WEBVTT 1 00:01.550 --> 00:03.080 Hello and welcome back. 2 00:03.080 --> 00:07.430 In this lesson, we are going to start our first project, Easiest Crackme. 3 00:07.520 --> 00:09.860 We are going to fish for the password. 4 00:10.100 --> 00:15.230 So if we run it, you remember that this message shows up, 5 00:15.470 --> 00:16.850 asks you to enter the password. 6 00:16.850 --> 00:21.380 If you enter a wrong password and hit Enter, it shows us a bad message: 7 00:21.380 --> 00:22.010 Wrong. 8 00:22.040 --> 00:22.760 Try again. 9 00:22.880 --> 00:27.740 So now we have to search for this string inside the code. 10 00:28.460 --> 00:30.860 So what we do is remember this string: wrong, 11 00:30.860 --> 00:31.580 try again. 12 00:31.910 --> 00:32.870 So we close this. 13 00:32.870 --> 00:35.000 Now we use x64dbg. 14 00:37.060 --> 00:42.700 And we open the crackme, and now we are going to search for the string inside the code. 15 00:42.940 --> 00:51.670 So right-click on this, Search for, Current module, String references, and search for the string "wrong." 16 00:52.300 --> 00:53.560 And you will find it here. 17 00:53.650 --> 00:56.350 So this technique is called the string search method. 18 00:56.710 --> 01:02.410 So once we find it, we can double-click on it to go to that address where this string is found. 19 01:04.160 --> 01:06.800 So this is where the string is found, 20 01:06.800 --> 01:09.470 and you want to see the logic of this. 21 01:09.470 --> 01:13.730 You can look for the start of this function, which is over here, push -. 22 01:14.330 --> 01:18.230 So push - starts the function, and return 23 01:18.230 --> 01:19.400 here ends the function. 24 01:20.810 --> 01:25.550 So we can put our cursor here and right-click and graph it, 25 01:25.940 --> 01:27.320 or we can just press G. 26 01:28.370 --> 01:31.790 So from here we can analyze the control flow logic. 27 01:33.410 --> 01:42.500 We can see that there is a jump here which will go to the right if your password is correct, to show 28 01:42.500 --> 01:43.070 it: Correct. 29 01:43.100 --> 01:43.760 Nice job. 30 01:44.630 --> 01:48.050 Or it can go to the left and show you: Wrong. 31 01:48.080 --> 01:48.920 Try again. 32 01:49.550 --> 01:53.960 So whether or not it goes to the left or to the right depends on this jump, 33 01:54.200 --> 01:56.810 and this jump depends on this compare. 34 01:57.560 --> 02:00.380 So it is comparing - with 42. 35 02:01.370 --> 02:09.290 If it is not the same, if - is not the same as 42, then jump not equal will jump to this address 36 02:09.290 --> 02:10.610 3163. 37 02:10.760 --> 02:11.840 That means on the left. 38 02:12.290 --> 02:15.560 So this suggests that the password is 42. 39 02:15.800 --> 02:17.360 So what is 42? 40 02:17.810 --> 02:24.020 We can use the calculator here and enter 42, 42. 41 02:24.020 --> 02:29.360 And you can see in the decimal it is 1234. 42 02:29.390 --> 02:31.340 That means the password is 1234. 43 02:32.240 --> 02:34.040 So we have already fished the password. 44 02:34.070 --> 02:42.230 So now with that, we can try to stop this and run the program directly and enter the password 1234. 45 02:43.870 --> 02:45.400 One, two, three, four. 46 02:46.580 --> 02:47.090 Correct. 47 02:47.120 --> 02:47.660 Nice job. 48 02:47.870 --> 02:53.030 All right, so this is how easy it is to solve this using a debugger. 49 02:53.690 --> 02:56.420 So that's how you can use serial fishing. 50 02:57.050 --> 03:00.290 Now in the next video, I will show you how to do patching. 51 03:01.010 --> 03:06.950 So patching is when you want to force it to be correct. 52 03:06.950 --> 03:10.190 Even though your password is wrong, you still want to show the good message. 53 03:10.460 --> 03:13.460 Currently, if your password is wrong, it shows you the bad message. 54 03:14.210 --> 03:15.380 So next, 55 03:15.500 --> 03:22.130 next video, I will show you how to patch this program so that even though your password is wrong, it 56 03:22.130 --> 03:25.190 still shows you the good message, not the bad message. 57 03:25.190 --> 03:27.380 Okay, so that's all for this video. 58 03:27.380 --> 03:28.610 Thank you for watching.