Reversing for Newbies - Pt 1: Binary Patching (Lena151 Assembly Tutorials)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everybody welcome to learn then teach this channel is pretty much centered around me learning things and then me recording me doing these things and teaching them to you the viewer the whole point is right when you when you learn something you know you really internalize that information when you can then go and teach somebody else right so that's my goal I'm gonna take what I learn and then I'm gonna teach it so that I have a better understanding of what it is I learned if that makes sense okay so basically this series is gonna be looking at a previously a previously made little series of tutorials on assembly made by a dude known as Lenna or Leena I'm not really sure to pronounce that and basically in this in this little series of his he walks you through learning assembly with the use of a program known as Hawley debugger which is a ring 3 it's a it's a ring 3 application or a ring 3 debugger and basically that means it runs or it works at the Windows application level but it can control other applications or you know look at how other applications work if that makes sense and so basically I'm gonna be taking his 40 part series which are it's like a no audio text tutorial it's pretty much what he uses and I'm gonna be basically adding my voice to those series because I know some people they learn better when they have somebody speaking out loud as opposed to just reading text off a screen and Lena's approach is very very good because it's way easy to learn something and a practical setting where you have some hands-on experience as opposed to just sitting there and watching a bunch of slides right so without further ado I'm gonna go ahead and jump into a Olly debugger here a lot that was really loud what was that alright so this is what it looks like and as far as what all these little windows are we have this is where this is like our memory pane this is where we're gonna be looking at the programs and instructions and you'll see that in a second when we load up our little reverse in the program our registers are gonna be found here our 32-bit registers EAX you know all that stuff this is our hex dump which we won't really be using too much in this first tutorial and then down the bottom right is where we can find the stack okay so basically what we're gonna be doing today is reversing this executable which one run says that a key file reverse me and it says evaluation period out of date purchased new license and when we go ahead and hit OK it just exits the program so what we're gonna be doing a nollie debugger is we're gonna be getting around that that little pop-up and then when you do finally crack the program there's a little pop-up that says all congrats you did it so basically that's what we're going to be trying to get to so if we go back to all the debugger and we open that reverse me file here you can see all these little windows become populated with stuff and at first it's really intimidating to look at but it's actually not that bad so here you can see the virtual address is like I said before and this is pretty these are pretty much the addresses of where the program was loaded into memory it's not always the same it can change and so in this next in this next column you can see that we have our op codes and AAB the computer interprets from these mnemonics here so the computer doesn't actually take these and and execute right this is just this column is just so we as humans can understand what's going on this is what the computer is actually going to read right so these op codes are going to be fed into our CPU and and it's gonna decide what to do based off those opcodes right so this is pretty much a translation this whole column is a translation of this whole column okay okay and so this column here is sort of like a comment section for alia it'll tell you like what's contained at certain addresses sometimes it's pretty hit or miss sometimes sometimes you can see stuff there and if yeah if we actually scroll through the program you can see that message that I was talking about this is the message that we want see a key file reversed me you really did it Congrats so that's what we think that's what we're gonna be trying to get to in this tutorial and you see we also have other messages like evaluation period on a date purchase new license that's the pop up that we saw first when we actually open a program and this this pop up is what stops us from getting to that pop up that we want it to get to so we're gonna be trying to go around that and then we also have this pop up or assess key file is not valid which we won't really be well this is pretty much just another check right it's another internal check that the program is gonna use to verify whether or not we have a key file and we're registered and stuff and basically we're gonna be trying to get around that too so we're gonna get around this one and this one that's our article okay so basically our instruction pointer our e IP here that you can see zero zero four zero one zero zero zero and that is this is all the way the e IP is always gonna be on the entry point of the program so that's it's gonna be where the program starts in memory basically so this pushed zero and an onward this pushed zero is the