WEBVTT

1
00:00.440 --> 00:01.130
Welcome back.

2
00:01.430 --> 00:04.820
So far we have traced up to the ninth character.

3
00:04.850 --> 00:08.570
Now we'll continue with the tenth, eleventh, twelfth, and so on.

4
00:09.080 --> 00:10.820
So let's restart this.

5
00:12.440 --> 00:13.610
Go to full screen.

6
00:13.640 --> 00:15.380
Let's restart this.

7
00:18.390 --> 00:28.260
And run to our breakpoint main, and we start over until we come to this call, and then step over this

8
00:28.260 --> 00:28.710
call.

9
00:29.190 --> 00:33.420
And now it's waiting for us to enter our password.

10
00:34.690 --> 00:38.410
And we fished out nine characters from the password.

11
00:39.490 --> 00:41.830
So we type in what we have got so far.

12
00:41.860 --> 00:50.380
L-I-L-2-2-8-1-3-3.

13
00:50.560 --> 00:52.660
L-I-L-2-2-8-1-3-3.

14
00:53.590 --> 00:55.630
But we don't know what's the tenth password.

15
00:55.900 --> 01:00.280
So we're just going to put A, B, C at the back here for 10, 11, 12.

16
01:00.670 --> 01:02.230
A, B, C, hit Enter.

17
01:03.970 --> 01:04.180
Okay.

18
01:04.180 --> 01:05.170
So now we're here.

19
01:05.170 --> 01:08.050
Let's step over until we come to this line.

20
01:08.770 --> 01:10.660
And then we step into this call.

21
01:10.750 --> 01:12.130
Step again.

22
01:12.520 --> 01:15.730
And then now we right-click and graph it, and we trace it.

23
01:17.250 --> 01:18.510
So we trace it.

24
01:20.520 --> 01:22.440
First character, L.

25
01:25.980 --> 01:28.530
Second character, I.

26
01:33.130 --> 01:35.140
Third character, L again.

27
01:39.540 --> 01:41.130
Fourth character, 2.

28
01:44.840 --> 01:46.340
Here is going to loop up.

29
01:50.210 --> 01:51.110
Step over.

30
01:51.680 --> 01:56.420
So now we are here. We are at the fourth and the fifth character again.

31
01:56.420 --> 01:58.010
It is 2, as you can see here.

32
01:58.100 --> 02:02.150
So we are now at the fifth character here, 2.

33
02:03.120 --> 02:04.800
So let's continue.

34
02:06.650 --> 02:07.400
Click on this.

35
02:07.430 --> 02:09.680
We are now the sixth character, which is 8.

36
02:13.750 --> 02:16.600
And this would be the seventh character, which is 1.

37
02:16.600 --> 02:20.050
So we are now here, seventh character, which is 1.

38
02:26.980 --> 02:32.230
Click on this, and this should be the eighth character, which is 3. Eighth character.

39
02:34.010 --> 02:35.540
Continue stepping over.

40
02:37.350 --> 02:39.270
Now we're going to loop up again.

41
02:41.640 --> 02:46.260
Step over, and this should be the ninth character, which is 3.

42
02:46.260 --> 02:49.200
So we are now here at the ninth character.

43
02:50.310 --> 02:53.670
Next one we are going to target is the tenth character.

44
02:53.670 --> 02:55.470
So then continue to step over.

45
02:57.940 --> 03:05.620
Okay, so now we are tenth character, which is 7, but we entered A. We entered A, is it A?

46
03:05.860 --> 03:08.140
So we know that the tenth character is 7.

47
03:08.140 --> 03:11.020
So we can now put 7 over here.

48
03:12.190 --> 03:12.490
All right.

49
03:12.490 --> 03:13.600
Continue to step over.

50
03:13.600 --> 03:20.350
And because we did not put 7, is going to come to this part here and going to set a bad value, which

51
03:20.350 --> 03:21.400
is negative 1.

52
03:21.400 --> 03:26.170
So let's restart again and run to our first breakpoint.

53
03:26.170 --> 03:31.390
And let's step over it until we come to this call.

54
03:31.930 --> 03:37.810
And then we click on this, and we enter the password characters that we have fished out so far, which

55
03:37.810 --> 03:38.620
is L-I-L.

56
03:40.760 --> 03:49.340
L-I-L-2-2-8-1-3-3-7.

57
03:50.630 --> 03:54.500
L-I-L-2-2-8-1-3-3-7.

58
03:55.610 --> 03:59.330
So we don't know what is the eleventh character.

59
03:59.360 --> 04:03.530
B, C, B. So we just put B, C, D at the back.

60
04:03.650 --> 04:04.310
Okay.

61
04:04.430 --> 04:10.040
Just put B, C, D, hit Enter, and we are back.

62
04:10.040 --> 04:12.770
Now we continue to step over until we come to this call.

63
04:13.100 --> 04:15.020
Then we will step into this call.

64
04:15.020 --> 04:21.740
Click again, then right-click and graph this, and continue to trace.

65
04:22.520 --> 04:23.960
So we will trace.

66
04:25.500 --> 04:26.970
First character, L.

67
04:30.620 --> 04:32.750
Second character, I.

68
04:35.870 --> 04:37.730
Third character, L again.

69
04:43.780 --> 04:46.630
Fourth character, 2.

70
04:50.400 --> 04:51.780
Loop, loop back up.

71
04:54.440 --> 04:56.780
This should be the fifth character, which is 2.

