🦑what is Transparent Proxy ?

1) Transparent Proxy is away that proxies connections without client noticing. This means that if you browse to www.yahoo.com when this request reachs your gateway it will be re-directed to another port where a proxy

> service like squid will be active. The client thinks that it's exchanging

> data with remote host but in the reality it's just exchanging data with the gateway.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How can I support it?
———————————---

To support Transparent Proxy once more you'll have to re-compile your
kernel this time the main features to support are:

Networking Options -->

(...)
[*] IP: firewalling
[*] IP: Transparent Proxy support
(...)

Of course you'll probably enable mascarade on your host, to know which
options have to be enabled check the IP masquerade section.

Configuring
-----------

Finally to make Transparent Proxy work you have to add a redirection
action on ipchains just simply giving the command:

root@ExampleBox: ~# /sbin/ipchains -A input -p TCP --dport 80 -s
192.168.0.0/24 -j REDIRECT 8080

Then you just have to configure squid, honestly I never messed with it so
I really don't know what to tell you, but I've seen squid.conf file it's
full of information, read it and it will help configuring. Also look at the
transparent proxy mini howto.

NFS
===

🦑 What should I read?
------------------————-

. NFS HOWTO
/usr/doc
or http://www.linuxdoc.org/HOWTO/NFS-HOWTO/index.html

. rpc.portmap man page

. rpc.mountd man page

. rpc.nfsd man page

. exports man page

🦑 What is it?
———————-

> NFS stands for Network File System. Like I said in the lecture, once I read a really simple definitition of NFS "it's like windows file sharing but better" and indeed it's a way of sharing HDs (totally or partially) inside a network.

> NFS is widelly used on networks where we have diskless boxes, or like in Beowulfs. Still you can just setup NFS on your local NFS to share some files between your computer, or like just have one /home directory and every single box of your LAN mounts that partition.


🦑 Is it really usefull?
-------------------————-

> Well... If you are in a small LAN like the ones we set at home, and each box you still want to have each computer working without any essential OS part like /var or /home mounted from one single host, it might not be really usefull

> . If you are thinking in just setting up NFS to share some files you have and you want to copy them from box to box I tell that it's better to use FTP because of 2 main reasons speed and security.


@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ iｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MOST POPULAR IOS GAMES 2020 :

https://apps.apple.com/us/app/pubg-mobile-mad-miramar/id1330123889

https://apps.apple.com/gb/app/the-battle-of-polytopia/id1006393168

https://apps.apple.com/gb/app/pigeon-wings-strike/id1446825951

https://apps.apple.com/gb/app/disc-drivin-2/id1225500131

https://apps.apple.com/gb/app/data-wing/id1206723870

https://apps.apple.com/gb/app/spelltower/id1490605957

https://apps.apple.com/gb/app/knight-brawl/id1461098011

https://apps.apple.com/gb/app/shadowgun-legends/id1091251242

https://apps.apple.com/gb/app/asphalt-9-legends/id805603214


▁ ▂ ▄ iｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Configuration for Transparent Proxy :
——————————————————-

1) You have to compile your kernel with NFS support to add NFS support to
your kernel enable the option

Filesystems -->
Network File Systems -->
<*> NFS filesystem support
(...)

2) Compile and you are ready for playing with nfs.
There are 3 main files that allow you to configure NFS at your will:

/etc/hosts.allow
/etc/hosts.deny
/etc/exports

. hosts.allow

3) This file holds which IPs have access to the portmap services.
This file has the syntax SERVICE : ALLOWED IPs
So in our case we would read in the /etc/hosts.allow something like

rpc.portmap : 192.168.0.0/24
rpc.nfsd : 192.168.0.0/24
rpc.mountd : 192.168.0.0/24

. hosts.deny
4) This file holds which IPs don't have access to the portmap services. When portmap is queried, it grabs the IP, first it checks
hosts.allow if it's there it accepts, if it isn't check hosts.deny file if
it's there it will deny it, otherwise if not listed in both it will accept
the connection.

> The syntax it's the same as hosts.allow, so since we don't wanna accept any IP that is not listed on hosts.allow we can just add a single entry to host.deny were we read

ALL : ALL

5) This will deny everything that didn't match on the hosts.allow file.

. exports

6) Finally we have the exports file, this file holds which directories
can be exported and to where and with what options.

7) The syntax of this file is:
directory IP(options)

🦑 Where options can be:

noaccess: just the dir listed will be mounted the subdirs won't
rw: will give read and write permissions when mounted
ro: will give read only permission when mounted
root_squash: users with UID and GID iqual to 0 will be mapped


» for the anonymous UID and GID
insecure: the source port can be any of the 65536
secure: the source port have to be a reserved port (<1024)



▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 What are the signs that a virus is present on your pc ?

