Offline VDanalyzer.exe

First of all lets start explaining how i got in to this.

I have a Vision drive black box VD 3000 and always create a backup’s of the files i had on the SD card.
But every time when i needed to view the files i needed to go back to the car and retrieve the card.
After going back an forward to the car A LOT.  I got frustrated over the fact that i needed the SD Card for this.

My interest in reverse engineering and IT security led me to this solution.
At a certain moment i was thinking about a video i saw before.
This was about hacking the security password software of an Kensington USB stick.

That video explained that you could use OllyDBG to bind to the process.
When it was bound to the process and entered a wrong password you would receive a error message.

The text string in the error message was needed for a search on it in OllyDBG.
When you did found the text string in OllyDBG and follow the process from that specific text string.

You can write out that check in the program.

When i followed the text string in VDanalyzer.exe, i saw the jumps in the program lines and how it did the checks in the program.

That showed the requirements for SD Card and password that where needed to enter the actual VDanalyzer program.
I then filled that specific check with NOPs and saved the file.

And no shit “it worked“. I was amazed about my achievement.
See the below youtube video on how it actually works

Please note that this would not work on all random programs *.exe files as some are  encrypted and need to be decrypted first and OllyDBG could need a plugin to do other programs

After my movie almost a year ago Lachlan Miskin picked this up again.
He did a full write up on how to do this and confirmed that this was working with the newer versions of the Vision Drive devices Vision Drive VD-8000HDS/400R.
Actually, after viewing his screenshots that part of the code has not been changed.
And Geocross still does not encrypt their *.exe files :).