Skip to main content

Hacking C codes.The Dark Art of Reverse Engineering Part 1

Hacking C codes.
The Dark Art of Reverse Engineering Part 1: Decompile


You may or may not have used some sort of cracks ,keygens ,patches etc at some  point in your life. Have you ever thought how they are developed ? . Today in this tutorial I am going to demonstrate you the "dark art of reverse engineering"

Now before I begin I must say that Reverse Engineering is really a tough , tedious job. It requires huge amount of time.To learn reverse engineering one must show enough dedication and patience.The tutorial that I am going to demonstrate took about a hell lot of time to disassemble ,decompile and interpret the outputs.

okay so lets begin..

Caution:
This tutorial should be used for educational purpose only. I won't be responsible if you misuse this techniques and get yourself in trouble.Reverse Engineering  any software without the permission of owner's permission is treated as an illegal activity.
The software which I will be hacking as a part of the demo is developed by me.

Tools Required
  • Any Linux Distro
  • Any C executable file
  • RecStudio
Prerequisites 
  • Knowledge of C programming
  • Knowledge of ASM(not Required for this tutorial but will be helpful for Part II onward )
So the scenario goes like this.

A game developer Mr Coder has developed a game.To make sure that there is no software piracy he decides to develop it in such a way that the serial key is asked every time someone starts the game.So this is the piece of code he wrote



To make sure his code works Mr Coder runs a check and tests the output




Now he is pleased that none can have a pirated copy. So Mr Coder starts selling the hello.o file along with the serial and at the same time he keeps his source code away so that no one can read the source code.


 Somehow a cracker called Mr Cracker got the hello.o file but neither he has the serial nor he is willing to buy the game.So what to do ??? Mr Cracker decides to hack the game instead .


So he fires the RecStudio and opens the hello.o file with it . Here it how the hello.o file looks after its loaded in RecStudio



This is the ASM version of the code which is just disassembled from the executable hello.o file.


Now he finds the various segments in the Project Tab to find the equivalent decompiled code.

Now Mr Cracker goes on checking each and every decompiled code. Suddenly he encounters the main function and checking the decompiled code he found something interesting  ;) .





If we have a look at the highlighted code we find that the error message  "Not a valid serial .." is displayed when the values of _v8 and _v12 does not match. He found from above that the value of _v8 is 1234 which is compared with certain variable and the error message is generated when the results does not match.So this could be the serial.


So he enters the value 1234 when he is asked for the serial and he gets access to the game. Congos !!!


In the next tutorial I will explain you how the ASM codes can be used to perform the same operation.And in later tutorials I will explain how to make the crack for this game.

                                                    Thank You

Popular posts from this blog

KringleCon : Sans Holiday Hack 2018 Writeup

SANS HOLIDAY HACK 2018 Writeup , KRINGLECON The objectives  Orientation Challenge  Directory Browsing  de Bruijn Sequences  Data Repo Analysis  AD Privilege Discovery  Badge Manipulation  HR Incident Response  Network Traffic Forensics  Ransomware Recovery  Who Is Behind It All? First I go to Bushy Evergreen and try to solve the terminal challenge . Solving it is fairly easy , Escape_Key followed by  ":q" without quotes After this we move to the kiosk and solve the questions The question were based on the themes of previous Holiday Hack Challenges. Once we answer it correctly we get the flag. For this I visited Minty Candycane and I tried to solve the terminal challenge.  The application has command injection vulnerability , so injecting a system command with the server ip allows execution of the command. So first I perform an `ls` operation to list of the directory contents , followed by a cat of t

Linux Privilege Escalation : SUID Binaries

After my OSCP Lab days are over I decided to do a little research and learn more on Privilege Escalation as it is my weak area.So over some series of blog post I am going to share with you some information of what I have learnt so far. The methods mentioned over here are not my own. This is something what I have learnt by reading articles, blogs and solving CTFs SUID - Set User ID The binaries which has suid enabled, runs with elevated privileges. Suppose you are logged in as non root user, but this suid bit enabled binaries can run with root privileges. How does a SUID Bit enable binary looks like ? -r- s r-x---  1 hack-me-bak-cracked hack-me-bak         7160 Aug 11  2015 bak How to find all the SUID enabled binaries ? hack-me-bak2@challenge02:~$ find / -perm -u=s 2>/dev/null /bin/su /bin/fusermount /bin/umount /usr/lib/openssh/ssh-keysign /usr/lib/eject/dmcrypt-get-device /usr/lib/dbus-1.0/dbus-daemon-launch-helper /usr/bin/gpasswd /usr/bin/newgrp /usr/bin

Bluetooth Low Energy : Build, Recon,Enumerate and Attack !

Introduction In this post I will try to share some information on bluetooth low energy protocol. Bluetooth Low Energy ( BLE ) is Bluetooth 4.0.It has been widely used in creating "smart" devices like bulbs that can be controlled by mobile apps, or electrical switches that can be controlled by mobile apps. The terms Low Energy refers to multiple distinctive features that is operating on low power and lower data transfer. Code BLE Internals and Working The next thing what we need to know is a profile. Now every bluetooth device can be categorized based on certain specification which makes it easy. Here we will take a close look into two profiles of Bluetooth which is specifically designed for BLE. Generic Access Profile (GAP) - This profiles describes how two BLE devices defines discovery and establishment of connection with each other. There are two types of data payload that can be used. The Advertising Data Payload and Scan Response Payload . The GAP uses br