By ro0ted | March 13, 2015 - 17:43 | Posted in /b/ | 16 Comments
#ro0ted #OpNewblood What the blackhats dont want you to know: Hackers Disassembler

I’d like to show you one of my favorite Disassemblers for cracking a program used in conjunction with other programs. – https://twitter.com/ro0ted/

 

Download

 

Description:

Hacker’s Disassembler is a very fast and comfortable free disassembler.

support for com, MZ and PE executables.
going over the jmp and call instructions and to given addresses, storing addresses in history.
recognizing references to strings, dialog and menus.
recognizing calls of imported functions.
information about exported functions.
custom hotkeys and colors, syntax highlighting.
“Trace mode”.
giving names to the procedures and global variables.
comments.
bookmarks.
opening files using drag-and-drop.
saving text fragments.

The program:

Untitled

Let’s load our target:

Untitled

Untitled

Simple straight to the point.
Click References>Strings:

Untitled

Let’s point out the promising strings:

Untitled

Which one of these can you guess is a nag screen?

Untitled

So it’s important to take some notes.
Open Notepad++:

Untitled

You may be wondering why is this necessary?
Because HDasm is just a disassembler meaning you can’t edit shit with it.

You may be also asking Why don’t you just do a string reference search in Olly?
Because you won’t find anything interesting. Already did.

Now let’s open Resource Hacker.
Okay go to the string module:
Untitled

Open Ollydbg:
Search for constant
First one 101, we come here:
Untitled

As we can see that’s just part of the message. That message is a nag screen remind you which day you are on.
Next constant is 102
We come here:

Untitled

Next constant is 103:

Untitled

Next constant is 105:

Untitled

Next constant is 106:

Untitled

Let’s focus on constant 101 & 102:
Edit the Push values.

Before:

Untitled

After:

Untitled

Okay so this wasn’t meant to be a crack mIRC tut. I just wanted to show you Hdasm.

ro0ted

 


 

 

(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101

Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com

Introduction to Honeydrive: A Brief Walk Through

Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up

Resource Hacker

Dll Injection the Easy Way

Visual Basic Binaries Walk Through Part 1

Ollydbg on Steroids

Creating Patchers Part 1

Have you supported the gas mask campaign over the years?

Crack to win a gas mask gift pack

How to edit a register me crack me Pre Part 1

Unwinding Delphi Binaries Walk Through if not Preview

Cracking Delphi Part 2

Reversing Timed Trials: Ollydbg Tricks Part 3

Analyzing Adware

Preview Against Debugging

Bypassing Registering 101

Bypassing Part 2

Android/iOS Reversing

Introducing IDA Pro: Static Analyzing

Hacker’s Disassembler +

 

 

(Visited 1,517 times, 1 visits today)


  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.