Sunday, 15 December 2013

Tutorial on cracking Applications/Software serial key

Tutorial on cracking Applications with OllyDbg

Click image for larger version. 

Name: Jv1Cw3q.png 
Views: 504 
Size: 98.3 KB 
ID: 258Click image for larger version. 

Name: UOrAn0J.png 
Views: 749 
Size: 88.7 KB 
ID: 256Tutorial One: Cracking Simplistic Applications


Welcome to my tutorial on cracking simplistic applications with OllyDbg. This tutorial will give you a detailed and in-depth understanding of the basis of cracking with OllyDbg. So let’s begin.

Part One: OllyDbg Interface
This section is for those that are unfamiliar with OllyDbg itself and would like a bit of help with it. Here’s the main interface:

In the CPU panel is where the program’s disassembled code is put. Below is a picture of the panels when I have opened a program into it.
Click image for larger version. 

Name: 5EDk2Ef.png 
Views: 512 
Size: 26.2 KB 
ID: 255
On the left side of the top right box in the CPU panel, you can see the different addresses the program is using. After that is the Hex Dump and next to that are the OpCodes that the Assembly Language uses and finally the comments. On the panel to the right of that you can see the Registers the program is using. The panels below that are the Hex Dump and ASCII window and in the panel on the right of that is the Memory Stack.

Part Two: OllyDbg Simplistic Crack 1
Below is an image of a Crack Me program designed in C++. In the links at the bottom of the page will be a download to it to test it out for yourself.
Click image for larger version. 

Name: UOrAn0J.png 
Views: 749 
Size: 88.7 KB 
ID: 256
First drag the executable onto the OllyDbg icon. This will open the program and OllyDbg with the program’s decompiled information.
Click image for larger version. 

Name: Jv1Cw3q.png 
Views: 504 
Size: 98.3 KB 
ID: 258
The main way people crack in OllyDbg is by searching for strings. If you know a programming language, you’ll most likely know that a string is a data type that stores a number of characters in a sequence. For example “Hello World” is a commonly used string. To find all the strings in the program, right click on the CPU screen and go to Search For > All Referenced Text Strings. In the “References” window you will now see a list of strings from the program itself.
Click image for larger version. 

Name: rqkryjE.png 
Views: 378 
Size: 146.5 KB 
ID: 259
Click image for larger version. 

Name: 71kBaiC.png 
Views: 306 
Size: 146.7 KB 
ID: 260
In this case, what we will want is the “Right Password! You made it! Gratz, now upload your solution.” String. We will double click on this and it’ll take us straight to the address where it is located. In the Hex Dump section of the panel, you will see there are red arrows next to the hexes. These are called jumps. They skip parts of the code to get to another part of the code. Click on the various arrows to find the ones that skip just below the “Right Password” string. In the image below you can see one of the jumps jumping below the string.
Click image for larger version. 

Name: I9iCGlM.png 
Views: 397 
Size: 166.1 KB 
ID: 261
Simply double click the OpCode (In this case, “JNE SHORT”) and replace it with NOP (Which stands for No Operation), click “Assemble”, and then “Close”. This means it will skip the loop. Once you have repeated this for all jumps that jump to after the “Right Password” code, right click and go to Analysis > Analyse Code. This will scan the code we’ve input and decide whether it’s code or data. The program will skip the jump to the “Wrong Password” string, show the ”Right Password String, and the next loop will cause the program to jump over the “Wrong Password” string.
Click image for larger version. 

Name: 7bfrYxW.png 
Views: 166 
Size: 163.0 KB 
ID: 262
Now run the program by either pressing F9, or clicking the “Run Debugged Application” in the Tool Strip Bar. You can now enter any name and any code and the application will assume it is correct.

Part Three: OllyDbg Simplistic Crack 2
Below is an image of the second Crack Me program designed in C++ by me this time.
Click image for larger version. 

Name: oxMsT1U.png 
Views: 127 
Size: 48.1 KB 
ID: 263
As you can see, the program is simple. It uses the .NET framework. Yet again we right click in the CPU panel, click Search For > All Referenced Strings. This will again display all the ASCII strings in the assembly of the program. Below is the image of the ASCII strings
Click image for larger version. 

Name: VDvG0V4.png 
Views: 220 
Size: 157.5 KB 
ID: 264
This program is significantly easier to crack. It has a single code that you can use to unlock the program. Now with a bit of intuition, you could probably guess the program’s code is “12345”, however we don’t want to unlock it that way. Instead we want to crack it ourselves. To do this we will double click on “Well done, you gave the right key”. It will take you to the appropriate address. Find the Jump that jumps after the “Well Done” string and replace it with NOP again. After you have found all the jumps and replaced them with NOP, right click on the window and click Analysis > Analyse Code. You can then run the program and type anything as the key and it will accept it as the correct key. An example is below:
Click image for larger version. 

Name: CWJVNai.png 
Views: 127 
Size: 43.6 KB 
ID: 265


to download OllyDbg
Post a Comment