
                       
                   ܲ۲
                                      
             ܲ          ۲  ۲    
       ܲ   ܲ     ۲         
   ܲ     ߲            
       ߲   ۲     ܲ 
                                              roy<sac>
                                                        
                                  PRESENTS

             "  ONE OF SCENE'S LAMEST GROUPS ... CALLED 'DSi'  "
                              THE LAME SIDE INC.
    A STORY ABOUT MONTHLY RIPS' OF CORE'S KEYMAKERS AND HOW THEY CHEATED
                SPECiAL GUEST RIPPER: ALM_DETH, LEADER OF DSi
                         FEATURiNG: TONS OF EVIDENCE

    TOPiCS
    ======

    Part I   :  Introduction by the CORE Leader
    Part II  :  What did DSi actually do in the last months?
    Part III :  SiraX/CORE explains the lame ripping process  and how DSi
                cheated for months.
    Part IV  :  a) NEUTRAL  analyses of  CORE's & DSi's keymakers  by the
                   cracking group (T)he (N)ameless (O)nes, Main  keymaker
                   coder "Prophecy/TNO". VERY easy to understand evidence
                   for the normal scene user who has no cracking skills !
                b) Example Analyses for crackers in ASM of DSi's and CORE's
                   keymaker
    Part V   :  Final words from the CORE Leader



                           ==========================
                           PART I  : THE INTRODUCTiON
                           ==========================


                   Happy Xmas & New Year, dear Warez Man!

Ouch - what's this ? Another txt from CORE  that whimps  around coz bad guys
steal our work ? Well, well... we stopped worrying about those time by  time
serial-thieves that most of the "mass-regging" non-cracking groups  feature.
We don't even say anything when GLOW sometimes includes our keyfiles like in
"Pic.Viewer.v1.81a-GLoW"  without asking us (of coz lot of  other  so called
"util" groups do this too). Or if there are -IND releases nearly  every  day
with CORE serials or keymakers like in "122098 Time.On.Line.v3.3.Keygen.Only
-iND" or "Mpeg Player v1.x whatever". Just examples from the last days. It's
really funny that most site ppl don't notice that.A lot of scene util groups
do this frequently just to get a release from time to time - totally lame.

Call us nuts but CORE does  monitore  releases of  other  groups (especially
those smaller mass-reggers). The smaller mass-regging groups use/used frequ-
ently keymakers from real  cracking  groups  like CORE, UCF, TNO, PC [..] to
create serials for their "Regged"  releases. Well - the  scene  talked a lot
about this in the past (coz CORE forced the discussion with  its  TXT's) and
what we and other cracking groups did was to include a  blacklist  system in
our keymakers that won't create serialnumbers for  names  like "TRPS", "PGC"
[..]. (That doesn't mean they still use our keymakers today - but they did -
I don't care what they  do lately). We  included  all  groups  that we  ever
found stealing (may it only for one time) our  serials. At the  moment about
25(+) different groups. That's what the crackers  did do against  the  abuse
of their keymakers. The warez scene itself seems not to care much about this
problem.

Hm.. but Thieves  are  clever. Sooo, if the  keymaker won't  create  anymore
serials for the groupname why not ripping the keymaker  itself? Hmm...  CORE
floods you now for nearly 2 years with keymakers  every  day. Over 1700 key-
makers so far. In the last 3 months other  groups started  to  produce  also
a lot of keymakers. It's not that hard to learn to code keymakers especially
the easier ones. But u need to know some basic programming & cracking stuff.
So, we didn't wonder much at the beginning. No - we were  happy  coz quality
was rising! And the quality of cracks is very important. But then we noticed
that most of these keymakers were "follow-up" versions of  keymaker-releases
from cracking groups that did code first a keymaker for the  former  program
version (the serial-routines didn't change in the newer versions).

One of CORE's crackers noticed this a few  months ago  for the  first  time.
Some  no-name "10-Days-of-releases-and-never-saw-them-again" group  released
two programs with "incl.keymaker" (16 Bit Dos-Style-Keymaker). CORE did code
two "keymaker.only" for the former versions. Our keymakers were unprotected.
They had a big CORE ASCII logo at their top. Well, the funny dude loaded the
keymaker in a resource  editor, cutted  the  CORE logo  out (but  of  coz he
couldn't change the now  empty size) and  put  his group logo into the empty
space which was looking funny coz the logo was  much  too  small for the big
empty page. Even if CORE's  cracker  wondered  about  this  strange  looking
keymaker he wouldn't have noticed that the dude ripped his  former keymaker.
But our cracker got interested and hex-edited the keymaker to have a look at
it - and what did he see... his OWN Thank-you text  to  another CORE cracker
for helping him out on this keymaker. It was  Vizion/CORE  thanking JES/CORE
for helping him out on this keymaker. The dude forgot  to  cut  this out coz
this text was part of the code itself and not  shown to the end-user in  the
keymaker-mask.

From  this  day  on  we began not only to check  other groups' serials... we
started to watch also the "new-born" keymaker scene.

            =====================================================
            PART II  : DSi's LAME ACT OF RIPPING CORE'S KEYMAKERS
            =====================================================


                              Do you know DSi?
             They released cool keymakers lately, didn't they?

I thought I know them. I had some nice talks with some of its  members. When
we had problems with other groups making serials with our  keymakers DSi was
often on CORE's side. This was prolly  coz  at  this  time DSi had some real
crackers e.g. Lomax. But...

One day we came upon evidence that DSi did steal CORE serials  too - like so
many other groups did before. One example was "EZ Timer 3.0" from DSi.

The DSi Serial was:

username: DSI
serial  : NSRXIS*
           ^^^
          These three chars of the serial can be ANYTHING from the alphabet.
          CORE did a keymaker for the former version. It was  done by SiraX.
          The  keymaker created  unique  serials. But  it  put  always "SRX"
          after the "N". SiraX choosed these three  letters coz of his name.
          So evidence shows DSi used CORE's keymaker coz it's really strange
          that someone would guess of exactly these  three  chars that SiraX
          choosed coz of his nickname in the keymaker-routine.

This is only an example of the past. We came  upon  some of this  cases. But
because DSi was always friendly to us we never said anything to the  public.
I always went to Alm_Deth and  asked him to  care  about  this  INTERNAL DSI
problem. But what I wondered about was that he ALWAYS denied first  that DSi
had stolen  anything. If it  couldn't be  proven 100% - just 99.9% - he said
"DSi is innocent". Every stupid cow would have accepted the evidence but Alm
asked again, again and again if there couldn't be a minimum chance  that DSi
didn't do it.When I could bring 100% evidence there suddenly always appeared
some strange dude in the background (in alm's or Sting's brain) that emailed
his cracks to DSI. A lot of DSi Members didn't know this dude then.

================================================================

<SiraX> oh.  it was d00gwood who emailed Sting the crack i think
<ivan> d00gwood ?
<ivan> never heard of him
<ivan> he is not in dsi

================================================================


Well, I stopped caring about ppl that create  serials  with CORE's keymakers
even if I still get angry sometimes. But too many ppl did it before.

But then we had this first DSi "Keymaker-accident" a few months ago...