entry point and so that's where it's always gonna start if we were to close this and then reopen reverse me it's gonna start at the same place because that's our entry point right simple enough okay now what we're gonna want to do is we're gonna want to step through this program and stepping through the program basically means this we're gonna go line by line and look at these instructions line by line and we're just gonna keep going down because the program executes from top to bottom right so if I were to go all the way down if I keep stepping down I'm just gonna load all these instructions and whatever and you see basically it's gonna push it's gonna push an ASCII value onto the stack which is which happens to be the title of of that pop up window that we first seen so if I keep stepping down you'll see right here you'll see that pop up again right and when you hit okay the next instruction is to exit the process so that pretty much closes the program and that's not what we want so to go back to the entry point you just hit this restart little button here and it takes you back up to the top so we can reset the program so now this time we're gonna step through the program but we're gonna make changes along the way so that we can avoid those bad messages that we don't want to pop up so step to the program here this calls a git module handle a and that's basically a windows api function so if we were to go ahead and look that up on google you'll see that we have a git module a handle a write so we'll be going and see what that does it retrieves a module handle for the specified module the module must have been loaded by the calling process and that's exactly what happened right so that's not necessarily important for our overall goal right we're just gonna keep stepping down and these are all values that are being loaded that are necessary for the program to run see we got load icon load cursor and we have our create file which is gonna create a file if we actually just look that up too so you can see it's always good to see what these windows API functions do so that you get a better understanding of how the overall program flow works right so a create file function that's being executed here from the kernel which is where the kernel is basically where all the windows API functions are found and so the create file function what that does is it creates or opens a file or an input/output device the most commonly used input/output devices are follows file file stream directory physical disk volume console buffer tape drive communications resource and mail slot and pipe and you can see the arguments we have a file name we have our desired address where we want that to be loaded in and we have a bunch of other stuff which isn't really necessary at the moment this is where things really get kicked off in terms of verifying whether or not where or whether or not we have a valid key in our program right so as you can see here we have create file a and what create file a is basically doing in terms of this program is it's saying okay does this file exist is just key file debt exists in my current directory right and basically this function it's going to return a value and then we're going to compare for that value here in these next two instructions okay so so this compare is basically going to say well let's look at let's look at the structure of the of the entire program first right just so we get an idea of what exactly is going on at every stage in this program so this is what we're gonna do we're just gonna go into our notepad here and we're just gonna comment what actually happens in terms of execution in this program so basically what's gonna happen is room the double we're gonna double click the program and that's going to start it right and then okay once we start the program we're gonna start loading all all our necessary you know files and functions and stuff you see we we load a module handle we load an icon which is like you know this little icon right here for the program and then we load our cursor you know so we can get cursor coordinates within a window so we see what we're doing and stuff like that so we double click and start the program we load important stuff as you can see here like I just said this create follow is checking to see if we have a key file dot that right and then we're gonna jump down to this compare and this compare is basically going to say okay compare the values let's see if we have that key file in the directory and then if we if we do have that Nike file in the directory then it's gonna it would jump over this right it would it would set a value to where we would jump over this error message right so once we jump over that error message or rather we can say this we can say if key is there we jump over error there we say if keys not their display air and then if we scroll down and we see what else is going on and you see once it outputs the error it's gonna exit the process right so this basically means we're done that's as far as we're gonna get if we don't have that key file so if we look past this we can see we can see that it's kind of read the file and then once it reads the file it's gonna say okay we're gonna jump into a loop which you can see indicated by this little bracket right here okay so we're gonna jump into a loop and basically what this is gonna do is it's