History view
The next target is: Soundop 32-bit version 1.7.3.9. Soundop is an intuitive and professional audio editor for Windows to record, edit, mix and master audio contents in clear and flexible workspaces. Below you have the software installation link:
https://download.cnet.com/Soundop/3000-2170_4-77358595.html
Once we run the software Soundop 32-bit version 1.7.3.9 , we see that a message skips first, reminding us of the days we have to trial.
We continue and the program is initialized. We can use the program and in one of the tabs, it gives us the option to activate the software with the key. If we close the software kindly reminds us of the developers that we can buy the license by opening our browser. With a beautiful discount !.
Increase trial time in memory
First of all, mention some cracking tips:
- Breakpoints in all imports windows API.
- Look strings.
- Modify conditional jumps (Abusing logical control flow).
Easy!. First we are going to locate some strings that interest us using the x64dbg debugger. It has been easy to locate strings that have clues about the product key. Analyzing the assembly instruction and being in 32 bit surely an argument to a function is pushed.
We start the execution of the program with its breakpoints and stop before the call of dna.dll module. So it pushed EXPIRY_DATE as argument in dna.DNA_Param. It is evident that the return value of the function is probably the day the trial version expires. Indeed, when the execution of the function is finished, we have in memory in register ESP + 18 the value corresponding to the expiration date. If we are today on 08/11/2019, it expires on 08/12/2019.
And if we modify in memory the date with the debugger? We will have the days that we want.
And vuala!
Cracked software
But we are modifying in memory, we must see if abusing modifying the conditional jumps where it is evaluated we get the software cracked. Modifying all the conditional jumps after string EVAL_CODE pushed in call function, we obtain the cracked software since it will never check if we have the license or not (No Unregistered Trial Version Dialog), because is not evaluated in next call function. So we abuse of this using this trick.
And we win! Software successfull registered.
'Cracking' 카테고리의 다른 글
| Binary patching 0x3 (0) | 2019.11.18 |
|---|---|
| Binary patching 0x2 (0) | 2019.11.09 |
| Introduction and purpose 0x1 (0) | 2019.10.30 |
- Total
- Today
- Yesterday
- use after free
- dnspy
- one gadget
- cracking
- leak libc
- shellcode
- html injection
- format string
- arithmetic overflow/underflow
- write primitive
- theFaunia course
- hijacking redirection flow
- Call oriented programming
- Pwnable.kr
- pwnable.xyz
- 32Bit
- canary
- ASM
- stack pivot
- XSS
- Backdoors
- GOT Dereferencing/Overwriting
- x64dbg
- Windows
- open-redirect
- leak stack memory address
- return oriented programming
- buffer overflow
- pwnable.tw
- fake stack frame
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 |