0

I have got a PE executable file *.exe (32-bit), which is an small application (2.6Mb) to update firmware software of TV device. However, the update mechanism was only available up to 2013-03-12. I want to hack this executable just for pleasure. I'm trying to find this expiration date in file hexdump using PE Explorer, and replace it by some date in future to make this program work.

I found this article about binary date format:

binary date format

I am trying to find something like this value:

2013-03-xx: 0x713xxxxx

Is this a good approach to solve my task? Any suggestions? Do you know any others tools for hexdump that may be useful?

Best regard, WP

Community
  • 1
  • 1
sgnsajgon
  • 664
  • 2
  • 13
  • 56
  • You're assuming that the date is stored in the binary header, or in some format you'll recognize, which is an invalid assumption. (Different languages define dates using different terms, epochs, etc.) There's no guarantee that any of the content you're looking at is actually a date value. (Windows COM, for instance, uses a value of 0 to represent `1900-0-0', which is different from a C time value, which starts in 1970 IIRC.) – Ken White Mar 15 '13 at 22:46

2 Answers2

2

There are likely a lot of values of the form 0x713xxxxx -- 2.6 MB might be larger than you've thought when you start looking through it more or less at random (you don't actually know that the application uses this date format internally).

The conventional approach to deal with this sort of problem is to use a tool to step through the program, examining the code that is executing, until you find the point where the check occurs. Then simply disable the check so that it always fails -- by altering the date, or simply by altering the code.

A popular tool for stepping through code that you do not control is the Interactive Dissassembler, IDA. You can download a freeware version of it here: https://www.hex-rays.com/products/ida/support/download_freeware.shtml

It might be harder than you think to do what you want, but you'll almost certainly learn a lot by trying.

Be aware of the legal issues you may be getting yourself into by making modifications to someone else's binaries, particularly if you distribute them afterwards.

svk
  • 5,854
  • 17
  • 22
1

dumpbin is a good PE parser (but if I were you, I won't do such kind of time stamp hacks :))

Shmil The Cat
  • 4,548
  • 2
  • 28
  • 37