Developers sometimes embeds server data into the application. In the case, security flaws may occur. We will see that now. I created a test project. Details below;
The project was created with Delphi. Free mysql hosting was used. Scenario in this way: Developer use upx compress. Database is MySQL. MySQL connection information embeds in the application. There is a button in the application. This button, MySQL server was connect. The application view is like this:
Compiler: Delphi, Rad Studio.
How can I obtain the above summary information?
You can use DIE (Detect It Easy) for this information. DIE is an application analysis tool.
As you can see, the application shows us that it is compressed with UPX. In addition, there is information that it was compiled with Delphi. Ok now let's move on. First, let's think about what we need to do. In the first step, we need to free it from UPX compression and then take it to the laboratory to continue our analysis. So how do we do this? Very simple! The unpacker code of the UPX tool is as follows:
upx.exe -d executablefile.exe
Now we will see that the size of the executable file has increased and when we throw the DIE application again, the UPX expression will be removed. We are switching to another tool. x64dbg/x32dbg; This tool allows us to analyze the application, make detections with breakpoints within the application, and most importantly, make changes with assembly. So a debugger!