Welcome to the first of (I hope) many cracking tutorials of mine.
We are targeting a really simple method and goal this time, but be sure that there will be something more complex next time :)
-----------------------------------------------------------------------------------------------
Tools :- http://hack2wwworld.blogspot.com/2014/06/collection-basics-of-dotnet-reversing.html
Crack Me Stage 1 :- https://mega.co.nz/#!QRQzRIxL!ew3X-wkBgTWR0vsuYAQlEZfHaaMc4lguZOHpoCat3w0
--------------=========------------------------====------------------=============------------
1. Download our target. This time we will be using a little program I wrote, keeping it as simple as possible.
2. We start the crackme and analyze it. This is one very important fact not to underestimate. We type in a random username and password and take note of what shows up.
3. We now open the file in Simple Assembly Explorer. There are many different programs to choose from. I took SAE because it was the first one on my Desktop.
4. The easiest, more accurate and most of the times working method to find the exact place (method) where our check is, is probably string searching. Remember that error message we got? Lets use it. Type it in the search textbox at the top, choose "String" and click "Next".
5. We get pointed to the method and see the code in MSIL. This is the language DotNET gets converted to (VB.NET / C# -> MSIL). It is very important to learn it, since you cannot edit the source directly. This, however, takes time. Lets try to patch everything with common logic now. Reading around the source we easily notice the "goodboy" and "badboy" messages.
We are targeting a really simple method and goal this time, but be sure that there will be something more complex next time :)
-----------------------------------------------------------------------------------------------
Tools :- http://hack2wwworld.blogspot.com/2014/06/collection-basics-of-dotnet-reversing.html
Crack Me Stage 1 :- https://mega.co.nz/#!QRQzRIxL!ew3X-wkBgTWR0vsuYAQlEZfHaaMc4lguZOHpoCat3w0
Source SS:
Spoiler
--------------=========------------------------====------------------=============------------
1. Download our target. This time we will be using a little program I wrote, keeping it as simple as possible.
2. We start the crackme and analyze it. This is one very important fact not to underestimate. We type in a random username and password and take note of what shows up.
3. We now open the file in Simple Assembly Explorer. There are many different programs to choose from. I took SAE because it was the first one on my Desktop.
4. The easiest, more accurate and most of the times working method to find the exact place (method) where our check is, is probably string searching. Remember that error message we got? Lets use it. Type it in the search textbox at the top, choose "String" and click "Next".
5. We get pointed to the method and see the code in MSIL. This is the language DotNET gets converted to (VB.NET / C# -> MSIL). It is very important to learn it, since you cannot edit the source directly. This, however, takes time. Lets try to patch everything with common logic now. Reading around the source we easily notice the "goodboy" and "badboy" messages.
6. A little hint now: br stands for jump, brtrue stands for jump if true and brfalse stands for jump if false. Also, ldstr is string. Using this information, we can hopefully acknowledge what we must do. First of all we can see two strings, guess what they are:
We can also see that by invert "jump if true" to "jump if false" (brfalse) we will always see the success message if our username/password are incorrect.
To "invert" this opcode, you right-click it and press "Edit".
You can now rename the brtrue.s to brfalse.s (We will talk about what .s means later).
7. 
the changes to a new executable and test it.
the changes to a new executable and test it.
--------------=========------------------------====------------------=============------------
Hope you learned something this time, and if so, see you soon!
0 Comments:
Post a Comment