Learn How Crackers Phish For Serial Numbers
Today, I will show you how to reverse engineer software to find the serial number. Let the cracking begin.
The first thing we need to do is a debugger, the one I’m using is x64dbg.
What we need:
- Debugger (x64dbg or ollydbg)
- The crackme.
All these can be downloaded below:
Attach to Debugger:
Now, we need to attach the crack me to a debugger so open up x64dbg in 32bit mode and drag the crack me across to the debugger window and it will attach it.
Finding The Symbols:
Now, let’s have a look at the symbols/modules so go to the symbols tab and click on the first module called keygenme.exe right click -> Follow in Disassembler.
Search for String References:
We need to start off by searching for a string to set our break point at. right click -> Search for -> Current Module -> String references. This should list all the strings for this current module, in this case, it was the string “You did it!”. right click -> Follow in Disassembler.
There should be a jne instruction that is the same as the jmp instruction, it’s job is to jump from one instruction to another. When we observe this instruction it’s jumping over “You Did it!” we need it to slide down to where it says “You Did it!”
so we set a break point at the jmp instruction and press F9 to run it.
Type in some random Name and Serial
Now, if we have a look at the ECX register we should see something interesting, the ECX register holds our serial number.
Test The Serial Number:
If we close out of our debugger and open the crack me, type in anything for the name but type in the serial number we have found, click CHECK! and….
Boom!! we have found the serial number.
Hope you enjoyed this post.