Anyone else dig into that kind of thing? Got any stories, tips, tricks
for reverse engineering?

Jokker,

Fun stuff. I do this often enough. Have you tried the IDA + Bochs debugger setup? You can actually debug in Bochs while updating IDA as you step through the program. One thing you'll find is some of the old DOS apps are fairly sophisticated in their packing and execution mechanisms, breaking IDAs
ability to follow the decompiled code or symbols (even if unpacked). A good example is The Pit or Lunatix 4.X. I was able to crack Lunatixes
configuration serial number code but could not follow the routines to generate a keygen.

It's tough and to be honest much easier nowadays with PE tools in windows
than it is with some DOS apps. I think one of the things that would get you some clout in this area would be to Keygen The Pit bbs door.

|20|15ÚÄ|16|08´ |08De|07ad|15be|07a|08tz b|07b|15s
|08ÀÄÙÃÄ¿ |08:>.|07A|08rk |0710|08:|07101|08/|0714|08.
|04þ |08À|20|15Ä|16|08Ù |08:>.|10A|02gn |1046|08:|101|08/|10123|08.
|04A|07n|15al|07o|08g |08:>.|12F|04sx |1221|08:|122|08/|12123|08. |04.p|08HENOM|04. |08:>.|15S|07ci |1577|08:|151|08/|15131|08. |04°±°|08±ÛÛÜÝ|08:>.|11T|03qw |111337|08:|113|08/|1113|08.

--- Mystic BBS v1.12 A45 2020/02/09 (Linux/64)
* Origin: deadbeatz.org (77:1/131)

Fun stuff. I do this often enough. Have you tried the IDA + Bochs
debugger setup? You can actually debug in Bochs while updating IDA as

I haven't tried Bochs but I probably should. I found dosbox-x to be pretty
good for that. I've hooked qemu up to GDB in the past and it wasn't too bad. Good to know all the tools since they have their strengths and weaknesses.

It's tough and to be honest much easier nowadays with PE tools in windows than it is with some DOS apps. I think one of the things that would get you some clout in this area would be to Keygen The Pit bbs door.

So I did take a quick glance at The Pit, it's got an obfuscated payload I
think so you'd probably have to dump it once it's loaded. Although I did hear speak elsewhere that it may have been a compiled registration and not shareware/unlocked with key.

--- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
* Origin: % disksh0p!bbs % bbs.diskshop.ca % SciNet ftn hq % (77:1/100)

So I did take a quick glance at The Pit, it's got an obfuscated payload I think so you'd probably have to dump it once it's loaded. Although I did hear speak elsewhere that it may have been a compiled registration and
not shareware/unlocked with key.

This is my understanding as well. Each registered copy of Pit is a custom compiled executable.

--- Mystic BBS v1.12 A44 2020/02/04 (Linux/64)
* Origin: monterey bbs (77:1/128)

So I did take a quick glance at The Pit, it's got an obfuscated payload I think so you'd probably have to dump it once it's loaded. Although I did hear speak elsewhere that it may have been a compiled registration and not shareware/unlocked with key.

Which version are you working with? I have the Pit 3.60 and it does not require registration.


* SLMR 2.1a * On the other hand, you have different fingers.
--- SBBSecho 3.10-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (77:1/115)

Which version are you working with? I have the Pit 3.60 and it does not

I think 4.17 ...

|20|15ÚÄ|16|08´ |08De|07ad|15be|07a|08tz b|07b|15s
|08ÀÄÙÃÄ¿ |08:>.|07A|08rk |0710|08:|07101|08/|0714|08.
|04þ |08À|20|15Ä|16|08Ù |08:>.|10A|02gn |1046|08:|101|08/|10123|08.
|04A|07n|15al|07o|08g |08:>.|12F|04sx |1221|08:|122|08/|12123|08. |04.p|08HENOM|04. |08:>.|15S|07ci |1577|08:|151|08/|15131|08. |04°±°|08±ÛÛÜÝ|08:>.|11T|03qw |111337|08:|113|08/|1113|08.

--- Mystic BBS v1.12 A45 2020/02/09 (Linux/64)
* Origin: deadbeatz.org (77:1/131)

So I did take a quick glance at The Pit, it's got an obfuscated payload think so you'd probably have to dump it once it's loaded. Although I did speak elsewhere that it may have been a compiled registration and not shareware/unlocked with key.

Which version are you working with? I have the Pit 3.60 and it does not require registration.

Pretty sure you have the bbsfiles.com version that is 'cracked/reg'd to bbsfiles.com'

They were talking about a keygen so it can be reg'd to whatever board name
you like.

|07E|10m|07b|10a|07l|10m|07e|10d |12-----------------------------------------------------
|09Black Lodge Research BBS |11blacklodgeresearch.org:4022
|11fsx|08Net: |0721:4/166 |11sci|08Net: |0777:1/133

--- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
* Origin: Black Lodge Research BBS (77:1/133)

Pretty sure you have the bbsfiles.com version that is 'cracked/reg'd to bbsfiles.com'

They were talking about a keygen so it can be reg'd to whatever board name you like.

hmmm, that could very well be! The registration txt file says it does not require registration so I just took it at its word. :O :D


* SLMR 2.1a * "Silence. Music's original alternative. Roots-grunge!"
--- SBBSecho 3.10-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (77:1/115)

Pretty sure you have the bbsfiles.com version that is 'cracked/reg'd to bbsfiles.com'

They were talking about a keygen so it can be reg'd to whatever board na you like.

hmmm, that could very well be! The registration txt file says it does
not require registration so I just took it at its word. :O :D

Well once I finish porting Opendoors to DJGPP, then I might have another
glance at The Pit and see if it is an obfuscated payload and try and dump it out under a VM or something. If we can get to the real code then there is always something that can be done. :)

--- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
* Origin: % disksh0p!bbs % bbs.diskshop.ca % SciNet ftn hq % (77:1/100)

Well once I finish porting Opendoors to DJGPP, then I might have another glance at The Pit and see if it is an obfuscated payload and try and dump it out under a VM or something. If we can get to the real code then there is always something that can be done. :)

Well if all else fails, maybe a talented door programmer could be talked
into writing an open source clone of it... call it The Pot or The Hole or
The Mosh Pit or Mud Pit or Olive Pit or something. LOL!


* SLMR 2.1a * Misspelled? Impossible. My modem is error correcting.
--- SBBSecho 3.10-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (77:1/115)

into writing an open source clone of it... call it The Pot or The Hole or The Mosh Pit or Mud Pit or Olive Pit or something. LOL!

DaPit

|20|15ÚÄ|16|08´ |08De|07ad|15be|07a|08tz b|07b|15s
|08ÀÄÙÃÄ¿ |08:>.|07A|08rk |0710|08:|07101|08/|0714|08.
|04þ |08À|20|15Ä|16|08Ù |08:>.|10A|02gn |1046|08:|101|08/|10123|08.
|04A|07n|15al|07o|08g |08:>.|12F|04sx |1221|08:|122|08/|12123|08.
|04.|08dPR|04. |08:>.|15S|07ci |1577|08:|151|08/|15131|08. |04°±°|08±ÛÛÜÝ|08:>.|11T|03qw |111337|08:|113|08/|1113|08.

--- Mystic BBS v1.12 A45 2020/02/09 (Linux/64)
* Origin: deadbeatz.org (77:1/131)