.png)
.png)
Boozy's easy licensecheck is a beginner friendly CrackMe written in C/C++ for Windows (x86-64) that simulates a basic software license key check. It’s designed to teach you the fundamentals of reverse engineering by stepping through real program logic, identifying key validation routines, and ultimately patching the binary to bypass them. With a low difficulty score of 1.7 and a high quality rating of 4.5, it’s perfect for learning how software crackers defeat license checks and remove restrictions. Download it here to follow along.
A crackme is a small program designed to challenge and test a person's reverse engineering or software cracking skills, often by requiring them to bypass protection mechanisms or retrieve hidden information.This is an easy level crackme designed for windows systems.
As you can see in the image above the executable asks you for your username and license key. The goal here is to trick the program into accepting our key. This can be done a few different ways.You could reverse engineer the license key algorithm but in this blog we will be patching the executable so it accepts any license key. This is exactly how most cracked software is done.
To do this we will be using x64dbg debugger which is a Windows debugger used to analyze binaries live, letting you step through code, modify instructions, and patch programs on the fly.
As shown in the image above you want to click run until the Module switches to “trydis.exe” . When you first start the debugger it will be in ntd.dll which is something you dont have to worry about.
After running the binary until it hist the Main Thread in the trydis.exe module we can search for strings. I normally search for strings so I can set a break point on that code. From running the binary earlier we know the program asks for your username then license key, so we know those strings should be present. We also know when we fail it says “wrong :(” . Lets look for these strings and set a break point so the program pauses when hitting that section.
Lets stop and think for a second. The platform takes our license key and somehow compares it against the real one. We just need to patch the binary so when it sees a wrong key it marks it as correct. Re run the binary to analyze whats going on.
Run the program until you hit the first break point. You can see its running the “lea” assembly command. Basically this takes the words “username:” and puts it into RAX register. Then it prints that to the screen. A little further down you can see it calling “fgets” which is a c/c++ function that allows you to take user input, so this is where its storing the username we type. It does the same thing for the license key.
After getting the username and license key it takes those values and stores it in rdx,rax,and rcx before calling another function. We can assume that this function is where the license check logic is happening.
Looking at this function I can see the program is checking the length of the username and license key supplied. It wants the license key to be 6 characters and or higher. It also wants the license key to be higher than 8 characters.
I know this because its taking the address of where the username is stored and calling “strelen” which is a c function to count the length of a string. It then uses the “cmp” instruction to compare it against 6. The following line uses the “ja” instruction which stands for “jump if above” so if 6 is above our string length it will jump to the fail logic. It does the same to the license key expect it looking to see if the length is above 8 characters.
Make sure your input always passes this check by making sure the input length matches. However, this blog is about patching so lets just delete the check instead by patching the binary. If the code ends up jumping then it goes to the fail logic, if it doesnt jump then it continues on. Delete the jump by filling it with NOP instructions so it does nothing.
Fill the “ja” and “jbe” instructions with NOP instructions to patch this logic. After doing so it should skip those string length checks. You should now be able to enter any string(username,license key) no matter the length.
Nextit will call another function. This is where the license check logic happens. Looking at this function there is a lot of things going on. We could try to reverse the lincese key algorithm by analyzing the assembly or we can just take the easy route and patch the binary at the last second so it always passes. Looking at the strings again but a break point on “congo ma boy” , thats what it prints if we pass.
Finally run the program until we see that string being called. You can see it in the image below. If we can get to that call we should win the game. Pay close attention to the jump instruction, if it detects our key is wrong it jumps directly to the fail logic, I know this because I can see it jumps directly to loading the “wrong :(” string.
1
So all we have to do is not jump and it will keep going. To do that we can NOP the 3 jne instructions shown in the image above. After doing that continue running the code and you will see our success string(congo ma boy) loaded in RAX.
As you can see in the image above we successfully cracked the program and got it to accept our license key. We could have reversed the algorithm used but in this blog we utilized patching to get the job done. If you ever see cracked software where they bypass the license check they are doing something similar to this
.
Finally, you can save your patched binary to disk. This will allow you to run the binary as normal with your modified code.
Reverse engineering is a powerful skill that lets you dissect how programs work at a low level, especially when analyzing binaries like this CrackMe. With tools like x64dbg, patching becomes simple you can remove license checks, alter behavior, or force success paths. In this example, we bypassed the license validation by modifying jump instructions, effectively cracking the program. This same method is often used to remove license restrictions in real-world software.
