QuasarApp/LIEF
4
0
Fork 0
mirror of https://github.com/QuasarApp/LIEF.git synced 2025-05-21 07:29:34 +00:00
Code Issues Projects Releases Wiki Activity
LIEF/examples/python/keygen/lief_patch.py
Romain Thomas 306a191a03 First public release
2017-03-30 16:56:49 +02:00

51 lines
1.3 KiB
Python
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env python2
# Description
# -----------
# Patch binary to remove anti-debug
import sys
from lief import ELF
import distorm3
def remove_anti_debug(binary):
patch = [0x83, 0xf8, 0xff, 0x90, 0x90] # cmp eax, 0xFFFFFFFF
ep = binary.header.entrypoint
text_section = binary.section_from_virtual_address(ep)
code = "".join(map(chr, text_section.content))
iterable = distorm3.DecodeGenerator(text_section.virtual_address, code, distorm3.Decode32Bits)
for (offset, size, instruction, hexdump) in iterable:
if "CMP EAX, 0x3000" in instruction:
# Patch 3d 00 30 00 00
binary.patch_address(offset, patch)
print("[PATCH] %.8x: %-32s %s" % (offset, hexdump, instruction))
# Distorm didn't get this one
binary.patch_address(0x804936B, patch)
def crack_it(binary):
# user: what you wants
# serial: any NUMBER
patch1 = [0x31, 0xD2] # xor edx, edx
patch2 = [0x31, 0xC0] # xor eax, eax
binary.patch_address(0x8049486, patch1) # xor edx, edi --> xor edx, edx
binary.patch_address(0x8049488, patch2) # xor eax, ecx --> xor eax, eax
def main(argv):
binary = ELF.parse("./KeygenMe")
remove_anti_debug(binary)
crack_it(binary)
binary.write("./KeygenMe.crack")
return 0
if __name__ == "__main__":
sys.exit(main(sys.argv))
Reference in New Issue View Git Blame Copy Permalink