <snip>
>
>> >>Hey 4Q, I know your reading along; any comments to this post of
>> >>his? :)
>
> Yep. you are ducking and diving like a
> fucker as per usual.
So that's a no then.. I suspected as much.
> Why don't
> you post this network code and prove
Hehehehe. 4Q, I don't have to prove anything. :) And alas, I will only
provide you and everyone else with source code that *I* choose to
release. If you have an issue with this, or you think it's impossible to
do something like that with Asic, well, that's your problem. I can't help
your stupidity, it's incurable. The only course of action I can suggest
is to FOAD.
For the time being, you may enjoy the following programs which include
source code:
http://bughunter.it-mate.co.uk/exevalid.zip
http://bughunter.it-mate.co.uk/genname2.zip
Dustin Cook
news:iqgto3dv4oo8k96hb...@4ax.com:
> On Wed, 16 Jan 2008 19:46:15 -0500, TheApostle
> <likes-...@mailme.org> wrote:
>
>>This post, <D(runks)A(gainst)M(add)M(others) DAMM>
>>Message-ID:<<m68to39qkf5jhvl8e...@4ax.com>>
>>may be monitored for quality assurance:
>>|
>>|On Wed, 16 Jan 2008 23:25:21 GMT, degaussed <dega...@operamail.com>
>>|wrote:
>>|
>>|>On Wed, 16 Jan 2008 22:20:08 GMT, Dustin Cook
>>|><bughunte...@gmail.com> wrote:
>>|>
>>|>>"Nym of the Day" <bil...@fuck.head> wrote in news:1200512855_93
>>|>>@sp3lax.superfeed.net:
>>|>>
>>|>>> "Dustin Cook" <bughunte...@gmail.com> wrote in message
>>|>>> news:Xns9A277B3A7C5...@69.28.186.121...
>>|>>>
>>|>>>> Oh, I'm known mainly for //////SLAP\\\\\\
>>|>>>
>>|>>> mainly for being a k00k and asshole.
>>|>>>
>>|>>>
>>|>>It's okay sock; tell us how you really feel. :)
>>|>
>>|>It is rather humorous to see the fools pull all the socks out of the
>>|>drawer these days isn't it. At least in the old days they had the
>>|>courage to try and stand a stale sock up for more than a few posts.
>>|>These socks don't even justify more than an amusing look at the filth
>>|>they are.
>>|
>>|It takes filth to know filth ass hole. Why don't you suck on the
>>|business end of a loaded gun while continually pulling the trigger
>>|and save the liquor stores near your house the problem of calling
>>|the morgue.Better yet FOAD
>>
>>Goodness, you sound really bitter - might hit have something to
>>do with him being right about you and your sock-puppets, fool?
>
> Sorry to burst your bubble TheApostle, but I am not bitter at all. But
> I believe you to be angry and bitter because GitRDunn, Zeke and others
> have been rubbing you nose in the shit your friend akula scrapes from
> nasty, dirty, smelly toilet bowls, on a daily basis. Sure sucks to be
> you and him.
The thing is sock, GitRDunn,Zeke and the others are all likely one in the
same individual. Like yourself.. *shrug*.
--
Regards,
Dustin Cook
Dustin Cook
news:Sidjj.10742$W73.4221@trnddc04:
> "Lezzie "Black Dragon" Paulin" <lez...@fuck.head> wrote in message
> news:1200423...@sp6iad.superfeed.net...
>>
>> "Dustin Cook" <bughunte...@gmail.com> wrote in message
>> news:Xns9A26761DEAB...@69.28.186.121...
>>> 4Q <paul...@hushmail.com> wrote in
>>> news:94238dde-2e7f-4f2f...@v29g2000hsf.googlegroups.co
>>> m:
>>>
>>>> This post reposted for the wider
>>>> audience. LinuxLad thrashes Dustbin's
>>>> ass with some code 101 basics.
>>>
>>> I fixed your headers, 4Q; I ensure this post will goto John's
>>> homegroup; that you really should read for yourself, before you
>>> assume this stool pigeon is going to own me. :)
>>
>> give it up ya fuckin k00k its too late. many have recently claimed
>> ownership of your lame trolling ass.
>>
>
> I want da TROOPHHH!!!!
I'm sorry man, but you can't have my awards. I'm going for kook of the
year now! Why not, I'm nominated.. :)
Don't forget to cast your vote for me!
--
Regards,
Dustin Cook / Raid
kookkrusher
Truth, not trophy, Dickstain.
Zeke
fu...@mailme.org says...
> This post, Zeke <no...@nofixedadress.com>
> Message-ID:<<MPG.21f8540e7...@news.milwpc.com>>
>
>
Finally he admits it you mean... I ID'd him immediately. I can smell an
akookla from a mile. Christ you're a Lessie.
Zeke
(gainst)M(add)M(others) DAMM says...
> ><bughunte...@gmail.com> wrote:
> >
> >>"Nym of the Day" <bil...@fuck.head> wrote in news:1200512855_93
> >>@sp3lax.superfeed.net:
> >>
> >>> "Dustin Cook" <bughunte...@gmail.com> wrote in message
> >>> news:Xns9A277B3A7C5...@69.28.186.121...
> >>>
> >>>> Oh, I'm known mainly for //////SLAP\\\\\\
> >>>
> >>> mainly for being a k00k and asshole.
> >>>
> >>>
> >>It's okay sock; tell us how you really feel. :)
> >
> >It is rather humorous to see the fools pull all the socks out of the
> >drawer these days isn't it. At least in the old days they had the
> >courage to try and stand a stale sock up for more than a few posts.
> >These socks don't even justify more than an amusing look at the filth
> >they are.
>
> business end of a loaded gun while continually pulling the trigger and
> save the liquor stores near your house the problem of calling the
> morgue.Better yet FOAD
>
5 years running he's been so choked with rage he can't make a coherent
post. mheh
Zeke
bughunte...@gmail.com says...
That's right Dumbstin... I'm everywhere. Too funny.
>
>
>
>
Zeke
> read the posts to you before you reply.
>
Christ you're stupid. Will you ever be able to follow a train of
thought? What 4Q said or admitted wasn't being discussed.
-linux_lad
<bughunte...@gmail.com> wrote:
>-linux_lad <jo...@linuxlad.nospam.org> wrote in
>news:6bvqo31d5rvlo40oa...@4ax.com:
>
>> I agree, the discussion here is about Asic.
>
>Okay then.
>
>>>Not true, I had to quote for you from the asic manual regarding mod
>>>command. the last time you tried to ehm, educate me concerning
>>>programming in it.
>>
>> If you had known, you would not have done it.
>
>*laughing*. Alright then. I'm not going to do a he/she said thing. We'll
>let this exchange portion stand as is.
>
>>>
>>>> Any benefit you gained by setting "a" to a random number was lost
>when
>>>> you mod 1 it because the value is now zero.
>>>
>>>Not true, again. If I simply set a=0 instead of what I did, the result
>>>is the same, but the code generated is not the same. IE: More junk
>code,
>>>more aggrivation for hueristic scanners. Another topic, you likely
>don't
>>>know jack shit about.
>>
>> From the point of view of the compiler, it does not matter what the
>> value of "a" was before you set it to zero by dividing it by 1.
>
>Actually, it does.
>
>The compiler will generate two seperate executables depending on whether
>or not you do
>a=1
>
>or
>
>a=6433
>a=a mod 1
>
>
>
>> you said
>> let a = 6433
>> let a = 6433 mod 1
>> so now "a" is zero. You made a trip to rand and then did some math for
>> an end result that added nothing to the functionality of the program.
>
>We are discussing Asic, specifically; when presenting source code, please
>use compilable source. Yours isn't to Asic syntax specification. *shrug*
It's your code dustin, I just used an arbitrary random number to
explain how it works.
Wrong:
a=rnd(0)
a=a mod 1
Right:
a=0
You say a=0 isn't correct syntax? You might want to take a look at
that manual you're fond of quoting.
>
>The source agreed, added nothing of any sort of functionality to the
>program. It did however generate do nothing code for a hueristic scanner
>to muddle thru; making the chances of not catching me even higher.
You don't know how hueristics work. Hueristic scanning looks for
certain passages that might be evidence of malware. An example of that
might be some code that connects to an IRC server then pulls and
extracts a file. Another example might be the instantiation of an smtp
server. In layman's terms hueristic scanning looks for telltale signs
of malware, not just a signature match. Hueristic engines are to AV
software what Spamassassin is to email. They look for stuff, score it
make a decision based on the final score.
>>
>> You are a well known troll, but you are an obscure virus writer. And
>> not a very good one either, I'll add.
>
>Oh, I'm known mainly for virus writing and back in the BBS days, for..
>ehm, well, other things. I intend to on changing those nasty aspects tho,
>with BugHunter. Regarding how well my viruses were written. *shrug*, the
>last one is 8 years old now, I have no real interest in continuing them,
>or providing functional code which could be abused.
Anyone can write a program which has undesirable effects. It takes
only tiny bit of skill for that. You were never a big security threat,
and are now just a footnote.
>
>As you have no knowledge of low level programming whatsoever, I'd be
>surprised if you could actually write a virus from scratch using a
>language that nobody else wrote one in, entirely on your own, without the
>benefit of any tutorials to guide you along the way. Heh. Then we could
>fairly compare on that aspect, without putting anyone's data at risk.
That implies I would have to write my own language, because I use
languages that are in wide global use. Anyone can embed shell commands
in an innocent looking application and destroy data. It's done by
accident all the time. You have the benefit of ten years in Asic and
are still unable to see why we mock you for refusing to move forward.
>
>Until then...
>>>Did I say any application could be reversed easily? No, I did not. I
>>>said it's entirely possible to reverse engineer damn near anything, and
>>>the warez/crack scene tends to support that claim.
>>
>> You have consistently claimed that you can make an accurate
>> determination of what goes on. While you may be able to form some
>> general ideas, you simply cannot form an accurate analysis on any
>> complex operations. If this were possible, it would be easy to turn
>> compiled binaries into source code.
>
>Source code for what language specifically john? You do understand, the
>computer doesn't actually (or even care) know visual c++ or perl, right?
Ok, one more time. Dustin, you continue to claim that you can make an
accurate determination on what happens in an executable file. You
might be able to get some general idea, but if you could read and
understand the inner workings of a compiled application (machine
code), you could reverse engineer any application.
Again, one more time:
You cannot make a complete and accurate assessment of a program's
behavior merely by disassembling it. In the case of a protected app,
you won't even see the whole thing. Reverse-engineering a large
commercial application is simply beyond the limits of technology at
this time. Just because you can find where the check for a working key
is and force it to return zero does not mean you can accurately
enumerate all of the functions. This is why no one has replicated
Cisco's or Microsoft's products and published the source code. It is
not technologically feasible at this time. If it were, why has no one
released a golden kernel for windows that completely bypasses all
license checks?
This fact is easily provable by asking you to disassemble a well known
file like a dll and then ask you to enumerate all of the functions and
classes, accurately.
>> Cracking a protected software package and making an accurate
>> determination on everything that's happening are two vastly different
>> things.
>
>Not always.
>
>>>
>>>You have no idea how virus writers/antivirus writers work, clearly.
>>>We've been doing this for a very long time, reversing each others work,
>>>for years. It's an ongoing battle.
>>
>> I have explained to you how it's done Dustin.
>
>No John. I'm sorry, but you've explained nothing of the sort.
>
>>>Name 3 commercial applications which have executable code uniquely
>>>protected by this key method you speak of, Please.
>>
>> SAS
>> DB2
>> Hyperion
>> QRM
>> NetApp
>> EMC
>> CiscoOS
>> SonicOS
>> HPOV
>
>*shrug* I'm not familiar with any of them.
>Thanks for the information. I'll check it out.
Ok, I'll help you out once again.
SAS is a very expensive business intelligence tool. It slices and
analyzes data from cubes for all kinds or reporting and forecasting. A
typical use of SAS would be for a retailer to analyze sales and
predict future sales performance. Many law enforcement agencies use
SAS to analyze and share data. Ditto for Hyperion.
QRM is a risk analysis application. It's most commonly found in the
finance an insurance industries. A typical use would be to source and
analyze market data cubes for pricing engines.
NetApp and EMC are the two most popular enterprise storage platforms.
If you ever work in mid-sized IT operations you will encounter at
least one of them. They both ship with a fully functional OS (linux)
which uses keys protected with the system ID to turn on various
functions like snap. The IBM family of enterprise storage DS servers
also use a public key mechanism to for module license management
Cisco is a network hardware provider which is perhaps the among the
most prominent networking hardware manufacturers in the world. The
enhanced features on their products (Cisco OS, AKA IOS) like netflows
are licensed via a public key infrastructure. Juniper licenses their
products in the same way.
HPOV is Hewlett Packard's "OpenView" product. It's family of network
monitoring and management tools that is ubiquitous in commercial
network operations. Very, very expensive. If you walk into just about
any data center in the world you will probably seen HPOV projected in
the control room.
>
>> Many digital cable and satellite systems are also protected with
>> public keys.
>>
>> Ok Dustin, class is in session again.
>>
>> Here's how apps are protected with public key technology.
>> Developer creates app with certain functions encrypted to the
>> project's public key. Those functions are encrypted and the function
>> simply returns null until decrypted in the protected memory block
>>
>> In general terms (and very limited detail):
>> user downloads and installs software
>> software generates unique machine ID
>> request license from vendor with unique machine ID
>> key is generated by vendor (part of the private key)
>> key encrypted with machine key supplied by user and sent back (usually
>> two or more levels)
>> key recieved and installed by user
>> key decrypted with unique machine ID
>> protected functions decrypted into protected memory
>>
>> unless the key is decrypted, those protected functions aren't ever
>> decrypted. You can disassemble until the cows come home. There is no
>> password to guess, you need the private key to get those functions
>> decrypted. No private key, no worky.
>
>Alright. Fine, from the time taken to crack crypto aspect; say I have to
>get a valid key. Once I do, tho, your ehm, in protected memory ready for
>the taking? :)
You do not understand the magnitude of the task. To make it easy, I
will post the public key and the ciphertext if you would like to give
it a try. That will remove all the other difficulties so you can focus
on obtaining the key. Want to give it a shot?
>> Please see above. Nothing is ever perfectly secure, but as far as
>> people like you are concerned, it is functionally secure.
>
>Sir, if software was crack proof as you claim to think, almost everyone
>would write crackproof software by now.
You seem to ignore everything that is not what you want to believe. I
just wrote four sentences above that nothing is ever perfectly secure.
In otherwords, probably anything can be cracked with enough resources.
One of the contributing factors in the popularity of many products is
the ease in which they could be pirated and and redistributed. How may
copies of SAS or Cisco floating around do you see? Do you see anyone
asking for a working SnapMirror key?
>
>> You will be reversing a licensing protection scheme, like it were some
>> piece of shareware that needed a license to activate all of its
>
>Crypto then...
Yes, and once again, I'll ask you to do some research on how software
copy protection is accomplished. Start with RSA.
>
>> features. The only value to you is that you will have proven you are a
>> cracker. In reality you will not accept the challenge and invent some
>> silly pretext because you may finally understand why this is not the
>> same as returning zero on a license check.
>
>Proven I'm a cracker? Wow. proven this to who exactly?
To yourself. None of us will buy it without proof.
>
>> You will have to be able to break a large RSA key. I don't think you
>> or anyone you know can.
>
>I don't think I or anyone I know or even don't know ever claimed they
>could. *laughing*.
You implied it would be trivial to crack my application. Would you
like a message ID to help refresh your memory?
>
>John, that's not true obviously. Another individual (Black Dragon I
>think?) mentioned how I did it, after you explained one of the programs
>mentioned that I used didn't exist for Windows; of course it does and
>someone (not me this time) laughingly had to point that out for you, but
>alas...
That does not change the fact that you didn't do it and in fact didn't
even know how.
>
>You asked in more specific terms how I analyzed the software, I stopped
>when you said a particular program didn't exist for windows. :) I mean,
>shit... If the software's own website wouldn't convince you, how the hell
>am I going to be able too? heh heh.
A very minor oversight. Shows what I use windows for. Again, does not
change the fact that you did not do it.
>
>Ping 4Q: Are you paying attention bro? You sure picked a dense one this
>time. :)
If I'm dense, you're a black hole.
>
>
>
>As far as insulting people goes, hey, if you don't like what I say or how
>I say it, you can killfile me, or respond and just say so. Their is no
>need to talk shit and act like some billy badass is going to school
>little ol Dustin. Heh.
You have been schooled. It's up to you to decide how you use your
newfound knowlege.
>>>
>>>AHAHAHAHAHAHAAAHAHAHAHAHA.
>>
>> Not really funny, it's sad in my view, but if you want to bust out a
>> maniacal laugh, you have my permission.
>
>Oh, but it's very funny. You claim to have a more advanced skillset, but
>you don't know what is going on with the binary that is generated from
>your source code. You just don't see the irony.
I know it's talking to the API Dustin, the point I was trying to make
is that I was not doing the work, it was being done for me.
>
>>>I'm not sure it matters greatly to our discussion whether or not
>>>commercial applications have ever been written in asic.
>>
>> It matters because you have suggested it's the best language for the
>> projects you undertake. It matters because you want us to believe that
>> you have voluntarily chosen Asic over all the other superior languages
>> in the world. It matters because you use the term "non-coders" as an
>> insult.
>
>I have? Hmm, I think I said this once before; I use Asic because *I* like
>using it. It served me well in my virus writing career; and it's done
>good work for other things I use it for.
Fine, keep using it, but when you criticize anyone for using something
better, don't be surprised when you get what you deserve.
>
>Hmm. Are you just skimming my responses John? I already told you that
>Asic was never even a player, let alone contender in anything then;
>certainly not now. It's just a nifty language I picked up years ago, and
>have made good use of since. I've got several other obscure by your
>standards languages too, I suppose.
>
>By the way, you said that Asic only supports 4 math commands; that's only
>partially true. Asic allows direct communication at the hardware level;
So do most modern compliled languages.
>in english John, you can get the cpu to do other math functions such as
>xor, for you. For example:
What I said is that it supports a few math functions and the four
basic operations: add, subtract, multiply and divide. There are only
for operations in math, everthing else is a combination of one or more
of those operations. So what if you can talk at a low level? How is
this better than having a function that has already been vetted and
optimized?
>
>>>
>>>> I have only seen what you have posted. You can't even write your own
>>>> engine to recurse a folder. The app that you constantly whore around
>>>> has no automatic update ability, new definitions are released
>>>> manually. What you should have done is pull the updates with a simple
>>>> http request, but I bet you didn't because you can't.
>>>
>>>BugHunter has no networking support of any kind. It doesn't talk to any
>>
>> I know. It can't.
>
>Not really true, it could; I choose for it not too. :)
Ok, post some working code to make an http request. You can't, and
what's worse, you, the low level coding guru have been caught in the
act of using other gnu software despite your criticisms of me for my
higher level software development skills.
>
>>>tcpip stack. How do you propose it should pull a simple http request
>>>from DOS? :) I chose to use locate.com for it's user flexability, not
>>
>> Not a lot of dos workstations around, but the you can talk to tcpip
>> from dos. Ever hear of BartPE? Modern languages also support system
>> calls so you can use the operating system to do some of your if your
>> language can't.
>>
>>>because I couldn't emulate what it does. See any ini file for details.
>>>Their's a reason bughunter uses it.
>>
>> I know. Another reason why you shouldn't be slamming me for using
>> modern languages.
>
>Nice, partial quoting. :) Here's what I actually said:
>"I chose to use locate.com for it's user flexability, not
>because I couldn't emulate what it does. See any ini file for details.
>Their's a reason bughunter uses it."
Your menu, by the way only offers four possible choices, and at least
two of those choices are exclusive of what locate.com does or does not
do, assuming you are telling the truth about the extent of your own
code.
Could it be that you are also using locate.com for the file deletion
too ("/K")? You have been spraying your low level skills about like
water in a burning house and it turns out that someone else's library
is doing 3/4 of that work?
I got curious and went to you home page, only to find that you were
also offering an online update tool (BHUPDATE), so I downloaded and
looked at it. Imagine my surprise when I found out that you are just
wrapping the windows port of wget with your own script.
After you called me a scrptkiddy for using perl, you have been caught
red-handed wrapping the GNU port of wget with a batch file.
Your work, Mr low level:
@echo off
echo Updating BugHunter...........wait
wget -N -o bugupdate.log http://bughunter.it-mate.co.uk/BUGHUN22.ZIP
find /i /n "not retrieving" bugupdate.log
if errorlevel 1 unzip -o bughun22.zip
echo.
echo Updating has been finished....Bye
You, Dustin Cook, the guy who has been bragging about being a low
level coder is using other people's work as a third party library
(three different executables in one application) and you dare to call
yourself a low level coder?
Busted.
>
>I'll make it easier for you, I can do what locate.com does, and remove
>the program entirely, if I wanted; I choose not too. Is that rewording
>easier for you, John? :)
I don't care what you do Dustin, I'm just pointing out that you
prattle on and on about the evils of HLL, and then choose to use
someone else's executable for something as simple as building a map to
the files you want to scan. You are also using the windows port of
wget to handle the updating. This is huge. You are pretending to be
low level coder and you are using an HLL strategy. In other words
Dustin, you are using a modern software development model -- exactly
what you criticize me for.
--
-linux_lad
http://www.spoofproof.org/verify.php?sig=3df0e105aed3f8910c1f56f596804cd0
4Q
> On Wed, 16 Jan 2008 16:56:48 GMT, Dustin Cook
The following has been reposted for a
wider audience. Watch Dustin Cook
(Kook of the Year candidate #19) do
some olympic standard ducking and diving
trying to avoid LinuxLad's questions.
