. Net "cracking": how to use an assembly without a private key?

. Net "cracking": how to use a method without a private keyProgramSet?

Keywords:. net, assembly, cracking, crack, strongkey, strong name, signature, public key, private key, devexpress, dxperience

It seems it is time to write a special articleArticleThis section describes how to use an assembly without a private key. Devexpress is released recently. net. in the articles V3 for 2003 Chinese package and dxperience 6.2.4-2005 cracking research, both indirectly mentioned "using an assembly without a private key", which attracted the attention of some netizens.

If you do not know some terms in this article, refer to the corresponding webpage:
◆ Assembly with strong names
◆ How: sign the Assembly (Visual Studio)
◆ How: delay is set signature (Visual Studio)
◆ Global Assembly Cache
◆ Global Assembly Cache tool (gacutil.exe)
◆ Powerful name tool (sn.exe)

The origin of an assembly without a private key:
◆ The delayed Signature Option [Assembly: assemblydelaysign (true)] is used in the project. The file generated by the project does not have a private key;
◆ The. Il file generated by the ildasm tool is decompiled. After ilasm is compiled, the generated file does not have a private key;
◆ Foreign tools, such as passolo and visual localize, do not have private keys for the locally generated resource file assembly;
◆ A public key file extracted from the Sn-e option is used;
◆ Other channels ......

On the Assembly page with a strong name, we can see the following description:

Strong names depend on unique key pairs to ensure the uniqueness of names.No one will generate the same Assembly name as you generateBecause the name of the Assembly generated with one private key is different from that of the Assembly generated with another private key.

Strong names protect the version of the Assembly.Strong names ensure that no one can generate subsequent versions of your Assembly. Users can be confident that the version of the Assembly they load comes from the same publisher who created the version (the application is generated using this version.

Strong names provide reliable integrity checks.After the. NET Framework security check, you can make sure that the Assembly content has not been changed after it is generated.. However, a strong name or a strong name does not imply a level of trust, for example, the trust provided by a digital signature and a certificate.

Okay. We should stop looking at the above information. However, the following words in the powerful name tool (sn.exe) make us more eager:

-VRAssembly[Userlist] [Infile]

RegisterAssemblyTo skip verification. Alternatively, you can specify a list of user names separated by commas. If you specifyInfile, Verify that it is enabled,InfileThe public key in is used for verification. Yes*, StrongnameTo register all the assembly with the specified strong name. StrongnameA string of hexadecimal numbers should be specified to represent the public key in the form of a tag. See-TAnd-TOption to display the Public Key tag. Warning Use this option only during development. Adding an assembly to the skip verification list will result in a security vulnerability. If an assembly is added to the skip verification list, malicious assembly can hide its identity by using the fully qualified assembly name of the Assembly, the fully qualified assembly name consists of the Assembly name, version, culture, and public key tag. This allows the malicious assembly to skip verification.

See? Sn-VR is our breakthrough. Now you have an eye on your face. OK, please do it !!!

Followed by dxperience 6.2.4-2005. After compilation using ilasm(Note: Do not use the/key parameter)The Assembly does not have a private key, which is generally unavailable. To use the tool, you must register it as skip verification in the strong name tool.

The procedure is as follows:
1. OpenSDKCommand Prompt window, that is, "Start Menu-Program-Microsoft Visual Studio 2005-Visual Studio Tools-Visual Studio 2005 command prompt ";
2. Enter the "Sn-VR *" command to register skip verification for all the assembly;
3. Enter the command "gacutil/I <assemblyfile>/F" to install the Assembly into the global assembly cache;
4. Enter the command "Sn-vu *" to cancel all the assembly and do not skip verification.

At this point, your program has been installed in the Global Assembly Cache, and other projects can be used. Even if you cancel all skip verification and restart the computer, the Assembly is still valid. You said, Will dxperience be "cracked?

 

Netken