TDC Target Patch

[Bidasci]

Language : TASM / MASM / FASM - assembler 
Platform : Windows x32
OS Version : All versions of windows.
Packer / Protector : N/A

Description :

A very simple crackme. You have to bypass the registration and get rid of the NAG on the program to make the program think it's valid. If you cannot crack it and would like a hint, click HINTS or run the patcher which will make the program registered once you run the patch.

Screenshot :

To download, download the zip and run Target.exe. The patcher will show it's a virus but don't worry it's not. It shows it's a bad program because of it being a hacktool, so please disable your AV or add it in exclusion.

VT: https://www.virustotal.com/gui/file/cbfa14a0d5c454e47f1e1d19bd5549fdf3a99ed4fcd91ca9905bb2fba1445675/detection

TDC Target + patch.zip

[Washi]

Spoiler

Solution, patch 3 bytes:

000005C1: 0x90
000005C2: 0x90
000005C8: 0xEB

Approach

Spoiler

Used tools: Ghidra and HxD.

1. Inspect the entrypoint, notice that there is an if statement checking DAT_004032b0, and depending on this value it shows the messagebox and/or sets the text of the text box.

2. XREFs on DAT_004032b0 reveal that FUN_004011af is responsible for setting this value.

3. Make sure that this function always sets the global variable to 1. This can be done by patching 3 bytes in e.g. HxD as described in the above.

 

[Glock40]

2/10 reversed pretty easy with x64. Good practice though