WEBVTT 1 00:00.260 --> 00:01.040 Welcome back. 2 00:01.220 --> 00:03.800 In the previous video, we already fished out the password. 3 00:03.950 --> 00:10.220 In this video, we want to patch the file so that it will show the congratulatory message, irrespective 4 00:10.220 --> 00:12.920 of whether the password is correct or wrong. 5 00:13.430 --> 00:25.460 So the easiest way to do this is to go back to our program and reload it, and then run it, and then 6 00:25.460 --> 00:27.920 run it until it prompts for the username. 7 00:29.660 --> 00:30.770 Continue to run. 8 00:31.190 --> 00:35.540 So we enter our username, "cracker," cracker. 9 00:36.050 --> 00:41.660 And we just enter any wrong password and then hit enter. 10 00:42.260 --> 00:44.720 And now let's graph this. 11 00:46.490 --> 00:47.780 So we are here. 12 00:47.780 --> 00:49.370 We are going to step into this. 13 00:51.850 --> 00:57.130 Right-click and sync the IP and let it run until here. 14 00:58.660 --> 01:00.640 So continue stepping over. 15 01:05.280 --> 01:12.870 Okay, so now over here you can see that it's either going to move one to - or go here and move zero 16 01:12.870 --> 01:13.680 to -. 17 01:14.610 --> 01:16.050 We can make a, okay. 18 01:16.140 --> 01:18.570 So we can always make sure it goes to the left. 19 01:19.080 --> 01:20.550 To make sure it goes to the left, 20 01:20.550 --> 01:24.750 we just convert this to a JMP, an unconditional jump. 21 01:25.470 --> 01:27.840 That means we can do something like this. 22 01:30.090 --> 01:32.790 JMP, for example. 23 01:34.560 --> 01:36.270 Refresh to see the comment. 24 01:37.200 --> 01:43.290 So if we JMP this, it will always go to the left, irrespective of whether or not the value in - is 25 01:43.290 --> 01:46.080 "w," so it doesn't care what password is entered. 26 01:46.140 --> 01:48.510 So this is one way you can solve it. 27 01:49.080 --> 01:53.130 Another way you can solve it is you can go to the return here. 28 01:53.550 --> 01:57.330 That means after the return it goes back to the parent. 29 01:58.710 --> 02:03.450 Let us go back to the parent now and see what I mean. 30 02:04.080 --> 02:04.380 Okay. 31 02:04.380 --> 02:05.880 So now it's in the parent. 32 02:07.110 --> 02:09.090 So over here is in the parent. 33 02:09.510 --> 02:14.280 Uh, let me go back to the disassembly view and show you the whole thing. 34 02:17.630 --> 02:18.740 The main function. 35 02:22.920 --> 02:24.150 Okay, let's graph this. 36 02:24.360 --> 02:25.890 Okay, so now we are here. 37 02:25.890 --> 02:27.600 We just came back from a check password. 38 02:28.110 --> 02:31.800 So over here is going to compare whether - is one or not. 39 02:31.980 --> 02:36.120 So if it's not one it is going to go to the left. 40 02:36.450 --> 02:42.210 So another solution for this is to simply reverse this jump or NOP this jump. 41 02:42.330 --> 02:47.580 So we can reverse the jump by putting it as a JE instead of JNE. 42 02:47.610 --> 02:48.780 So we put JE. 43 02:48.900 --> 02:49.680 Obviously it will, 44 02:49.680 --> 02:52.110 it will go to the right even though the password is wrong. 45 02:53.010 --> 02:57.060 Another easy way is to NOP this, NOP. 46 02:57.240 --> 03:00.540 If we NOP this, it will always go to the right. 47 03:00.540 --> 03:05.670 Because if the jump, this comparison will never happen. 48 03:05.760 --> 03:10.950 So it doesn't matter whether or not your - is one or not one. 49 03:11.670 --> 03:14.250 If it's not one, it's going to go to the left. 50 03:14.430 --> 03:18.240 But now if you NOP it, it will never go to the left. 51 03:18.240 --> 03:21.810 It will always go to the right and show "Congrats, you are logged in." 52 03:22.080 --> 03:30.660 So there are so many ways to solve this, but the way I prefer to solve it is to go into this and convert 53 03:30.660 --> 03:32.730 this into an unconditional jump. 54 03:32.880 --> 03:39.030 So if you use this way, no matter if your password is right or wrong, it will always go to the left 55 03:39.240 --> 03:41.100 and move one to -. 56 03:41.880 --> 03:49.170 So to jump this unconditionally, you select that, press the spacebar, check these two checkboxes and 57 03:49.170 --> 03:54.180 then convert this to an unconditional jump and click okay. 58 03:54.930 --> 03:56.010 Now we can patch it. 59 03:57.860 --> 03:59.300 File and we patch it. 60 04:02.820 --> 04:04.410 And we will call it... 61 04:05.460 --> 04:09.870 Click on it and we give the extension "_2," click save. 62 04:11.480 --> 04:13.220 And now we can test it directly. 63 04:13.370 --> 04:17.930 So copy this path and then open a command prompt. 64 04:18.920 --> 04:20.390 CMD, command prompt. 65 04:20.390 --> 04:21.410 Search for CMD. 66 04:22.280 --> 04:23.660 Paste it and just type "CD." 67 04:24.350 --> 04:25.850 Right-click and enter. 68 04:25.850 --> 04:27.830 So now you're in the same folder as this. 69 04:28.490 --> 04:32.420 You can "dir," make sure this one is there. 70 04:32.510 --> 04:33.890 And now you can run it. 71 04:35.730 --> 04:38.460 Run this patched version. 72 04:39.330 --> 04:46.470 Enter this username, "cracker," and then enter any password, any wrong password and you will see, 73 04:46.500 --> 04:46.950 "Congrats! 74 04:46.950 --> 04:47.610 You're logged in." 75 04:47.940 --> 04:49.050 Repeat one more time. 76 04:50.670 --> 04:51.270 Username, 77 04:51.270 --> 04:51.870 "cracker." 78 04:52.470 --> 04:53.640 Any other password? 79 04:56.320 --> 04:59.260 Just say you enter the right password, "w," it says. 80 04:59.560 --> 05:03.940 So whether your password is right or wrong, it will always be a congratulatory message. 81 05:04.360 --> 05:08.830 So this is how you can patch the file to always show the good message. 82 05:09.220 --> 05:10.450 That's all for this video. 83 05:10.450 --> 05:12.100 Thank you for watching.