Archive for July, 2012

More Tutorials Uploaded by Members

We have two more tutorials that have been uploaded by members of the site. The first is “Unpacking PELock V.1.06″ by nwokiller. The second is XOR06′s second tutorial, “Bypassing a Keyfile”.

Thanks, guys. You guys are a big part in making this website fun and informative.

Both can be downloaded on the tutorials page.


R4ndom’s Tutorial #16A: Dealing With Windows Messages

Well, after overcoming two viruses (one for me and one for my computer) I finally have the latest tutorial up. This tutorial will be part of a three part tutorial, all dealing with the same crackme ( a pretty hard one) called Crackme12 by Detten. In the first part we will go over how Windows messaging works. The second part will be about self-modifying code. In this part we will also crack the app. In the third and final part we will introduce bruteforcing. And you guessed it, in the third part we will bruteforce this binary. Each part will continue where the previous left off.

This three part series will be challenging, but I guarantee you that if you take your time and experiment on your own, you will gain critical knowledge in reverse engineering. And remember, if you have any questions, feel free to ask in the forum . I will also give homework at the end of each tutorial that will help you prepare for the next one. This is where the real learning will come in :) .

As always, the files you need will be available in the download of this tutorial on the tutorials page. For the first part, the files include the crackme and a cheat sheet for Windows messaging.

So, without further ado, let’s begin…

(continue reading…)


A New Submission to the Site!

One of our members, XOR06, has posted a tutorial of his own on the forum. It is quite good and I hope everyone is able to check it out.

Very nicely done, XOR06, and thanks for your time :)

 

You can download the tutorial here.


Double Whammy

As irony would have it, I got a virus at the same time as my computer (though they were not the same virus).

I got some sort of stomach thing and have been out of commish for a couple days.

My computer got the W32/Conficker virus. So cliche! It came from a crackme I downloaded and was too lazy to scan. Thank yous go out to whoever took the time to infect the crackme with conficker. There is a special place in my heart for you.


R4ndom’s Tutorial #15: Using The Call Stack

Introduction

In this tutorial we will be removing a nag from a ‘real’ program. In an attempt to help out the author’s, who spend a great deal of time creating these apps, I have attempted to pick an app that will do the least amount of harm. This time, I did a Google search for “Cracked Software” and this program came up with the most hits, including tutorials, serial numbers, keygens, you name it. Because it is so incredibly easy to get a crack for this app, I figured someone would probably not have much trouble getting it anyway. But please, if you do like it, pay for it.

We will also be adding a couple tricks to our arsenal for reverse engineering. One note, if you are running these tutorials under 64-bit windows 7 (like I am), Olly 1.10, even my version, the call stack trick will not work. My suggestion is to do what I do: Run Olly 2.0 just to perform the trick (and get the correct address) then switch back over to my version of Olly for the rest of it. Or just use Olly 2.0- there are a lot of nice features in it and it has been fixed to work properly with 64-bit operating systems.

You can download the files for this tutorial on the tutorials page.

(continue reading…)


R4ndom’s Tutorial #14: NAGS (And I don’t Mean Your Mother)

Introduction

Nags, or nag screens, are generally message boxes that pop up to remind you that your trial is ending, you need to register, a reminder about visiting the website… basically anything that’s nagging and not necessary (like most bosses :) ). Many Freeware programs come free because they’re full of nags (ads, time-trials, re-directs). Commercial software also includes them often, reminding you “you have 18 days left to try this product.” etc. Getting rid of nags is a central theme in reverse engineering, and sometimes provides it’s own set of challenges. In this tutorial we will be going over two apps that have nags. We will then bypass them so they no longer show, and then patch them so they won’t ever come back.

I will also be introducing a new plugin for Olly called IDAFicator. It has many features and settings. you can download the plugin from the tools page. Because there are so many features, I am also including a tutorial by the author of IDAFicator in the download for this tutorial. I highly recommend watching it as there are a lot of very cool features to this plugin.

You can download the files and PDF version of this tutorial on the tutorials page.

(continue reading…)


Ask and You Shall Receive: A New ASCII Plugin

In one of my tutorials I asked anyone out there with the gumption to re-do the ASCII plugin, as the idea was great but the implementation was not there (it sucked).