Todays events include the mens 100 meter
dash in the opposite direction of
anything asked. The triple jump weaving
around any points made. And the discus
throwing temper tantrum when challenged
to prove it.
Expect good showing from the k00k team
baton relay race. This years lineup
Dimbulb, Dickhead, Dustbin and Apisshole.
here it is:
<repost>
<bughunte...@gmail.com> wrote:
Right:
a=0
Busted.
--
-linux_lad
http://www.spoofproof.org/verify.php?sig=3df0e105aed3f8910c1f56f596804cd0
</repost>
4Q
> @e23g2000prf.googlegroups.com>>
> may be monitored for quality assurance:
> |
> |> On Wed, 16 Jan 2008 16:56:48 GMT, Dustin Cook
> |
> |dash in the opposite direction of
> |anything asked. The triple jump weaving
> |around any points made. And the discus
> |throwing temper tantrum when challenged
> |to prove it.
>
> --
Wo0haa! Steady with them snips man!
Here's the orignal have another go,
and try and include your new k00k
relay buddies this time. And keep in
the important bits where LinuxLad
schools Dustbin.
http://groups.google.com/group/alt.comp.virus/msg/81f0f752854bd325
;]]
4Q
<snip>
G_msg_id:: 9a4f32bbc960b365
Groups:: alt.comp.virus, alt.hackers.malicious, alt.privacy.spyware,
alt.binaries.warez.ibm-pc.d
Date:: Tue, 15 Jan 2008 16:41:28 -0500
Subject:: Re: !Dustbin Cook gets another code 101 thrashing from
LinuxLad! Re: (OT) Asic Source example
NNTP-Posting-Date:: 15 Jan 2008 15:41:34 CST
Search:: Leslie "TheApostle" Paulin, Apisshole, k00k, SET infinate-
bootfuck ON
Comments:: whinging
http://fourq.host.sk/google/group/alt.comp.virus/msg/9a4f32bbc960b365/
4Q
4Q
<snip>
G_msg_id:: 7d40ca62152ee2f6
Groups:: alt.comp.virus, alt.hackers.malicious, alt.privacy.spyware,
alt.binaries.warez.ibm-pc.d
Date:: Tue, 15 Jan 2008 16:56:46 -0500
Subject:: Re: !Dustbin Cok gets another code 101 thrashing from
LinuxLad! Re: (OT) Asic Source example
NNTP-Posting-Date:: 15 Jan 2008 15:41:34 CST
Search:: Leslie "TheApostle" Paulin, Apisshole, k00k, SET infinate-
bootfuck ON
Comments:: Apisshole jumps up and down like a tart to attract 4Q's
attention
http://fourq.host.sk/google/group/alt.comp.virus/msg/7d40ca62152ee2f6/
4Q
<snip>
G_msg_id:: 29ad989fbac2d7de
Groups:: alt.binaries.warez.ibm-pc.d, alt.comp.virus
Date:: Tue, 15 Jan 2008 17:04:16 -0500
Subject:: Re: !Dustbin Cook gets another code 101 thrashing from
LinuxLad! Re: (OT) Asic Source example
NNTP-Posting-Date:: 15 Jan 2008 16:04:23 CST
Search:: Leslie "TheApostle" Paulin, Apisshole, k00k, SET infinate-
bootfuck ON, LesLIE
Comments:: LesLIE bullshits about LinuxLad needing help to code thrash
Dustbin
http://fourq.host.sk/google/group/alt.comp.virus/msg/29ad989fbac2d7de/
4Q
Comments: "Fragile" "obsessed" "childish"
TheApostle wrote:
> This post, Dustin Cook <bughunte...@gmail.com>
> Message-ID:<<Xns9A26C8925C3...@69.28.186.121>>
> may be monitored for quality assurance:
> |
> |TheApostle <likes-...@mailme.org> wrote in
> |news:MPG.21f6f62bd...@news.sharkpost.org:
> |
> |> This post, Dustin Cook <bughunte...@gmail.com>
> |> Message-ID:<<Xns9A26761DEAB...@69.28.186.121>>
> |> may be monitored for quality assurance:
> |>|
> |>|4Q <paul...@hushmail.com> wrote in
> |>|news:94238dde-2e7f-4f2f...@v29g2000hsf.googlegroups.com:
> |>|
> |>|> This post reposted for the wider
> |>|> audience. LinuxLad thrashes Dustbin's
> |>|> ass with some code 101 basics.
> |>|
> |>|I fixed your headers, 4Q; I ensure this post will goto John's
> |>|homegroup; that you really should read for yourself, before you assume
> |>|this stool pigeon is going to own me. :)
> |>
> |> I never believed someone could humiliate themselves so quickly
> |> with one single statement, but after seeing 4Q's footchomping
> |> statement I am now a believer.
> |>
> |> "googlegroups.com:" <---------------------- <laffs out loud>
> |>
> |> I am just guessing, but 4Q demonstrates that he is this groups
> |> resident punching bag, am I wrong?
> |
> |4Q is the infamous alt.comp.virus troll.
>
> Sounds like my obsessed fanboi Mr.E - he's been stalking me for over
> 11 years all because I upset his fragile widdle feelings, or perhaps
> it was because I was a looked up to and he was is anothing. Now that
> is ownership!! He's created websites about me, replies to every single
> one of my posts and believes I am around every corner.
>
> |He's supposed to keep vxers/ex vxers in check with his idea of reality. LoL.
>
> Our obsessed fans don't care about anything - even if it means that
> reality has to get in the way. Truth is as far from them as a real
> life. As long as they get to take a shot of making a fool of them-
> selves they are happy.. and they never fail to disappoint.
>
> You've seen what happens when reality bites one of them in the ass, eh.
> They get really upset. Trolls like these two, are the people who can't
> do and resent those who can.
>
> Instead of being able to accomplish anything worth while in their sad
> and pitiful little lives, they spend their every obsessed filled moment
> *trying* to hurt their betters by childish insults (or as they see it
> "constructive criticism") however, since they both lack the intelligence
> which is required to be a "doer", they neglect to understand their
> differences.
> --
> X=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
> Join the Pirate Party! http://www.pirate-party.us
> Sharkpost Home http://www.sharkpost.net
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
> Pedophile-Supporter Jack 'GitRDunn' Cohen uses the First
> Amendment Rights argument to protect the rights of kiddie
> porn posters and pedophiles to post what they "likes".
>
> From: Jack 'GitRDunn' Cohen <G...@RDunn.hk>
> Newsgroups: alt.binaries.warez.ibm-pc.d
> NNTP-Posting-Date: Fri, 11 Jan 2008 19:28:49 EST
> Message-ID: <5RThj.26$6F6.8@trndny09>
>
> I hate pedos and pervs as much as anyone else but I
> don't have the right to stop them from their first
> amendment rights to post what "they" like.
>
>
>
> X=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
4Q
Comments: TheApostle talks about his pedophile obession.
TheApostle wrote:
> This post, TheApostle <likes-...@mailme.org>
> Message-ID:<<MPG.21f72e42e...@news.sharkpost.org>>
> may be monitored for quality assurance:
> |
> |This post, <KooK Krusher>
> |Message-ID:<<q6oqo3d1tk3bek854...@4ax.com>>
> |may be monitored for quality assurance:
> ||
> ||On Tue, 15 Jan 2008 18:36:20 -0500, TheApostle
> ||<likes-...@mailme.org> wrote:
> ||
> |[..]
> ||>
> ||>Hi, TheApisshole - Yes, we've already read these sniplets, and some took
> ||>babysteps so you could understand them the simple differences with "sounding"
> ||>and the other word "thinking" but unfortunately for you, these subjects
> ||>still remain out of your grasp of understanding. Clearly you still have some
> ||>confusion and some unresolved issues (ie:"B00tfucking").
> ||>
> ||>I would be more than happy to take my time to further demonstrate how stupid
> ||>and ridiculous you are, while ridiculing you to no end, Alas all we would
> ||>benefit from that is watching you slink away under _yet_ again to licking
> ||>your wounds, crying, and shifting into another brand self-spanking new nym
> ||>from being humiliated and disgraced. <smiles> How many nyms are you at now?
> ||>
> ||>To remind you of why you ran away, ya know from the last ass-kicking you got;
> ||>
> ||>(a) The first quote(s) shows the child molester and kiddie porn poster Mjolner
> ||> (aka UFF) stating that he knows _how_ a pedophile thinks and me explaining
> ||> to him how exactly can he know how a pedophile thinks unless he is a
> ||> pedophile. That is simple and reasonable logic.
> ||>
> ||>(b) The last quote, is me telling an MP3 nym-shifting troll (presumably you)
> ||> to stop projecting his pedophile thoughts into the newgroup.
> ||
> ||
> ||> I'm not professing to know what a pedophile thinks.
> ||
> ||> | From: TheApostle <likes-...@mailme.org>
> ||> | Newsgroups: alt.binaries.sounds.mp3.d
> ||> | Subject: Re: Kohout Jr.'s killfile having problems.
> ||> | Date: Tue, 08 Feb 2005 04:54:28 GMT
> ||> | Message-ID: <MPG.1c720f958...@news.asskicker.ca>
> ||> |
> ||> | Stop thinking like a pedophile, sicko.
> |
> |
> |(b) The last quote, is me telling an MP3 nym-shifting troll (presumably you)
> | to stop projecting his pedophile thoughts into the newgroup.
> |
> ||> I'm not professing to know what a pedophile thinks.
> |
> |As already educated to you, I am obviously not professing to know what a
> |pedophile thinks (I leave that to the kiddie porn poster Mjolner). It is
> |me _telling_ (that's writing as it is shown in the quote) a MP3 group troll
> |(presumably you) to refrain from projecting his pedophile thoughts into the
> |newgroup.
>
> I forgot this and I believe this will be a better example to help someone
> like you, who has a hard time speaking with the grownups understand exactly
> what I am saying.
>
> Recently, Jack 'GitRDunn' Cohen expressed his pedophile thoughts about my
> pre-teen neice.
>
> From: GitRDunn <G...@RDunn.hk>
> Newsgroups: alt.binaries.warez.ibm-pc.d
> Date: Sat, 12 Jan 2008 19:54:55 GMT
> Message-ID: <jW8ij.81$s67.30@trndny05>
>
> "Your niece sounds like a tasty little morsel.
>
> Since he had _expressed_ these thoughts, I was able to tell him to keep his
> pedophile thoughts out of the group.
>
> It is not me professing to know how a pedophile thinks, merely me witnesssing
> the thoughts of a pedophile as he wrote them..
>
> |I believe when you understand the difference of professing to know what a
> |pedophile thinks, and viewing a pedophile expressing his thoughts, you may
> |just gain an ounce of intelligence.
> |
> |However, it has been my experience that sick perverts (like Jack "GitrDunn"
> |Cohen, Mjolner, and if you're the same MP3 group troll) all suffer from
> |limited intelligence.
> |
> ||>Neither of these quotes, which are presented out of context and maliciously
> ||>deceiptful intentions demonstrate anything you would like them to, but as I
> ||>explained to you before you ran away sobbing and crying, do keep on trying to
> ||>best me, lil one. Next time, do try and have someone else explain what you
> ||>reading so you are able to grasp it more readily and therefore you don't have
> ||>to suffer such a terrible defeat, again, at my hands. <WEFG>
> |
> |Please do have someone help you with your reading skills. Cya!
4Q
Comments: More of Les Apostles pedophile obsession.
TheApostle wrote:
> This post, <KooK Krusher>
> Message-ID:<<mosqo3lo46pig56u9...@4ax.com>>
> may be monitored for quality assurance:
> |
> |On Tue, 15 Jan 2008 21:40:11 -0500, TheApostle
> |<likes-...@mailme.org> wrote:
> |
> [..]
> |
> |Give it up kook.
>
> Hey, if you don't like this ass kicking perhaps you can try your
> hand at something else - perhaps collecting postage stamps??????
>
> |We all watched you defend a pedo for months on end.
>
> I've never defended any "pedophile". I certainly never defended
> anyone you have foolishly and malicious smeared as a "pedophile".
>
> |Do you always jump to the defense of someone you don't know when
> |others confront him with his past?
>
> As explained to you before, I wasn't defending anyone.
>
> Get an education that goes past second grade.
>
> Read this closely and try to grasp it.
>
> If you need help ask your mommy to help you.
>
> I was, and continue to, challange the baseless and malicious
> assertions made by the kiddie porn posting Mjolner (aka UFF).
>
> To a simpleton like you, that may be defending people, however
> to educated people, it's questioning the evidence and not taking
> what they say as truth based on their already admitted errors.
>
> Similar to when the NTBBI questioned the claim by Mjolner that
> "Kinda Dumb" was a pedophile and found that Mjolner had completely
> fabricated the evidence against him, and spent years smearing him.
>
> Similar to when I questioned the claims by Mjolner that "WERIDO"
> had posted child porn using Mjolner's name - which were found
> out when Mjolner foolishly slipped up in his lies and claimed
> there was no child porn, he didn't report WERIDO, and he was
> simply trolling for fun.
>
> When you stop being a mindless ass kisser and begin to question
> the evidence presented by other people to seek the real truth...
> you always be a useless pitiful troll, until then you're left to
> shift nyms from all your humiliation (presumably due to the amount
> of beatings you suffer through) and continue repeating the same
> boring lies ad nauseum.
>
> Now, when you feel you can actually best me, junior, do try.
> Until then, sit in the corner, educate yourself, gather the
> correct information to stop humiliating yourself, and shut
> your trap until you can contribute something worthy, Mkay sweetie!
4Q
Comments: Clueless fuck Leslie can't read for shit.
TheApostle wrote:
> This post, 4Q <paul...@hushmail.com>
> Message-ID:<<f8235ef4-1db3-4dfc...@e4g2000hsg.googlegroups.com>>
> may be monitored for quality assurance:
> |
> |TheApostle wrote:
> |> This post, Dustin Cook <bughunte...@gmail.com>
> |> Message-ID:<<Xns9A26C8925C3...@69.28.186.121>>
> |> may be monitored for quality assurance:
> |> |
> |> |TheApostle <likes-...@mailme.org> wrote in
> |> |news:MPG.21f6f62bd...@news.sharkpost.org:
> |> |
> |> |> This post, Dustin Cook <bughunte...@gmail.com>
> |> |> Message-ID:<<Xns9A26761DEAB...@69.28.186.121>>
> |> |> may be monitored for quality assurance:
> |> |>|
> |> |>|4Q <paul...@hushmail.com> wrote in
> |> |>|news:94238dde-2e7f-4f2f...@v29g2000hsf.googlegroups.com:
> |> |>|
> |> |>|> This post reposted for the wider
> |> |>|> audience. LinuxLad thrashes Dustbin's
> |> |>|> ass with some code 101 basics.
> |> |>|
> |> |>|I fixed your headers, 4Q; I ensure this post will goto John's
> |> |>|homegroup; that you really should read for yourself, before you assume
> |> |>|this stool pigeon is going to own me. :)
> |> |>
> |> |> I never believed someone could humiliate themselves so quickly
> |> |> with one single statement, but after seeing 4Q's footchomping
> |> |> statement I am now a believer.
> |> |>
> |> |> "googlegroups.com:" <---------------------- <laffs out loud>
> |> |>
> |> |> I am just guessing, but 4Q demonstrates that he is this groups
> |> |> resident punching bag, am I wrong?
> |> |
> |> |4Q is the infamous alt.comp.virus troll.
> |>
> |> Sounds like my obsessed fanboi Mr.E - he's been stalking me for over
> |> 11 years all because I upset his fragile widdle feelings, or perhaps
> |> it was because I was a looked up to and he was is anothing. Now that
> |> is ownership!! He's created websites about me, replies to every single
> |> one of my posts and believes I am around every corner.
> |
> |*heh* Very amusing.
>
> Not as amusing as you, and your posts making a fool of yourself.
>
> |It's a pity I can't read or write posts in the alt.binary groups (via the
> |Google system) I'm sure it's very entertaining.
>
> Perhaps you should get a real NSP?
>
> |I've got no idea who all these names that keep popping up are.
>
> Clueless fits you well.
>
> |I've figured out that you are the owner of Sharkpost (sounds like an interesting
> |application, I might coderip some the code so I can dump 4Q site directly into
> |the Google archives)
>
> Sharkpost is already in the Google Archives (re:clueless) and not I am
> not the owner of Sharkpost (re:clueless) I only maintain the website..
>
> |You seem to have a few enemies over there in the alt.binary groups.
>
> With greatness comes a few.
>
> |Shame you've decided to get into bed with Dustbin Cook,
>
> I don't get into bed with guys.
>
> |you do know the guy is a raving loon and confirmed kOOk?
>
> You seem to be projecting.
>
> |4Q ( Recreational Troll )
>
> No doubt.
Dustin Cook
news:g105p390etcsbelda...@4ax.com:
Actaully, both are legal; and both will generate the same result.
However, if you'd taken the time to compile it as was suggested, the
resulting binary is different depending on what you do. This is for
hueristics avoidance only. It does nothing whatsoever from a functional
code standpoint.
> You say a=0 isn't correct syntax? You might want to take a look at
> that manual you're fond of quoting.
I said what you wrote:
let a =6433 mod 1
isn't correct Asic syntax, nice try John. :)
>>
>>The source agreed, added nothing of any sort of functionality to the
>>program. It did however generate do nothing code for a hueristic
>>scanner to muddle thru; making the chances of not catching me even
>>higher.
>
> You don't know how hueristics work. Hueristic scanning looks for
> certain passages that might be evidence of malware. An example of that
> might be some code that connects to an IRC server then pulls and
> extracts a file. Another example might be the instantiation of an smtp
> server. In layman's terms hueristic scanning looks for telltale signs
> of malware, not just a signature match. Hueristic engines are to AV
> software what Spamassassin is to email. They look for stuff, score it
> make a decision based on the final score.
The fact you aren't very knowledgeable concerning how software is
examined and how hueristics scanning works isn't my concern. I will leave
this laymen explanation up for everyone to see what little you do
actually understand. :)
>
>>>
>>> You are a well known troll, but you are an obscure virus writer. And
>>> not a very good one either, I'll add.
>>
>>Oh, I'm known mainly for virus writing and back in the BBS days, for..
>>ehm, well, other things. I intend to on changing those nasty aspects
>>tho, with BugHunter. Regarding how well my viruses were written.
>>*shrug*, the last one is 8 years old now, I have no real interest in
>>continuing them, or providing functional code which could be abused.
>
> Anyone can write a program which has undesirable effects. It takes
> only tiny bit of skill for that. You were never a big security threat,
> and are now just a footnote.
*yawn*
>>Source code for what language specifically john? You do understand,
>>the computer doesn't actually (or even care) know visual c++ or perl,
>>right?
>
> Ok, one more time. Dustin, you continue to claim that you can make an
> accurate determination on what happens in an executable file. You
> might be able to get some general idea, but if you could read and
> understand the inner workings of a compiled application (machine
> code), you could reverse engineer any application.
I'm leaving this as is too. It really doesn't require any comment on my
part. :)
> Again, one more time:
> You cannot make a complete and accurate assessment of a program's
> behavior merely by disassembling it. In the case of a protected app,
> you won't even see the whole thing. Reverse-engineering a large
> commercial application is simply beyond the limits of technology at
> this time. Just because you can find where the check for a working key
> is and force it to return zero does not mean you can accurately
> enumerate all of the functions. This is why no one has replicated
> Cisco's or Microsoft's products and published the source code. It is
> not technologically feasible at this time. If it were, why has no one
> released a golden kernel for windows that completely bypasses all
> license checks?
This i'm leaving as is too. :)
>>*shrug* I'm not familiar with any of them.
>>Thanks for the information. I'll check it out.
>
> Ok, I'll help you out once again.
No need, I'm capable of googling for myself, John.
>>Alright. Fine, from the time taken to crack crypto aspect; say I have
>>to get a valid key. Once I do, tho, your ehm, in protected memory
>>ready for the taking? :)
>
> You do not understand the magnitude of the task. To make it easy, I
> will post the public key and the ciphertext if you would like to give
> it a try. That will remove all the other difficulties so you can focus
> on obtaining the key. Want to give it a shot?
John, nobody has ever said they could crack an RSA key. and I won't be
the first to claim something like that. I don't have NSA super computers
here, and if they can't do it in a reasonable amount of time, I know for
sure I can't either. Again, crypto isn't cracking. one day you'll learn
the difference.
>
>>> Please see above. Nothing is ever perfectly secure, but as far as
>>> people like you are concerned, it is functionally secure.
>>
>>Sir, if software was crack proof as you claim to think, almost
>>everyone would write crackproof software by now.
>
> You seem to ignore everything that is not what you want to believe. I
> just wrote four sentences above that nothing is ever perfectly secure.
> In otherwords, probably anything can be cracked with enough resources.
> One of the contributing factors in the popularity of many products is
> the ease in which they could be pirated and and redistributed. How may
> copies of SAS or Cisco floating around do you see? Do you see anyone
> asking for a working SnapMirror key?
I'm not going to get into a discussion on warez John. We were discussing
Asic, and I intend to stick with that discussion, specifically. I've
wasted enough time talking about non asic things.
>>
>>> You will be reversing a licensing protection scheme, like it were
>>> some piece of shareware that needed a license to activate all of its
>>
>>Crypto then...
>
> Yes, and once again, I'll ask you to do some research on how software
> copy protection is accomplished. Start with RSA.
You do understand, that this isn't common for protection right John? Not
everyone employs crypto in this fashion.
>>
>>> features. The only value to you is that you will have proven you are
>>> a cracker. In reality you will not accept the challenge and invent
>>> some silly pretext because you may finally understand why this is
>>> not the same as returning zero on a license check.
>>
>>Proven I'm a cracker? Wow. proven this to who exactly?
>
> To yourself. None of us will buy it without proof.
None of who? If your under the mistaken impression that I'm trying to
prove anything to you specifically John, I'd strongly suggest you re-read
the threads. My goal isn't to prove anything to you, as your too ignorant
to see things from anothers point of view. Rather, my goal is to expose
you for the ignorant wannabe you so clearly are. :)
>>
>>> You will have to be able to break a large RSA key. I don't think you
>>> or anyone you know can.
>>
>>I don't think I or anyone I know or even don't know ever claimed they
>>could. *laughing*.
>
> You implied it would be trivial to crack my application. Would you
> like a message ID to help refresh your memory?
I think you should read what I wrote, instead of what you think I wrote,
John. I do not at any time claim to be able to crack high level crypto
such as RSA. If your application is primarily crypto based, and it is by
your own explanation, I have no interest in trying to crack RSA. John.
RSA isn't executable code. If you think cracking crypto is the same as
cracking an application, you really do have much to learn about both.
>>John, that's not true obviously. Another individual (Black Dragon I
>>think?) mentioned how I did it, after you explained one of the
>>programs mentioned that I used didn't exist for Windows; of course it
>>does and someone (not me this time) laughingly had to point that out
>>for you, but alas...
>
> That does not change the fact that you didn't do it and in fact didn't
> even know how.
Wrong. As was already pointed out to you by another poster. The fact you
didn't read the post in time before you started your assault isn't my
fault, or my problem.
>>
>>You asked in more specific terms how I analyzed the software, I
>>stopped when you said a particular program didn't exist for windows.
>>:) I mean, shit... If the software's own website wouldn't convince
>>you, how the hell am I going to be able too? heh heh.
>
> A very minor oversight. Shows what I use windows for. Again, does not
> change the fact that you did not do it.
See above. Same answer.
>>
>>Ping 4Q: Are you paying attention bro? You sure picked a dense one
>>this time. :)
>
> If I'm dense, you're a black hole.
Hahahah. If you say so. :)
> You have been schooled. It's up to you to decide how you use your
> newfound knowlege.
Schooled in what John? API's? Interrupts? Asic? Or, alas, none of the
above. :)
>>>>
>>>>AHAHAHAHAHAHAAAHAHAHAHAHA.
>>>
>>> Not really funny, it's sad in my view, but if you want to bust out a
>>> maniacal laugh, you have my permission.
>>
>>Oh, but it's very funny. You claim to have a more advanced skillset,
>>but you don't know what is going on with the binary that is generated
>>from your source code. You just don't see the irony.
>
> I know it's talking to the API Dustin, the point I was trying to make
> is that I was not doing the work, it was being done for me.
And you didn't know how the work was being done. You claimed you could
write a windows application without using API calls, in Delphi of all
languages. The fact it does make use of API calls, whether you
specifically called them or not shows how painfully inexperienced with
programming you actually are.
>>I have? Hmm, I think I said this once before; I use Asic because *I*
>>like using it. It served me well in my virus writing career; and it's
>>done good work for other things I use it for.
>
> Fine, keep using it, but when you criticize anyone for using something
> better, don't be surprised when you get what you deserve.
When I did critize anyone for using something better John?
> So do most modern compliled languages.
*shrug*. You don't have to be modern to talk to the hardware. One day
you'll understand that.
> What I said is that it supports a few math functions and the four
> basic operations: add, subtract, multiply and divide. There are only
> for operations in math, everthing else is a combination of one or more
> of those operations. So what if you can talk at a low level? How is
> this better than having a function that has already been vetted and
> optimized?
optimized? really now. How are you going to optimize an xor call that
asks the cpu to do it? I'm waiting.
Talking at a low level offers more control. You are in more of a position
to decide what happens with your code, not the other way around.
Look, you seem to be okay with being 0wned by your compiler/languages of
choice. I'm just not happy with that, I prefer to know what the
compiler/languages I'm using is actually doing, that's all.
>>>>BugHunter has no networking support of any kind. It doesn't talk to
>>>>any
>>>
>>> I know. It can't.
>>
>>Not really true, it could; I choose for it not too. :)
>
> Ok, post some working code to make an http request. You can't, and
> what's worse, you, the low level coding guru have been caught in the
> act of using other gnu software despite your criticisms of me for my
> higher level software development skills.
caught in the act of what now? I happily make use of GNU software, sure.
Don't you? Are you talking about the WGET application in the remote
updater? (a seperate download, which isn't authored by me)? I have no
complaints with the program. A happy user of BugHunter wrote it and gave
me permission to host it, to help with other BugHunter users.
It's called community support John. :)
Now then, concerning your code request, it's denied. I'm not in the habit
of jumping when someone who has little understanding of a language I
choose to program in questions what I can or can't do with it.
> Your menu, by the way only offers four possible choices, and at least
> two of those choices are exclusive of what locate.com does or does not
> do, assuming you are telling the truth about the extent of your own
> code.
*sigh*. another education is coming.. I see..Here's a copy of the
BUGHUNT.INI file, the configuration file you were told to examine before
you responded, John.
; BugHunter v2.x configuration file sample.
; The commands, APPEND, CREATE, NOLOG, and FULL can be placed
; anywhere inside this file you like. The command YES can also be
; placed anywhere inside the file you like, but the following two
; lines must be present below it: locate.com and parameters,
; and the name of the temporary file BugHunter should use.
; Default settings are full recursive scan, a logfile will
; be created in the current directory if possible.
; the default temporary file is BUGHUNT.DAT and will be created
; in the current directory. Logging options are as follows
; APPEND = Append to the already existing BUGHUNT.LOG (if present)
; otherwise one will be created.
; CREATE = Create a new logfile each time an option is performed.
; NOLOG = Exactly what it says. :) No logfile is created. No logging
; to file takes place if one already exists.
; FULL = Log extra details. How many files in each folder, location
; and name of any files that couldn't be opened for scanning. Some files
; that are in use will cause this error.
; is turned off by default. Log files can grow to large sizes if this
; option is switched on. However, it does provide extra detail.
APPEND
;CREATE
;NOLOG
;FULL
; YES controls recursion. If using YES, the following two lines MUST
; be the name location and parameters of locate.com (default is current
; directory bughunter is executing from) and the name of the temporary
; file for use.
YES
locate.com /D+ /N /R
BUGHUNT.DAT
; As BugHunter is preset to do full recursion, this section of the
; configuration file is ignored. If you would like BugHunter to scan
; the folders listed below (you may customize them as you see fit; upto
; 32 folders) can be specified in the msdos 8.3 style naming convention.
; Comment yes and the two lines below it. To re-enable full recursion,
; simply uncomment yes and the two lines below it.
; These directories assume a default installation of C:\WINDOWS. If you
; are not using full recursion, please modify the directory paths to
; suit your system configuration. By Default, BugHunter will not just
; scan the directories listed below. Full recursion is turned on, and
; this section of the configuration file is ignored.
C:
C:\WINDOWS
C:\WINDOWS\COMMAND
C:\WINDOWS\CONFIG
C:\WINDOWS\MSAPPS
C:\WINDOWS\WINSXS
C:\WINDOWS\SYSTEM
C:\WINDOWS\SYSTEM32
C:\WINDOWS\SYSTEM32\DLLCACHE
C:\WINDOWS\SYSTEM32\DRIVERS
C:\WINDOWS\SYSTEM32\WBEM
C:\WINDOWS\SYSTEM32\IME
C:\WINDOWS\TEMP
C:\WINDOWS\DOWNLO~1
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP
> Could it be that you are also using locate.com for the file deletion
> too ("/K")? You have been spraying your low level skills about like
> water in a burning house and it turns out that someone else's library
> is doing 3/4 of that work?
locate.com for file deletion? hahaha, no sir. I can do that myself,
thanks. :)
I wasn't aware locate.com was a library..
> I got curious and went to you home page, only to find that you were
> also offering an online update tool (BHUPDATE), so I downloaded and
> looked at it. Imagine my surprise when I found out that you are just
> wrapping the windows port of wget with your own script.
The BHUPDATE tool isn't written by me.
> After you called me a scrptkiddy for using perl, you have been caught
> red-handed wrapping the GNU port of wget with a batch file.
>
> Your work, Mr low level:
>
> @echo off
> echo Updating BugHunter...........wait
> wget -N -o bugupdate.log http://bughunter.it-mate.co.uk/BUGHUN22.ZIP
> find /i /n "not retrieving" bugupdate.log
> if errorlevel 1 unzip -o bughun22.zip
> echo.
> echo Updating has been finished....Bye
Not my work, sir. :) Another user of BugHunter provided that to me, and
gave permission to host it for the benefit of other BugHunter users.
> You, Dustin Cook, the guy who has been bragging about being a low
> level coder is using other people's work as a third party library
> (three different executables in one application) and you dare to call
> yourself a low level coder?
locate.com is a program, sir. it's not a library. Locate.com is used for
the configuration options; present inside BUGHUNT.INI. :) WGET isn't
mine, and I haven't claimed otherwise, sir. Oh, and one final point for a
good laugh, I didn't write any portion of the BHUPDATE tool. :)
>>I'll make it easier for you, I can do what locate.com does, and remove
>>the program entirely, if I wanted; I choose not too. Is that rewording
>>easier for you, John? :)
>
> I don't care what you do Dustin, I'm just pointing out that you
> prattle on and on about the evils of HLL, and then choose to use
No John, I prattled on about you being a tool of your chosen language. A
very important distinction.
> wget to handle the updating. This is huge. You are pretending to be
I know, John. You thought you had something on me. Sorry to burst your
bubble so easily. :)
> low level coder and you are using an HLL strategy. In other words
I use what I like, John.
> Dustin, you are using a modern software development model -- exactly
> what you criticize me for.
No John, I criticized you for being stupid. Your efforts to twist it
since have failed miserably, but it's worth noting that you've tried. :)
--
Regards,
Dustin Cook - http://bughunter.it-mate.co.uk
BugHunter v2.2e AntiMalware Removal Utility
-linux_lad
No Dustin, this will have absolutely NO effect on a Hueristics scan.
Making pointless assignments only burns cycles, it will not confuse
any hueristics scan. I have already explained what happens in such a
scan, but I guess you think you can just ignore the facts and pull the
wool over everyone's eyes.
>
>> You say a=0 isn't correct syntax? You might want to take a look at
>> that manual you're fond of quoting.
>
>I said what you wrote:
>let a =6433 mod 1
>isn't correct Asic syntax, nice try John. :)
>
>>>
>>>The source agreed, added nothing of any sort of functionality to the
>>>program. It did however generate do nothing code for a hueristic
>>>scanner to muddle thru; making the chances of not catching me even
>>>higher.
>>
>> You don't know how hueristics work. Hueristic scanning looks for
>> certain passages that might be evidence of malware. An example of that
>> might be some code that connects to an IRC server then pulls and
>> extracts a file. Another example might be the instantiation of an smtp
>> server. In layman's terms hueristic scanning looks for telltale signs
>> of malware, not just a signature match. Hueristic engines are to AV
>> software what Spamassassin is to email. They look for stuff, score it
>> make a decision based on the final score.
>
>The fact you aren't very knowledgeable concerning how software is
>examined and how hueristics scanning works isn't my concern. I will leave
>this laymen explanation up for everyone to see what little you do
>actually understand. :)
Do you really want to debate this? Ok, fine. Does anyone reading
disagree with my explanation of what Hueristic scanning is and how
it's done? Anyone in alt.comp.virus disagree?
>
>>>Source code for what language specifically john? You do understand,
>>>the computer doesn't actually (or even care) know visual c++ or perl,
>>>right?
>>
>> Ok, one more time. Dustin, you continue to claim that you can make an
>> accurate determination on what happens in an executable file. You
>> might be able to get some general idea, but if you could read and
>> understand the inner workings of a compiled application (machine
>> code), you could reverse engineer any application.
>
>I'm leaving this as is too. It really doesn't require any comment on my
>part. :)
>
>> Again, one more time:
>> You cannot make a complete and accurate assessment of a program's
>> behavior merely by disassembling it. In the case of a protected app,
>> you won't even see the whole thing. Reverse-engineering a large
>> commercial application is simply beyond the limits of technology at
>> this time. Just because you can find where the check for a working key
>> is and force it to return zero does not mean you can accurately
>> enumerate all of the functions. This is why no one has replicated
>> Cisco's or Microsoft's products and published the source code. It is
>> not technologically feasible at this time. If it were, why has no one
>> released a golden kernel for windows that completely bypasses all
>> license checks?
>
>This i'm leaving as is too. :)
Good, I'm glad we are clear.
>
>>>*shrug* I'm not familiar with any of them.
>>>Thanks for the information. I'll check it out.
>>
>> Ok, I'll help you out once again.
>
>No need, I'm capable of googling for myself, John.
>>>Alright. Fine, from the time taken to crack crypto aspect; say I have
>>>to get a valid key. Once I do, tho, your ehm, in protected memory
>>>ready for the taking? :)
>>
>> You do not understand the magnitude of the task. To make it easy, I
>> will post the public key and the ciphertext if you would like to give
>> it a try. That will remove all the other difficulties so you can focus
>> on obtaining the key. Want to give it a shot?
>
>John, nobody has ever said they could crack an RSA key. and I won't be
>the first to claim something like that. I don't have NSA super computers
>here, and if they can't do it in a reasonable amount of time, I know for
>sure I can't either. Again, crypto isn't cracking. one day you'll learn
>the difference.
Dustin, you have claimed that you are a cracker. You have claimed that
you can crack my app. The fact that you don't understand modern
licensing or copy protection schemes does not mean that I am wrong.
Feel free to ask anyone how they work.
>
>>
>>>> Please see above. Nothing is ever perfectly secure, but as far as
>>>> people like you are concerned, it is functionally secure.
>>>
>>>Sir, if software was crack proof as you claim to think, almost
>>>everyone would write crackproof software by now.
>>
>> You seem to ignore everything that is not what you want to believe. I
>> just wrote four sentences above that nothing is ever perfectly secure.
>> In otherwords, probably anything can be cracked with enough resources.
>> One of the contributing factors in the popularity of many products is
>> the ease in which they could be pirated and and redistributed. How may
>> copies of SAS or Cisco floating around do you see? Do you see anyone
>> asking for a working SnapMirror key?
>
>I'm not going to get into a discussion on warez John. We were discussing
>Asic, and I intend to stick with that discussion, specifically. I've
>wasted enough time talking about non asic things.
You're the one who implied I was wrong. If you don't want to be
schooled, don't ask the teacher.
>
>>>
>>>> You will be reversing a licensing protection scheme, like it were
>>>> some piece of shareware that needed a license to activate all of its
>>>
>>>Crypto then...
>>
>> Yes, and once again, I'll ask you to do some research on how software
>> copy protection is accomplished. Start with RSA.
>
>You do understand, that this isn't common for protection right John? Not
>everyone employs crypto in this fashion.
It is a very common form of software licensing protection. Some people
use other methods, but the fact that you have never heard of the many
of the world's most expensive and widely used enterprise-class
products make me think you have never worked as anything but a back
room tv repairman.
>
>>>
>>>> features. The only value to you is that you will have proven you are
>>>> a cracker. In reality you will not accept the challenge and invent
>>>> some silly pretext because you may finally understand why this is
>>>> not the same as returning zero on a license check.
>>>
>>>Proven I'm a cracker? Wow. proven this to who exactly?
>>
>> To yourself. None of us will buy it without proof.
>
>None of who? If your under the mistaken impression that I'm trying to
>prove anything to you specifically John, I'd strongly suggest you re-read
>the threads. My goal isn't to prove anything to you, as your too ignorant
>to see things from anothers point of view. Rather, my goal is to expose
>you for the ignorant wannabe you so clearly are. :)
You have not accomplished your mission.
>
>>>
>>>> You will have to be able to break a large RSA key. I don't think you
>>>> or anyone you know can.
>>>
>>>I don't think I or anyone I know or even don't know ever claimed they
>>>could. *laughing*.
>>
>> You implied it would be trivial to crack my application. Would you
>> like a message ID to help refresh your memory?
>
>I think you should read what I wrote, instead of what you think I wrote,
>John. I do not at any time claim to be able to crack high level crypto
>such as RSA. If your application is primarily crypto based, and it is by
>your own explanation, I have no interest in trying to crack RSA. John.
>RSA isn't executable code. If you think cracking crypto is the same as
>cracking an application, you really do have much to learn about both.
What I have said Dustin, is that you cannot crack anything I write.
You can't crack anything anyone writes if they are serious about
protecting it. Yes, someone might be able to, but *you* can't, and no
one you associate with can either.
>
>>>John, that's not true obviously. Another individual (Black Dragon I
>>>think?) mentioned how I did it, after you explained one of the
>>>programs mentioned that I used didn't exist for Windows; of course it
>>>does and someone (not me this time) laughingly had to point that out
>>>for you, but alas...
>>
>> That does not change the fact that you didn't do it and in fact didn't
>> even know how.
>
>Wrong. As was already pointed out to you by another poster. The fact you
>didn't read the post in time before you started your assault isn't my
>fault, or my problem.
I have a copy of it. You made NO mention of your server-side analysis,
you posted NO logs, packets, or configuration data, and did not even
address the possibility of duplicate posts to the same server.
>
>Hahahah. If you say so. :)
>
>> You have been schooled. It's up to you to decide how you use your
>> newfound knowlege.
>
>Schooled in what John? API's? Interrupts? Asic? Or, alas, none of the
>above. :)
All.
>
>>>>>
>>>>>AHAHAHAHAHAHAAAHAHAHAHAHA.
>>>>
>>>> Not really funny, it's sad in my view, but if you want to bust out a
>>>> maniacal laugh, you have my permission.
>>>
>>>Oh, but it's very funny. You claim to have a more advanced skillset,
>>>but you don't know what is going on with the binary that is generated
>>>from your source code. You just don't see the irony.
>>
>> I know it's talking to the API Dustin, the point I was trying to make
>> is that I was not doing the work, it was being done for me.
>
>And you didn't know how the work was being done. You claimed you could
>write a windows application without using API calls, in Delphi of all
>languages. The fact it does make use of API calls, whether you
>specifically called them or not shows how painfully inexperienced with
>programming you actually are.
>
>>>I have? Hmm, I think I said this once before; I use Asic because *I*
>>>like using it. It served me well in my virus writing career; and it's
>>>done good work for other things I use it for.
>>
>> Fine, keep using it, but when you criticize anyone for using something
>> better, don't be surprised when you get what you deserve.
>
>When I did critize anyone for using something better John?
Remember "Owned by compiler"? Or your "LOL HLL Coder"..
>
>> So do most modern compliled languages.
>
>*shrug*. You don't have to be modern to talk to the hardware. One day
>you'll understand that.
>
>> What I said is that it supports a few math functions and the four
>> basic operations: add, subtract, multiply and divide. There are only
>> for operations in math, everthing else is a combination of one or more
>> of those operations. So what if you can talk at a low level? How is
>> this better than having a function that has already been vetted and
>> optimized?
>
>optimized? really now. How are you going to optimize an xor call that
>asks the cpu to do it? I'm waiting.
XOR is a very simple operation, but many math functions are not. You
can arrive at the same figure by many paths. Take for example all the
cycles you burned just to set "a" to 0. Can you imagine the amount of
waste someone like you would generate creating an organic chemistry
expression evaluator or maybe replicating an algorithm like RSA? You
seem not to be able to understand why the software world favors the
modular developement model. Just because you can do something does not
mean you should.
>>>Not really true, it could; I choose for it not too. :)
>>
>> Ok, post some working code to make an http request. You can't, and
>> what's worse, you, the low level coding guru have been caught in the
>> act of using other gnu software despite your criticisms of me for my
>> higher level software development skills.
>
>caught in the act of what now? I happily make use of GNU software, sure.
>Don't you? Are you talking about the WGET application in the remote
>updater? (a seperate download, which isn't authored by me)? I have no
>complaints with the program. A happy user of BugHunter wrote it and gave
>me permission to host it, to help with other BugHunter users.
After all your chatter about how you have all this low level control
and all your bragging about being a "coder", you have been caught
using someone else's work. Then you blamed some anonymous contributor
for it instead of admitting you don't have nearly the skill you claim.
>
>It's called community support John. :)
>
>Now then, concerning your code request, it's denied. I'm not in the habit
>of jumping when someone who has little understanding of a language I
>choose to program in questions what I can or can't do with it.
You can't and we all know it. I can't either, but then I'm not
claiming I can.
>
>> Your menu, by the way only offers four possible choices, and at least
>> two of those choices are exclusive of what locate.com does or does not
>> do, assuming you are telling the truth about the extent of your own
>> code.
>
>*sigh*. another education is coming.. I see..Here's a copy of the
>BUGHUNT.INI file, the configuration file you were told to examine before
>you responded, John.
What does that have to do with anything? That's just an initialization
file. It does not change the fact that it shows that you are wrapping
locate.com. On the contrary, it's proof that locate.com does all the
work.
>
>
>> Could it be that you are also using locate.com for the file deletion
>> too ("/K")? You have been spraying your low level skills about like
>> water in a burning house and it turns out that someone else's library
>> is doing 3/4 of that work?
>
>locate.com for file deletion? hahaha, no sir. I can do that myself,
>thanks. :)
>
>I wasn't aware locate.com was a library..
If you wrap an exe, you are using it as a library.
>
>> I got curious and went to you home page, only to find that you were
>> also offering an online update tool (BHUPDATE), so I downloaded and
>> looked at it. Imagine my surprise when I found out that you are just
>> wrapping the windows port of wget with your own script.
