Unlocking MarkdownPad 2

MarkdownPad is a is a full-featured Markdown editor for Windows. Actually is a very nice one, sadly only the professional version has the GitHub Markdown support and a bunch of other features. So, i decided to make a little change on the executable just to have a taste of the professional version.

MarkdownPad 2 Free - Limitations

Declaimer:

I am not responsible for the misuse of the material you are about to see. 

This article is only for educational purposes.

Hands on...

Tools needed:

• .NET Decompiler (Reflector.NET, ILSpy);
• IDA;
• Hex editor (anyone).

Open MarkdownPad.exe with the decompiler, look around just to have some understanding about the application. Open the License Engine, partially the "VerifyLicense" method which looks like this...

As you can see, in the very first verification if the license key or the email are empty or null our license is invalid, which is our the case. So, the strategy is very simple, we will modify the "return false;" to "return true;", easy, one byte patch.

Let's open MardownPad with IDA and locate the hexadecimal sequence to the our "return false;".

To easily locate the "VerifyLicense" method just focus the "Function Window" and press ALT-T. After you locate the method, let's take a look to the mnemonics...

	# Load method argument 1 onto the stack.
	ldarg.1
	# Verify if licenseKey is not null or empty
	call bool [mscorlib]System.String::IsNullOrEmpty(string)
	# Branch to target if value is non-zero (true), short form.
	# if the method IsNullOrEmpty returns anything except 0 the application execution will go to loc_3110
	brtrue.s loc_3110
	# Load method argument 2 onto the stack.
	ldarg.2
	# Verify if licenseKey is not null or empty
	call bool [mscorlib]System.String::IsNullOrEmpty(string)
	# Branch to target if value is zero (false), short form.
	# if the method IsNullOrEmpty returns 0 the application execution will go to loc_3112
	brfalse.s loc_3112
	loc_3110:
	# Push 0 onto the stack as int32.
	# This is our "return false;" -> opcode 0x16
	# "return true;" -> opcode 0x17
	ldc.i4.0
	ret
	loc_3112:
	.try {
	ldarg.0
	...
	# code...

view raw gistfile1.cs hosted with ❤ by GitHub

A very nice list of CIL instructions.

So the idea is really simple, just change the byte 0x16 to 0x17. Switch to the hex editor in the "ldc.i4.0"...

Search for the selected pattern "16 2A 02 02 ..." in the hex editor...

Now, just change the 0x16 to 0x17 (which means "ldc.i4.1") and save the file. To verify the modification open again the MarkdownPad executable with your .NET decompiler and you should see something like this in the "VerifyLicense" method...

All done! :)

Support the developers, if you want MarkdownPad 2 Pro, just go to this page (it's only 15$).

My DD

Here's a pretty simple dd in ANSI C.
I am really planning do more with it, like the dd for linux!

Code (Very much simplistic)

	// by iamjuza, iamjuza [at] gmail [dot] com, 2012
	#include "commons.h"
	#include <stdio.h>
	int main(int argc, char** argv)
	{
	if (argc == 3)
	{
	FILE* pFileIf;
	FILE* pFileOf;
	PUBYTE pBuffer;
	UDWORD dwLength;
	pFileIf = fopen(*(argv + 1) ,"rb");
	pFileOf = fopen(*(argv + 2) ,"wb");
	if (NULL == pFileIf)
	{
	perror("Error: If not valid ");
	exit(1);
	}
	if (NULL == pFileOf)
	{
	perror("Error: Of not valid ");
	exit(2);
	}
	pBuffer = (PUBYTE) malloc(MAX_PATH * sizeof(PUBYTE));
	if (NULL == pBuffer)
	{
	perror("Error: Can't alloc the required memory ");
	exit(3);
	}
	while(dwLength = fread(pBuffer, 1, MAX_BUFFER, pFileIf))
	fwrite(pBuffer, 1, dwLength, pFileOf);
	fclose(pFileIf);
	fclose(pFileOf);
	free(pBuffer);
	}
	else
	{
	printf("Please CAUTION!"
	"\nUsage: %s <if> <of>\n", *(argv));
	}
	return 0;
	}

view raw gistfile1.c hosted with ❤ by GitHub

Example:

Output:

Download the full code here!

Enjoy!

HashCheck

HashCheck is a very good alternative to FCIV which a posted in this blog some days ago.

HashCheck offers a very nice integration with Windows Explorer, placing a Checksum tab in the file/directory properties, which is very convinient.

