Jump to content

Decompile a .exe to get source code?


Recommended Posts

Okay, so i wrote this little app in C, all it does it ask for a password.  I showed it to my friend and he asked "ok well how do you hack  the password"  I have had no luck, I did a quick search through the forums and couldn't find anything, I don't even know if this is possible (to go from .exe > src).  If it is, if you could point me in the direction of  a nice tutorial or just point me in the right direction that would be great, tried OllyDBG din really know how to use it.  Also if its not possible to get src code then is there another route to obtain the password?

-Download Compiled w/src Here:

http://www.mediafire.com/?2tftsnjzerg

-Here is the src code (don't cheat):

// --------------------------------Version-2.0----------------------------------
#include <stdio.h>
#include <conio.h>
    int main(void)
{
{
    int i, j;
    while(1) {   //thx TomB
    char run[] = "lamepassword"; //set password here
    char checkit[80];
    system("title System Login  --By SableFoXx");
    system("cls");
    printf("Authentication Required!n");
    printf(">> ");

    for(i=0; i<80; i++) { //chr limit 80
        checkit[i] = getch();
        if(checkit[i] == 'r') {
            checkit[i] = '0';
            break;
        } else {
            printf("*");
        }
    }
    if(!strcmp(run, checkit)) {
        system("cls");
        system("color a");
        printf("nnnnnnnnn");
        printf("============================================================================
===n");
        printf("                             * Access Granted *n");
        printf("============================================================================
===n");
        printf("nnnnn");
        system("pause");
        system("cls");
        system("color f");
        /* -------------------------CODE-START--------------------------- */
            
        printf("You Win! nPlease wait while a party official comes to collect you for your party. :)n");
        printf(">>Regards, SableFoXx<< n");
        system("pause");
        return 0;     
        
        /* --------------------------CODE--END--------------------------- */
    } else {
        system("cls");
        system("color c");
        printf("nnnnnnnnn");
        printf("============================================================================
===n");
        printf("                              * Access Denied *n");
        printf("============================================================================
===n");
        printf("nnnnn");
        system("pause");
        system("cls");
        system("color f"); 
    }
}}}

thx, SableFoXx

Link to post
Share on other sites

Well it's impossible to decompile the program into the original source code. OllyDbg dissembles it into ASM code and then you can "hack" it. I don't really have much experience with asm but if you NOP the jump on line 00401387 it will accept any password. If you look up two lines from that address you can see a call being made to strcmp under that a TEST EAX EAX which I can only assume is comparing the user string with the password string and then the line which you are noping is a JNZ which in the case means jump if they aren't equal(JNZ actually stands for jump if not zero). Hopefully my english was understandable :D.

Edit:If you set a breakpoint on line 00401376 you will see the password inside the EDX register. I might comment all the code as far as I understand it soon :).

Link to post
Share on other sites

Just opening the exe file in notepad reveals the password "lamepassword"

Link to post
Share on other sites
Okay, so i wrote this little app in C, all it does it ask for a password.  I showed it to my friend and he asked "ok well how do you hack  the password"  I have had no luck, I did a quick search through the forums and couldn't find anything, I don't even know if this is possible (to go from .exe > src).  If it is, if you could point me in the direction of  a nice tutorial or just point me in the right direction that would be great, tried OllyDBG din really know how to use it.  Also if its not possible to get src code then is there another route to obtain the password?

-Download Compiled w/src Here:

http://www.mediafire.com/?2tftsnjzerg

-Here is the src code (don't cheat):

// --------------------------------Version-2.0----------------------------------
#include <stdio.h>
#include <conio.h>
    int main(void)
{
{
    int i, j;
    for(j=0; j<1; j=j+0) {
    char run[] = "lamepassword"; //set password here
    char checkit[80];
    system("title System Login  --By SableFoXx");
    system("cls");
    printf("Authentication Required!n");
    printf(">> ");

    for(i=0; i<80; i++) { //chr limit 80
        checkit[i] = getch();
        if(checkit[i] == 'r') {
            checkit[i] = '0';
            break;
        } else {
            printf("*");
        }
    }
    if(!strcmp(run, checkit)) {
        system("cls");
        system("color a");
        printf("nnnnnnnnn");
        printf("============================================================================
===n");
        printf("                             * Access Granted *n");
        printf("============================================================================
===n");
        printf("nnnnn");
        system("pause");
        system("cls");
        system("color f");
        /* -------------------------CODE-START--------------------------- */
            
        printf("You Win! nPlease wait while a party official comes to collect you for your party. :)n");
        printf(">>Regards, SableFoXx<< n");
        system("pause");
        return 0;     
        
        /* --------------------------CODE--END--------------------------- */
    } else {
        system("cls");
        system("color c");
        printf("nnnnnnnnn");
        printf("============================================================================
===n");
        printf("                              * Access Denied *n");
        printf("============================================================================
===n");
        printf("nnnnn");
        system("pause");
        system("cls");
        system("color f"); 
    }
}}}

thx, SableFoXx

Good job! Suggestions: Do not use system calls like that. "for(j=0; j<1; j=j+0)" no need. You can change the window title etc... without using system calls.

http://msdn2.microsoft.com/en-us/default.aspx

Link to post
Share on other sites

toeasyeh0.th.png

Simply do a "Search for" -> "All referenced text strings" -> " * Access Denied *" in OllyDbg and you'll land at the right place.

Scroll a bit up and you'll see the interesting code.

Silva said that before: Correct password can be found in register EDX but you could also patch the JNZ.

Link to post
Share on other sites

This is cool, thanks for the help.  Got the password and learned a lot!

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...