>
>The BHUPDATE tool isn't written by me.
Yes, it was.
>
>Not my work, sir. :) Another user of BugHunter provided that to me, and
>gave permission to host it for the benefit of other BugHunter users.
I think we all know the answer to that.
>> wget to handle the updating. This is huge. You are pretending to be
>
>I know, John. You thought you had something on me. Sorry to burst your
>bubble so easily. :)
I caught you red-handed. You flagship product is a cobble of three
standalone EXEs you are using as libraries, and some of your own code
which you have gone out of your way to conceal. Who knows why you
concealed it...it's not as if there is a cadre of Russian criminals
that specialize in ripping off code that went out of style in 1995.
There is a nother reason you are hiding it, but I don't know what it
is.
>
>
>> low level coder and you are using an HLL strategy. In other words
>
>I use what I like, John.
Fine, let's all remember that you are in no position to criticize any
of us for choosing a modern approach to development.
>
>> Dustin, you are using a modern software development model -- exactly
>> what you criticize me for.
>
>No John, I criticized you for being stupid. Your efforts to twist it
>since have failed miserably, but it's worth noting that you've tried. :)
I'm as generous with my code as I am with my time for you. I wrote a
small exe for your updates. It's a lot more elegant than your wrapping
of the windows port of wget. You can call it with system or however
Asic interacts with the shell. I didn't spend a lot of time on it,
it's really just to show how fast and easy this is in a modern
languge.
http://spoofproof.org/SnarfIt.exe
Feel free to use it Dustin, it was written for you. I'll post it on
the shareware sites too in case anyone else wants to use it. Would you
also like to use my recursion engine? I could add it to this exe if
you want. I could also probably add a crc module too, so all you would
have to do is write a quick batch script ( like the wget one) to do
the scanning.
Enjoy, and feel free to ask for improvements if you need something
added.
--
-linux_lad
http://www.spoofproof.org/verify.php?sig=d4df27bf984fc3778773291b2f665aaa
Dustin Cook
news:5h8np3h54skm2gaol...@4ax.com:
*shrug* If you say so, John. At this point, I'm not interested in
dicussing it further. You can think what you want of hueristics, worship
them for all I care, but please don't try BSing your way around the
issue.
>>
>>> You say a=0 isn't correct syntax? You might want to take a look at
>>> that manual you're fond of quoting.
>>
>>I said what you wrote:
>>let a =6433 mod 1
>>isn't correct Asic syntax, nice try John. :)
>>
>>>>
>>>>The source agreed, added nothing of any sort of functionality to the
>>>>program. It did however generate do nothing code for a hueristic
>>>>scanner to muddle thru; making the chances of not catching me even
>>>>higher.
>>>
>>> You don't know how hueristics work. Hueristic scanning looks for
>>> certain passages that might be evidence of malware. An example of
>>> that might be some code that connects to an IRC server then pulls
>>> and extracts a file. Another example might be the instantiation of
>>> an smtp server. In layman's terms hueristic scanning looks for
>>> telltale signs of malware, not just a signature match. Hueristic
>>> engines are to AV software what Spamassassin is to email. They look
>>> for stuff, score it make a decision based on the final score.
>>
>>The fact you aren't very knowledgeable concerning how software is
>>examined and how hueristics scanning works isn't my concern. I will
>>leave this laymen explanation up for everyone to see what little you
>>do actually understand. :)
>
> Do you really want to debate this? Ok, fine. Does anyone reading
> disagree with my explanation of what Hueristic scanning is and how
> it's done? Anyone in alt.comp.virus disagree?
I doubt you'll find many persons interested in responding one way or
another, John. Your concept of hueristic scanning is vague enough so that
you can claim it meant anything you want it to mean.
> Good, I'm glad we are clear.
Great.
>>
>>>>*shrug* I'm not familiar with any of them.
>>>>Thanks for the information. I'll check it out.
>>>
>>> Ok, I'll help you out once again.
>>
>>No need, I'm capable of googling for myself, John.
>>>>Alright. Fine, from the time taken to crack crypto aspect; say I
>>>>have to get a valid key. Once I do, tho, your ehm, in protected
>>>>memory ready for the taking? :)
>>>
>>> You do not understand the magnitude of the task. To make it easy, I
>>> will post the public key and the ciphertext if you would like to
>>> give it a try. That will remove all the other difficulties so you
>>> can focus on obtaining the key. Want to give it a shot?
>>
>>John, nobody has ever said they could crack an RSA key. and I won't be
>>the first to claim something like that. I don't have NSA super
>>computers here, and if they can't do it in a reasonable amount of
>>time, I know for sure I can't either. Again, crypto isn't cracking.
>>one day you'll learn the difference.
>
> Dustin, you have claimed that you are a cracker. You have claimed that
> you can crack my app. The fact that you don't understand modern
> licensing or copy protection schemes does not mean that I am wrong.
> Feel free to ask anyone how they work.
Hmm. First Does sharkpost have malicious code to I can write an exe that
is malicious that no scanner detects to an education in asic, and now..
an explanation of cracking... Sheesh...
John, I can't prove anything more for you, I gave you the names of the
cracks in question that I did author. If you can't be bothered to look
them up for validity, that's not really my problem...
I would prefer to say that I reverse engineer software, rather than
cracking if you don't mind. From a legalstandpoint, I don't even "crack"
software anymore.
>>I'm not going to get into a discussion on warez John. We were
>>discussing Asic, and I intend to stick with that discussion,
>>specifically. I've wasted enough time talking about non asic things.
>
> You're the one who implied I was wrong. If you don't want to be
> schooled, don't ask the teacher.
John, your hardly teaching me anything, sir. Your blowing hot air up my
ass, but nothing more, and nothing less. Instead of just admitting you
didn't have a clue about Asic, you tried to educate me, you failed
miserably. Now your going to try and educate me on crypto. Ad nausem.
Your getting... *boring*
>>You do understand, that this isn't common for protection right John?
>>Not everyone employs crypto in this fashion.
>
> It is a very common form of software licensing protection. Some people
> use other methods, but the fact that you have never heard of the many
> of the world's most expensive and widely used enterprise-class
> products make me think you have never worked as anything but a back
> room tv repairman.
Good thing what you think isn't important then. I'd hate to know what you
think of those higher than yourself where you work. :)
I don't do enterprise level work John. I fix workstations, wintels..
mainly. :) My speciality is malware I suppose you could say. Anyways,
this has nothing to do with Asic.
>>None of who? If your under the mistaken impression that I'm trying to
>>prove anything to you specifically John, I'd strongly suggest you
>>re-read the threads. My goal isn't to prove anything to you, as your
>>too ignorant to see things from anothers point of view. Rather, my
>>goal is to expose you for the ignorant wannabe you so clearly are. :)
>
> You have not accomplished your mission.
I don't know. Depending on your point of view, I did the moment you
"corrected" my Asic code the first time around. Would have been better to
just admit you didn't know about an obscure language that doesn't really
even matter than try to save face as desperatly as your doing now. It's
sad man. What buttons did I push to make you defend your self so much
anyhow? :)
> What I have said Dustin, is that you cannot crack anything I write.
> You can't crack anything anyone writes if they are serious about
> protecting it. Yes, someone might be able to, but *you* can't, and no
> one you associate with can either.
WAHAHAHAHAA... *COUGH* *COUGH*. Okay John. Nobody is interested in
cracking crypto, that I know of.
I'm not so sure John. Who better to crack, you who doesn't know any low
level code, or me who does? Gee... If you actually have to think about
that, you have serious issues. :)
>>Wrong. As was already pointed out to you by another poster. The fact
>>you didn't read the post in time before you started your assault isn't
>>my fault, or my problem.
>
> I have a copy of it. You made NO mention of your server-side analysis,
> you posted NO logs, packets, or configuration data, and did not even
> address the possibility of duplicate posts to the same server.
John, you went and fetched a copy of it, maybe? after various things I'd
mentioned were already pointed out to you.
>
>>
>>Hahahah. If you say so. :)
>>
>>> You have been schooled. It's up to you to decide how you use your
>>> newfound knowlege.
>>
>>Schooled in what John? API's? Interrupts? Asic? Or, alas, none of the
>>above. :)
>
> All.
Again, Schooled in what John? What apis did you school me in? What
interrupts specifically (notice, programmers, we never discussed
interrupts.), and what aspect of Asic did you educate me in, again
please? (notice programmers, the boy can't even get the concept of junk
code to deal with hueristics.)
>>
>>>>>>
>>>>>>AHAHAHAHAHAHAAAHAHAHAHAHA.
>>>>>
>>>>> Not really funny, it's sad in my view, but if you want to bust out
>>>>> a maniacal laugh, you have my permission.
>>>>
>>>>Oh, but it's very funny. You claim to have a more advanced skillset,
>>>>but you don't know what is going on with the binary that is
>>>>generated from your source code. You just don't see the irony.
>>>
>>> I know it's talking to the API Dustin, the point I was trying to
>>> make is that I was not doing the work, it was being done for me.
>>
>>And you didn't know how the work was being done. You claimed you could
>>write a windows application without using API calls, in Delphi of all
>>languages. The fact it does make use of API calls, whether you
>>specifically called them or not shows how painfully inexperienced with
>>programming you actually are.
>>
>>>>I have? Hmm, I think I said this once before; I use Asic because *I*
>>>>like using it. It served me well in my virus writing career; and
>>>>it's done good work for other things I use it for.
>>>
>>> Fine, keep using it, but when you criticize anyone for using
>>> something better, don't be surprised when you get what you deserve.
>>
>>When I did critize anyone for using something better John?
>
> Remember "Owned by compiler"? Or your "LOL HLL Coder"..
Nice John, but not what I meant by the statements. Asic is technically,
by itself, HLL. :) At no time have I critized anyone for using a
better/worse programming language, as long as they understand what the
language really did at the end of the day. You have repeatedly made it
clear that you do not, yet you try to challenge me at every turn.
>>
>>> So do most modern compliled languages.
>>
>>*shrug*. You don't have to be modern to talk to the hardware. One day
>>you'll understand that.
>>
>>> What I said is that it supports a few math functions and the four
>>> basic operations: add, subtract, multiply and divide. There are only
>>> for operations in math, everthing else is a combination of one or
>>> more of those operations. So what if you can talk at a low level?
>>> How is this better than having a function that has already been
>>> vetted and optimized?
>>
>>optimized? really now. How are you going to optimize an xor call that
>>asks the cpu to do it? I'm waiting.
>
> XOR is a very simple operation, but many math functions are not. You
> can arrive at the same figure by many paths. Take for example all the
> cycles you burned just to set "a" to 0. Can you imagine the amount of
> waste someone like you would generate creating an organic chemistry
> expression evaluator or maybe replicating an algorithm like RSA? You
> seem not to be able to understand why the software world favors the
> modular developement model. Just because you can do something does not
> mean you should.
None of this has anything to do with Asic, and I asked you specifically
about xor, as that's what you cracked on with your response.. The long
and short of it is you can't optimize that particular math function any
better, thanks. That's really all you had to say, or better yet, not even
make such a fucking assinine comment to be called on later in the first
place.
Also, your commenting on code thats over a decade or so old, written for
no real useful purpose, and would have served no useful point in the
first place. Why do you continue beating it to death so much?
Your placing your whole understanding of myself apparently and my
skillset on something that's pretty darn old. <g>
>>caught in the act of what now? I happily make use of GNU software,
>>sure. Don't you? Are you talking about the WGET application in the
>>remote updater? (a seperate download, which isn't authored by me)? I
>>have no complaints with the program. A happy user of BugHunter wrote
>>it and gave me permission to host it, to help with other BugHunter
>>users.
>
> After all your chatter about how you have all this low level control
> and all your bragging about being a "coder", you have been caught
> using someone else's work. Then you blamed some anonymous contributor
> for it instead of admitting you don't have nearly the skill you claim.
Anyone else notice avoidance mixed with a little bit of paranoia here?
I don't think you can claim I've been caught doing anything, in fact.
your misleading obviously, but no, alas, I haven't been hiding anything
to get "caught" doing. And, ehh, I'm not blaming anybody for anything
either. *You* didn't do your homework before you tried attacking me for
the updater. Your fault, clearly, your fuckup, not my problem. :)
>>
>>It's called community support John. :)
>>
>>Now then, concerning your code request, it's denied. I'm not in the
>>habit of jumping when someone who has little understanding of a
>>language I choose to program in questions what I can or can't do with
>>it.
>
> You can't and we all know it. I can't either, but then I'm not
> claiming I can.
*shrug*. That's not true. :) I'm not the only individual to have written
stuff in Asic that can communicate with the Internet. Asic supports
comport access, and via a TSR, you can use that to talk over a tcip
internet connection in DOS. I don't think this would work under windows
XP, as I haven't tried. It's been a very long time in fact since i've
tried dos comms. I haven't had a dialup modem here in a long long time.
LoL.
I'd suggest you go have a look around the internet for DOS tcpip
communications before you step on your own dick anymore here.
I don't know what you can/can't actually develop. I have my suspicions,
but I have no idea what compilers, libraries, 3rd party code you might
have access too.
>>
>>> Your menu, by the way only offers four possible choices, and at
>>> least
>>> two of those choices are exclusive of what locate.com does or does
>>> not do, assuming you are telling the truth about the extent of your
>>> own code.
>>
>>*sigh*. another education is coming.. I see..Here's a copy of the
>>BUGHUNT.INI file, the configuration file you were told to examine
>>before you responded, John.
>
> What does that have to do with anything? That's just an initialization
> file. It does not change the fact that it shows that you are wrapping
> locate.com. On the contrary, it's proof that locate.com does all the
> work.
Are you on drugs son? It's actually a configuration file. :) You
shouldn't go by a file extension all the time, it's contents more
important.
The line with locate.com specifies the command line parameters passed to
the program, which you can checkout in the LOCATE.TXT file. If your
stupid enough to think I'm wrapping locate.com in ANYTHING, I tell you
what you can do:
Run BugHunter, use default files. After it's at the main menu, delete
locate.com and the locate.txt file. Then use one of the commands from the
Main Menu. You'll find BugHunter does *ALL* of them without using
locate.com for ANY of it. Locate.com is used during startup before the
main menu, once. One time, to create the temporary file you specify.
YOu can even look inside the temporary file, it's available as long as
you don't exit the program.
Another point, the file would have told you what I told you initially
that you tried to look on the main menu to change?!? Was about the
parameters and optional search features a person can use. Again, see
locate.txt for more information.
And yes, another point, mostly for my readers; you clearly can't read for
shit. See the fucking documentation files that come with BugHunter before
you talk anymore horse shit about it, ok?
>>> Could it be that you are also using locate.com for the file
>>> deletion
>>> too ("/K")? You have been spraying your low level skills about like
>>> water in a burning house and it turns out that someone else's
>>> library is doing 3/4 of that work?
>>
>>locate.com for file deletion? hahaha, no sir. I can do that myself,
>>thanks. :)
>>
>>I wasn't aware locate.com was a library..
>
> If you wrap an exe, you are using it as a library.
Locate.com is actually, an msdos .com file, not an exe. And it's not a
wrapped exe. I don't even think your using the right terminology here,
but I understand what your saying. However, no, that's not what's going
on.
>>
>>> I got curious and went to you home page, only to find that you were
>>> also offering an online update tool (BHUPDATE), so I downloaded and
>>> looked at it. Imagine my surprise when I found out that you are just
>>> wrapping the windows port of wget with your own script.
>>
>>The BHUPDATE tool isn't written by me.
>
> Yes, it was.
The person who wrote the tool is a lurker here I think. I don't know if
that individual is even reading along, but I can find the email where I
originally recieved it I think. :)
Now then, that was great for a laugh John. What will you do for an
encore?
>>
>>Not my work, sir. :) Another user of BugHunter provided that to me,
>>and gave permission to host it for the benefit of other BugHunter
>>users.
>
> I think we all know the answer to that.
Actually, alot of us knew that already, yes.
David Lipman, my hosting provider, various posters here, I don't think
the fact bhupdater isn't my work was a big secret. In fact, there's a
thread on it someplace on alt.comp.virus or alt.privacy.spyware too. :)
>
>>> wget to handle the updating. This is huge. You are pretending to be
>>
>>I know, John. You thought you had something on me. Sorry to burst your
>>bubble so easily. :)
>
> I caught you red-handed. You flagship product is a cobble of three
> standalone EXEs you are using as libraries, and some of your own code
You caught me red what now John? BugHunter isn't distributed with any
libraries. It's compiled with one, BUGHUNT.LIB (hehe) during compilation
and manual linking, but alas, no libraries are distributed with the
program no. DOS doesn't have DLL like libraries, please stop thinking of
windows for a second.
BugHunter isn't a wrapper for locate.com, as locate.com is only useful
for directory mapping and file location. In the case of BugHunter, as has
been documented from the first version to make use of it, It's used to
build a directory tree when the program is started up, and BugHunter
won't use it again until you next restart the program. If you wish to
delete locate.com in one console window while you have BugHunter open in
another and then pick an option from the Main Menu, your welcome to do
so. BugHunter will do to the best of it's abilities carry out the
assigned task.
BHUPDATE isn't even authored by myself, and this is documented as well;
so you don't have to take my word for it. That's just stupidity on your
part assuming I wrote it, and without checking, attacked me for it.
Sorry, thats a screwup on your part. Do your homework.
> which you have gone out of your way to conceal. Who knows why you
> concealed it...it's not as if there is a cadre of Russian criminals
> that specialize in ripping off code that went out of style in 1995.
> There is a nother reason you are hiding it, but I don't know what it
> is.
What have I concealed exactly John?
> I'm as generous with my code as I am with my time for you. I wrote a
> small exe for your updates. It's a lot more elegant than your wrapping
The BHUPDATE tool works as designed.
> it's really just to show how fast and easy this is in a modern
> languge.
>
> http://spoofproof.org/SnarfIt.exe
Are you sure it's not another one of those chestbeating things, with your
POC? :)
>
> Feel free to use it Dustin, it was written for you. I'll post it on
> the shareware sites too in case anyone else wants to use it. Would you
> also like to use my recursion engine? I could add it to this exe if
> you want. I could also probably add a crc module too, so all you would
> have to do is write a quick batch script ( like the wget one) to do
> the scanning.
I know, this is where you try to belittle me, for once again, stomping a
huge mudhole in your ass. It didn't work the first time, the last time,
or this time. Your going to need a new playbook.
Zeke
bughunte...@gmail.com says...
> Your getting... *boring*
>
>
Sure thing Dumbstin... you are right about having nothing to prove in a
way. You've spent over a month and written volumes without proving
anything.
Is that a win in your ballpark?
Ant
>>>>The source agreed, added nothing of any sort of functionality to the
>>>>program. It did however generate do nothing code for a hueristic
>>>>scanner to muddle thru; making the chances of not catching me even
>>>>higher.
See comment below.
>>> You don't know how hueristics work. Hueristic scanning looks for
>>> certain passages that might be evidence of malware. An example of that
>>> might be some code that connects to an IRC server then pulls and
>>> extracts a file. Another example might be the instantiation of an smtp
>>> server. In layman's terms hueristic scanning looks for telltale signs
>>> of malware, not just a signature match. Hueristic engines are to AV
>>> software what Spamassassin is to email. They look for stuff, score it
>>> make a decision based on the final score.
>>
>>The fact you aren't very knowledgeable concerning how software is
>>examined and how hueristics scanning works isn't my concern. I will leave
>>this laymen explanation up for everyone to see what little you do
>>actually understand. :)
>
> Do you really want to debate this? Ok, fine. Does anyone reading
> disagree with my explanation of what Hueristic scanning is and how
> it's done? Anyone in alt.comp.virus disagree?
One AV company (Panda) puts it like this:
"Heuristic methods are based on the piece-by-piece examination of a
virus, looking for a sequence or sequences of instructions that
differentiate the virus from 'normal' programs".
So, yes, they are looking at behavioural aspects of the program in
heuristic scans. You gave high-level examples -- a low-level example
would be the detection of a decryption loop in an unknown packer. The
scoring aspect, as you mentioned, is also important.
I would also say that junk instructions or 'do nothing' code inserted
in an attempt to defeat heuristic analysis is itself a good heuristic.
> I'm as generous with my code as I am with my time for you. I wrote a
> small exe for your updates. It's a lot more elegant than your wrapping
> of the windows port of wget. You can call it with system or however
> Asic interacts with the shell. I didn't spend a lot of time on it,
> it's really just to show how fast and easy this is in a modern
> languge.
>
> http://spoofproof.org/SnarfIt.exe
At 740 KB (unpacked for fairness of comparison) it's larger than wget
(which has more functionality anyway, although not needed here) and
unzip combined. It embeds the Indy library and a zip library
apparently from ComponentAce which looks very much like a repackaging
of zlib. It contains 22 bitmaps, 7 cursors and a lot of text about
something called 'Theme manager' and 'AppBuilder Personal Edition'.
The import table is a mess (as is usual with Delphi apps) and refers
to over 100 functions in kernel32.dll, 65 in gdi32, over 170 in user32
not to mention those in comctl32 and a few others.
It's a console application so why does it have all the GUI stuff?
In other words, I'm not convinced this Borland built program is any
more elegant than Dustin's solution.
-linux_lad
>"-linux_lad" wrote in an ongoing exchange with Dustin Cook:
>>
By default, Delphi's IDE pulls in every component you have bound to
the IDE whether you use it or not. It can be scads of crap. I don't
bother to remove them because for an app that took an hour, I'll spend
more time than that figuring out what to remove. Yeah, it costs me in
terms of size but it has no effect on the performance of the app, and
it compresses down just fine.
