Jump to content
Tuts 4 You
  • 0
Sign in to follow this  
Bidasci

TDC Target Patch

Question

Bidasci

Language : TASM / MASM / FASM - assembler 
Platform : Windows x32
OS Version : All versions of windows.
Packer / Protector : N/A

Description :

A very simple crackme. You have to bypass the registration and get rid of the NAG on the program to make the program think it's valid. If you cannot crack it and would like a hint, click HINTS or run the patcher which will make the program registered once you run the patch.

Screenshot :

edited.png.1a4fcc78b8da019d817a208d69d2d8e1.pngx32dbg_2019-07-26_17-08-38.png.cb5e388355c16f0fb983733eadf7080d.png

To download, download the zip and run Target.exe. The patcher will show it's a virus but don't worry it's not. It shows it's a bad program because of it being a hacktool, so please disable your AV or add it in exclusion.

VT: https://www.virustotal.com/gui/file/cbfa14a0d5c454e47f1e1d19bd5549fdf3a99ed4fcd91ca9905bb2fba1445675/detection

TDC Target + patch.zip

Share this post


Link to post

1 answer to this question

Recommended Posts

  • 1
Washi
Spoiler

Solution, patch 3 bytes:

000005C1: 0x90
000005C2: 0x90
000005C8: 0xEB

Approach

Spoiler

Used tools: Ghidra and HxD.

1. Inspect the entrypoint, notice that there is an if statement checking DAT_004032b0, and depending on this value it shows the messagebox and/or sets the text of the text box.

OKwRoQN.png

2. XREFs on DAT_004032b0 reveal that FUN_004011af is responsible for setting this value.

3. Make sure that this function always sets the global variable to 1. This can be done by patching 3 bytes in e.g. HxD as described in the above.

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...