How To Reverse Engineer Using OllyDbg

Introduction to obfuscation and reverse engineering

To start with obfuscate, we are taking one reverse engineering tool, which is OllyDbg. The other aspect of this is how to reverse engineer any EXE to crack the licensing problem in the software.

Obfuscation is a complex term that is nearer to reverse engineering, which shows you the way to secure your source code from reverse engineering. Reverse engineers analyze your source code in assembly language and try to manipulate that source code using debuggers and by that, it removes the security or licensing or maybe they make an alternative software.

So, to remove such a possibility, we can include some meaningless extra code in your source code so that a reverse engineer cannot easily break the software and this is all about the obfuscation.

How to reverse engineer an EXE?

Here, we are taking a keygen.exe that has some requirements such as Entering your name, Enter your password. And, if you get matched with the correct details, you crack the EXE otherwise – nice try!

Download Ollydbg OllyDbg

Wrong password

Figure 1. Keygen.exe

As you can see in the above image, the details are wrong and that is why the wrong password message gets printed. Now, what we are going to do is we will simply try to surpass this whole wrong password thing to the right Password with the help of OllyDbg.

OllyDbg is a 32-bit assembler-level analyzing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where the source is unavailable.

We will upload this EXE in OllyDbg, then we will debug this file so that we get the source code where we can analyze the code with the help of the right jump conventions in the assembly language. We will find those jumps and make them non-operational, which will simply surpass the matching details and print the right password message.

Debug to see the mnemonics code

Figure 2. OllyDbg

As you can see, the EXE file is loaded in the software. The source code you see is X86 assembly language and might be messy if you work it for the first time. Below, I have shown the reference architecture of X86 registers which are quite useful while dealing with assembly language.

General purpose registers

To understand efficiently, try this link x86 Instruction Set

Now, we will start to debug, so that we can find the exact referenced string to work out. We are finding the string – Right Password. Once we find that, we have to check out if it's calling convention code - A jump.

Right password

Figure 3. x86 assembly code

Now, we will find out the two jumps that make the comparison and matching for our name and password with its logic. So, what we will do here is that we just skip that logic by putting nop non-operation, by selecting that jump >> right click >> Binary >> Fill with Nop.

Comparison and matching name password

Figure 4. Non-Operation jump

Now, test your EXE again to see if it is working or not and if it gives the direct Right password message or not. There are many ways to do it; this is just the beginner level. However, you can find its right password by putting breakpoints and analyzing the ASCII dump that was created in the software.

Non operation jump

X86 Instruction Set For Reference

Instruction set

I hope you like it. Thank you for reading, Have a great day.


Similar Articles