Making Our Change Permanent
Using Hiew.

Crackme 1 by Brad Soblesky.

By Krobar / Nov 1999


Well we now got the address of where to make our changes, and we know the instruction we gonna change. Actually we think we know.

Now we just got to make the changes to see if we were right, and for that we use a hex editor.

Before we make the changes, however, we going to back up our program. There at least a couple of reasons for this.

  • We might fuck up our changes and need a second chance.
  • We need the original and the changed to make a 'crack' in the next tut.

So make a copy of crackme1.exe, and you obviously got to call it something else. I always just highlight the original, press Ctrl and c (to copy), then Ctrl v (to paste), and you get a copy of the original.

So start up Hiew and load our program into it. I not going to repeat myself anymore, so if you havent read the mini tut on Hiew do it now.

Well the Hiew screen will open with a listing of the code (if you changed your hiew.ini to open in code mode...see the hiew mini tut if you didnt), otherwise push F4, select code, and push enter,

Push F5 and you'll see a line start flashing in the top left of the screen. That where we put the address.

Now we can either put the address or the offset. If we put the address we have to put a dot before it (.00401595), but we gonna put the offset coz it shorter...hehe...only four numbers instead of eight.

So put 1595 and push enter. You'll jump to this line: (recognise it from last tut???)

:00001595 :   7516                      jne       0000015AD   --------  (1)

and the cursor square will be on the 75.

What did we want to do??? Change the jne to a je. The hex instruction for jne is 75, and for je is 74. You'll know this from reading the little Op code guide in the last tut. So we gonna replace 75 with 74.

Push F3 (edit) and the square cursor will start to flash, then replace 75 with 74. Push F9 (update) to make the changes permanent, then F10 (or Esc) to exit Hiew.

The last thing to do is check if our changes work. Spark up crackme1 (the one we changed) and enter any number. Click check, and yeah, worked.

That it! Next we gonna make a crack that will patch our crackme when we click on it.