Robin Hood's
how to search

Reverser's Nofrill
Web design

28 January 1998

A letter by Robin Hood
(which is interesting per se, exspecially if you don't know what line bombs are)

My own public answer to Robin Hood
(since he used an anonym remailer)

Robin Hood's lessons:

ZERO, an overview
ONE, search engine attacks
TWO, special engine attacks
Hello Reverser,

I've been working on a present for you, yes, more lessons for
your pages of reverse engineering. Though they are not about
cracking applications, they involve some "cracking" of sorts.
I appreciate all the work you have put into your site both in
the things you have written and the administration of the
+HCU essays. With no disrespect meant to you, I found a
section of your site that could use a little improvement,
namely the "searching" pages, so I've picked up the gauntlet
to "work well" and have started building a set of "Hunting
Lessons" for your site.

Everyone has his skills, talents and strong set. Considering
your vast reverse engineering skills, your time seems better
spent with real cracking issues rather than searching. I'm
not a cracker of code, well at least not yet, but I can hunt
the net fairly well.

I've kept the pages in line with ideas; small, fast loading
with a few tiny gifs for spice. I don't have the HTML skill
to do them all in edit.com but I'm not using a WYSIWYG
program either. I chose WebEdit Pro (a glorified text editor
with a viewer and HTML reference) so I could actually lean
all the various tags.

There is an irony to contend with here; I see no reason to
waste time writing the lessons unless they are something you
actually want but you'll have no idea if you want them until
you see them. To resolve this I've sent along the rough
drafts of the first three pages. They are unfinished but
should give you an idea of my work and the out line will
show you where things are headed...


And the following part is also EXTREMELY INTERESTING for all those among you that never learned the 'repairing' techniques needed in order to reconstruct maimed base64 files:
Lastly the narrow character format is necessary to sucessfully
pass files through the "Cracker" remailers. You will have to
open the message as text and edit the bombs that the remailer
has installed. There are five "Content-" lines repace the
string "=3D3D" and with "=3D" (without the the quotes).

Since the remailer will alter the exaples above, I'll put 
them in text; search for "equals three capital-D" and replace 
with just the "equals" character, no spaces or quotes. There 
should be two equal signs at the end of the "Content-MD5" line.

Also search for line bombs, they are really simple to find
and repair. Search for "=3D" (the "equal" char) in the main
body of the encoded message. If you find one it will be
followed by two numbers which represent the hex value for
the character that belongs in that position. Replace the
equal sign and the numbers with the corresponding letter and
look for a second equal sign after (at the end of the line)
and delete it. The remailer tends to go after "F" Hex46 for
some reason so you'll probably find an "equals"46 at the
start of a few lines. Replace them with F and delete the
second equals sign at the end of the line. We're not supposed
to be able to pass any files through this remailer, that's the 
purpose of all this maiming, but every thing is crackable even 
the "Georgia Cracker."
Here you have some examples:
Content-MD5: uC1pqPUTQ9F00UpHDb1UWA=3D=3D

Note the =46 at the beginning of the line. You just substitute "F" to it and eliminate the = sign at the end of the line, obtaining:
Remailers seem to maim files choosing a letter randomly, every time the encoded file has a line starting with that letter, it will be maimed.
Dear Robin Hood, it seems that at least some sections of my site begin to bear those fruits +ORC spoke about long ago. After the Student section, which has blossomed beyond any possible forecast, there are now a whole series of sections slowly 'taking off', or at least so I hope enduring the frozen rains of this still cold winter. Some contributions are just little snippets of knowledge, others, like yours, are more structured and promising.

You write that my time "seems better spent with real cracking issues rather than searching", and I would happily agree IF there were somebody else teaching searching matters, which is not the case, at least not until now. The simple truth is that all these activities are REALLY interrelated: cracking, searching, reversing, hacking and, in my opinion, understanding the real face of the reality as well. That's the reason I'm seriously keen, now, in developing and pushing also my 'reality cracking' section (I hope with even more help from +ORC and others): I believe that our ultimate goal must be to grow, out of a masse of gullible beginners, not only 'simple' crackers, but clever, 'ethycally' good and mighty powerful reversing wizards. We'll need their unvaluable help if we ever hope to reverse this world... reverse! Not only in order to understand its awful realities, taking profit of this, through our knowledges, for ourselves, which is a very easy thing to do, but also in order to change it, which is incredibly difficult, given the power available to those that DO NOT WANT any changement. "Crackers haben bis jetzt das Welt nur verschieden Interpretiert, es kommt aber darauf an es zu verändern".

I hope you'll "work well", as I assume +ORC must have written to you, and that you'll send your complete lessons.

Two comments, about form and about content:
I respected your colors choices, yet, as a suggestion, I would advice you to choose black fonts on gray backgrounds for reading and printing 'obvious) reasons. Some Sherwood green can be kept using the simple table tricks I have used at the top of this very page.
A caveat: The Minnesota teacher
Searching is indeed difficult and my friend Robin Hood has been, in this case, trapped inside a false path.
The Minnesota teacher in Robin's lesson ONE is a very real chap (altough I agree that such a biography could be useful to set up a fake page). He only happen to have got the same SLOT in Geocities where a page of mine has been hosted for almost one year (until Geocities censored it, that is :-(
At the beginning the poor chap has been buried by hundred of emails from people seeking my page, and he was so kind to have a link to my new sites, link that he has now, apparently, taken away. These are the vagaries of Geocities and all other free pages providers: you never know if the slot you find was a famous craker location before (or worse :-)
Robin, you could have avoided this mistake performing a SEARCH on my pages for that URL (since you were searching for reverser)... and you would in that case have found exactly the same alta vista trick that you explain, with that very example you use, on my own searengi.htm page (I have always been too lazy to change it). So even expert searchers can be fooled, as it seems :-)
Yet this does not diminish the importance of the lesson by Robin, in fact the 'mapping/brute boting' trick is one of the methods I use myself to dump complete maps of the smut sites I want to destroy :-)
And since my knowledges in this field are far from good, I'm eagerly awaiting Robin's lessons on this matter!

Two more answers:
- The anonymizer 'real' trick is well know by those who need to know it and it is indeed NOT a good idea to go public with it. So don't speak about it in your next lessons.
- Yes it's a decoy; yes you have been fooled (at least I hope); No, I have nothing to do with MJ13 and my handle (at least in this phase) is reverser+ or reverser or Reverser
redhomepage redlinks redsearch engines red+ORC redstudents' essays redacademy database
redtools redjavascripts wars redcocktails redanonimity academy redantismut CGI-scripts
redcounter measures redmail_reverser
redIs reverse engineering legal?

red(c) Reverser 1995, 1996, 1997, 1998. All rights reserved