+ORC: "a tutorial"|
gathered from reverser+, +HCU caretaker
and +ORC's student
OK, I have "moved" +ORC's tutorial among the "reversing gods" section. I feel that
after +ORC's "cheshire cat" disappering trick, we should see things somehow more "in context". Hope
you undrestand what I mean. Else read on and try to understand what I mean... eheh :-)
A propos: courtesy of reverser's pages of reverse engineering
How to crack, a tutorial, by +ORC
(the old red cracker)
FOUND IT! NOW DOWNLOAD AND
There is some info about +ORC on this page (updated
Further, you'll find 400 (four hundreds) essays of
his scholars 'and other friends) clicking on this banner AND elsewhere:
Actuality of +ORC's 'old' teachings
Even if +ORC has retired (and
disappeared) during spring 1998, his teachings still emanate
a quite formidable reversing 'power', as literally thousands of reversers
You may enjoy this essay about the correct stalking 'mood' you should
need in order to stalk +ORC's old gate (published 20 January 1999!) or you may have a look at this
+ORC's works being published (on paper) in January 1999).
"Give a man a crack, and he'll be hungry again tomorrow,
teach him how to crack, and he'll never be hungry again"
If you want to save
one of +ORC's lessons,
and you don't know how, and all it does is display on the
screen, try to hold down
the shift key when you click on it: it might solve your
Lesson 1, An approach to cracking (26780)
Lesson 2, Tools and tricks of the trade (29854)
Lesson 3.1, Hands on, paper protections (basic) (27143)
Lesson 3.2, Hands on, paper protections (advanced) (23484)
Lesson 4.1, A short history of time (83484)
Time protections in Windows, an introduction
Lesson 4.2, A short history of time (82004)
Microsoft's trial time protections
WARNING! Lesson 4.2 is Microsoft explorer hostile!
And here is the
link to the DEMO of the old version 3 of M$-Money for the +HCU's strainer!
Lesson 4.3, Time protections in Windows, advanced cracking
Lesson 4.4, Quiver protections in Window
Lesson 5.1, Hands on, Disks & CD-Rom access (basic) (25798)
Lesson 5.2, Hands on, Disks & CD-Rom access (advanced)
Lesson 6.1, Funny tricks (some) (25365)
Lesson 6.2, Funny tricks (some other)
Lesson 7, Intuition and luck
Lesson 8.1, How to Wincrack, an approach (I) (19058)
Lesson 8.2, How to Wincrack, a deeper approach (II) (24997)
Lesson 8.3, How to Wincrack, a first conclusion (III)
Lesson 9.1, How to Wincrack, Hands on (1) (30332)
Lesson 9.2, How to Wincrack, Hands on, Nagscreens (psp) (26889)
Lesson 9.3, How to Wincrack, Hands on, Nagscreens (dead listing)
Lesson 9.4, How to Wincrack, Hands on (4)
Lesson A.1, Advanced cracking (Internet-Unix) (19801)
Lesson A.2, Advanced cracking (Internet-Dos)
Lesson B.1, Zen cracking (basic)
Lesson B.2, Zen cracking (exercises)
Lesson C.1, Cracking as an art: Barcodes and Instant access I
Lesson C.2, Cracking as an art: Instant access II - strainer to the
Lesson C.3, Cracking as an art: Instant access revealed (33286)
OK, so you would like to have all those old target programs in order to play with
the +ORC's tuts listed above... well, ehmm... ever thought to visit
my brother's +greythorne's page?
The names of the missing lessons are based on various
original private emailings from +ORC, and could be different
The lessons are NOT in chronological order... apparently +ORC began
his work in that way but soon began "hopping" from lesson to lesson.
I tried to re-construct the order of arrival of the various lessons:
1 - 2 - 3.1 - 3.2 - 5.1 - 6.1 - A.1 - C.1 - C.2 - 8.1 -8.2 -
9.1 - C.3 - 9.2 - 9.3 - 4.1 - 4.2 (the last one)
Please do not ask
for the missing lessons,
if you get them send them to me
instead, even anonymously!