If I build with runtimes the resulting exe is 24 KB, and compresses
down to about 8 KB. I could build that app with the bpls compiled in
as resources, but that would probably take me more time than I'm
willing to spend on this.
You can see what libs I used by passing the /A switch. I'm only using
a tiny part of the indy library, a zip library, and upx for packing.
The WGET dustin is using is packed by UPX too. Uncompressed it's 651
KB. The unzip is not compressed, but for a fair comparison, I
compressed it. The total for wget and unzip when they are packed is
347 KB, and BHUPDATE has another 30 KB in text files. My exe when
packed is 288 KB, and replaces both the WGET and Unzip.
In summary, the current BHUPDATE is around 480 KB and eight files. It
could be shrunk to around 370 KB by compressing UNZIP. SnarfIt is
around 288 KB and is a single file.
To keep the comparison fair, I did not add the ability to compress or
post files to a web server. Those functions are already imported and
would only take 120 lines of code to implement, but Dustin is only
unzipping and and decompressing, so that's all I included code for. If
I added those features, It would add probably 50 KB or less to the
file.
I really can't see any reason he would need to compress or post files
at this time, but thinking ahead, he could use the compression and
http upload functions of my app to submit suspicious files to his web
server for analysis if the user authorized it. Hmm..that could be
useful. What do you think Dustin?
>
>The import table is a mess (as is usual with Delphi apps) and refers
>to over 100 functions in kernel32.dll, 65 in gdi32, over 170 in user32
>not to mention those in comctl32 and a few others.
>
>It's a console application so why does it have all the GUI stuff?
This is an unfortunate but tolerable side effect of multipurpose RAD
environments. You can access a wide range of funtionality and whip out
a working application in a small fraction of the time it used to take,
but you're going to pay a "one size fits all" tax for that
convenience. In Delphi, the cure is worse than the disease. Same
problem with C++ Builder. If you think Delphi is bad, try combining
qt, cryptlib and boost in VisualStudio. Good times.
>
>In other words, I'm not convinced this Borland built program is any
>more elegant than Dustin's solution.
It's smaller, and more extensible. It took about an hour of thought,
and an hour of writing code to complete. Normally, this doesn't matter
and no one would care. Dustin is always going on and on about how
much control he has and how unworthy I am of debate because I don't
write at a low level.
Imagine my surprise when it turns out that huge blocks of his
application's funcionality were written by someone else. He's using
the same model the rest of us use to write software and he doesn't
even know it.
To reiterate, I have no issue with anyone's use of third party code
unless they criticize me for it and then proceed to do it themselves.
Thanks for the thoughful analysis. I think I'll go ahead and add those
features I metioned earlier. Should not be too much trouble.
--
-linux_lad
http://www.spoofproof.org/verify.php?sig=01cefea72b573f74daad906dbd6e0c72
Dustin Cook
news:0hjpp39mehpsker11...@4ax.com:
> If I build with runtimes the resulting exe is 24 KB, and compresses
> down to about 8 KB. I could build that app with the bpls compiled in
> as resources, but that would probably take me more time than I'm
> willing to spend on this.
John, the time you spent writing this reply could have been spent on the
program. :)
> The WGET dustin is using is packed by UPX too. Uncompressed it's 651
> KB. The unzip is not compressed, but for a fair comparison, I
> compressed it. The total for wget and unzip when they are packed is
> 347 KB, and BHUPDATE has another 30 KB in text files. My exe when
> packed is 288 KB, and replaces both the WGET and Unzip.
>
> In summary, the current BHUPDATE is around 480 KB and eight files. It
> could be shrunk to around 370 KB by compressing UNZIP. SnarfIt is
> around 288 KB and is a single file.
I haven't looked at your program. Ant has tho, apparently. I'll have to
check this thing of yours out.
> To keep the comparison fair, I did not add the ability to compress or
> post files to a web server. Those functions are already imported and
> would only take 120 lines of code to implement, but Dustin is only
> unzipping and and decompressing, so that's all I included code for. If
> I added those features, It would add probably 50 KB or less to the
> file.
Interesting...
> I really can't see any reason he would need to compress or post files
> at this time, but thinking ahead, he could use the compression and
> http upload functions of my app to submit suspicious files to his web
> server for analysis if the user authorized it. Hmm..that could be
> useful. What do you think Dustin?
I agree, that would be useful to have. I do not know if my hosting provider
has some way for me to accept submissions, as I must confess; my html
knowledge is limited. Websites aren't really my thing. I'm surprised you
haven't said something about my... dull website.
>>In other words, I'm not convinced this Borland built program is any
>>more elegant than Dustin's solution.
>
> It's smaller, and more extensible. It took about an hour of thought,
> and an hour of writing code to complete. Normally, this doesn't matter
> and no one would care. Dustin is always going on and on about how
> much control he has and how unworthy I am of debate because I don't
> write at a low level.
Your twisting things again John. You initiated an "education" with me
concerning.. Asic of all things. Now your again, switching topics on me.
*shrug*.
> Imagine my surprise when it turns out that huge blocks of his
> application's funcionality were written by someone else. He's using
> the same model the rest of us use to write software and he doesn't
> even know it.
Oh the irony. First you attack me because you thought I wrote the updater
or any portion of it, now that you obviously do know differently, it's a
huge aspect of BugHunter's functionality? Your nuts.
Are you complaining about my use of locate.com for tree building? I already
explained why I used it. And that the user has complete control over how
it's used. See BUGHUNT.TXT and the default configuration file, BUGHUNT.INI.
What exactly are you trying to say here John? What huge blocks of
BugHunter's functionality aren't mine, please?
> To reiterate, I have no issue with anyone's use of third party code
> unless they criticize me for it and then proceed to do it themselves.
I didn't criticize you for using 3rd party code, numbnuts. Quit trying to
twist things around. Heh. I critized you for your ignorance with regard to
reverse engineering. That's when you changed topics from is SharkPost
malicious to can someone sneak something past a scanner. You then went from
that to 'educating' me on Asic, A language I know pretty good, and one you
don't know for shit. Why? Once you got your arse kicked in do I know asic
better than you, you changed that from what is the point of using asic.
*shrug* We played for a bit in the silly idea that I could crack some RSA
encryption algorithm. No, uhh, I can't, and I don't personally know anybody
else who can either.
Then you attacked me for writing things I didn't even write! Have I missed
anything John? Oh wait, yes I did. You've made the claim that BugHunter
uses locate.com for most/all of it's work, and you've caught me red handed
with this. I'd like for you to backup that claim, please.
"I caught you red-handed. You flagship product is a cobble of three
standalone EXEs you are using as libraries, and some of your own code
which you have gone out of your way to conceal. Who knows why you
concealed it...it's not as if there is a cadre of Russian criminals
that specialize in ripping off code that went out of style in 1995.
There is a nother reason you are hiding it, but I don't know what it
is. "
Please explain this paragraph of yours, written with :
Message-ID: <5h8np3h54skm2gaol...@4ax.com>
Dustin Cook
news:MPG.2205e846d...@news.milwpc.com:
> In article <Xns9A31EA40622...@69.28.186.121>,
> bughunte...@gmail.com says...
>> Your getting... *boring*
>>
>>
> Sure thing Dumbstin... you are right about having nothing to prove in a
> way. You've spent over a month and written volumes without proving
> anything.
I provided filenames, names of software, urls and binaries on specific
things. What didn't I prove?
Dustin Cook
news:0hjpp39mehpsker11...@4ax.com:
>
> To reiterate, I have no issue with anyone's use of third party code
> unless they criticize me for it and then proceed to do it themselves.
http://groups.google.com/group/alt.comp.virus/browse_thread/thread/64f26db4
c213d661/1957138f0a44e628?q=bughunter+remote+updater&lnk=ol&
I finally found the thread that brought me to your homegroup. You can see
for yourself my intentions.
Zeke
bughunte...@gmail.com says...
> Zeke <no...@nofixedadress.com> wrote in
> news:MPG.2205e846d...@news.milwpc.com:
>
> > In article <Xns9A31EA40622...@69.28.186.121>,
> > bughunte...@gmail.com says...
> >> Your getting... *boring*
> >>
> >>
> > Sure thing Dumbstin... you are right about having nothing to prove in a
> > way. You've spent over a month and written volumes without proving
> > anything.
>
> I provided filenames, names of software, urls and binaries on specific
> things. What didn't I prove?
>
>
>
>
tack. Yet you debate him endlessly.
degaussed
<bughunte...@gmail.com> wrote:
>Zeke <no...@nofixedadress.com> wrote in
>news:MPG.2205e846d...@news.milwpc.com:
>
>> In article <Xns9A31EA40622...@69.28.186.121>,
>> bughunte...@gmail.com says...
>>> Your getting... *boring*
>>>
>>>
>> Sure thing Dumbstin... you are right about having nothing to prove in a
>> way. You've spent over a month and written volumes without proving
>> anything.
>
>I provided filenames, names of software, urls and binaries on specific
>things. What didn't I prove?
>
Aside from proving there is nothing malicious in Sharpost...
You have proven without a doubt Zeke can't comprehend a thing he
reads. Ok, it would take an idiot such as Zeke to not even catch on
that there has been proof posted... repeatedly, so you have proven
Zeke is an idiot all of his own standing and class.
--
@@@@@@@@@ @@@@@@@@ @@@@@@@
@@@@@@@@@ @@@@@@@@@ @@@@@@@@
@@ @@ @@ @@ @@
@@ @@@@@@@@ @@@@@@@@
@@ @@@@@@@@@ @@@@@@@@
@@ @@ @@ @@ @@@
@@ @@ @@ @@ @@@
@@ @@@@@@@@@ @@@@@@@@
@@ @@@@@@@ @@@@@@@
-=- The Blind Bob -=-
Poking fun at uffie since "for a long time"
-linux_lad
I have added the code for the other two functions I mentioned in my
last post.
http://spoofproof.org/SnarfIt.exe
The file now sits at 292 KB compressed.
From the console:
1) Download files from a web server to a location of your choice
2) Unzip compressed files into a location of your choice
3) Upload a zipped file to a web server (server must be configured
correctly)
4) Compress a directory of files
To view the command syntax, use "/Usage"
>
>> I really can't see any reason he would need to compress or post files
>> at this time, but thinking ahead, he could use the compression and
>> http upload functions of my app to submit suspicious files to his web
>> server for analysis if the user authorized it. Hmm..that could be
>> useful. What do you think Dustin?
>
>I agree, that would be useful to have. I do not know if my hosting provider
>has some way for me to accept submissions, as I must confess; my html
>knowledge is limited. Websites aren't really my thing. I'm surprised you
>haven't said something about my... dull website.
Mine is dull too, but fast and functional. Sometimes less is more. As
to the submissions, it depends on what languages the server supports.
It probably supports Perl, so you can use a cgi if the web server is
configured correctly. You could also use plain html, though that only
solves half of the problem. Once the file is delivered, it needs to be
stored somewhere safe and you need a way to be notified. This is all
trivial to do in any server side language so it won't really be an
issue.
I have already tested on my own server and it does work as advertised.
I used PHP to handle the file, but it could just as easily have been
done in Perl. You will need to accept the file, then move it to a safe
folder, then send a message to yourself with the contents and maybe a
link to pick it up from. Don't mail it to yourself, and don't leave it
where the web server can touch it.
>
>>>In other words, I'm not convinced this Borland built program is any
>>>more elegant than Dustin's solution.
>>
>> It's smaller, and more extensible. It took about an hour of thought,
>> and an hour of writing code to complete. Normally, this doesn't matter
>> and no one would care. Dustin is always going on and on about how
>> much control he has and how unworthy I am of debate because I don't
>> write at a low level.
>
>Your twisting things again John. You initiated an "education" with me
>concerning.. Asic of all things. Now your again, switching topics on me.
>*shrug*.
>
>> Imagine my surprise when it turns out that huge blocks of his
>> application's funcionality were written by someone else. He's using
>> the same model the rest of us use to write software and he doesn't
>> even know it.
>
>Oh the irony. First you attack me because you thought I wrote the updater
>or any portion of it, now that you obviously do know differently, it's a
>huge aspect of BugHunter's functionality? Your nuts.
I never said your wrote the the updater. You used the Win32 port of
wget and wrapped it with a batch script. Similarly, you rely on
locate.com to build the list of files you scan.
>
>Are you complaining about my use of locate.com for tree building? I already
>explained why I used it. And that the user has complete control over how
>it's used. See BUGHUNT.TXT and the default configuration file, BUGHUNT.INI.
>
>What exactly are you trying to say here John? What huge blocks of
>BugHunter's functionality aren't mine, please?
The directory recursion, the download and unzipping of updates. The
only other primary function is your matching algorithm. Does it have
any other primary functions?
>
>> To reiterate, I have no issue with anyone's use of third party code
>> unless they criticize me for it and then proceed to do it themselves.
>
>I didn't criticize you for using 3rd party code, numbnuts. Quit trying to
>twist things around. Heh. I critized you for your ignorance with regard to
>reverse engineering. That's when you changed topics from is SharkPost
>malicious to can someone sneak something past a scanner. You then went from
>that to 'educating' me on Asic, A language I know pretty good, and one you
>don't know for shit. Why? Once you got your arse kicked in do I know asic
>better than you, you changed that from what is the point of using asic.
>*shrug* We played for a bit in the silly idea that I could crack some RSA
>encryption algorithm. No, uhh, I can't, and I don't personally know anybody
>else who can either.
Back to school. What I said was that Bill's version of PowerPost could
escape detection of malware because it could do something bad that
wasn't expected. Thn I showed how. Do you know Asic better than me?
Yeah, you do. That and four bucks will get you a starbuck's. Asic is
ancient, and cannot do what modern languages do, at least you can't
coax that out of it.
>
>Then you attacked me for writing things I didn't even write! Have I missed
>anything John? Oh wait, yes I did. You've made the claim that BugHunter
>uses locate.com for most/all of it's work, and you've caught me red handed
>with this. I'd like for you to backup that claim, please.
I attacked you for your nonsense about low level this and that. I know
you had nothing to do with locate.com. It was written by someone else.
You're the guy who brags constantly about his "coding" skills and it
turns out you're outsourcing. Assuming that you use locate.com to
build a file list, all you do is loop the list and do some fairly
simple signature matching. If it matches, you do something, if not,
you leave the file alone. You have no way to pull fresh updates of
signatures or the core. You have no programmatic way to compress or
submit files for analysis. I accomplished that in less time than it
takes me to write this. Should you be claiming to own anyone Dustin?
>
>"I caught you red-handed. You flagship product is a cobble of three
>standalone EXEs you are using as libraries, and some of your own code
>which you have gone out of your way to conceal. Who knows why you
>concealed it...it's not as if there is a cadre of Russian criminals
>that specialize in ripping off code that went out of style in 1995.
>There is a nother reason you are hiding it, but I don't know what it
>is. "
>
>Please explain this paragraph of yours, written with :
>Message-ID: <5h8np3h54skm2gaol...@4ax.com>
It's self explanatory. If you have to ask...
--
-linux_lad
http://www.spoofproof.org/verify.php?sig=1f2188007eaa0912215054c34fa69ec1
Zeke
dega...@operamail.com says...
> On Sun, 27 Jan 2008 20:36:20 GMT, Dustin Cook
> <bughunte...@gmail.com> wrote:
>
> >Zeke <no...@nofixedadress.com> wrote in
> >news:MPG.2205e846d...@news.milwpc.com:
> >
> >> In article <Xns9A31EA40622...@69.28.186.121>,
> >> bughunte...@gmail.com says...
> >>> Your getting... *boring*
> >>>
> >>>
> >> Sure thing Dumbstin... you are right about having nothing to prove in a
> >> way. You've spent over a month and written volumes without proving
> >> anything.
> >
> >I provided filenames, names of software, urls and binaries on specific
> >things. What didn't I prove?
> >
>
>
> Aside from proving there is nothing malicious in Sharpost...
>
> You have proven without a doubt Zeke can't comprehend a thing he
> reads. Ok, it would take an idiot such as Zeke to not even catch on
> that there has been proof posted... repeatedly, so you have proven
> Zeke is an idiot all of his own standing and class.
Translation: Let me at Zeke's ankles....
>
Dustin Cook
news:2h6qp3dbu26mbmutp...@4ax.com:
Thanks John. With your permission, I may at some point in the future make
use of it.
> I never said your wrote the the updater. You used the Win32 port of
> wget and wrapped it with a batch script. Similarly, you rely on
> locate.com to build the list of files you scan.
Yes you did. You wrongly assumed I had anything whatsoever to do with it,
and claimed I had written the batch file; that you wasted a paragraph to
attack me for. I didn't write the batch file, or wget or anything else in
that archive.
>>
>>Are you complaining about my use of locate.com for tree building? I
>>already explained why I used it. And that the user has complete
>>control over how it's used. See BUGHUNT.TXT and the default
>>configuration file, BUGHUNT.INI.
>>
>>What exactly are you trying to say here John? What huge blocks of
>>BugHunter's functionality aren't mine, please?
> The directory recursion, the download and unzipping of updates. The
> only other primary function is your matching algorithm. Does it have
> any other primary functions?
Recursion isn't mine, already mentioned in the documentation. The
download and unzipping of updates is handled by another program entirely;
and I had nothing whatsoever to do with it's creation. I'm grateful
someone took the time, but alas, it's not my work. :)
BugHunter has several algorithms. Some dealing with screen layout, a few
dealing with signatures, loading database segments, etc. You've really
worked to dumb it down, skipping what I'd consider to be essential
routines.
Hell, your very good with very generic explanations. It essentially
covers, spybot, adaware, and any number of other signature based scanning
applications. I'm impressed John. :) This is indeed a method of defense I
haven't come across before.
> Back to school. What I said was that Bill's version of PowerPost could
> escape detection of malware because it could do something bad that
> wasn't expected. Thn I showed how. Do you know Asic better than me?
> Yeah, you do. That and four bucks will get you a starbuck's. Asic is
> ancient, and cannot do what modern languages do, at least you can't
> coax that out of it.
Bill's version of PowerPost known as SharkPost doesn't contain any code
which allows it to do as you have claimed it potentially could. It was
given every opportunity to do something, "bad". You showed a simple proof
of concept program which was entirely unknown to all signature/hueristic
based scanners at the time. You didn't prove anything concerning
SharkPost, despite being asked to backup various claims you made against
it.
John, it really doesn't take any skill/effort to write something harmful
which will evade all scanners. Especially if your writing in an HLL
language.
>>
>>Then you attacked me for writing things I didn't even write! Have I
>>missed anything John? Oh wait, yes I did. You've made the claim that
>>BugHunter uses locate.com for most/all of it's work, and you've caught
>>me red handed with this. I'd like for you to backup that claim,
>>please.
>
> I attacked you for your nonsense about low level this and that. I know
> you had nothing to do with locate.com. It was written by someone else.
> You're the guy who brags constantly about his "coding" skills and it
> turns out you're outsourcing. Assuming that you use locate.com to
Excellent Backpeddling John. You finally know BugHunter is only using
locate.com for recursion, just like I said. You previously said
otherwise, and it's on record, so this is very nice.. :)
> build a file list, all you do is loop the list and do some fairly
> simple signature matching. If it matches, you do something, if not,
loop the list? That's right John, if it matches a known signature in one
of the segments, I do something. Damn John, I believe the BUGFAQ.TXT file
also explains what's going on...
http://bughunter.it-mate.co.uk/BUGFAQ.TXT
Q: How does BugHunter actually work?
A: BugHunter uses a customized CheckSumming engine that first examines
files for a length hit before going any further; This results in a
much faster more reasonable scantime. If a length hit is made, then
a checksum is done on the file, and looked up in whichever database
segment BugHunter is presently using. If a hit is found, the record
id is looked up. If a matching description for the record id is found
BugHunter will display it, otherwise it will display "Full Match!" on
the screen and in the logfile.
> you leave the file alone. You have no way to pull fresh updates of
> signatures or the core.
When I initially designed BugHunter, I had no intentions of building in
any form of network code. I still don't plan to incorporate any routines
inside the main executable to do this. BugHunter isn't a windows based
application. And if your using BugHunter, it's assumed you already pulled
the latest zip; the infected computer shouldn't have any access to the
internet for security reasons at that point.
Your really missing what it is BugHunter is designed for John.
> You have no programmatic way to compress or
> submit files for analysis. I accomplished that in less time than it
> takes me to write this. Should you be claiming to own anyone Dustin?
http://bughunter.it-mate.co.uk/MALWARE.TXT
Malware Submission Instructions
On occasion I may ask you to submit a suspicious file in to me for
analysis, or you might already have a file/files you'd like me to
examine.
In either event, follow the instructions below to send it along.
1. Please zip the file(s) with the following password: "malware"
(without the quotes)
2. Rename the zip file to malware.dat
3. Email the malware.dat file as an attachment to
bughunte...@gmail.com
I will email you back with my findings after examining the files.
Do you know why the password is required John? Your program doesn't offer
to do this for me, and it's very important that it would. :)
>>
>>"I caught you red-handed. You flagship product is a cobble of three
>>standalone EXEs you are using as libraries, and some of your own code
>>which you have gone out of your way to conceal. Who knows why you
>>concealed it...it's not as if there is a cadre of Russian criminals
>>that specialize in ripping off code that went out of style in 1995.
>>There is a nother reason you are hiding it, but I don't know what it
>>is. "
>>
>>Please explain this paragraph of yours, written with :
>>Message-ID: <5h8np3h54skm2gaol...@4ax.com>
>
> It's self explanatory. If you have to ask...
No, sir, it's not. You claimed I'm concealing something, and that
BugHunter isn't my work. Now I want you to back it up. No more weaseling.
