What You Need
Nov 23, 2019 It will clear all the registry files which say this application was installed in so and so time and date. Using warez version, crack, warez passwords, patches, serial numbers, registration codes, key generator, pirate key, keymaker or keygen for OllyDbg 2. How To Crack A Software Using Ollydbg 2017 Latest Is up to date. Now that you have a cracked the registration protection of this software, launch the software and type any serial number. This should work like charm! Conclusion: This reversing tutorial demonstrates basic reverse engineering concepts using OllyDbg on how to find.
A Windows machine, real or virtual. I used a Windows Server 2008 virtual machine.Purpose
To modify a Windows EXE file and save an altered version.This gives you practice with very simple features of theOllydbg debugger.Get putty.exe
If you are using the machine handed outby your instructor, putty.exe is inthe Downloads folder.If you are using some other machine,get it here:
Verifying the SHA256 Hash
Run Hashcalc on putty.exe andconfirm that the SHA256 value matchesthe value shown below.Running Putty
Double-click putty.exe. PuTTY opens, as shown below.If PuTTY won't start, right-click it, click Properties,and click Unblock.
In the 'Host Name (or IP address)' box, type
ad.samsclass.info
At the bottom, click the Open button.A black box opens, and shows a 'login as:'prompt, as shown below.
You could connect to a server at this point,but that's not the point of this project.We will alter this program to do other thingsinstead of printing 'login as'.
Close the Putty window.
Starting Ollydbg
Click Start. Search for Ollydbgand start it.In Ollydbg, from the menu bar, clickFile, Open. Navigate toputty.exe and open it.
Ollydbg opens, as shown below. If yourscreen doesn't look like this, clickView, CPU and maximize theCPU window.
Ollydbg shows you a lot of data,but for now just notice theAssembly Code in the topleft pane, and the Pausedmessage in the lower right.
When you load a program into Ollydbg,it starts in a 'Paused' state,with the Assembly Code window showingthe first instruction.
Running Putty in Ollydbg
In Ollydbg, from the menu bar,click Debug, Run.A Putty window opens,but it's behind the Olly window.At the bottom of the screen,in the taskbar, click the'PuTTY Configuration'button to bring the PuTTY windowto the front,as shown below.
Click in the Putty window.In the 'Host Name (or IP address)' box, type
ad.samsclass.info
At the bottom, click the Open button.The 'login as' message appears,as shown below.Putty is running, but it's under the controlof Ollydbg, so we can modify its execution.
Finding the 'login as' Code
Close the Putty window. A boxasks 'Are you sure...' ClickOK.In Ollydbg, from the menu bar,click Debug, Restart.
In Ollydbg, in the 'Assembly Code'pane, right-click. Point to'Search for'. Click'All referenced text strings',as shown below.
A'Text strings referenced in putty:.text'window opens, showing all thestrings in the program.
To make this text easier to read,right-click, point toAppearance,Font, and click'OEM Fixed Font'.
Right-clickin that window, and click'Search for text',as shown below.
In the 'Enter text to search for' box,type
login as
as shown below. Check the'Entire scope' box.Click OK.
Ollydbg finds the ASCII string 'login as',and the instruction that uses it,as shown below. This instructionis at address 00417053.
Right-click again, and click'Search next'.
Ollydbg finds another line of codethat uses this string,as shown below. This instructionis at address 0041CB6E.
Right-click again, and click'Search next'.
A message appears at the bottom of thewindow saying 'Item not found'.There are only two commands in theprogram that use this string.
Using Breakpoints
We'll set breakpoints at those instructionsto see which one is used when logging into an SSH server.In the 'Text strings referenced in putty:.text'window,right-click again, and click'Search text'. In the'Enter text to search for' box,click OK.
The instruction at 00417053 appears again.Right-click this instruction andclick 'Toggle breakpoint',as shown below.
The address turns red,as shown below, to indicate thatthere's a breakpoint here.
