Use Mono. Cecil to dynamically modify the Assembly to crack commercial components (for research and learning only)

Mono. cecil is a powerful MSIL injection tool that allows you to dynamically create an assembly, intercept a dynamic method horizontally, or even modify an existing assembly, and it supports multiple runtime frameworks such :. net2.0/3.5/4.0, and silverlight Program

Official Address: http://www.mono-project.com/Cecil

First, I assume there is a commercial component that meets the following conditions:

1. The assembly code has been obfuscated.

2. The Assembly has been named and signed.

3. Copyright information, such as watermarks, is added to the UI of the Assembly.

Here I reference the user login component (http://www.cnblogs.com/liping13599168/archive/2010/05/07/1729357.html) in a previous article and transform it into a Silverlight component, project structure

Here, the BusinessComponent class library is used as the selected "commercial component", and a CopyRight class is written as the watermark printing information:

Internal sealed class Copyright
{
Internal void SetRightInfo (TextBlock textBlock)
{
TextBlock. Text = "This is a watermark .";
}
}

Running effect:

You can see the effect of the copyright information attached to the component.

Next, you need to perform a strong name signature on BusinessComponent, right-click the project, and set it as follows:

Create an snk file. This file uses RSA to encrypt information containing the public key and private key. Compilation of this component will compile it.

What is the use of this snk? After a while, you will know.

Finally, I want to use the Dotfuscator obfuscation tool to confuse BusinessComponent. dll code.

Because I here the Dotfuscator uses the old version of 4.2, so does not support for Sliverlight Assembly obfuscation, interested friends can download try by themselves, the official address is: http://www.preemptive.com

 

Now, the prototype of a BusinessComponent commercial component has been designed. Now we have taken the tool Mono. Cecil to rebuild it.

First, the official download of a mono. cecil project, open the project to actively compile, in the directory of Silverlight_Release can get Mono. Cecil. dll

Then, introduce it to the project, add a button to the page, and click the trigger event program:

Var entryPointPart = Deployment. Current. Parts. First (asmPart => asmPart. Source = "BusinessComponent. dll ");
Var entryPointResourceInfo = Application. GetResourceStream (new Uri (entryPointPart. Source, UriKind. Relative ));
Var module = ModuleDefinition. ReadModule (entryPointResourceInfo. Stream );
Var type = module. Types. FirstOrDefault (o => o. Name = "Copyright ");
Var method = type. Methods. FirstOrDefault (o => o. Name = "SetRightInfo ");
Instruction instruction = method. Body. Instructions [2];
Instruction. Operand = "";
Module. Write ("C: \ BusinessComponent. dll ");

Module gets the Module module in the Assembly, and module. Types can get all Types in the Assembly:

Select the Type name Copyright, and use type. Methods to obtain all the Methods for this Type:

Select SetRightInfo as the Method name. method. Body. Instructions to obtain the IL stack call information in the Method:

We can see the information in the row of index 2. ldstr defines a String constant, while index 3 assigns a value to TextBlock through the value of index 2, check the Copyright Code. So:

Instruction instruction = method. Body. Instructions [2];
Instruction. Operand = "";

In this way, we can remove the watermark information, isn't it easy :)

The last line of module. Write ("C: \ BusinessComponent. dll") is to re-Write the modified assembly to a new assembly;

Execute the program and obtain a new BusinessComponent assembly on drive C.

Now, I re-introduce the new Assembly to see if the watermark information will be removed and re-compiled. The compilation error is found:

Why? This is what I mentioned above, using the strong name signature of snk, it aims to prevent your Assembly from being tampered with illegally, to crack it, we need its private key. But as a real commercial component, we cannot get its private key. Does that mean we cannot crack it.

So I re-signed through sn.exe:

Sn-R BusinessComponent. dll mykey. snk

The public key is not paired. This is obvious because business. snk was manually set through the Sign tag of VS. It uses the public key of the file, and mykey. snk will use its own public key.

Since it cannot be cracked, I will change its signature and use my custom public key and private key for signature. Exactly the same, Mono. Cecil can meet your needs.

Open the VS2010 Command Prompt window and enter:

Sn-k mykey. snk

In this way, an RSA file containing the public key and private key is randomly generated. Then, the Public Key is extracted and entered:

Sn-p mykey. snk mykey. PublicKey

Then enter:

Sn-tp mykey. PublicKey

You can get the public key data, such as publicKey and publicKeyToken.

We got two strings, copied them all, and added them to the code of the button just now:

Var entryPointPart = Deployment. Current. Parts. First (asmPart => asmPart. Source = "BusinessComponent. dll ");
Var entryPointResourceInfo = Application. GetResourceStream (new Uri (entryPointPart. Source, UriKind. Relative ));
Var module = ModuleDefinition. ReadModule (entryPointResourceInfo. Stream );
Module. Assembly. Name. PublicKey = this. GetPublicKey ();
Module. Assembly. Name. PublicKeyToken = this. GetPubliKeyToken ();

 

Private byte [] GetPublicKey ()
{
String s = "success ";
Return this. StrToHexBytes (s );
}
Private byte [] GetPubliKeyToken ()
{
String s = "d2850434514ae5ca ";
Return this. StrToHexBytes (s );
}
Private byte [] StrToHexBytes (string hexString)
{
HexString = hexString. Replace ("","");
If (hexString. Length % 2 )! = 0)
HexString + = "";
Byte [] returnBytes = new byte [hexString. Length/2];
For (int I = 0; I <returnBytes. Length; I ++)
ReturnBytes [I] = Convert. ToByte (hexString. Substring (I * 2, 2), 16 );
Return returnBytes;
}

The StrToHexBytes method converts a string to a hexadecimal byte array.

 

Re-compile and execute, and its public key information has been compiled in. Similarly, a new BusinessComponent. dll assembly is generated on disk C.

At this time, do not worry about introducing the Assembly, first re-sign the new Assembly through privacy, enter the command:

Sn-R BusinessComponent. dll mykey. snk

OK. Now we can re-introduce it. At this time, re-compile the Code:

The compilation is successful.

Run the program now (note that you must switch the SilverlightApp program to OOB mode to modify the Assembly ):

Watermark information has been removed :)

 

Mono. cecil can also be used to do a lot of things. For example, you can add other code in a method, which can be subdivided into every execution step in IL, so you can do a lot of interesting things through it, for example, Mock objects in unit tests and reflection functions with better performance.

 

Attachment source code: SilverlightMonoCecilDemo.rar