CORE did a keymaker for a  program  called  BlackBoard.Bla.bla.bla and a new
version came out and  DSI  released a keymaker  for it. The  serial  routine
didn't change.  What DSI did is that they changed the resource(dialog, text,
font type, font size...).  However, they couldn't change the title  bar of a
WARNING MESSAGE BOX which is at runtime.  The warning message    box had the
phrase  "CORE's  WARNING".  After  we  contacted DSI, their  leader Alm Deth
explained this with "A new cracker called 'CORE' joined DSi and did code the
keymaker! At the end of  the CORE<->DSI discussion most DSi ppl accepted the
evidence  and  they  wanted  to kick this  fake  member "CORE" that  emailed
his  crack to  sting. Of coz noone  told me  who really ripped the keymaker.
Well,  DSi  was  always  nice to us  and so  we  let them go without any big
Boo-boo txt's orso.  Hehe, this strange DSi cracker named "CORE" disappeared
of coz  like a ghost and was never seen again. This was a few months ago. At
this point of time I thought for the first time that DSI's leaders  Alm_Deth
aka Batman and Sting aka Bat-Woman are the real "internal problem" of DSi.

Then lately something strange happened. DSi started to put out a lot of key-
makers. DSi always had here and there a keymaker release  but  not in  these
masses.

Their new keymakers are/were PE-LOCKNT and PE-Crypted (PE-Crypt is a product
from Random/CORE & Killa/CORE) and  prolly  world's  best  PE-crypter.  This
protects the keymaker and changes the size of the  exe, filling  it  up with
crap (makes it larger and better protected). We stopped  to  pe-encrypt  our
keymakers coz we got a lot of  emails  lately  from  end-users that PE-Crypt
creates errors on WinNT 4.0R4+ if SoftIce Detection  is enabled! Without the
Anti-SICE protection the crypting process is pretty  useless coz u can still
trace through the whole  shit  with SICE. So, CORE's  older  and newest key-
makers are pretty unprotected. Just most of the June-October 1998  keymakers
are encrypted with SICE protection.

The new DSi keymakers that we checked were follow-up versions of  our former
keymaker releases without  any  serial-routine  changes in the  new  program
retails. Hambo/CORE was one of the first crackers who noticed that and down-
loaded a lot of DSi's keymakers. Last week he  came  upon  a keymaker  (Edit
Plus) from DSI where he could prove that the DSI one was a ripped version of
the older CORE keymaker. CORE's Co-Leader Dr. Rhui cared  about  this  coz I
was away at this point of time. He talked to alm_deth and came to the concl-
usion that he met one of net's biggest lamers. Dr. Rhui tried to explain him
in 2 hours work  that DSi used a  routine in "their" keymaker  that  was NOT
part of the program that had been cracked - the special routine was ONLY PART
of CORE's former keymaker by Hambo/CORE. Mr. Alm Deth  opened  his  ears and
what got on the left side in went on the right side out.

Of coz noone knows who does these strange DSi keymakers coz "Team DSi" does
them always.  So it's impossible to catch the cracker to make a source-code
comparism of the keymaker-routines from CORE and  DSi. But  within all  the
encryption stuff DSi forgot something very important ... to enable the SICE
protection. So CORE's crackers and other crackers we  asked to  analyse the
keymakers were able to trace with SICE through DSi's whole keymakers.

Tons of evidence for the public are waiting at the end of this TXT!

signed,
CORE'S LEADER

                     ====================================
                     PART III: DSi's LAME RIPPING SUMMARY
                         (Text Composed By SiraX/CORE)
                     ====================================


0) How I Discovered This

   Since the last ripping incident, I didn't think  DSi  will do it  again.
   I guess I'm wrong. Two days ago, hambo mentioned to me  about  a program
   called Vypress Messenger.  The new version  changed  the protection.  So
   I duped it and noticed DSi already  released a keygen.  Then  hambo/CORE
   told me it's a key  file now.  So, out  of  curiosity and  expecting DSi
   probably released an old keymaker, I downloaded their release. I ran the
   keygen. WHOAAA.  How similar it is to my old  vypress  messenger keygen.
   I looked closer, IT IS MINE!  The next thing you know,I started to check
   their archive directory on XXX. And found a  shit  load  of  ripped ones
   from CORE. So they're still doing this since the  last ripping incident.
   Once a LAMER, always a LAMER.

1) What They Ripped From CORE

   a) Mainly some of my old, unprotected keygens which  still work  for the
      new versions now. I found about 18 so far. There are more.
   b) Hambo's keymakers. I found 2 already. There will be more.

2) How They Did IT

   What they did is that they take an unprotected exe  and open  it using a
   resource editor.  Then manipulate  text, font type and size, delete EXIT
   button on the  dialog box  and  icons  and save  the changes.  This will
   only affect the look of the keygen and of couse the size of the exe. But
   code is unchanged.

3) How Long They Have Been Doing This

   I believe they have been doing it for about maybe 4 month.

4) Who's the LAME ASS?

   Personally, I believe all these are done by Alm_Deth (Batman). And other
   lame leaders in DSi probably also know what's going.  It's very hard for
   me to believe after the last incident(BlackBoard) nobody asked questions
   on Alm_Deth's story about a new  member  named  "CORE" joined  them  and
   ripped our keymaker.So I think ivan and sting or other members know what
   the fuck alm_lamer is doing. The damn entire group is lame.

5) Are We SURE?

   a) If you compare the core keymakers and dsi ripped keymakers.The overall
      look is the same. Only my keymakers and Hambo's have been  ripped.  In
      hambo's keymaker, he  puts his name on the bottom left  corner.  And I
      put my nick on the bottom right corner.  If you take dsi's ripped key-
      makers, you'll see that if it's ripped from hambo, the word "DSI" will
      be on the left side.  And if it's from  me, the  word "DSI" will be on
      the right side.  Put yourself in a cracker's position,why would you do
      this differently.  And how coincidental it is to have them like us.

   b) Because of the resource editing, many of their  ripped  keymakers look
      so ODD.  For example, in hambo's keygen, he  puts  "Hambo/CORE" at the
      lower left corner, aligned to the left.  Then they change it to "DSi".  The thing
      would be positioned to the middle of the  dialog box  because when you
      type, the  name  goes  from  right to  left.  Their changed font is so
      ugly relative to the size of the keymaker.

   c) In many of our keymakers, there are warning messages  when an  invalid
      input is entered.  In the ripped keymakers, the format of the messages
      are identical. Of course, they changed the warning message text  using
      the resource editor. And for some of  them, they're  even  exactly the
      same.  How coincidental!

      Some examples, see DSi's ripped Addsoft keygen from Hambo and AZZ Card
      File keygen from me.

   d) STRONG POINT: the one thing which proves their LAME ACT 100% is if you
      trace it through every pair of  keymakers  (ours and the ripped),  the
      dissassembled code, code offset, function call and EVERYTHING ELSE are
      100% identical.  And this happens for EVERY RIPPED keymaker. We'll put
      some evidence at the end of this text file. AND from all  dupe-release
      lists, our keymakers always come out before their  ripped  ones  (that
      are follow-up versions).

   e) STRONG POINT:  another proof which proves this 100% is that hambo left
      a mark in his keymaker (Edit Plus).  First, pretend DSi's  ripped ver-
      sion is not ours.  The mark proves that they  traced  hambo's keymaker
      and then made  one.  But as a  matter  of fact, IT IS ACTUALLY HAMBO's
      KEYMAKER. Just the font, text changed.

   f) In some of my keymakers, the name and serial text boxes are no aligned
      at the right side.  DSi's ripped one show the same thing.

   g) They used PELOCKNT and PE-Crypt on the ripped keymakers  just  to make
      people think that since the file size and hex  cod e are different, so
      the keymakers are not the same.  BUT the fact THAT TRACING  UNDER SICE
      IS IDENTICAL for every damn keymaker proves this don't matter.

   h) Many other things which can be listed.  I can write an  essay on this.
      But I think these are enough for a proof.