-linux_lad
<bughunte...@gmail.com> wrote:
Feel free. It was written for you.
>
>> I never said your wrote the the updater. You used the Win32 port of
>> wget and wrapped it with a batch script. Similarly, you rely on
>> locate.com to build the list of files you scan.
>
>Yes you did. You wrongly assumed I had anything whatsoever to do with it,
>and claimed I had written the batch file; that you wasted a paragraph to
>attack me for. I didn't write the batch file, or wget or anything else in
>that archive.
I really do not believe you.
>
>BugHunter has several algorithms. Some dealing with screen layout, a few
>dealing with signatures, loading database segments, etc. You've really
>worked to dumb it down, skipping what I'd consider to be essential
>routines.
That's a high level view. It runs at the console so you don't need any
any fancy layout work. I don't know how you're handling any database
work but you don't need it. In fact it would be a gross waste of
processing to make multiple trips to a database. I don't think you're
doing it this way, but maybe you are.
You can load all of the matching signatures into an array and traverse
the malware array. I'm guessing that this array might have two
elements, a size and checksum. The locate.com could build an array of
files and their sizes, then the app traverses the malware array, and
compares each filesize to the ordered the values on the list. Since
the values are expressed in integers, this is really little more than
a sort operation.
Once you have a list of files that match known bad file sizes, then
you perform your checksum operation against those files. There would
be no need to look at any other files. Personally, I don't think this
is a good way to decide what gets looked at and what doesn't.
That's one way to do it.
>
>Hell, your very good with very generic explanations. It essentially
>covers, spybot, adaware, and any number of other signature based scanning
>applications. I'm impressed John. :) This is indeed a method of defense I
>haven't come across before.
Not a defense, it's a high level view. Do you disagree with my generic
explanation?
>
>> Back to school. What I said was that Bill's version of PowerPost could
>> escape detection of malware because it could do something bad that
>> wasn't expected. Thn I showed how. Do you know Asic better than me?
>> Yeah, you do. That and four bucks will get you a starbuck's. Asic is
>> ancient, and cannot do what modern languages do, at least you can't
>> coax that out of it.
>
>Bill's version of PowerPost known as SharkPost doesn't contain any code
>which allows it to do as you have claimed it potentially could. It was
>given every opportunity to do something, "bad". You showed a simple proof
>of concept program which was entirely unknown to all signature/hueristic
>based scanners at the time. You didn't prove anything concerning
>SharkPost, despite being asked to backup various claims you made against
>it.
I have backed up my claim that it could be done. I provided a working
example. After Bill implied I could not defeat SoftPedia's monitoring,
I did it again. I repeatedly asked him to post a signed message
attesting to his belief that this could not be done, and of course he
invented an excuse not to comply. I have never made a single claim
against Bill's version of PowerPost. If you have any MIDs contain
these claims, please post them.
>
>John, it really doesn't take any skill/effort to write something harmful
>which will evade all scanners. Especially if your writing in an HLL
>language.
I know.
>
>
>>>
>>>Then you attacked me for writing things I didn't even write! Have I
>>>missed anything John? Oh wait, yes I did. You've made the claim that
>>>BugHunter uses locate.com for most/all of it's work, and you've caught
>>>me red handed with this. I'd like for you to backup that claim,
>>>please.
>>
>> I attacked you for your nonsense about low level this and that. I know
>> you had nothing to do with locate.com. It was written by someone else.
>> You're the guy who brags constantly about his "coding" skills and it
>> turns out you're outsourcing. Assuming that you use locate.com to
>
>Excellent Backpeddling John. You finally know BugHunter is only using
>locate.com for recursion, just like I said. You previously said
>otherwise, and it's on record, so this is very nice.. :)
Not backpeddaling, I said it then and I will say it now. You are using
someone else's program despite your many years of experience. After
all your boasts of intimate and explicit knowlege of low level coding
and experience in Assembly, it turns out you are just wrapping someone
else's code. Remember all that talk about assembly?
>
>> build a file list, all you do is loop the list and do some fairly
>> simple signature matching. If it matches, you do something, if not,
>
>loop the list? That's right John, if it matches a known signature in one
>of the segments, I do something. Damn John, I believe the BUGFAQ.TXT file
>also explains what's going on...
>
>http://bughunter.it-mate.co.uk/BUGFAQ.TXT
>Q: How does BugHunter actually work?
>A: BugHunter uses a customized CheckSumming engine that first examines
> files for a length hit before going any further; This results in a
> much faster more reasonable scantime. If a length hit is made, then
> a checksum is done on the file, and looked up in whichever database
> segment BugHunter is presently using. If a hit is found, the record
> id is looked up. If a matching description for the record id is found
> BugHunter will display it, otherwise it will display "Full Match!" on
> the screen and in the logfile.
1) Who makes the decision on the file length? You or locate.com?
Does this mean you only look at files that are of a size that matches
a malware file known to you? If so, does that mean that a bad guy can
pad his file with a few bytes and defeat your scan, merely by virtue
that you don't look at it?
>
>
>> you leave the file alone. You have no way to pull fresh updates of
>> signatures or the core.
>
>When I initially designed BugHunter, I had no intentions of building in
>any form of network code. I still don't plan to incorporate any routines
>inside the main executable to do this. BugHunter isn't a windows based
>application. And if your using BugHunter, it's assumed you already pulled
>the latest zip; the infected computer shouldn't have any access to the
>internet for security reasons at that point.
>
>Your really missing what it is BugHunter is designed for John.
It's not for scanning for malware?
>
>
>> You have no programmatic way to compress or
>> submit files for analysis. I accomplished that in less time than it
>> takes me to write this. Should you be claiming to own anyone Dustin?
>
>http://bughunter.it-mate.co.uk/MALWARE.TXT
>Malware Submission Instructions
>
>
>On occasion I may ask you to submit a suspicious file in to me for
>analysis, or you might already have a file/files you'd like me to
>examine.
>
>In either event, follow the instructions below to send it along.
>
>1. Please zip the file(s) with the following password: "malware"
> (without the quotes)
>2. Rename the zip file to malware.dat
>3. Email the malware.dat file as an attachment to
>bughunte...@gmail.com
>
>I will email you back with my findings after examining the files.
That is a manual process performed by the user. It is most certainly
not a programmatic process.
>
>Do you know why the password is required John? Your program doesn't offer
>to do this for me, and it's very important that it would. :)
Adding a password was no issue. You can save the compressed file as
anything you want. Just pass the password you want to use in the third
parameter. You should consider prompting the use for a name and email
address and then passing those in the URL.
Example:
http://spoofproof.org/upload.php?from=SomeGuy&emailaddress=Some...@someemail.com
You will also need some code to catch these variables,and code to
handle the uploaded files. I wrote two versions, one in Perl and one
in PHP. Mine will only work on properly configured UNIX hosts. Looking
at the server your site is hosted by, it's an IIS server (Windows), so
you have several options but my code will need to be modified to work
on your host.
You have several options. You can pay for unix webspace and use my PHP
or Perl code, write your own code in ASP or maybe even dotnet, prevail
upon the many generous people who operate dedicated servers, or
optimally, pay for your own dedicated server. I pay $109.00/month for
a fast server with lots of storage and a 10 mbit pipe to the internet.
You can get them cheaper than that if you shop around. The free unix
hosts probably won't give you shell access, which is important if you
want to do this right.
Available here:
http://spoofproof.org/SnarfIt.exe
>
>>>
>>>"I caught you red-handed. You flagship product is a cobble of three
>>>standalone EXEs you are using as libraries, and some of your own code
>>>which you have gone out of your way to conceal. Who knows why you
>>>concealed it...it's not as if there is a cadre of Russian criminals
>>>that specialize in ripping off code that went out of style in 1995.
>>>There is a nother reason you are hiding it, but I don't know what it
>>>is. "
>>>
>>>Please explain this paragraph of yours, written with :
>>>Message-ID: <5h8np3h54skm2gaol...@4ax.com>
>>
>> It's self explanatory. If you have to ask...
>
>No, sir, it's not. You claimed I'm concealing something, and that
>BugHunter isn't my work. Now I want you to back it up. No more weaseling.
<PIWdnbWgQul_vsHa...@brightview.co.uk>
I never claimed bughunter was not your work, but given your history
and the extent to which you have gone to avoid sharing the source
code, it's a reasonable conclusion that there is some ulterior reason
for your packing it and then making it difficult to determine the
packer. Ant was able to figure it out though.
--
-linux_lad
http://www.spoofproof.org/verify.php?sig=8671fb6f30dc0ef315addde7dab0350f
Dustin Cook
news:8j8tp3hug2f7rkkcf...@4ax.com:
> Feel free. It was written for you.
Thanks.
>>Yes you did. You wrongly assumed I had anything whatsoever to do with
>>it, and claimed I had written the batch file; that you wasted a
>>paragraph to attack me for. I didn't write the batch file, or wget or
>>anything else in that archive.
>
> I really do not believe you.
That's ok. It doesn't serve your side, no wonder you don't believe me. :)
> That's a high level view. It runs at the console so you don't need any
> any fancy layout work. I don't know how you're handling any database
> work but you don't need it. In fact it would be a gross waste of
> processing to make multiple trips to a database. I don't think you're
> doing it this way, but maybe you are.
John, Sadly, there is much you don't know. BugHunter does make use of a
signature database, it's stored in the following files, should you be
curious: BUGSIG.X, BUGIDX.X, BUGINFO.X (X is a number, based on segment).
I don't believe the method I use is a huge waste of processing resources
as you seem to imply. It scans pretty quick depending on the files and
your hardware.
> You can load all of the matching signatures into an array and traverse
> the malware array. I'm guessing that this array might have two
You really should have read the manual that came with Asic John. Memory
limitations prevent me from loading the entire database at once. It's a
DOS thing. :) As I'm not using XMS or EMS memory and just the initial
640k from DOS, I couldn't load the entire database into one set of
arrays. Also, Asic doesn't support multiple element arrays, so BugHunter
actually has 3 of them. One for size, two for checksums.
> elements, a size and checksum. The locate.com could build an array of
> files and their sizes, then the app traverses the malware array, and
> compares each filesize to the ordered the values on the list. Since
> the values are expressed in integers, this is really little more than
> a sort operation.
I'd suggest you and anyone else who wants to know what locate.com is
doing should just browse the temporary file it makes. You won't find any
filenames, only an unsorted list of directories in the 8.3 msdos style
naming convention.
BugHunter takes the temp file line by line and scans the directories
making multiple passes (one for each segment of the database). The
directories are only processed once this way. BugHunter doesn't go back
and scan again on the same run, no need too.
> Once you have a list of files that match known bad file sizes, then
> you perform your checksum operation against those files. There would
> be no need to look at any other files. Personally, I don't think this
> is a good way to decide what gets looked at and what doesn't.
I don't maintain a list of files John. Only folders. BugHunter examines
all files in the folders listed in the temp file. If a file length hit
occurs, BugHunter will checksum the file, and then see if it's known via
a quick scan of the size array. If that gets a match, BugHunter checks to
see if the record that hit on size matches the checksum of the file
stored in the other two arrays. If it does, BugHunter will check the 3rd
part of the segment file for an identification string. If one is found,
BugHunter will ID the suspect by name, otherwise, it'll say "Full
Match!" and go on.
>>Hell, your very good with very generic explanations. It essentially
>>covers, spybot, adaware, and any number of other signature based
>>scanning applications. I'm impressed John. :) This is indeed a method
>>of defense I haven't come across before.
>
> Not a defense, it's a high level view. Do you disagree with my generic
> explanation?
Nope.
>>Bill's version of PowerPost known as SharkPost doesn't contain any
>>code which allows it to do as you have claimed it potentially could.
>>It was given every opportunity to do something, "bad". You showed a
>>simple proof of concept program which was entirely unknown to all
>>signature/hueristic based scanners at the time. You didn't prove
>>anything concerning SharkPost, despite being asked to backup various
>>claims you made against it.
>
> I have backed up my claim that it could be done. I provided a working
> example. After Bill implied I could not defeat SoftPedia's monitoring,
Your claim that this or that program could contain something bad is NOT
by any means the same as the program actually containing something Bad
John. Under those conditions, you didn't prove anything.
>>Excellent Backpeddling John. You finally know BugHunter is only using
>>locate.com for recursion, just like I said. You previously said
>>otherwise, and it's on record, so this is very nice.. :)
>
> Not backpeddaling, I said it then and I will say it now. You are using
> someone else's program despite your many years of experience. After
> all your boasts of intimate and explicit knowlege of low level coding
> and experience in Assembly, it turns out you are just wrapping someone
> else's code. Remember all that talk about assembly?
John, the fact I'm making use of other programs doesn't say anything bad
about my coding abilities, despite your messed up efforts to imply such.
locate.com does a fine job for the purpose I'm using it for. I had a
recursive routine operational, but it wasn't as fast, used too many temp
files, and locate.com is simply better than mine. so I went with it.
It has nothing to do with coding ability, more like, how much time to do
I want to spend writing something that is already available, so I can
devote that time to things that are important, such as processing malware
samples.
The talk about assembly would be covered under processing malware samples
John. I have yet to get source code with any of them. *grin*
>>
>>> build a file list, all you do is loop the list and do some fairly
>>> simple signature matching. If it matches, you do something, if not,
>>
>>loop the list? That's right John, if it matches a known signature in
>>one of the segments, I do something. Damn John, I believe the
>>BUGFAQ.TXT file also explains what's going on...
>>
>>http://bughunter.it-mate.co.uk/BUGFAQ.TXT
>>Q: How does BugHunter actually work?
>>A: BugHunter uses a customized CheckSumming engine that first examines
>> files for a length hit before going any further; This results in a
>> much faster more reasonable scantime. If a length hit is made, then
>> a checksum is done on the file, and looked up in whichever database
>> segment BugHunter is presently using. If a hit is found, the record
>> id is looked up. If a matching description for the record id is
>> found BugHunter will display it, otherwise it will display "Full
>> Match!" on the screen and in the logfile.
>
> 1) Who makes the decision on the file length? You or locate.com?
I do, John.
> Does this mean you only look at files that are of a size that matches
> a malware file known to you? If so, does that mean that a bad guy can
> pad his file with a few bytes and defeat your scan, merely by virtue
> that you don't look at it?
A bad guy could modify an existing file already known to Bughunter sure.
as I'm a checksumming scanner John, it wouldn't matter if the file was
examined after the user changed it. The checksums wouldn't be known then
to BugHunter either, even if I did ignore the file size.
>>
>>
>>> you leave the file alone. You have no way to pull fresh updates of
>>> signatures or the core.
>>
>>When I initially designed BugHunter, I had no intentions of building
>>in any form of network code. I still don't plan to incorporate any
>>routines inside the main executable to do this. BugHunter isn't a
>>windows based application. And if your using BugHunter, it's assumed
>>you already pulled the latest zip; the infected computer shouldn't
>>have any access to the internet for security reasons at that point.
>>
>>Your really missing what it is BugHunter is designed for John.
>
> It's not for scanning for malware?
Yes, it's a retro-active scanner, not meant to replace full time resident
scanners. It's primary focus is for technicians/beyond newbie users who
don't scare away from a console prompt. As others have already mentioned,
BugHunter cleans your box when windows is down.
> That is a manual process performed by the user. It is most certainly
> not a programmatic process.
Yes, BugHunter is a manual application. There is no reason for it to have
communications.
>>
>>Do you know why the password is required John? Your program doesn't
>>offer to do this for me, and it's very important that it would. :)
>
> Adding a password was no issue. You can save the compressed file as
> anything you want. Just pass the password you want to use in the third
> parameter. You should consider prompting the use for a name and email
> address and then passing those in the URL.
So you don't know why the password is required. Or the file renaming.
Okay then, google is paranoid, google will stop .zips if they have .exes
inside. Google also has virus scanning, and the password ensures the
files aren't deleted before I get them. The renaming operation is
required so the user can send me the .zip file.
> upon the many generous people who operate dedicated servers, or
> optimally, pay for your own dedicated server. I pay $109.00/month for
BugHunter has a home, thanks John.
>>No, sir, it's not. You claimed I'm concealing something, and that
>>BugHunter isn't my work. Now I want you to back it up. No more
>>weaseling.
>
> <PIWdnbWgQul_vsHa...@brightview.co.uk>
>
> I never claimed bughunter was not your work, but given your history
> and the extent to which you have gone to avoid sharing the source
> code, it's a reasonable conclusion that there is some ulterior reason
> for your packing it and then making it difficult to determine the
> packer. Ant was able to figure it out though.
Given my history? John, I've *never* been accused of stealing code. I've
been an asshole sure, but not a code thief. BugHunter is not an open
source application, nor is spybot, adaware or superantispyware. Yet, I
see you not asking them to provide source code. Why is that?
I didn't make it difficult to determine the packer, Unless your limited
to visual clues that is. I changed the header bytes, is all. UPX is
hardly useful for concealing anything, it's open source, well known and
easily removed.
Ant didn't find anything malicious with BugHunter, and even stated he
likely wouldn't.
-linux_lad
<bughunte...@gmail.com> wrote:
>-linux_lad <jo...@linuxlad.nospam.org> wrote in
>news:8j8tp3hug2f7rkkcf...@4ax.com:
>
>> Feel free. It was written for you.
>
>Thanks.
>
>>>Yes you did. You wrongly assumed I had anything whatsoever to do with
>>>it, and claimed I had written the batch file; that you wasted a
>>>paragraph to attack me for. I didn't write the batch file, or wget or
>>>anything else in that archive.
>>
>> I really do not believe you.
>
>That's ok. It doesn't serve your side, no wonder you don't believe me. :)
>
>> That's a high level view. It runs at the console so you don't need any
>> any fancy layout work. I don't know how you're handling any database
>> work but you don't need it. In fact it would be a gross waste of
>> processing to make multiple trips to a database. I don't think you're
>> doing it this way, but maybe you are.
>
>John, Sadly, there is much you don't know. BugHunter does make use of a
>signature database, it's stored in the following files, should you be
>curious: BUGSIG.X, BUGIDX.X, BUGINFO.X (X is a number, based on segment).
The point I was making, is that I don't think you're making a string
of repeated trips to the "database", which is probably more of an
ordered list (flat file). I assume you dump the entire list to a
buffer rather than making a trip to the physical file. Maybe you are.
That could explain why it's so slow.
>
>I don't believe the method I use is a huge waste of processing resources
>as you seem to imply. It scans pretty quick depending on the files and
>your hardware.
Reading from memory is about 1000 times faster than reading from a
hard drive. Quite a bit more actually, under the right circumstances.
>
>> You can load all of the matching signatures into an array and traverse
>> the malware array. I'm guessing that this array might have two
>
>You really should have read the manual that came with Asic John. Memory
>limitations prevent me from loading the entire database at once. It's a
How big is the database? You claim to have about 12,000 signatures.
OK, let's make it a nice round 20,000 signatures. How long is each
signature? You have already told us it's 32 bits. Let's make it 50
bits so the math will be easy:
20K signatures * 50 bits = 125k. Do you agree with that?
>DOS thing. :) As I'm not using XMS or EMS memory and just the initial
>640k from DOS, I couldn't load the entire database into one set of
>arrays. Also, Asic doesn't support multiple element arrays, so BugHunter
>actually has 3 of them. One for size, two for checksums.
There are several ways to simulate this.
>
>> elements, a size and checksum. The locate.com could build an array of
>> files and their sizes, then the app traverses the malware array, and
>> compares each filesize to the ordered the values on the list. Since
>> the values are expressed in integers, this is really little more than
>> a sort operation.
>
>I'd suggest you and anyone else who wants to know what locate.com is
>doing should just browse the temporary file it makes. You won't find any
>filenames, only an unsorted list of directories in the 8.3 msdos style
>naming convention.
I read the file and tried it myself, from the command, and it's
sorted. If I was going to use locate.com, here's how I would do it:
C:\SOURCE\DUSTIN~1\
fordus~1.cfg Fri Jan 25 2008 3:39:06p A.... 434
0.42 K
fordus~1.dof Fri Jan 25 2008 3:39:06p A.... 2,015
1.96 K
fordus~1.dpr Fri Jan 25 2008 3:28:20p A.... 1,724
1.68 K
fordus~1.exe Fri Jan 25 2008 3:21:24p A.... 579,584
566.00 K
fordus~1.~dp Fri Jan 25 2008 3:28:20p A.... 1,724
1.68 K
This generates the path to the folder and the full path to the file,
in addition to some other information. If I was going to make a list
of files to scan, I would just use locate to build the list, and then
edit the list programmatically:
C:\SOURCE\DUSTIN~1\fordus~1.cfg|434
C:\SOURCE\DUSTIN~1\fordus~1.dof|2,015
C:\SOURCE\DUSTIN~1\fordus~1.dpr|1,724
C:\SOURCE\DUSTIN~1\fordus~1.exe|579,584
C:\SOURCE\DUSTIN~1\ fordus~1.~dp|1,724
The pipes are a delimiter. Now I have a list of files with the full
path and a byte size. Dump to a buffer. Now I need to order my virus
signature list. I don't know how you have your signatures laid out,
but based on my understanding that you compute checksum where you find
a matching file size, here is what I would do:
Create list, ordered if you want and with whatever delimiter you want.
<filesize>|<checksum>
Dump to another buffer, and sort the lines on filesize. As far as the
buffer is concerned, you have a bunch of strings.
Now you iterate the first buffer. You already have the known filesize,
so all you have to do is grab the matching fize size in the second
buffer (remember the delimiter). You have already indicated you don't
look if it doesn't match the known file size, so now you're done
looking at that file. The only time you should have to go back to the
file system is if you get a file size match.
