in this simple tutorial you'll learn the basics of statically patching a program.
we will be using ida pro to crack an easy crackme, you'll need:
- ida pro
- basic knowledge of the x86/x86_64 architecture, assembly and intel syntax.
- patience


alright, so let's start with this one:

it's only 12kb, so it will be likely really, really easy to analyze, reverse and crack.

when ran, the crackme asks for a password:


alright, so let's open up ida pro. drop the target executable to ida
and you'll be prompted by this window:


usually you never have to change anything there, ida automatically recognizes the best
default options for each executable. if the file is packed then you might need to alter
the settings. just press ok to continue.

this is my default ida layout, in the center you can see the disassembly of our target program's main function
which what we'll be focusing on first.


if you press f5 on the disassembly window you can see the pseudo c code generated by ida of the disassembly.

it can be really useful since in some scenarios it can really be close to the original code, although nearly always it will not
resemble the original code. pseudo code gives you a good idea of the function. sometimes it might be full of junk or something
else that makes the function hard to understand, in such case it will be easier to examine the disassembly first and try to understand it.


now we can start renaming some of the functions of the program to make it easier to understand in the first place;

as you can see, this function 'sub_401740' is called with arguments "std::cout, "string"" in every case.
from this we can see that the function is actually the stl's "cout <<" operation. so let's rename it to "std::cout":



'sub_4019b0' is stl's cin operator and so on.

now that the pseudocode is a bit easier to read, we can see that this is where the algorithm compares our inputkey and the correct key.
as you can see it's not a direct string comparison, the algorithm works differently.
probably by calculating each character's hex value together and the comparing the sum to the input key or something similar to that.



so let's switch to the disasm view and try to find the point where the program does this step.

now let's switch to graph view:


here we can see the flow of the main function, which contains the input and key comparison.

here we can see the key validation, as you can see there are three jumps; jnz, jb and jnz. to the "wrongkey" location:


now we can just patch the program to jump to "rightkey" location instead of jumping to "wrongkey".


now the program jumps to the "rightkey" location, no matter what we type as the inputkey.
if we check the pseudocode of the main function again, we can see that the if-else comparison statements have disappeared completely,
and the program directly outputs "well done, you gave the right key.".

now just apply patches to the input file and see how it works:



as you can see, the program does not care what the input key is this time, and will let us in regardless.