Source: tuts4you
Goal: Practice cracking and reverse engineering skills.
Problem: The binary set up various CMP and JMP calls to prevent getting us to the “Patched!” solution.
Solution:
(1) Walk through the binary execution and examine necessary calls by looking at the ASCII strings “Not Patched”, “Patched!” and etc.
(2) Set up breakpoints on interesting CMP calls.
(3) Patch the first call to NOT make the jump to the “Not Patch” routine. I decided to patch the CMP call as “CMP EBX, -1” just to make sure not to trigger the next JLE (jump if larger than or equals). The current EBX hex value 00000000 or signed “0”. So, the function essentially compares it to “2”. We changed to “-1”.
(3) Next, I decided to patch the EBX register value to “4” to make sure we make a closer jump over to the “Not Patched” instructions, closed to the “Patched!” function.
(4) Last patch we have to apply is to alter the non-conditional JMP function instruction. I patched it with “NOP.”
(5) Arrive at the “Patched!” screen display.
