Tutorial on cracking Applications with OllyDbgTutorial One: Cracking Simplistic Applications
Welcome to my tutorial on cracking simplistic applications with OllyDbg. This tutorial will give you a detailed and in-depth understanding of the basis of cracking with OllyDbg. So let’s begin.
Part One: OllyDbg Interface
This section is for those that are unfamiliar with OllyDbg itself and would like a bit of help with it. Here’s the main interface:
In the CPU panel is where the program’s disassembled code is put. Below is a picture of the panels when I have opened a program into it.
On the left side of the top right box in the CPU panel, you can see the different addresses the program is using. After that is the Hex Dump and next to that are the OpCodes that the Assembly Language uses and finally the comments. On the panel to the right of that you can see the Registers the program is using. The panels below that are the Hex Dump and ASCII window and in the panel on the right of that is the Memory Stack.
Part Two: OllyDbg Simplistic Crack 1
Below is an image of a Crack Me program designed in C++. In the links at the bottom of the page will be a download to it to test it out for yourself.
First drag the executable onto the OllyDbg icon. This will open the program and OllyDbg with the program’s decompiled information.
The main way people crack in OllyDbg is by searching for strings. If you know a programming language, you’ll most likely know that a string is a data type that stores a number of characters in a sequence. For example “Hello World” is a commonly used string. To find all the strings in the program, right click on the CPU screen and go to Search For > All Referenced Text Strings. In the “References” window you will now see a list of strings from the program itself.
In this case, what we will want is the “Right Password! You made it! Gratz, now upload your solution.” String. We will double click on this and it’ll take us straight to the address where it is located. In the Hex Dump section of the panel, you will see there are red arrows next to the hexes. These are called jumps. They skip parts of the code to get to another part of the code. Click on the various arrows to find the ones that skip just below the “Right Password” string. In the image below you can see one of the jumps jumping below the string.
Simply double click the OpCode (In this case, “JNE SHORT”) and replace it with NOP (Which stands for No Operation), click “Assemble”, and then “Close”. This means it will skip the loop. Once you have repeated this for all jumps that jump to after the “Right Password” code, right click and go to Analysis > Analyse Code. This will scan the code we’ve input and decide whether it’s code or data. The program will skip the jump to the “Wrong Password” string, show the ”Right Password String, and the next loop will cause the program to jump over the “Wrong Password” string.
Now run the program by either pressing F9, or clicking the “Run Debugged Application” in the Tool Strip Bar. You can now enter any name and any code and the application will assume it is correct.
Part Three: OllyDbg Simplistic Crack 2
Below is an image of the second Crack Me program designed in C++ by me this time.
As you can see, the program is simple. It uses the .NET framework. Yet again we right click in the CPU panel, click Search For > All Referenced Strings. This will again display all the ASCII strings in the assembly of the program. Below is the image of the ASCII strings
This program is significantly easier to crack. It has a single code that you can use to unlock the program. Now with a bit of intuition, you could probably guess the program’s code is “12345”, however we don’t want to unlock it that way. Instead we want to crack it ourselves. To do this we will double click on “Well done, you gave the right key”. It will take you to the appropriate address. Find the Jump that jumps after the “Well Done” string and replace it with NOP again. After you have found all the jumps and replaced them with NOP, right click on the window and click Analysis > Analyse Code. You can then run the program and type anything as the key and it will accept it as the correct key. An example is below:
to download OllyDbg