Use x64_dbg to hack one of the simplest 64-bit small programs

Recently in the study of some reverse things, in fact, before also involved in this aspect of things, just before the system and application, basically are 32 bits, so directly with the OD to analyze on the line, this information on the Internet a lot, any search everywhere is, but with the continuous development of technology, 64-bit system appeared, With the 64-bit application also appeared, and OD can only analyze 32-bit applications, so some 64-bit applications, OD is no way to analyze the reverse, so, here to mention another can be used to analyze 64-bit application debugging software, named X64_dbg. The introduction of the software on the Internet very little, just said can analyze 64 applications, the specific usage can not find, but I found a tutorial, there is a simple 64-bit application, but the Internet is introduced in English, for some English students who are not good, may seem more laborious, I would like to talk about one of my own analysis process, for everyone to learn! By the way, first remind Ha, I am still in this aspect of an extremely small white, said the bad or wrong place, please put forward in time to ha!

First of all, this is the simplest 64-bit applet, first open this exe, we will find that this is a small application called input password, of course, we certainly do not know how much this password, so good, we will randomly enter a password 123456 try,

Of course, this password is definitely not correct, the software also prompted, then what do we do? This time will need to use the article began the analysis tool, x64_dbg. Let's just open this.

We can see that this tool, the whole is very similar to OD, so I believe that will use OD people, for x64_dbg, certainly not a problem. Then we use x64_dbg open Simple.exe, of course, open method has two, one is file inside F3, open this exe, can also file inside alt+a, add exe process, two ways for this application, basically no difference, good, We first open this exe, attach to this x64_dbg, will get the following interface

Familiar with the Od classmate, certainly this interface is quite familiar with it, the specific I do not say more, below to see how to crack this exe, remember just now we entered a 123456? EXE will pop up a prompt box, above prompted a word, "Authentication failed.invalid Password", that good, from this sentence start, in the CPU interface, right click, select the search string

Search this sentence, you can get the following things

Well, let's just click in to see what it is.

Will OD friends, see here, should be more clear, in the middle there is a jnz jump, and then pop this sentence, we can guess, should be password input is not correct, led to this jump, first to point simple, how to not let the program jump? The simplest way, now is the jump 0x59ea68, in fact, the next address is 0x59ea5a, we first change the jump address to jump to the next line, first, in the 0x59ea58 this line F2 the next breakpoint, and then in the application input 123456, see if it will break down here

Very good, broken down, we will change the address to, point OK, then run, very good, has been prompted correctly

If we want to save the modified EXE, how to save it? There's a

Also save an EXE, so that whatever you enter, you will be prompted correctly. The current hack is a complete first step.

Then we look at the second step, how to get the correct password? In fact, this is the application of a more critical problem, some applications, we may not give it patching, only need to understand his internal things, directly can be cracked, we re-see before jumping, there is a sentence, Lea RDX, Qword ptr Ds:[59eaf8], after the execution, Again to jump, it seems this should be a comparison, that we dump a 0x59eaf8 value, to see what

See this, so long a character, programming students, should be able to guess, this should be MD5, then we see this MD5 can decrypt it? Although said MD5 is irreversible, but if there is a dictionary, some still can, let us try, first copy out this string 10db8e415b857a61e18ef5d4db8e4f38, Internet decryption try

I didn't think it was really untied, it seems the code is probably this, let's try it.

Sure enough, the password is really this, to this, this sample.exe analysis to this also ended.

Summary: This EXE itself is a very very simple application, so the analysis is very simple, so everyone do not laugh I ha, the application behind the encounter, certainly more than 10 times times more complex than this, so everyone in the analysis, according to the situation of the application itself to analyze, I write this tutorial purposes, there is a, because x64 _dbg Online can find the information is really not much, I wrote this, I hope someone later use this analysis software, provide a little idea!

Yes, the corresponding x64_dbg and Sample.exe are: http://download.csdn.net/detail/hmc1985/8649337, we download play ha

Use x64_dbg to hack one of the simplest 64-bit small programs