Reversing gods
+ORC: "a tutorial"
gathered from fravia+, +HCU caretaker
and +ORC's student

OK, I have "moved" +ORC's tutorial among the "reversing gods" section. I feel that after +ORC's "cheshire cat" disappering trick, we should see things somehow more "in context". Hope you undrestand what I mean. Else read on and try to understand what I mean... eheh :-)
A propos: courtesy of fravia's pages of reverse engineering
How to crack, a tutorial, by +ORC
(the old red cracker)

There is some info about +ORC on this page (updated July 1999)

Further, you'll find 400 (four hundreds) essays of his scholars 'and other friends) clicking on this banner AND elsewhere:
academy page

Actuality of +ORC's 'old' teachings

Even if +ORC has retired (and disappeared) during spring 1998, his teachings still emanate a quite formidable reversing 'power', as literally thousands of reversers can confirm.
You may enjoy this essay about the correct stalking 'mood' you should need in order to stalk +ORC's old gate (published 20 January 1999!) or you may have a look at this info about +ORC's works being published (on paper) in January 1999).
"Give a man a crack, and he'll be hungry again tomorrow,
teach him how to crack, and he'll never be hungry again"

If you want to save one of +ORC's lessons, and you don't know how, and all it does is display on the screen, try to hold down the shift key when you click on it: it might solve your problem

Lesson 1, An approach to cracking (26780)

Lesson 2, Tools and tricks of the trade (29854)

Lesson 3.1, Hands on, paper protections (basic) (27143)
Lesson 3.2, Hands on, paper protections (advanced) (23484)

Lesson 4.1, A short history of time (83484) Time protections in Windows, an introduction
Lesson 4.2, A short history of time (82004) Microsoft's trial time protections

WARNING! Lesson 4.2 is Microsoft explorer hostile!

And here is the link to the DEMO of the old version 3 of M$-Money for the +HCU's strainer!

Lesson 4.3, Time protections in Windows, advanced cracking
Lesson 4.4, Quiver protections in Window

Lesson 5.1, Hands on, Disks & CD-Rom access (basic) (25798)
Lesson 5.2, Hands on, Disks & CD-Rom access (advanced)

Lesson 6.1, Funny tricks (some) (25365)
Lesson 6.2, Funny tricks (some other)

Lesson 7, Intuition and luck

Lesson 8.1, How to Wincrack, an approach (I) (19058)
Lesson 8.2, How to Wincrack, a deeper approach (II) (24997)
Lesson 8.3, How to Wincrack, a first conclusion (III)

Lesson 9.1, How to Wincrack, Hands on (1) (30332)
Lesson 9.2, How to Wincrack, Hands on, Nagscreens (psp) (26889)
Lesson 9.3, How to Wincrack, Hands on, Nagscreens (dead listing) (49920)
Lesson 9.4, How to Wincrack, Hands on (4)

Lesson A.1, Advanced cracking (Internet-Unix) (19801)
Lesson A.2, Advanced cracking (Internet-Dos)

Lesson B.1, Zen cracking (basic)
Lesson B.2, Zen cracking (exercises)

Lesson C.1, Cracking as an art: Barcodes and Instant access I (25436)
Lesson C.2, Cracking as an art: Instant access II - strainer to the +HCU (33286)
Lesson C.3, Cracking as an art: Instant access revealed (33286)

OK, so you would like to have all those old target programs in order to play with the +ORC's tuts listed above... well, ehmm... ever thought to visit my brother's +greythorne's page?
The names of the missing lessons are based on various original private emailings from +ORC, and could be different
The lessons are NOT in chronological order... apparently +ORC began his work in that way but soon began "hopping" from lesson to lesson.
I tried to re-construct the order of arrival of the various lessons: 1 - 2 - 3.1 - 3.2 - 5.1 - 6.1 - A.1 - C.1 - C.2 - 8.1 -8.2 - 9.1 - C.3 - 9.2 - 9.3 - 4.1 - 4.2 (the last one)
Please do not ask for the missing lessons, if you get them send them to me instead, even anonymously!
+ORC gives them (very infrequently) "on bargain", see the last lines of each lesson
__Various information about +ORC__
Where should I begin? The fact is that there are not so many information about +ORC, who seems to be a very peculiar guy. I tried to stalk him for a long time, I have given up now. From some private letters that he has sent to some of his students, we got the impression of a middle-aged retired university professor, "reversing" expert, pretty often abroad (for linguistic and/or cracking studies). I think he could be Dutch, but I'm not sure, that's only a theory of my wife, which speaks Dutch and told me that some of the patterns he uses point in that direction. This has been confirmed by many Dutch readers of this page.
Another interesting theory is that he is US military... any hint from any of you is welcomed, there is quite a lot of 'Orcstalking' going on, as I can vouch reading the letters I receive on this subject.
On the web there are some specialised sites for "+ORC's stalking", the best one is IMO the redBasilisk's one.
(It would need updating, though... anyway you'll find on that site many other interesting stalking tools!

