INTRO

You might have heard about Powe ISO software of windows. PowerISO is a powerful CD / DVD / BD image file processing tool, which allows you to open, extract, burn, create, edit, compress, encrypt, split and convert ISO files, and mount ISO files with an internal virtual drive. It can process almost all CD / DVD / BD image files including ISO and BIN files. PowerISO provides an all-in-one solution. You can do everything with your ISO files and disc image files. it is like the WinRAR software. you should check their website for once.

If you have ever used this, you must know that there are some limitations to demo software. or you can call it some frustrating things. you will see in the demo that you have to wait for some time before using the software. we can remove that too. but we won’t need to do that. we are going to bypass the registration. it means that no matter if we have the right key or not, once we will enter it, the software will get registered.

You should read my previous article related to reverse engineering where I have explained to run VLC as root in Linux, Click Here.

 

ATTACK

First of all, download the demo of this software in your windows from their website. and then simply, install it.  Now we need some reverse engineering software. I am using the IDA pro and W32DASM disassembler. after downloading these, you are totally good to go.

Let’s see what can be done to crack the PowerISO. open the PowerISO to examine what is going to be bypassed.

Screenshot:

Screenshot:

Try to submit this and you will see some error. all we need to focus on are strings that are being used while registration. so, a unique string is “user name”.

Now, open the W32DASM and load the poweriso.exe to find the string in disassembly. Go to (top left)disassembly>Open File to Disassemble

Screenshot:

Well, we have the program in disassembly. now we can search for the string “invalid” or “serial”. because we got this string while registering with the wrong code.

Go to (top left) Search>Find Text

Screenshot:

So, get the offset of push instruction. it can be something else for you. but in my case, it is 0x0007FA8C

Screenshot:

Now that you have noted the offset value, we can use IDA pro to run the PowerISO with breakpoints. I don’t think I need to tell you how to load a file in IDA. you can do it yourself.

After loading the file, press ‘G‘ to go to the offset you found in disassembler. you will see something like this.

Screenshot:

The arrow is denoting the same push instruction we got in disassembly. you may have a question that doesn’t the windows change the memory address each time like Linux. well, the working of ASLR in windows and Linux are slightly different. I don’t know much about it too. but I have heard that most of the windows programs don’t allow ASLR in their programs and mostly, games. it reduces the performance of the program or software.

if you are interested to know more about Linux and Windows ASLR, you should check out this question I asked on StackExchange.

let’s done with extra knowledge. look closely, you will see that there is a jump  which is producing this push instruction. so, add a breakpoint at the jump by pressing F2.

Screenshot:

Start the program (top left) and enter the registration code as we did before.

Screenshot:

once you will press “ok”, the execution of the program will stop at the jump.

Screenshot:
If you will press enter, you will see that it is the same message, you were getting before. sp, now we know that we can bypass this jump(jnz) to get some other output which will redirect us to a valid message.

And I am leaving this up to you so, you may do something yourself. all you need to do is change the jnz to jz. do it manually, use opcodes or with anything else. I am assured that it will teach you something more.

 

 

Thanks For Visiting.

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here