(04-21-2015, 07:18 AM)deivymg2 Wrote: this is new for me...can anybody show me how to use ollydbg to crack lazypressing
Well, I don't think you're supposed to grave-dig threads like that, but nevertheless, I will provide some information for you.
As others have previously mentioned, OllyDbg is a tool that allows you to view and modify an application's assembly as it is executing. The tool allows you to do things like removing/modifying if-statements, skipping function, deleting code, changing values, and more. In my opinion, that's really all you need to know, but I'll give you a little bit more information in case you still do not understand.
Many average developers are not overly knowledgeable when it comes to security. Because of their lack of knowledge about secure programming/development, they will, metaphorically, only put 1 lock on their application. It sounds like this is case with Lazy Pressing.
Consider this example code written in C:
Most developers would view that as a secure login. It checks with an external server. If the server doesn't reply, the login fails. If the server sends back an unknown message, the login fails. If the server sends back "invalid", the login fails. And the login will only succeed if the server sends back "valid user". So, in theory, this is secure. However, in practice this would be insecure.
A malicious user running OllyDbg could exploit this in several ways. The user could force all conditions to return IS_PREMIUM. The user could skip/delete the condition checks and just return IS_PREMIUM. The user could set userPremiumResp equal to "invalid" so if the server returns "invalid", the application views that as the access granted message. The user also could change "if( strcmp(...) == 0 )" to "if( strcmp(...) != 0 )" to force the application to view a consider anything other than "valid user" as the access granted message. And there are numerous other ways a malicious user could force the application to login.
From what I gather based on this thread, it seems Lazy Pressing has a security error similar to this. So, by using OllyDbg, you can find and exploit the security flaw to allow you access to the bot.
I hope that helps.
Best regards,
Spencer