Holy sh..! I'm doing my first reverse engineering ctf now (on HTB), and after watching this, on the 48th minute mark, I finally understood how to get the password! The JMP trick is brilliant. So easy. Thank you for a brilliant explanation! Gonna keep watching.
Yes this video is just fantastic. I wish the people in the class were a little more enthusiastic - and that it was more clear on a phone what was happening.
Fun fact, instead of changing the logic from the jump instructions you can also alter the zero flag. It would have also been helpful to teach them how to unpack within the debugger.
Believing my password policy l entered different passwords within few days but l think hacker rejected my passwords.by their reverse engeneering process. Sometimes l forget my password due to trying of hard password. If reverse engeneering process make my password non active they can do destroyed my previous android micromaxQ382 with heavy virus by their reverse engeneering process. They also killed my small phone also. I request to CIA investigation process to execute my android with proper window connection l have no experience to connect window which can listening my own password only. I think their mashine to violet my password. Also they made my sim invalid with.the hacking purposes.
I am too poor to give money to international CIA investigation but l have a small property of faith to jeshu religion l have a cirtificate of catholic under mizo missionary this my only property. I want to connect phone pay but hacker did not accept my lP address. Sometimes they asked my bank account details. I believed them giving my bank details in their reverse engendered process my headen cv code is open in words l know they are hacking
@no shows Go learn the basics of reverse engineering, then try cracking. github.com/mytechnotalent/Reverse-Engineering That's a complete course for you to start RE.
+kralalrulz It's 32 bit x86 assembly, there's no obfuscated code. Reversing a real world application - even 32 bit legacy code - obfuscation is prevalent. I didn't say it was irrelevant just dated. I did enjoy the video.
+Thomas Jefferson Incorrect dear sir. Calculus 1 will be relevant for eternity. 32 bit binary will be irrelevant in the next few years and 64 in less than 20 most likely.
I use a different technique that works any time. I insert a tag word "EDOARDO!" on the registration and than I pause the program and I search it into memory. When I found that I put an hard breakpoint (memory break W/R) to that area, so i ca go directly to the code that handles the string. Its easy with those little "crackme" but In a big commercial program is a different matter. There is obfuscatrion, anti debugger code etc etc
Only watched the app6 part. And your solution of just patching the program is rarely valid in these challenges. But that shit was so easy anyway. First of all, those strings are not "encoded". They're simply an array of letters that the app uses to construct messages to print. It's just picking out letters from it when printing stuff. The array might as well have been a-z. The password you have to enter is not stored anywhere. Nor is it any one password but is any 6 letter string matching a certain pattern. All possible passwords can be brute-forced easily, within a couple of minutes. It must be 6 characters, must consist of only lower case letters where each letter means a=1,b=2,c=3, etc. Adding the value of the letters, they must sum 44, and must have a product of 16,200. Valid passwords include: atiefc, daoofc, eitfca, fetica, fydccc, ioleba, jolcca, lreeca, releca, tifeca, yfdccc. There are a total of 2640 possible passwords.
You can see the password on app 6 if you just look at the strings in the functions that was called, I saw it instantly. If you read the first letter of every string it says the password :P
This is so so good. It feels like reincartion of my cyber security career. Thank you so much. And Mate can you please upload the tools and files again? It's a 404 error
I can't see the jump line at all. What have I done wrong? The spacing between the dot and the hex opcode (where the jump line is supposed to exist) is also a bit smaller than the one showed in the video and I don't find any arrow to increase its size.
If i have a demo program that gives 10 uses and also limits what the program outputs what would I do to expand this restriction? PM me for the application name if you can help me out please
Yeah, I've followed a bunch of programming tutorials and I run Linux and they seem to work okay except for *insert thing works for the original poster * doesn't work for me and I get 1-2 syntax errors and find solutions for the syntax then boom the program works.
hey a noob here ..but i love your videos.. im trynna download but the drive wont lemme .any idea how to download without it being flagged as malicious??
There used to be some database related books("master sql in 24 hours" those sort) that had example of embbed pswd. And liveoverflow showed an actual example of it. I tell ya... there are lots of idiots programmers out there brewing future disasters.
it's not a program inside the operating system, if i understood you right, it happens during the initialization stage at the bios. maybe if you cleared CMOS/BIOS your problem will go away.
ahhhhh the hex editor way isnt working for me, ive changed the password and i still couldn't click on Submit (it didnt said "password is incorrect" it didnt let me clicked on it!) what should i do?
hi Dear, would you help to recover our PIN code on deapsea 7320 Generator?? it should be 4 decimal digits. for no limit trials. the code is recorded into hardware memory of the device. thanks alot.
You are completely right. At the time I hadn't been doing it for very long, and was just getting into it, but I had a few friends who asked me to do a tutorial, as they had never done any reversing before.
Thomas, (but Ian too), Big logical error: no-nothings can comment on a polished finished proposition, but to teach basics -- the foundations of a subject -- you need to be an expert. It may be called "basics," Thomas, but you look like you're trying to make excuses for ignorances, something totally different. If you're just starting out, Ian, I suggest you stick to ten-minute videos about things you know really, really well -- not an hour and a half videos about something you don't have a command of. I'm outta here. Good luck -- but no, don't waste my time, thank you.
I watched some of this because I'm looking for a decent reverse engineering tutorial for one of my buddies, and I agree with David Lloyd-Jones. For example, at 47:05, the tutor should have changed it to *JMP* , which basically means 'JuMP to where we want to go no matter what', which would have been the correct way to do it. But instead he used *JNZ/JNE* which basically means 'jump to where we want to go *_unless_* we actually enter the *_correct_* password' :D , which is a little confusing, especially for beginners. The proper method should be taught right from the start. I haven't watched the rest of it, but I'm guessing there are other... maybe not mistakes but... incorrect methods. *EDIT - I just noticed that this was uploaded a couple of years ago so I'm guessing that the tutor is an expert now :D
Fireworks, You're probably right. Ian, can you come back now? Maybe redo it on the basis of what you've learned in the past couple of years? And good luck to the both a' yaz in whatever you're up to. -dlj.
I finally got it to work by downloading the installer from their website and not from the link in this video. For some reason it didn't want to install python right or something.
at time 1h 19m 59s. look at the first character in each string. it tells you the password. the first character of each string is "password: !GOOD!!the password is: round1WOGNG !!!!" so much for not decoding that. lol
The strings have absolutely nothing to do with the password you have to actually enter. The strings are a simple dictionary to print "password:" "GOOD!!" and "WOGNG !!!!" to the screen.
@@MattZelda i guess what he wants to ask is whether there is a way to change particular statements in machine codes of executable programs to make it do something you want.
Only watch this if you're serious about cracking software and willing to spend a LOT of time learning and searching. First off, most programs worth owning are packed with a packer that obfuscates certain sections of code and it's a bitch to deal with this problem because the packers are constantly changing. Secondly, most of the auto unpackers are not updated, nor are packer identifiers such as PEiD or DIE described in this tute. So you have to unpack manually and create your own tools- another pain in the ass. This is always a cat and mouse game between reverser and programmer. Back in the 1990's there were rarely packed programs and cracking was easy. Now it's not worth it and spending hours living your life inside a debugger.
Christopher Gray i used avg for 3 months and it Always detected either trusted programs or my own ones... avg is trash It never detected any real threats I uninstalled avg and got malwarebytes and it detected like 5 PUPs and like 70 registry keys and a crypto Trojan and shit AVG is basically adware
Haha. Debugging by dummies. Sorry, meant to say, "Debugging for dummies." Although it's quite entertaining to see him fumble all over the assembler code. Is there more videos like this?
568 people have put up with your first minute of empty air: that's ten hours of people's time you've just wasted. Maybe spare us all your rehearsal and just put the actual program up on RUclips? Later: it turns out Ian really is just rehearsing, at the expense of us, his audience. Nobody has the right to do that. You should take this video down, and replace it with something worthwhile once you know what you're doing. I wish you well, you're obviously bright and capable. Come back when you're ready, OK?
![OhGeesy x Lefty Gunplay - What It Iz [Official Music Video]](http://i.ytimg.com/vi/L0yzW9t2ixk/mqdefault.jpg)
Holy sh..! I'm doing my first reverse engineering ctf now (on HTB), and after watching this, on the 48th minute mark, I finally understood how to get the password! The JMP trick is brilliant. So easy. Thank you for a brilliant explanation! Gonna keep watching.
Yes this video is just fantastic. I wish the people in the class were a little more enthusiastic - and that it was more clear on a phone what was happening.
"I'm not scared of failing; I'm fucking lazy" - Me.
Thank you for posting this. Very insightful!
*Audience:* What's a DWORD?
