1
00:00:00,420 --> 00:00:08,130
Hello, welcome, come back in this video, I'm going to show you how to use Iida as a debugger and

2
00:00:08,130 --> 00:00:09,910
also how to patch files.

3
00:00:10,920 --> 00:00:17,820
So going down with this cracked me, cracked me one along with the crazy one.

4
00:00:17,820 --> 00:00:22,110
That's the source code and put it in your folder.

5
00:00:22,110 --> 00:00:23,190
They call Cracked Me.

6
00:00:23,190 --> 00:00:24,420
Just create a new folder.

7
00:00:25,650 --> 00:00:33,690
And after you done that, you can try to run it and see what he does to open the new terminal here.

8
00:00:37,380 --> 00:00:44,850
And just run the creamy one, he asks you to enter key, so you enter anything you say.

9
00:00:44,850 --> 00:00:45,370
Sorry.

10
00:00:46,110 --> 00:00:49,470
So now I'm going to show you how to crack this.

11
00:00:49,470 --> 00:00:52,770
Crack me one using Eda's debugger.

12
00:00:53,610 --> 00:01:00,920
If you want to know what the creamy one Sasko looks like, you can open this in a text editor.

13
00:01:03,060 --> 00:01:11,250
So it is a simple program, has got a main function and two other functions success and feel he brings

14
00:01:11,250 --> 00:01:19,860
a problem and the key and ensconcing input and it in the integer variable called key in any comparison.

15
00:01:19,920 --> 00:01:25,440
The key keys to to determine if it is a success function, the print Congress.

16
00:01:26,430 --> 00:01:32,560
Otherwise you will call the feel function to print the sorry message and then he returns.

17
00:01:33,000 --> 00:01:34,290
So very simple program.

18
00:01:37,440 --> 00:01:40,440
So now let's open this in Ida.

19
00:01:42,320 --> 00:01:43,070
Prickling new.

20
00:01:44,170 --> 00:01:46,450
An open me one.

21
00:01:55,480 --> 00:02:05,710
So this is a very small program, so the entry point is here, here and Turkey printf here and here

22
00:02:05,720 --> 00:02:11,020
it Skåne, we see what the user enters and sees into verbal.

23
00:02:13,500 --> 00:02:23,450
And over here, he does a comparison of nine to one which you can convert to decimal, over here you

24
00:02:23,450 --> 00:02:31,250
can use a hajji as a shortcut, and then he's going to compare the value that the U.S. is to 237.

25
00:02:32,480 --> 00:02:36,250
Again, if it is, then this comparison is zero.

26
00:02:36,950 --> 00:02:43,070
When you say comparisons usually means that you would take X minus two, three, seven and you can resolve

27
00:02:43,070 --> 00:02:43,380
zero.

28
00:02:44,180 --> 00:02:50,570
So even if it's zero, zero can go to the left and you've been success.

29
00:02:51,260 --> 00:02:56,860
But if the user input something which is not to 237.

30
00:02:57,140 --> 00:03:02,060
So when you take X minus 237, you are not going to get zero.

31
00:03:02,930 --> 00:03:07,010
So in that case, Jumblat Zero will go to the right.

32
00:03:07,730 --> 00:03:09,070
And here you Greenfield.

33
00:03:10,130 --> 00:03:12,080
So now we can step through this.

34
00:03:12,870 --> 00:03:16,730
We can put a breakpoint here.

35
00:03:17,570 --> 00:03:18,880
So it put a break point.

36
00:03:19,520 --> 00:03:27,590
We can have two is a shortcut or we can go to debugger and go to the breakpoints and at break point.

37
00:03:29,510 --> 00:03:31,340
So now he has an breakpoint over here.

38
00:03:33,060 --> 00:03:33,630
So.

39
00:03:34,510 --> 00:03:37,920
Over here is a break point and then we can run into.

40
00:03:40,130 --> 00:03:41,570
And then he creates.

41
00:03:46,050 --> 00:03:53,670
OK, so now if you go to the command line, you will see he has printed front and Turkey, so just about

42
00:03:53,670 --> 00:03:57,210
anything he won't show presenter.

43
00:03:58,820 --> 00:04:01,940
And now he has stopped our breakpoint over here.

44
00:04:03,050 --> 00:04:11,150
So at this point here, you're sorry, but he asked me to 37 amnesia's taken this value in years ago

45
00:04:11,150 --> 00:04:12,260
and made it to the G7.

46
00:04:13,160 --> 00:04:15,410
And he wrote this result, which is.

47
00:04:16,820 --> 00:04:21,740
So because it is not zero, this arrow is bringing, the Green Arrow is blinking.

48
00:04:22,130 --> 00:04:28,340
And Miss Green go to the right and call the full message so you can click on the message to see what

49
00:04:28,340 --> 00:04:28,700
he does.

50
00:04:29,480 --> 00:04:34,520
So if you put string, Solley escaped and go away.

51
00:04:35,180 --> 00:04:36,770
But we don't want anything to go in here.

52
00:04:36,770 --> 00:04:37,910
You want to go to left.

