TRADELABOR has more than 20 years of experience in the control and treatment of air, working with an experienced and qualified technical staff and with the most advanced technology in this area, which together guarantee the quality of the services provided.

OllyDbg is a 32-bit disassembler/debugger for Microsoft Windows binary files. It is shareware and it is available here. The goal today is to provide a tour of OllyDbg and how the tool can be used in reverse engineering software or malware. Trusted Windows (PC) download OllyDbg 2.01. Virus-free and 100% clean download. Get OllyDbg alternative downloads.

Some months ago, I participated in something like a “Hacker Competition” to get a job in a CERT. One of the tests consisted of getting the serial key of a simple program. The organizer sent me an executable called reversing_test.exe

We are going to work with OllyDbg v1.10. You can download this awesome tool from here: OllyDbg v1.10.

You can see its details in the picture below.
The first thing I usually do in these cases is to check if the executable is compressed or not. Some programs pack some of their codes in order to limit our attempt to statically analyze it. To achieve this purpose we are going to use PeID. In the picture below you can see that the program does not detect any compression “Nothing found *”. If the file were compressed with UPX for example, the program would advise us about it and we could uncompress it with this tool.
If we click on the “EP Section” bottom, we will see some executable’s details.
We can see the R. Size (Raw Size) “400” and the V.Size (Virtual Size) “350” are similar in “.text” . The .text section contains the instructions that the CPU executes and it should be the only section that includes the code. If some day you detect that the R.Size is “0” and the V.Size is “1000” for example, it would be an indicator that the executable is compressed because in the disk it does not have any size (it is packed) and in the memory it has a size (it is unpacked itself).
Now we have the assurance that the file has not been compressed. This is one of the first steps in a static analysis. We are going to make a dynamic analysis with OllyDbg but I want to know if the developer has made an effort in order to try to hide some code. Notice if the executable is packed then we are not going to be able to read a lot of strings within the file. It is possible I will talk about that in future posts...


The next step would be to run the program by double clicking on the executable. After that, we can see that a MS-DOS window is launched and the program requires us to type the serial number. We type a sentence in order to check the program’s behavior.

We have not figured out the serial number… It seems logical…
Now, we are going to run OllyDbg. It does not need installation, just download it and uncompress it. When OllyDbg is opened, just load the executable clicking on File -> Open.
Now we can see the binary code. Don’t worry, remember this post is focused on beginners. We are going to click on the play button in order to run the executable just loaded in our debugger and check the file behaviour.
The program has started and we can see the firsts strings like “Press ENTER to finish”…
(Please, click on the picture to see the entire details)
But… Something happens… The program doesn’t require us to type the serial number like it occurs when we open the application without using a debugger… It’s really strange… It’s like the program knows about our intentions and it is closed by itself when we try to run it with a debugger tool…
If we reload the file again on OllyDbg, one line of the code draws our attention… The program is calling to the “IsDebuggerPresent” API.
If we seek this API on Microsoft we can see that “This function allows an application to determine whether or not it is being debugged, so that it can modify its behavior”.
Ok, the program is closed when it is open within a debugger. There are many options to avoid being detected by this technique… To achieve this purpose we are going to use the “Hide Debugger 1.2.4” plugin. Just download it and uncompress the DLL in the same OllyDbg’s folder.
It is necessary to restart OllyDbg in order to work with this plugin. If you click on Plugins tab you can see Hide Debugger plugin. You don’t need to do anything else.
We have just installed the plugin to avoid being detected and now, we are going to load and play the executable again. Now the program requires typing the serial number. Great news…

We are going to type a sentence which will be easily recognizable.

If we come back to OllyDbg we can see our sentence in the Arg1.

(Please, click on the picture to see the entire details)
If we continue looking for this sentence through the code we can locate the code below. We can see the String2=”28939387″, the String1=”I’m going to looking for this sentence in OllyDbg now…” and the API call CompareStringA.
We can figure out that the executable is comparing these strings to each other in order for you to check if both have the same value. We can suppose that the string “28939387” is serial number.
(Please, click on the picture to see the entire details)
OllyDbg offers us to copy the value of this line by left clicking on the line we are interested in.
Then, we are going to paste the line’s value to the notepad and then, we are going to copy only the “String2” value: 28939387.
In the end, we just need to try paste the value just copied in our program and… Well!!! We have obtained the serial number of our program!!!
This post could be applied to many of the simple programs which have a keygen integrated but it is needed to have more knowledge if you want to crack more complex programs.

