Weak skill in encrypted disc cracking

Source: Internet
Author: User
Tags ultraedit

Cracker: id_zero_CRK
Http://elma.myrice.com
If you want to repost all the articles, please keep them all. Thank you!

Part 1: Image music disc cracking
Generally, the most common encryption method for an encrypted disc is to encrypt the directory so that you cannot see this hidden directory in the Windows built-in Resource Manager (of course, it is not as easy as adding a hidden attribute ). however, DOS (Windows built-in DOS) often shows and enters these hidden folders.
We use the CD of my cartoon music MP3 as an example. Normally, the file and directory we see are as follows:

H:> dir
The volume in drive H is 2000_64
The serial number of the volume is the D285-3A07

H: Directory

04/09/1997 27 AUTORUN. INF
07/29/2000 21:27 <DIR> browse
07/29/2000 :44 <DIR> image
04/23/1997 450,048 SETUP. EXE
07/30/2000 214 description. TXT
3 files in 450,289 bytes
2 directories 0 available bytes

(H: the disk is my optical drive). Will the directory of the H disk be hidden? So:

H:> dir/
The volume in drive H is 2000_64
The serial number of the volume is the D285-3A07

H: Directory

04/09/1997 27 AUTORUN. INF
07/29/2000 21:27 <DIR> browse
07/29/2000 :44 <DIR> image
04/23/1997 450,048 SETUP. EXE
07/30/2000 214 description. TXT
3 files in 450,289 bytes
2 directories 0 available bytes

It seems that there are no other directories except browse and image, but where is my MP3 file stored? Let me find it:

H:> dir *. mp3/a/s/p
The volume in drive H is 2000_64
The serial number of the volume is the D285-3A07
File not found

No? What does this mean-this is a hidden directory with non-General hidden attributes (if these MP3 files are in a directory), So I open an MP3 file through Autorun, view its attributes (I use the MediaPlayer that comes with Win by using the Location (Location) in File (File)-Properties (attribute) as "H: d r2 head Text d singing set Track 02.mp3 ", huh? What is this? -- "H: d r2": Is there a hidden directory, which is the directory we are looking! Okay, now we try to enter it:
(Note the steps here !) First:

H:> cd d r2

H: d r2> dir
The volume in drive H is 2000_64
The serial number of the volume is the D285-3A07

H: d r2 directory

07/29/2000 19:43 <DIR>.
01/01/1601 <DIR> ..
02/23/1997 10:46 51 _ SYSTEM1.DAT
05/03/1997 461,312 FILELIST. EXE
07/30/2000 <DIR> gsmeishen song set
07/30/2000 19:01 <DIR> GTO
07/30/2000 19:01 <DIR> Winamp
04/06/1997 0 ~ _ 9A90BC. TMP
07/30/2000 <DIR> no more game songs
07/30/2000 <DIR> song set
07/30/2000 <DIR> V album
07/30/2000 <DIR> PM
07/30/2000 <DIR> his and her story I
07/30/2000 <DIR> his and her story II
07/30/2000 <DIR> his and her story III
07/30/2000 <DIR> preface D singing set
07/30/2000 <DIR> lower-level student
07/30/2000 <DIR> campus delivery department
3 files in 461,363 bytes
15 directories with 0 available bytes

Okay, there is no problem in DOS. Let's try to open it in resource manager:
Start --- run --- type "h: d r2"
The following message is displayed:
No program is associated with the file to perform this operation. Create an association in the folder options of the control panel.
OK
It seems that this directory is not so easy to go in, so we choose another path-remember "H: d r2 first text d singing set Track 02.mp3? Among them, "H: d r2 head Text d singing set" is also a directory. Let's try this. The method is the same as above. It's not repeated. Haha! Successful! Enter this directory! Click the "up" button to see what is going on? The directory of all MP3 songs under the entire "d r2" directory is in the resource manager window !! I don't need to teach you the next thing, right ?! In this way, even if you do not have a serial number, you can access the encrypted disc. (d R2's directory is fixed, but different directories are different. If you are careful, a file named filelist.exe is fixed. What does this mean? Well, you can understand it without saying it.-This file is not recommended for security and convenience reasons)
In addition, the registration codes of these types of discs are generally 658888 and 886655.