*Presenter:* Punches in "7BD6 D7C2" into calculator. "There you go. _That_ is a DWORD! Everyone got that? Cool!" 🤣
I can’t believe how much I think like this guy - it seems -
In a technical sense.
I can’t believe how much I think like this guy - it seems -
In a technical sense. Maybe that’s the wrong word. Executive functioning maybe ?
Fun fact, instead of changing the logic from the jump instructions you can also alter the zero flag. It would have also been helpful to teach them how to unpack within the debugger.
Nice
Amazing Seminar, Loved The Presentation
Im not going to get too shook up over this guy being a newby, sure there were a few faux pauxs but i found the demos useful.
Believing my password policy l entered different passwords within few days but l think hacker rejected my passwords.by their reverse engeneering process. Sometimes l forget my password due to trying of hard password. If reverse engeneering process make my password non active they can do destroyed my previous android micromaxQ382 with heavy virus by their reverse engeneering process. They also killed my small phone also. I request to CIA investigation process to execute my android with proper window connection l have no experience to connect window which can listening my own password only. I think their mashine to violet my password. Also they made my sim invalid with.the hacking purposes.
I am too poor to give money to international CIA investigation but l have a small property of faith to jeshu religion l have a cirtificate of catholic under mizo missionary this my only property. I want to connect phone pay but hacker did not accept my lP address. Sometimes they asked my bank account details. I believed them giving my bank details in their reverse engendered process my headen cv code is open in words l know they are hacking
@@pdhrubapadasingha4947 go and complain in cyber crime.
Thank you this course is awsome to learn in just 2h
I just want to say thanks for this video.
Very Nice Tutorial! Or Presentation. Thanks!
I learned this yesterday...I understand it a little....Hope after this video i know a little more
so what the result??? do u find it benefit u. if not i wont watch it
yea maybe one day ı can join skidrow thanks for help
@no shows You're wasting your time, go to Google. Google's your best friend.
@no shows Go learn the basics of reverse engineering, then try cracking.
github.com/mytechnotalent/Reverse-Engineering
That's a complete course for you to start RE.
@no shows Yes, like when we say hacking is pentesting.
@no shows no
Wtf is with this dude
great work man, really liked it. subscribed for more, keep it going!
This is dated information but remains relevant for introducing beginners to reversing.
+davidyanceyjr what about it is dated?
+kralalrulz It's 32 bit x86 assembly, there's no obfuscated code. Reversing a real world application - even 32 bit legacy code - obfuscation is prevalent. I didn't say it was irrelevant just dated. I did enjoy the video.
+Thomas Jefferson Incorrect dear sir. Calculus 1 will be relevant for eternity. 32 bit binary will be irrelevant in the next few years and 64 in less than 20 most likely.
Imposter!
+davidyanceyjr That's some nice info, is obfuscation make things significantly harder? what else is outdated? :)
I use a different technique that works any time. I insert a tag word "EDOARDO!" on the registration and than I pause the program and I search it into memory. When I found that I put an hard breakpoint (memory break W/R) to that area, so i ca go directly to the code that handles the string. Its easy with those little "crackme" but In a big commercial program is a different matter. There is obfuscatrion, anti debugger code etc etc
could u help me cracking a program
Only watched the app6 part. And your solution of just patching the program is rarely valid in these challenges. But that shit was so easy anyway. First of all, those strings are not "encoded". They're simply an array of letters that the app uses to construct messages to print. It's just picking out letters from it when printing stuff. The array might as well have been a-z. The password you have to enter is not stored anywhere. Nor is it any one password but is any 6 letter string matching a certain pattern. All possible passwords can be brute-forced easily, within a couple of minutes. It must be 6 characters, must consist of only lower case letters where each letter means a=1,b=2,c=3, etc. Adding the value of the letters, they must sum 44, and must have a product of 16,200. Valid passwords include: atiefc, daoofc, eitfca, fetica, fydccc, ioleba, jolcca, lreeca, releca, tifeca, yfdccc. There are a total of 2640 possible passwords.
Hence the fucking name 'Reverse Engineering Basics'
You can see the password on app 6 if you just look at the strings in the functions that was called, I saw it instantly. If you read the first letter of every string it says the password :P
19:25 Introduction to assembly.
Thanks for making this stuff
This is so so good. It feels like reincartion of my cyber security career. Thank you so much.
And Mate can you please upload the tools and files again? It's a 404 error
How do you get malware from your own software exactly...?
the answer is late, but if you still want to know then the answer would be: Dirty code.
