2aynizote How to reverse engineer NET applicalions -A quick guide -dotnethoughts How to reverse engineer .NET applications - A quick guide Poste by Arura)(tpsiplus google com/AnuraP} on Felday, August 16,2013 (oneramnereaianenapt ie (Ne smear ieag 3/35)(Whaow ons ip Monetouga Taped ers) In.NET wor allthe assembis are complied into MSIL (Microsot Intermediate Language) The MSIL is converted to machine code by ajustinsime UT) ‘compiler when i's executed. MSIL nehides metadata that proves a wealth of information on the code, NET Framework comes wih varius aol which will help you to view modity RSI. code (Checkour my post Exploring I. Assembler (tp dotnesthoughtsnet/exploring-lrsssembler/), problem with tis approach s you need co bea guruin MSIL tn ths post am explaining che reverse engineering process using ew other tools. You need ta download “TelerkjustDecompl’ It alows you to explore and analyze comple NET assembles, viewing them in Cf VB andi Once you instal Telerik ustDecompll, you naa to downlead“Assemaly tor plugin(erlxi’, using Plugins Manager. Reflex an assembly editor and runs asa plugin for Red Gate's Reflector and Telerit’sustDecompie Refi using Mono.Ceil writen by Jo Evan ard i able to manipulate IL. code and save the mocified assembles to disk Reflex abo supports CRVE.NET code injection. You «can more detas abou Reiext hee (xtplsebastentebretonteeietesli). Now we are ready to reverse engineer ary NET application Here is the code snigpet which lam using for demonstration purposes, punate Formi() c ntefaizeconponent(); 4 (onterine. tow Hour « 12) ‘ ‘tae 46 (oaterine Now tour © 36) ‘ alereet ing-Text = "Goad afternoon * + users > ue elerceting-Toxt = “oad Gverine * © ures > ) Ihave a form with a abel docked in Whe aunehng the appliation, bases on the 8me, wil spay greeting the abel wth the username x Good Morning Anuraj New buld the application, open the executable injust Decompile. Expand the Form? node fom the tree. You can see the code Tike his Sr tape | Ps [00 ¢ somarane @ iglerl 4 Deve 005 — ee akeconset et Horning", aaee)s tercomn i 0 soon tence ‘ i | 3 protected ovesside ae oo dbepontoa) =] amin, ail = privace va tateanisecomonens((E=] — <0 S eeene ant sees a (rod MosIIICRACKING Mow2010%420reverse%i20angineer%20.NET%20applicaions%420-%.20A%.20quick%420guide%20.%420dotnetthoughis him! 142aynizote How to reverse engineer NET applicalions -A quick guide -dotnethoughts Ifyou look ito the code, you cn find a small issue inthe code, eis csplaying Good Evening. after 4PM, and you need to modty ite it should esplay GB a {Evening ont ater 5PM, Lets reverse engineer tha, Click onthe Pligins meni ana select Reflex plugin ana select che method you want co modiy i heverse scenario, ne construcor. Reel plgi illopen up a window on the botom ofthe sereen with few tabs nt ike ths. ‘Stelerik pel HD oe. Genii rls tine ins Soe | R=] oT bande samen teri lie motets “some {pga seiewe sie 10 ene 1) semis “a 4 Font arse 2 Sloe see Giscis atecuce helo renters Jusuae| pane] ghana | Cine | Aten] tn at | at ‘pen vats ene Rane Fatal) “pen passers Feriokokxconr=) cen Samah : pathceoben-nul Look or she value "6, nthe operand colurnn ofthe Reflex Grid. igh ek on the row and select ed. ‘Seater LEBRETONS el ° ‘otster ee | Fetete | Eapi |e | tbe | atom ae ca 5) Satan iat ee ea ae ath cae a [ovgsefeet 1 BrorstineRemere 1] og. Now modify he value rom 16 to 17 nthe Ed exsting instruction alo, “al sta ee ——s]_ Use enon Pupete sasha vate ccm tsk an Aoxanty fe 3} (lek update. Most of te instructions, Ed existing struction dialog wil splay deals. You can eer more from any tutor. Now ge the assembly in Tree ew right lik, Select Reel 1.5, and choose save as. opin. 1 (rod MosIiICRACKINGIHow2010%20reverse%s20angineer%20.NET%20applicaions%420-%.20A%.20quick%420guide%20.