You could add some simple fuzzy logic just by allowing a match if file
sizes were within the byte range you defined, or allowed the user to
define.
>
>>>Bill's version of PowerPost known as SharkPost doesn't contain any
>>>code which allows it to do as you have claimed it potentially could.
>>>It was given every opportunity to do something, "bad". You showed a
>>>simple proof of concept program which was entirely unknown to all
>>>signature/hueristic based scanners at the time. You didn't prove
>>>anything concerning SharkPost, despite being asked to backup various
>>>claims you made against it.
>>
>> I have backed up my claim that it could be done. I provided a working
>> example. After Bill implied I could not defeat SoftPedia's monitoring,
>
>Your claim that this or that program could contain something bad is NOT
>by any means the same as the program actually containing something Bad
>John. Under those conditions, you didn't prove anything.
I proved it could be done, by showing how. It was not intended to show
that Bill was bad, it was intended to show that for all your
blustering, you couldn't catch it. It was a public service. Why do you
continue to bring this up? If it's so disruptive to your psyche, why
not stop mentioning it? Does anyone here disagree that copying a
message and posting it somewhere else is undesirable?
>
>
>>>Excellent Backpeddling John. You finally know BugHunter is only using
>>>locate.com for recursion, just like I said. You previously said
>>>otherwise, and it's on record, so this is very nice.. :)
>>
>> Not backpeddaling, I said it then and I will say it now. You are using
>> someone else's program despite your many years of experience. After
>> all your boasts of intimate and explicit knowlege of low level coding
>> and experience in Assembly, it turns out you are just wrapping someone
>> else's code. Remember all that talk about assembly?
>
>John, the fact I'm making use of other programs doesn't say anything bad
>about my coding abilities, despite your messed up efforts to imply such.
>locate.com does a fine job for the purpose I'm using it for. I had a
>recursive routine operational, but it wasn't as fast, used too many temp
>files, and locate.com is simply better than mine. so I went with it.
You have frequently used the word "non-coder" as an insult. Now we
find out you are only doing a fraction of the work with your own code.
You have been screaming and beating your chest for months, and we find
out that you are little more than a scripter.
>
>It has nothing to do with coding ability, more like, how much time to do
>I want to spend writing something that is already available, so I can
>devote that time to things that are important, such as processing malware
>samples.
You never miss an opportunity to let us know you're the author of
"bughunter". After I apologized to you for misunderstanding Asic, you
crossposted it with some subject line about me being burned to death
or something like that.
>>
>> 1) Who makes the decision on the file length? You or locate.com?
>
>I do, John.
I think you misunderstood again. When the list of files is to be
generated, how does bughunter know what the file size is? Does locate
just create a list of files and then your code goes out to the drive
and creates a list file sizes? I think that work is being done by
locate.com. It was when I ran it from the command line.
>
>> Does this mean you only look at files that are of a size that matches
>> a malware file known to you? If so, does that mean that a bad guy can
>> pad his file with a few bytes and defeat your scan, merely by virtue
>> that you don't look at it?
>
>A bad guy could modify an existing file already known to Bughunter sure.
>as I'm a checksumming scanner John, it wouldn't matter if the file was
>examined after the user changed it. The checksums wouldn't be known then
>to BugHunter either, even if I did ignore the file size.
So I'm correct, Yes? I'm not saying you're right or wrong, just trying
to be clear.
>
>> That is a manual process performed by the user. It is most certainly
>> not a programmatic process.
>
>Yes, BugHunter is a manual application. There is no reason for it to have
>communications.
>
>>>
>>>Do you know why the password is required John? Your program doesn't
>>>offer to do this for me, and it's very important that it would. :)
>>
>> Adding a password was no issue. You can save the compressed file as
>> anything you want. Just pass the password you want to use in the third
>> parameter. You should consider prompting the use for a name and email
>> address and then passing those in the URL.
>
>So you don't know why the password is required. Or the file renaming.
>Okay then, google is paranoid, google will stop .zips if they have .exes
>inside. Google also has virus scanning, and the password ensures the
>files aren't deleted before I get them. The renaming operation is
>required so the user can send me the .zip file.
That is a pedantic question. Of course I know. A password does not
prevent the contents of the file from being identified, only from
being extracted. You would have to encrypt the file to prevent it from
being examined. In that case the file would be treated like a blob.
You don't understand why, but you're renaming it to .dat so AV
scanners won't freak out when they find a password-protected zip.
These files are often quarantined for the recipient's protection.
>
>> upon the many generous people who operate dedicated servers, or
>> optimally, pay for your own dedicated server. I pay $109.00/month for
>
>BugHunter has a home, thanks John.
>
>>>No, sir, it's not. You claimed I'm concealing something, and that
>>>BugHunter isn't my work. Now I want you to back it up. No more
>>>weaseling.
>>
>> <PIWdnbWgQul_vsHa...@brightview.co.uk>
>>
>> I never claimed bughunter was not your work, but given your history
>> and the extent to which you have gone to avoid sharing the source
>> code, it's a reasonable conclusion that there is some ulterior reason
>> for your packing it and then making it difficult to determine the
>> packer. Ant was able to figure it out though.
>
>Given my history? John, I've *never* been accused of stealing code. I've
>been an asshole sure, but not a code thief. BugHunter is not an open
>source application, nor is spybot, adaware or superantispyware. Yet, I
>see you not asking them to provide source code. Why is that?
Never been accused? Really? 4Q doesn't have one of your original
threads where you were caught posting listings of other people's work?
They don't have your history, and they aren't positioning themselves
as the last word in software development wisdom.
>
>I didn't make it difficult to determine the packer, Unless your limited
>to visual clues that is. I changed the header bytes, is all. UPX is
>hardly useful for concealing anything, it's open source, well known and
>easily removed.
You did that in an effort to conceal it that you used UPX. Attempting
to unpack your app with UPX results in an error that says it wasn't
packed with UPX:
File size Ratio Format Name
-------------------- ------ ----------- -----------
upx: BUGHUNT.EXE: NotPackedException: not packed by UPX
Unpacked 0 files.
>
>Ant didn't find anything malicious with BugHunter, and even stated he
>likely wouldn't.
I don't think anyone will find anything malicious. I have never said
that. What I think is that our suspicions that you are not a brilliant
and highly talented programmer will be confirmed, and thus you will be
further proven to be un-entitled to your flamboyant vanity.
I think you should change the subject line. It isn't doing you any
favors.
--
-linux_lad
http://www.spoofproof.org/verify.php?sig=047ec65c85ee5ad6a15f277efb435851
Dustin Cook
news:6dcvp39pi24rn01dc...@4ax.com:
Actually John. Google will not let any .zip file pass thru that has an
.exe inside unless the archive is renamed. It's not an AV scanner doing
that, it's google's idea of limiting virus spreading via email.
>>Given my history? John, I've *never* been accused of stealing code.
>>I've been an asshole sure, but not a code thief. BugHunter is not an
>>open source application, nor is spybot, adaware or superantispyware.
>>Yet, I see you not asking them to provide source code. Why is that?
>
> Never been accused? Really? 4Q doesn't have one of your original
> threads where you were caught posting listings of other people's work?
> They don't have your history, and they aren't positioning themselves
> as the last word in software development wisdom.
Holy shit. Dude, one day your going to learn that 4Q isn't what you would
call a reliable source of information. Matter of fact, the article I
think your referring too was a uuencoded post of an object file taken
from a library. The obj file was modified from the original. Although 4Q
could never determine what the modification was; although I'm sure
anybody who bothered to look did; the original did a retn; mine did a
retf, to return to the calling program, instead of crashing with an
endless loop. It was also renamed to make it get along fine with other
routines from the same library. However, you won't find me claiming it's
entirely mine.
The reason very few even bothered to respond to the accusation made by
4Q; 10 years after I posted it mind you, was once disassembled it turned
out to be an interrupt 24handler; textbook. Neither ibrary nor myself
could really claim it's an original piece of work. it's something you
have to learn to write when doing low level. Asic doesn't have an error
control that can gracefully trap errors like Delphi. Without that object
file asic programs can generate that annoying "abort retry fail" message
when a file i/o error takes place. At the time, I wasn't far enough along
in assembler to redirect an interrupt and basically press the F button
for me, so I modified one already existing. I've since learned to write
one entirely from scratch, but once you remove the text strings in the
one I posted, it's the same resulting binary file. lol
>>I didn't make it difficult to determine the packer, Unless your
>>limited to visual clues that is. I changed the header bytes, is all.
>>UPX is hardly useful for concealing anything, it's open source, well
>>known and easily removed.
>
> You did that in an effort to conceal it that you used UPX. Attempting
> to unpack your app with UPX results in an error that says it wasn't
> packed with UPX:
What is that you like to tell me... Oh yea, something about school.
School is in session, take notes son.
option 1. Switch the header bytes from "v22e" to "UPX!" - The header has
other UPX markers dude, but you only need to alter those 4 bytes to fool
script kiddies like you. Due to a BUG, UPX thinks the file isn't one of
it's own either, but it does with other executable styles.
option 2. You can always just check the unpacker code. It's constant
with UPX. Script kiddies aren't usually smart enough to do this.
option 3. Most script kiddies go this route: get a general unpacker, UPX
is hardly safe from them.
I used UPX for the compression advantage and to keep script kiddies out.
Obviously it works, as you couldn't unpack it with UPX? LOL. I changed 4
bytes and you couldn't reverse that? c'mon John.
When you do unpack it, as you seem to feel the need, but didn't have the
information required; it's going to be mostly filled with null
characters. Before you claim that's a fault of mine, I'll go ahead and
cut you off; it's not, see Asic.doc, towards the end of the file it
explains executable builds, look into 32bit integer arrays.
> File size Ratio Format Name
> -------------------- ------ ----------- -----------
> upx: BUGHUNT.EXE: NotPackedException: not packed by UPX
Yes, a known bug (imo) with UPX. If you just play with the header on
windows ones, it says it knows its upx, but modified. When it's a DOS
program, it's kinda dumb.
> I don't think anyone will find anything malicious. I have never said
> that. What I think is that our suspicions that you are not a brilliant
> and highly talented programmer will be confirmed, and thus you will be
> further proven to be un-entitled to your flamboyant vanity.
John, so far, your the only individual placing me on such a high
pedastal. I wouldn't say I'm an amateur programmer by any means, nor
would I say i'm an expert in every programming language known to man. I
seem to do fine for what I write tho.
Also, since you want source code from me...
http://bughunter.it-mate.co.uk/Asteroids.zip
It's an open source asteriods game. Credits are in the source file for
everyone who worked in it in the format it's in now.
> I think you should change the subject line. It isn't doing you any
> favors.
Sure it is. Others may be inquiring, and you are raising a few valid
questions that I should have already answered. :)
Dustin Cook
news:6dcvp39pi24rn01dc...@4ax.com:
Each record is 12bytes. 3 32bit integer numbers.
> 20K signatures * 50 bits = 125k. Do you agree with that?
Sure. As the manual clearly states tho John, executables in asic have 64k
data segments. I cannot load 125K worth of data into arrays at one time
in the same segment. I guess I didn't explain it properly when I said DOS
and 640k.
>>DOS thing. :) As I'm not using XMS or EMS memory and just the initial
>>640k from DOS, I couldn't load the entire database into one set of
>>arrays. Also, Asic doesn't support multiple element arrays, so
>>BugHunter actually has 3 of them. One for size, two for checksums.
>
> There are several ways to simulate this.
You really should take a look at the manual John.
>>
>>> elements, a size and checksum. The locate.com could build an array
>>> of files and their sizes, then the app traverses the malware array,
>>> and compares each filesize to the ordered the values on the list.
>>> Since the values are expressed in integers, this is really little
>>> more than a sort operation.
>>
>>I'd suggest you and anyone else who wants to know what locate.com is
>>doing should just browse the temporary file it makes. You won't find
>>any filenames, only an unsorted list of directories in the 8.3 msdos
>>style naming convention.
>
> I read the file and tried it myself, from the command, and it's
> sorted. If I was going to use locate.com, here's how I would do it:
Hmm, no sir, it's not. Use the same parameters as BugHunter would supply.
It's not fully sorted as it traverses as it sees it and sends it directly
to the temporary file. And if you had read the file previously, you could
have skipped this ass beating you've taken here concerning my program.
Sadly tho, until I make it impossible for you to ignore it, you continue
claiming it's built around locate.com, or locate.com might be doing more
than I said it does. Such nonsense John. Pointless. and besides, it
really makes you look stupid.
> This generates the path to the folder and the full path to the file,
> in addition to some other information. If I was going to make a list
> of files to scan, I would just use locate to build the list, and then
> edit the list programmatically:
So, you would have locate.com waste space and time by listing files for
me, instead of just letting me use findfirst/findnext and get that
information as well as the size for myself?
> C:\SOURCE\DUSTIN~1\fordus~1.cfg|434
> C:\SOURCE\DUSTIN~1\fordus~1.dof|2,015
> C:\SOURCE\DUSTIN~1\fordus~1.dpr|1,724
> C:\SOURCE\DUSTIN~1\fordus~1.exe|579,584
> C:\SOURCE\DUSTIN~1\ fordus~1.~dp|1,724
>
> The pipes are a delimiter. Now I have a list of files with the full
> path and a byte size. Dump to a buffer. Now I need to order my virus
> signature list. I don't know how you have your signatures laid out,
> but based on my understanding that you compute checksum where you find
> a matching file size, here is what I would do:
String limitation John, 80 characters max. If you waste space including
unnecessary information, you prevent me from access to many potential
folders.
> Dump to another buffer, and sort the lines on filesize. As far as the
> buffer is concerned, you have a bunch of strings.
Wasting more time, requiring more memory than already being used.
> Now you iterate the first buffer. You already have the known filesize,
> so all you have to do is grab the matching fize size in the second
> buffer (remember the delimiter). You have already indicated you don't
> look if it doesn't match the known file size, so now you're done
> looking at that file. The only time you should have to go back to the
> file system is if you get a file size match.
John, when I ask for the filename, I also pull it's length as specified
on the disk. I've already got that information the second the filename
comes up. Along with anything else I want to know about said file,
because I open it with a file handle. *grin*. DOS already forks over
those wonderful details once you lock onto something.
> You could add some simple fuzzy logic just by allowing a match if file
> sizes were within the byte range you defined, or allowed the user to
> define.
That's impossible. Many legitimate files are of various filelengths that
match malware executables. I cannot flag a file as malicious simply based
on file length alone.
>
>>
>>>>Bill's version of PowerPost known as SharkPost doesn't contain any
>>>>code which allows it to do as you have claimed it potentially could.
>>>>It was given every opportunity to do something, "bad". You showed a
>>>>simple proof of concept program which was entirely unknown to all
>>>>signature/hueristic based scanners at the time. You didn't prove
>>>>anything concerning SharkPost, despite being asked to backup various
>>>>claims you made against it.
>>>
>>> I have backed up my claim that it could be done. I provided a
>>> working example. After Bill implied I could not defeat SoftPedia's
>>> monitoring,
>>
>>Your claim that this or that program could contain something bad is
>>NOT by any means the same as the program actually containing something
>>Bad John. Under those conditions, you didn't prove anything.
>
> I proved it could be done, by showing how. It was not intended to show
John, once again, I feel the need to remind you, that *nobody* claimed it
couldn't be done, only that SharkPost *doesn't* do anything *bad*.
You just proved you didn't know wtf was going on is all. And you ran with
it.
> that Bill was bad, it was intended to show that for all your
> blustering, you couldn't catch it. It was a public service. Why do you
> continue to bring this up? If it's so disruptive to your psyche, why
> not stop mentioning it?
A public service John? In what possible way is writing something with
malicious code and submitting it to a public distribution site as you
intended, a public service? I continue to bring this up because it's
important to the discussion that was originally about SharkPost. That's
what myself and a few others were discussing before you came along and
started beating your chest with the intent to educate me because you
didn't like the way I talk down to certain people.
>Does anyone here disagree that copying a
> message and posting it somewhere else is undesirable?
Okay... What are we planning to discuss now? If your planning to claim
that you agree with that statement, you shouldn't be taking 4Q's word for
anything on me.
> You have frequently used the word "non-coder" as an insult. Now we
> find out you are only doing a fraction of the work with your own code.
Yep, an insult directed at others who were trying to insult me. And
really John, if you think about it, if your not a coder; you really
shouldn't be trying to say a program is doing this or that. Somebody is
bound to call you out on it. And once you tell them you don't even code,
your going to get burned. Have asbestos suit ready.
> You have been screaming and beating your chest for months, and we find
> out that you are little more than a scripter.
Actually John, I've spent a bit of time defending myself in your home
group various claims made by those who seem to have an issue with Bill,
and like to mislead people into thinking SharkPost is malicious.
I suspect if you and I were compared by our peers, and I suspect we are
in some fashion at this point; they will find your much more of a
scripter level programmer than myself. No insult implied here. You just
don't know the history as well as I do, and thus little things like your
delphi programming using API calls would escape you.
>>
>>It has nothing to do with coding ability, more like, how much time to
>>do I want to spend writing something that is already available, so I
>>can devote that time to things that are important, such as processing
>>malware samples.
>
> You never miss an opportunity to let us know you're the author of
> "bughunter".
Do you have a specific problem with my signature or something John?
>After I apologized to you for misunderstanding Asic, you
> crossposted it with some subject line about me being burned to death
> or something like that.
When did you apologize to me for misunderstanding Asic John? What you
actually said was no apology, you tried to shift blame from your
ignorance to me for using Asic in the first place. That's no apology,
John.
>
>>>
>>> 1) Who makes the decision on the file length? You or locate.com?
>>
>>I do, John.
>
> I think you misunderstood again. When the list of files is to be
> generated, how does bughunter know what the file size is? Does locate
> just create a list of files and then your code goes out to the drive
> and creates a list file sizes? I think that work is being done by
> locate.com. It was when I ran it from the command line.
There is no list of files generated John. Once again, A list of
directories in the msdos 8.3 style naming convention is generated.
Nothing more, nothing less.
School is in session again.
locate.com /D+ /N /R >BUGHUNT.DAT
please run the program as specified above; which is the same exact line
BugHunter uses to execute it, clearly defined in BUGHUNT.INI (A NORMAL
HUMAN READABLE FILE) that you were already told to examine. In fact, I
posted a complete copy already. Take better notes, son.
Heres an example of the contents of the resulting file that you'll get.
C:\ASIC
C:\ASICARC
C:\ASTERO~1
C:\ATI
C:\AUDIO
C:\AVONLY
C:\BUG
C:\BUGHUNT
C:\CDMAKE
C:\CLONECD4
C:\CMDS
C:\DEMONOID.COM
C:\DOCUME~1
C:\DOWNLOAD
C:\FIREFOX
C:\GWAVEW~1
C:\HHI
C:\HOLD1
C:\HOLD2
C:\HOLD3
C:\HOLDZIP
C:\INCLUDE
C:\INTLIST
C:\KEEP
C:\LAME39~1
C:\LEXMARK
C:\LOGS
C:\MIRAND~1
C:\MORGOTH
C:\MOZILLA
C:\MP3
C:\MPR
C:\MTELB12
C:\MULTILIB
C:\NANDUB~1
C:\NVIDIA
C:\PEDASM
C:\PMAIL
C:\PROGRA~1
C:\RECYCLED
C:\RECYCLER
C:\RELEASE
C:\RESTOR~1
C:\RIPCD
C:\RIPIT4ME
C:\RSSC11
C:\SAM
C:\SANDBOX
C:\SLMR
C:\SYSTEM~1
C:\TEMP
C:\TEST
C:\TEXT
C:\VDUB16
C:\WINDOWS
C:\WUTEMP
C:\XNEWS
C:\ATI\SUPPORT
C:\AUDIO\L3CODE~1
C:\AVONLY\ADAWARE
C:\AVONLY\ADWARE
C:\AVONLY\ARAXDI~1
C:\AVONLY\AVONLY~1
C:\AVONLY\AVREMOVE
C:\AVONLY\BOOTIMG
C:\AVONLY\BROWSERS
C:\AVONLY\BUGHUNT
C:\AVONLY\CODECS
C:\AVONLY\ERU
C:\AVONLY\ERUNT
C:\AVONLY\HARDWARE
C:\AVONLY\MBRFIX~1
C:\AVONLY\MEDIAP~1
C:\AVONLY\NETWOR~1
C:\AVONLY\REGFIXES
C:\AVONLY\REGIST~1
C:\AVONLY\SECURI~1
C:\AVONLY\SPYBOT
C:\AVONLY\SUNJAVA
C:\AVONLY\SYGATE~1
C:\AVONLY\SYSCLEAN
C:\AVONLY\UNDELETE
C:\AVONLY\USEFUL~1
C:\AVONLY\UTILITY
C:\AVONLY\W9XCABS
C:\AVONLY\WINDOW~1
C:\AVONLY\WINDOW~1.6
C:\AVONLY\WIPEDSK
C:\BUG\ARCHIVE
C:\BUG\NEWSAM
C:\BUG\PADSUB~1
C:\BUG\RELEASE
C:\BUG\SAM
C:\BUG\SAMPLES
C:\BUG\TEST
C:\BUG\WEBSITE
C:\BUG\WEBSITE.OLD
C:\CDMAKE\CNET10~1
C:\CLONECD4\GRAPHICS
C:\CLONECD4\PROFILES
C:\CLONECD4\SOUNDS
C:\CLONECD4\TEXTS
C:\CMDS\UPX301D
C:\CMDS\WWPACK
C:\DEMONOID.COM\COMPLE~1
C:\DEMONOID.COM\OTHERT~1
C:\DEMONOID.COM\RARS
C:\DEMONOID.COM\TORRENTS
C:\DOCUME~1\ADMINI~1
C:\DOCUME~1\ALLUSE~1
C:\DOCUME~1\DARWIN
C:\DOCUME~1\DEFAUL~1
C:\DOCUME~1\LOCALS~1
C:\DOCUME~1\NETWOR~1
C:\DOWNLOAD\WDBACK~1
C:\FIREFOX\CHROME
C:\FIREFOX\COMPON~1
C:\FIREFOX\DEFAULTS
C:\FIREFOX\EXTENS~1
It seems somewhat sorted because I have a nice defragger (Disk Keeper Pro
*grin*) but further down, you'll see more entries for examine documents
and settings. So it's not a completely sorted, recursed directory
listing.