+ORC gives them (very infrequently) "on bargain", see the
last lines of each lesson
__Various information about
Where should I begin? The fact is that there are not so many information about +ORC, who
seems to be a very peculiar guy. I tried to stalk him for a long time, I have given up
now. From some private letters that he has sent to some of his students, we got the impression
of a middle-aged retired university professor, "reversing" expert, pretty often abroad
(for linguistic and/or cracking studies). I think he could be Dutch,
but I'm not sure, that's only a theory of my wife, which speaks
Dutch and told me that some of the patterns he uses point in
that direction. This has been confirmed by many Dutch readers of this page.
Another interesting theory is that he is US military... any hint
from any of you is welcomed, there is quite a lot of 'Orcstalking'
going on, as I can vouch reading the letters I receive on this
On the web there are
some specialised sites for "+ORC's stalking", the best one is IMO
(It would need updating,
though... anyway you'll find on that site many other interesting stalking tools!
A history of my first contact
As soon as I saw the first
lessons by +ORC,
back in the winter of 1995, I understood that a new dawn was possible (at least among
crackers :-) if enough of them
would have understood and carried his tutorial and his simple (but incredibly deep) message:
"knowledge is now free at last, everything should be free from now on,
enjoy knowledge and life and work for everybody else"I was
also struck by the affinities between my own ideas and +ORC's philosophy.
+ORC's approach, in choosing "cracking" (the busting of software protections) as a channel
through which his ideas could be at least partly diffused was
simply genial: There you had on one side a huge community of very clever talented
young people, with an incredible thirst for knowledge, which could NEVER be satisfied by
a society mainly intent in transforming them in silly consumer guinea pigs, and there you
had, on the other side, our magnificent Web, growing with an incredible momentum:
the perfect media
for free "forbidden" and "half-anonymous" knowledge spreading. A high explosive cocktail indeed!
The developments of the last
years, with the incredible
growth of the "+ORC's students" section, seems to confirm that +ORC has indeed
thrown a lot of seeds in the wind! :-)
His tutorial is now (November 1997) partly obsolete. The incredibly rash
development of the
+HCU has given results that went beyond any possible forecast. The +HCU is certainly
not "a group of crackers". It is a loose association of reverse engineers, crackers
(yeah, as strange as it may seem :-) without affiliation or affiliated to one of the many different
existing groups. The +HCU publishes each year (in April) a "strainer" for admission to
the subsequent year courses, strainer which is in turn mainly an excuse to check the
identity of the applicants and a guarantee,
for those who get through it, to have their merit emphasised. The +HCU is nowadays, through
his many projects and the more than 400 essays,
a real free "Academy" of software reverse engineering (the
only one on the Web) whose documents are eagerly awaited (and read) by many "professional"
reverse engineer around the world. Judging from the postings I have received in recent
times there is a growing "official" recognition of our work, an activity that a
couple of years ago could still have been dismissed as simple (silly) 'protection cracking'. All this has been
made possible by +ORC, and I (among many others) will NEVER forget it.
partly retired. You'll be able to read here a letter he wrote us.
Last contact we had he was currently cracking ancient languages (or so
it seemed to +gthorne and me, yet with +ORC
you never know what's real and what's faked) and did promise
his couple of
lessons about Zen-cracking
for the +HCU courses. On 29 October 1997 (also long ago in web-time :-(
he wrote another
letter about the organisation of teh following year's +HCU courses,
where he did not
give the impression of a "retired cracker" (whatever that means) and seemed
intentioned to work a lot... so who knows what he had for...
I'm not only an +ORC student, I am an official +ORC's fan. I like a lot what
he called "reality cracking", and
I wish could elaborate more and better on those matters. Some of +ORC's
contributions seem to me particularly outstanding, like
his now famous essay about supermarket enslavement
techniques (you'll never
see again your own supermarket with the same eyes once you read that :-) and his
cracking (and a little shady :-) absolute masterpiece about
In fact I believe
that the "reality cracking" done by +ORC (see for
instance also his modern
Zen essays) is a QUITE important deed, superior even to his famous tut, and will acquire a more and
more important role -for us all- in the near future.
For many years +ORC used a bilateral channel on the never forgotten
anon.penet.fi server, until
this (famous) server was closed down. We did not have (almost) any contact for a
whole year, and then,
on 21 August 1997, he reopened a bilateral channel where you could
email him: email@example.com.