There are several things that may indicate the presence of a virus on
your system.

1) Unexplained file growth in EXE and COM files may indicate an
appending virus.

2) Programs that used to work now return with some type of error message and fail to work at all. This may indicate an overwriting virus. Some common messages are "Program to big to fit in memory" or "Unknown Command" and other similar messages. Thes should make you suspicious.

3) Unexplained directory changes. If you execute a program and then find that you are suddenly in a different directory, this may
indicate that a virus has been hunting for files to infect.
A decrease in available system memory. You should know how much
memory is usually free on your computer. If this number drops, it
may indicate a TSR virus. This does not always work since some
viruses do not protect the memory they use.

5) Unexplained ChkDsk errors. Stealth viruses will cause you to get a
CHKDSK error because they are altering the info before it gets to
CHKDSK. If you do a CHKDSK /F under this condition, it could CAUSE considerable damage to the directory structure when in actuality
nothing was wrong in the first place.

6) Unexplained disk access. If the floppy or hard drive begin to light
up all of a sudden for no reason, it could mean viral activity. It
could also mean that you are running a disk cache with staged
writes enabled.
7) An overall slowdown in system activity. Programs may take longer to execute than normal.


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

The Pro Cracking guide part 1


🦑 WHAT YOU WILL NEED ?


1> Like all programming, cracking is the debugging stage of
software development. It is the most tedious and hectic part
of programming as you shall see. However, unlike software
development, you are given no source code, only the machine
level code commonly called machine language.

2> Cracking
demands patience. No patience, no cracking.
Before we begin, you will need certain tools. These
include:

- A decent computer. By this, I mean at minimum a 286
computer with 2 or more megs of RAM. A 386 is the
ideal since it can load a debugger into usable memory.
- A source level debugger (eg. Turbo Debugger)
- A low level debugger (eg. DEBUG)
- An assembler system (eg. MASM, LINK, EXE2BIN)
- A hex dumping program (eg. Norton Utilities)

3) The source level debugger is what you will try to be using
most of the time. It provides many features that are a
convenience to the cracker, such as interrupt redirection.
Become comfortable with its features. However, in some
instances, the source level debugger may not be suitable for
cracking huge games since the debugger itself may take up too
much memory. In such a case, a low level debugger must be
used since their memory usage may be considered negligible.
This manual will focus on its use.
The assembler package will be used in the creation of
the famed loaders, which provide the cracker with dynamic
memory alterations without changing the original program.

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 PART 2 PRO CRACKING
> Crash Course in Assembly Language
instagram.com/UndercodeTesting

🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋 :


1) If you are already well familiar with the assembly
language, you may wish to skip this section. Cracking
demands the knowledge of assembly language. If you wish to

2) become a "serious" cracker, you might like to read up more
about this fascinating language. This section will only give
you enough info for intermediate level cracking.

3) At this point, you should familiarize yourself with
DEBUG and its commands as we will be using them shortly.

🦑 Registers
--------————-

1) One of the neato things that you will be fooling around
most often with are called the registers. Registers are like
variables (such as in BASIC) that are located within the CPU
itself. These registers may hold a positive integer from 0
to 255 or from 0 to 65535. They can also hold negative
integers from -128 to 127 or from -32768 to 32767. The
registers are given names as follows:

2) AX => accumulator - this register is most commonly used
for mathematical or I/O operations
BX => base - this register is used commonly as a base or
a pointer register (we'll talk more about this
later)
CX => count - used commonly for counting instructions
such as loops
DX => displacement - much like the base register

3) The registers stated above are considered general purpose
registers, since they can basically be used to store whatever
the user wants. Let's try putting some number in these
registers. Type in "R {enter}". You should see a bunch of
info, of which are four of the above mentioned registers.
Now, type in "RAX {enter}". Then type in a number like
8FABh.

4) Type in "R" again and noticed how the accumulator
(AX) has change its number.


