Everyday useful reverse engineering

I recently purchased a product that required a password to configure it (the product shall remain nameless), and I couldn't find the default password anywhere in the documentation that came with it. Of course, I could have rang support and asked for it, but where is the fun in that?

re password4

So, how to find the password? Our configuration program is called config.exe - so lets see what kind of program it is:
re-password3
We all know that Borland Delphi code is very friendly to reverse engineer, so lets fire up IDA, and look for the string "Incorrect installer password".  We find it at this location:

Note that there is a string comparison just before we reach this point, so all we need to do is attach our debugger of choice (ollydbg) to config.exe when it is connected to the device, and voila! Our password is revealed!

re password2

 

| August 21st, 2014 | Posted in Reversing |

Leave a Reply