WARNING!... he wrote that he did not
intend to answer any email that wasn't coming from an +HCU student:
"I'll answer ONLY to old or new +crackers, though"This should
have kept him pretty busy anyway for a while, since, as
you have probably already seen, on my site there are more than 400
different essays written by a couple of hundreds of more or
less official "students".
as you may have noticed, use now a "+", inside their handle, as a form of respect
towards +ORC, yet not everyone of them took part to the +HCU courses: every year
+ORC publishes (usually in April) a "strainer" for the admission to the
following year's +HCU's courses.
I passed the strainer in 1996 and
worked in a "unit" (as reverser+) together with +Sync and +gthorne.
Basically, we got +his lessons "in advance", in order to 'polish'
and at times we had to 'finish' them (see as an example lesson 9.3).
I suspect he was just too
lazy to finish them himself :-)
The "strainer" that had to be solved in order to access the +HCU 1998 was
published in April 1997 inside +ORC's lesson 4.2., all readers
had time to solve it until 15 September 1997.
solutions to this strainer
have been published and represent a very interesting reading for reverse
engineering studies: more than 10 good reversers have worked on the SAME three
(Micro$oft's) protection schemes, tackling them from ALL possible angles, an
execrcise of "comparated cracking" that nobody else, I believe has ever done
until now... and that demonstates the amazing Web potentialities for "group work" in reversing
and other matters :-)
If you want to learn more about +ORC -besides visiting the Basilisk's page-
you may enjoy reading some of the letters that he has sent around: in the one from 21
he seems to be happy with our work :-) and less and less interested in cracking and
more and more interested in what he calls "reality cracking", in the one from 29
October 1997 he writes about the organisation of the +HCU courses for 1998. I hope
that Dominique will send me a copy of +ORC's letter about "power and the internet",
that I would like to publish, since at the moment I have not a complete version of it.
Should anyone of you know of a site where all +ORC's letters have been published, please
do contact me immediately
__How to reach +ORC secret pages__
This "gate" is relatively old: I copied this from another "gate"
to +ORC in February 1996, it was located on an (apparently) German page, owned by a guy
whose handle was "Sweterewich", that wrote in the CCC usenet group.
Sweterewich "disappeared" in April 1996, yet I kept this gate on my site ever since: it
permit to open the gate below. See the Basilisk's page for a deep explanation of the
difficult challenge inside it.
I could not crack it (and I tried hard)... good
"Gold, with six bars, or with the visor raised (in full face) for royalty"
"Silver, with five bars, (in full face) for a duke or marquis"
"Silver, with four bars, with visor raised (in profile) for an earl, viscount or baron"
"Steel, without bars, and with visor open (in full face) for a knight or a baronet"
"Steel, with visor closed (in profile) for a squire or a gentleman"
And now try to correct this
to reach +ORC (?)
LET ME KNOW IF YOU DO!
As you could read above, there is a page of "the
dedicated, among other things, to the above riddle. The Basilisk expresses there his
convictions about the location of +ORC's next gate (he has made a huge work on this and
many of the tools he has used in order to stalk +ORC's hidden gates are explained and
very useful indeed). If you want to contribute to the great
"riddle solving" contact him, I personally have given it up, the possible permutations
seem to me too many (may be I'm not "simple" and "elegant" enough :-)
If +ORC had
really a site somewhere, I believe that by now somebody would have found it... and upon
consideration I don't believe that the two pages found by the Basilisk are
really +ORC's gates (or, if they are, they are beyond my comprehension :-(
Is reverse engineering legal?
reverser+ December1997 ~ 4.647.1.6
Orc+ in India (January 1999)
I am a cracker/reverser from India , i really enjoy
reading the stuff on your reverser site.
This might interest you :
A magazine called "Software Review" published here in
India from a place called Hyderabad ,
has serialized Orc+ 's cracking lessons. The first of
his lessons (on the pooldemo.exe game),
appeared in the November '98 issue , the next issue
carried in December the subsequent lesson. (I havent
seen the Jan 99 issue) . Probably this is the first
time that the great Orc+'s works have been published
in a "proper" software magazine!