This post is focus on show you some techniques using OllyDbg. It is only a game to get more reversing engineer skills to research malware. Please, don’t contact me to crack programs, it is illegal… I recommend you use to use free software!!!! 😛

Continue at: http://www.behindthefirewalls.com/2013/09/how-to-get-serials-numbers-with-ollydbg.html

The text above is owned by the site above referred.

Here is only a small part of the article, for more please follow the link

Also see:

Related

Software cracking groups have been around for a long time. Many people will think that they are unethical because they are defeating the software licensing system to illegally reset a trial software (shareware) or turn it into an fully functional program without having to purchase the license. One may wonder the reason for doing this but most of the time it is not for monetary gain but as a challenge to know how “it works” and to gain more knowledge through unpacking, debugging and analyzing the program. The cracks that are being released to the public are a proof of concept for a specific version and they don’t normally re-crack it again when a new version of the program is released.

Knowing how to crack a program using an available ready made patch, keygenerator or cracked files does not earn yourself the title “software cracker”. Only if you are able to think out of the box and figure out how to bypass the software protection yourself, then you consider yourself as a software cracker. Unfortunately it is nearly impossible to have someone to teach or coach you on how to crack programs other than learning it yourself from cracking tutorials that can be found in YouTube.

Before checking out the advanced cracking tutorials, we can show you a very basic and logical method on how to crack programs yourself based on an old patch that does not work with the latest version. For example, an offset patcher for a program called ViceVersa Pro v2.5 build 2512 released on 3 July 2013 by Nemo from team SnD will not work for the current version 2.5 build 2513 (notice the difference in the build number). The patcher reports “wrong filesize or already patched!”

Crack Program Using Ollydbg 2 Download 64-bit

It is possible that the software protection isn’t updated to prevent the patcher from working, but the patcher did not work with the latest version because the program was recompiled, moving the location of the bytes that the patcher supposed to change and failing the CRC32 check. Here is how to detect which bytes are being changed by the patcher and how to re-create a new patcher that could work for the latest version.

1. First you will need to search, download and install the older version of ViceVersa Pro v2.5 build 2512.

2. Then search and use ViceVersa.Pro.2.5.build.2512.patch-SND.zip to patch the program, with the “Make Backup” checkbox ticked.

3. Download dUP2, extract the RAR file with an archiver and run dup2.exe.

4. Click on Project menubar and select New.

5. It is optional to fill up the information in the Patch Info window so that the GUI of the patcher will contain the text rather than blank. Or you can just click the Save button to continue. It is advisable to tick the “Run patch with administrator rights” checkbox because most of the time you’ll need to run the patch from the Program Files directory and it will fail to patch if you do not run it as admin.

6. Right click on an empty space in dUP2, hover on Add and select [Search and Replace Patch].

7. You’ll notice that [Search and Replace Patch] will appear in the Patch Script window. Double click on it to open up a new Search and Replace Patch window.

8. Click compare files button.

9. Now you’ll need to select the original and patch file for the compare module to check for the location of the bytes that was changed by the patcher. Most of the time the original file will have an additional .bak extension at the end while the patched file will be the program’s original file name. Click the Compare button once you’ve selected both the original and patched file.

10. Click OK button to close the comparison done popup. You may see one or a few lines being added to search pattern and replace pattern. Click on the browse button to select the Target File that you want to patch. Click Save.

Important Note: You should only see a few search and replace patterns added to the list and not too many until the dUP2 program hangs. If there’s too many, you may have selected the wrong original or patched file for comparison.

11. The final step is to create your own patch by clicking the Project menu bar, select Create Patch and save it to your hard drive.