6) What Should We Do?

   Even though I believe the lame act is done by alm_deth only. But I truely
   believe other leaders know what he's doing.  It's really a shame for  the
   scene.

7) What does CORE do ?

   Let the SCENE know what kind of lame shit they're doing!
   Also SCENE should know that WARP is better than DSI.

8) To  DSI, PLEASE  TAKE  CORE  off your greeting list, I feel ashamed to be
   greeted by such a group like YOU!

   bye,
   SIRAX/CORE


                      ===============================
                      PART IV (ORIGINAL ANALYSES TXT)
                      ===============================


    ۲
    ۲ NEUTRAL ANALYSES OF DSi KEYGENS BY PROPHECY [tNO] 
    ۲


   
 Intro


I have been asked by CORE to analyse  some  keygens  of  DSi which  have
been suspected by CORE as ripped versions of CORE keygens.  The reason i
have been asked to analyse the keygens is to  bring a  neutral 3rd party
analyses of the situation to the public.

CORE gave me some release names to start with...

================================================
Addsoft.v2.25.Keymaker.Only-DSi
All.Calc.v1.62.Keymaker.Only-DSi
AZZ.Cardfile.v2.1x.Keymaker.Only-DSi
CD.BOX.Labeler.v3.1.4.Keymaker.Only-DSi
E-News.v1.31.Win9xNT.Keygen.Only-DSi
EditPlus.v1.21.Win9xNT.Keymaker.Only-DSi
HelpMatic.Pro.v1.22.Win9xNT.Keymaker.Only-DSi
HM.View.v2.3.Keymaker.Only-DSi
Joggler.v1.06x.Keymaker.Only-DSi
Kyodai.Mahjongg.v6.42.Keymaker.Only-DSi
LinkBot.Pro.v3.6b.Keymaker.Only-DSi
SBNews.News.Robot.v6.3.Win9xNT.Keymaker.Only-DSi
The.File.Chopper.v2.2.Keymaker.Only-DSi
Vypress.Messenger.v2.1.2.Incl.Keymaker-DSi
WinPop.Plus.v1.3.121.Keymaker.Only-DSi
================================================


   
 Note to the average scene dude


I know most of you aren't crackers, so i'm gonna explain what DSi did to
CORE's keygens by using an anology from every day life.

Let's say you got a car.  You're a bit of a car buff so you know everything
about your baby... everything ranging from the color of the paintwork, type
of tyres, color of the seats, style of bumper bar, number plate, type of
engine, type of brakes, type of hub caps, type of headlights, type of
wind screen wipers.. basically you're da shit ;)

Then one day... some mother fucker steals your precious baby.  So you jump
in your mate's car.. in the hope you can find it.  Well for a while you
had no luck and you're beginning to lose hope of ever finding your car
again... then one day... you're cruising through DSi's part of town.... and
hello you spot a car that looks fucking similar to your baby.

So you jam on da brakes and step da fuck out of da car.  You look at this
car parked outside DSi's house.. ok different paintjob... different tyres.

But fuck that bumper bar looks damn similar... as do those headlights.  Then
you notice shit the warrant of fitness sticker is on the same spot in the upper
left hand corner of the windscreen.. and u remember that the lock (that little
plastic thing u press to lock da door) on the back left door was broken a long
time ago... and shit this lock is broken too.

Hmmmm but then you notice the sheepskin rugs on the seats have been removed..
and those hub caps are different and the car has been lowered.

But remember that you're da shit... you know everything about your damn car..
and you say man if i could look under the bonnet of this car.. check out the
engine and da mechanics inside, i could say without a fucking doubt that this
is my baby these mofos have stolen.

So what are you waitin round for?  You open up da bonnet have a look inside..
shit same double overhead cam fuel injected 4 cylinder 1.6 litre engine.. and
hey that's the exact same battery your car had.. then fuck there's that new
fuel starter kit you installed last weekend.  Oh man you already KNOW this is
your baby.. then you have a look at one of the gaskets... fuck that gasket
has a small crack in the exact same place your gasket did.

Now you open up the boot... (lucky these lamers ain't changed da locks on
da car... your keys still werk fine) well what do you see, you're fucking
car jack with your name on it.

Now.. you think fuck this.... and open up da car.. turn da key in da ignition...
roar.. ahh that sweet fucking growl of the engine... the exact same way your
car growled.. and fuck it's the same smell in the car too.... and fuck... same
radio and fuck .. same fucking everything.

Now you're mad.... you get back out of da car... you get your automatic
ready... and check yer grenades, before walkin up to da DSi house with the
intent to make the bastard who stole your baby, and the other bastards who
knew about it all along, PAY FUCKING DEARLY... TO BE CONTINUED!

Conclusion:  THIS IS YOUR FUCKING CAR.


   
 Another note


I've broken my analyses of the keygens down into Visual Analysis and Analysis
of tracing with Softice.... Here's what they mean:

  Visual => inspecting the car from the outside... same bumperbar, different
            paintjob... same broken lock, different hub caps

            in terms of the keygen this means:

         -> inspecting the keygen but not going under da bonnet

 Tracing => looking under the bonnet.. same engine, same battery
    with    same crack in gasket, same fucking everything
 Softice
            in terms on the keygen this means:

         -> using softice to look under da bonnet of the keygen


   
 Analysis 1: WinPop Plus


   CORE's Title:  WinPop Plus v1.0.x Keymaker
         Author:  SiraX/CORE
    DSi's Title:  WinPop Plus v1.3.121
         Author:  Unknown (only "DSi" is mentioned)

=> Visual analysis: [looking at da car from da outside]
   =-=-=-=-=-=-=-=-


   * THIS KEYGEN HAS AN EXIT BUTTON.  When you press TAB it cycles
     between the name edit box, the code edit box and the EXIT
     button.

     IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
     EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT.  BUT, when you
     press TAB it cycles between the name edit box, the code edit
     box, then the focus disappears, and you must press
     tab again before reaching the name edit box again.  This is
     because the focus actually goes to the EXIT button which is
     still there but just hidden.

   * both have text in bottom right hand corner of screen
   * the DSi text in bottom right looks unnatural
   * BOTH let you only enter maximum 20 chars
   * both have same style of layout
   * the font used by DSi does not suit the layout
   * both have same default windows icon
   * DSi keygens do not show the cracker's name.  Only the
     letters DSi... so that the culprit can not be
     identified

   * CONCLUSION: already suggestive that DSi ripped the keygen (ie you
     can just look at it and fucking tell they ripped it)..... same
     bumperbar, same broken lock, different paintjob

=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   * both use EXACT SAME code at EXACT SAME offset to read in the name
   * both have the EXACT SAME code to generate the serial at the
     EXACT SAME location.  Both use the EXACT SAME variable names.
     eg [edx*4+ebp-88].  Both use EXACT SAME registers for the
     serial algorithm.  Both have EXACT SAME jump locations

   * CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
     (ie 100% DEFINATELY GUARANTEED.  There is NO WAY this COULD POSSIBLY
     NOT BE A RIPPED KEYGEN..... Same engine, same crack in da gasket,
     same battery... same fucking everything.