Download here!

My md5sum

This is a little example of a md5 sum application, using the Hash lib.

	#include "commons.h"
	#include "Hash.h"
	#include <stdio.h>
	int main(int argc, char** argv)
	{
	if (argc == 2)
	{
	PHASH lpHash = {0};
	if (newHash(&lpHash))
	{
	PCUBYTE pszHash = lpHash->md5File((PCUBYTE)*(argv + 1));
	if (pszHash)
	printf("[%s] %s", *(argv + 1), pszHash);
	else
	perror("Error : File not found : ");
	}
	else
	perror("Error : Can't create a hash object : ");
	}
	else
	perror("Error : Specify a file : ");
	return 0;
	}

view raw gistfile1.c hosted with ❤ by GitHub

Get a md5 sum of a entire device, here's a screenshoot.

Download Source

Enjoy!

HashLib 0.1

Here's the new version of the Hash Lib, still compatible with windows, linux, and mac!

The new features added were:
- Correct some minor bugs;
- Now you can get a hash of a file, with every algoritm! (Support large files!)

Download Source

Example:

	// by juza - iamjuza [at] gmail [dot] com
	#include "Hash.h"
	#include "commons.h"
	#include <stdio.h>
	int main(void)
	{
	PHASH lpHash = {0};
	if (newHash(&lpHash))
	{
	printf("------------\n");
	printf("CRC-16 : %s\n", lpHash->crc16File((PCUBYTE)"example.exe"));
	printf("crc16ccitt : %s\n", lpHash->crc16ccittFile((PCUBYTE)"example.exe"));
	printf("CRC-32 : %s\n", lpHash->crc32File((PCUBYTE)"example.exe"));
	printf("CRC-64 : %s\n", lpHash->crc64File((PCUBYTE)"example.exe"));
	printf("------------\n");
	printf("GOST : %s\n", lpHash->gostFile((PCUBYTE)"example.exe"));
	printf("------------\n");
	printf("MD2 : %s\n", lpHash->md2File((PCUBYTE)"example.exe"));
	printf("MD4 : %s\n", lpHash->md4File((PCUBYTE)"example.exe"));
	printf("MD5 : %s\n", lpHash->md5File((PCUBYTE)"example.exe"));
	printf("------------\n");
	printf("haval128p3 : %s\n", lpHash->haval128p3File((PCUBYTE)"example.exe"));
	printf("haval128p4 : %s\n", lpHash->haval128p4File((PCUBYTE)"example.exe"));
	printf("haval128p5 : %s\n", lpHash->haval128p5File((PCUBYTE)"example.exe"));
	printf("haval160p3 : %s\n", lpHash->haval160p3File((PCUBYTE)"example.exe"));
	printf("haval160p3 : %s\n", lpHash->haval160p4File((PCUBYTE)"example.exe"));
	printf("haval160p5 : %s\n", lpHash->haval160p5File((PCUBYTE)"example.exe"));
	printf("haval192p3 : %s\n", lpHash->haval192p3File((PCUBYTE)"example.exe"));
	printf("haval192p4 : %s\n", lpHash->haval192p4File((PCUBYTE)"example.exe"));
	printf("haval192p5 : %s\n", lpHash->haval192p5File((PCUBYTE)"example.exe"));
	printf("haval224p3 : %s\n", lpHash->haval224p3File((PCUBYTE)"example.exe"));
	printf("haval224p4 : %s\n", lpHash->haval224p4File((PCUBYTE)"example.exe"));
	printf("haval224p5 : %s\n", lpHash->haval224p5File((PCUBYTE)"example.exe"));
	printf("haval256p3 : %s\n", lpHash->haval256p3File((PCUBYTE)"example.exe"));
	printf("haval256p4 : %s\n", lpHash->haval256p4File((PCUBYTE)"example.exe"));
	printf("haval256p5 : %s\n", lpHash->haval256p5File((PCUBYTE)"example.exe"));
	printf("------------\n");
	printf("SHA128 : %s\n", lpHash->sha128File((PCUBYTE)"example.exe"));
	printf("SHA224 : %s\n", lpHash->sha224File((PCUBYTE)"example.exe"));
	printf("SHA256 : %s\n", lpHash->sha256File((PCUBYTE)"example.exe"));
	printf("SHA384 : %s\n", lpHash->sha384File((PCUBYTE)"example.exe"));
	printf("SHA512 : %s\n", lpHash->sha512File((PCUBYTE)"example.exe"));
	printf("------------\n");
	printf("RIPEMD-128 : %s\n", lpHash->ripemd128File((PCUBYTE)"example.exe"));
	printf("RIPEMD-160 : %s\n", lpHash->ripemd160File((PCUBYTE)"example.exe"));
	printf("------------\n");
	printf("Tiger : %s\n", lpHash->tigerFile((PCUBYTE)"example.exe"));
	printf("------------\n");
	printf("Whirlpool : %s\n", lpHash->whirlpoolFile((PCUBYTE)"example.exe"));
	printf("------------\n");
	closeHash(lpHash);
	}
	return 0;
	}