%420doInetthoughishiml 242aynizote How to reverse angineer NET applicalions -A quick guide -dotnethoughts EE oom. remem Gomi Goons seo [Toe Fame a 2435 2 Orne engineer: “ot coma CX tee ret + (GB cotemae. apolieston Spoor] | eon sek Pommenn | tetera 3 inet suid) Pitoera Svcmdiwd| | Retasenbyreeewe | Contioinieiteoel] 2 ‘agit feneuantnccriuce Dametogtoae. Perens ; epee") ftncenm — = Oseerermomie: | reo eis » Giese pene [cin sr vee ed waiaie |seeaee= 3] tory [Pan ala) ‘ow svete eb defolt the flname wh be sssemblramepstchedexe Now run the paehed executable ou can se the change Happy reverse engineering Did you lke this article? Share it with your friends Facebook (s/n sacebook.comn/sharershars hp?ushipsdometnoughnethow-toveverengineerretappleavons quis) “Twite theps/fwtercom/homerstausehips/doiettoughs evhowtoreverse-ngines-nevapplcaons- queue) Googles tips in google com/shareurentpiidenethoughtsneUhow-areverse-engneer-netapplkation-e-quckguce? LUnkeain ps? inkenconshareride?nstuedrlehtpi/dotetraughs nehowtoveverse-engineer-netapplcavons-qulgulde fe (ered comvsuomurlshep//dotetoughs nevhowso-everseengineenetaplations quick ude) Stumble pon (tp:#wn stumbsupr.com/submiurlhp/satnethoughtsnev/how toveverseengineernec-applcaton- quickies?) < Sigpe plugin for updating Skype online statusbased on oulook appointments Eror Unable locate package source whe nstaling sul Sus 2012 Crepuidometnougtsnevsiyeplughorupdetngshypeoninesttis Update» (hep: dotnethoughs neverroranabletoloeste-packagesouee basec-on-cutlook-ppoinenen) wale nstalingsisual-susio2012-update 3) 1 (rod MostIICRACKINGIMow2010%20r0verse%s20anginoer%20.NET*%20applicaions%420-%.20A%.20quick%420guide%20.%420dotnetthoughishiml 42asigo1e Comments dotnetthoughts Recommend —E Share @ sian tne ciscussion = Be the fst to comment .90 oN BomnerrHouoRTs Using ASP.NET Core RC2 in Appveyor — dotnetthoughts — a dotnet developer's Anu P— Hope ye instal and running the GLb nner serve, ed ani work ine. Here yy Nps ga. cadet Ul Automation for your Universal(UWP) apps with Appium ~ doinetthoughts ~ @ dotnet . "Nataie— Iran int tho same potem, forme twas caused bythe > craractor spac in"Dissay is 7. There should be two whitespace EX svmcite @ AasdiegntoyoursanasDemakss Pier subscribe Email ncer your emalladaress subserive aechives apn2017 2) How to reverse engineer NET applicalions -A quick guide -dotnethoughts © Ausencio carga.» Son ter apptestion ae suid) How to Send Emails from ASP.NET Core - dotnetthoughts — 2 dotnet developers. Using Response Compression Middleware in ASP.NET Core — Sony |i ed HTML Templates. lam not wang you ean ule fsa — Thank god for your comment | almost go insane yng to ‘igure au es tesa 1 (roo MostI:ICRACKINGIHow2010%20reverse%i20angineer%20. NET%20applicalions%420-%.20A%.20quick%420guide%20.%420dotnetthoughis him! 44