Reverse Engineering Microsoft .NET

From What The Wiki?!

To view the full lecture on video, click "Here".

Abstract

The amount of Software written with the Microsoft .NET Framework is increasingrapidly. Shareware Authors and commercial vendors are both making heavily use ofthis new technology.

In the past the quality of ordinary shareware protections has continuously risen. Mostauthors are aware of the risks included with offering trials versions of their software.They use strong algorithms like RSA, Rijandle or Blowfish to protect their software.The potential attacker is using tools like Softice, IDA or OllyDbg to break theprotection.

The widespread use of the .NET Framework brings new dangers to the softwaredeveloper. He still is in risk of an attacker finding a way to break his protection.Furthermore he now faces a new threat: an attacker can easily gain access to thehigh-level source code of the Application.

The presentation gives an overview of how .NET Applications are different fromwellknown Win32 Applications and what new security threats with respect to reverseengineering are arising from that situation. It will show why not to trust RSA-1024based strong names to protect your software but will show other steps you can take toavoid getting “cracked�?.

Presentation:
(i) The Common Language Infrastruce (CLI)
(ii) Intermediate Language ( IL)
(iii) Strong names, RSA 1024 bit encryption
(iv) Ildasm & Reflector
(v) Obfuscating & Protecting

Demonstration:
(i) Decompiling into IL ( Intermediate Language ), Patching IL, Recompiling
(ii) Fully decompile an application to its source
(iii) Beating strong names
(iv) Defeating obfuscators