In this article, I’ll show you how to crack C++ application which is built into assembly.
To crack an app, you need to know its keyword i.e : “Unregistered”
Run “x32dbg” and open Bigasoft, goto “Symbols” tab, here we’ll see it’s at ntdll.dl. Double click to “videoconverter.exe”
ntdll.dll : is awindow’s dll. When we double click to run the app, it’ll call this dll to start the app
Click “Az” to find all strings, then find keyword “Unregister”
Here we find 3 results, we’ll set breakpoints for all of them by select it and press “F2" then restart the application.
Here it’ll go to the one we talked about “ntdll”, click “Run”
It goes to “Entry point”, click “Run”
It goes to the func() which print “Unregistered”. Here we ‘ll set “Breakpoint 1” for the first line of this func().
Then we’ll restart and run until it reaches “Breakpoint 1”
Here we can press “F8" run to next lines to see what it does
Here we’ll see, it jumps over a block of code
test : is an assembly function which is AND()
AL is a small register belong to EAX, EAX has 32 bit and AL has 8 bit, so AL = 2 last digits of EAX
Here we can see, after the run of “call videoconverter . 45217B”, the value of EAX changed from “0019F948” to “00000000”, which lead to the value of AL = 00 so “test al,al” = “and(0,0)” = 0, then the “ZE” (zero)flag is set to 1. Then the “je” will jump over the block of code.
We’ll add new 2 breakpoints here then restart the program.
Then it’ll stop at “Breakpoint 2”, here we can see the EAX value = “0019F948”, we’ll press “F7” to go inside this func to see which changes the data of EAX.
Here we go inside this func(), we’ll press F8 to run to next tines to see which line change value of EAX
Here we can see that after the run of “call dword ptr…”, the value of EAX becomes 0, so’ll add breakpoint here, and restart.
Then it’ll run and stiop at “Breakpoint 3”, here we’ll again press “F7” to go inside this func() and press “F8” to run to next lines to see which changes value of EAX to 0 then again set new breakpoints.
Here, we can see there are “jne” conditions which all go to line “xor eax, eax”
Here we’ll select the line “xor eax, eax”, then press “space” to harcode value of AL alsway = 1
Then again and again, the same and the same, we’ll find all places changes value of AL and force it = 1, then run until the program get started
Here we don’t see “Unregistered” anymore which mean we hacked succesfully. We’ll patch this file by right-click and select “Patches”
Then close “x32dbg” and copy “cracked.exe” into folder of Bigasoft
Now, we’re done, for using, you can run “cracked.exe”
Reference:
