The Cracking Tutorial Of snd-reversing with lena-tutorial01.tutorial By Black_EyE
Assalamu Alaikum
I am Shaifullah Shoan An Ethical Hacker from Bangladesh.
Today I wanna show you
What is lena reversing ?
Lena reversing is the one of the most part About Cracking .Exe Software.
Its based on Machine Language
*** Remember ***
** All are language after create the software when its compoiled, it will be run on assembly lang.
You must need to know basic about assembly lang.
** assembly lang is the language which is based on binary and some resistor.
Assembler : The Basics In Reversing
Indeed: the basics!! This is all far from complete but covers about everything you need to know about assembler to start on your reversing journey! Assembler is the start and the end of all programming languages. After all, all (computer LOL) languages are translated to assembler. In most languages we deal with relatively clear syntaxes. However, it's a completely other story in assembler where we use abbreviations and numbers and where it all seems so weird …
I. Pieces, bits and bytes:
• BIT - The smallest possible piece of data. It can be either a 0 or a 1. If you put a bunch of bits together, you end up in the 'binary number system'
i.e. 00000001 = 1 00000010 = 2 00000011 = 3 etc.
• BYTE - A byte consists of 8 bits. It can have a maximal value of 255 (0-255). To make it easier to read binary
numbers, we use the 'hexadecimal number system'. It's a 'base-16 system', while binary is a 'base-2 system'
• WORD - A word is just 2 bytes put together or 16 bits. A word can have a maximal value of 0FFFFh (or 65535d).
• DOUBLE WORD - A double word is 2 words together or 32 bits. Max value = 0FFFFFFFF (or 4294967295d).
• KILOBYTE - 1000 bytes? No, a kilobyte does NOT equal 1000 bytes! Actually, there are 1024 (32*32) bytes.
• MEGABYTE - Again, not just 1 million bytes, but 1024*1024 or 1,048,578 bytes.
---------------------------------------------------------------------------------------------
II. Registers:
Registers are “special places” in your computer's memory where we can store data.
You can see a register as a little box, wherein we can store something: a name, a number,
a sentence. You can see a register as a placeholder.
On today’s average WinTel CPU you have 9 32bit registers (w/o flag registers). Their names are:
EAX: Extended Accumulator Register
EBX: Extended Base Register
ECX: Extended Counter Register
EDX: Extended Data Register
ESI: Extended Source Index
EDI: Extended Destination Index
EBP: Extended Base Pointer
ESP: Extended Stack Pointer
EIP: Extended Instruction Pointer
Generally the size of the registers is 32bit (=4 bytes). They can hold data from 0-FFFFFFFF (unsigned).
In the beginning most registers had certain main functions which the names imply, like ECX = Counter,
but in these days you can - nearly - use whichever register you like for a counter or stuff
(only the self defined ones, there are counter-functions which need to be used with ECX).
The functions of EAX, EBX, ECX, EDX, ESI and EDI will be explained when I explain certain functions
that use those registers. So, there are EBP, ESP, EIP left:
EBP: EBP has mostly to do with stack and stack frames. Nothing you really need to worry about, when you start. ;)
ESP: ESP points to the stack of a current process. The stack is the place where data can be stored for
later use (for more information, see the explanation of the push/pop instructions)
EIP: EIP always points to the next instruction that is to be executed.
There's one more thing you have to know about registers: although they are all 32bits large,
some parts of them (16bit or even 8bit) can not be addressed directly.
The possibilities are:
32bit Register 16bit Register 8bit Register
EAX AX AH/AL
EBX BX BH/BL
ECX CX CH/CL
EDX DX DH/DL
ESI SI -----
EDI DI -----
EBP BP -----
ESP SP -----
EIP IP -----
A register looks generally this way:
|--------------------------- EAX: 32bit (=1 DWORD =4BYTES) -------------------------|
|------- AX: 16bit (=1 WORD =2 BYTES) ----|
|- AH:8bit (=1 BYTE)-|- AL:8bit (=1 BYTE)-|
|-----------------------------------------|--------------------|--------------------|
|XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX|XXXXXXXXXXXXXXXXXXXX|XXXXXXXXXXXXXXXXXXXX|
|-----------------------------------------|--------------------|--------------------|
So, EAX is the name of the 32bit register, AX is the name of the "Low Word" (16bit) of EAX and AL/AH
(8bit) are the “names” of the "Low Part" and “High Part” of AX. BTW, 4 bytes is 1 DWORD, 2 bytes is 1 WORD.
REMARK: make sure you at least read the following about registers. It’s quite practical to know it although
not that important.
Lets Do Cracking...
Open reverseme.exe
Its shown : Evaluation period out of date. Purchase new license.
We need Ollydbg Tool with some important plugins.
That will be attached videos description...
