To practice patching memory directly.

Objectives:

  • Find the correct serial key
  • Change it to a different key of your choice

Link: https://crackinglessons.com/crackme-9/

Software

It was a software that asks for a serial key and shows Sorry Wrong Key.

00 - app

Detect It Easy (die)

Using DIE software I found the entry point.

EntryPoint = ImageBase + AddressOfEntryPoint --> 0x00402254

01 - die

x32dbg

At first I checked string references and found Sorry Wrong Key.

02 - string

The Logic was simple it was checking if ESI register is zero by test esi, esi then executes JE command accordingly.

03 - serial key

Because ESI register was not 0 the test command causes ZF to be 0 and JE is not executed.

So I checked commands before test to understand what is setting ESI to non-0. It can be understood that a string comparison is happening and then value of EAX is moved to ESI to test.

String comparison occurs between a user entered value and a value stored in memory which can be seen in below image.

04 -serial key

So we can follow the dump and update the serial key.

05 - serial key memoryu

06 - UPDATE

07 - updated

And that is it.

08 - gg

<
Previous Post
CrackMe8
>
Next Post
ReverseMe2 by Lena