25 Aug 2012

Learn to crack a simple C\C++ program - Reverse Engineering for noobs

Hi folks. Sorry for not posting anything on reversing for a long time as writing an article on Reverse Engineering takes lots of time and effort and I'm really a lazy boy :P
Anyways Lets get start with Reverse Engineering and get our hands on some real stuff. If you haven't saw my previous article then look An Introduction to reverse Engineering and Reverse Engineering Tools to get an IDEA about what we're dealing with here.
Before jumping to the advanced articles like cracking and real time software or generating some real patch I thought to begin with a pretty simple article.
As I promised many peoples including Ankit, Aman, Grayhat, Suren (my best facebook buddies) and many more that I'll write an article on reversing soon, however its a bit late but at least I'm writing one. ;)
Alright enough apologies, lets get started.
Here, we'll code a simple C program first then we'll crack it in a Reverse Engineer way.

Tools Required:
C compiler
Time and Patience :)

Open notepad and copy the below code.

#include<stdio.h>
int main()
{
int a;
printf("Enter the Key:");
scanf("%d",&a);
if(a==123)
 printf("\n Correct Key");
else
 printf("\n Wrong Key");
return 0;
}




Save the file as crackme.c then compile and generate its exe which will be crackme.exe. If having troubles with compilation then look HOW TO COMPILE A C PROGRAM
Now run the crackme.exe. it'll ask for the key. enter any random number and it'll get terminated with an error message.
Now we'll gonna crack this simple program to make it accept all the random numbers. Note down the error message, here it is Wrong key.
Open ollydbg and load the crackme.exe into it.
Right click anywhere in ollydbg, in the right click menu select search for > All referenced Text Strings.
Now search for text > Wrong key which is our error message.
double click on it and it'll lead you to its ASM code. don't worry If you didn't understand that giant code. I'll make it simple.
Monitor the above code. The address of the error string is 00401183 (it may can vary with your machine but you'll get something link this).
Wait.. look at the address 

00401170  CMP [EBP-4],7B
00401174  JNZ 00401183



here our entered key is compared with the stored key (which is 123 in our program) then on wrong comparison the condition JNZ 00401183 is getting true and it'll take the control to the address 00401183 which is the address of our error string.
However, if we reverse this condition then this condition will get false on wrong comparison and the control will move forward i.e. to the address with correct Key message
Double click on the code and change JNZ to JE   :-P
Press Ctrl+A to analyse code in case of any error.
Now save all the changes. from Right click menu copy to executable > All modifications > copy All > then cancel the front box, it'll ask to save changes click YES > overwrite to crackme.exe 
Close the debugger and run the cracked crackme.exe file again.
Now it'll accept any random key.
Viola, seems we cracked the code. huh, I'm really happy that I finally finished this article ;)

Feel free to ping me on gauravthehacker13@gmail.com

If you like this post then you can buy me a drink :P

2 comments:

Anonymous said...

that program has a Vulnerability

Anonymous said...

Then post your corrected answer.... you wanker...

Crack cracker cracked.... = nutcase

Post a Comment

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Online Project management