Ollydbg Download: https://anonfile.com/Weza982bn2/ollydbg_zip
ReverseMe Download: https://anonfile.com/b50f9e2dn5/reverseMe_exe
Cracked Download: https://anonfile.com/X0zb9b2bn3/cracked_exe
Open Ollydbg as Administrator.
Aha its running.
Now open reverseme.exe from Opening folder icon on ollydbg
See,
This is Run form 00401000 and pmodule=Null
Set the Getmodulehandlea
Its a function of microsoft.net
at C++:
Copy
HMODULE GetModuleHandleA(
LPCSTR lpModuleName
);
lets seet our debugger from option follow me...
We put
8 time 0
and 8times f
Now play button. see the message and what will going in assembly lang. and restart << button
Here Filename= "Keyfile.dat"
Create file a
THis is also a function of c++ code.
HANDLE CreateFileA(
LPCSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile
);
here EAX is the registor and -0x01 is the numaric value is: -01
that means EAX Registor value is 0
so we need to make this false, so we go to zflag function and its make 0 from 1
we also create a breakpoint using f2 function key or duble clicking.
JNZ SHORT reverseM.0040109A
Its short Jump Short from 0040107B to 0040109A
so there jump is snot taken.
if we make it zflag from 0 to 1 it will be jump is taken to the line number 0040109A
so make the breakpoint 2 and jump to 00401095 for next jump.
Now duble check. Its umpt to 00401095
Here wrote JMP reverseM.0040121D
Lets check what and where was reverseM.0040121D
Here reverseM.0040121D is retern process of the while code. so we don't need the return value.
We need to bypass "badboy- BP2 means bp2 shown you key file is not valid like trial period."
to success or cong message body.
Yes. its really jump when we change the line number and also changed zflag from 0 to one. its jump is taken.
so again press f8 or down arrey.
Se it is shown us to congz message.
Now We dump the while process, What we changed.
and if you want to add your name on cracked file you must need to change the value of hex.
like that. follow me and dump the while process as cracked.exe
Now its shown Key file ReverseMe is cracked and
messaged: You really did it! Congratz!!!
No more today. Pray for me, After long time I am here ...
Stay tuned and THanks for subscribe my channel.
Regards,
Shaifullah Shaon (Black_EyE)
Single Man Army :D <3
Love Bengladeshi
Proud Be a Bengali.
I am Shaifullah Shoan An Ethical Hacker from Bangladesh.
Today I wanna show you
The Cracking Tutorial
Of
snd-reversing with lena-tutorial01.tutorial
By
Black_EyE
What is lena reversing ?
Lena reversing is the one of the most part About Cracking .Exe Software.
Its based on Machine Language
*** Remember ***
** All are language after create the software when its compoiled, it will be run on assembly lang.
You must need to know basic about assembly lang.
** assembly lang is the language which is based on binary and some resistor.
Assembler : The Basics In Reversing
Indeed: the basics!! This is all far from complete but covers about everything you need to know about assembler to start on your reversing journey! Assembler is the start and the end of all programming languages. After all, all (computer LOL) languages are translated to assembler. In most languages we deal with relatively clear syntaxes. However, it's a completely other story in assembler where we use abbreviations and numbers and where it all seems so weird …
I. Pieces, bits and bytes:
• BIT - The smallest possible piece of data. It can be either a 0 or a 1. If you put a bunch of bits together, you end up in the 'binary number system'
i.e. 00000001 = 1 00000010 = 2 00000011 = 3 etc.
• BYTE - A byte consists of 8 bits. It can have a maximal value of 255 (0-255). To make it easier to read binary
numbers, we use the 'hexadecimal number system'. It's a 'base-16 system', while binary is a 'base-2 system'
• WORD - A word is just 2 bytes put together or 16 bits. A word can have a maximal value of 0FFFFh (or 65535d).
• DOUBLE WORD - A double word is 2 words together or 32 bits. Max value = 0FFFFFFFF (or 4294967295d).
• KILOBYTE - 1000 bytes? No, a kilobyte does NOT equal 1000 bytes! Actually, there are 1024 (32*32) bytes.
• MEGABYTE - Again, not just 1 million bytes, but 1024*1024 or 1,048,578 bytes.
---------------------------------------------------------------------------------------------
II. Registers:
Registers are “special places” in your computer's memory where we can store data.
You can see a register as a little box, wherein we can store something: a name, a number,
a sentence. You can see a register as a placeholder.
On today’s average WinTel CPU you have 9 32bit registers (w/o flag registers). Their names are:
EAX: Extended Accumulator Register
EBX: Extended Base Register
ECX: Extended Counter Register
EDX: Extended Data Register
ESI: Extended Source Index
EDI: Extended Destination Index
EBP: Extended Base Pointer
ESP: Extended Stack Pointer
EIP: Extended Instruction Pointer
Generally the size of the registers is 32bit (=4 bytes). They can hold data from 0-FFFFFFFF (unsigned).
