This morning we are going to go over Creating Patchers in What the Blackhats don’t want you to know. This is a great thing to know. Does this defend you from blackhats? No. Some of you think these are defensive guides against the blackarts. I’m sorry if I gave you that impression. These are merely topics blackhats DONT want you to know about. What do you think a cracker is? A whitehat? When was being a whitehat ever tied with breaking into programs for their own benefit? Now you see what the point is. There’s too many people in this world who don’t want to teach. They hold onto these subjects like they are the only fucking person with this knowledge…it’s ridiculous!! It gives mankind a bad name by being selfish! The only people are willing to teach are Professors because money is involved. The only way society says you qualify for a position is if you spent years of your life paying for a piece of paper. Not me. I accept anyone who’s willing to read this. – https://twitter.com/ro0ted/
Creating Patchers Part 1 +
Ollydbg (you can get my version in Ollydbg on Steroids up ahead)
CFF Explorer Suite
The crack me:
Power up Ollydbg and we put the crackme in.
So as usual what do we always do first? Search all reference strings:
We select the error since we are creating a patcher. Not a regular patch but our own patcher.
But wait scroll up to 00401554 and we see that’s where it’s really being called so we set a break point on that address and right click assemble change the JNZ to JNZ 004016C3
Now we run dUP2 to make our patcher.
Choose New Project:
Fill in the details. Example:
Right click the target select offset patch.
Creating the Patcher
The first thing we need to do is write down the address, original values, and new values for our patch. Reloading the target and going to our patch code, we see that the address is 401554. We can also look in the opcodes column and see that the original bytes are “0f85 7A010000″, or in a more pretty fashion, “oF 85 7A 01 0 00″:
Open Ollydbg Disable the patch:
Now open up CFF Explorer Suite to find the offset:
Click on the magnifying glass to run a search. We then need to enter the hex values we are looking for.
Open up dUP2 the offset 956
Original Byte 7A; New Byte 69
Run the patch.
Give it a skin by clicking settings in dUP2
- You can follow any responses to this entry through the RSS 2.0 feed.
- Both comments and pings are currently closed.