| Contents | ||
| Introduction | ||
|
||
| Disclaimer | ||
| This tutorial is intended for educational purposes only and the
author or the publisher or this site can not be held liable for any kind
of damages done whatsoever to your machine, or damages caused by some
other,creative application of this tutorial. In any case you disagree with the above statement, please stop here. |
||
| Requirements | ||
|
||
| Registration Step | ||
| Download & install A-one Video to Audio convertor. Now as you can see, its a trial version & once you try to register it, it gives an error <obviously>, & we need to find ways against it. | ||
 |
||
| Starting Reversing with OllyDbg | ||
| Now, to being with, fire up OllyDBG & load the A-one Video to Audio convertor EXE file in it. | ||
 |
||
| Now in the main window of Ollydbg and search for text
"Registration code is error" [This is the exact error message
shown when you enter wrong serial number] To search you can Right click and select following action as shown in the screenshot below |
||
| CPU window -> Search for -> All Referenced Text Strings | ||
 |
||
| Once OllyDbg find it, double click on it & navigate to the memory address as shown in the screenshot below | ||
 |
||
| Now, once you reach the intended memory address, you can navigate a bit up to see the "register successful" string as shown below. | ||
 |
||
| Navigating a bit above will get a simple logic which calls a specific function & then the function returns a result which is compared with EAX register | ||
| CMP EAX,1 & then jumps to 407A0F JNZ SHORT 00407A0F |
||
| which is exactly the "registration failed" condition [refer to screenshot above]. | ||
| The whole scenario means that if value of EAX is anything less than
or grater than one, the program will be a trial version & will not
accept any invalid serial key. Now you can put a break point above the function call by pressing F2 & run the program. Then enter the serial again, the program will break here & we can then navigate inside the function by pressing F7 |
||
 |
||
| You will get into function code. Add the breakpoint there by
pressing F2 & restart the program again by pressing Ctrl + F9 Run it again & you will find that it will break it at 00406B40 (where you had put the last breakpoint) Next we will execute code step by step by pressing F8. After bit of tracing we arrive at following instructions [refer to screenshot below] |
||
| JNZ
Video2Au.00406C4A which jumps below to POP EDI |
||
 |
||
| and further down we find that the value of EAX is XORed to 0 as shown below. | ||
 |
||
| So in order to insert a precise value into EAX, we will modify the assembly instructions as shown below [You can just double click on the instruction to modify it] | ||
| XOR EAX,EAX & changing it to MOV AL,1 |
||
 |
||
| This new instruction will set the accumulator's value to 1 because | ||
| EAX - 32 Bit reg
<extended> AX - 16 Bit reg pair AH / AL - 8 Bit regs |
||
| where AL will represent the lower value, & setting it to one will
set the accumulator to a precise value of 1, hence setting value of EAX
to 1, which will lead to program being registered :) Now once you have done it, right click the code and perform below action |
||
| copy to executable-> selection. | ||
| In the next window, right click again, save the file. | ||
 |
||
| Now that you have a cracked the registration protection of this software, launch the software and type any serial number. This should work like charm ! | ||
| Conclusion | ||
| This reversing tutorial demonstrates basic
reverse engineering concepts using OllyDbg on how to find out and
break the protection of A-One Video Converter. Hope you have enjoyed it doing as much as I did ! |
Wednesday 29 February 2012
Reversing Tutorial - Cracking Registration of A-One Video Converter
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment