Page 1 of 3 123 LastLast
Results 1 to 15 of 35

Thread: Olly, cracking tutorials and manuals.

  1. #1
    ollybility
    Guest

    Olly, cracking tutorials and manuals.

    Hi to all!

    I am looking for some crack tutorials using olly on the net.
    and I don't find none.
    could somebody tell me where to get some?
    where????

    Thank you.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2

    Olly, cracking tutorials and manuals.

    Use google and search these three words toghether: HOOF ARTED OLLYDBG

    Regards,
    yaa

  3. #3
    AcidCool
    Guest

    Olly, cracking tutorials and manuals.

    http://AcidCool.cjb.net also works.
    http://reboot.at/k23

    http://New2cracking.cjb.net


    Acid_Cool_178
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Darus
    Guest

    Olly, cracking tutorials and manuals.

    www.darus.fr.fm too
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5

    Olly, cracking tutorials and manuals.

    Darus: very nice with screenshots. can you make a translation in english ?

  6. #6
    Darus
    Guest

    Olly, cracking tutorials and manuals.

    thx TBD, a translation ? i will try but my english is very poor, if someone speaks french and could translate my tuts, it will be better

    to contact me : darusweb@free.fr
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7

    Olly, cracking tutorials and manuals.

    Darus: i think your english is better than my french, but i can have a look if you are starting translation

  8. #8
    luucorp
    Guest

    Olly, cracking tutorials and manuals.

    hi, Darus
    You need remember Olly is only tools.
    Olly do many works than only crack.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9

    Olly, cracking tutorials and manuals.

    luucorp: <smile> Olly is the author (Oleh) and OllyDbg is the tool. and i agree, OllyDbg is a great tool for debugging also your code <hehe>

  10. #10
    Anonymous
    Guest

    Olly, cracking tutorials and manuals.

    tutorial with OllyDbg and Command Bar 1.08.02 by HackeRMaN
    target::solution

    <edited by TBD - wrong url formatting>
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Darus
    Guest

    Olly, cracking tutorials and manuals.

    luucorp: i agree with you, ollydbg is a tools but my "hooby" is reverse engineering also i use this tool in consequence (My English is comprehensible?)

    else my tutos (cracking topic) are available in english on my website www.darus.fr.fm
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  12. #12
    olly4all
    Guest

    Olly, cracking tutorials and manuals.

    Thx Darus for translation the tut
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    luucorp
    Guest

    Olly, cracking tutorials and manuals.

    Hi,all of you.
    Today, i post 2 tut in oder to use Olly for cracking 2 crackmes at http://crackmes.de.


    no.1:
    target: Crackme#5 for duelist@beer.com
    dowload here:
    Click

    no.2:
    target: Crackme#2 for [v0!d]
    dowload here:
    Click here

    And no.1 as following:
    <pre>
    ======================
    Only use OllyDbg v1.08b
    =======================

    OllyDbg is a 32-bit assembler-level analyzing Degugger with intuitive interface.
    OllyDbg is very friendly debugger.
    OllyDbg run any WINDOWS (with chip intel x86).
    ...
    OllyDbg can use for crack
    ------------------------------------------------------------------------------
    This my no.1 crack for me in OllyDbg.

    Target: Duelist's Crackme #5
    Author: duelist@beer.com

    Crack it by: luucorp@yahoo.com

    Crackme#5 is packed,so we must find Origin Point (OP).
    And Crackme#5 have 2 goals:
    1.Remove Nag
    2.Box "Unregistered" -> box "Registered"

    We load due-cm5.exe in OllyDbg (F3 -> Open)
    -->warning: Entry Point Alert -->OK.

    In window "CPU-main..." we are staying Entry point:
    Disassembler as:
    00406600 > 53 PUSH EBX
    00406601 51 PUSH ECX
    00406602 52 PUSH EDX
    00406603 56 PUSH ESI
    00406604 57 PUSH EDI
    00406605 55 PUSH EBP

    A program_Packed before unpacking, it usually saves register (EBP,ESI,EDI,..) into Stack by using intruction push, as we see above.
    Of course, When unpacking to finish then program_Packed will restore value that saved in Stack by using pop, So we will use OllyDbg:

    Ctrl+S
    type:
    pop ebp
    pop edi
    pop esi
    pop edx
    pop ecx
    pop ebx
    click button Find.

