Unfinished. net Component cracking

In a recent project, a third control is required to edit xml data. After several twists and turns, I finally found a control package named RichWinFormSuite from a foreign Internet. After downloading and installing it, I started to use it. I learned the development examples and Demos briefly and found that the features are rich, the interface is also good, and the development is quite simple. This component is also quite small, with a dll file less than 1 MB. The only unpleasant thing is that the license window will pop up when running. You need to click Close to continue running.

I searched for the software on the Chinese website, but I didn't have any introduction to the software. I had to ask the security personnel for help, hoping to crack the software.

According to the discussions with the students and the materials found on the internet, we found a crack. net Program Method: first.. net Program (exe or dll) uses the FildDisassembler plug-in of the reflection tool Reflector to output the dll into the source code, and then organizes and recompiles it on its own.

After opening the dll with Reflector, we found that the class name and function name were changed to strings with many numbers, and the original name became totally different.

This must be the dll processed by the obfuscator. Since the function name and class name have changed, the source code output through Reflector is also composed of numbers and letters, and it is useless to re-compile the program, I had to find some ideas and methods.

Then I thought of another idea.. net Program (exe or dll) decomcompiled into the IL language, find the Execution Code in the pop-up dialog box, and then modify it to other commands, so that the license window does not pop up, then re-compile the modified IL code into a dll file.

To verify the correctness of this idea, I wrote a small program first, and a common form popped up when the program was started, compiling and running properly.

Use the ILDasm command of the Toolkit provided by. net framework to output the IL code of the file. The command is as follows:

Ildasm/output = c: \ temp \ test. il ILTest.exe

After execution, a test. il file and a test. res file will be generated under the temp directory of drive C, and other resource images will be output in the same folder.

Use the text editor to find the executed statement and replace it with the nop command to make the program execute an empty operation, save the file, and re-compile it into an exe file using ILAsm. The command is as follows:

Ilasm/exe/resource = c: \ temp \ test. res c: \ temp \ test. il/output = c: \ mytest.exe

Note: The first parameter/exe is the compiled program type.

 

Compile and run again. The window is no longer displayed, and I feel that it is not far from success.

Use the preceding steps to crack the downloaded dll and output it as the IL language code. To determine the code location in the pop-up window, search for the prompt information in the license window, after finding the method where the string is located, I think it is too troublesome to read the IL code, and the function names are all numbers. I will use the Analyze analysis function of Reflector to find the function's "Used ", it is found that it is called in a constructor named xb08f1495afd18c6f, so the code position in the pop-up window is determined and the code in this row is directly replaced with the nop command.

After being re-compiled into a dll and added to the project for use, it was found that the control could not be dragged to the designer. The Code call was able to be compiled, but an exception message popped up during the runtime:

"Failed to Load file or assembly" RichWinFormSuite, Version = 4.0.2.36, Culture = neutral, PublicKeyToken = a730077342cbf1ce "or one of its dependencies. Strong name verification failed. (The exception is from HRESULT: 0x8013141A )".

 

So I found the information on the Internet, downloaded an snRemove tool, and followed the instructions on the Internet. First, I removed the original dll file with a strong name, then copy the IL code modification process and add it to the project reference again, but it will always remain. Some people on the Internet say that the strong names removed by this tool will expire on windows2003, and I am using this operating system.

Later, I searched for some information about brute-force name cracking on the Internet, but I have not found a solution yet. I tried to simply delete the. publickey code segment in the IL language, and then an exception was reported during running: the Common Language Runtime Library detected an invalid program.

 

Haha, it seems that the name is still strong. Although. net's decompilation saves a lot of trouble, it is not as simple as the legend.