A history of my first contact

As soon as I saw the first lessons by +ORC, back in the winter of 1995, I understood that a new dawn was possible (at least among crackers :-) if enough of them would have understood and carried his tutorial and his simple (but incredibly deep) message:
"knowledge is now free at last, everything should be free from now on, 
enjoy knowledge and life and work for everybody else"
I was also struck by the affinities between my own ideas and +ORC's philosophy.

+ORC's approach, in choosing "cracking" (the busting of software protections) as a channel through which his ideas could be at least partly diffused was simply genial: There you had on one side a huge community of very clever talented young people, with an incredible thirst for knowledge, which could NEVER be satisfied by a society mainly intent in transforming them in silly consumer guinea pigs, and there you had, on the other side, our magnificent Web, growing with an incredible momentum: the perfect media for free "forbidden" and "half-anonymous" knowledge spreading. A high explosive cocktail indeed!

The developments of the last years, with the incredible growth of the "+ORC's students" section, seems to confirm that +ORC has indeed thrown a lot of seeds in the wind! :-)

His tutorial is now (November 1997) partly obsolete. The incredibly rash development of the +HCU has given results that went beyond any possible forecast. The +HCU is certainly not "a group of crackers". It is a loose association of reverse engineers, crackers and protectors (yeah, as strange as it may seem :-) without affiliation or affiliated to one of the many different existing groups. The +HCU publishes each year (in April) a "strainer" for admission to the subsequent year courses, strainer which is in turn mainly an excuse to check the identity of the applicants and a guarantee, for those who get through it, to have their merit emphasised. The +HCU is nowadays, through his many projects and the more than 400 essays, a real free "Academy" of software reverse engineering (the only one on the Web) whose documents are eagerly awaited (and read) by many "professional" reverse engineer around the world. Judging from the postings I have received in recent times there is a growing "official" recognition of our work, an activity that a couple of years ago could still have been dismissed as simple (silly) 'protection cracking'. All this has been made possible by +ORC, and I (among many others) will NEVER forget it.

+ORC has partly retired. You'll be able to read here a letter he wrote us. Last contact we had he was currently cracking ancient languages (or so it seemed to +gthorne and me, yet with +ORC you never know what's real and what's faked) and did promise his couple of lessons about Zen-cracking for the +HCU courses. On 29 October 1997 (also long ago in web-time :-( he wrote another letter about the organisation of teh following year's +HCU courses, where he did not give the impression of a "retired cracker" (whatever that means) and seemed intentioned to work a lot... so who knows what he had for...

I'm not only an +ORC student, I am an official +ORC's fan. I like a lot what he called "reality cracking", and I wish could elaborate more and better on those matters. Some of +ORC's contributions seem to me particularly outstanding, like his now famous essay about supermarket enslavement techniques (you'll never see again your own supermarket with the same eyes once you read that :-) and his cracking (and a little shady :-) absolute masterpiece about codebar techniques.
In fact I believe that the "reality cracking" done by +ORC (see for instance also his modern Zen essays) is a QUITE important deed, superior even to his famous tut, and will acquire a more and more important role -for us all- in the near future.