   
 Analysis 2: Vypress Messenger


   CORE's Title:  Vypress Messenger v2.0.8 Keymaker
         Author:  SiraX/CORE
    DSi's Title:  Vypress Messenger v2.1.x [KEYGEn]
         Author:  Unknown (only "DSi" is mentioned)

=> Visual analysis: [looking at da car from da outside]
   =-=-=-=-=-=-=-=-

   * THIS KEYGEN HAS AN EXIT BUTTON.  When you press TAB it cycles
     between the name edit box, the code edit box and the EXIT
     button.

     IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
     EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT.  BUT, when you
     press TAB it cycles between the name edit box, the code edit
     box, then the focus disappears, and you must press
     tab again before reaching the name edit box again.  This is
     because the focus actually goes to the EXIT button which is
     still there but just hidden.

   * both have text in bottom right hand corner of screen
   * BOTH let you only enter maximum 20 chars
   * both have same style of layout
   * the DSi font does not suit the layout
   * both have same default windows icon
   * DSi keygens do not show the cracker's name.  Only the
     letters DSi... so that the culprit can not be
     identified

   * CONCLUSION: already suggestive that DSi ripped the keygen

=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   * both use EXACT SAME code at EXACT SAME offset to read in the name
   * both have the EXACT SAME code to generate the serial at the
     EXACT SAME location.  Both use the EXACT SAME variable names.
     Both use EXACT SAME registers for the serial algorithm.  Both
     have EXACT SAME jump locations

   * CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
     (ie 100% DEFINATELY GUARANTEED.  There is NO WAY this COULD POSSIBLY
     NOT BE A RIPPED KEYGEN)


   
 Analysis 3: AddSoft


   CORE's Title:  AddSoft v2.21 *KeyGen*
         Author:  Hambo/CORE
    DSi's Title:  AddSoft v2.25 [KEYGEN]
         Author:  Unknown (only "DSi" is mentioned)

=> Visual analysis: [looking at da car from da outside]
   =-=-=-=-=-=-=-=-

   * THIS KEYGEN HAS AN EXIT BUTTON.  When you press TAB it cycles
     between the name edit box, the code edit box and the EXIT
     button.

     IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
     EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT.  BUT, when you
     press TAB it cycles between the name edit box, the code edit
     box, then the focus disappears, and you must press
     tab again before reaching the name edit box again.  This is
     because the focus actually goes to the EXIT button which is
     still there but just hidden.

   * For some reason, when i was loading Hambo's keygen for
     another check, it crashed when u entered more than 3
     chars.  DSI's KEYGEN ALSO CRASHED IN THE EXACT SAME WAY.
     (Normally both keygens work great, but this time they BOTH
     didn't)

   * BOTH HAVE TEXT IN BOTTOM LEFT HAND CORNER.  This is
     because Hambo/CORE's keygens have the text in bottom
     left and SiraX/CORE's keygens have text in bottom
     right.  To me this is enough evidence that the keygen
     is ripped [as the others have text in the bottom right
     because they were done by SiraX]

   * BOTH let you enter "unlimited" chars (254 characters)
   * both have same style of layout
   * the DSi font does not suit the layout
   * both have same default windows icon
   * THE DSi TEXT IN BOTTOM LEFT LOOKS REALLY OUT OF PLACE
   * BOTH Display a text saying 3 chars or more in the Reg number
     edit box while you have entered less than 3 chars (the text
     is not identical)
   * DSi keygens do not show the cracker's name.  Only the
     letters DSi... so that the culprit can not be
     identified

   * CONCLUSION: already suggestive that DSi ripped the keygen

=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   * both use EXACT SAME code at EXACT SAME offset to read in the name
   * both have the EXACT SAME code to generate the serial at the
     EXACT SAME location.  Both use the EXACT SAME variable names.
     Both use EXACT SAME registers for the serial algorithm.  Both
     have EXACT SAME jump locations

   * CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
     (ie 100% DEFINATELY GUARANTEED.  There is NO WAY this COULD POSSIBLY
     NOT BE A RIPPED KEYGEN)


   
 Analysis 4: AllCalc


   CORE's Title:  AllCalc v1.51 Keymaker
         Author:  SiraX/CORE
    DSi's Title:  All Calc v1.62 [KEYGEn]
         Author:  Unknown (only "DSi" is mentioned)

=> Visual analysis: [looking at da car from da outside]
   =-=-=-=-=-=-=-=-

   * THIS KEYGEN HAS AN EXIT BUTTON.  When you press TAB it cycles
     between the name edit box, the code edit box and the EXIT
     button.

     IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
     EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT.  BUT, when you
     press TAB it cycles between the name edit box, the code edit
     box, then the focus disappears, and you must press
     tab again before reaching the name edit box again.  This is
     because the focus actually goes to the EXIT button which is
     still there but just hidden.

   * both have text in bottom left hand corner of screen
   * BOTH let you only enter "unlimited" (254 characters)
   * both have same style of layout
   * the DSi font does not suit the layout
   * both have same default windows icon
   * both have extremely similar error messages eg:

     -> CORE: Pin number must be exactly 7 characters long!
     ->  DSi: Pin# must be exactly seven characters long!

   * DSi keygens do not show the cracker's name.  Only the
     letters DSi... so that the culprit can not be
     identified

   * CONCLUSION: already suggestive that DSi ripped the keygen

=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   * both use EXACT SAME code at EXACT SAME offset to read in the name
   * both have the EXACT SAME code to generate the serial at the
     EXACT SAME location.  Both use the EXACT SAME variable names.
     Both use EXACT SAME registers for the serial algorithm.  Both
     have EXACT SAME jump locations

   * CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
     (ie 100% DEFINATELY GUARANTEED.  There is NO WAY this COULD POSSIBLY
     NOT BE A RIPPED KEYGEN)


   
 Analysis 5: AZZ Card File


   CORE's Title:  AZZ Card File v2.0 - KEYMAKER -
         Author:  SiraX/CORE
    DSi's Title:  AZZ Card File v2.1x [KEYGEn]
         Author:  Unknown (only "DSi" is mentioned)

=> Visual analysis: [looking at da car from da outside]
   =-=-=-=-=-=-=-=-

   * THIS KEYGEN HAS AN EXIT BUTTON.  When you press TAB it cycles
     between the name edit box, the code edit box and the EXIT
     button.

     IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
     EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT.  BUT, when you
     press TAB it cycles between the name edit box, the code edit
     box, then the focus disappears, and you must press
     tab again before reaching the name edit box again.  This is
     because the focus actually goes to the EXIT button which is
     still there but just hidden.