Thank you!
Are you still alive?? If you are add more videos. Expecting a lot from you
I can't see the jump line at all. What have I done wrong?
The spacing between the dot and the hex opcode (where the jump line is supposed to exist) is also a bit smaller than the one showed in the video and I don't find any arrow to increase its size.
Awesome !!!
This is awesome
If I get protector as Armadillo(6.X-9,X), does it mean the software is packed with Armadillo?
Why does the ZIP folder of files and tools contain four (4) files infected with malware/viruses according to Symantec Endpoint Protection?
Thank's for such a helpful video...Now i am lil bit more confident...Still n00b tho.
Is there a video on the topic that's not over 20 minutes?
Is dumping a csgo cheat possible with IDA? I don’t have the DLL but I am trying to get it from the cheat loader and dnspy is not doing the trick.
which ide you are using?
How do you know which type of software/method shown to reverse engineer to use?
Good question!
thanx man.
If i have a demo program that gives 10 uses and also limits what the program outputs what would I do to expand this restriction? PM me for the application name if you can help me out please
What program is he using for the initial analysis ?
Immunity Debugger
Yeah, I've followed a bunch of programming tutorials and I run Linux and they seem to work okay except for *insert thing works for the original poster * doesn't work for me and I get 1-2 syntax errors and find solutions for the syntax then boom the program works.
linux is da bomb
Nibbles are quite useful when dealing with aslr entropy :)
hey a noob here ..but i love your videos.. im trynna download but the drive wont lemme .any idea how to download without it being flagged as malicious??
Nvm i got it
Hi Sir. Can extend expire date of dongle emulator image with your tools?
can somebody explain to me what did he use detect it easy for in the 7th app ?
i don't quite get what he did
hi, how decompile app and rerun in android studio , is there any links ?
well I didn't look much since I only wanted to get a glimpse and this probably isn't it but really now.. who would hardcode a password into an app? :)
There used to be some database related books("master sql in 24 hours" those sort) that had example of embbed pswd. And liveoverflow showed an actual example of it. I tell ya... there are lots of idiots programmers out there brewing future disasters.
Czy jest możliwe złamanie programu który wymaga usb klucza podczas uruchamiania się????
it's not a program inside the operating system, if i understood you right, it happens during the initialization stage at the bios. maybe if you cleared CMOS/BIOS your problem will go away.
why i can't press submit button in app2? it gets blocked when i pass the cursor over it
try using the "tab" key
The steganography challenge was disappointingly unrealistic.
Can you add a link to this DIE software? unless that's an acronym -_-
Edit: Nvm, it's called Detect it easy... add that to the slide...
btw it is described in the first few mins of the presentation as detect it easy
hey lost of fun, for once i could follow what was done.
ahhhhh the hex editor way isnt working for me, ive changed the password and i still couldn't click on Submit (it didnt said "password is incorrect" it didnt let me clicked on it!) what should i do?
just press TAB till you focus on the "submit" button and then press spacebar ;)
how to remove anti debugger within the program?
cool!
hi Dear, would you help to recover our PIN code on deapsea 7320 Generator??
it should be 4 decimal digits. for no limit trials.
the code is recorded into hardware memory of the device. thanks alot.
write a script that goes through it and brute force it, easier
sure sounds like samy giving the speech
William Langbehn yeah lol
well it wont let download the files...
Try DL in admin mod -_-
No offense, but this is a tutorial by someone who has been mesing with assembly for 3 months only. And you see that
You are completely right. At the time I hadn't been doing it for very long, and was just getting into it, but I had a few friends who asked me to do a tutorial, as they had never done any reversing before.
Thats why its called "Basics"
Thomas, (but Ian too),
Big logical error: no-nothings can comment on a polished finished proposition, but to teach basics -- the foundations of a subject -- you need to be an expert.
It may be called "basics," Thomas, but you look like you're trying to make excuses for ignorances, something totally different.
If you're just starting out, Ian, I suggest you stick to ten-minute videos about things you know really, really well -- not an hour and a half videos about something you don't have a command of.
I'm outta here. Good luck -- but no, don't waste my time, thank you.
I watched some of this because I'm looking for a decent reverse engineering tutorial for one of my buddies, and I agree with David Lloyd-Jones.
