1
00:00:01,110 --> 00:00:04,740
This is a website we download the correct me one.

2
00:00:04,740 --> 00:00:08,020
And if you can recall the two objectives.

3
00:00:08,090 --> 00:00:13,770
The first objective we have already accomplished we have found this hero key and ended it in a nice

4
00:00:13,770 --> 00:00:14,610
box.

5
00:00:14,610 --> 00:00:20,580
Now we are going to go for the second objective which is to bash the FA to always show the Congress

6
00:00:20,580 --> 00:00:23,150
message and the button check is great.

7
00:00:23,940 --> 00:00:33,670
So what it means is for this great me whenever we click on the checkbox it doesn't matter what every

8
00:00:33,690 --> 00:00:37,290
key it has to show the Congress message.

9
00:00:37,290 --> 00:00:38,310
That is the objective.

10
00:00:38,910 --> 00:00:41,550
So we are going to learn how to bash it in this lesson.

11
00:00:41,550 --> 00:00:42,660
Let's get started.

12
00:00:43,370 --> 00:00:47,310
So let's open this uh crime maybe for excessive for BBG

13
00:00:50,520 --> 00:00:54,520
and disgruntled entry point in the entry point.

14
00:00:54,590 --> 00:01:01,920
Now if you have not already done so put a breakpoint point on the string that shows the bent her message

15
00:01:02,880 --> 00:01:10,560
rightly search for current you string references and go to these

16
00:01:13,340 --> 00:01:22,500
message string wrong zero key and here he said putting a breakpoint here put a brake point up here.

17
00:01:22,540 --> 00:01:30,070
This is a junk which decides whether or not to show the Congress message or to jump down and show the

18
00:01:30,630 --> 00:01:31,840
bad message.

19
00:01:32,260 --> 00:01:35,790
So what we want is to have issued a good message.

20
00:01:35,800 --> 00:01:40,820
It means we won this message was to always run instead of this message box.

21
00:01:41,080 --> 00:01:44,900
So obviously we have to bash this gem.

22
00:01:45,040 --> 00:01:48,190
So let's put a brake point here and restart the program.

23
00:01:49,380 --> 00:01:51,580
And run to the right point.

24
00:01:54,710 --> 00:01:58,530
TIME Any anything you want to check in.

25
00:01:58,550 --> 00:02:01,600
It is now past at a break point.

26
00:02:01,670 --> 00:02:03,620
So now this is I mean this.

27
00:02:03,740 --> 00:02:12,990
So if you don't want it to jump down here we have to reverse the zero flight so at a moment if you examine

28
00:02:13,250 --> 00:02:20,910
this it is the arrow key the arrow is red and also indicates down here that it is going to jam.

29
00:02:20,930 --> 00:02:22,090
Jam is taken.

30
00:02:22,110 --> 00:02:26,980
So if we do under jam we just have a dog load as your fly and color goes.

31
00:02:26,980 --> 00:02:27,580
Great.

32
00:02:27,930 --> 00:02:32,230
And then jump is also not taken as indicated here.

33
00:02:32,400 --> 00:02:34,440
So let's try it and see what happens.

34
00:02:34,470 --> 00:02:39,290
Let's press F it and see whether or not the uh Congress message is shown.

35
00:02:39,660 --> 00:02:40,710
Let's press F it.

36
00:02:42,600 --> 00:02:43,760
So he is pushing.

37
00:02:43,770 --> 00:02:45,450
He has pushed you through this thing.

38
00:02:45,510 --> 00:02:50,740
Now he is pushing this and these and these barometers to this day as you can see and I was going to

39
00:02:50,760 --> 00:02:57,380
put a large perimeter This takes all four parameters are pushed to this day one two three four.

40
00:02:57,520 --> 00:03:03,550
And now it is going to call the message box are supposed to call the message box this stridency every

41
00:03:05,020 --> 00:03:07,530
woops nothing happened.

42
00:03:08,110 --> 00:03:12,070
It did not call the message box.

43
00:03:12,070 --> 00:03:13,170
Something random.

44
00:03:13,270 --> 00:03:16,470
So what do you think went wrong.

45
00:03:16,840 --> 00:03:19,710
What duty think been right.

46
00:03:20,130 --> 00:03:23,770
Let's examine this and try to find out the reason why he failed.

47
00:03:24,240 --> 00:03:25,620
So let's we start this

48
00:03:28,970 --> 00:03:32,510
key in the wrong key check.

49
00:03:32,840 --> 00:03:37,280
Now we have to we are back here so to to find out what went wrong.

