WEBVTT 1 00:00.740 --> 00:01.640 Welcome back. 2 00:01.640 --> 00:05.000 In this lesson, I will show you a shorter way to bypass decryption. 3 00:05.000 --> 00:08.030 You don't have to do the comparison analysis anymore. 4 00:08.030 --> 00:09.530 You can just do patching. 5 00:10.460 --> 00:15.890 So in the—we are just going to restart this. 6 00:15.890 --> 00:20.330 And then we're going to run—let it hit our breakpoint. 7 00:20.750 --> 00:23.060 Press G to go into graphical view. 8 00:24.890 --> 00:28.130 And then now we're going to run to this breakpoint. 9 00:29.000 --> 00:30.590 So the prompt is out. 10 00:31.340 --> 00:34.520 Continue stepping until this becomes into a running state. 11 00:40.120 --> 00:44.260 It is now running state, which means that it is waiting for us to enter something. 12 00:44.260 --> 00:54.760 So we type any password: 123456, hit Enter, and now control comes back to the debugger. It's paused, so we 13 00:54.760 --> 00:59.080 can now run all the way to the last part. 14 01:01.730 --> 01:08.900 Down here, bypass all the encryption and come straight to this critical instruction. 15 01:09.290 --> 01:14.750 This instruction is going to move the bad message to the good message, as we have seen earlier. 16 01:15.020 --> 01:16.910 So we don't want this to happen, right? 17 01:16.910 --> 01:19.970 So we want these two to be the same. 18 01:20.990 --> 01:21.350 Right. 19 01:21.530 --> 01:24.080 So there are many ways to bypass the decryption. 20 01:24.080 --> 01:25.640 We can NOP this instruction. 21 01:25.640 --> 01:26.690 That's the easiest way. 22 01:27.170 --> 01:29.300 All we need to do is NOP this, 23 01:29.300 --> 01:32.210 and then it will not copy - to -. 24 01:32.420 --> 01:37.340 It will not copy the bad message into the good message to overwrite the good message. 25 01:37.340 --> 01:43.850 So we just right-click here, patch the command, and say NOP this. 26 01:44.450 --> 01:45.050 That's all. 27 01:45.050 --> 01:46.370 That's all we need to do. 28 01:48.840 --> 01:49.530 NOP this. 29 01:50.760 --> 01:53.850 So now we can go back. 30 01:54.870 --> 01:58.260 We just refresh this first, refresh this. 31 01:58.290 --> 01:59.190 We see the NOP there. 32 02:00.900 --> 02:02.940 So right-click on this, Assemble. 33 02:03.990 --> 02:06.480 We right-click this, Binary, Copy. 34 02:08.610 --> 02:09.180 Let's see. 35 02:09.840 --> 02:12.810 So we use patching to bypass the decryption. 36 02:13.230 --> 02:21.960 Now in a—in a real commercial program, this works because you don't have to decrypt the encryption scheme. 37 02:21.960 --> 02:26.910 You just have to bypass it by copying the result of the encryption. 38 02:27.480 --> 02:31.560 And then, you know, you just undo all the encryption scheme. 39 02:32.310 --> 02:39.270 So because in the real commercial program, once the password is correct, you go ahead and call the 40 02:39.270 --> 02:42.090 activation function to allow you to use the software. 41 02:42.390 --> 02:46.680 But if the password is wrong, then you will not call the activation function. 42 02:46.680 --> 02:50.700 So you just need to NOP this single NOP that will do the trick. 43 02:51.690 --> 02:51.900 Okay. 44 02:51.900 --> 02:53.070 So now we're going to patch it. 45 02:54.570 --> 02:55.560 Patch the file. 46 02:58.120 --> 03:01.300 And then we're going to call it "Ransom One." 47 03:07.880 --> 03:10.280 Now we can test our "Ransom One" file. 48 03:25.620 --> 03:28.530 Enter any wrong—zero. 49 03:31.470 --> 03:32.190 And you see, "Thanks, 50 03:32.190 --> 03:32.640 Bobby. 51 03:33.060 --> 03:33.930 Bobby is now cured." 52 03:33.930 --> 03:37.290 So this is how we can use patching to bypass encryption. 53 03:37.710 --> 03:41.490 So you don't have to go and figure out how to decrypt. 54 03:41.520 --> 03:44.550 All you do is find the right place to patch. 55 03:45.000 --> 03:46.680 That's all for this video. 56 03:46.710 --> 03:48.240 Thank you for watching.