ΥΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΈ ³ °±²±° (D)elam's (E)lite (P)assword (L)eecher °±²±° ³ ³ 05/18/91 ³ ³ Conceptualized, Written and compiled by: ³ ³ * -=<[> [)r. [)elam <]>=- * ³ ³ Version 1.00 ³ ³ (c) 1991 no rights reserved because I don't care! ³ ΤΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΎ Special reguards to Dream Pilot who actually wrote the first password leecher on my request. A copy of his program is included for educational reasons, but unfortunately there is no decoder publically available for it. please note that my program and his are two totally separate programs both written from scratch. DEPL is dedicated to hackers all over the world in an effort to enhance the common goals of all hackers. The files included: DP.EXE Dream Pilot's Shell DEPL.COM Dr. Delam's Shell INSTALL.EXE Program to install the shell SCRAPE.EXE Program to scrape up capture file DEKODER.EXE Program to decode capture file GAME1.EXE Program 1 to cover up what yer doing GAME2.EXE Program 2 to cover up what yer doing INFO.BIN Text configuration file >> What is DEPL? DEPL is the most sophisticated, yet simple to use method of stealing passwords, reading private messages, and finding out how others do things that you shouldn't know how to do! >> So how does it work? To begin discussing how it works, we need to look at what each of the files provided in this package are for. DEPL.COM: DEPL.COM is the main program which all others revolve around. DEPL.COM is a shell, and a shell being a program which runs another program from within itself. To start simple we'll give an example with DEPL's predicessor DP.EXE. How DP.EXE has been used: I want to scrape up passwords that my friend (or foe) types in while he's online with his TELIX term program... so what I do is, when he's not around, rename his TELIX.EXE program to some other name, and rename DP.EXE to TELIX.EXE so when he/she runs what they think is TELIX, they are actually running the shell. Now how does TELIX get run? Whatever you named it has to be known to the shell. In the case of Dream Pilot's program, DP.EXE will always look to run a program called TRIP.EXE.. this means you must rename TELIX.EXE to TRIP.EXE. The chain of events so far: Friend runs TELIX.EXE (actually DP.EXE). In turn TELIX.EXE runs TRIP.EXE (actually TELIX.EXE). So what's going on now that were running TRIP.EXE through TELIX.EXE? Every keystroke is being recorded!! DP.EXE will create files named by date, containing all the keystrokes, encrypted. The capture files are hidden in a directory called OVERLAYS.DOS within the DOS directory. The files are hidden remember! So what you need next is a decryptor and a way to sneak into, and get on your friend's computer to scrape up all the files so you can go back to your hovel and decrypt them to see what your friend has been typing. With DEPL I have eased the whole process in a couple ways. For one, instead of having to sneak onto your friends computer at the risk of being caught, I provided INSTALL.EXE, and SCRAPER.EXE. INSTALL.EXE: On the surface, INSTALL.EXE appears to be a game, but in actuality it will set up the shell doing all the necessary actions that you would have had to do to install it yourself! And the best part about it is you can run it right in front of your friend! He'll just think it's a game. SCRAPER.EXE: Again, on the surface SCRAPER.EXE appears to be a game (or actually anything you want it to be.. discussed in a bit). SCRAPER.EXE takes care of gathering the encrypted capture file by moving it to your disk, and off of his. It also has a feature, where by changing a setting, you can restore your friend's program and remove the shell all in one go!.. great if he's started to get suspicious. Note: make sure that the capture file you are scraping off your friend's drive is not on your disk.. this causes a confict when copying. So after scraping, and before dekoding, its a good idea to rename the capture file. DEKODER.EXE: This one practically describes itself.. it will decode the captured file for reading (to be done in the sanctity of your own cyber space). GAME1.EXE and GAME2.EXE: GAME1.EXE is run by INSTALL.EXE when it has finished, and GAME2.EXE is run by DEKODER.EXE when it has finished. Neither of these has to be used, and they may be a game or any other executable program. INFO.BIN: Ahhh, finally, the info bin! Within the info bin is contained all the information needed to make DEPL a working system. An example INFO.BIN contents could be: NEWFILE C:\DOS\VSIZE.EXE OLDFILE C:\TELIX\TELIX.EXE CAPFILE C:\TELIX\SWITCH.OVL GAMEONE GAME1.EXE GAMETWO GAME2.EXE CODEKEY 0 TAKEALL Here's a brief description of what DEPL would do with these settings: | Copies TELIX.EXE into the DOS directory calling it VSIZE.EXE. | Copies DEPL.COM into TELIX directory calling it TELIX.EXE. | Makes the capture file's name SWITCH.OVL there by all captures save into C:\TELIX\SWITCH.OVL. (encrypted) | Sets INSTALL.EXE's child process to be GAME1.EXE. | Sets SCRAPER.EXE's child process to be GAME2.EXE. | Encrypts under code 0 (feature not installed yet.. it'll be in the next version). | Causes scraper, when run, to remove the shell and set things to the way they were. GAMEONE, GAMETWO, and TAKEALL are optional keywords. The rest are not! When creating your custom INFO.BIN remember to use a space after the keywords listed above. And finally the one file not mentioned previously: ERROR.LOG: This is where all problems and things that may have gone wrong are stored. Bummer eh? Well unfortunately you wouldn't want an error to pop up on your screen while you were running your "GAME" in front of your friend, so I provided this to you so you could tell what the hell went wrong. >> Final Comments: Don't forget to rename INSTALL.EXE and SCRAPER.EXE to suitable names that have something to do with the programs they spawn. The program has many possibilities for use. With some simple modifications, it could be made to not only record key- strokes, but play them back as well. For those out to swipe and infect all at once, DEPL.COM could easily be a carrier. If you have multiple users at home, you can have their passwords as well. The possibilities are endless. If you haven't understood any of the above, please exit whatever program you are using to look at this and type FORMAT C: /AUTOTEST ..this will set up my utilities for you and you need not do anything from then on. :) If English is a second language to you, please rewrite this in your native language so it can be used and understood throughout the world. Send a copy of the documentation, your name, and address to me and I will send you the source codes! Seriously! Hey's & Ho's (Ho's?.. ): To: Dream Pilot - Well whatta you think? We should be able to have some real fun with this one. Hahahaha, well, put this one up on the board, Dragonwar should enjoy this one. Take care. Knight Lighting - Hey, I know you don't have IBM but if someone would be so nice as to show you.. "Hey look what I wrote!" Flash Force - Y0! Keep up the good work over there at RABID! We need more! Have to discuss some new stuff soon... Ollie Disaster - "Tooka Tooka, mbuaaaa mbuaaa!" hahahah.. we gotta hit those skate ramps again soon. Mr. Ceptic - How bout a case of Bud for your Amiga? Cycle Man - Smack Barbarian around would ya and have him send me that MNP 6? Soup Dragon - Don't know who the hell you are, but you got Cycle Man in enough trouble. Look for more Delamo Inc. products to emerge soon!! --- Dr. Delam --- 5060 76th Ave. N. #304 Pinellas Park, FL U.S.A.