,. net, DES, And. NET Decompilation

Source: Internet
Author: User


For A website, we call it Station A (in the service area of station A). He has put the program of station A Down, And Station A is used. net, he sets up the program of Station A to the local machine, the program can run, and then he wants to find the connection database string for connection, and then start to brush the database, he is on the web of station A source program. find the database connection character in the config file and find that the database is not on server A, but can be connected to server B. When the database is connected, the data is encrypted, the encrypted data is similar to "1LUwUKMRroErMRR0vFD4Ow =". You must say that you can find the background from website A and then add the data... The key issue is here. Website A has no backend and only has the query function. Maybe you will ask, how does the Administrator add data? I don't know about this. Maybe I want to add data to another internal website or add data to the C/S program on a dedicated computer, (after all, this is not an ordinary website, you know ). Well, since we don't know where to add the data, but now we can use the following: 1. We have the database card number and password of server B. 2. The Source Code Compiled by website A is available .. If you do not have the source code of website A, you can find the decryption method and then add data... Hey. Understanding. net users all know that ,. net is the frontend (*. aspx) and background (*. cs), unlike some other websites that are written on pages, when a programmer writes a website, they will publish the website and put the background files (*. cs) all compiled *. dll, that is, all the source files and all the background Code are in *. dll, including our decryption methods, are in *. dll. Speaking of this, some people must be big. What should I do?


Okay, no nonsense. Come with me. Let's talk about my ideas first. We already have website A. website A must have A decryption method, what we need to do now is to find the decryption method, write the encryption method according to the algorithm, and then refresh the database.

OK. Clear thinking. Let's get started,


Step 1: decrypt


Because the decryption method is in *. dll, we will begin to decompile *. dll. We need to find *. dll in the bin directory of website. So which one should we rely on experience?




Let's take a look.


EWebEditorExt. UI. dll. You know, it's definitely not him.

EWebEditorExt. Web. dll is the same as above

FredCK. FCKeditorV2.dll above

MySql. Data. dll mysql, same as above

SoftRoad. IBMS. BLL. dll BLL, experience tells me that it won't be him,

SoftRoad. IBMS. Common. dll is probably his

SoftRoad. IBMS. DAL. dll DAL, experience tells me not to be him

SoftRoad. IBMS. IDAL. dll IDAL, experience tells me not to be him (design mode ,)

SoftRoad. IBMS. Web. dll is probably his

Common. dll is probably his



OK. Now that we have determined the three, all we need to do is decompile the three *. dll files. Start to fry a guy.

The tool we use is “reflector.exe"

: Http://


Let's take a look at the software:




OK. Now we load the two we just found *. dll, open it and look at it. We need to find the encrypted text one by one. The average programmer will write it like "DES" or "Encrypt, it is not ruled out that some programs will be written as "xixi" and "haha. It depends on whether you can meet a programmer with code specifications. I load data one by one. I find it tricky when I find this position .....




I found nothing. There are many encryption methods, such as DES and MD5. Everything is available. Now we have basically found the encrypted file. Now we want to find out which encryption method is used, we will continue to look at the location where he logs in (this is A website I am looking for, not website A, because website A is classified and does not dare, the principle is the same)


We found his login location and confirmed that his encryption method is DES encryption.







We can click DES. EDSEncode to enter the method, and the DES. Keys2 may be a key.




I can't see it, but I have tracked it in. I noted it out. He accepted an encryptKey, And the Keys may still be the key. He began to look for the key.





The Keys2 is under the <connectionStrings> node in web. config.



OK, remember the DES. Keys2 on the login page... This is the one in web. config.




OK. The encryption method is also known as DES .. The encryption code is also available. It is not difficult to write and decrypt it now... You are looking for a file... You will find the decrypted code (experience )...



The above is the decryption code .. The following is the encryption code... Hey .. The encryption and decryption code is available. The key is also available. I don't need to talk about the following. Write a decryption program .. Start to brush the database ..



In fact, many programmers write the two keys to the file and do not write them into web. config. Because they generally do not pay attention to security. Writing to web. config is my habit... Hey, because secondary encryption is available later


Under the C: \ WINDOWS \ Microsoft. NET \ Framework \ v2.0.50727 directory, there is an aspnet_regiis.exe

We can use this method to encrypt the connectionStrings node in the web. config file. This encryption method can only be decrypted on the encrypted computer, but not on other computers. High security.

Encryption command: aspnet_regiis-VF "connectionStrings" "E: \ work \ xahacker \ street poet"

Decryption command: aspnet_regiis-pdf "connectionStrings" "E: \ work \ xahacker \ street poet"



Before encryption:


<Add name = "DES" connectionString = "12345678"/>



After encryption:



<ConnectionStringsconfigProtectionProvider = "RsaProtectedConfigurationProvider">

<EncryptedDataType = ""

Xmlns = "">

<EncryptionMethodAlgorithm = ""/>

<KeyInfo xmlns = "">

<EncryptedKey xmlns = "">

<EncryptionMethod Algorithm = ""/>

<KeyInfo xmlns = "">

<KeyName> Rsa Key </KeyName>



<CipherValue> signature/bZq1itnH6Bohd4/Signature/SflTs5K3mAcner + 69NcDh3fagh7 + tazcwatg169tyauosv9tajr + Signature = </CipherValue>





<CipherValue> wwvPtbu + cQ1A/wGBIquLQLXSQ7b8VxOLCaDWdfXZ + T62BdHhWKLM8BXkw8Ti8YS/authorization + lPzOw8UGjfylM = </CipherValue>





Reprint please declare the Source: Street head publisher's blog

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.