Learn How To Crack Programs On Your Own With This HQ Tutorial
As I said in the begging you are going to crack your first program, the program is called ‘Crack me’, crack mes programs are meant to be cracked so they have no security system.
I’ll make a tutorial on how to bypass different security systems in a different thread.
For now, we are only going to be cracking crack mes.
Download link: https://x64dbg.com/#start
To open it just unzip, go on release and click on x96dbg.exe
Next you will need the crack me, there are a lot of crack mes out there, but for this tutorial we will be using the “Mexican Crackme”
Download link: https://github.com/cspinstructor/github-crackmes/blob/master/01-mexican.zip
Vt link: VirusTotal
So first you will need to open the program, you will probably need turn off your antivirus as it detects as a false positive.
To open the program run the cmd and drag the exe to it.
You will see a message “Try harder”
Your objective is to bypass this message and get the flag stored on the program.
Now that you know how the program works and your objective, you can start cracking
First you will need to open the crack me with the x64dbg, to do that just drag the Untitled1.exe to the x96dbg.
A window should pop up with a lot of information that you might not understand, I’ll explain it to you but first
You will need to configure your x64dbg, to do so go to Options/Preferences make sure your preferences look like this https://imgur.com/a/BgydqZj
Now I can explain you what the “Weird symbols”are.
1-address, It represents where the “commands” are located.
2- Machine language, we are not going to look at it in this tutorial.
3-Assembly language, it’s basically the machine language translated, so we can now read and understand what the program is doing.
Assembly language basics:
jmp – jump
je/jle – Jump if…
mov – make register value = something.
sub – subtract value from register.
cmp – compare 2 values
nop – code that does nothing (Really important)
for this tutorial we only will be using jmp, je/jle, nop and cmp.
First you will need to press F9 so you can go to the entry point.
Now you need to use what you know about the app, so basically all the app does is say ‘Try harder’ and then close.
‘Try harder’ is a string, strings are data type that represents text, and on x64dbg you can search for strings, you can do it manually or right clicking on a blank area, select search for, current module and then string references.
On that screen you will see address, disassembly and a string block. Don’t look at the other blocks, for now look for the string ‘try harder’ on the string block, the right one.
The string ‘try harder’ will probably be on the 5 or 6 line.
After finding it double click it, and you should see a screen like this.
If you understood the instructions that I explained before like jle and cmp
You can see that the program is comparing 2 values and if it is true it will jump:
cmp dword ptr ss:[esp+1C],C1
That jump will directly go to the string “Try Hard”.
Now something probably clicked on your head, if not keep reading
What you need to do is bypass the jle instruction.
-How can we do that ?
It’s very simple actually, you have 2 choices turn the jle into a nop or make the 2 values compared equal.
I will choose the simple solution, turn the jle into a nop, to do that select click on the jle instruction and press space bar.
Select the ‘Fill with NOP’s’ option and type ‘nop’ on the text box.
After that press esc to leave that screen.
and just like that you already cracked your first program
-How can I test it ?
What you will do next is to set a break point on the second ‘nop’, a break point is where the program will stop after you run it.
to set the break point, double click on the second nop line on the machine language block:
After setting it, press F9.
Now you’re in the nop line, what will do next is to run the program line by line till something appears on the console application.
To do that just press F8
What will be shown is the flag of the program.
Capturing flags is the main objective of a crackme and you just found it congratz!