For many years +ORC used a bilateral channel on the never forgotten anon.penet.fi server, until this (famous) server was closed down. We did not have (almost) any contact for a whole year, and then, on 21 August 1997, he reopened a bilateral channel where you could email him: orc__@hotmail.com.
WARNING!... he wrote that he did not intend to answer any email that wasn't coming from an +HCU student:
"I'll answer ONLY to old or new +crackers, though"
This should have kept him pretty busy anyway for a while, since, as you have probably already seen, on my site there are more than 400 different essays written by a couple of hundreds of more or less official "students".
Many authors, as you may have noticed, use now a "+", inside their handle, as a form of respect towards +ORC, yet not everyone of them took part to the +HCU courses: every year +ORC publishes (usually in April) a "strainer" for the admission to the following year's +HCU's courses.
I passed the strainer in 1996 and worked in a "unit" (as fravia+) together with +Sync and +gthorne.
Basically, we got +his lessons "in advance", in order to 'polish' and at times we had to 'finish' them (see as an example lesson 9.3). I suspect he was just too lazy to finish them himself :-)
The "strainer" that had to be solved in order to access the +HCU 1998 was published in April 1997 inside +ORC's lesson 4.2., all readers had time to solve it until 15 September 1997.
The redsolutions to this strainer have been published and represent a very interesting reading for reverse engineering studies: more than 10 good reversers have worked on the SAME three (Micro$oft's) protection schemes, tackling them from ALL possible angles, an execrcise of "comparated cracking" that nobody else, I believe has ever done until now... and that demonstates the amazing Web potentialities for "group work" in reversing and other matters :-)

If you want to learn more about +ORC -besides visiting the Basilisk's page- you may enjoy reading some of the letters that he has sent around: in the one from 21 August 1997 he seems to be happy with our work :-) and less and less interested in cracking and more and more interested in what he calls "reality cracking", in the one from 29 October 1997 he writes about the organisation of the +HCU courses for 1998. I hope that Dominique will send me a copy of +ORC's letter about "power and the internet", that I would like to publish, since at the moment I have not a complete version of it. Should anyone of you know of a site where all +ORC's letters have been published, please do contact me immediately

__How to reach +ORC secret pages__
This "gate" is relatively old: I copied this from another "gate" to +ORC in February 1996, it was located on an (apparently) German page, owned by a guy whose handle was "Sweterewich", that wrote in the CCC usenet group. Sweterewich "disappeared" in April 1996, yet I kept this gate on my site ever since: it should permit to open the gate below. See the Basilisk's page for a deep explanation of the difficult challenge inside it.
I could not crack it (and I tried hard)... good luck

"Gold, with six bars, or with the visor raised (in full face) for royalty" "Silver, with five bars, (in full face) for a duke or marquis" "Silver, with four bars, with visor raised (in profile) for an earl, viscount or baron" "Steel, without bars, and with visor open (in full face) for a knight or a baronet" "Steel, with visor closed (in profile) for a squire or a gentleman"

And now try to correct this link to reach +ORC (?)


As you could read above, there is a page of "the Basilisk" dedicated, among other things, to the above riddle. The Basilisk expresses there his convictions about the location of +ORC's next gate (he has made a huge work on this and many of the tools he has used in order to stalk +ORC's hidden gates are explained and very useful indeed). If you want to contribute to the great "riddle solving" contact him, I personally have given it up, the possible permutations seem to me too many (may be I'm not "simple" and "elegant" enough :-)
If +ORC had really a site somewhere, I believe that by now somebody would have found it... and upon consideration I don't believe that the two pages found by the Basilisk are really +ORC's gates (or, if they are, they are beyond my comprehension :-(
homepage links redanonymity redstudents' essays redacademy database tools antismut
cocktails search_forms mail_fravia+
redIs reverse engineering legal?

fravia+ December1997 ~ 4.647.1.6
Orc+ in India (January 1999)

                 Hi Fravia+,

                 I am a cracker/reverser from India , i really enjoy
                 reading the stuff on your fravia site.
                 This might interest you : 
                 A magazine called "Software Review" published here in
                 India from a place called Hyderabad ,
                 has serialized Orc+ 's cracking lessons. The first of
                 his lessons (on the pooldemo.exe game),
                 appeared in the November '98 issue , the next issue
                 carried in December the subsequent lesson. (I havent
                 seen the Jan 99 issue) . Probably this is the first 
		 time that the great Orc+'s works have been published 
                 in a "proper" software magazine!