Skip to content

Even more Binary Patching and Whatnot – Patchin Some “LiCeNsEs” – x32dbg

Posted in VIDEOS

Transcription:

Hello everyone and welcome back,

Let’s play with some more patching challenges. BANNER : this text/video is for educational purposes, these softwares are purposely created for patching

First I’ve got a Mr. Bills program here that has a Tip of the day message displayed and it is also
an unregistered program

Meaning we have to find a way to get the premium version – as well as display a different message for fun

Immediately upon loading the program into x32dbg i’ve noticed that if i look up strings it seems to mention
an OPEN operation as well as a “FILE” string with a colon – after I put a breakpoint there
the program ran and I was able to notice that it’s actually loading a Tips.txt file
which loads the tip of the day

I’ve quickly made a Tips.txt file with a custom message inside and once i opened the program my message appeared

That’s pretty cool but I still have an unregistered license – and we dont like that
Looking into the strings more i’ve found a string saying “You have entered an invalid email address
or license number – please try again”

Following that I can see a clear comparison above it where I’ve put the breakpoint
I tried to input some random information and when i click REGISTER and invert my ZERO FLAG value …
PWNED ! We have a pwned software.
Thank you for registering
You can see at the top that the message UNREGISTERED has been removed as well.
We can easily patch this JNE right now to save our pwned version of the program.

After that let’s look into another example – Pixtopian Book software

It looks like the title says that we have an unregistered version.
We have limitations in creating contacts and groups which we are going to bypass.

Also we can change the message of the day as a joke too
Let’s change the “This is the unregistered version” message
Ill just follow it in dump and change it up to something more appropriate.
I’m keeping in mind the size in bytes of the message so I dont screw anything up.

After doing that we get our cool new message.

Let’s register our software – since we cant make more groups.
I’ve already followed the strings since its the easiest way to find our comparison for limitations
and I’ve found this JL statement saying Please register – if you arent registered.
You can notice it compares EAX to number 3 – which is the number of groups allowed for the non-registered
version of this software. I’m gonna be kind and change this to 77. Now we can make only 77 groups
instead of 3 that the non-premium software gives us.

Next up we can also notice that we cannot add more than 4 people inside a group
That’s not a lot of people, right? Let’s fix that too.

Again we can see the EAX comparison with the number four and we’ll change it to 77 again – and it just works!
We now have a pwned version of this software.

And that would be all
Thank you so much for watching and have a nice day.