WEBVTT

1
00:00.290 --> 00:00.770
Hello.

2
00:00.770 --> 00:01.700
Welcome back.

3
00:01.700 --> 00:07.700
In the previous lesson, we've already managed to trace the username successfully.

4
00:07.700 --> 00:09.620
Now we are going to trace the password.

5
00:10.190 --> 00:15.170
So I'm going to reload what we did in the previous one and let's run it.

6
00:18.380 --> 00:22.370
So let's run again until it prompts for the username.

7
00:23.090 --> 00:25.250
So now it's waiting for the username.

8
00:25.250 --> 00:27.980
We key in our username which we have discovered.

9
00:29.210 --> 00:30.080
Press enter.

10
00:30.200 --> 00:33.830
And now let's run until it prompts for the password.

11
00:37.650 --> 00:38.730
Being run again.

12
00:38.850 --> 00:42.330
Looks like it's hitting all our breakpoints, which we were.

13
00:43.050 --> 00:43.770
We left.

14
00:44.850 --> 00:46.350
We did not remove our breakpoints.

15
00:46.350 --> 00:48.570
So it hits our breakpoints.

16
00:48.570 --> 00:52.830
Run again, run again, run again.

17
00:52.830 --> 00:55.620
So now the password prompt has appeared.

18
00:55.620 --> 00:58.080
So let's key in any password.

19
00:58.380 --> 01:00.660
So I'm going to key in the long password.

20
01:02.730 --> 01:04.050
Cracking lessons.

21
01:05.700 --> 01:08.700
So this password has got 15 characters.

22
01:09.570 --> 01:10.290
Hit enter.

23
01:13.640 --> 01:15.260
Now you see in this one.

24
01:15.920 --> 01:23.330
So previously we saw that the password was being checked in the function call.

25
01:25.350 --> 01:26.130
String compare.

26
01:26.130 --> 01:30.750
So click on, keep on clicking the run until it comes to the string compare inner function.

27
01:31.590 --> 01:33.480
Right-click and let's graph this.

28
01:33.480 --> 01:35.880
So this was where we stopped in the previous lesson.

29
01:36.420 --> 01:40.350
So now it's going to, it's going to compare the length of the password.

30
01:40.920 --> 01:43.500
So let's let us run until it comes here.

31
01:45.370 --> 01:48.490
So we will step over line by line.

32
01:56.640 --> 02:00.660
Now it's going to compare - with this - plus 14.

33
02:00.900 --> 02:03.870
Previously these two were comparing username.

34
02:03.900 --> 02:05.850
Now they are comparing password length.

35
02:05.850 --> 02:08.160
So let's see what is - is -.

36
02:08.550 --> 02:10.080
- is 15.

37
02:10.380 --> 02:16.590
So this is the hex representation of the number 15 which is the length of our password.

38
02:17.580 --> 02:20.220
And it is comparing that with the stack.

39
02:20.220 --> 02:21.960
So what is in the stack?

40
02:21.960 --> 02:25.710
This will be the actual length of the actual password.

41
02:25.830 --> 02:30.630
So to find out what is the length of the actual password we can come down here and print it out.

42
02:30.840 --> 02:35.760
So we are going to print out - plus 14.

43
02:37.200 --> 02:41.460
Remember to put the square brackets which means dereferencing a pointer.

44
02:42.510 --> 02:44.490
Pointer is an address.

45
02:44.490 --> 02:48.720
So when we dereference the pointer it means we are dereferencing the address.

46
02:48.720 --> 02:54.210
And dereferencing the address means to print what is the value stored at that memory address.

47
02:54.810 --> 03:00.780
So let's click enter now and we see the value stored at that address is 07.

48
03:00.840 --> 03:05.550
That means the length of the actual password is only seven characters, right?

49
03:05.550 --> 03:09.120
So we, we keyed in 15 which is too long.

50
03:09.120 --> 03:11.460
So we are not going to restart this program.

51
03:11.460 --> 03:20.580
And key in seven, seven will be CRACKIN—1234567 cracking, seven characters.

52
03:20.580 --> 03:30.090
So let's restart now and then let's run until it hits the, the user input.

53
03:30.510 --> 03:33.180
So run, run again.

54
03:33.180 --> 03:35.220
So let's key in our username Nick.

55
03:37.120 --> 03:42.310
Hit enter and let's run until the password prompt appears.

56
03:42.760 --> 03:43.180
Click.

57
03:43.180 --> 03:47.470
Run again, run again, run again, run again.

58
03:47.470 --> 03:49.270
So password prompt has appeared.

59
03:49.450 --> 03:53.170
So let's key in the seven characters.

60
03:53.680 --> 03:56.980
Crackin which is seven characters.

