Simple EXE Hacking with Ollydbg 12. Simple EXE Hacking with Ollydbg What You NeedA Windows machine, real or virtual. I used a Windows Server 2008 virtual machine.PurposeTo modify a Windows EXE file and save an altered version.This gives you practice with very simple features of theOllydbg debugger.Task 1: Target EXE Recon Get putty.exeIf you are using the machine handed outby your instructor, putty.exe is inthe Downloads folder.If you are using some other machine,get it here:Verifying the SHA256 HashRun Hashcalc on putty.exe andconfirm that the SHA256 value matchesthe value shown below.Running PuttyDouble-click putty.exe.
PuTTY opens, as shown below.If PuTTY won't start, right-click it, click Properties,and click Unblock.In the 'Host Name (or IP address)' box, typead.samsclass.infoAt the bottom, click the Open button.A black box opens, and shows a ' login as:'prompt, as shown below.You could connect to a server at this point,but that's not the point of this project.We will alter this program to do other thingsinstead of printing 'login as'.Close the Putty window.Starting OllydbgClick Start. Search for Ollydbgand start it.In Ollydbg, from the menu bar, clickFile, Open.
Navigate toputty.exe and open it.Ollydbg opens, as shown below.
AbstractThe objective of writing this paper is to explain how to crack an executable without peeping at its source code by using the OllyDbg tool. Although, there are many tools that can achieve the same objective, the beauty behind OllyDbg is that it is simple to operate and freely available. We have already done much reverse engineering of.NET applications earlier. This time, we are confronted with an application whose origin is unknown altogether.
In simple terms, we are saying that we don’t have the actual source code. We have only the executable version, which is a tedious task of reverse engineering.EssentialsThe security researcher must have a rigorous knowledge of assembly programming language. It is expected that the machine is configured with the following tools:.
OllyDbg. Assembly programming knowledge. CFF explorerPatching Native BinariesWhen the source code is not provided, it is still possible to patch the corresponding software binaries in order to remove various security restrictions imposed by the vendor, as well as fixing the inherent bugs in the source code. A familiar type of restriction built into software is copy protection, which is normally forced by the software vendor in order to test the robustness of the software copy protection. In copy protection, the user is typically obliged to register the product before use. The vendor stipulates a time restriction on the beta software in order to avoid license misuse and to permit the product to run only in a reduced-functionality mode until the user registers.Executable SoftwareThe following sample shows a way of bypassing or removing the copy protection in order to use the product without extending the trial duration or, in fact, without purchasing the full version.
The copy protection mechanism often involves a process in which the software checks whether it should run and, if it should, which functionality should be allowed.One type of copy protection common in trial or beta software allows a program to run only until a certain date. In order to explain reverse engineering, we have downloaded the beta version of software from the Internet that is operative for 30 days. As you can see, the following trial software application is expired and not working further and it shows an error message when we try to execute it.We don’t know in which programming language or under which platform this software is developed, so the first task is to identify its origin. We can engage CFF explorer, which displays some significant information such as that this software is developed by using VC language, as shown below.We can easily conclude that this is a native executable and it is not executing under CLR. We can’t use ILDASM or Reflector in order to analyze its opcodes. This time, we have to choose some different approach to crack the native executable.Disassembling with OllyDbgWhen we attempt to load the SoftwareExpiration.exe file, it will refuse to run because the current date is past the date on which the authorized trial expired.
How can we use this software despite the expiration of the trial period? The following section illustrates the steps in the context of removing the copy protection restriction:The Road Map.
Load the expired program in order to understand what is happening behind the scenes. Debug this program with OllyDbg.
Trace the code backward to identify the code path. Modify the binary to force all code paths to succeed and to never hit the trial expiration code path again. Ajay Yadav is an author, Cyber Security Specialist, SME, Software Engineer, and System Programmer with more than eight years of work experience.
He earned a Master and Bachelor Degree in Computer Science, along with abundant premier professional certifications. For several years, he has been researching Reverse Engineering, Secure Source Coding, Advance Software Debugging, Vulnerability Assessment, System Programming and Exploit Development.He is a regular contributor to programming journal and assistance developer community with blogs, research articles, tutorials, training material and books on sophisticated technology. His spare time activity includes tourism, movies and meditation.
He can be reached at om.ajay007atgmaildotcom. Free Training Tools. Editors Choice. Related Boot Camps.
Crack Winrar Using Ollydbg
More Posts by Author.16 responses to “Reverse Engineering with OllyDbg”. With your softwareIs it possible to figure out a encryption / decryption key if you have only 6datapoints (inputs / outputs)?I was hoping thatF(MI110800017) = 0703-95be-73cb-416f-3155-14a8-e976-5750and we can figure out how F,algorithm function worked.Device ID (input) / (key)Device ID Lease CodeMI703-95be-73cb-416f-3155-14a8-e976-5750MIb97-1d6f-94cf-51f1-dd0c-7a0e-d7e2-b1d3MI956-4c11-f56c-1a53-f0be-3a92-9da8-72ebMI110100001acc2-8d17-16f9-20b0-4983-2bfb-fb37-f16eMI392-0efb-e0f3-8b8a-4b6c-71d1-394f-97e0MI5331-070c-453d-9156-7cae-143d-595b-8c23MI110800012?