gonna verify every individual letter within that file to basically see whether or not we have a valid key so that's how that's gonna happen so we're gonna say okay if file is there loop through all characters to see if key is a valid then we have let's see so we're gonna jump we're gonna compare these and we're gonna jump and that takes us to this this error message so so basically if if key is not valid jump to an another error message and if key is valid let's see that's gonna jump down outside the loop I'm just gonna jump into the error this one this jump right here is gonna take us to to the good message right you really did it Congrats so that's pretty much the program structure if key is valid I guess it's a good message and you can kind of get a sense for like what the code would look like once you do once you uh once you do this right here so knowing this little group blueprint we're gonna go ahead and make our changes so we can get to that good message all right and so like I said before it all starts at this first compare here okay we're gonna see if the file exists I'm gonna use the compare function and do that and then we're gonna use our jump to execute our desired action so you can see at the moment the jump is currently not being taken right because when a jump gets taken an alley debugger you can see that this little flow arrow it'll turn red to let you know that we're gonna take the jump okay so this compare what's gonna happen is this compare is gonna modify what modify what's known as Z flag which you can see right here Z and the one and that's basically our our condition right so if it's one there equal and if it's zero they're not equal and so basically what's that what I said what this is gonna say is okay negative one which is the value we want to compare to the value of e IX which also happens to be negative one is going to say okay these values are equal but you can see the condition for this jump statement is jump if they're not equal so it will never jump because those two values don't equal each other so what we have to do is step down into this jump function and what we're gonna do is we're gonna modify that Z flag that was set from this compare instruction right so we're gonna say double click and then you can see like I said before that actually turns red and what that's gonna allow us to do is jump right over this error message so if we step down again you can see we jump right over that and we don't get the pop up anymore so if we go back into our little blueprint we can say okay we took care all this already right and I'll mark that with a hyphen just to know that we don't have to deal with that anymore or rather I'll do it like this I just set the font smaller that didn't do what I wanted it to do but you get my point so just make that bigger so you can see that alright so now what is our next step okay if the key file is there and loop through all the characters see if the key is valid so now we're gonna tackle this loop and we're gonna step down keep stepping down and then you see we have another jump here which jumps over another jump instruction so where does this jump instruction take us this one takes us to an error message so what's what we want to do essentially is okay this jump is currently not being taken but due to the fact that it's not being taken that means that were we're gonna run it to this jump right here and this jump is gonna send us to the error message and that's not what we want so what we're gonna do is we're gonna step into this first jump you can see all the debugger is telling us a jump is not going to be taken so what we want to do here is pretty much the same thing we did to avoid the first error message we want to mess with that zero flag so if we go ahead and do that you can see a boom okay that jump is going to be taken so we're gonna completely avoid this one that sends us to the error message so we can step down it'll take us right over that and then right after we do that we now are getting ready for our loop so you can see ours or EBX EBX when you have when you have this zora instruction and you have a register and then the same register what that's going to do is it's basically to zero that out right so if you can see over here on in our registers section you can see that EBX if I were to step down you VIX would get reset to zero and same for ESI itself actually do that now you can see EBX just got zeroed out and then once I step down again our ESI is also gonna get zeroed out so if I do that you can see him ESI is zeroed out and our EDX is zero it out and so the net the next thing that's going to happen is another compare and then that compares gonna set us up for another jump so we can see that we're comparing the value 10 to the value that is stored at this address in memory you can see we're using the dereference operators around that address this basically means we're gonna get the value of that memory address and not the actual memory address so whatever is in there and we can actually see that the current value of that memory address is zero so we're comparing 10 to zero alright so we're comparing 10 to zero and then our next jump instruction is okay it's gonna say you jump if a less than and if we step down into that jump we can see that this jump is currently being taken and that's not good because what that's gonna do