Use Ollydbg To Crack Software Codes

Dec 30, 2020 The objective of this paper is to show how to crack an executable without seeing its source code, using the OllyDbg tool instead. Although there are many tools that can do the same thing the beauty behind OllyDbg is that it is simple to operate and freely available. Published on Jun 5, 2015. Ollydbg, how to crack software using ollydbg, ollydbg crack. Software cracking is the modification of software to remove or disable features which are. It might be legal to use cracked software in certain circumstances. Complex methods in an effort to stop unauthorized copying of software.

You can see its details in the picture below.
The first thing I usually do in these cases is to check if the executable is compressed or not. Some programs pack some of their codes in order to limit our attempt to statically analyze it. To achieve this purpose we are going to use PeID. In the picture below you can see that the program does not detect any compression “Nothing found *”. If the file were compressed with UPX for example, the program would advise us about it and we could uncompress it with this tool.
If we click on the “EP Section” bottom, we will see some executable’s details.
We can see the R. Size (Raw Size) “400” and the V.Size (Virtual Size) “350” are similar in “.text” . The .text section contains the instructions that the CPU executes and it should be the only section that includes the code. If some day you detect that the R.Size is “0” and the V.Size is “1000” for example, it would be an indicator that the executable is compressed because in the disk it does not have any size (it is packed) and in the memory it has a size (it is unpacked itself).
Now we have the assurance that the file has not been compressed. This is one of the first steps in a static analysis. We are going to make a dynamic analysis with OllyDbg but I want to know if the developer has made an effort in order to try to hide some code. Notice if the executable is packed then we are not going to be able to read a lot of strings within the file. It is possible I will talk about that in future posts...


The next step would be to run the program by double clicking on the executable. After that, we can see that a MS-DOS window is launched and the program requires us to type the serial number. We type a sentence in order to check the program’s behavior.

We have not figured out the serial number… It seems logical…
Now, we are going to run OllyDbg. It does not need installation, just download it and uncompress it. When OllyDbg is opened, just load the executable clicking on File -> Open.
Now we can see the binary code. Don’t worry, remember this post is focused on beginners. We are going to click on the play button in order to run the executable just loaded in our debugger and check the file behaviour.
The program has started and we can see the firsts strings like “Press ENTER to finish”…
(Please, click on the picture to see the entire details)
But… Something happens… The program doesn’t require us to type the serial number like it occurs when we open the application without using a debugger… It’s really strange… It’s like the program knows about our intentions and it is closed by itself when we try to run it with a debugger tool…

Using Ollydbg To Crack Software

If we reload the file again on OllyDbg, one line of the code draws our attention… The program is calling to the “IsDebuggerPresent” API.
If we seek this API on Microsoft we can see that “This function allows an application to determine whether or not it is being debugged, so that it can modify its behavior”.
Ok, the program is closed when it is open within a debugger. There are many options to avoid being detected by this technique… To achieve this purpose we are going to use the “Hide Debugger 1.2.4” plugin. Just download it and uncompress the DLL in the same OllyDbg’s folder.
It is necessary to restart OllyDbg in order to work with this plugin. If you click on Plugins tab you can see Hide Debugger plugin. You don’t need to do anything else.
Use Ollydbg To Crack Software Codes
We have just installed the plugin to avoid being detected and now, we are going to load and play the executable again. Now the program requires typing the serial number. Great news…

We are going to type a sentence which will be easily recognizable.

If we come back to OllyDbg we can see our sentence in the Arg1.

(Please, click on the picture to see the entire details)
If we continue looking for this sentence through the code we can locate the code below. We can see the String2=”28939387″, the String1=”I’m going to looking for this sentence in OllyDbg now…” and the API call CompareStringA.
We can figure out that the executable is comparing these strings to each other in order for you to check if both have the same value. We can suppose that the string “28939387” is serial number.
Free
(Please, click on the picture to see the entire details)
OllyDbg offers us to copy the value of this line by left clicking on the line we are interested in.
Then, we are going to paste the line’s value to the notepad and then, we are going to copy only the “String2” value: 28939387.
In the end, we just need to try paste the value just copied in our program and… Well!!! We have obtained the serial number of our program!!!
This post could be applied to many of the simple programs which have a keygen integrated but it is needed to have more knowledge if you want to crack more complex programs.

This post is focus on show you some techniques using OllyDbg. It is only a game to get more reversing engineer skills to research malware. Please, don’t contact me to crack programs, it is illegal… I recommend you use to use free software!!!! 😛

Quick start - version 1.10

Read this for quick start. Consult help file for details and more features.

Installation is not necessary. Create new directory and unpack odbg110.zip - now you can start!

