OllyDBG - VERY simple bypass

Lets get down to business on ASM, reverse engineering, product activation, and what it's really all about. [ THERE ARE NO WAREZ HERE ]
Post Reply
undream
n00b
Posts: 2
Joined: Thu Jul 02, 2009 7:50 am

OllyDBG - VERY simple bypass

Post by undream » Thu Jul 02, 2009 7:57 am

hi all.

I'm trying to bypass a personal gam client registration screen. The logis is like that:

The client is personal. So it just lets the creator's accounts to log in.

There is a hardcoded "usarname" list in the exe file. The clients checks the username you write (to login) if it is in the username list.

If the name is in the list, it runs perfectly. If not, it just crashes.



How can I bypass a situation like that ? I know the username that works for the client. Tried to change it with hex editing, but was unabl because I was changing the "length" of the name and so that the file size was changing.

I tried to locate the adress that "crashes" the client (after the unsucessfull name check) and I tried to bypass the crash, but I guess it checks the name in many points so when I bypass one crash, other crashes occur.

What can I do in a condition like this ? Waiting for some professional supprt ^^


Thanks for reading.

User avatar
IceDane
Because I Can
Posts: 2652
Joined: Wed May 12, 2004 9:25 am

Re: OllyDBG - VERY simple bypass

Post by IceDane » Thu Jul 02, 2009 12:43 pm

undream wrote:hi all.

I'm trying to bypass a personal gam client registration screen. The logis is like that:

The client is personal. So it just lets the creator's accounts to log in.

There is a hardcoded "usarname" list in the exe file. The clients checks the username you write (to login) if it is in the username list.

If the name is in the list, it runs perfectly. If not, it just crashes.



How can I bypass a situation like that ? I know the username that works for the client. Tried to change it with hex editing, but was unabl because I was changing the "length" of the name and so that the file size was changing.

I tried to locate the adress that "crashes" the client (after the unsucessfull name check) and I tried to bypass the crash, but I guess it checks the name in many points so when I bypass one crash, other crashes occur.

What can I do in a condition like this ? Waiting for some professional supprt ^^


Thanks for reading.
You can easily change the name, just pad the rest with 0 bytes. E.g., if you have a name that's 3 characters shorter than the username in the file, you can simply write your name, then three 0 bytes.

User avatar
ev66
n00b
Posts: 2
Joined: Sat Oct 03, 2009 3:03 am

Re: OllyDBG - VERY simple bypass

Post by ev66 » Sun Oct 04, 2009 4:49 am

Good advice. Thanks

Post Reply