   * both have text in bottom right hand corner of screen
   * BOTH THE KEYGENS ___CRASH___ IF YOU ENTER MORE THAN
     17 CHARS HOW MUCH MORE FUCKING EVIDENCE DO YOU NEED
   * both have same style of layout
   * the DSi font does not suit the layout
   * DSi text in bottom right looks strange and out of place
   * both have same default windows icon
   * BOTH HAVE THE SAME FUCKING ERROR MESSAGES:

     -> CORE: Invalid Character! Valid Characters: A-Z, 0-9, Space
     ->  DSi: Invalid Character! Valid Characters: A-Z, 0-9, Space

   * DSi keygens do not show the cracker's name.  Only the
     letters DSi... so that the culprit can not be
     identified

   * CONCLUSION: already suggestive that DSi ripped the keygen

=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   -> i don't even know why i bothered looking under the bonnet for this one

   * both use EXACT SAME code at EXACT SAME offset to read in the name
   * both have the EXACT SAME code to generate the serial at the
     EXACT SAME location.  Both use the EXACT SAME variable names.
     Both use EXACT SAME registers for the serial algorithm.  Both
     have EXACT SAME jump locations

   * CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
     (ie 100% DEFINATELY GUARANTEED.  There is NO WAY this COULD POSSIBLY
     NOT BE A RIPPED KEYGEN)


   
 Analysis 6: CD BOX Labeler


   CORE's Title:  CD BOX Labeler v3.1.1 KEYMAKER
         Author:  SiraX/CORE
    DSi's Title:  CD BOX Labeler v3.1.4 [KEYGEn]
         Author:  Unknown (only "DSi" is mentioned)

=> Visual analysis:
   =-=-=-=-=-=-=-=-

   * THIS KEYGEN HAS AN EXIT BUTTON.  When you press TAB it cycles
     between the name edit box, the code edit box and the EXIT
     button.

     IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
     EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT.  BUT, when you
     press TAB it cycles between the name edit box, the code edit
     box, then the focus disappears, and you must press
     tab again before reaching the name edit box again.  This is
     because the focus actually goes to the EXIT button which is
     still there but just hidden.

   * both have text in bottom right hand corner of screen
   * BOTH let you only enter maximum 20 chars
   * both have same style of layout
   * the font used by DSi does not suit the layout
   * both have same default windows icon
   * the DSi text in bottom right looks unnatural and out of place
   * DSi keygens do not show the cracker's name.  Only the
     letters DSi... so that the culprit can not be
     identified

   * CONCLUSION: already suggestive that DSi ripped the keygen

=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   * both use EXACT SAME code at EXACT SAME offset to read in the name
   * both have the EXACT SAME code to generate the serial at the
     EXACT SAME location.  Both use the EXACT SAME variable names.
     Both use EXACT SAME registers for the serial algorithm.  Both
     have EXACT SAME jump locations

   * CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
     (ie 100% DEFINATELY GUARANTEED.  There is NO WAY this COULD POSSIBLY
     NOT BE A RIPPED KEYGEN)


   
 Analysis 7: E-News


   CORE's Title:  E-News v1.1 KEYMAKER
         Author:  SiraX/CORE
    DSi's Title:  E-News v1.31 [KEYGEn]
         Author:  Unknown (only "DSi" is mentioned)

=> Visual analysis:
   =-=-=-=-=-=-=-=-

   * THIS KEYGEN HAS AN EXIT BUTTON.  When you press TAB it cycles
     between the name edit box, the code edit box and the EXIT
     button.

     IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
     EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT.  BUT, when you
     press TAB it cycles between the name edit box, the code edit
     box, then the focus disappears, and you must press
     tab again before reaching the name edit box again.  This is
     because the focus actually goes to the EXIT button which is
     still there but just hidden.

   * both have text in bottom right hand corner of screen
   * BOTH let you only enter maximum 20 chars
   * both have same style of layout
   * the font used by DSi does not suit the layout
   * both have same default windows icon
   * the DSi text in bottom right looks unnatural and out of place
   * DSi keygens do not show the cracker's name.  Only the
     letters DSi... so that the culprit can not be
     identified

   * CONCLUSION: already suggestive that DSi ripped the keygen

=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   * both use EXACT SAME code at EXACT SAME offset to read in the name
   * both have the EXACT SAME code to generate the serial at the
     EXACT SAME location.  Both use the EXACT SAME variable names.
     Both use EXACT SAME registers for the serial algorithm.  Both
     have EXACT SAME jump locations

   * CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
     (ie 100% DEFINATELY GUARANTEED.  There is NO WAY this COULD POSSIBLY
     NOT BE A RIPPED KEYGEN)


   
 Analysis 8: Joggler


   CORE's Title:  Joggler v1.06 Keymaker By Sirax
         Author:  SiraX/CORE
    DSi's Title:  Joggler  v1.06x[KEYGEn] <-- looks messy hmmmm
         Author:  Unknown (only "DSi" is mentioned)

=> Visual analysis:
   =-=-=-=-=-=-=-=-

   * THIS KEYGEN HAS AN EXIT BUTTON.  When you press TAB it cycles
     between the name edit box, the code edit box and the EXIT
     button.

     IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
     EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT.  BUT, when you
     press TAB it cycles between the name edit box, the code edit
     box, then the focus disappears, and you must press
     tab again before reaching the name edit box again.  This is
     because the focus actually goes to the EXIT button which is
     still there but just hidden.

   * both have text in bottom right hand corner of screen
   * BOTH let you only enter maximum 20 chars
   * both have same style of layout
   * the font used by DSi does not suit the layout
   * both have same default windows icon
   * the DSi text in bottom right looks unnatural and out of place
   * DSi keygens do not show the cracker's name.  Only the
     letters DSi... so that the culprit can not be
     identified

   * CONCLUSION: already suggestive that DSi ripped the keygen

=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   * both use EXACT SAME code at EXACT SAME offset to read in the name
   * both have the EXACT SAME code to generate the serial at the
     EXACT SAME location.  Both use the EXACT SAME variable names.
     Both use EXACT SAME registers for the serial algorithm.  Both
     have EXACT SAME jump locations

   * CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
     (ie 100% DEFINATELY GUARANTEED.  There is NO WAY this COULD POSSIBLY
     NOT BE A RIPPED KEYGEN)


   
 Analysis 9: LinkBot


   CORE's Title:  LinkBot v3.6.x - Keymaker -
         Author:  SiraX/CORE
    DSi's Title:  LinkBot  v3.6b  -=[KEYGEn]=-
         Author:  Unknown (only "DSi" is mentioned)

=> Visual analysis:
   =-=-=-=-=-=-=-=-

   * THIS KEYGEN HAS AN EXIT BUTTON.  When you press TAB it cycles
     between the name edit box, the code edit box and the EXIT
     button.

     IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
     EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT.  BUT, when you
     press TAB it cycles between the name edit box, the code edit
     box, then the focus disappears, and you must press
     tab again before reaching the name edit box again.  This is
     because the focus actually goes to the EXIT button which is
     still there but just hidden.

