WEBVTT 1 00:01.310 --> 00:02.840 Hello and welcome back. 2 00:02.840 --> 00:05.840 In this lesson we are going to try another crackme. 3 00:06.650 --> 00:11.390 And this is the website where I originally got it from. 4 00:11.750 --> 00:15.410 But use the one that I provide instead of the one from here. 5 00:16.400 --> 00:22.880 So you unzip this and the password to unzip is cracking lessons.com. 6 00:23.330 --> 00:30.500 And after unzipping it you will find the crackme and the notes where I give credit to the author. 7 00:31.460 --> 00:33.350 So this crackme 8 00:33.350 --> 00:37.100 now is a 64-bit crackme, x64. 9 00:38.240 --> 00:42.860 So in this lesson we are going to learn two things. 10 00:42.860 --> 00:47.480 We are going to learn how to trace the length of the code, 11 00:48.080 --> 00:49.130 the secret code. 12 00:49.700 --> 00:52.700 When you run this you will see also the secret code. 13 00:53.480 --> 00:58.370 So we are going to use x64dbg to identify the length of the secret code. 14 00:59.060 --> 01:02.780 And after that we are going to fish out the secret code itself. 15 01:03.800 --> 01:10.010 So the way we fish out the secret code itself is to trace the place where the string compare is being 16 01:10.010 --> 01:14.000 done, and read the parameters from the function call. 17 01:16.190 --> 01:26.420 So let's... first thing you need to do is to scan this with DIE to see what it is built with. 18 01:27.950 --> 01:37.550 So it is a 64-bit program, PE64, compiled with Visual Studio, language C, C++. 19 01:39.290 --> 01:42.800 So we need to use x64dbg to open it. 20 01:43.880 --> 01:47.690 So before we do that we do a behavior analysis. 21 01:47.930 --> 01:54.530 So we open a command prompt here so we can go here, search for command prompt. 22 01:57.270 --> 01:59.820 CMD and then you find it here. 23 01:59.820 --> 02:00.600 Command prompt. 24 02:02.370 --> 02:07.260 Navigate to this folder where you put your crackme. 25 02:09.690 --> 02:11.220 Paste your location there. 26 02:11.730 --> 02:14.880 And there you can see your program there. 27 02:18.400 --> 02:27.460 So open another file to keep notes so you can say this is the crackme notes. 28 02:32.570 --> 02:35.510 And then in here you write down whatever you observe. 29 02:37.680 --> 02:40.860 So to observe it, we will run the crackme. 30 02:41.970 --> 02:44.400 Before you run, always make a copy. 31 02:49.900 --> 02:51.160 Okay, so you got a copy. 32 02:51.160 --> 02:52.960 So now you can run the crackme. 33 02:56.990 --> 03:00.230 Let me clear the screen before I do that. 34 03:02.540 --> 03:04.070 CLS is the clear screen. 35 03:04.940 --> 03:06.560 So I run the crackme again. 36 03:09.480 --> 03:10.920 It asks you to enter the secret code. 37 03:10.920 --> 03:14.250 So immediately you will see there's a string. 38 03:18.870 --> 03:19.890 There's one string there. 39 03:20.820 --> 03:22.890 If you don't know, you can type anything. 40 03:24.210 --> 03:31.890 So always type it in a sequence, numeric form: one, two, three, four, five, six onwards so 41 03:31.890 --> 03:37.080 that it will be very easily noticeable when you are doing debugging later. 42 03:38.550 --> 03:41.490 So you just type one, two, three, four, five, six and then press enter. 43 03:42.360 --> 03:45.510 And the bad message says "access denied". 44 03:45.750 --> 03:47.520 So write it down. 45 03:49.380 --> 03:50.520 "Access denied". 46 03:51.960 --> 03:53.820 You can search for these strings later. 47 03:55.830 --> 04:03.540 So now we're ready to perform the analysis, reverse analysis, reversing with the x64dbg. 48 04:03.990 --> 04:06.720 For that we will continue in the next lesson. 49 04:07.080 --> 04:08.400 That's all for this video. 50 04:08.400 --> 04:09.660 Thank you for watching.