SecurityTubeBeta
Watch ... Learn ... Contribute
securitytube home
securitytube videos
securitytube questions
securitytube news
securitytube tools
divider
upload video on SecurityTube
 
 
Video Categories:
Security Basics
Programming
Security Tools
Fun

Reverse Engineering 101 ( Using a Hex Editor to Find Passwords )
 
 

This video is the first of many on the subject of Reverse Engineering. I will try my best to go slow so that you can grasp the concepts properly. I would highly recommend that you try out all the samples yourself, as it will be the fastest way to learn. Please download the c code and the binary exe file (don't worry it's not a virus :D ) before starting with this tutorial.

In this tutorial we will understand how to use a Hex Editor to view a binary file and find useful things. For this video we have created a sample exe using the code shown below. The idea is to hide a string in the exe and use it for a password validation in the application. As everyone knows this is the most insecure form of authentication ;-) and we will use a Hex editor to crack the password by looking at strings in the binary file.

After watching this video, please download the binary and try it yourself. Hex Workshop is a good Hex editor and is the one used for the video.

 
--------- Program Starts -----------

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
 
#define password "FindMeIfYouCan"

int main(int argc, char *argv[])
{
  char pass[100];
 
 
  printf("Please enter your password\n\n");
  scanf("%s", pass);
  if ( strcmp(pass, password) == 0 )
  {
       printf("Congrats!! Correct Pass\n\n");
  }
  else
  {
      printf("Wrong Pass\n\n");
  }
      
  system("PAUSE");   
  return 0;
}

------------Program Ends ---------------

The Camtasia Studio video content presented here requires a more recent version of the Adobe Flash Player. If you are you using a browser with JavaScript disabled please enable it now. Otherwise, please update your version of the free Flash Player by downloading here.
 

 
Related Videos from: Reverse Engineering Basics
divider
You are Viewing this Video Now!
Reverse Engineering 101 ( Using IDA to break password protections )
14018 views
22344 views

Author
Vivek-Ramachandran

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net

 
©2007 Freak Labs