1
00:00:01,510 --> 00:00:13,480
Now, you can use Ghidorah to decompiled those addresses where he found Haseeb game changing.

2
00:00:14,370 --> 00:00:18,820
So who for this first address, Rackley copy.

3
00:00:19,930 --> 00:00:32,980
And in Ghidorah, he goes on to open the go to and you say this is their first address and his address

4
00:00:34,210 --> 00:00:38,860
and he turned OK, he will go to the address.

5
00:00:39,640 --> 00:00:50,390
But he was notice that this location has not been disassemble so less likely and disassembled itself

6
00:00:50,440 --> 00:00:51,570
upon disassemble.

7
00:00:52,480 --> 00:00:59,530
And now it has disassemble and you will see it also as a push over here.

8
00:01:01,050 --> 00:01:07,480
And you scroll down to the second address, this one issue also be written.

9
00:01:08,820 --> 00:01:16,110
So if you scroll down low enough, you should be able to see anything at this address for all three

10
00:01:16,170 --> 00:01:16,710
to be.

11
00:01:21,580 --> 00:01:32,650
For three, do we see a return order, so does the start and of the function so we can go back to the

12
00:01:32,650 --> 00:01:37,750
top here and frankly and create a function, you.

13
00:01:40,180 --> 00:01:49,450
So now Guéra has created a coin fund for three nine Creasey and then automatically you will I mean the

14
00:01:49,450 --> 00:01:50,470
compulsories.

15
00:01:50,470 --> 00:01:53,980
So Clellan decompiled here and you can see the formation.

16
00:01:56,040 --> 00:01:59,940
And now we can analyze using the decomp in the.

17
00:02:02,020 --> 00:02:09,080
So we can scroll down, you can see there is a brief statement and there's a good message showing you

18
00:02:09,340 --> 00:02:13,450
like you and it's a been showing here, sorry, wrong.

19
00:02:13,450 --> 00:02:13,720
He.

20
00:02:16,150 --> 00:02:26,350
So we all get ready to show organization, their message will depend on you are one so we can relabel

21
00:02:26,350 --> 00:02:29,890
this is press hell Anikeeva

22
00:02:32,890 --> 00:02:33,700
calling me the.

23
00:02:37,270 --> 00:02:40,250
Click on it and you will see that this is where result, he said.

24
00:02:41,440 --> 00:02:47,380
So this is probably compare Stringer function and he's probably comparing two strings.

25
00:02:48,850 --> 00:02:50,320
Let's click on local in.

26
00:02:52,040 --> 00:02:54,980
Hilco Fotini seems to be reading a string.

27
00:02:56,090 --> 00:02:58,030
This one looks like Hustvedt.

28
00:03:02,380 --> 00:03:08,510
Double click on this and inspect the agency, so it looks like a password.

29
00:03:09,660 --> 00:03:13,410
So as soon as a password so we can.

30
00:03:14,870 --> 00:03:18,120
Relabelled, this one and.

31
00:03:20,050 --> 00:03:26,310
And we need so we can say this is copy three.

32
00:03:28,570 --> 00:03:34,120
Copy at your key three.

33
00:03:38,250 --> 00:03:51,750
So you copy the specific to the table for 14 so he can relabel look 14 as a pitcher key.

34
00:03:56,690 --> 00:03:59,990
So clearly, Chooky, all right.

35
00:04:01,530 --> 00:04:02,370
And then.

36
00:04:03,920 --> 00:04:06,970
Click on the other one here and look.

37
00:04:07,040 --> 00:04:08,670
18 is over here.

38
00:04:09,800 --> 00:04:12,940
So look at 18 year.

39
00:04:14,940 --> 00:04:15,810
Probably the.

40
00:04:18,710 --> 00:04:28,070
Key, you enter Shirat pattern one to look at me as my foot.

41
00:04:31,280 --> 00:04:34,760
So now you click on this and you can see.

42
00:04:38,260 --> 00:04:40,450
Now come back to our function.

43
00:04:41,500 --> 00:04:45,820
He seems to be comparing my input, your key.

44
00:04:47,990 --> 00:04:56,710
We can confirm it by clicking this to enter the information, and you can see this compares transformations

45
00:04:56,720 --> 00:04:59,990
here, he's comparing string one scene to.

46
00:05:01,910 --> 00:05:07,820
Pattern to his is pattern one is this click on the button.

47
00:05:09,570 --> 00:05:14,700
How much time are you going to see putting one into my input pattern to a key?

48
00:05:16,870 --> 00:05:28,210
To go back and say, hey, we can relabel this has my input and we can relabel this hash tag your key.

49
00:05:35,900 --> 00:05:41,370
And then just click on this and see what's happening over here.

50
00:05:42,070 --> 00:05:46,670
He's assigning a to industry so he can really go.