    OllyDbg leads us to the followings:

    0040665D 5D POP EBP <-------restore value in Stack
    0040665E 5F POP EDI
    0040665F 5E POP ESI
    00406660 5A POP EDX
    00406661 59 POP ECX
    00406662 5B POP EBX
    00406663 FFE0 JMP EAX <-----EAX= Original Point (1)

    We set breakpoint at 00406663 ( line (1) )
    And press F9 for program_Packed to unpack itseft, wait until program Paused at line(1).
    Remove breakpoint at line(1) by press F2.
    And now, EAX=401000=Original Point(OP) we go to OP by F7.
    EIP are staying at 401000, but we don't understand any instruction, why?
    because Olly doesn't analyze this para code before, So we tell OllyDbg that please analyze it
    Let OllyDbg do: We press Ctrl+A

    We have code as the following:

    004010C1 > 68 00200000 PUSH 2000 ; /Style = MB_OK|MB_TASKMODAL
    004010C6 . 68 5C204000 PUSH DUE-CM5.0040205C ; |Title = "Unregistered"
    004010CB . 68 17204000 PUSH DUE-CM5.00402017 ; |Text "Please..."
    004010D0 . 6A 00 PUSH 0 ; |hOwner = NULL
    004010D2 . E8 94010000 CALL DUE-CM5.0040126B ; &#92;MessageBoxA
    004010D7 . 6A 00 PUSH 0 ; /lParam = NULL
    004010D9 . 68 B8104000 PUSH DUE-CM5.004010B8 ; |DlgProc = DUE-CM5.004010B8
    004010DE . 6A 00 PUSH 0 ; |hOwner = NULL
    004010E0 . 6A 01 PUSH 1 ; |pTemplate = 1
    004010E2 . FF35 0F214000 PUSH DWORD PTR DS:[40210F] ; |hInst = NULL
    004010E8 . E8 12010000 CALL DUE-CM5.004011FF ; &#92;DialogBoxParamA
    004010ED .^EB C2 JMP SHORT DUE-CM5.004010B1

    For printing nag then the code begins from 004010C1 to 4010D2.
    we see ">" at 004010C1:
    004010C1 >
    so we click left mouse on this instruction, press Ctrl+R , Olly will goto window "Ref...."
    We see in this window first line:

    0040105C|jmp short ..

    click double mouse on this lines, olly return "CPU-MAIN.."
    That means jmp to prinf(" Unregistered"), so we will fix it don't printf.
    Do it, we jump to after MessageBoxA -> must jmp to address 004010D7.

    On this line:
    0040105C . EB 63 JMP SHORT DUE-CM5.004010C1
    you press Space,
    you type "JMP SHORT 004010D7"
    Click Assemble
    click Cancel

    As NAG removed.

    Next, we can goto this code:
    00401130 > 68 5C204000 PUSH DUE-CM5.0040205C
    ; /lParam = 40205C " Unregistered"
    00401135 . 6A 00 PUSH 0 ; |wParam = 0
    00401137 . 6A 0C PUSH 0C ; |Message = WM_SETTEXT
    00401139 . 6A 03 PUSH 3 ; |ControlID = 3
    0040113B . FF75 08 PUSH DWORD PTR SS:[EBP+8] ; |hWnd
    0040113E . E8 3A010000 CALL DUE-CM5.0040127D ; &#92;SendDlgItemMessageA

    How to find para above codeclick right mouse+Search for+All ref -> click double mouse on line " Unregistered" order 2)

    Now, We must find string as :" Registered"
    We press Shift+Tab (twice)
    Ctrl+B
    in box lable ASCII, we type " Registered" (no colon)
    Enter

    OllyDbg goto address 40204F, here have string " Registered",0
    As What Do you know fix on line 00401130 ??????????

    press Tab (twice)
    this on line:
    00401130 > 68 5C204000 PUSH DUE-CM5.0040205C
    ; /lParam = 40205C " Unregistered"
    press Space
    type : "push 40204F"
    Click Assemble
    Click Cancel

    As you replace from " Unregistered" to " Registered"
    Finish goals 2.
    ==================>PRESS F9.
    </pre>

    If you want patcher for this crackme#5 then tell me.

    Greets to: Oleh Yuschuk, TBD and u

    thx
    luucorp
    luucorp@yahoo.com


    See you again with tut no.2

    <::TBD::edit> added bbcode code for formatting
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14
    Anonymous
    Guest

    Olly, cracking tutorials and manuals.

    Great work, thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #15
    olly4all
    Guest

    Olly, cracking tutorials and manuals.

    Thx luucorp
    Great tut

    Put how we can patch it ? as u know it's a program_Packed
    And how to Unpacker it ?

    with thx
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Replies: 3
    Last Post: March 29th, 2013, 12:18
  2. Optimization manuals
    By Maximus in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: February 2nd, 2011, 06:31
  3. Replies: 2
    Last Post: February 15th, 2009, 21:52
  4. use of PhantOm Olly plugin no in Olly ?
    By LaBBa in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: November 8th, 2008, 22:19
  5. Intel manuals
    By kalisto in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: May 15th, 2002, 07:29

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •