Nothing beats a concrete example to illustrate what a decompiler reveals. Here we take a "CrackMe" — a small program designed as a reverse engineering challenge — and show how VBReFormer lays bare its validation mechanism. The goal is educational: learning how to read decompiled code.
What decompilation reveals
Once the binary is opened, analysis shows that the validation key is generated from three elements: the user's name, the current date and the current time. The algorithm combines these inputs to produce a time-sensitive key. We also spot a Label4 control displaying "Registered user!" on success, and a Timer1 that checks every second for a debugger.
The core of the logic
The Command1_Click() function contains the whole validation. Here is the code reconstructed by the decompiler:
Private Sub Command1_Click()
var_pv10 = Text1.Text
var_pv13 = Date$ & " " & Time$
For var_pv14 = 1 To Len(var_pv13) Step 1
If IsNumeric(Mid$(var_pv13, CLng(var_pv14), 1)) Then
var_pv15 = Asc(Mid$(var_pv13, CLng(var_pv14), 1))
If var_pv14 <= Len(var_pv10) Then
var_pv16 = Str(Asc(Mid$(var_pv10, CLng(var_pv14), 1)))
var_pv16 = Right$(var_pv16, 1)
var_pv16 = Val(var_pv16)
End If
var_pv18 = var_pv18 & Chr$(CLng(var_pv15 + 17 + var_pv16))
var_pv18 = var_pv18 & Chr$(CLng(var_pv15 + 17 + var_pv16 * 2))
End If
Next var_pv14
For var_pv14 = 1 To 24 Step 4
var_pv19 = var_pv19 & Mid$(var_pv18, CLng(var_pv14), 4) & "-"
Next var_pv14
var_pv20 = Len(var_pv19) - 1
var_pv19 = Mid$(var_pv19, 1, var_pv20)
Text2.Text = var_pv19
End Sub
Variable names like var_pv10 are generated by the decompiler, since compiled binaries carry no symbolic names — but the logical structure is perfectly readable: you can follow the key being built character by character, then formatted into blocks of four separated by dashes.
The security lesson
The analysis also reveals a classic weakness: validation compares strings using VB's Like operator. But that operator interprets wildcards. Entering * as the key therefore satisfies the pattern regardless of the name and at any time. A useful reminder: pattern matching is never a reliable authentication check.
What this example demonstrates
Beyond the challenge, the value is seeing firsthand what Native Code decompilation makes possible: reconstructing complete, readable, annotatable business logic from the executable alone. That's exactly what companies need when they have to maintain a VB6 application whose source code is gone.
This article is provided for educational purposes, analyzing a program built and published for that exercise. Always make sure you hold the necessary rights to the software you analyze.