WEBVTT 1 00:01.040 --> 00:01.970 Welcome back. 2 00:02.090 --> 00:09.140 In this lesson we are going to patch the file to show the right message no matter what the username is. 3 00:09.350 --> 00:11.240 I hope you have tried this on your own. 4 00:11.570 --> 00:14.060 So now let's see how I solve it. 5 00:14.060 --> 00:20.090 So if you run this now and you key in the wrong username, it will tell you wrong. 6 00:20.420 --> 00:23.840 So we have to search for this string, 7 00:23.840 --> 00:24.620 "wrong." 8 00:24.620 --> 00:25.820 We already done that. 9 00:25.820 --> 00:28.220 So we can just go over there straight away. 10 00:28.220 --> 00:31.490 So let's reload this and click run. 11 00:32.060 --> 00:34.190 So we are already at the main here. 12 00:34.190 --> 00:35.810 So we graph it now. 13 00:38.170 --> 00:44.140 And then we're going to run until it asks for the username. 14 00:45.010 --> 00:47.110 So let's prove this to the right. 15 00:48.190 --> 00:49.750 And let's run it. 16 00:51.170 --> 00:53.600 And it's asking for, for the username. 17 00:53.600 --> 00:56.150 So let's key in the wrong username, "cracker." 18 00:57.500 --> 00:58.820 And now it has 19 01:00.470 --> 01:01.820 paused at this breakpoint. 20 01:02.390 --> 01:05.450 So let's step over until it comes to the jump. 21 01:08.370 --> 01:08.820 All right. 22 01:08.820 --> 01:13.290 So now we know that if it goes to the left, it's going to be bad news. 23 01:13.320 --> 01:16.590 If we click on this we see that it is taking, it is taking the jump. 24 01:16.590 --> 01:20.070 That means it's going to go to C95, which is here. 25 01:20.610 --> 01:27.960 Now a simple way to, to, to cause it to show the good message is to make it go to the right. 26 01:27.960 --> 01:32.010 So before we patch anything, we can test our hypothesis first. 27 01:32.100 --> 01:35.520 We can double-click this to toggle the zero flag. 28 01:36.150 --> 01:37.890 So now we click on this again. 29 01:37.890 --> 01:42.000 You see that the jump is not taken, which means that it's going to go to the right. 30 01:42.000 --> 01:43.140 So let's step over now. 31 01:44.340 --> 01:46.020 And it goes to the right. 32 01:46.230 --> 01:50.730 And it's going to now make this call. 33 01:50.730 --> 01:53.610 And the parameter for this call contains the string "right," 34 01:53.610 --> 01:54.630 as you can see. 35 01:54.630 --> 01:58.140 And the function that is going to call a "cout." 36 01:58.680 --> 02:03.210 That means it's going to print out this message "right" to the screen. 37 02:03.600 --> 02:05.670 Let's step over this and see that happening. 38 02:05.670 --> 02:06.540 And there you go. 39 02:06.540 --> 02:08.310 So our hypothesis is correct. 40 02:08.940 --> 02:11.520 All we need to do is reverse this jump. 41 02:11.850 --> 02:16.110 So, so now how do we reverse this jump? 42 02:16.140 --> 02:18.240 There are two ways to solve this. 43 02:18.240 --> 02:23.160 You can convert this JE to a JNE, jump not equal. 44 02:23.160 --> 02:25.470 So JNE means it goes to the right. 45 02:26.430 --> 02:30.150 And an easier way, a simpler way would be to simply NOP it. 46 02:30.300 --> 02:33.210 NOP it means that this instruction never takes place. 47 02:33.210 --> 02:38.610 It will just go to the right, so it will not jump to the left. 48 02:39.150 --> 02:42.810 So either one should solve the problem. 49 02:43.020 --> 02:44.700 So we try the easiest way. 50 02:44.700 --> 02:49.230 Maybe we just put a NOP here, so we can put a comment here. 51 02:49.230 --> 02:50.220 NOP this. 52 02:54.840 --> 02:55.740 Refresh. 53 02:58.890 --> 03:01.200 And then we go to assembler. 54 03:02.160 --> 03:07.110 And then over here we can just right-click and binary, fill NOPs. 55 03:08.010 --> 03:09.030 Click okay. 56 03:10.740 --> 03:13.770 Now we can just, uh, patch the file. 57 03:15.270 --> 03:16.680 And click patch file. 58 03:17.880 --> 03:24.120 Click on it and give it a new name with the dash two at the back. 59 03:24.840 --> 03:28.530 Click okay and let's test it directly. 60 03:31.720 --> 03:32.800 This is correct. 61 03:33.700 --> 03:35.080 This is a patched file. 62 03:35.080 --> 03:39.700 And you see, no matter what you enter, it is always the right message showing up. 63 03:39.730 --> 03:40.630 Try again. 64 03:47.060 --> 03:48.110 And there you go. 65 03:48.110 --> 03:51.290 So this is how we can solve this crackme 66 03:51.410 --> 03:52.910 by patching the file. 67 03:52.910 --> 03:54.560 That's all for this video. 68 03:54.560 --> 03:55.910 Thank you for watching.