Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Engineering
- -----------
- To plan and design
- ------> A product, mechanical product, software, hardware product
- 1. Forward Engineering
- We have a raw material and we build or engineer a full fledged product.
- We know how to code, we know what the users want and we know what to make ---> Software
- tyres + engine + suspension + frame + chasis = car
- 2. Reverse Engineering
- We have a full flegde product, and we reconstruct it. We have a car and we open it... hing by hing. I will again construct it. So that i can modify and make it of much more use.
- Finding bugs, flaws, and errors in the product.
- 3 softwares
- -----------
- 1. BPK Keylogger Detector
- 2. SMAC
- 3. Power ISO
- ****Lena Reverse Me --> Legalised platform where we perform reverse engineering
- https://tuts4you.com/download.php?list.17
- Requirements:
- 1. Windows 7 / XP*
- 2. Ollydbg ---> Debugging tool --> http://www.ollydbg.de/download.htm
- 3. Softwares upon which we will perform reverse engineering
- 1. BPK Keylogger Detector
- -------------------------
- Download it from --> http://www.blazingtools.com/downloads.html#antispy
- Right click ollydbg and click on extract all
- Step 1 - Install Keylogger Detector
- Step 2 - Open Keylogger Detector
- Step 3 - Click on the "register" tab --> Registration Keys
- Step 4 - Enter username and keys --> click on register
- Step 5 - It will show you a dialogue box. Copy the error message
- Step 6 - Open ollydbg ---> Right click ---> Run as administrator
- Step 7 - File --> Open --> "C:\Program Files\Keylogger Detector\antispy.exe"
- Step 8 - Click On play button ---> to run the program
- Step 9 - Click on "View" --> Executable Modules
- Step 10 - Double click .exe file from the list
- Step 11 - Click on play button again
- Step 12 - Right Click in the string column ----> Search for ---> All referenced Text String
- Step 13 - Right Click --> search for text
- Step 14 - In the appeared Dialogue box, paste the error message which we copied. Uncheck the "case sensitive" and tick the "entire scope"
- Step 15 - Double click the got pointer message
- Step 16 - Nevigate to the starting of the block in which the error message is displayed
- Step 17 - Put a break point in the starting of the block, by double clicking the reference row
- Step 18 - click on the close button which is on the left of play button
- Step 19 - Repeat Step number 7,8,9,10,11
- Step 20 - Click on register, enter registration code and click on register
- My OllyDBG will open automatically at the place where I have provided the break point.
- Step 21 - Click on the enter key, which is at 2nd position from the play button
- Step 22 - start clicking the next key from the enter key until you get the values.
- Step 23 - Stop when you receive the keys. Close all the stuf and open BPK Keylogger Detector. Enter the same username but this time you need to enter the obtained Seriel keys.
- Abra Ka Dabra ------
- ---------------------------
- Registration error
- ---------------------------
- Registration code or user name is invalid. Please check all fields and try again!
- ---------------------------
- OK
- ---------------------------
- EAX 0018EB1C ASCII "TBRKDIEOABNGCKVA"
- ECX 0018EB2B
- EDX 00000041
- EBX 00000001
- ESP 0018EB08
- EBP 0018EB78
- ESI 76A22B7A kernel32.lstrcatA
- EDI 00090250
- EIP 00404A04 antispy.00404A04
- C 0 ES 002B 32bit 0(FFFFFFFF)
- P 1 CS 0023 32bit 0(FFFFFFFF)
- A 0 SS 002B 32bit 0(FFFFFFFF)
- Z 1 DS 002B 32bit 0(FFFFFFFF)
- S 0 FS 0053 32bit 7EFDD000(FFF)
- T 0 GS 002B 32bit 0(FFFFFFFF)
- D 0
- O 0 LastErr ERROR_SUCCESS (00000000)
- EFL 00000246 (NO,NB,E,BE,NS,PE,GE,LE)
- ST0 empty -??? FFFF 00000066 00660066
- ST1 empty -??? FFFF 00000000 00083600
- ST2 empty -??? FFFF 00000000 00010000
- ST3 empty 1285.9999712556600570
- ST4 empty 1.0000000000000000000
- ST5 empty 1.0000000000000000000
- ST6 empty 16.000000000000000000
- ST7 empty 16.000000000000000000
- 3 2 1 0 E S P U O Z D I
- FST 4020 Cond 1 0 0 0 Err 0 0 1 0 0 0 0 0 (EQ)
- FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1
- 2. SMAC
- -------
- Step 1 - Install SMAC
- Step 2 - Open SMAC by right click ---> Run as Administrator
- Step 3 - Enter Registration Keys
- Step 4 - click on register
- Step 5 - It will show you a dialogue box. Copy the error message
- Step 6 - Open ollydbg ---> Right click ---> Run as administrator
- Step 7 - File --> Open --> "C:\Program Files(x86)\KLC\SMAC\SMAC.exe"
- Step 8 - Click On play button ---> to run the program
- Step 9 - Click on "View" --> Executable Modules
- Step 10 - Double click .exe file from the list
- Step 11 - Click on play button again
- Step 12 - Right Click in the string column ----> Search for ---> All referenced Text String
- Step 13 - Right Click --> search for text
- Step 14 - In the appeared Dialogue box, paste the error message which we copied. Uncheck the "case sensitive" and tick the "entire scope"
- ---------------------------
- SMAC 2.0
- ---------------------------
- Invalid Registration ID.
- ---------------------------
- OK
- ---------------------------
- Text strings referenced in SMAC:.text, item 5103
- Address=0048BCF6
- Disassembly=PUSH SMAC.00438AB8
- Text string=UNICODE "-375M-3932-563F-4967"
- Text strings referenced in SMAC:.text, item 5102
- Address=0048BCF1
- Disassembly=PUSH SMAC.0043222C
- Text string=UNICODE "SMC2U"
- SMC2U-375M-3932-563F-4967
- ---------------------------
- SMAC 2.0
- ---------------------------
- Invalid Registration ID entered.
- ---------------------------
- OK
- ---------------------------
- 004874EF . C785 58FFFFFF >MOV DWORD PTR SS:[EBP-A8],SMAC.00438A48 ; UNICODE "This product has been successfully registered."
- JMP 004874EF
- ---------------------------
- SMAC 2.0
- ---------------------------
- This product has been modified and will shutdown.
- ---------------------------
- OK
- ------------------------
Add Comment
Please, Sign In to add comment