5) These general purpose registers can also be "split" in
half into its higher and lower order components. Instead of
having one register AX, you can have two registers, AH and
AL. Note however that while you have a range of 0 to FFFFh
for AX, you will now have a range of 0 to FF for AH and AL.
You cannot change these directly in debug, but be aware that
programs will use it. If AX contains 0A4Ch, then AH will
contain 0Ah and AL will contain 4Ch.
6) The following are called the segment registers:

7) CS => code segment - the block of memory where the code
(instructions are located)
DS => data segment - the block of memory where data can
be accessed. In block move operations in which



8) huge blocks of memory are moved, this is commonly
the segment in which the CPU reads from.
ES => extra segment - also another data segment. In
block move operations in which huge blocks of
memory are moved, this is commonly the segment in
which the CPU writes to.
SS => stack segment - this is the block of memory in
which the CPU uses to store return addresses from
subroutines. (more on this later)

9) In introductory level of cracking, we don't mess around with
these registers. Later, we will see how we can use these to
trick a program into thinking other things, but that's later.
You can also change these registers in debug. Type in "RCS
{enter}". Then enter "0 {enter}" and notice how the CS
register changed.
There are other registers that we use to see what the
program is doing. These registers can also be change in
debug. Included are the following:

PART 2 PRO CRACKING

10) SI => source index - this register is used in
conjunction with block move instructions. This is
a pointer within a segment (usually DS) that is
read from by the CPU.
DI => destination index - this register is also used in
conjunction with block move instructions. This is
a pointer within a segment (usually ES) that is
written to by the CPU.
BP => base pointer - a pointer used commonly with the
stack segment
SP => stack pointer - another pointer used commonly with
the stack segment (this one, you don't touch)

11) These registers control how certain instruction work, such as
the conditional jumps (in BASIC, they are like IF-THEN's).
They are stored as bits (0's or 1's) in the flags register.
We will most often use:

zero => ZR/NZ (zero/not zero) - tells you whether an
instruction (such as subtraction) yielded a zero
as an answer
sign => NG/PL (negative/positive) - tells you whether an
instruction yielded a positive or negative
number
carry => CY/NC (carry/no carry) - tells you whether an
instruction needed to carry a bit (like in
addition, you carry a number over to the next
digit). Various system (BIOS) functions use
this flag to denote an error.
direction => DN/UP (decrement/increment) - tells a block
instruction to either move forward or backwards
in reads and writes

12) Try changing some of these bits. Type in "RF {enter}". Then
type in "DN {enter}" to change the direction flag to its
decrement position.


@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Mnemonic Flag(s) Checked Description
-------------------------------------------------------------
JB/JNAE CF=1 Jump if below/not above or
equal (unsigned)
JAE/JNB CF=0 Jump if above or equal/not
above (unsigned)
JBE/JNA CF=1 or ZF=1 Jump if below or equal/not
above (unsigned)
JE/JZ ZF=1 Jump if equal/zero
JNE/JNZ ZF=0 Jump if not equal/not zero
JL/JNGE SF not equal Jump if less/not greater or
to OF equal (signed)
JGE/JNL SF=OF Jump if greater or equal/not
less (signed)
JLE/JNG ZF=1 or SF Jump is less or equal/not
not equal OF greater (signed)
JG/JNLE ZF=0 or SF=OF Jump if greater/not less or
equal (signed)
JS SF=1 Jump if sign
JNS SF=0 Jump if no sign
JC CF=1 Jump if carry
JNC CF=0 Jump if no carry
JO OF=1 Jump if overflow
JNO OF=0 Jump if not overflow
JP/JPE PF=1 Jump if parity/parity even
JNP/JPO PF=0 Jump if no parity/parity odd

There are all the possible combinations of conditional jumps
that you will encounter. I realize that we have not
discussed some of the flags such as overflow or parity, but
be aware that they exist and programs sometimes use them.

JMP - jump
----------
This instruction does what it suggests. It jumps too
different sections of code. Several forms of the jump
instruction include:

2E0B:0208 EBF6 JMP 0200
2E0B:020A 3EFF24 JMP DWORD PTR DS:[SI]

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 PART 3 PRO CRACKING

> DISK BASED COPY PROTECTIONS

Disk Based Copy Protection
--------------------------
Since disk based copy protection schemes are rarely
used, we will not go into great depth in its discussion.

INT 13h
-------
I have previously mentioned that INT 13h copy protection
schemes are hardly ever used anymore. Nevertheless, it would
be good practice for the beginner to learn how to defeat the
code. You will most likely see INT 13h used with function 2,
read sector. This means that:

AH => will contain the number 2 (function 2)
AL => the number of sectors to read in. This is
commonly only 1 since you just want to check a few
sectors for disk validity.
CH => will contain the cylinder number
CL => will contain the sector number
DH => will contain the head number
DL => will contain the drive number
00h - 7Fh for floppies
80h - FFh for fixed disks
ES:BX => will point to the address into which the data
read from the disk will be written to

Upon the return for this interrupt, if the carry flag is
set, that means that the program could not read the sector,
and therefore the disk is valid. If the carry flag is clear,
that meant that INT 13h could read the sector properly and so
the disk would be bad in the eyes of the program, thinking it
was a copied disk.

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 using those cracking written tutorials + Cracking tools from yesterday you will get alot of help