view raw gistfile1.c hosted with ❤ by GitHub

File Checksum Integrity Verifier

It's rare when i post something that isn't from my authority but there is always an exception to the rule.

The File Checksum Integrity Verifier (FCIV) is a command-prompt utility that computes and verifies cryptographic hash values of files. FCIV can compute MD5 or SHA-1 cryptographic hash values. These values can be displayed on the screen or saved in an XML file database for later use and verification.

Which is very nice!

Some examples:

fciv.exe c:\mydir\myfile.dll
fciv.exe c:\ -r -exc exceptions.txt -sha1 -xml dbsha.xml
fciv.exe c:\mydir -type *.exe
fciv.exe c:\mydir -wp -both -xml db.xml

More useful one;

To create the database and to save it to the C:\Temp directory, type the following command:

fciv.exe -add %systemroot% -r -XML c:\temp\windows-hashes.XML


To list the contents of the database to the console, type the following command:
fciv.exe -list -XML c:\temp\windows-hashes.XML


To verify the contents of the XML database against the current file system files, type the following command:
fciv -v -XML c:\temp\windows-hashes.XML

The application can be found here.

HashLib

Here's my new Hash Lib, built again in Ansi C OOP. The lib is compatible with windows, linux, and mac too!
Every hash algorithm has a little cosmetic change, just to uniform all hash algorithm implementations. It doesn't have all hash algoritms, but i think that it has all the most important ones.


Download Source

Example:

	// by juza - iamjuza [at] gmail [dot] com
	#include "Hash.h"
	#include "libdefs.h"
	#include <stdio.h>
	int main(void)
	{
	PHASH lpHash = {0};
	if (newHash(&lpHash))
	{
	printf("------------\n");
	printf("CRC-16 : %s\n", lpHash->crc16((PCUBYTE)"Juza", strlen("Juza")));
	printf("crc16ccitt : %s\n", lpHash->crc16ccitt((PCUBYTE)"Juza", strlen("Juza")));
	printf("CRC-32 : %s\n", lpHash->crc32((PCUBYTE)"Juza", strlen("Juza")));
	printf("CRC-64 : %s\n", lpHash->crc64((PCUBYTE)"Juza", strlen("Juza")));
	printf("Adler-32 : %s\n", lpHash->adler32((PCUBYTE)"Juza", strlen("Juza")));
	printf("------------\n");
	printf("GOST : %s\n", lpHash->gost((PCUBYTE)"Juza", strlen("Juza")));
	printf("------------\n");
	printf("MD2 : %s\n", lpHash->md2((PCUBYTE)"Juza", strlen("Juza")));
	printf("MD4 : %s\n", lpHash->md4((PCUBYTE)"Juza", strlen("Juza")));
	printf("MD5 : %s\n", lpHash->md5((PCUBYTE)"Juza", strlen("Juza")));
	printf("------------\n");
	printf("haval128p3 : %s\n", lpHash->haval128p3((PCUBYTE)"Juza", strlen("Juza")));
	printf("haval128p4 : %s\n", lpHash->haval128p4((PCUBYTE)"Juza", strlen("Juza")));
	printf("haval128p5 : %s\n", lpHash->haval128p5((PCUBYTE)"Juza", strlen("Juza")));
	printf("haval160p3 : %s\n", lpHash->haval160p3((PCUBYTE)"Juza", strlen("Juza")));
	printf("haval160p3 : %s\n", lpHash->haval160p4((PCUBYTE)"Juza", strlen("Juza")));
	printf("haval160p5 : %s\n", lpHash->haval160p5((PCUBYTE)"Juza", strlen("Juza")));
	printf("haval192p3 : %s\n", lpHash->haval192p3((PCUBYTE)"Juza", strlen("Juza")));
	printf("haval192p4 : %s\n", lpHash->haval192p4((PCUBYTE)"Juza", strlen("Juza")));
	printf("haval192p5 : %s\n", lpHash->haval192p5((PCUBYTE)"Juza", strlen("Juza")));
	printf("haval224p3 : %s\n", lpHash->haval224p3((PCUBYTE)"Juza", strlen("Juza")));
	printf("haval224p4 : %s\n", lpHash->haval224p4((PCUBYTE)"Juza", strlen("Juza")));
	printf("haval224p5 : %s\n", lpHash->haval224p5((PCUBYTE)"Juza", strlen("Juza")));
	printf("haval256p3 : %s\n", lpHash->haval256p3((PCUBYTE)"Juza", strlen("Juza")));
	printf("haval256p4 : %s\n", lpHash->haval256p4((PCUBYTE)"Juza", strlen("Juza")));
	printf("haval256p5 : %s\n", lpHash->haval256p5((PCUBYTE)"Juza", strlen("Juza")));
	printf("------------\n");
	printf("SHA128 : %s\n", lpHash->sha128((PCUBYTE)"Juza", strlen("Juza")));
	printf("SHA224 : %s\n", lpHash->sha224((PCUBYTE)"Juza", strlen("Juza")));
	printf("SHA256 : %s\n", lpHash->sha256((PCUBYTE)"Juza", strlen("Juza")));
	printf("SHA384 : %s\n", lpHash->sha384((PCUBYTE)"Juza", strlen("Juza")));
	printf("SHA512 : %s\n", lpHash->sha512((PCUBYTE)"Juza", strlen("Juza")));
	printf("------------\n");
	printf("RIPEMD-128 : %s\n", lpHash->ripemd128((PCUBYTE)"Juza", strlen("Juza")));
	printf("RIPEMD-160 : %s\n", lpHash->ripemd160((PCUBYTE)"Juza", strlen("Juza")));
	printf("------------\n");
	printf("Tiger : %s\n", lpHash->tiger((PCUBYTE)"Juza", strlen("Juza")));
	printf("------------\n");
	printf("Whirlpool : %s\n", lpHash->whirlpool((PCUBYTE)"Juza", strlen("Juza")));
	printf("------------\n");
	closeHash(lpHash);
	}
	return 0;
	}

view raw gistfile1.c hosted with ❤ by GitHub

PEFile Lib

Here's my new PEFile Lib, is propose is just read PE files only, is written in OOP C which is really nice.
It doesn't support PE based on 64 bits architecture, yet! (tomorrow)

Download Source

Little example to show how it works. You could import the lib our just copy/paste into your project.

	#include "PEFile.h"
	#include <windows.h>
	#include <stdio.h>
	int main(int argc, char** argv)
	{
	if ( argc == 2)
	{
	PPEFILE lpPEFile;
	LPTSTR lpszError;
	DWORD lpAccess = (GENERIC_READ | GENERIC_WRITE);
	if (newPEFile(&(*(argv + 1)), &lpPEFile, lpAccess, &lpszError))
	{
	PIMAGE_SECTION_HEADER *pISHS;
	printf("File name : %s\n", lpPEFile->lpcszFileName);
	printf("File path : %s\n", lpPEFile->lpcszFullPath);
	printf("DosHeader->e_lfanew : 0x%08X\n", lpPEFile->getDosHeader(&lpPEFile)->e_lfanew);
	printf("Number of Sections : 0x%08X\n", lpPEFile->getFileHeader(&lpPEFile)->NumberOfSections);
	printf("Number of Rvas : 0x%08X\n", lpPEFile->getOptionalHeader(&lpPEFile)->NumberOfRvaAndSizes);
	printf("Sections:\n");
	pISHS = lpPEFile->getSectionHeaders(&lpPEFile);
	{
	UINT i = 0;
	for (i = 0; i < lpPEFile->getNumberOfSections(&lpPEFile); i++, pISHS++)
	{
	printf("%8s 0x%08X 0x%08X\n", (*pISHS)->Name, (*pISHS)->PointerToRawData, (*pISHS)->SizeOfRawData);
	}
	}
	closePEFile(lpPEFile);
	}
	else
	{
	printf("%s", lpszError);
	}
	return EXIT_SUCCESS;
	}
	return EXIT_FAILURE;
	}

view raw gistfile1.c hosted with ❤ by GitHub