Right-click again, and click'Search next'. The instructionat address 0041CB6E appears.Right-click it andclick 'Toggle breakpoint'.
The address turns red,as shown below.
In Ollydbg, from the menu bar,click Debug, Restart.
A box pops up warning you that'Process 'putty' is active'.Click Yes.
In Ollydbg, from the menu bar,click Debug, Run.
A Putty window opens. Bring it to thefront, as shown below.
Click in the Putty window.In the 'Host Name (or IP address)' box, type
ad.samsclass.info
At the bottom, click the Open button.A black window opens and closesquickly, and the programstops,as shown below.
The program stopped at instruction0041CB6E, as shown in the image above.
We'll use this instruction to hijack theprogram's execution.
Removing the Breakpoints
We don't need the breakpoints any more,so we'll remove them.In Ollydbg, from the menu bar,click View, Breakpoints.
A 'Breakpoints' window opens, showingtwo breakpoints.
Right-click the first breakpoint and clickRemove, as shown below.
Repeat the process to removethe other breakpoint. Close the'Breakpoints' window.
Removing One Letter From the Message
In Ollydbg, in the CPU window, in theAssembly Code pane, right-click theinstruction at address 0041CB6Eand click Assemble,as shown below.An 'Assemble at 0041CB6E' box appears,as shown below.
This shows the command at this location. It'sa PUSH instruction, placing the address467C7C onto the stack. That addresspoints to the letter 'l' in the ASCII string'login as: ', as shown on the right sideof the instruction line, outlined in greenin the image below.
In the 'Assemble at 0041CB6E' box, changethe last character to D,as shown below. This will move thepointer from the 'l' to the 'o' in thestring 'login as: '.
Click the Assemble button.
Click the Cancel button.
The message on the right now says'ogin as: ',as shown below.
Running the Modified Program
In Ollydbg, from the menu bar,click Debug, Run.The black login window appears,with the message 'ogin as: ',as shown below.
When I did it, an error box alsopopped up saying 'Server unexpectedlyclosed network connection'. If that happens,just close the error box.
Saving the Modified .text Section
We have now changed an assembly languageinstruction; all executable code isin the .text section of the file.In Ollydbg, in the top left pane of theCPU window, right-click, point to'Copy to Executable',and click 'All modifications',as shown below.
A 'Copy selection to executable file' boxpops up, as shown below.Click the 'Copy all'button.
A new window pops up, with a title ending in'putty.exe', as shown below.
Right-click in the new window and click'Save file'.
Save the file as puttymod.exe.
Running the Modified EXE
Close Ollydbg.Double-click puttymod.exe.
In the 'Host Name (or IP address)' box, type
ad.samsclass.info
At the bottom, click the Open button.A black box opens, and shows a 'ogin as:'prompt, as shown below.
Modifying the puttymod File
Open Ollydbg and load the puttymod.exefile.In the top left pane of the CPU window,right-click, point to'Go to', and clickExpression,as shown below.
In the 'Enter expression to follow' box,enter
41CB6Eas shown below. Click OK.
Changing the Login Message
In the top left pane of the CPU window,right-click 00467C7D,as shown below. Point to'Follow in Dump' andclick 'Immediate constant'.The Hex Dump pane, inthe lower left, shows the text'ogin as: ',as shown below.
In the Hex Dump pane,highlight 'ogin as:',as shown below. Right-click thehighlighted text.Point to Binary.Click Edit.
An 'Edit data at 00467C7D' boxopens,as shown below.
Click in the ASCII field, press Backspaceto move back to the start, andoverwrite the message with this text,as shown below:
BADNESS
Click OK.The modified text appears in redletters in the Dump,as shown below.
Saving the Modified ASCII Text
In Ollydbg, in the lower left 'Dump' pane of theCPU window, right-click and click'Copy to executable file',as shown below.A boxwith a long title ending in'puttymod.exe'appears showing the modifiedfile, as shown below. Click theX in the top right of thatbox to close it.
