Description: This video is the second in the Reverse Engineering 101 series. I would encourage you to view the first video on finding hidden passwords in binaries using a hex editor. In this video we will use the IDA Pro tool to dissect a binary file and see how to crack a basic password protection.Please download an evaluation copy of IDA here. Also, please download binary of the program to be disassembled in this reverse engineering exercise from here.
We will use the code from the previous video in this example. Lets look at the program:
------------Code Starts ------------------
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define password "FindMeIfYouCan"
int main(int argc, char *argv[])
{
char pass[100];
printf("Please enter your password\n\n");
scanf("%s", pass);
if ( strcmp(pass, password) == 0 )
{
printf("Congrats!! Correct Pass\n\n");
}
else
{
printf("Wrong Pass\n\n");
}
system("PAUSE");
return 0;
}
-------------------------------- Code Ends ---------------------
The user entered password is stored in the variable "pass", while the program password is held in "password". The entire protection mechanism in the above program depends on the "srtcmp" function(). If the passwords match, strcmp() returns a "0". The the "If" statement does a comparison to check if "0" was returned. If True, then the user is allowed access, else the user is denied access.
well how do we reverse engineer this program? well what if somehow we could have "0" placed in the output of the strcmp() operation, so that the If statement yields a "True"? In order to understand how we can accomplish this we need to dive into the assembly language equivalent of the code above. You can watch how its done in the video below. If you are noob to Assembly and would me to create an "Assembly Language Primer to begin Reverse Engineering", please raise a request using the "Feedback" button to the left of the page.
Tags: programming ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Very interesting, I will look to see if you have come up with an assembler primer video set, if not please do.
I also will look to see if you have come up with an assembler primer video set, if not please do.
Hi ,
me too.
Please do assembler video.
I watched the assembly megaprimer, i really like to watch a reverse engeneering series, love this
I also watched assembly videos and liked them and this reverse engineering series is also interesting.
Thank you very much for these videos.
Your video tutorials are excellently portrayed.
Thank You for your efforts to make us understand clearly
Vivek, thank you very much for this and all the other videos. You helped me find inspiration to finally finish my school, and "kick ass"... I am even writing my final paper on wireless security, heavily quoting you ofc... :)) You're a real hero! :)
Could you please give us a program to practice on and try to crack ourselves? Not as simple as the example one, but not overly complicated for beginners? Thanks in advance... :)
Warm greetings from Serbia. :)
Thank you for this clear video, the link present to download the exe is broken.:( could you please upload :)