Willem Jongman, aka TopTools in the forum, has answered that call with a new shiny plugin to display the ASCII table inside OllyDBG. And it fixes all of the problems with the old one! You can re-size the window, the text is not selected, yadda yadda yadda.

As a special thank you, TopTool is getting a brand new iMoc computer*

Thank you, TopTool, you rock!

You can download this plugin here .

You can also check out his other tools here .

 

*iMoc specifications: 3 Htz processor (formerly in a McDonald’s Transformer robot), 4 bytes of ram (expanadable to 256 bytes), no hard drive (why would you with all that ram?), and a pencil as an input device. Display: 3 LEDs  Shipping and Handling: $1200


As if Making Tutorials Wasn’t Hard Enough!

Most of you probably don’t know how time consuming it is to find commercial programs to use in tutorials that fit the specific criteria you are trying to teach. It takes a LONG time. Let me give you an example.

I am writing a tutorial (one of the future one’s in the Beginning Reverse Engineering series) about dealing with Delphi programs. So you go to Tucows or Download.com and download a bunch of “try it before you buy it” programs, as these will have some sort of restriction on them. In this particular case I downloaded about 60 programs. Half were packed with packers that I just don’t feel like dealing with as it just takes too long (Themida, newer Armadillo etc.) – it’s easier to just find a different program, at least until I get into packing.

Of the 30 remaining programs, 8 are written in .NET, 7 are in VB, 12 are in VC++, 2 are in Delphi, and one is in some obscure format I don’t even want to get into. So that leaves two programs.

I then install the first program, load it in Olly, check it out and see what kind of protections it has. Unfortunately, this one is too easy (a single patch and it’s registered.)

I finally load the last program and run it. It looks pretty good. It has a time trial which is what I am talking about in the tutorial. I then do the various things you have to do to see the difficulty (are there strings? intermodular calls? Is it too easy?) I find that this program has everything I need. I then go to the registration screen and it asks for a username and serial. I enter the usual gobbledygook and the registration window closes. Hmmm. Maybe that’s a good thing. Maybe it doesn’t display when you got an incorrect serial, which means that it will be harder to crack. This could be a good teaching thing. So I restart the app and start looking around a little and then discover that the “UNREGISTERED!” text is not on the main window anymore. I then go into the registration screen and it says I’m registered. What!? I un-install the program, thinking for the first time in history, R4andom as a username and 1212121212 as a serial actually worked! I then enter a compeletly different name and serial and the app registers again! After some investigation, I discovered that the moron who programmed it didn’t bother doing any checks for if the username and serial were correct, only that one was entered!!!!

I have to tell you I was mad and almost emailed the author, but then I realized, what would I say? “You’re piece of crap registry scheme doesn’t work. Can you please fix it so I can write a tutorial on how to bypass it?”

It just goes to show you what will inevitably be on my tombstone: “No good dead goes unpunished”.

 

-R4ndom


R4ndom’s Tutorial #13: Cracking a Real Program

Introduction

In this tutorial we are going to take off the training wheels and crack a real program. This program has a time restriction, and after this time, it will not work anymore. We are going to patch it to think it is registered. The target is included in this download (I am not stating the name of the program as the purpose of this tutorial is not to get a ‘cracked’ program but to learn how to do it.) Like all commercial programs, if you plan on using them, you really should consider buying it. People put a great deal of time into apps and they deserve to be compensated. In an attempt to not make this series about ‘getting cracked software’, I tried to get a program that no one would really want, so I downloaded this app, which had the least amount of downloads last week on Download.com. To be totally honest, after cracking the program in this tutorial, I liked it so much I paid for the registration and now use the app legitimately. Just goes to show you you can’t judge an app by it’s downloads.

You can download the files and PDF version of this tutorial on the tutorials page.

Well, on with the show…

(continue reading…)


Winner of the tutorial #13 challenge

It appears we have a winner for the tutorial #13 challenge. nwokiller has submitted a working crack. It is almost the exact one performed in the tutorial. For his devotion, nwokiller will receive a brand new iPhome*. Congratulations nwokiller!!

 

* Please do not get the iPhome** confused with the iPhone from Apple. The iPhome is a piece of the foam that protects an iPhone.

** The iPhome is only available for a limited time. Unfortunately, that time has ended.

1 Comment more...

Copyright © 1996-2010 The Legend Of Random. All rights reserved.
Jarrah theme by Templates Next | Powered by WordPress