53
00:04:38,510 --> 00:04:41,960
So Levius, you were called a success function.

54
00:04:41,970 --> 00:04:45,910
So we double click on this and as I said, function postering Congress.

55
00:04:45,920 --> 00:04:48,180
So this is what you want to skip.

56
00:04:49,270 --> 00:04:51,470
So how do we reverse this to me?

57
00:04:51,500 --> 00:04:55,070
Go to the left to reverse years, to go to the next.

58
00:04:56,030 --> 00:05:06,410
You can assemble Jersey here changes, which is not zero to become Anjum zero, so to do that and be

59
00:05:06,410 --> 00:05:16,700
selected and then you go to edit, come down to that program and then click on Assemble here we just

60
00:05:16,710 --> 00:05:19,490
change Channel zero to become zero.

61
00:05:19,510 --> 00:05:22,690
This is how we reverse the jump in.

62
00:05:22,700 --> 00:05:27,480
A number of bytes required for both zero and zero are the same.

63
00:05:27,980 --> 00:05:30,940
So it's quite safe to do the embossing here.

64
00:05:31,580 --> 00:05:34,940
He will not overwrite any of the subsequent code.

65
00:05:35,720 --> 00:05:36,590
So click OK.

66
00:05:37,830 --> 00:05:42,720
Now closes, so now you can step through this by pressing every.

67
00:05:43,700 --> 00:05:54,770
So either that or you go to debugger and we're here, step over so cocky, so I step over to the left.

68
00:05:54,920 --> 00:06:00,710
So now we're here and he's going to move to zero to the exit and then it's going to cost us.

69
00:06:00,860 --> 00:06:02,760
So let's step over again pressing it.

70
00:06:04,770 --> 00:06:05,890
I it again now.

71
00:06:05,970 --> 00:06:10,910
So the court success going take a look and see the Congress.

72
00:06:11,820 --> 00:06:12,240
All right.

73
00:06:12,540 --> 00:06:15,510
So we have already managed to reverse this.

74
00:06:16,530 --> 00:06:18,700
So now we can run all the way.

75
00:06:19,140 --> 00:06:28,010
Either you click on this or you press debugger, go to F name, continue the process so you run to completion.

76
00:06:29,550 --> 00:06:32,920
And now Lady Gaga has done because the program has completed.

77
00:06:33,720 --> 00:06:43,220
So now if you want to bench your file, this is a father you want to pitch claim you won so far.

78
00:06:43,950 --> 00:06:46,500
We created the program.

79
00:06:48,530 --> 00:06:49,700
Patches to input for.

80
00:06:51,680 --> 00:06:56,860
And this is a fight you're going to fetch my we want to create a backup circling on this great backup

81
00:06:57,260 --> 00:07:03,920
so they can finally have a ascencion here you go in passion is fire and create a backup.

82
00:07:04,550 --> 00:07:05,840
So the backup is important.

83
00:07:05,840 --> 00:07:09,170
In case you made a mistake, you have a here.

84
00:07:09,200 --> 00:07:12,950
We still have a copy of the file before he was patched.

85
00:07:13,220 --> 00:07:17,080
So let's test our Quami One Bashforth now and see what happens.

86
00:07:17,090 --> 00:07:21,440
Open the terminal here and come here and there.

87
00:07:21,820 --> 00:07:22,130
You

88
00:07:25,550 --> 00:07:29,280
enter any key, any prints, Congress.

89
00:07:29,300 --> 00:07:32,320
So you have successfully push this far.

90
00:07:32,750 --> 00:07:34,310
So I'm going to shoot another way.

91
00:07:34,790 --> 00:07:36,000
So let's close this now.

92
00:07:36,230 --> 00:07:37,500
Don't send me database.

93
00:07:40,090 --> 00:07:42,160
And then we did this on.

94
00:07:44,250 --> 00:07:47,100
And need to back to the origin of our.

95
00:07:50,850 --> 00:07:51,270
All right.

96
00:07:58,000 --> 00:08:01,270
New reopen the original file.

97
00:08:02,190 --> 00:08:08,520
All right, so now I'm going to show another way instead of reversing the jump.

98
00:08:08,820 --> 00:08:11,250
You can also tamper with the register.

99
00:08:13,230 --> 00:08:18,630
OK, this time we are going to do something different instead of putting a brick here that is put a

100
00:08:18,630 --> 00:08:22,230
brick somewhere else, probably all we can put a brick here.

101
00:08:22,230 --> 00:08:27,290
So we have to turn this run to that compensation plan.

102
00:08:27,430 --> 00:08:27,930
Yes.

103
00:08:28,380 --> 00:08:30,680
OK, let's go and check the output.

104
00:08:31,290 --> 00:08:40,890
So the US and Turkey, so just to anything and press enter and now he's waiting for us at a break point

105
00:08:41,310 --> 00:08:42,040
over here.

106
00:08:43,110 --> 00:08:44,290
So this is a break point.

107
00:08:44,850 --> 00:08:47,390
So now he's going to do a comparison.

