Use Ollydbg To Crack Software Codes

Use ollydbg to crack software codes online
You can see its details in the picture below.
The first thing I usually do in these cases is to check if the executable is compressed or not. Some programs pack some of their codes in order to limit our attempt to statically analyze it. To achieve this purpose we are going to use PeID. In the picture below you can see that the program does not detect any compression “Nothing found *”. If the file were compressed with UPX for example, the program would advise us about it and we could uncompress it with this tool.

Ollydbg shows you a lot of data, but for now just notice the Assembly Code in the top left pane, and the Paused message in the lower right. When you load a program into Ollydbg, it starts in a 'Paused' state, with the Assembly Code window showing the first instruction. Running Putty in Ollydbg In Ollydbg, from the menu bar, click Debug, Run. The problem is that if the code is invalid, the button to submit it is never enabled. Could I use OllyDbg to find what would happen if I were to click the button and then somehow override it? Here's all I know about the program: I do not have access to the source code, nor do I know what language it was written in.

If we click on the “EP Section” bottom, we will see some executable’s details.
We can see the R. Size (Raw Size) “400” and the V.Size (Virtual Size) “350” are similar in “.text” . The .text section contains the instructions that the CPU executes and it should be the only section that includes the code. If some day you detect that the R.Size is “0” and the V.Size is “1000” for example, it would be an indicator that the executable is compressed because in the disk it does not have any size (it is packed) and in the memory it has a size (it is unpacked itself).
Now we have the assurance that the file has not been compressed. This is one of the first steps in a static analysis. We are going to make a dynamic analysis with OllyDbg but I want to know if the developer has made an effort in order to try to hide some code. Notice if the executable is packed then we are not going to be able to read a lot of strings within the file. It is possible I will talk about that in future posts...


The next step would be to run the program by double clicking on the executable. After that, we can see that a MS-DOS window is launched and the program requires us to type the serial number. We type a sentence in order to check the program’s behavior.

We have not figured out the serial number… It seems logical…
Now, we are going to run OllyDbg. It does not need installation, just download it and uncompress it. When OllyDbg is opened, just load the executable clicking on File -> Open.
Now we can see the binary code. Don’t worry, remember this post is focused on beginners. We are going to click on the play button in order to run the executable just loaded in our debugger and check the file behaviour.
The program has started and we can see the firsts strings like “Press ENTER to finish”…
(Please, click on the picture to see the entire details)
But… Something happens… The program doesn’t require us to type the serial number like it occurs when we open the application without using a debugger… It’s really strange… It’s like the program knows about our intentions and it is closed by itself when we try to run it with a debugger tool…
If we reload the file again on OllyDbg, one line of the code draws our attention… The program is calling to the “IsDebuggerPresent” API.
If we seek this API on Microsoft we can see that “This function allows an application to determine whether or not it is being debugged, so that it can modify its behavior”.
Ok, the program is closed when it is open within a debugger. There are many options to avoid being detected by this technique… To achieve this purpose we are going to use the “Hide Debugger 1.2.4” plugin. Just download it and uncompress the DLL in the same OllyDbg’s folder.
It is necessary to restart OllyDbg in order to work with this plugin. If you click on Plugins tab you can see Hide Debugger plugin. You don’t need to do anything else.
We have just installed the plugin to avoid being detected and now, we are going to load and play the executable again. Now the program requires typing the serial number. Great news…

We are going to type a sentence which will be easily recognizable.

If we come back to OllyDbg we can see our sentence in the Arg1.

(Please, click on the picture to see the entire details)
If we continue looking for this sentence through the code we can locate the code below. We can see the String2=”28939387″, the String1=”I’m going to looking for this sentence in OllyDbg now…” and the API call CompareStringA.
We can figure out that the executable is comparing these strings to each other in order for you to check if both have the same value. We can suppose that the string “28939387” is serial number.

Ollydbg Software Crack

(Please, click on the picture to see the entire details)
OllyDbg offers us to copy the value of this line by left clicking on the line we are interested in.
Then, we are going to paste the line’s value to the notepad and then, we are going to copy only the “String2” value: 28939387.
In the end, we just need to try paste the value just copied in our program and… Well!!! We have obtained the serial number of our program!!!
This post could be applied to many of the simple programs which have a keygen integrated but it is needed to have more knowledge if you want to crack more complex programs.

