| |
| |
| Reversing Tutorial - Cracking Registration of
A-One Video Converter |
| Author:
Rishabh Dangwal |
| |
| |
| |
|
|
|
| |
| |
| |
|
|
| |
| |
|
|
In this reverse engineering tutorial, I will take you through
cracking session of A-One Video to Audio convertor. Here we will go
step by step debugging session of A-one Video to Audio convertor
using OllyDbg to discover & finally zero it down on its registration
protection mechanism.
|
|
|
|
|
|
|
|
|
This tutorial is intended for educational purposes only and the
author or the publisher or this site can not be held liable for any kind
of damages done whatsoever to your machine, or damages caused by some
other,creative application of this tutorial.
In any case you
disagree with the above statement, please stop here. |
| |
| |
| |
|
- A-one Video to Audio convertor (Download from
yaomingsoft.com)
- OllyDBG
- Time & Patience
|
| |
| |
|
| Download & install A-one Video to Audio convertor. Now as you can
see, its a trial version & once you try to register it, it gives an
error <obviously>, & we need to find ways against it. |
| |
 |
| |
| |
|
| Now, to being with, fire up OllyDBG & load the A-one Video to Audio
convertor EXE file in it. |
| |
 |
| |
Now in the main window of Ollydbg and search for text
"Registration code is error" [This is the exact error message
shown when you enter wrong serial number]
To search you can Right
click and select following action as shown in the screenshot below
|
| CPU window -> Search
for -> All Referenced Text Strings |
| |
 |
| |
| Once OllyDbg find it, double click on it & navigate to the memory
address as shown in the screenshot below |
| |
 |
| |
| Now, once you reach the intended memory address, you can navigate a
bit up to see the "register successful" string as shown
below. |
| |
 |
| |
| Navigating a bit above will get a simple logic which calls a
specific function & then the function returns a result which is compared
with EAX register |
| |
CMP EAX,1
& then jumps to 407A0F
JNZ SHORT 00407A0F |
| |
| which is exactly the "registration failed" condition
[refer to screenshot above]. |
| |
The whole scenario means that if value of EAX is anything less than
or grater than one, the program will be a trial version & will not
accept any invalid serial key.
Now you can put a break point
above the function call by pressing F2 & run the program. Then enter the
serial again, the program will break here & we can then navigate inside
the function by pressing F7 |
| |
 |
| |
You will get into function code. Add the breakpoint there by
pressing F2 & restart the program again by pressing Ctrl + F9
Run
it again & you will find that it will break it at 00406B40 (where you
had put the last breakpoint)
Next we will execute code step by
step by pressing F8. After bit of tracing we arrive at following
instructions [refer to screenshot below] |
| |
JNZ
Video2Au.00406C4A
which jumps below to
POP EDI |
| |
 |
| |
| and further down we find that the value of EAX is XORed to 0 as
shown below. |
| |
 |
| |
| So in order to insert a precise value into EAX, we will modify the
assembly instructions as shown below [You can just double click on the
instruction to modify it] |
| |
XOR EAX,EAX
& changing it to
MOV AL,1 |
| |
 |
| |
| This new instruction will set the accumulator's value to 1 because |
| |
EAX - 32 Bit reg
<extended>
AX - 16 Bit reg pair
AH / AL - 8 Bit regs |
| |
where AL will represent the lower value, & setting it to one will
set the accumulator to a precise value of 1, hence setting value of EAX
to 1, which will lead to program being registered :)
Now once you
have done it, right click the code and perform below action |
| |
| copy to
executable-> selection. |
| |
| In the next window, right click again, save the file. |
| |
 |
| |
| Now that you have a cracked the registration protection of this
software, launch the software and type any serial number. This should
work like charm ! |
| |
| |
| |
| |
This reversing tutorial demonstrates basic
reverse engineering concepts using OllyDbg on how to find out and
break the protection of A-One Video Converter.
Hope
you have enjoyed it doing as much as I did !
|
| |
| |
| |
|
|
|
| |
| |
| |
| |
| |