12. You can now install the latest version of ViceVersa Pro v2.5 build 2513. After installation has been completed, copy the patch that you’ve created with dUP2 to the program’s folder, run it and click the Patch button. This time you should see the message “File Patched! OK”.

13. The patch that you created works! As you can see from the screenshot below, the program is now licensed instead of using the evaluation period.

Remember, the method shown above will work if the software protection is unchanged and provided if you are still able to find the older version of the program which the old patch works on.

Final note: You may have noticed that the patcher created by dUP2 is being detected as a virus by some antivirus software but dUP2 program itself is not detected. Rest assured that both dUP2 and the patcher created by it are free from virus. Think about this, if dUP2 is capable of creating a virus, shouldn’t the antivirus have detected dUP2 as virus too?

Disclaimer: This article is for educational purposes only and we do not encourage software cracking. The software ViceVersa Pro was used as an example in this article and we do not have intention of cracking it. If you find that a shareware is really helpful, you should purchase a license to support the author for them to continue improving it.

You might also like:

Manually Update AVP Tool Kaspersky Virus Removal Tool Signature Databases5 Free Real Time Non-Indexing Search Programs for WindowsChange or Remove Button Missing at Control Panel Add or Remove ProgramsCrack or Decrypt VNC Server Encrypted Password10 Ways to Run Programs as Administrator in Windows

DannyWheels2 years ago

Please can this work with manycam 6.6.0 or could you help in cracking it and give a link to download it have search google for it but all i found are trojans and old versions

Reply

In a way, this is just ripping of code from other crackers who must have had invested a lot of their time in developing the patch (including learning the art). It would have been more educational for people to learn it the old way. Well whatever, for people wanting to use shortcuts, this trick may be damn useful.

BTW, I suggest updating the post to use the patcher from AT4RE as it supports more features.

Reply
Tingshen4 years ago

This patch is all in one, means all program also can use this patch?

Reply

If I have a software program where no patch was ever created how can I design my own?

Thank You

Reply
nagaraju6 years ago

very nice

Reply

Wow if you think this is hard you must be compleate noob I mean COME ON Read and try it I can ftp/telnet into most sites this is easy :) thanks for posting I made a private crack for ms10 wiht this method :) thanks again

Reply
XZ3R010 years ago

Hey this tut is great. i was able to re-crack a program!

Reply

thanks for your article mr. raymond.. i found it very useful..

Reply
nishan11 years ago

Hello, Raymond. I like this article i am going to try this. Thanks for this……..

ReplyOllydbg

Hi raymond its nice to meet this article! i want to crack some programs for my knowledge! thanks a lot!

ReplyCrack Program Using Ollydbg 2 DownloadCrack
ahsen11 years ago

hi raymond..
very nice article.

Reply

i have just pointed my 13 year old to this as i dont have much time to show him and he managed it first time>>>:)

Reply
Naqqash12 years ago

hi
your idea is fantastic .thanks for posted

Reply

Thank you very much!
I think it’s very useful with me.

Reply
jun visbal12 years ago

it is very useful and worth trying for

Reply

wow this is great!….

thanks a lot….

Reply
anu13 years ago

good

Ollydbg Download With All Plugins

Reply

Hi thanks for this article i hope it would help me.

Reply
Fico13 years ago

i’ve never actually met someone braggin around about cracking himself the newer version of some program nor i’ve thought about it. But this certainly is very useful, i’ll try it on some next update.
Thanks a bunch Ray

Reply

Download Ollydbg 64

Hey Raymond,
Thank you very much for teaching this to me. I always keep finding cracks on the internet. But now I can make my own cracks ! :-)

Reply
MoonPie13 years ago

Crack Program Using Ollydbg 2 Download Utorrent

Crack

Wow interesting, im glad i signed up to receive your blogs. Excellent information keep up the good work!!

Reply

wow thanx man

Reply
tbar313 years ago

Thanks, Ray!

I’ve often wondered about how to do this.. very informative!

Reply

Hi Raymond, I love your tutorials they are so useful. Thank you for your hard work :)

Reply
Logan13 years ago

Great mini tut thank for kepping us informed

Reply

Leave a Reply