SteveAndrew
Master Cheater
 Reputation: 30
Joined: 02 Sep 2012
Posts: 323
|
 Posted: Sat Apr 13, 2013 3:01 pm Post subject: My friend gave me a crackme challenge and I SUCCEEDED! :D |
 |
|
Thanks to VERY meaningful referenced strings, I was able to crack-patch this app in about 2 minutes! (My first successful patch [though this is an easy example, likely the easiest you can find])
NOTE: This is for informational purposes only, to demonstrate how a very weak license validation can be overcome easily! I take no responsibility for anyone who uses this information improperly!
Here's an overview on how I accomplished this so easily 
As you can see in the image below, I first searched for referenced strings (strings which are referenced in code) too see if there was anything useful to go on...
It just so happens that in this case there are VERY meaningful referenced strings! One stood out in particular though! 'License:Invalid'
I went to the address which references that string as shown!
Since getting referenced strings also, dissects code for you as well, you can see jumps that lead to certain addresses (shown in bold and italic above the address)...
I scrolled up until I found where there was a jump from somewhere to this 'invalid license' code! Shown here:
I went to the bold + italic address: 0x41bbe4 (as I know that jumped to here from that address)
Voila! a conditional jump! Taking a guess I would think that if it follows this conditional it takes it to the invalid license code! So will reversing this single conditional jump actually work and break this simple protection?
Tried reversing the jump and voila (changed je to jne) it works! Loads up no problems without having a valid license!
So you can either just NOP it and it will be valid no matter what, or reversing the jump works fine as well, the only difference is, if you do actually enter a valid license using the reverse jump instead of nop, that's when it will FAIL and say invalid LOL! Oh the irony!
But I prefer the reverse jump method as you can just change a single byte! Write a CE script to patch the byte from 0x84 to 0x85... Or better yet open exe it self in CE or Olly or any hex editor, change the byte and save! Then you won't have to apply the patch each time
Watch my video here to see fully how I did it, and it working in action!:
http://www.youtube.com/watch?v=s0OaUNxxO_g
So there you go! Hope this helps demonstrate how to defeat simple protections!
_________________
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
