1- basic understanding for assembly language
in this article i will be writing about the process of batching any binary by explaining a simple exe file example
we will be working with this game.exe file that expects input from the user and then validates (compare it with the license ) this input and decides whether to open the game or not.
so for us to be able to play we should have a valid license key, right?
but no we are hackers and by playing some of our dirty games we can break this :D ..
there is two ways to bypass this , the first way is to reverse the binary and obtain a valid license key and the second one is to patch the binary which is our topic in this article.
so lets start by loading the binary into IDA !.
after loading the binary in IDA and navigating through the main function we reach this compare instruction comparing the value in ebp+var_4 with 0 ( this value contains the return result from function sub_401090 which is the function to validates the input , if it is false it returns 0 in eax which will cause the jz instruction to execute and jump to the function that tells us to go and buy a license key XD ).
so basically we need to have a value other than 0 in eax ? right?
yes this will work but there is an easy way to do this , how if we changed the jz to jnz? this will work because jnz does the opposite to jz and then we could specify a wrong license key and play the game , awesome lets try it!.
first we highlight the jz instruction by just clicking on it.
then navigate to the hex view window and we see this.
observe the numbers 74 07 are highlighted in green , this is the equivalent for jz instruction on hex , 74 is the instruction op code (every instruction has its own op code) and the 07 is the offset that the jump instruction should jump to , so what is the next step?
we said that we wanted to change the jz to jnz to make it do the reverse , so how can we do that.
its actually so simple we just have to change the op code for jz(which is 74) to the op code for the jnz (which is 75) instruction and it should work so lets try that
right click and select Edit and change 74 to 75 (the offset 07 remains the same)
then again right click and select apply changes
now if we got back to the IDA view , we see that the jz is now a jnz instruction , wow magic :D
now lets save this and run it , in the above menu bar click Edit > Patch program > apply patches to input file and click ok ..
then execute the binary and supply any license key
boom ! we made it , isn’t this the most boring game you have ever played :D , but its ok , you know now how to patch binaries ;) ..