REVERSE ENGINEERING WITH OLLY DEBUGGER IN CHEETAH DVD BURNER.
We are going to use application patching technique to Retrieve the key which is already Residing inside the Package, but how it went inside? Developers embedded it with the package to validate the user when user enters the key after installation. Every Source code is defined in two things LOC(Line of Codes) & BLOCKS-Division of codes. Here we are going to work in Assembly level Language (Debugger)
An Hacker can bypass 1) Algorithm 2) Key or sometimes both.
Two types of Reverse engineering is there: 1) Algorithm reversing 2) File manipulation.
In this Blog we are going to do Algorithm reversing with Cheetah DVD Burner, Let’s Dive in
REQUIREMENTS: Cheetah DVD Burner, Olly Debugger. We will be working in any Windows OS 7,8,10.
STEP 1: DOWNLOAD AND INSTALL DVD BURNER, AND OLLY DEBUGGER(NO NEED TO INSTALL; “EXTRACTION”)
STEP 2: Launch cheetah DVD burner after the installation, it will prompt for the key, Give any key and click Register, You will get an Error Message like this below.
STEP 3: Just copy the error information by selecting the box and using CTRL + C then paste it in a note pad file.
STEP 4: Now Don’t close the DVD burner open OLLY Debugger (Run as Administrator) always.
STEP 5: Click File–>Attach–>Select Cheetah DVD burner file
STEP 6: View–>Executable Modules–>Choose Your file(Cheetah)–>Enter.
STEP 7: At the right bottom condition will be “Paused”, Click the play button and look for the “Running” status. NOTE:Click Play only once.
STEP 8: Right click on the instruction screen –> Search for –>All referenced text strings. A new window will open like below
STEP 9: Right click –> search for –> “ERROR INFO” (We copied from Cheetah burner) , Error Message found.
STEP 10: Now scroll and find the Keys, Successful Info messages (It will be above and below to the Error Message). then Right click on the Successfully Registered one–>Copy to clipboard–>Whole line, then paste it in Notepad. Do the same for Error Message also. NOTE DOWN THE ADDRESS.
STEP 11: In the mean time of inspection you can able to find the “Master Key” also we can use that also, we can bypass algorithm also. Here the key is “AB2w3-zxp98-5t6y7U6” found in there.
STEP 12: Double click on the Error message will take you to the new screen(Module thread), Hit space button in the error message and change the details as like this “JMP 005826C7” check for NOP’s (It will skip the steps in compiling as No Operations). NOTE: Click on Assemble ONCE.
STEP 13: Then right click on Instruction screen–>Copy to executable–>All modification–>Copy all, In the new tab right click–>save file–> save the file in the path you want with new name, then we can use it.
STEP 14: We can give the Master Key also, or any other key also it will skip the validation and it will jump to the successful Register Address.
In my Device I don’t have CD/DVD drive so it’s Displaying like this.
Developers will be having several Error Messages, and several Successful Messages, we have to find every error and we have to BYPASS it with the successful Address to skip the validation.
Reverse Engineering Helps the Developers to Check for Bugs, and to include some Check Sum to Prevent this kind of activity. Hackers can easily do Reverse Engineering with the Application to use it for Malicious Purposes. Patching of Application can be useful for one who Don’t likes paid Software also! HaHa!,
NOTE: This type of Reverse Engineering will not work on the applications which needs internet connection to Run like Internet Download Manager, because it often checks for the Key online.
We can Try this with lot of standalone software, Lets Learn about File Manipulation Reverse Engineering in another Post.
Any Discussions? Most welcome… : )