Notify me of follow-up comments by email. Notify me of new posts by email. Skip to content Menu. Posted on June 14, by admin. One of the tests consisted of getting the serial key of a simple program. The first thing I usually do in these cases is to check if the executable is compressed or not.
Some programs pack some of their codes in order to limit our attempt to statically analyze it. To achieve this purpose we are going to use PeID. If the file were compressed with UPX for example, the program would advise us about it and we could uncompress it with this tool.
We can see the R. If some day you detect that the R. Now we have the assurance that the file has not been compressed. This is one of the first steps in a static analysis. We are going to make a dynamic analysis with OllyDbg but I want to know if the developer has made an effort in order to try to hide some code. Notice if the executable is packed then we are not going to be able to read a lot of strings within the file.
It is possible I will talk about that in future posts. Now, we are going to run OllyDbg. It does not need installation, just download it and uncompress it. Now we can see the binary code. We are going to click on the play button in order to run the executable just loaded in our debugger and check the file behaviour.
Ok, the program is closed when it is open within a debugger. It is necessary to restart OllyDbg in order to work with this plugin. If you click on Plugins tab you can see Hide Debugger plugin. We have just installed the plugin to avoid being detected and now, we are going to load and play the executable again. The most advanced debugger for cracking used by all crackers is OllyDBG, this tool will become your friend, your partner, it will be for you the tool number one!
We will use olly for everything, like patching, finding serial keys, unpacking, studing, etc. Run the crackme and you will see that it needs a name and a serial number, enter some fake info Disassemble our target with w32dasm then click on the imports button. GetDlgItemTextA like in the picture below: Select it like in picture above and double click on it, you will land at the address: DF write down this address , just a bit below this we have an other reference to USER Close W32Dasm, we don't need it anymore.
Run OllyDBG and click on file, open, browse to our crackme and open it. Cool, you should see the asm code now. Press F9 button from your keyboard then the crackme should show up. Enter your name and any serial number but don't click on 'check serial' button yet. This button is indicated in the picture below: picture5: On the blank box enter the first address we did found on w32dasm, DF then click ok!
Go to the second address to and set a breakpoint there too by pressing F2. See the picture below to see my breakpoints. The addresses highlighted with white means that there is set a breakpoint.
0コメント