61
03:56.980 --> 03:57.640
Hit enter.

62
03:58.540 --> 04:02.050
Now let's, let's keep on running until it comes to the function for string.

63
04:02.050 --> 04:03.430
Compare this.

64
04:03.430 --> 04:04.300
Keep on running.

65
04:04.570 --> 04:05.680
Now we are here.

66
04:07.000 --> 04:10.150
Let's do a graph. Okay, let's see now.

67
04:10.630 --> 04:12.670
So now let's step over.

68
04:14.140 --> 04:15.730
Until it comes to this line.

69
04:15.730 --> 04:15.940
String.

70
04:15.940 --> 04:16.510
Compare.

71
04:22.320 --> 04:23.850
Now check -.

72
04:23.880 --> 04:27.510
- is now seven characters and - plus 14.

73
04:29.700 --> 04:32.340
Press up arrow key to retrieve the previous command.

74
04:32.340 --> 04:33.210
Hit enter.

75
04:34.380 --> 04:38.580
- plus 14 is also seven, so the comparison succeeds.

76
04:38.610 --> 04:42.510
That means we have entered the correct length password.

77
04:43.500 --> 04:48.360
Then now it's not going to, to jump because the password is the same length.

78
04:48.450 --> 04:51.870
So it's going to go straight instead of jumping over here.

79
04:53.100 --> 04:56.430
So let's step over and let it go straight.

80
04:57.210 --> 04:57.570
All right.

81
04:57.570 --> 05:02.100
So now it's going to come to the function which checks the actual, actual password.

82
05:02.130 --> 05:05.550
Previously this function was used to check the actual username.

83
05:05.580 --> 05:08.070
Now it is used to check for the actual password.

84
05:08.070 --> 05:11.130
So we can step into it to see what is the actual password.

85
05:12.170 --> 05:15.680
Click stepping to 72 again.

86
05:15.710 --> 05:19.370
So now we can, uh, resync.

87
05:19.550 --> 05:25.010
So we right-click and resync to go to the location where it has stepped into.

88
05:25.100 --> 05:28.820
And we are going to run until it comes to this function.

89
05:28.820 --> 05:35.480
Because in the previous video we saw that this function is used to compare the actual username.

90
05:35.480 --> 05:38.570
Now it's going to use the actual to compare the actual password.

91
05:38.990 --> 05:42.110
So let's, let's step over until it comes here.

92
05:51.580 --> 05:53.350
Okay, now it has reached.

93
05:53.350 --> 05:55.090
This call is about to call.

94
05:55.450 --> 05:57.550
Now, what are the parameters for this call?

95
05:57.820 --> 06:00.130
Take a look at the stack.

96
06:00.730 --> 06:06.850
The parameters for this call are our password cracking and another string.

97
06:07.690 --> 06:09.430
So it is trying to compare this to.

98
06:09.430 --> 06:11.770
This suggests that this is the actual password.

99
06:11.770 --> 06:13.810
So now we have already got the actual password.

100
06:14.170 --> 06:21.250
So open the notepad and type this in here which I have already done for AC00F.

101
06:21.640 --> 06:23.800
Now we already fished out the actual password.

102
06:23.800 --> 06:24.640
Let's give it a test.

103
06:24.640 --> 06:31.450
We can close everything now and run our program directly with this password.

104
06:31.540 --> 06:33.280
So we key in the name.

105
06:33.880 --> 06:43.600
Username is Nick and key in this password 4C00F, 4C00F.

106
06:43.600 --> 06:44.230
Hit enter.

107
06:45.130 --> 06:46.150
And there you go.

108
06:46.150 --> 06:46.930
Good job.

109
06:47.410 --> 06:48.460
Keep going.

110
06:48.460 --> 06:54.880
We have successfully fished out the password using the deep tracing method.

111
06:55.240 --> 06:57.490
So this is how we do deep tracing.

112
06:57.880 --> 07:06.550
Stepping into the calls recursively one by one and following the values in the registers, the - register

113
07:06.550 --> 07:07.420
and the stack.

114
07:07.780 --> 07:14.650
So this skill is useful if you are going to do more advanced, uh, more advanced techniques later on.

115
07:14.650 --> 07:21.490
Now, I know that this crack me can actually be solved easily by looking for strings inside a hex editor.

116
07:21.700 --> 07:27.520
But when it comes to more complicated programs, that will not work, right?

117
07:27.520 --> 07:34.540
So that's why you need to do it the correct way, the long way, using a debugging method with an x64

118
07:34.540 --> 07:35.140
debugger.

119
07:35.440 --> 07:37.300
So that's all for this video.

120
07:37.300 --> 07:39.370
Thank you for watching.