In the beginning most registers had certain main functions which the names imply, like ECX = Counter,
but in these days you can - nearly - use whichever register you like for a counter or stuff
(only the self defined ones, there are counter-functions which need to be used with ECX).
The functions of EAX, EBX, ECX, EDX, ESI and EDI will be explained when I explain certain functions
that use those registers. So, there are EBP, ESP, EIP left:
EBP: EBP has mostly to do with stack and stack frames. Nothing you really need to worry about, when you start. ;)
ESP: ESP points to the stack of a current process. The stack is the place where data can be stored for
later use (for more information, see the explanation of the push/pop instructions)
EIP: EIP always points to the next instruction that is to be executed.
There's one more thing you have to know about registers: although they are all 32bits large,
some parts of them (16bit or even 8bit) can not be addressed directly.
The possibilities are:
32bit Register 16bit Register 8bit Register
EAX AX AH/AL
EBX BX BH/BL
ECX CX CH/CL
EDX DX DH/DL
ESI SI -----
EDI DI -----
EBP BP -----
ESP SP -----
EIP IP -----
A register looks generally this way:
|--------------------------- EAX: 32bit (=1 DWORD =4BYTES) -------------------------|
|------- AX: 16bit (=1 WORD =2 BYTES) ----|
|- AH:8bit (=1 BYTE)-|- AL:8bit (=1 BYTE)-|
|-----------------------------------------|--------------------|--------------------|
|XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX|XXXXXXXXXXXXXXXXXXXX|XXXXXXXXXXXXXXXXXXXX|
|-----------------------------------------|--------------------|--------------------|
So, EAX is the name of the 32bit register, AX is the name of the "Low Word" (16bit) of EAX and AL/AH
(8bit) are the “names” of the "Low Part" and “High Part” of AX. BTW, 4 bytes is 1 DWORD, 2 bytes is 1 WORD.
REMARK: make sure you at least read the following about registers. It’s quite practical to know it although
not that important.
Lets Do Cracking...
Open reverseme.exe
Its shown : Evaluation period out of date. Purchase new license.
We need Ollydbg Tool with some important plugins.
That will be attached videos description...
Ollydbg Download: https://anonfile.com/Weza982bn2/ollydbg_zip
ReverseMe Download: https://anonfile.com/b50f9e2dn5/reverseMe_exe
Cracked Download: https://anonfile.com/X0zb9b2bn3/cracked_exe
Open Ollydbg as Administrator.
Aha its running.
Now open reverseme.exe from Opening folder icon on ollydbg
See,
This is Run form 00401000 and pmodule=Null
Set the Getmodulehandlea
Its a function of microsoft.net
at C++:
Copy
HMODULE GetModuleHandleA(
LPCSTR lpModuleName
);
lets seet our debugger from option follow me...
We put
8 time 0
and 8times f
Now play button. see the message and what will going in assembly lang. and restart << button
Here Filename= "Keyfile.dat"
Create file a
THis is also a function of c++ code.
HANDLE CreateFileA(
LPCSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile
);
here EAX is the registor and -0x01 is the numaric value is: -01
that means EAX Registor value is 0
so we need to make this false, so we go to zflag function and its make 0 from 1
we also create a breakpoint using f2 function key or duble clicking.
JNZ SHORT reverseM.0040109A
Its short Jump Short from 0040107B to 0040109A
so there jump is snot taken.
if we make it zflag from 0 to 1 it will be jump is taken to the line number 0040109A
so make the breakpoint 2 and jump to 00401095 for next jump.
Now duble check. Its umpt to 00401095
Here wrote JMP reverseM.0040121D
Lets check what and where was reverseM.0040121D
Here reverseM.0040121D is retern process of the while code. so we don't need the return value.
We need to bypass "badboy- BP2 means bp2 shown you key file is not valid like trial period."
to success or cong message body.
Yes. its really jump when we change the line number and also changed zflag from 0 to one. its jump is taken.
so again press f8 or down arrey.
Se it is shown us to congz message.
Now We dump the while process, What we changed.
and if you want to add your name on cracked file you must need to change the value of hex.
like that. follow me and dump the while process as cracked.exe
Now its shown Key file ReverseMe is cracked and
messaged: You really did it! Congratz!!!
No more today. Pray for me, After long time I am here ...
Stay tuned and THanks for subscribe my channel.
Regards,
Shaifullah Shaon (Black_EyE)
Single Man Army :D <3
Love Bengladeshi
Proud Be a Bengali.
good tutor,.. please create more crack tutor brother,..
ReplyDeleteThanks for your comment. Please Follow me back and stay tunes also subscribe my youtube channel for interested to making videos.
ReplyDeleteRegards,
Shaifullah Shaon(Black_EyE)