Reverse Engineering 101

This is a very basic tutorial on reverse engineering your first executable in Windows. This is a short application which I’ve written just for this purpose, just a simple program which came to my head.

#include <windows.h>
#include <stdio.h>
	Name: Ultra Newbie CrackMe
	Copyright: 2014
	Author: Osanda Malith 
	Date: 30/12/14 07:51
	Description: This a very basic crack me just for demonstration purposes.

enc (char cipher[], int shift) {
  int i = 0;
  while (*(cipher+i)) {
	  if ((*(cipher+i) + shift) >= 65 && (*(cipher+i)+ shift) <= 90) *(cipher+i) += shift;
      else *(cipher+i) += shift - 25;

main () {
	int i;
    char msg[] = {0x53, 0x45, 0x43, 0x52, 0x45, 0x54, '\0'}, *in;
    int key = 6+3;
    enc(msg,key); printf("Coded by Osanda\n\n\n");   
    printf("Enter Pass\n");
    in = (char *) malloc(20);
    scanf("%s", in);
    if(!strcmp(in,msg)) MessageBox(NULL,TEXT("Access Granted :)"),TEXT("Info"),MB_OK | MB_ICONASTERISK  | MB_RIGHT );
    else MessageBox(NULL,TEXT("Try Again"),TEXT("Info"),MB_OK | MB_ICONERROR  | MB_RIGHT );
    return 0;

I’ll divide this tutorial in to two tasks. Task one is finding the pass. Task two would be patching the application so that any given user input would trigger the “Access Granted” message box.
Before we start what is reverse engineering? Let me put it in this way. We write applications in high level languages such as C, C++, Delphi, etc. and they are gone through a process called compiling and converted into machine code. We write programs in different languages but regardless, the computer won’t understand any of them. The closest language to the CPU which it would understand after assembling and linking would be the assembly language. Reverse engineering is the process of engineering an application once it is compiled into machine code. This is vastly used in malware analyzing, breaking protections in software, exploit development, adding more functionality into applications. There might be more than these few.



2014 in review

The stats helper monkeys prepared a 2014 annual report for this blog.

Here's an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 38,000 times in 2014. If it were a concert at Sydney Opera House, it would take about 14 sold-out performances for that many people to see it.

Click here to see the complete report.