|
Tools needed:
·
Ollydgb (http://www.ollydbg.de/)
to patch the program and run it.
Summary:
What we are going to do is to modify Deep Freeze to accept any password as a
valid one.
Let's get to work:
1.
Run Ollydbg. On the menu 'File' select 'Attach'. A
window will show up with a list of the running processes. Click on the
process with the name 'FRZSTATE9X' and then press Attach. If a warning message
is raised dismiss it.
2.
Right click over the code and a context menu will appear,
select 'Go to' and then 'Expression' (or use the shortcut Ctrl+G).
3. In the text box enter 408E94
and press OK.
The program will jump to that line of code.
4.
In this line the program decides if the password is correct. Let's set a breakpoint here.
To do that right click
over the line and in the context menu select 'Breakpoint' and then 'Toggle' (or
press F2).
5.
Press
F9 to resume the code execution.
6.
Now activate the login program by double clicking over the
icon while you keep the shift key pressed or by pressing CTRL+ALT+SHIFT+F6. The login window will appear asking
for the password. Write anything in the password box and press ENTER. The
breakpoing we set earlier in Ollydbg will activate and the login program
will freeze.
7.
On the
registers window (to the right of the code) you'll see that the Z flag is
set to 1. That means the password is incorrect, let's change that. Double
click over the Z flag value and you'll see it changes to 0.
8.
Now press F9 to continue. If everything went right the Deep
Freeze configuration dialog will show up.
Stat
rosa pristina nomine, nomina nuda tenemus.
|