A 'File changed' box appears, asshown below. Click Yes.
A 'Copy selection to executable file' boxpops up. Click the 'Copy all'button.
A new window pops up, with a title ending in'putty.exe', as shown below.
Right-click in the new window and click'Save file'.
Save the file as 'puttymod2.exe'.
Running the Modified EXE
Close Ollydbg.Double-click puttymod2.exe.
In the 'Host Name (or IP address)' box, type
ad.samsclass.info
At the bottom, click the Open button.A black box opens, and shows a'BADNESS:'prompt, as shown below.
Calculating the Hash (20 pts)
Calculate the CRC32 hash puttymod2.exeUse the formbelow toget your points.
Sources
Backdooring PE Files - Part 1Art of Anti Detection 2 – PE Backdoor Manufacturing
https://github.com/EgeBalci/Cminer
https://en.wikipedia.org/wiki/Code_cave
http://stackoverflow.com/questions/787100/what-is-a-code-cave-and-is-there-any-legitimate-use-for-one
The Beginners Guide to Codecaves
Reversing with Ollydbg debugger
Ollydbg 'Copy all modifications to executable' doesn't copy all modificationsRevised 1-7-19
Is article mai hum apko CrackSoftware ke bare mai bata rahe hai. Apne bhi kabhi na kabhi jarur search kiya hoga. How to crack Software. Yaha hum apko isi ke bare mai bata rahe hai.
Aisa nahi hai ki OllyDbg ki help se kisi bhi software ko aap Crack kar sakte hai. Lekin aap apne daily routine software ko crack kar sakte hai. Jaise IDM , Vmware, Poweriso.
Lekin aisa nahi hai ki har koi easily inhe crack kar sakta hai. Software Crack karne ke liye bhi apko achi Knowledge honi chahiye. Kyoki yaha Reverse Engineering ka use kiya jata hai.
Hum yaha sabhi Software ko crack karke nahi bata sakte hai. Lekin hum apko example jarur de rahe hai. Hackers kis tarah se Software crack karte hai. Yeh educational purpose ke liye hai.
Aisa nahi hai ki Online softwares ko crack nahi kiya ja sakta hai unhe bhi kar sakte hai. Lekin uska method alag hota hai veh apko age bata diya jayga.
Yaha aap apne liye apne daily routine mai use hone vale Software ko OllyDbg ki help se crack kar sakte hai or unhe use kar sakte hai.
Note- This Article is only for educational purpose. Don’t miss use your Knowledge and skills.
Also Read
What is OllyDbg and How to use ?
OllyDbg ek software hai jiski help se Hackers Software ko crack kar sakte hai. Yeh ek bahut purana or sabse jada use hone vala Software hai.
OllyDbg ka use karke Hackers kisi bhi Software ke andar ki files ko dekh sakte hai. Files ko reverse karke unhe Crack kiya ja sakta hai.
Yaha Software ko reverse Engineering kiya jata hai. OllyDbg ka use apko first time karne par samjh mai nhi ata hai. Yeh sab apki practice par depend karta hai.
Use Ollydbg To Crack Software Codes List
Aisa nahi hai ki OllyDbg ki help se hackers kisi bhi Software ko crack kar sakte hai. Lekin apne daily routine vale software jaise IDM, Vmware, Power iso jaise Software ko crack kiya ja sakta hai.
Yeh software Kali Linux mai apko pahle se hi install mil jata hai. Windows ke liye aap ise install kar sakte hai. Jaise normally kisi software ko install kiya jata hai. Yeh Software kuch is tarah hai.
Yaha OllyDbg ka use karne ke liye apko assembly agar ati hai tab aap iska use ache se kar sakte hai. Agar apko Programming ki knowledge nahi hai tab thoda bahut aap kar sakte hai.
