Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Module 1: BSWJ: OllyDBG
Why use OllyDBG?
Welcome to Breaking Stuff with Joe, where we review some of the most essential cybersecurity tools that come packaged and utilized within Kali Linux. In this section, we will be reviewing OllyDBG, an analyzing debugger that works at assembler level for 32-bit Windows programs. This tool is useful for reverse-engineering programs, cracking licensed software, and analyzing source code that would otherwise be unavailable. As a disclaimer: We do not advocate any illegal activity, and cracking software should only be done with the express permission of the program’s author. You can learn more on this topic and countless others by creating an account on Cybrary, simply click the link at the top of this page.
Where does OllyDBG come from?
OllyDBG was originally released in the year 2000 by developer Oleh Yuschuck. Due to its free and open-source nature, it was able to quickly compete with similar products that charged a considerable fee. Due to this popularity, Yuschuck developed a kit for creating OllyDBG plugins, and many customized plugins were released as a result.
How can we use OllyDBG?
OllyDBG is easier to use than many other Kali Linux tools, as it includes a graphic user interface. The primary use of OllyDBG is to “crack” licensed software, or to bypass trial versions and costs required to use the full versions of paid software. In order to understand this process, let’s explore an example scenario in which we crack a paid software binary. Open your program and navigate its menus until you are prompted with the error message that tells you to purchase the full version or terminate the program.
Next, use this console command to launch the program:
Once OllyDBG launches, navigate to the application’s binary, or the .exe file of the paid program with the expired/impending trial. Use the File>Open menu to find the binary in its directory. Once opened, OllyDBG will decompile the program into assembly code. Assembly is a low-level language that instructs your device at the most basic level, moving 0s and 1s to carry out complex mathematical functions.
Press F9 to begin debugging. After some time has passed, press F12 to pause the execution of the binary’s code. Finally, press Alt+K to open the call stack. A call stack is a type of data structure that is responsible for storing active subroutines, or instructions, for a program. The error message is likely displayed via a subroutine named “MessageBox”, or those little grey boxes that display error messages in Windows. Search through the call stack for the error message from earlier. Right click the red text above the error message that reads “MessageBox”, and then select “Show Call” from the sub-menu.
OllyDBG will then show you the assembly code that “calls” or executes the error message code. This is the code that checks whether or not you’ve paid for the software. Here is where it gets complicated: Select the line of code that calls the error message, likely a PUSH command with a “>” symbol in the panel just right of the leftmost panel with address names. This will display text that indicates the code prompts a jump fromto . Right-click this text and select the first option that says “Go to JA from ”.
We want to prevent the program from following this path that produces the “free trial expired” error. In order to do this, we will replace the “JA” or “Jump Above” command with “NOP” commands that do absolutely nothing. Right-click this new line of code and select “Binary > Fill with NOPs” from the sub-menu. Press “~” or tilde to return to the previous line of code, and repeat the “Fill with NOPs” operation for this line as well.
Once you are finished, right-click inside the window labeled “CPU” and select “Copy to executable > All modifications” from the sub-menu. This will save all changes to the program’s source code. Select “Copy all” from the menu prompt that appears. Another window should display reading “Expiration.exe” or something similar, right-click within this space and select “Save file”. Once this is finished, save your new, cracked program with a unique name. If everything goes smoothly, you should be able to launch the program and bypass the error that indicates an expired free trial.
Teaching Assistant Vikramajeet Khatri
(Disclaimer: Breaking Stuff with Joe is a Cybrary series that will be running indefinitely. You will not earn CEU/CPE hours by watching any individual 'Breaking Stuff with Joe' episode. However, you can still earn a certificate of completion for each episode completed.)