Security model of the .net framework and how to defeat it. Part 1 Basics
In this mini series, I will discuss the microsoft .net framework security model. I recommend the following readings as introduction material to understand .net security model.
.net IL using ildasm and ilasm
Part 1 - Learn to break a .NET Assembly:
http://www.codeproject.com/dotnet/NeCoder01.asp
Part 2 - Learn to protect your .NET assemblies from being tampered:
http://www.codeproject.com/dotnet/NeCoder02.asp
Part 3 - Learn to break Strong Name .NET Assemblies:
http://www.codeproject.com/dotnet/NeCoder03.asp
Understanding, programming and debugging IL .net application:
Part 1 Introduction
http://www.devcity.net/net/article.aspx?alias=msil_1_intro
Part 2 A short description and .NET application
http://www.devcity.net/net/article.aspx?alias=msil_2_dotnet
Part 3 Debugging
http://www.devcity.net/Articles/57/msil_3_debug.aspx
Tools (It can be said, a hacker is as good as his tools)
New tool:
.NET decompiler
http://www.aisto.com/Roeder/DotNet
ildasm and ilasm (decompiler and compiler of intermediate language)
Old friends:
LORD PE (examine and modify PE header)
WINHEX (examine and modify binary file in hex mode)
REGEDIT (studying protection scheme used by certain softwares)
Now, there are 2 ways to actually patch a .net binary file, the first way is to directly patch the binary file with a hex editor; the second way is to decompile/modify/compile .net intermediate language (IL). Both approaches works equally well and the details of both methods are discussed in the URL links I provided.
http://groups.google.co.uk/group/microsoft.public.dotnet.security/browse_frm/thread/268e8fab2a7124df/bf09582265c8f154?hl=en&lr=&rnum=2&prev=/groups%3Fq%3DRahul%2BKumar%2Bgroup:*security*%26hl%3Den%26lr%3D%26selm%3D%2523UDXSOX0EHA.3820%2540TK2MSFTNGP11.phx.gbl%26rnum%3D2#bf09582265c8f154
Discusses the method used in this article
http://msdn.microsoft.com/msdnmag/issues/02/03/PE2/default.aspx
Has a section of .NET header in figure 10.
http://www.atrevido.net/blog/CommentView.aspx?guid=f772c18a-f389-4c28-bd6a-a30f4ccc84f5
Details on how to crack .net protection.
http://woodmann.net
For the old schools.
.net IL using ildasm and ilasm
Part 1 - Learn to break a .NET Assembly:
http://www.codeproject.com/dotnet/NeCoder01.asp
Part 2 - Learn to protect your .NET assemblies from being tampered:
http://www.codeproject.com/dotnet/NeCoder02.asp
Part 3 - Learn to break Strong Name .NET Assemblies:
http://www.codeproject.com/dotnet/NeCoder03.asp
Understanding, programming and debugging IL .net application:
Part 1 Introduction
http://www.devcity.net/net/article.aspx?alias=msil_1_intro
Part 2 A short description and .NET application
http://www.devcity.net/net/article.aspx?alias=msil_2_dotnet
Part 3 Debugging
http://www.devcity.net/Articles/57/msil_3_debug.aspx
Tools (It can be said, a hacker is as good as his tools)
New tool:
.NET decompiler
http://www.aisto.com/Roeder/DotNet
ildasm and ilasm (decompiler and compiler of intermediate language)
Old friends:
LORD PE (examine and modify PE header)
WINHEX (examine and modify binary file in hex mode)
REGEDIT (studying protection scheme used by certain softwares)
Now, there are 2 ways to actually patch a .net binary file, the first way is to directly patch the binary file with a hex editor; the second way is to decompile/modify/compile .net intermediate language (IL). Both approaches works equally well and the details of both methods are discussed in the URL links I provided.
http://groups.google.co.uk/group/microsoft.public.dotnet.security/browse_frm/thread/268e8fab2a7124df/bf09582265c8f154?hl=en&lr=&rnum=2&prev=/groups%3Fq%3DRahul%2BKumar%2Bgroup:*security*%26hl%3Den%26lr%3D%26selm%3D%2523UDXSOX0EHA.3820%2540TK2MSFTNGP11.phx.gbl%26rnum%3D2#bf09582265c8f154
Discusses the method used in this article
http://msdn.microsoft.com/msdnmag/issues/02/03/PE2/default.aspx
Has a section of .NET header in figure 10.
http://www.atrevido.net/blog/CommentView.aspx?guid=f772c18a-f389-4c28-bd6a-a30f4ccc84f5
Details on how to crack .net protection.
http://woodmann.net
For the old schools.
posted by Fei Liu | 2:02 PM
<< Home