   * both have text in bottom right hand corner of screen
   * BOTH let you only enter maximum 20 chars
   * both have same style of layout
   * the font used by DSi does not suit the layout
   * both have same default windows icon
   * the DSi text in bottom right looks unnatural and out of place
   * VERY SIMILAR ERROR MESSAGES

     -> CORE: Serial: an integer between 1900 & 100000000
     ->  DSi: MUST Be An Integer Between 1900 & 100000000

   * DUE TO THE LARGE FONT DSi USED TO TRY AND MAKE THE KEYGEN
     DIFFERENT, THE DSI ERROR MESSAGE SCROLLS OFF THE EDGE
     OF THE EDIT BOX AND LOOKS LIKE THIS:

     ->  DSi: MUST Be An Integer Between 1900 & 1000000

     THUS THE ERROR MESSAGE IS DISPLAYED INCORRECTLY - the error
     message is an error itself

   * DSi keygens do not show the cracker's name.  Only the
     letters DSi... so that the culprit can not be
     identified

   * CONCLUSION: already suggestive that DSi ripped the keygen

=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   * both use EXACT SAME code at EXACT SAME offset to read in the name
   * both have the EXACT SAME code to generate the serial at the
     EXACT SAME location.  Both use the EXACT SAME variable names.
     Both use EXACT SAME registers for the serial algorithm.  Both
     have EXACT SAME jump locations

   * CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
     (ie 100% DEFINATELY GUARANTEED.  There is NO WAY this COULD POSSIBLY
     NOT BE A RIPPED KEYGEN)


   
 Analysis 10: The File Chopper


   CORE's Title:  The File Chopper v2.1 *KeyGen*
         Author:  Hambo/CORE
    DSi's Title:  The File Chopper v2.2 [KEYGEn]
         Author:  Unknown (only "DSi" is mentioned)

=> Visual analysis:
   =-=-=-=-=-=-=-=-

   * THIS KEYGEN HAS AN EXIT BUTTON.  When you press TAB it cycles
     between the name edit box, the code edit box and the EXIT
     button.

     IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
     EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT.  BUT, when you
     press TAB it cycles between the name edit box, the code edit
     box, then the focus disappears, and you must press
     tab again before reaching the name edit box again.  This is
     because the focus actually goes to the EXIT button which is
     still there but just hidden.

   * both have text in bottom LEFT hand corner of screen (because
     this one is a keygen by Hambo, not SiraX)
   * BOTH let you only enter "unlimited chars" (254 chars) (because
     this keygen is by Hambo who uses unlimited chars, whereas
     SiraX uses 20 chars max).
   * both have same style of layout
   * the font used by DSi does not suit the layout
   * both have same default windows icon
   * the DSi text in bottom LEFT looks unnatural and out of place
   * Whereas SiraX leaves the code box blank until the user has
     entered in enough to characters to start producing a valid
     code, Hambo puts in a message.  In this keygen Hambo's message
     is:

      -> User Name: Any Chars That You Like...

     COINCIDENTALLY DSi's KEYGEN ALSO has an error message (whereas
     usually it was left blank as with SiraX's keygen).  DSi's error
     message is:

      -> NAME:  Use any Chars that you LiKE...

     which is very similar to Hambo's error message

   * DSi keygens do not show the cracker's name.  Only the
     letters DSi... so that the culprit can not be
     identified

   * CONCLUSION: already suggestive that DSi ripped the keygen

=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   * both use EXACT SAME code at EXACT SAME offset to read in the name
   * both have the EXACT SAME code to generate the serial at the
     EXACT SAME location.  Both use the EXACT SAME variable names.
     Both use EXACT SAME registers for the serial algorithm.  Both
     have EXACT SAME jump locations

   * CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
     (ie 100% DEFINATELY GUARANTEED.  There is NO WAY this COULD POSSIBLY
     NOT BE A RIPPED KEYGEN)


   
 Analysis 11: Kyodai Mahjongg


   CORE's Title:  Kyodai Mahjongg v4.52 Keymaker By SiraX
         Author:  SiraX/CORE
    DSi's Title:  Kyodai Mahjongg v6.42[KEYGEn]
         Author:  Unknown (only "DSi" is mentioned)

=> Visual analysis:
   =-=-=-=-=-=-=-=-

   * THIS KEYGEN HAS AN EXIT BUTTON.  When you press TAB it cycles
     between the name edit box, the code edit box and the EXIT
     button.

     IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
     EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT.  BUT, when you
     press TAB it cycles between the name edit box, the code edit
     box, then the focus disappears, and you must press
     tab again before reaching the name edit box again.  This is
     because the focus actually goes to the EXIT button which is
     still there but just hidden.

   * both have text in bottom right hand corner of screen
   * BOTH let you only enter maximum 20 chars
   * both have same style of layout
   * the font used by DSi does not suit the layout
   * both have same default windows icon
   * the DSi text in bottom right looks unnatural and out of place
   * DSi keygens do not show the cracker's name.  Only the
     letters DSi... so that the culprit can not be
     identified

   * CONCLUSION: already suggestive that DSi ripped the keygen

=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   * both use EXACT SAME code at EXACT SAME offset to read in the name
   * both have the EXACT SAME code to generate the serial at the
     EXACT SAME location.  Both use the EXACT SAME variable names.
     Both use EXACT SAME registers for the serial algorithm.  Both
     have EXACT SAME jump locations

   * CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
     (ie 100% DEFINATELY GUARANTEED.  There is NO WAY this COULD POSSIBLY
     NOT BE A RIPPED KEYGEN)


   
 Analysis 12: HMView


   CORE's Title:  HMView v2..04 Keymaker by SiraX
         Author:  SiraX/CORE
    DSi's Title:  HMView v2.3 [KEYGEn]
         Author:  Unknown (only "DSi" is mentioned)

=> Visual analysis:
   =-=-=-=-=-=-=-=-

   * THIS KEYGEN HAS AN EXIT BUTTON.  When you press TAB it cycles
     between the name edit box, the code edit box and the EXIT
     button.

     IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
     EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT.  BUT, when you
     press TAB it cycles between the name edit box, the code edit
     box, then the focus disappears, and you must press
     tab again before reaching the name edit box again.  This is
     because the focus actually goes to the EXIT button which is
     still there but just hidden.

   * both have text in bottom right hand corner of screen
   * in the keygen by CORE you can enter "unlimited" characters (even
     though usually SiraX's keygens limit you to 20 chars).  IN THE
     DSi KEYGEN IT IS ALSO COINCIDENTALLY UNLIMITED
   * The Layout of the CORE keygen is like this:

        Ŀ   Ŀ
           Name       Company  
           
        Ŀ
         Regcode                 
        

     THE DSi LAYOUT IS IDENTICAL.

   * both have same style of layout
   * the font used by DSi does not suit the layout
   * both have same default windows icon
   * the DSi text in bottom right looks unnatural and out of place
   * DSi keygens do not show the cracker's name.  Only the
     letters DSi... so that the culprit can not be
     identified

   * CONCLUSION: already suggestive that DSi ripped the keygen

=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   * both use EXACT SAME code at EXACT SAME offset to read in the name
   * both have the EXACT SAME code to generate the serial at the
     EXACT SAME location.  Both use the EXACT SAME variable names.
     Both use EXACT SAME registers for the serial algorithm.  Both
     have EXACT SAME jump locations

   * CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
     (ie 100% DEFINATELY GUARANTEED.  There is NO WAY this COULD POSSIBLY
     NOT BE A RIPPED KEYGEN)


   
 Analysis 13: HelpMatic Pro


   CORE's Title:  HelpMatic Pro v1.21 Keymaker
         Author:  SiraX/CORE
    DSi's Title:  HelpMatic Pro v1.22 [KEYGEn]
         Author:  Unknown (only "DSi" is mentioned)

=> Visual analysis:
   =-=-=-=-=-=-=-=-

   * THIS KEYGEN HAS AN EXIT BUTTON.  When you press TAB it cycles
     between the name edit box, the code edit box and the EXIT
     button.

     IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
     EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT.  BUT, when you
     press TAB it cycles between the name edit box, the code edit
     box, then the focus disappears, and you must press
     tab again before reaching the name edit box again.  This is
     because the focus actually goes to the EXIT button which is
     still there but just hidden.

   * both have text in bottom right hand corner of screen
   * in the keygen by CORE you can enter "unlimited" characters (even
     though usually SiraX's keygens limit you to 20 chars).  IN THE
     DSi KEYGEN IT IS ALSO COINCIDENTALLY UNLIMITED
   * both have same style of layout
   * the font used by DSi does not suit the layout
   * both have same default windows icon
   * the DSi text in bottom right looks unnatural and out of place
   * DSi keygens do not show the cracker's name.  Only the
     letters DSi... so that the culprit can not be
     identified

   * CONCLUSION: already suggestive that DSi ripped the keygen

=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   * both use EXACT SAME code at EXACT SAME offset to read in the name
   * both have the EXACT SAME code to generate the serial at the
     EXACT SAME location.  Both use the EXACT SAME variable names.
     Both use EXACT SAME registers for the serial algorithm.  Both
     have EXACT SAME jump locations

   * CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
     (ie 100% DEFINATELY GUARANTEED.  There is NO WAY this COULD POSSIBLY
     NOT BE A RIPPED KEYGEN)


   
 Analysis 14: SBNews Robot


   CORE's Title:  SBNews Robot v6.2 *KeyGen*
         Author:  Hambo/CORE
    DSi's Title:  SBNews Robot v6.3 [KEYGEn]
         Author:  Unknown (only "DSi" is mentioned)

=> Visual analysis:
   =-=-=-=-=-=-=-=-

   * THIS KEYGEN HAS AN EXIT BUTTON.  When you press TAB it cycles
     between the name edit box, the code edit box and the EXIT
     button.

     IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
     EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT.  BUT, when you
     press TAB it cycles between the name edit box, the code edit
     box, then the focus disappears, and you must press
     tab again before reaching the name edit box again.  This is
     because the focus actually goes to the EXIT button which is
     still there but just hidden.

   * both have text in bottom LEFT hand corner of screen
   * both let you enter "unlimited" amount of chars
   * both have same style of layout
   * the font used by DSi does not suit the layout
   * both have same default windows icon
   * the DSi text in bottom LEFT looks unnatural and out of place
   * Whereas SiraX leaves the code box blank until the user has
     entered in enough to characters to start producing a valid
     code, Hambo puts in a message.  In this keygen Hambo's message
     is:

      -> email address: any chars u like...

     COINCIDENTALLY DSi's KEYGEN ALSO has an error message (whereas
     usually it was left blank as with SiraX's keygen).  DSi's error
     message is:

      -> Email Address: Enter Any Chars!...

     which is VERY SIMILAR to Hambo's error message

   * DSi keygens do not show the cracker's name.  Only the
     letters DSi... so that the culprit can not be
     identified

   * CONCLUSION: already suggestive that DSi ripped the keygen

=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   * both use EXACT SAME code at EXACT SAME offset to read in the name
   * both have the EXACT SAME code to generate the serial at the
     EXACT SAME location.  Both use the EXACT SAME variable names.
     Both use EXACT SAME registers for the serial algorithm.  Both
     have EXACT SAME jump locations

   * CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
     (ie 100% DEFINATELY GUARANTEED.  There is NO WAY this COULD POSSIBLY
     NOT BE A RIPPED KEYGEN)


   
 Analysis 15: EditPlus


   CORE's Title:  EditPlus v1.2 *KeyGen*
         Author:  Hambo/CORE
    DSi's Title:  EditPlus v1.21 KEYGEn
         Author:  Unknown (only "DSi" is mentioned)

=> Visual analysis:
   =-=-=-=-=-=-=-=-

   * THIS KEYGEN HAS AN EXIT BUTTON.  When you press TAB it cycles
     between the name edit box, the code edit box and the EXIT
     button.

     IN THE DSI KEYGEN THE EXIT BUTTON HAS BEEN REMOVED IN AN
     EFFORT TO MAKE THE KEYGEN LOOK DIFFERENT.  BUT, when you
     press TAB it cycles between the name edit box, the code edit
     box, then the focus disappears, and you must press
     tab again before reaching the name edit box again.  This is
     because the focus actually goes to the EXIT button which is
     still there but just hidden.

   * both have text in bottom LEFT hand corner of screen
   * both let you enter "unlimited" amount of chars
   * both have same style of layout
   * the font used by DSi does not suit the layout
   * both have same default windows icon
   * the DSi text in bottom LEFT looks unnatural and out of place
   * Whereas SiraX leaves the code box blank until the user has
     entered in enough to characters to start producing a valid
     code, Hambo puts in a message.  In this keygen Hambo's message
     is:

      -> User Name: Between 1 to 255 Chars

     COINCIDENTALLY DSi's KEYGEN ALSO has an error message (whereas
     usually it was left blank as with SiraX's keygen).  DSi's error
     message is:

      -> USER NAME: Must be 1 to 255 Chars

     which is VERY SIMILAR to Hambo's error message

   * DSi keygens do not show the cracker's name.  Only the
     letters DSi... so that the culprit can not be
     identified

   * CONCLUSION: already suggestive that DSi ripped the keygen

=> Analysis of tracing with Softice: [lookin under da bonnet and in da boot]
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

   * both use EXACT SAME code at EXACT SAME offset to read in the name
   * both have the EXACT SAME code to generate the serial at the
     EXACT SAME location.  Both use the EXACT SAME variable names.
     Both use EXACT SAME registers for the serial algorithm.  Both
     have EXACT SAME jump locations
   * DUE TO THE NATURE OF THE ALGORITHM USED IN EDITPLUS, PART OF YOUR
     CODE CAN BE GENERATED FROM ANYTHING YOU WANT.  HAMBO CHOSE TO
     GENERATE IT IN A CERTAIN WAY FROM THE NAME THAT THE PERSON ENTERED.

     DSI'S KEYGEN DOES THE _EXACT_ _SAME_ _FUCKING_ _THING_.

   * CONCLUSION: the keygen was ripped by DSi without a SHADOW of doubt
     (ie 100% DEFINATELY GUARANTEED.  There is NO WAY this COULD POSSIBLY
     NOT BE A RIPPED KEYGEN)


   
 Analysis xxx


=> 15 is enough to prove that this isn't some one-off occurance.  There
   are MORE KNOWN RIPPED KEYGENS... all are like the above (ie similar
   interface, and the code used to generate the serial is identical, and
   located at the exact same offset).

   There are UNDOUBTEDLY MORE RIPPED KEYGENS which CORE and/or other
   neutral parties have not yet discovered.


   
 Detailed Analysis


=> If your not a cracker, skip to the next section before something
   bad happens ;)

   I'm going to go over AllCalc.  This program requires a 7 decimal
   digit number as the PIN.  It then generates an unlock code based
   on the pin.

