By ro0ted | January 30, 2015 - 18:23 | Posted in /b/ | 17 Comments
#ro0ted #OpNewblood What the Blackhat’s don’t want you to know: Resource Hacker

It’s been awhile. I have been very busy. Let’s continue in What the Blackhat’s don’t want you to know series. Today we will go over a simple tool called Resources Hacker. As many people know it changes resources in an .exe hence the name Resources Hacker. We will show what exactly can be achieved with it. Most people think it can just edit the cursor or how the GUI looks in a program but it can also make a timed trial go away, it can remove nag screens. This is vital because you are going to want to edit malware when analyzing it when conducting various tests.- https://twitter.com/ro0ted/


 

(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101

Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com

Introduction to Honeydrive: A Brief Walk Through

Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up

Resource Hacker +


 

 

Download:

http://download.cnet.com/Resource-Hacker/3000-2352_4-10178587.html

Go a head n’ install it. For this example I will use a program no one cares about. Winrar.

After installation right click the program and click Open with Resources Hacker.

Untitled

Now you got a screen with a layout on the left side of program.

Untitled

Everything listed in this panel is editable. Not all programs will load in resource hacker due to proper packing….

Let’s go to the Dialog Module>Reminder.

Untitled

Okay there’s a few options here. Let’s go over a couple things you can do.

You can edit the 40 day trial period to 300 days if you wanted.

Untitled

Now to add to that we can hide this dialog. Top of the screen you should hide dialog. Click that.

Untitled

Now something to remember in the future for Res Hacker. If there’s a dialog, there’s a string; meaning there’s a string that usually matches up with the nag screen. Go to the strings module and click 80>1033.

Untitled

What we see here is a string that tells the code to make the nag screen pop up. We can remove that. After removing it click Compile Script.

Untitled

Just to be safe it’s a good idea to review all strings/dialogs/all modules for more warning signs you might want to edit and/or remove like this:

Untitled

That became:

Untitled

This screen:

Untitled

This became:

Untitled

Now go to the top and click File>Save As>Example.exe

You can even put crackedrar.exe

Untitled

No nag screen. Easy as 1 2 3.

ro0ted

 

(Visited 935 times, 1 visits today)


  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.