is jump us into into an error message and that's not what we want we want to completely avoid that actually so in order for us to make it into the next verification step which is where it loops through all the characters what we need to do is make sure that we take care of this jump first because if we don't then we're just gonna go boom straight into the key file is not a valid message so what we do here is um when you have since we have a jump in less than which is different than the jump if not equal to s that we've been messing with the jump if not equal to instructions usually look at the zero flag specifically to make their decision now when we're working with a jump than less than or or a jump if less than or a jump if not greater equal we're looking usually at the S flag here you can see it's right under that zero flag so now that's that S flag is gonna allow us to manipulate what this jump does so if we go ahead and we double click that one you can see that boom we just nullified their jump it's a it's not going to happen so we next time we step we're gonna step into this loop here as opposed to just jumping straight and today error message so let's go ahead and do that now and boom we're in the loop so you can see we're just allocating some data from from this offset here from our EBX 0 plus this address and we're dereferencing that so we're getting the value and we're moving that into a an actual 8-bit register which is which is what this al is here then if we step down one more time we see okay we have comparison going on it's comparing zero so whatever value we have in this 8-bit register and you can see we're comparing to zero and you can see that that 8-bit registers also zero so currently these two are equal to each other and that's the condition that this next jump is looking for so we step down you can see it's going to get taken because those two values are equal and what this next jump is gonna do is this is gonna jump us out of the loop and we're in your jump into another comparison and this comparison is looking at jumping if if less than so if we click that jump we can see that what's gonna happen is we're gonna get jumped into the error message again which is not what we want to do and unions all you can also see we have another jump here and what this jump is gonna do is it's gonna boom it's gonna take us all the way to what we want to where it says you really did it Congrats that's where we want to go we don't want to go back into this error so what we're gonna have to do is okay this is our kind of destruction so we can take this jump right because basically what we can do is if we take this jump it's going to set us up to modify this jump so that we completely ignore that and then we just step down to this jump which will take us to the message that we want okay so now what we want to do is the same we did with the other jump if not equal we're gonna be modifying our Z flag here so that we can they're actually minute know where we're now going to be touching this jump at all we want to take this jump okay so we're going to step down boom we took the jump so we didn't touch that first one there and the one we actually want to modify is this next jump after this compare so step down into that next jump and what we want to do is you can see it's another jump if less than right so what we're gonna be doing is modifying the S flag not the Z flag so we're gonna go ahead and do that change that one to zero you can see that it's gonna nullify that jump we can step down and then if we happen to step down again it's gonna step us it down into the section that we want to be in so now if I just keep stepping down we're gonna get our pop-up that says congrats you really did it and that's pretty much it
Info
Channel: LearnThenTeach
Views: 50,751
Rating: 4.8941565 out of 5
Keywords: reverse, engineering, reverse engineering, olly, dbg, ollydbg, x64dbg, immunity debugger, crack, hack, serial, free program, free keys, free serials, education, hacking, how to make cracks, how to make hacks, cracking, keygen, free software, photoshop, illustrator, sony vegas, after effects, aimbot, esp, vip hacks, vip cheats, cybersecurity, information technology, it, IT
Id: r4l3C5KHUt0
Channel Id: undefined
Length: 24min 22sec (1462 seconds)
Published: Mon Jan 29 2018
Related Videos
Reversing for Newbies - Pt. 2: Key File Creation (Lena151 Assembly Tutorials)
LearnThenTeach
14K
Patching Binaries (with vim, Binary Ninja, Ghidra and radare2)
LiveOverflow
76K
The Stack: Last in, First out
Retro Game Mechanics Explained
79K
How To Defeat Anti-VM and Anti-Debug Packers With IDA Pro
OALabs
58K
Lets reverse engineer some basic software
Give Academy
15K
🐉 Learn Program License Registration Patching (x64dbg) 🐉
HaKDMoDz
79K
Real Software Crack This Time...!
Suresh K
86K
Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
SANS Institute
12K
Reverse Engineering (Convert trial version software to full version)
Nawab Mohit
301K
Reverse Engineering Basics
Layer 8
305K
how to crack any software to full version,full video course availble YouTube
Crack Request
67K
Unpacking Process Injection Malware With IDA PRO (Part 1)
OALabs
10K
Extending trial software beyond the 30 days - Ethical Hacking
Technical Family 4 All
1.2K
x64dbg: How to find caller of function
Paul Chin
20K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.