50
00:03:37,280 --> 00:03:39,770
We are going to repeat what we did just now.

51
00:03:40,010 --> 00:03:44,800
At this point this push zero has already been pushed onto this day.

52
00:03:45,530 --> 00:03:53,040
So it is I mean these this push Zero has been pushed to this day now.

53
00:03:53,050 --> 00:03:58,840
They are going to jam Oh we're not going to jam.

54
00:03:58,850 --> 00:04:00,330
So we have to reverse this.

55
00:04:00,470 --> 00:04:01,940
So we reversed the zero flight.

56
00:04:02,340 --> 00:04:04,640
They're now going to jam press F it.

57
00:04:05,330 --> 00:04:14,720
So we are going to push this next perimeter to this thing that that perimeter which is this Congress

58
00:04:15,650 --> 00:04:22,340
so let's press f it at the moment only this has been pushed it is taken zero.

59
00:04:22,340 --> 00:04:27,080
Now we're going to push this nice ish to this day.

60
00:04:27,080 --> 00:04:30,020
This uh caption press F it.

61
00:04:30,050 --> 00:04:32,550
So Congress is pushing this day.

62
00:04:32,630 --> 00:04:37,550
Now we're going to push we are done to this thing which is is what well done.

63
00:04:37,700 --> 00:04:38,520
Push to this day.

64
00:04:39,350 --> 00:04:48,030
So this press every and done has been pushed to this day and now next we're going to push E X to this

65
00:04:48,030 --> 00:04:52,930
day so he is supposed to be this one

66
00:04:55,620 --> 00:04:58,490
but he said he would use it.

67
00:04:58,530 --> 00:04:59,550
He pushed something else.

68
00:04:59,550 --> 00:05:03,370
It is they is going to push yes.

69
00:05:03,380 --> 00:05:08,210
Which is this value a set of zero is pushing it used to this thing.

70
00:05:08,390 --> 00:05:16,180
Let's take a look at it and pushing this f f f to the state.

71
00:05:16,430 --> 00:05:23,930
Now ever have is not zero obviously f f f is negative one negative 1 is something else.

72
00:05:23,930 --> 00:05:32,030
So according to our analysis is supposed to push zero to the state because there is no parent window.

73
00:05:32,060 --> 00:05:37,640
But instead you push something that a state negative one telling that it has a parent windows know something

74
00:05:37,640 --> 00:05:38,390
has gone wrong.

75
00:05:38,930 --> 00:05:49,420
So in order to fix this we have to push zero to this thing we need to push is E has to be zero not f

76
00:05:49,490 --> 00:05:54,230
f f OK so how do we fix that.

77
00:05:54,280 --> 00:05:56,430
All right so there are two things to fix here.

78
00:05:56,440 --> 00:06:03,310
The first thing they face is this we have to make it not jam.

79
00:06:03,480 --> 00:06:07,890
So to make this turn jam we have to assemble.

80
00:06:07,890 --> 00:06:08,250
No.

81
00:06:08,550 --> 00:06:08,880
No.

82
00:06:08,870 --> 00:06:13,390
Up and would be suitable cleanest and here.

83
00:06:13,450 --> 00:06:18,330
But no no instruction.

84
00:06:18,330 --> 00:06:24,760
So now to check whether the buy is enough or not click keep size.

85
00:06:25,140 --> 00:06:27,650
We see it is smaller by one by.

86
00:06:27,810 --> 00:06:36,600
So no users only one by whereas jam uses to base one buy here two buys.

87
00:06:37,200 --> 00:06:40,530
So you have one spend by seriously.

88
00:06:40,680 --> 00:06:51,450
This feeling is removed is OK and easy to buy says we basically do not find the closest.

89
00:06:51,740 --> 00:06:53,950
Now we have faced a pathway and I suppose we jump.

90
00:06:53,960 --> 00:07:01,760
So he supposed to go here here here but how do we fix the spot where he is supposed to be zero instead

91
00:07:01,760 --> 00:07:02,710
of FFA.

92
00:07:03,400 --> 00:07:03,750
OK.

93
00:07:03,780 --> 00:07:09,820
So notice now you have two spare bikes to use to fix the value of X..

94
00:07:10,040 --> 00:07:15,830
So we can use one of the spare vise here and assembly as a movie instruction.

95
00:07:15,830 --> 00:07:17,530
So let's take a look at this.

96
00:07:17,780 --> 00:07:21,710
And now we are going to move.

97
00:07:21,710 --> 00:07:29,310
We are going to move to x value zero all right.

98
00:07:29,490 --> 00:07:31,080
But we have a problem.