This post is focus on show you some techniques using OllyDbg. It is only a game to get more reversing engineer skills to research malware. Please, don’t contact me to crack programs, it is illegal… I recommend you use to use free software!!!! 😛

Download Ollydbg

Using API Monitor to crack copy protected software

Download Ollydbg 64

This tutorial demonstrates how to use API Monitor to crack copy protected software.

Software cracking is the modification of software to remove or disable features which are considered undesirable by the person cracking the software, usually related to protection methods: copy protection, trial/demo version, serial number, hardware key, date checks, CD check or software annoyances like nag screens and adware – Wikipedia

For this tutorial we will be using Mirial Softphone which is a HD video conferencing application. This tutorial is for educational purposes only, so please do not use this to create or distribute a cracked copy of the software.

When you first install the application, it prompts you for a license file. After installing the license you have 30 days to evaluate the application. The expiration date is displayed on this screen; in our case it is March 15, 2011.

Trial applications usually store license information in either the registry or on the file system. Since this application prompted us for a license file, we know that it uses the file system. Start up the 32-bit version of API Monitor and enable API’s from the File Management category.

Select Hook Process from the File menu to start monitoring the application.

API Monitor will start monitoring and displaying API calls. The application should now display a message indicating that it is an evaluation version. Hit cancel to quit the application.

Now that we have captured the API calls made by the application, we need to find the one that reads the license file. Scan through the calls in the API summary view until you find the right one.

The application is reading from mirial.lic file. The name suggests that it might be a license file, so let’s open it up.

We’ve located the license file and it has the expiration date in it.

Modify the expiration date in the license file to 2012-03-15 and save the file. Now launch the application again. The application should now display an error indicating that the license is invalid. Hit cancel to quit the application.

Our next step is to start debugging the application right after it has read the license file. From Step 3, we know that the application uses CreateFileA to open the file and ReadFile to read the file. Setup a Breakpoint on CreateFileA and launch the application in API Monitor. The breakpoint will be hit multiple times; continue until you reach the one that opens the license file.

Switch back to API Monitor and enable a post-call breakpoint on the ReadFile API and disable the CreateFileA breakpoint. Now hit Continue to let the application run. API Monitor should now display the ReadFile breakpoint.

Now hit the Break button to have API Monitor generate a breakpoint in the application. You should now be able to attach to the application using a debugger.

Your debugger should now display disassembled instructions from the application

If you look at the call stack, you’ll notice that the current frame is in apimonitor-drv-x86.sys. Use the debugger to step out until you reach code in the application.

The debugger is currently at a location right after the application has finished reading the license file and before it checks the validity of the license. We need to locate the code that performs this check and disable it.

Download Ollydbg For Windows 10

The most common software crack is the modification of an application’s binary to cause or prevent a specific key branch in the program’s execution. This is accomplished by reverse engineering the compiled program code using a debugger such as SoftICE, OllyDbg, GDB, or MacsBug until the software cracker reaches the subroutine that contains the primary method of protecting the software (or by disassembling an executable file with a program such as IDA). The binary is then modified using the debugger or a hex editor in a manner that replaces a prior branching opcode with its complement or a NOP opcode so the key branch will either always execute a specific subroutine or skip over it. – Wikipedia

Stepping though some of the code, we come across this location which looks like a possible match to the code we’re looking for.

The value of register eax is 0, right after the function call. Let’s modify the value to 1 and continue running the application. The application displays a different error message this time; instead of an invalid license, the application is telling us that it is unable to locate the file.

Now that we have pinpointed the location where the application checks for a valid license, all we need to do is to play around with the values and jmp instructions to find one that works. In this case, inverting the jump instruction from je to jne tells the application that it has a valid license file. Running the application with the modified code displays our new expiration date of March 15, 2012.

Using Ollydbg To Crack Software

Discuss this article here: http://www.rohitab.com/discuss/topic/37059-using-api-monitor-to-crack-copy-protected-software/