As everyone can see, no files, no file sizes, nothing. Just directories.
I will explain again exactly, step by step whats going on:
BugHunter starts
BugHunter parses the command line. did you specify your own ini file, or
an automated command? No, load the default BUGHUNT.INI
Is recursive turned on?
if yes>
fire up locate.com
set flag to ignore array containing upto 32 entries; We're not going to
scan them only.
Display recursive scanning is on. Currently the amount of directories
that will be scanned isn't listed, plan to fix this, as I've already got
the information loaded at this point.
if no>
Display amount of directories specified in the INI file.
Main Menu comes up.
user picks an option
Bughunter shows directories specified if recursive is off
BugHunter asks for confirm
if yes> proceed
if no>return to main menu
if proceeding>
open recursive temp file if it exists,
read a line; one directory, set DOS findfirst to all files, regardless of
attribute. When filename comes up, ask dos what the filesize is, check
first array for a match; if one found, check other 2 arrays on the same
record # as the first for matches; if both, scan buginfo.x (line by line,
not currently loaded into memory) for a matching segment:record hit, next
line is description, load it, stop looking.
Display options if user selected, or do whatever to file if match is
true.
load next line of temp file, or +1 the 32directory array.
return to proceeding>
when tempfile is EOF, stop, show report.
close logfiles and any other file handles that could still be open.
Ugh.. Okay, I think that's about as good as I can explain whats going on.
I'm not looping the temp file, I'm only loading the folder name once,
making multiple passes if needed before moving onto the next
folder/directory listed/available.
BugHunter is doing the real work John, locate.com is building a directory
tree, as I told you, as BugHunter tells you when it starts up if you have
recursion turned on.
>>
>>> Does this mean you only look at files that are of a size that
>>> matches a malware file known to you? If so, does that mean that a
>>> bad guy can pad his file with a few bytes and defeat your scan,
>>> merely by virtue that you don't look at it?
>>
>>A bad guy could modify an existing file already known to Bughunter
>>sure. as I'm a checksumming scanner John, it wouldn't matter if the
>>file was examined after the user changed it. The checksums wouldn't be
>>known then to BugHunter either, even if I did ignore the file size.
>
> So I'm correct, Yes? I'm not saying you're right or wrong, just trying
> to be clear.
Yes John, you are correct about this. It's a known limitation and
weakness with checksum based technology. Short of string scanning, or
hueristics that is. :) BugHunter doesn't currently employ either of
those.
-linux_lad
<bughunte...@gmail.com> wrote:
>Bill <res0...@verizon.net> wrote in news:Dr8jj.32570$Zo3.16789@trnddc02:
>
>> "Lezzie \"Black Dragon\" Paulin" <lez...@fuck.head> wrote:
>>
>> [...]
>>>many have recently claimed ownership
>> [...]
>>
>> Your grasp of the meaning of PWNED is about as good
>> as your grasp of the meaning of the word troll.
>
>If he'd like an example of a BOOTFUCK tho, he's welcome to checkout the
>threads with John getting educated on how BugHunter actually works. :)
That's one point of view. Another point of view might be that I
schooled you. Again, and again and again. You're using an extinct
language that's so neutered it can't even do things that are
fundamental to modern software development.
You denied you were trying to conceal the packer and admitted on the
same day your concealment efforts were deliberate.
You couldn't even do very basic updates, and had no programmatic way
to submit samples for analysis. I wrote both in a standalone exe in a
few hours and then gave it to you.
3 hours: > http://spoofproof.org/SnarfIt.exe
How's that for a spanking Dustin?
--
-linux_lad
http://www.spoofproof.org/verify.php?sig=95f3e00f03d258454abca431c570ad3e
Dustin Cook
news:pr71q31n9btu0iccd...@4ax.com:
> On Wed, 30 Jan 2008 03:23:16 GMT, Dustin Cook
> <bughunte...@gmail.com> wrote:
>
>>Bill <res0...@verizon.net> wrote in news:Dr8jj.32570$Zo3.16789
@trnddc02:
>>
>>> "Lezzie \"Black Dragon\" Paulin" <lez...@fuck.head> wrote:
>>>
>>> [...]
>>>>many have recently claimed ownership
>>> [...]
>>>
>>> Your grasp of the meaning of PWNED is about as good
>>> as your grasp of the meaning of the word troll.
>>
>>If he'd like an example of a BOOTFUCK tho, he's welcome to checkout the
>>threads with John getting educated on how BugHunter actually works. :)
>
> That's one point of view. Another point of view might be that I
> schooled you. Again, and again and again. You're using an extinct
> language that's so neutered it can't even do things that are
> fundamental to modern software development.
I really don't see how you can logically come to that conclusion after
the discussions which have taken place John. You haven't educated me yet
on any of the subjects you promised to educate me in. You've dodged and
ducked around each question I present you however. And apparently, your
going to duck/dodge around any responses now that everyone knows for
sure, your a fucking idiot in so far as malware and BugHunter is
concerned. And Asic too, and that only matters because you offered to
"educate" me concerning programming in it. Changing 4 bytes hardly
constitues consealment, John. Atleast, it's not concealment to any
experienced programmer I know. Ant obviously wasn't detered. He didn't
require my help in unpacking it either John. :)
If anything, I've been doing the educating John. Educating your stupid
ass about executable file structure, what BugHunter does with locate.com,
What's really going on. Despite offering you the opportunity several
times to read the fucking manual, you come back at me with this or that
bullshit. Improvements, how I should do things. With no clue of the
language i'm using.
As I said previously, your idea of an apology apparently is to blame
myself and/or Asic for your own ignorance concerning both.
And at this point, I'm going to go with your own stupidity. ignorance is
a curable condition.
> You denied you were trying to conceal the packer and admitted on the
> same day your concealment efforts were deliberate.
John,
I showed you how to reverse the "concealment" so that you could unpack it
with UPX. If I was actually trying to keep that a secret, I wouldn't have
provided you of all people several methods you could use to reverse it,
now would I?
> You couldn't even do very basic updates, and had no programmatic way
> to submit samples for analysis. I wrote both in a standalone exe in a
> few hours and then gave it to you.
John,
BugHunter is not designed to be a windows utility; It doesn't need to be
accessing the internet, or sending files to me or anyone else.
While I appreciate the fact you spent 3 hours of your time to emulate
what someone's batch file already doesn't in the least, really, the least
bit, imply or should be taken as such to mean you Spanked me.
> How's that for a spanking Dustin?
John,
You've yet to actually make good on any claim you've shot at me so far.
Obviously, when we went into details and I published how you could
duplicate the results (Don't you love programming John? I do, you just
can't lie about it.. hehehe) the only reply I've seen is a cheap attempt
at flaming me, claiming you spanked me or educated me in any sense of the
word.
Dustin Cook
news:MPG.220aa5d3d...@news.sharkpost.org:
> This post, -linux_lad <jo...@linuxlad.nospam.org>
> Message-ID:<<pr71q31n9btu0iccd...@4ax.com>>
> may be monitored for quality assurance:
>|
>|On Wed, 30 Jan 2008 03:23:16 GMT, Dustin Cook
>|<bughunte...@gmail.com> wrote:
>|
>|>Bill <res0...@verizon.net> wrote in
>|>news:Dr8jj.32570$Zo3.16789@trnddc02:
>|>
>|>> "Lezzie \"Black Dragon\" Paulin" <lez...@fuck.head> wrote:
>|>>
>|>> [...]
>|>>>many have recently claimed ownership
>|>> [...]
>|>>
>|>> Your grasp of the meaning of PWNED is about as good
>|>> as your grasp of the meaning of the word troll.
>|>
>|>If he'd like an example of a BOOTFUCK tho, he's welcome to checkout
>|>the threads with John getting educated on how BugHunter actually
>|>works. :)
>|
>|That's one point of view.
>
> Yeah - it's called reality.
Indeed.
>|Another point of view might be that I schooled you. Again, and again
>|and again.
>
> How, by admitting you didn't know what you were talking about?
Which time? :) The concealed unpacker, Asic, holding more than 64k into
an array, multi dimensional arrays on a language that doesn't support it,
locate.com doing anything more than building a list of directories,
Accused of writing a batch file, that he later spent 3 hours to emulate
the functionality of, couldn't answer valid questions presented by Ant;
remember folks, LinuxLad blamed Borland for all the extra BS included in
his executable. No, as Bill pointed out, not everything from the IDE is
loaded if your not using it.
>|You're using an extinct language that's so neutered it can't even do
>|things that are fundamental to modern software development.
>
> Yet you were going to school him in that which you didn't know.
See above.
-linux_lad
<bughunte...@gmail.com> wrote:
Logic is not one of your strong suits. And yes, you attempted to
conceal the fact that you packed it with UPX. You only admitted it
after you were caught.
>
>If anything, I've been doing the educating John. Educating your stupid
>ass about executable file structure, what BugHunter does with locate.com,
>What's really going on. Despite offering you the opportunity several
>times to read the fucking manual, you come back at me with this or that
>bullshit. Improvements, how I should do things. With no clue of the
>language i'm using.
I agree that you have been doing some educating. I doubt if anyone
fully realized how badly out of touch you were until I got here. You
merrily typed out insults because no one fully understood the full
extent of your idiocy. A rank amateur showed you up and schooled your
ass over and over again. Not really an accomplishment, anyone can do
what I did. You make it easy.
You manual doesn't mean anything except that you are right about two
very minor points. Asic as a language is an outstanding example of one
man's extraordinary programming skills. It does not make you any less
of a clown though.
>
>As I said previously, your idea of an apology apparently is to blame
>myself and/or Asic for your own ignorance concerning both.
It was never more than a toy. It was a training tool, a subset of
what passed for a modern language even then. What really annoys you is
that you never graduated from software development junior high. All
your bluster about Assembler turned out to be nonsense too. You were
claiming to master it because you thought no one else did, until 4Q
humiliated you.
>
>And at this point, I'm going to go with your own stupidity. ignorance is
>a curable condition.
Compare my apps to yours. When you can compete in the modern world,
come back and I'll school you again.
>
>> You denied you were trying to conceal the packer and admitted on the
>> same day your concealment efforts were deliberate.
>
>John,
>
>I showed you how to reverse the "concealment" so that you could unpack it
>with UPX. If I was actually trying to keep that a secret, I wouldn't have
>provided you of all people several methods you could use to reverse it,
>now would I?
Like I said before, you only copped to it after you were caught.
>
>> You couldn't even do very basic updates, and had no programmatic way
>> to submit samples for analysis. I wrote both in a standalone exe in a
>> few hours and then gave it to you.
>
>John,
>
>BugHunter is not designed to be a windows utility; It doesn't need to be
>accessing the internet, or sending files to me or anyone else.
Dustin, you apparently don't understand this, so I'll school you
again. Malware of all sorts is in a constant state of flux. That means
it's always changing. This is the reason why anti-malware vendors
release updates. It may even be the reason you release updates.
Updating software and definitions is a fundamental tenet of
anti-malware development.
You of course agree with me because your site offers a bat-wrapped
win32 port of the open source WGET. The reason I find this funny is
because you couldn't do in years what took me hours.
>
>While I appreciate the fact you spent 3 hours of your time to emulate
>what someone's batch file already doesn't in the least, really, the least
>bit, imply or should be taken as such to mean you Spanked me.
It doesn't emulate Dustin, it actually does it. It also zips and
unzips files and can post them programmatically. A vast improvement
over your best efforts for a small slice of my time.
>
>> How's that for a spanking Dustin?
>
>John,
>
>You've yet to actually make good on any claim you've shot at me so far.
What claim? That you can't crack my ware? You can't. I offered to
create one to prove it, and you backed down, repeatedly. The offer is
still open. Any time you say you can crack me, I will be glad to post
come code that proves otherwise.
>Obviously, when we went into details and I published how you could
>duplicate the results (Don't you love programming John? I do, you just
>can't lie about it.. hehehe) the only reply I've seen is a cheap attempt
Do you claim any code I posted does not work dustin? Not only does my
code work, it's better and more functional than your work.
No charge for the schooling. Use it well.
--
-linux_lad
http://www.spoofproof.org/verify.php?sig=702a796c9439d763e1e5a90b1a3ab5d0
Dustin Cook
news:vrl2q3h6jdkskrtf3...@4ax.com:
John, a very weak arguement on your part. UPX was hardly concealed from
anyone with some real programming experience, you were obviously the
exception. I educated you, script kiddy, not the other way around, no
matter how much you try and twist it. :)
And yet, you won't defend any of your statements made concerning
BugHunter now. Even tho you could have saved yourself the trouble and
just checked the program out for yourself. Instead, you tried to attack
me for writing it.
>>
>>If anything, I've been doing the educating John. Educating your stupid
>>ass about executable file structure, what BugHunter does with
>>locate.com, What's really going on. Despite offering you the
>>opportunity several times to read the fucking manual, you come back at
>>me with this or that bullshit. Improvements, how I should do things.
>>With no clue of the language i'm using.
>
> I agree that you have been doing some educating. I doubt if anyone
> fully realized how badly out of touch you were until I got here. You
Some educating? I would say, most/all of the educating has been done by
me, sadly because you refuse to read text files before you open your
mouth and make an ass of yourself.
> You manual doesn't mean anything except that you are right about two
> very minor points. Asic as a language is an outstanding example of one
> man's extraordinary programming skills. It does not make you any less
> of a clown though.
Again John, this isn't an apology. :) As Bill said yesterday and this
really is good advice you probably should take:
Look - your best bet right now is to slink off and
shut up. Every time you post, you only reveal that
you are as foolish as Buddhist trying to educate the
Pope on how to say Mass.
- Bill alt.binaries.warez.ibm-pc.d
> It was never more than a toy. It was a training tool, a subset of
> what passed for a modern language even then. What really annoys you is
> that you never graduated from software development junior high. All
> your bluster about Assembler turned out to be nonsense too. You were
> claiming to master it because you thought no one else did, until 4Q
> humiliated you.
nonsense about assembler? John, you couldn't unpack UPX without my help.
I can, I have. :) Nothing you have said really annoys me John. I've been
professionally employed in the computer industry since I was a teenager.
Assembler is something I know pretty well, thanks. It's no secret, either
John. Although, I suppose in your dense mind if you repeat that I don't
know something long enough somebody is bound to believe you, right JOhn?
Where's 4Q these days John?
>>
>>And at this point, I'm going to go with your own stupidity. ignorance
>>is a curable condition.
>
> Compare my apps to yours. When you can compete in the modern world,
> come back and I'll school you again.
What's to compare John? You spent 3 hours duplicating the functionality
of a batch file that you claimed I had written. I have no problems
competing in the modern world John. I know software, obviously at a level
far more advanced than yourself.
>>
>>> You denied you were trying to conceal the packer and admitted on the
>>> same day your concealment efforts were deliberate.
>>
>>John,
>>
>>I showed you how to reverse the "concealment" so that you could unpack
>>it with UPX. If I was actually trying to keep that a secret, I
>>wouldn't have provided you of all people several methods you could use
>>to reverse it, now would I?
>
> Like I said before, you only copped to it after you were caught.
Nice evasion John. Nobody caught me doing anything, but if you want to
stick with that, that's okay with me. :) I hope you'll put the useful
information I gave you concerning packing to good use, in your "modern
software development" world, script kiddy. :)
>>John,
>>
>>BugHunter is not designed to be a windows utility; It doesn't need to
>>be accessing the internet, or sending files to me or anyone else.
>
> Dustin, you apparently don't understand this, so I'll school you
> again. Malware of all sorts is in a constant state of flux. That means
> it's always changing. This is the reason why anti-malware vendors
> release updates. It may even be the reason you release updates.
> Updating software and definitions is a fundamental tenet of
> anti-malware development.
HAHAHAHAHAHAHAHA. you fucking moron. Of course I understand this,
BugHunter updates frequently for that very reason. Prior to 2000, I was
writing malware; No not your silly poc crap, but real functional,
spreading world wide, malware.
What is it you think you schooled me in John? I've written malware AND
antimalware.
> You of course agree with me because your site offers a bat-wrapped
> win32 port of the open source WGET. The reason I find this funny is
> because you couldn't do in years what took me hours.
Are you seriously on drugs or what dude?
The batch file works, pulls updates as it's designed to do. You wasted 3
hours after you claimed I wrote the batch file (No, I didn't) to
duplicate something it already does. Not only that sir, but Borlands IDE
contrary to your stupidity, does not bundle everything. I'm sure Ant
found your pathetic response as funny as I did.
> It doesn't emulate Dustin, it actually does it. It also zips and
> unzips files and can post them programmatically. A vast improvement
> over your best efforts for a small slice of my time.
The batch file has been pulling updates just fine for over a year John.
So yes, you are emulating what the batch file does with the option of
sending a file out. Something I had never intended for users to do
directly, because again, BugHunter isn't a windows based application.
It's designed to help you if you get in trouble dude, not take over
completely.
>>> How's that for a spanking Dustin?
>>
>>John,
>>
>>You've yet to actually make good on any claim you've shot at me so
>>far.
>
> What claim? That you can't crack my ware? You can't. I offered to
> create one to prove it, and you backed down, repeatedly. The offer is
> still open. Any time you say you can crack me, I will be glad to post
> come code that proves otherwise.
I was thinking of the following claims, actually. I don't claim to be
able to crack RSA crypto, which is what your actually trying to pass off
as cracking a program.
If you'd care to respond to any of these claims you've made, I'm all
ears.
Which time? :) The concealed unpacker, Asic, holding more than 64k into
an array, multi dimensional arrays on a language that doesn't support it,
locate.com doing anything more than building a list of directories,
Accused of writing a batch file, that he later spent 3 hours to emulate
the functionality of, couldn't answer valid questions presented by Ant;
remember folks, LinuxLad blamed Borland for all the extra BS included in
his executable. No, as Bill pointed out, not everything from the IDE is
loaded if your not using it.
> Do you claim any code I posted does not work dustin? Not only does my
> code work, it's better and more functional than your work.
I haven't downloaded your program John. I wouldn't say it's better than
what is already being used, as it seems to do the same job. One important
distinction. WGET is from a known trusted author, you aren't.
Again, the BHUPDATE.ZIP file is not my work. I cannot and do not take any
credit for it's existance.
> No charge for the schooling. Use it well.
I'd like a refund for previous schooling sessions you promised me. Your a
very poor instructor, especially when I've been doing the educating.
Dustin Cook
news:vrl2q3h6jdkskrtf3...@4ax.com:
> Compare my apps to yours. When you can compete in the modern world,
> come back and I'll school you again.
here's another one: source included:
http://bughunter.it-mate.co.uk/Asteroids.zip
It's not entirely my work, as the documentation and the source file will
clearly state. It's an open source Asteroids game, my version of it if
you will. Included with what many consider to be, a "modern" programming
language. from http://www.ionicwind.com
http://www.ionicwind.com/index.php?option=com_content&task=section&id=5
&Itemid=33
Main Features:
- Fast 32 bit assembler, linker, and compiler.
- Uses standard COFF and LIB format files.
- Easily upgradeable and expandable.
- Integrated scintilla based editor and debugger.
- Multi module programming.
- Supports Windows 95/98/ME/NT/2000/XP and Vista.
- Executables created are royalty free.
- Can create and use static libraries.
Language Features:
- BASIC like syntax.
- Rich command set, over 400 built in commands.
- Extensive operators and math functions.
- Built in linked-list handling.
- Easy window, dialog and control creation.
- Inline assembler for optimizing code.
- Text console support.
- Advanced and easy pointer operators.
- 'C' style pointer operations.
- Built in music and sound commands.
- Case insensitive keywords.
- Graphics primitive operations for quick and simple drawings.
- Text and graphics printer output support.
- Web enabled application development with the integrated html browser
control.
- Simple common control commands and functions.
- Quickly interfaces with the Windows API, C runtime libraries, and
static code libraries.
- Optional and default parameters for functions.
- Supports indirect function calls.
- ANSI compliant UDT and UNION types (structure).
- STDCALL and CDECL function calling conventions supported.
- OOP support.
- Built in database support.
- Built in 2D gaming commands.
- DX9 3D engine included.
- Built in Unicode support.
- Built in COM support.
Hows that for rapid application development (RAD) John?
Your welcome for the free lesson, btw.
Another useful App, BugHunter itself; I've yet to see you produce
anything better. Emulating BHUPDATE.ZIP is hardly showing me up John, I
didn't write anything inside that .ZIP file, but go ahead, keep claiming
I did; it's getting alot of laughs.
That's two John.
Here's another one, I find useful, others into checking out executables
may as well:
http://bughunter.it-mate.co.uk/exevalid.zip
Source Included in it, fully commented.
That's 3 apps, already published. I've got roughly 10-15 or so other
programs written 10+ years ago I can give you copies of if you'd like to
try and emulate them. <g> Most of them did achieve an award 4 of 5 stars
on ZdNet. I still have some of the writeups the viewer sent me when they
were published.
Now then, what apps do you write John?