For example, at 47:05, the tutor should have changed it to *JMP* , which basically means 'JuMP to where we want to go no matter what', which would have been the correct way to do it. But instead he used *JNZ/JNE* which basically means 'jump to where we want to go *_unless_* we actually enter the *_correct_* password' :D , which is a little confusing, especially for beginners. The proper method should be taught right from the start.
I haven't watched the rest of it, but I'm guessing there are other... maybe not mistakes but... incorrect methods.
*EDIT - I just noticed that this was uploaded a couple of years ago so I'm guessing that the tutor is an expert now :D
Fireworks,
You're probably right.
Ian, can you come back now? Maybe redo it on the basis of what you've learned in the past couple of years?
And good luck to the both a' yaz in whatever you're up to.
-dlj.
When I tried to install immunity it complains it can't find python27.dll
I finally got it to work by downloading the installer from their website and not from the link in this video. For some reason it didn't want to install python right or something.
at time 1h 19m 59s. look at the first character in each string. it tells you the password.
the first character of each string is "password: !GOOD!!the password is: round1WOGNG !!!!"
so much for not decoding that. lol
The strings have absolutely nothing to do with the password you have to actually enter. The strings are a simple dictionary to print "password:" "GOOD!!" and "WOGNG !!!!" to the screen.
hi my friend how can i reach you
can you change the mnemonics on any exectuable program?
e.g. jne to jmp
JNE is not the same as JMP
JNE means Jump If Not Equal
Where as JMP literally means just jump.
@@MattZelda he knows that. He's asking whether you can change one into the other.
@@compilationsmania451 Why would you want to? They're completely different instructions.
@@MattZelda i guess what he wants to ask is whether there is a way to change particular statements in machine codes of executable programs to make it do something you want.
@@compilationsmania451 In that case, yes. You can patch an executable.
need tutorial about virtual protect/alloc
I can't find string comparing in password can anyone help me how to bypass password
replace jne to jmp might help
Only watch this if you're serious about cracking software and willing to spend a LOT of time learning and searching. First off, most programs worth owning are packed with a packer that obfuscates certain sections of code and it's a bitch to deal with this problem because the packers are constantly changing. Secondly, most of the auto unpackers are not updated, nor are packer identifiers such as PEiD or DIE described in this tute. So you have to unpack manually and create your own tools- another pain in the ass. This is always a cat and mouse game between reverser and programmer. Back in the 1990's there were rarely packed programs and cracking was easy. Now it's not worth it and spending hours living your life inside a debugger.
how to set up vmware
Anybody get a Trojan hit on App 7?
HatOfTricks nah. My AVG flagged it and was wondering if it was a false positive
AVG is known for false detections
He stressed to use a VM. Why didn't you? Did you think that advice didn't apply to you?
Christopher Gray i used avg for 3 months and it Always detected either trusted programs or my own ones... avg is trash
It never detected any real threats
I uninstalled avg and got malwarebytes and it detected like 5 PUPs and like 70 registry keys and a crypto Trojan and shit
AVG is basically adware
sir plz upload more
app3 is missing!
*Resolution : 720p50fps*
*Video : 10 fps*
Since it’s a good content; I’m not complaining xD
Haha. Debugging by dummies. Sorry, meant to say, "Debugging for dummies." Although it's quite entertaining to see him fumble all over the assembler code. Is there more videos like this?
Nope there aren't new videos from Layer 8
I cant seem to crack a program i am trying to can you do it for me ?
Please the app3.exe is missing!!!
I had to stop the tutorial, until APP3 IS MISSING!!
Anyway thanks for the video I would like to finish it.
please expand your acronyms.
怎么没人做中文的
i cracked the first app using notepad....
I would like to get in touch with you about a project if you can provide me your email
hi bro can u help me
It took me 2mins to learn how to crack any software, I guess I am a genius.. Lol
I call bullshit. You don't even know what obfuscated code is if you think it takes 2 mins.
@@EmilParkour I guess you are slow then.. I obfuscate codes in less than 1min, I unpack themida and vmp in less than 5mins,so don't fuck with me.. Lol
hello 31337
568 people have put up with your first minute of empty air: that's ten hours of people's time you've just wasted.
Maybe spare us all your rehearsal and just put the actual program up on RUclips?
Later: it turns out Ian really is just rehearsing, at the expense of us, his audience. Nobody has the right to do that. You should take this video down, and replace it with something worthwhile once you know what you're doing. I wish you well, you're obviously bright and capable. Come back when you're ready, OK?