72
04:56.960 --> 04:58.400
So we are now here.

73
04:58.400 --> 04:59.420
Fifth character.

74
05:04.360 --> 05:06.340
Click on this. Sixth character is 8.

75
05:06.370 --> 05:07.450
We are now here.

76
05:07.450 --> 05:07.870
8.

77
05:12.330 --> 05:13.530
And over here.

78
05:14.580 --> 05:19.680
Uh, this will be, uh, seventh character, which is 1, over here.

79
05:19.950 --> 05:21.510
This 1 over here.

80
05:26.100 --> 05:29.520
And now this will be eighth character, which is 3.

81
05:29.760 --> 05:31.290
So this is eighth character.

82
05:31.290 --> 05:31.920
3.

83
05:35.200 --> 05:41.290
Okay, now it's going to go back up, loop again. Step over, and we are back on the loop on top.

84
05:41.470 --> 05:42.580
Continue stepping.

85
05:42.580 --> 05:43.570
Come over here.

86
05:43.570 --> 05:48.970
And this should be your ninth character, which is 3 again, this one.

87
05:50.770 --> 05:56.440
Now notice that when comparing characters, you will have a single quote over here and a single quote

88
05:56.440 --> 05:57.160
over here.

89
05:57.190 --> 05:57.940
Remember that.

90
06:01.670 --> 06:02.090
Okay.

91
06:02.090 --> 06:03.620
So let's continue.

92
06:04.580 --> 06:08.510
Now here is comparing -, which is whether is zero or not.

93
06:09.290 --> 06:11.720
In our case, it's not zero, not end of the string.

94
06:11.720 --> 06:13.550
So it's going to go to compare.

95
06:13.550 --> 06:19.940
Now the eleventh, the tenth character. Tenth character is 7.

96
06:19.940 --> 06:20.990
So we got it right.

97
06:21.080 --> 06:22.880
Step over.

98
06:25.440 --> 06:27.720
Now it's checking whether you're end of the string or not.

99
06:27.810 --> 06:30.450
If you're end of the string, it will be a null terminator.

100
06:30.450 --> 06:33.900
That means - should be zero, zero, but it is -.

101
06:34.320 --> 06:35.970
Is this two bytes here, 3, 7?

102
06:35.970 --> 06:37.350
But it is not zero, zero.

103
06:37.740 --> 06:39.990
- is 3, 3, - is 3, 7.

104
06:40.650 --> 06:45.030
- is the first byte, first-level byte of the register.

105
06:45.330 --> 06:47.730
- is the second byte of the register.

106
06:48.780 --> 06:51.150
So in this case, it is not zero.

107
06:51.720 --> 06:53.220
So it's going to go straight.

108
06:54.600 --> 06:55.230
Step over.

109
06:55.230 --> 07:01.650
And now it's comparing the eleventh character. Eleventh character is not a character. It is a null terminator.

110
07:01.650 --> 07:01.980
See that?

111
07:03.240 --> 07:07.800
Remember I told you just now a character will have single quote like this, but in this case it is not

112
07:07.800 --> 07:10.320
single quote, it is just the value zero.

113
07:10.320 --> 07:13.020
So this is called a null terminator.

114
07:13.020 --> 07:19.890
That means it is expecting your eleventh character, which is B here. Eleventh character should be a null terminator.

115
07:20.400 --> 07:26.130
And in programming, when you input something to insert a null terminator, you press the Enter key.

116
07:26.400 --> 07:29.070
But our Enter key was at the back here, after the D.

117
07:29.790 --> 07:32.430
So our null terminator is at the back here, not here.

118
07:32.430 --> 07:35.670
So it is expecting your null terminator to be in this position.

119
07:35.700 --> 07:39.690
B. That means the password is only up to 7.

120
07:39.990 --> 07:42.090
Then after that will be an Enter key.

121
07:42.090 --> 07:44.550
When you press Enter, it sets the null terminator.

122
07:44.550 --> 07:50.670
So that suggests that the password is simply L-I-L-2-2-8-1-3-3-7.

123
07:50.670 --> 07:51.300
That's it.

124
07:51.810 --> 07:57.960
Okay, so to test our hypothesis, we can just directly now double-click on this and enter

125
07:58.230 --> 08:06.030
L-I-L, L-I-L-2-2-8-1-3-3-7.

126
08:06.030 --> 08:09.450
And press the Enter key to insert the null terminator.

127
08:09.990 --> 08:10.770
Nice job.

128
08:10.770 --> 08:11.730
Password found.

129
08:11.790 --> 08:17.970
So this is how we can fish the long passwords using deep loop tracing.

130
08:17.970 --> 08:19.170
Why is it deep loop tracing?

131
08:19.170 --> 08:25.530
Because we have to loop multiple times, I think at least three times before we fish out the entire

132
08:25.530 --> 08:26.250
password.

133
08:26.550 --> 08:30.060
Each time it loops, it adds 4 to the counter.

134
08:30.300 --> 08:32.040
- is your counter.

135
08:32.040 --> 08:34.020
As you can see, this is - counter.

136
08:34.800 --> 08:39.930
Okay, so that's how you can perform deep loop tracing.

137
08:40.230 --> 08:41.940
That's all for this video.

138
08:42.540 --> 08:46.620
In the next one, we are going to look at how to patch this to show the correct password.

139
08:46.620 --> 08:52.470
No matter what the password is revealed, try that on your own first, and then watch the next video.

140
08:52.980 --> 08:54.240
Thank you for watching.