Part 2: film animation disc cracking
Similarly, the decryption of these types of CDs is also performed in non-General hiding of directories. I will use three RM-format CDs in Conan Prefecture as an example.
The Directory of the CD is as follows:
H:> dir/s/a: d/w
The volume in drive H is 905
The serial number of the volume is 519C-4DB0

H: Directory

[TIF-24B] [TOOLS]
0 files, 0 bytes

H: TIF-24B directory

[.] [...]
0 files, 0 bytes

H: TOOLS directory

[.] [...] [FULLDATA]
0 files, 0 bytes

H: TOOLSFULLDATA directory

[.] [...]
0 files, 0 bytes

Total number of files listed:
0 files, 0 bytes
9 directories 0 available bytes
Remember that H: TOOLS only contains the directory H: TOOLSFULLDATA.
In this case, we can see that the directory of the CD file is the same as the directory of the above CD, and we cannot find this non-General hidden directory, while searching *. rm and *. ram files cannot be found at all, but in the browser executed by the CD Autorun, click "up ", then we found a directory named FULLDATA. (This is enough. We can use this FULLDATA directory to determine that the current folder is H: TOOLS !) The current folder has two directories-the other one is the "_ SYS1.HDR" directory, obviously, the animation file directory = the directory we just created = the current directory \ _ SYS1.HDR = H: TOOLS \ _ SYS1.HDR. Haha, the final formula is the animation file directory = H: TOOLS \ _ SYS1.HDR, and finally, start --- run --- type "H: TOOLS \ _ SYS1.HDR". What do you see? Let's start watching movies.
In addition, the operating method of the Ke Nan series CD is to install three COK keys in the Autorun image.

Part 2: Software cracking
Please go to http://elma.myrice.com if you want to download

---------------------------------
Appendix,
1. Common Methods for starting encrypted discs:
Enter cok, www, 8888 or press F12 on the Autorun Screen
Serial number: 886655, 658888, www, letmein
(The relationship between each of the preceding items is or)
2. I don't know who wrote the [five types of encrypted discs] (here I am sorry for the 0.12 million points)
There are many encrypted discs on the market today, which are burned in special forms. After you put it into the optical drive, a software installation screen will show you to enter the serial number, if the serial number is correct, a file browsing window will appear, the error will jump back to the desktop. If you are viewing a CD file from a resource browser, It is a file like some images, but you cannot find the file you are looking. Have you ever encountered such a thing? What should I do if your CD serial number is lost or the CD serial number is incorrect? Don't worry, look at my "X-Dragon five "!

Method 1: Use the hexadecimal editor such as UltraEdit to directly find the serial number.

Run UltraEdit to open SETUP in the root directory of the CD. EXE, click "Search"-> "Search" on the menu, and enter "Enter serial number" in the "search for what" column in the pop-up dialog box ", note that you should select "Search for ASCII characters" in the multiple selection box and press Enter. After "Enter the serial number", the subsequent number is the serial number. This method is used to retrieve the Chinese Palace (serial number). It's amazing!

Method 2: Use the IsoBuster and other CD recording software to directly browse the hidden files on the CD.

Run IsoBuster, select the optical drive where the encrypted disk is located, and click Refresh next to the selection column. Then, it will read the files in the optical drive, at this time, you will find that there is an extra folder in the file browser box on the left, which is the file you really want. Then you can run or copy these files. This method is clear and clear!

Method 3: Use the virtual optical drive software (such as Vcdrom and virtual optical drive 2000) and a hexadecimal Editor (such as UltraEdit and WinHex ).

The method is:

1. Use the virtual optical drive software to make the encrypted disc into a virtual disc file. When the Progress reaches 1%, press Ctrl + Alt + Del to forcibly terminate the operation of the virtual optical drive program.

2. use a hexadecimal editor to open a CD file with only % 1 (File suffixed with vcd or fcd ), find any visible directory name or file name in the editing window (because the file is not very easy to find ), you can see the hidden directory name or file name (usually the directory name) in the Upper/lower corner of the location ).

3. In the MS-DOS window, run the CD command to enter the directory you see, and then Dir you can see what you want, at this time is to run or copy the file with you. In this way, even more powerful encryption disks are hard to escape.

Method 4: run the following command under the drive letter of the optical drive:

D r2filelist.exe: you can run the browser program (filelist.exe is a program for hiding the browsing disc ).

This method is effective for many CDs, but I dare not say 100% is valid. Why? Because I cannot try all the CDs! This type requires no registration code, no software, fashion choice!

Method 5: Use File Monitor to handle encrypted discs with hidden directories.

The File Monitor software may not be very familiar to everyone. It is a pure "green" Free Software that monitors the running status of specified files in the system, such as specifying which File is opened and which File is closed, the file to which data is read. It allows you to monitor a monitored file for any operations such as reading, writing, and opening other files, and provides complete report information. Haha, you must have thought of it? Yes! This function is used to monitor the running status of files on the encrypted disc to get what we want.

Next we will take a new DDR dancing disc as an example to see how to discover hidden directories.

1. Run the main File FileMon of File Monitor and check "Capture Events" in "Options;

2. Run the DDR dance disc. After the selected dance music has been transferred to the memory, you can exit the DDR;

3. Return to FileMon. What do you see? Yes! All file calls have been recorded! Now, remove the check box before "Capture Events" to avoid increasing the number of records. Then, let's take a look at what the record is. Part of the screenshot is as follows:

Explorer FindOpen E: DDR99.EXE SUCCESS

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.