51
00:05:46,700 --> 00:05:50,450
This is a major key.

52
00:05:54,980 --> 00:05:56,630
This one's assigned to another string.

53
00:05:56,630 --> 00:06:02,660
So you can relabel this as my input string.

54
00:06:05,810 --> 00:06:11,360
And when you click on this now, you can see clearly he is comparing whether your input is actually

55
00:06:12,410 --> 00:06:16,200
if your input is actually a return zero.

56
00:06:17,150 --> 00:06:19,870
So let's see when he returns, zero happens.

57
00:06:19,880 --> 00:06:21,140
Let's click the button.

58
00:06:23,870 --> 00:06:28,350
When he returns zero, he was dying, the result and the result was zero.

59
00:06:28,550 --> 00:06:30,180
He will show you the goodness.

60
00:06:30,560 --> 00:06:39,260
This confirms that this commission is texturing function so we can rename it rebooting as

61
00:06:42,620 --> 00:06:43,560
we can better.

62
00:06:43,730 --> 00:06:49,280
Better still, call it compare, compare strength.

63
00:06:52,670 --> 00:07:00,900
Now, we know for sure that this dysfunction is confined to stress the importance of chokey, and that

64
00:07:00,920 --> 00:07:07,430
confirms that this actually key here, which is coming from the string here.

65
00:07:09,070 --> 00:07:10,240
You said you were pursuing.

66
00:07:11,320 --> 00:07:22,360
So this is how you can use Ghidorah and embargo's together, debugger does not decompiled code, although

67
00:07:22,380 --> 00:07:26,270
EVGA can do it by the compiler, is not as good.

68
00:07:26,800 --> 00:07:31,480
GUÉRA So it is good and recompiling.

69
00:07:32,200 --> 00:07:40,990
And if you want to decompiled code first, you can use debuggers to locate regions of interest.

70
00:07:42,080 --> 00:07:50,150
Looking at prices of interest and watching those addresses, you can come together and then convert

71
00:07:50,150 --> 00:07:59,690
the guitar strings and create functions and then you can decompiled in, interviewed and studied an

72
00:07:59,690 --> 00:08:04,250
algorithm to derive the zero key.

73
00:08:04,490 --> 00:08:11,660
There's another thing I want to show you is the Windows graph function graph, too, so you can click

74
00:08:12,310 --> 00:08:17,870
on on the function here has regained its function as.

75
00:08:21,250 --> 00:08:23,370
We'll call it checks here.

76
00:08:30,580 --> 00:08:34,870
Now you can use a window, click on window function grah.

77
00:08:38,480 --> 00:08:41,300
And you generate the graph, you.

78
00:08:46,630 --> 00:08:52,870
You can zoom in and zoom into a scroll wheel, your mouse, the center of your scroll wheel, and you

79
00:08:52,870 --> 00:08:55,450
can look around

80
00:08:59,200 --> 00:09:01,700
and bottom right is another way to view.

81
00:09:02,170 --> 00:09:05,860
You can drag the square box here to move around.

82
00:09:08,530 --> 00:09:17,500
And the yellow circle here denotes the information that you are analyzing here looking at.

83
00:09:20,240 --> 00:09:29,840
Can school in school, if you can read the lines, you can go here and then drag this out so they can

84
00:09:29,840 --> 00:09:32,150
view the rest of the total lines.

85
00:09:33,930 --> 00:09:34,870
It is not enough.

86
00:09:35,750 --> 00:09:36,890
Go back and do again.

87
00:09:39,080 --> 00:09:40,600
Select Boxtel.

88
00:09:40,610 --> 00:09:43,250
You want to expand about here in.

89
00:09:47,640 --> 00:09:54,960
Now you can see the rest of the string hierarchy, Coraki, you pull this to the right, you'll be clearer.

90
00:09:56,490 --> 00:10:02,030
A red line denotes what happens and you jump zero test is not true.

91
00:10:02,550 --> 00:10:08,070
And the green line denotes the jump that happens when the Jancsi rule is true.

92
00:10:08,700 --> 00:10:16,580
So this is an tells Dingman the green blue line is unconditional.

93
00:10:19,280 --> 00:10:22,910
And you can see from here they were here in a circle pestering.

94
00:10:24,730 --> 00:10:33,130
He's loading facility here, here and here, copy covid and he has a test.

95
00:10:34,150 --> 00:10:43,770
And from based on this jump, he will then jump either to show the message or jump to show the good

96
00:10:43,780 --> 00:10:44,560
message over here.

97
00:10:47,350 --> 00:10:52,700
So this is also a useful tool for visualizing, analyzing the code.

98
00:10:54,100 --> 00:10:56,410
So that's all for this section.

99
00:10:56,890 --> 00:10:58,420
Thank you for watching.