By ro0ted | February 13, 2015 - 14:38 | Posted in /b/ | 10 Comments
#ro0ted #OpNewblood What the blackhats don’t want you to know: Making your first patchER

This morning we are going to go over Creating Patchers in What the Blackhats don’t want you to know. This is a great thing to know. Does this defend you from blackhats? No. Some of you think these are defensive guides against the blackarts. I’m sorry if I gave you that impression. These are merely topics blackhats DONT want you to know about. What do you think a cracker is? A whitehat? When was being a whitehat ever tied with breaking into programs for their own benefit? Now you see what the point is. There’s too many people in this world who don’t want to teach. They hold onto these subjects like they are the only fucking person with this knowledge…it’s ridiculous!! It gives mankind a bad name by being selfish! The only people are willing to teach are Professors because money is involved. The only way society says you qualify for a position is if you spent years of your life paying for a piece of paper. Not me. I accept anyone who’s willing to read this. – https://twitter.com/ro0ted/

 

ro0ted

 

(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101

Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com

Introduction to Honeydrive: A Brief Walk Through

Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up

Resource Hacker

Dll Injection the Easy Way

Visual Basic Binaries Walk Through Part 1

Ollydbg on Steroids

Creating Patchers Part 1 +

 


 

 

Tools used:

Ollydbg (you can get my version in Ollydbg on Steroids up ahead)

dUP2

CFF Explorer Suite

 

The crack me:

Untitled

Power up Ollydbg and we put the crackme in.

Untitled

So as usual what do we always do first? Search all reference strings:

Untitled

We select the error since we are creating a patcher. Not a regular patch but our own patcher.

Untitled

Untitled

But wait scroll up to 00401554 and we see that’s where it’s really being called so we set a break point on that address and right click assemble change the JNZ to JNZ 004016C3

Untitled

Now we run dUP2 to make our patcher.

Untitled

Choose New Project:

Untitled

Fill in the details. Example:

Untitled

Click save:

Untitled

Right click the target select offset patch.

Untitled

Untitled

Creating the Patcher

The first thing we need to do is write down the address, original values, and new values for our patch. Reloading the target and going to our patch code, we see that the address is 401554. We can also look in the opcodes column and see that the original bytes are “0f85 7A010000″, or in a more pretty fashion, “oF 85 7A 01 0 00″:

Open Ollydbg Disable the patch:

Untitled

Untitled

Now open up CFF Explorer Suite to find the offset:

Click on the magnifying glass to run a search. We then need to enter the hex values we are looking for.

Untitled

Untitled

Open up dUP2 the offset 956

Original Byte 7A; New Byte 69

Untitled

Untitled

Untitled

 

Untitled

Run the patch.

Untitled

Untitled

Give it a skin by clicking settings in dUP2

Untitled

UntitledUntitled

 

(Visited 557 times, 1 visits today)


  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.

10 Responses to #ro0ted #OpNewblood What the blackhats don’t want you to know: Making your first patchER

  1. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats don’t want you to know: Crack this to win a gasmask giftbag

    […] Creating Patchers Part 1 […]

  2. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: Hackers Disassembler

    […] Creating Patchers Part 1 […]

  3. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: Reversing your mobile device

    […] Creating Patchers Part 1 […]

  4. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want u to know | Packing & Crypting, There’s a difference

    […] Creating Patchers Part 1 […]

  5. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: ASM Injecting pt 3 Crypt against AVs

    […] Creating Patchers Part 1 […]

  6. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats don’t want you to know: Add your own menu

    […] Creating Patchers Part 1 […]

  7. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: REMnux Volatility Framework

    […] Creating Patchers Part 1 […]

  8. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: Infected Machine? Create a memory dump

    […] Creating Patchers Part 1 […]

  9. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood You have pictures of your face on the internet right?

    […] Creating Patchers Part 1 […]

  10. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the Blackhats don’t want you to know series

    […] Creating Patchers Part 1 […]