99
00:07:31,240 --> 00:07:33,070
Why we only have two base.

100
00:07:33,350 --> 00:07:35,530
If you click this it give size.

101
00:07:35,550 --> 00:07:38,910
Notice that this instruction is a big over for base.

102
00:07:38,910 --> 00:07:41,090
We only have to base.

103
00:07:41,300 --> 00:07:43,160
We do not have four base.

104
00:07:43,190 --> 00:07:45,980
This movie X requires four base.

105
00:07:46,040 --> 00:07:49,070
So if you were to take if you remove this anklet.

106
00:07:49,130 --> 00:07:49,590
Okay.

107
00:07:49,610 --> 00:07:51,790
You will overwrite this too.

108
00:07:51,810 --> 00:07:54,980
Eddie how the instructions down here which is bad.

109
00:07:55,430 --> 00:07:58,130
So we have to modify this instruction.

110
00:07:58,140 --> 00:08:08,980
So what we do is instead of move 0 2 x they move 0 2 Hey l l like that.

111
00:08:09,550 --> 00:08:13,740
And then he size says fine recession bigger by 1.

112
00:08:14,300 --> 00:08:15,770
OK so that's OK.

113
00:08:15,890 --> 00:08:22,730
So we hope we will be using to base C because here we have to buy.

114
00:08:22,730 --> 00:08:26,310
So there's no problem we say keep size.

115
00:08:26,310 --> 00:08:27,940
Meaning that we only 1 one by.

116
00:08:28,070 --> 00:08:31,990
But he is telling us this is this and that I stand by.

117
00:08:32,250 --> 00:08:35,110
So we can use the next but below it to base.

118
00:08:35,340 --> 00:08:36,750
So that's fine.

119
00:08:36,750 --> 00:08:40,280
So once I mean you know l and what's the difference between L and yes.

120
00:08:41,040 --> 00:08:42,050
So this is a difference.

121
00:08:42,960 --> 00:08:50,190
And this is only the last two bits here l Yes.

122
00:08:50,240 --> 00:08:50,730
Haskell.

123
00:08:50,800 --> 00:08:54,070
All the bits used to.

124
00:08:54,290 --> 00:08:54,640
All right.

125
00:08:54,880 --> 00:09:04,580
So what we need is only just to this by here total you have one by two by three bytes for Vice a hell

126
00:09:05,420 --> 00:09:10,380
uses only the modem and all right.

127
00:09:10,500 --> 00:09:22,710
So it is a X he uses only two bytes one two is L. he uses only one by so this and that's why we use

128
00:09:22,710 --> 00:09:23,000
here.

129
00:09:23,010 --> 00:09:25,510
We trying to save space so a little.

130
00:09:25,770 --> 00:09:27,080
Okay.

131
00:09:27,080 --> 00:09:28,650
All right let's analyze this further.

132
00:09:43,040 --> 00:09:46,180
What I just mentioned was this.

133
00:09:46,550 --> 00:09:47,000
You have.

134
00:09:47,150 --> 00:09:49,260
Yes.

135
00:09:49,470 --> 00:09:55,040
We have a l so e s uses up four bytes

136
00:09:58,340 --> 00:09:59,030
but here

137
00:10:01,670 --> 00:10:06,770
l uses only one byte now here.

138
00:10:07,580 --> 00:10:14,560
So it's enough so we can assemble this and then we only need the lowest basically.

139
00:10:14,570 --> 00:10:15,660
OK.

140
00:10:16,200 --> 00:10:17,660
And there done we've done it.

141
00:10:18,070 --> 00:10:20,240
You move 0 2 L.

142
00:10:20,300 --> 00:10:31,140
So now we can best use by clicking far far Quick fetch.

143
00:10:31,350 --> 00:10:40,570
Having given a new name by appending patch me high please save.

144
00:10:42,650 --> 00:10:50,910
OK now we can test the patch first he closes before we test a patch we close this program and we go

145
00:10:50,910 --> 00:10:56,660
here bash my this.

146
00:10:56,760 --> 00:10:57,750
Now we can test it.

147
00:10:57,750 --> 00:10:59,850
Bash that we have created

148
00:11:06,450 --> 00:11:07,570
yes enter anything

149
00:11:10,310 --> 00:11:19,590
we check shows you are done so that's all for today for this video and uh in this video we have learned

150
00:11:19,590 --> 00:11:28,270
how to bash any program so as to keep showing the congratulations message box no matter what we mean.

151
00:11:28,490 --> 00:11:30,560
So thank you for watching.