Aisa isliye kiya jata hai Kyoki jab hum internet se kisi Software ka Crack download karte hai tab jadatar unme Payload, Trojan ya kisi tarah ka Ransomware bhi bind kiya hota hai.
Yaha aap Ollydbg par kisi Software ko run karte hai. Apko uski files show hoti hai. Yaha apko bahut sare words milte hai. Jaise cmp, jmp, je, jne, mov,push,call,lea.
Yaha sabhi ka alag matlab hota hai. Jaise cmp Compare, jmp jump, call kisi tarah ki value ko call karna, mov move ke liye aise hi sabhi ka alag meaning hota hai.
How to Crack Software practical ?
Yaha hum Power ISO par bata rahe hai. Sabse pahle aap Power ISO ko Download karke Install karle. Uske baad Register karne ki try karna apko error mil jayegi. Kuch is tarah.
Image Removed for Security Reasons
Yaha aap dekh sakte hai yaha Key humare pass nahi hai. Hum yaha isi ko bypass karke bata rahe hai. Yeh ek string hai isi ko hum jump kar denge OllyDbg ki help se.
Sabse pahle aap Power Iso par Right Click karke use Debug with dbg par click karke open karlen. Yeh kuch is tarah se open ho jayga.
Yaha apko Right Click karke search for option mai jakar all Modules mai jakar strings references mai jana hoga. Vaha apko software ke ander ki files show ho jayegi. kuch is tarah.
Yaha apko Software Crack karne ke liye Thoda sa wait karna hoga. Aap Search mai veh message ko search karege. Jo error message hume mila tha. Kuch is tarah.
Yaha apko inme se veh file ko found karna hoga. Aap file par double click karte hai tab apko show hoga. Apko ek file kuch is tarah yaha le jayegi. Jaha se aap Software Crack kar sakte hai.
Apko yaha jne par double click karke jmp likhna hoga. Ise hoga yeh. Jab yeh software work karega tab yeh reverse nahi jayga bypass ho jayga.
Aisa karne ke baad apka kaam ho jayga. Yeh ek method hai kabhi kabhi kisi Software ko crack karne mai kafi time lag jata hai. Apko ctrl+p karke patchfile bnani hogi.
Patch file ko create karne ke baad jab us Patch file ko run karte hai tab vaha Aap register karne ke liye kuch bhi likh sakte hai . Yeh file apko exe format mai save karni hogi.Error message bypass ho jayga.
Image Removed for security Reasons
Ollydbg 2.01
The Conclusion
Main umeed karta hu ki apko Software Crack ke bare mai pata chal gaya hoga. Aisa nahi hai aap ollydbg ki help se kisi bhi software ko crack kar sakte hai.
Ollydbg ki help se kabhi kabhi kisi chote se software ko crack karne mai bhi kafi time lag jata hai. Yeh sab karne ke liye apko kuch basic knowledge to honi chahiye.
Agar apko assembly programming language ati hai tab aap OllyDbg ko easily samjh sakte hai. Software Crack bhi kar sakte hai. Yaha main work hota hai.
Kisi bhi Software ke Register ke part ko bypass karna. Jaise humne abhi kiya yeh to ek simple sa method hai. Aap iska use jaise jaise karte hai. Apko khud iske bare mai pata chal jayga.
Yeh sab apki practice par depend karta hai. Jis tarah Website Hacking hoti hai aise hi Software Cracking bhi hoti hai. Aap jitni inki practice karte hai apko utni knowledge hogi.
Aisa nahi hai ki yeh karne ke liye OllyDbg hi ek software hota hai. Aise bahut sare softwares hai jinka use karke Software Crack kiya ja sakta hai.
Agar apka kisi bhi tarah ka koi question hai aap comment mai puch sakte hai. Humari taraf se apki puri help ki jayegi. Apko humare articles pasand a rahe hai tab inhe share jarur karen.
Sharing is Caring
Thankyou