WEBVTT 1 00:01.220 --> 00:01.970 Hello. 2 00:02.600 --> 00:03.560 Welcome back. 3 00:05.210 --> 00:09.110 In the previous lesson, we've already managed to create a self keygen. 4 00:09.920 --> 00:18.020 So if I enter any kind of username and just any fake serial, I click check. 5 00:18.110 --> 00:20.150 It will generate the keygen. 6 00:20.750 --> 00:27.170 Now in this lesson I'm going to improve the message box by adding a caption here. 7 00:27.650 --> 00:28.940 So let's get started. 8 00:28.940 --> 00:31.850 So we're going to put the caption key here. 9 00:33.110 --> 00:36.680 So we have to now go back to the x32dbg. 10 00:36.710 --> 00:38.030 Let's close this first. 11 00:42.810 --> 00:44.460 Open my. 12 00:55.420 --> 00:56.560 Then I will run. 13 00:58.740 --> 01:03.480 Enter any kind of name and serial. 14 01:06.120 --> 01:08.490 And go back to our main here. 15 01:16.290 --> 01:19.740 And then I'm going to let it run until it hits this breakpoint. 16 01:20.700 --> 01:21.840 Put a breakpoint here. 17 01:23.540 --> 01:25.640 So run into that breakpoint. 18 01:27.470 --> 01:36.200 Now this breakpoint is where it's starting to move all the parameters for message box to the stack. 19 01:37.820 --> 01:42.260 So let's revise what's the message box parameters. 20 01:43.880 --> 01:52.700 So if we search for MSDN message box you will see that the message box parameters are as follows. 21 01:54.320 --> 01:56.840 The fourth parameter is the type. 22 01:57.320 --> 01:59.030 The third parameter is a caption. 23 01:59.030 --> 02:00.260 So this is the caption. 24 02:01.550 --> 02:06.260 The second parameter is your string, your string. 25 02:06.260 --> 02:12.800 So if you look at this one, second parameter is your string. 26 02:14.350 --> 02:18.820 First parameter is the owner or the parent for the message box. 27 02:18.820 --> 02:20.230 So we are just interested in that. 28 02:20.230 --> 02:23.740 We are just interested in the caption which is the third parameter. 29 02:23.890 --> 02:25.690 So counting from the bottom. 30 02:25.690 --> 02:26.620 First parameter. 31 02:26.620 --> 02:27.730 Second parameter. 32 02:27.730 --> 02:28.690 Third parameter. 33 02:28.690 --> 02:30.100 Let me just refresh this. 34 02:31.270 --> 02:31.660 Okay. 35 02:31.660 --> 02:37.210 So now how do we change this third parameter to show a caption? 36 02:37.690 --> 02:41.620 The caption that we want to show is the string key. 37 02:42.130 --> 02:48.400 Now to do that we have to move an address which contains the string key. 38 02:49.120 --> 02:52.510 At the moment the address is 441026. 39 02:52.630 --> 02:54.070 So you click on this. 40 02:55.540 --> 02:57.370 Let's step one and go there. 41 02:57.370 --> 03:02.260 Now if you click on this now you can see that this address. 42 03:02.260 --> 03:03.040 Let's go there. 43 03:03.040 --> 03:03.940 Now follow in dump. 44 03:04.900 --> 03:07.810 Follow the address - plus eight. 45 03:08.530 --> 03:09.520 And we go there. 46 03:09.520 --> 03:12.460 Now we will see that it has got nothing there. 47 03:13.060 --> 03:14.050 Blank. 48 03:14.050 --> 03:16.000 That's why there is no caption. 49 03:17.110 --> 03:17.710 All right. 50 03:17.710 --> 03:22.780 So what we need to do is to put a caption for this. 51 03:22.780 --> 03:28.720 At this memory address we can put the caption there. 52 03:29.320 --> 03:33.220 So one way to do that is to just select all this. 53 03:34.730 --> 03:35.300 Right? 54 03:35.450 --> 03:36.350 Okay. 55 03:36.380 --> 03:38.240 We need three bytes so key. 56 03:38.600 --> 03:41.300 And then right-click and binary edit. 57 03:42.380 --> 03:50.210 And under here we type key K-E-Y, keep size and click 58 03:51.390 --> 03:52.110 okay. 59 03:52.380 --> 03:54.990 So now it's got the string key there. 60 03:55.980 --> 04:01.320 And now when we step over it's supposed to move that key string to that address. 61 04:01.320 --> 04:07.920 And let's step over and call the message box and see whether we get it. 62 04:08.460 --> 04:09.510 It fails to work. 63 04:09.720 --> 04:20.280 Now that could be because this address was either not editable or maybe that particular 64 04:20.280 --> 04:23.190 address has been overwritten by some other values. 