108
00:08:48,330 --> 00:08:48,920
Yes.

109
00:08:48,930 --> 00:08:50,210
In nine to one each.

110
00:08:51,060 --> 00:08:57,900
So here we see currently the value is not the same as nine to unhitch.

111
00:08:58,740 --> 00:09:02,030
So he would take X minus 91 here.

112
00:09:02,040 --> 00:09:03,150
He would not have zero.

113
00:09:04,120 --> 00:09:12,030
So if you want to make sure that he X minus nine to one, which is zero, we can either change the value

114
00:09:12,030 --> 00:09:15,140
here or change the register to nine to one.

115
00:09:16,180 --> 00:09:16,470
Right.

116
00:09:16,590 --> 00:09:18,650
So this is how comparison works here.

117
00:09:18,700 --> 00:09:25,740
We are going to change the value here to nine to one double click on the register and then it changes

118
00:09:25,740 --> 00:09:26,560
to a nine to.

119
00:09:28,300 --> 00:09:30,130
Nine to one,

120
00:09:33,080 --> 00:09:40,030
right, so now when he does a comparison, yes, minus nine to one, which you would take these nine

121
00:09:40,030 --> 00:09:43,180
to one, minus nine to one endeavor Gifu zero.

122
00:09:43,780 --> 00:09:48,070
So zero will go to the left and show success.

123
00:09:48,190 --> 00:09:49,420
He said go to the right.

124
00:09:50,500 --> 00:10:00,370
OK, let us try now press Efate Stepanova, see how it is going to go to the left because the hero is

125
00:10:00,370 --> 00:10:03,460
blinking and through enough he went to the left.

126
00:10:05,400 --> 00:10:08,620
Now, he has shown the success message, going to check it out.

127
00:10:09,110 --> 00:10:09,660
Congrats.

128
00:10:10,160 --> 00:10:14,760
OK, so this is how he can modify the register itself during runtime.

129
00:10:15,600 --> 00:10:16,850
But this is not pitching.

130
00:10:16,860 --> 00:10:19,030
This is just modifying the register value.

131
00:10:19,860 --> 00:10:28,320
OK, so these are two ways in which you can modify the behavior of a program using debugger during runtime

132
00:10:28,890 --> 00:10:30,570
or there's not a thing I want to show you.

133
00:10:31,610 --> 00:10:32,830
Let's start this now.

134
00:10:33,750 --> 00:10:38,760
You can also do more than just modify or reverse terms.

135
00:10:38,760 --> 00:10:45,230
You can also delete execution of a Russian user, has to really have to hear.

136
00:10:45,270 --> 00:10:53,910
So, for example, if you don't want this thing to happen, you can just remove this by replacing these,

137
00:10:53,950 --> 00:10:54,990
you know, operation.

138
00:10:55,960 --> 00:10:56,260
Right.

139
00:10:56,310 --> 00:11:01,410
But to do that, you need to count how many bytes you need to substitute if no abberation.

140
00:11:02,250 --> 00:11:06,180
So let's convert to linear view the moving instruction.

141
00:11:06,570 --> 00:11:08,430
You need to see how many advisee uses.

142
00:11:08,430 --> 00:11:10,790
So good options, General.

143
00:11:11,550 --> 00:11:13,920
And here she was, 16.

144
00:11:14,760 --> 00:11:17,390
OK, so then you can see the.

145
00:11:18,600 --> 00:11:25,330
So this instruction Russian X followed by this address value in this address takes up three bytes.

146
00:11:25,830 --> 00:11:33,940
So if you're doing this instruction to happen, we can use this method and then.

147
00:11:35,860 --> 00:11:43,000
Changes through base to nine zero nine zero nine zero through the program, changed by.

148
00:11:44,670 --> 00:11:52,530
So this this by it'd be four or five efore, it'd be four or five efore, you can change into a nine

149
00:11:52,530 --> 00:11:54,570
zero nine zero nine zero.

150
00:11:56,040 --> 00:12:04,950
So I deleted sevice and I replaced your nine zero nine zero nine zero nine zero is no operation.

151
00:12:04,950 --> 00:12:07,160
NLB So now you take a look.

152
00:12:10,540 --> 00:12:14,420
I remove the instruction and replace it in operation.

153
00:12:14,920 --> 00:12:22,120
So this is an idea you can perform in Saige, you can convert or remove any kind of instruction you

154
00:12:22,120 --> 00:12:22,390
want.

155
00:12:22,960 --> 00:12:29,140
The important thing is he has it must be exactly the same number of bytes so that you will not disturb

156
00:12:29,380 --> 00:12:31,180
the instruction that comes after it.

157
00:12:31,540 --> 00:12:33,550
Otherwise you will cost programming failure.

158
00:12:34,680 --> 00:12:37,640
OK, so these are the only things you can do.

159
00:12:37,720 --> 00:12:41,210
So I'm just going to control them to put it back.

160
00:12:41,560 --> 00:12:42,910
That's all for this video.

161
00:12:43,060 --> 00:12:44,140
Thank you for watching.