Seculabs eBook - Cracking & Patching - Reverse Engineering

7/29/2019 Seculabs eBook - Cracking & Patching - Reverse Engineering

http://slidepdf.com/reader/full/seculabs-ebook-cracking-patching-reverse-engineering 1/25



SECUGENIUS SECURITY SOLUTIONS

--------------------------------------------------------------------------------------

(A UNIT OF HARKSH TECHNOLOGIES PVT. LTD)

Company Profile:

Secugenius Security Solutions is a Student Entrepreneurial Company started by 2 Social Student

Entrepreneurs in 2010 with an aim to make our country Cyber Crime Free. We at SECUGENIUS

are headquartered at Ludhiana, the Manchester of Punjab. The main activities of Secugenius

Security Solutions are providing training in Information Security and various professional courses.

Secugenius Security Solutions is an organization which believes in inventing and implementing newideas to influence the technological minds of the youngsters

Looking at the number of Cyber Crimes since last many years, We at Secugenius Security

Solutions provides training on Ethical hacking & Cyber Security to students, IT Professionals, Bank

Employees, Police officials.

Secugenius conducts workshops in all parts of the country in various Colleges/institutions for the

benefit of the students & making them aware of the latest trends in technological era of the

Computer age. We believe in spreading knowledge to all the youngsters & growing minds of the

nation so that they could serve the nation with perfect skill-sets in the field of Cyber Crime

Investigation & Forensic Sciences

Secugenius provides various security solutions to its clients by securing their websites from cyber

attacks. We provide training to college students, graduates and professionals in various fields.

Education is delivered to students through two modes i.e. Regular mode and Distance mode which

are available as short term and long term courses.

In the workshops conducted by Secugenius, participants can claim to be trained by the highly

experienced & skilled corporate trainers from different parts of the nation. We believe in making

the base of students to be as strong as possible. All the modules have been designed in order to

provide students with specialized knowledge by specialized trainers.

This library was furnished, managed and funded by the Founders and Directors of Secugenius

Er. Harpreet Khattar & Er. Kshitij Adhlakha. The overall resource person for the content of

the series of this Digital Library is Er. Chetan Soni - Sr. Security Specialist, Secugenius Security

Solutions.

This Online Digital Library has been initiated as a free resource & permanent

resource on specialization basis for every student of Team Secugenius.



Cracking & Patching – Reverse Engineering

Product ID No: SG/ODL/13004

Founder & Director: Harpreet Khattar & Kshitij Adhlakha

Resource Person: Chetan Soni

Secugenius Security Solutions

SCO-13A, Model Town Extn, Near Krishna Mandir,

Ludhiana-141002, Punjab – India

[email protected], [email protected]

www.secugenius.com , www.seculabs.in

mailto:[email protected]





http://www.secugenius.com/

http://www.seculabs.in/




http://www.secugenius.com/





Cracking & PatchingFirst of all what is cracking and what is patching ?

Cracking is the modification of software to remove or disablefeatures Of Limited Restrictions. Cracking is a fancy name for

basically guessing a password or Crack Email Accounts, etc.....

Patching is the technique which fixes the Program Bugs. A patch is a

piece of software designed to fix problems.

The Tools Required:

1. De-assembler (I Preferred [Hackers Disassembler] and [Hview])2. Resource Hacker 3. A patch Creator (Use [Universal Patch Creator] or [Code fusion])4. Winrar

First of all Download these tools from Google and Install Winrar.

Now make two Folders on Desktop named as Cracked and Original.

Now Copy winrar.exe (From Program Files) and Paste in both Folders

i.e. Cracked and Original.



Now Open Hackers Disassembler Software.

Open Winrar.exe from Cracked Folder in Hackers Disassembler Software.

The Disassembler will disassemble the executable in assembly code.



Now you need to search for strings that are used in Winrar program.



Press Ctrl + F and type “evaluation” without quotes and search in theassembly code.



Reach this block of code using search function

After you have reached this block of code by searching, just look atthe block of code above it.There you will find that some assembly values are being comparedand then code is jumped to some other function.



