# Basic cracking a program using Cutter


![radare-image-logo.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1659254788444/2TfFWbdl9.png align="left")

1. Install Cutter from this link <a target="_blank" href="https://github.com/radareorg/cutter">Cutter Radare</a>.

2. Create a simple program called `vulnerable_license.c`.
   
   ```cpp
    #include <string.h>
    #include <stdio.h>
        
    int main(int argc, char *argv[]) {
        if(argc==2) {
                printf("Checking License: %s\n", argv[1]);
                if(strcmp(argv[1], "AABB-CCDD-20-OK")==0) {
                        printf("Access Granted!\n");
                } else {
                        printf("WRONG!\n");
                }
            } 
        else {
                printf("Usage: <key>\n");
        }
        return 0;
    }
  ```
    This program basically check the correct license to get the access of the program.

3. Then, compile the program using default `gcc` option.

    ```bash
      gcc vulnerable_license.c -o vulnerable_license
    ```      
    
    ```bash
    # Example: if your input is "AABB-CCDD-20-OK" you get the access, else you get "WRONG!".
    
    $ ./vulnerable_license AABB-CCDD-21-MM 
    Checking License: AABB-CCDD-21-MM
    WRONG!
    
    $ ./vulnerable_license AABB-CCDD-20-OK 
    Checking License: AABB-CCDD-20-OK
    Access Granted!
    ```

4. Open your `Cutter` app and load the compiled file before and make sure to checked the write mode.
   
    ![cutter-app.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1659254808349/_-k8Q8b8K.png align="left")

    ![load-write-mode-cutter.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1659254819846/JccbdsOas.png align="left")

5. You will look something like this.
      ![all-vuln-license.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1659254830719/b5Z_LvSiT.png align="left")

    We interested in `main` function, because we see there's a checker, so we need to bypass the checker by changing the flow of the program.

    ![vulnerable-license.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1659254842876/qAiZffMPN.png align="left")
    
   From the picture above, there's some mechanism to change the flow by using `reverse jump` in Cutter. We tend to change the flow of result `test eax eax`, by default if the result not `zero` or `the string is not same` it will jump to "WRONG!" so we need to reverse the logic, by allowing the `wrong string` to grant the access.

6. You need to click the `jne 0x11b9` in my case, other computers maybe different. `Edit -> Reverse Jump`.
    The new change will similar like this.
    
      ![access-license.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1659255522036/OATzSASow.png align="left")

   By runtime the flow of the program is changed.
   
7. Save the changes and try to run the program again.
   ```bash
    $ ./vulnerable_license AABB-CCDD-21-MM 
    Checking License: AABB-CCDD-21-MM
    Access Granted!

    $ ./vulnerable_license AABB-CCDD-20-OK
    Checking License: AABB-CCDD-20-OK
    WRONG!
   ```

Source: 
<a target="_blank" href="https://www.megabeets.net/5-ways-to-patch-binaries-with-cutter/">Patch Binaries with Cutter</a>
  