65 04:24.000 --> 04:29.670 So in order to solve that, we have to create a string in another separate memory address. 66 04:31.320 --> 04:38.730 And we need to find a blank memory address which is not being used, and then write our string there. 67 04:40.170 --> 04:42.000 So let's get started now. 68 04:43.230 --> 04:47.760 So to know which memory address we can use, we can go to memory map here. 69 04:48.270 --> 04:50.070 And then look for data. 70 04:50.550 --> 04:52.650 Make sure it's readable and writable. 71 04:53.700 --> 04:56.280 So RW means readable and writable. 72 04:56.370 --> 04:58.020 Double-click on that data there. 73 04:58.320 --> 05:02.010 And now you are coming to that data section. 74 05:03.320 --> 05:04.910 Now at the data section here. 75 05:04.910 --> 05:08.120 Scroll down until you see all zeros. 76 05:08.960 --> 05:10.820 So this is called a code cave. 77 05:11.300 --> 05:16.790 A code cave is a writable area of memory where you can insert additional text or code. 78 05:17.480 --> 05:19.850 So choose something that is all zeros. 79 05:19.850 --> 05:21.140 For example here. 80 05:21.470 --> 05:22.910 Select three bytes. 81 05:23.480 --> 05:31.370 Right-click it and then select binary edit and then go to the ASCII box and type key K-E-Y. 82 05:33.460 --> 05:34.540 And then click okay. 83 05:34.660 --> 05:38.410 So now you have your key and make sure at the back is all dots. 84 05:38.650 --> 05:43.660 The last byte here is your null terminator that terminates the string. 85 05:44.140 --> 05:45.760 Now take note of this address. 86 05:45.760 --> 05:47.290 We want this address. 87 05:47.290 --> 05:56.170 So right-click and copy the address and then paste it inside your text editor. 88 05:56.470 --> 06:00.970 So we want this address because this address contains the string key. 89 06:01.720 --> 06:06.160 Now you come back here and then we go to this location. 90 06:06.640 --> 06:08.650 Right-click, follow in disassembler. 91 06:10.060 --> 06:13.840 And then this is where we need to change the address. 92 06:13.930 --> 06:16.270 Presently it's 441026. 93 06:16.660 --> 06:18.400 So we need to assemble it. 94 06:18.490 --> 06:19.690 Press spacebar. 95 06:20.620 --> 06:25.270 And over here delete this and paste our address. 96 06:25.270 --> 06:31.270 Our new address that contains key 44010. 97 06:31.840 --> 06:33.730 Click okay. 98 06:33.730 --> 06:34.090 See. 99 06:34.090 --> 06:34.780 So it's there. 100 06:34.780 --> 06:37.300 Now let's run again. 101 06:38.410 --> 06:41.140 This time we are going to click check again. 102 06:42.040 --> 06:43.240 Click run again. 103 06:44.840 --> 06:48.650 And you see now our message box has got a caption key. 104 06:49.040 --> 06:50.540 Okay, so let's patch it now. 105 06:52.530 --> 07:01.680 And then click patch file and we are going to call it keygen this and then call it three, three dash 106 07:01.680 --> 07:04.440 self keygen, click okay. 107 07:04.440 --> 07:09.360 So now we can test our new self keygen version three. 108 07:11.530 --> 07:14.830 Enter any username. 109 07:15.100 --> 07:18.040 Enter any wrong serial. 110 07:18.040 --> 07:19.120 Click on check. 111 07:19.780 --> 07:21.100 And there you have it. 112 07:21.100 --> 07:25.870 Our nice message box with a helpful caption key. 113 07:26.290 --> 07:30.850 All right, so let's copy down this key and see whether it works. 114 07:31.720 --> 07:34.360 So our key now let's say 115 07:34.840 --> 07:42.550 61106110111636. 116 07:43.540 --> 07:45.130 All right, so let's copy this. 117 07:49.080 --> 07:50.070 Paste it here. 118 07:51.750 --> 07:53.400 Click check and it works. 119 07:53.910 --> 07:54.510 See? 120 07:54.510 --> 08:03.270 So this is how we can improve on our self keygen by using code cave to insert additional text 121 08:03.270 --> 08:10.620 and then copying that memory address for the text into the message box parameter for the caption. 122 08:10.830 --> 08:12.390 That's all for this video. 123 08:12.420 --> 08:14.310 Thank you for watching.