Pop-up menus display only items that apply. Frequently used menu functions:
FunctionWindowMenu commandShortcut
Edit memory as binary, ASCII or UNICODE stringDisassembler, Stack
Dump
Binary|EditCtrl+E
Undo changesDisassembler, Dump
Registers
Undo selection
Undo
Alt+BkSp
Run applicationMainDebug|RunF9
Run to selectionDisassemblerBreakpoint|Run to selectionF4
Execute till returnMainDebug|Execute till returnCtrl+F9
Execute till user codeMainDebug|Execute till user codeAlt+F9
Set/reset INT3 breakpointDisassembler
Names, Source
Breakpoint|Toggle
Toggle breakpoint
F2
Set/edit conditional INT3 breakpointDisassembler
Names, Source
Breakpoint|Conditional
Conditional breakpoint
Shift+F2
Set/edit conditional logging breakpoint (logs into the Log window)Disassembler
Names, Source
Breakpoint|Conditional log
Conditional log breakpoint
Shift+F4
Temporarily disable/restore INT3 breakpointBreakpointsDisable
Enable
Space
Set memory breakpoint (only one is allowed)Disassembler, DumpBreakpoint|Memory, on access
Breakpoint|Memory, on write
Remove memory breakpointDisassembler, DumpBreakpoint|Remove memory breakpoint
Set hardware breakpoint (ME/NT/2000 only)Disassembler, DumpBreakpoint|Hardware (select type and size!)
Remove hardware breakpointMainDebug|Hardware breakpoints
Set single-short break on access to memory block (NT/2000 only)MemorySet break-on-accessF2
Set break on module, thread, debug string OptionsEvents
Set new originDisassemblerNew origin here
Display list of all symbolic namesDisassembler, Dump
Modules
Search for|Name (label)
View names
Ctrl+N
Context-sensitive help (requires external help file!)Disassembler, NamesHelp on symbolic nameCtrl+F1
Find all references in code to selected address rangeDisassembler
Dump
Find references to|Command
Find references
Ctrl+R
Find all references in code to the constantDisassemblerFind references to|Constant
Search for|All constants
Search whole allocated memoryMemory Search
Search next

Ctrl+L
Go to address or value of expressionDisassembler
Dump
Go to|Expression
Go to expression
Ctrl+G
Go to previous address/run trace itemDisassemblerGo to|PreviousMinus
Go to next address/run trace itemDisassemblerGo to|NextPlus
Go to previous procedureDisassemblerGo to|Previous procedureCtrl+Minus
Go to next procedureDisassemblerGo to|Next procedureCtrl+Plus
View executable fileDisassembler, Dump, ModulesView|Executable file
Copy changes to executable fileDisassemblerCopy to executable file
Analyse executable codeDisassemblerAnalysis|Analyse codeCtrl+A
Scan object files and librariesDisassemblerScan object filesCtrl+O
View resourcesModules, MemoryView all resources
View resource strings
Suspend/resume threadThreadsSuspend
Resume
Display relative addressesDisassembler, Dump, StackDoubleclick address
CopyMost of windowsCopy to clipboardCtrl+C
Frequently used global shortcuts:
Ctrl+F2Restart program
Alt+F2Close program
F3Open new program
F5Maximize/restore active window
Alt+F5Make OllyDbg topmost
F7Step into (entering functions)
Ctrl+F7Animate into (entering functions)
F8Step over (executing function calls at once)
Ctrl+F8Animate over (executing function calls at once)
F9Run
Shift+F9Pass exception to standard handler and run
Ctrl+F9Execute till return
Alt+F9Execute till user code
Ctrl+F11Trace into
F12Pause
Ctrl+F12Trace over
Alt+BOpen Breakpoints window
Alt+COpen CPU window
Alt+EOpen Modules window
Alt+LOpen Log window
Alt+MOpen Memory window
Alt+OOpen Options dialog
Ctrl+TSet condition to pause Run trace
Alt+XClose OllyDbg
Frequently used Disasembler shortcuts:

Use Ollydbg To Crack Software Codes Online

F2Toggle breakpoint
Shift+F2Set conditional breakpoint
F4Run to selection
Alt+F7Go to previous reference
Alt+F8Go to next reference
Ctrl+AAnalyse code
Ctrl+BStart binary search
Ctrl+CCopy selection to clipboard
Ctrl+EEdit selection in binary format
Ctrl+FSearch for a command
Ctrl+GFollow expression
Ctrl+JShow list of jumps to selected line
Ctrl+KView call tree
Ctrl+LRepeat last search
Ctrl+NOpen list of labels (names)
Ctrl+OScan object files
Ctrl+RFind references to selected command
Ctrl+SSearch for a sequence of commands
Asterisk (*)Origin
EnterFollow jump or call
Plus (+)Go to next location/next run trace item
Minus (-)Go to previous location/previous run trace item
Space ( )Assemble
Colon (:)Add label
Semicolon (;)Add comment

Use Ollydbg To Crack Software Codes For Free