   First set a bpx on getdlgitemtexta.  They both break on this API and
   the names are read in at the exact same location in both cases

   When you break you see this:

   BOTH HAVE EXACT      CORE's                             DSI's
   SAME OFFSET!!!!      KEYGEN                            KEYGEN
   vvvvvvvvvvvvv
   0137:0040106A    LEA     EDI,[EBP-34] ;same loc   LEA     EDI,[EBP-34]
   0137:0040106D    OR      ECX,-01       for vars   OR      ECX,-01
   0137:00401070    XOR     EAX,EAX                  XOR     EAX,EAX
   0137:00401072    REPNZ SCASB                      REPNZ SCASB
   0137:00401074    NOT     ECX                      NOT     ECX
   0137:00401076    DEC     ECX                      DEC     ECX
   0137:00401077    JZ      00401086                 JZ      00401086
   0137:00401079    LEA     EAX,[EBP-34]             LEA     EAX,[EBP-34]
   0137:0040107C    PUSH    EAX                      PUSH    EAX
   0137:0040107D    CALL    004010DC ;same loc for   CALL    004010DC
   0137:00401082    POP     ECX       calls          POP     ECX
   0137:00401083    PUSH    EAX                      PUSH    EAX
   0137:00401084    JMP     0040108B ; same loc      JMP     0040108B
   .                                   for jmp
   .
   .

   => As you can see so far, THE EXACT SAME CODE OCCURS AT THE EXACT SAME
      OFFSET!!!!!!

   => Here is the check to see if the user has entered only decimal digits:

   0137:004010FD    MOV     AL,[ESI+EDX] ; mov char  MOV     AL,[ESI+EDX]
   0137:00401100    CMP     AL,30          of pin    CMP     AL,30
   0137:00401102    JL      00401294                 JL      00401294
   0137:00401108    CMP     AL,39                    CMP     AL,39
   0137:0040110A    JG      00401294                 JG      00401294
   0137:00401110    MOV     EDI,ESI                  MOV     EDI,ESI
   0137:00401112    MOV     ECX,EBX                  MOV     ECX,EBX
   0137:00401114    XOR     EAX,EAX                  XOR     EAX,EAX
   0137:00401116    INC     EDX                      INC     EDX
   0137:00401117    REPNZ SCASB ; strlen()           REPNZ SCASB
   0137:00401119    NOT     ECX                      NOT     ECX
   0137:0040111B    DEC     ECX                      DEC     ECX
   0137:0040111C    CMP     EDX,ECX                  CMP     EDX,ECX
   0137:0040111E    JB      004010FD                 JB      004010FD

   => AGAIN YOU SEE THE CODE IS IDENTICAL AND OCCURING AT THE EXACT SAME
      LOCATION.

   => Here is the where the check to make the sure the PIN is 7 digits long:

   0137:0040112B    CMP     ECX,07                   CMP     ECX,07
   0137:0040112E    JNZ     0040128A                 JNZ     0040128A

   => THIS HAPPENS AT THE EXACT SAME ADDRESS AND THEY BOTH JUMP TO THE EXACT
      SAME LOCATION IF ECX!=7.

   => I could go on but this EASILY demonstrates that this keygen was ripped.
      NEEDLESS TO SAY, THE ENTIRE REST OF THE SERIAL ALGORITHM HAPPENS AT THE
      EXACT SAME LOCATIONS USING THE EXACT SAME CODE.

      All other keygens in this text have been analysed in the exact same
      fashion, and all were found to have IDENTICAL CODE OCCURING AT
      IDENTICAL LOCATIONS.


   
 Final Words from Prophecy/TNO


I'm just the neutral dude... this is CORE's ball game... but i'd like
to say... i use to think WARP was the lamest fucking group in the scene
after they used one of my keygens.... but i was wrong... DSi is the
lamest group in the scene.  After making such a big deal about WARP
using their keygens, you'd think they would be the last people to
be ripping keygens themselves.  If DSi have ANY HONOUR LEFT AT ALL,
they should disband.


                 ======================================
                 PART V: FINAL WORDS FROM CORE'S LEADER
                 ======================================

Well - of coz the normal  scene  can't  do  anything vs. this abuse. I  know
DSi is not the only group that rips keymakers and  steals  serials. We  took
DSi as an example coz DSi got  REALLY WORSE  lately!!! Bah... and I  thought
you were friends! Kick this damn lame leadership and/or close your group!

You can site-ban a group like DSi but  in 90% of the  cases  ppl  don't even
notice that keymakers get ripped or serials stolen.I encourage  all Crackers
to secure their keymakers with some basic encryption and BLACKLIST all known
groupnames. Mark your keymakers with special things that can't get ripped or
changed easy. Build in SICE Protection! Most rippers know  just  some  basic
coding stuff- so they are lost when the keymaker has some traps which proves
that they ripped the keymaker.

MSG TO DSi: AND DON'T WRITE NOW A "FUCKING-LAME-ANSWER-TXT" THAT SAYS:

"CORE DOES FEAR THE COMPETITION ! CORE DOES LOSE GROUND ! THEY LIE !
 THEY WRITE THIS COZ THEY PHEAR WE BECOME L33TER ...BLA BLA BLA [..]"

So many other groups did say this before in their answer txt's or on  their
flame-webpages. And where are they now? Where is that cool  cracking  group
called DONLGE? Keep calm and close ur damn lame group. It was  once  a nice
group with nice ppl. Now, what I can see is  totally  lame! And  don't even
think about re-uniting under a new name with the same shit!

CORE does care a shit about competition! We care about friendship among our
crackers and about our work. But we HATE IT when  other  groups  steal  our
work!

90% of CORE's members do something REAL and  spend very  much  free-time on
cracking  FOR THE  SCENE AND  THE END-USERS. CORE's ppl  don't sit  all day
long in front of the computer and are waiting for  some shit to courier. We
do this for the scene's benefit and our crackers are seeking for knowledge.

The big difference between CORE and so many other groups that release stuff
to the scene is: CORE HAS REAL CRACKERS ! And very good ones, too.

What ever you all may think out there...we think the scene becomes more and
more worse every day.Credits... credits...fame...fame...that's all most ppl
can think of. The scene gets more and more plug & play!

I fear that the real Crackers will be lost some day  with their view of the
scene.

Isn't it  funny? When i look  into  the  future  I see  Crackers that crack
keymakers of cracking groups .. hehe ...perhaps it's the price for crackers
to pay for starting to turn the wheel of cracking.

And to make it all perfect DSi has the NFO-note of the year 1998:


     While other groups give u REGGED shit, (Like LAME WARP using OUR      
     keygens to register newer versions) we spend time to make you         
     your very own personal keygen, which is harder then simply using      
     someone else's hard work to register with.                            
                                                                           
     Please dont use this keygen to release regged later versions!         
     Would be kinda LAME like WARP if u know what i mean. Spend your       
     effort making keygens, and appreciate those who do!


Buahahahaha .. you should write "we spend time to rip you your very own
personal keygen [..]"

Of coz WARP ripped also a lot in the past from CORE or other real cracking
groups but you DSI dudes are not a SINGLE BYTE  better  than WARP. I think
you are even MUCH MORE worse!You do the ripping shit just more clever than
others.

Well, we'll also look now at other groups, that produce keymakers   lately
(if they always carded their releases in the  past  and  don't  have  real
crackers).

Whoever reads this TXT ... think about it ... save your scene!

I wonder if DSi will also answer in a txt like the other ripper-groups did
before ... bitching at CORE. Whatever, I won't answer on it - like always!
You're so lame... ignoring your existence is the best thing all  scene ppl
can do!


THE
CORE LEADER

CORECRACKERS@CYBERJUNKIE.COM