Now see carefully, the “evaluat ion cop y ” function must be invokedafter some specific condition is met.

Now Note the Memory Address (00444B71)

In the above code you can see this code -

00444B6A: 803DF4B84B0000 cmp byte ptr [004BB8F4], 00

00444B71: 0F859B000000 JNE 00444C12

Note: For any Winrar version, this code and memory address mightbe different, but the JNE will be same.Now you need to search for the code that brings that ugly screen“Please pu rchase Winrar l icense ” after your trial period of 40 days isover.



For this, look over your toolbar and click on “D” which stands for looking for Dialog references.Hit the D in toolbar

Now in the dialog box that opens, search for “purchase” and you willget the reference as –

It Shows

============================================ID-REMINDER, “Please purchase Winrar license”

============================================



Double click on it and you will reach the subsequent code.Note down the location of REMINDER dialog code.

The code will be something like================================================

* String: “REMINDER”

0048731A: 68EB5E4B00 push 004B5EEB

================================================Just note down this memory address (0048731A)



Now we will be patching up values of memory addresses we notedearlier (00444B71 & 0048731A).It will be dome by using HVIEW.

Now Open Hview.

Open the EXE in it



After you have loaded it, you will see the code is unreadable.

It’s just like opening an EXE file in notepad.

You need to decode it.To do that, just press F4 and you will get an option to decode it.Hit DECODE and you will be able to see code in the form of assemblycode and memory addresses.



After you have done that it will look like something as shown below

Now you need to search for memory addresses you noted downearlier.Just hit F5 and a search box will be there.Now you need to enter the memory address.To do that type .444B71 in place of 00444B71 and Press Enter.

(Leave 00)



It will reach to the Assembled Code

After you have reached the respective code, you need to makechanges to it.

Press F3 and you will be able to edit the code. Now make thefollowing changes -(Replace 85 to 84)



After you have done it, save it by pressing F9.Now search for next memory location by pressing F5 and entering it.

Reach there and make the following changes by pressing F3 –



Make these 5 Changes(Replace 68-90 EB-90 5E-90 4B-90 00-90)

Now save the changes by pressing F9 and exit HVIEW by pressingF10.

You have cracked Winrar :)

Replace the original[Program Files/Winrar/WinRAR.exe]

with this[Desktop/Cracked/winrar.exe]

Now you have a 100% working version of EXE, you might want tochange your registration information in Winrar.

To do this, you can use Resource hacker.



Open Resource Hacker and load the winrar.exe (From Cracked Folder or Original Folder (Better is Cracked Folder)) in it.

Now go to DIALOG –> ABOUTRARDLG -> 1049 and click it.



Now Find Trial copy line and replace it with your favorite one.

Make changes and compile them.And click on Compile Script button.Now save the file with any name on your desktop or any locationwhat so ever.

Now you have a fully patched WinRAR.exe file.



Make a PATCHFor this I Preferred diablo2oo2's Universal Patcher (UPE) for Creatingthe Patch.

Launch Patch Creator and click on new project.



Enter project Information and click on save.



Now Create Offset patchFor this Add -> Offset Patch.



After you have done that, double click on offset patch and then

1. Give path of original winrar.exe (F rom Original Folder)

2. Give path of unmodifi ed Winrar.exe (again From Original Folder)

3. Give path for fully patched Winrar.exe (i.e. Cracked Winrar.exe from

Cracked Folder)

4. Cli ck on compare and i t wil l show difference between both fi les.

5. Click on save.



Now in the next window, click on Create Patch and save it.

The Patch will be created. Now copy it in Winrar installation Directory.And Hit the Patch



Run the patch and it will work.

And Now open any Rar File You will see that Evaluation Copy Goesand this is now made a Fully Cracked Full version Winrar Softwarefor Life Time.

You can crack other software in the same way…just practice, debug

and disassemble and you will get the way.

Date post:	14-Apr-2018
Category:	Documents
Upload:	rifqi-multazam
View:	238 times
Download:	4 times

Seculabs eBook - Cracking & Patching - Reverse Engineering

Documents