Hello hackers I am very excited writing my experience with this binary. This is my first binary reversing engineering. Looking forward to doing more. Special shoutout to Huskyhacks from TCM security for a wonderful course Practical Malware analysis and Triage. Let’s dig in and see what this binary has for us.
- Basic Static Analysis
This is the first stage of any binary and normally here we check for any useful strings, some lazy lying ip addresses and basically any useful patterns. Below is the tool we use and the syntax.
We got something a bit useful and we’ll use it. Note that we have not still run the executable.
Next tool to use is called peview and it got us this vital piece of information. We see that this piece of binary runs on the console. Not very useful but still useful:)
We get the encrypting hashes and upload them on virus total and see what feedback we get.
2. Basic Dynamic Analysis
This part hackers, calls for us running the exe. This is a breathe holding moment guys. Anyway we I do it.
Yeah its a console exe as seen above.
The exe expects an input from us. But its not the correct one so it gives us an error.
Our main task is to reverse this binary so that whatever we enter as the input is processed as correct.
3. Advanced Static Analysis
This stage now involves using a debuggers but without running the executable. My choice of debugger is ×32dgb since this executable was compiled by a 32 bit compiler.
4. Advanced Dynamic Analysis
This is my favorite stage as a rev engineer <Aspiring:)>. So we run the executable. We choose the string preference and create the vital break points on “Incorrect password” and “Congratulations” since these are the interesting areas of our binary. Our path is the “Incorrect password” so I click it.
Checking the assembly our focus is the Jump if not equal (jne) command since this command jumps if the “pre typed password is wrong”. What we have to do is change the je command to jecxz (jump counter register if equal to zero). This is done since the ecx register is obviously not 0. So scaling up from the end of the program using the arrows. We get the parts we need to change. First and foremost we create break points to our interesting break points.
We then change the 4 important control commands of the binary and patch the binary.
This is an okay:)
Sweet!!!!! We did it.
Thanks guys for following through to the end. Watch this space for more hacking content. Happy hacking.
