Presentation on theme: "Reverse Engineering.NET Presented By: Joe"— Presentation transcript:
Reverse Engineering.NET Presented By: Joe
Background of Joe Kuemerle Lead Developer at PreEmptive Solutions Over 14 years of development experience with a broad range of technologies Focused on application and data security, coding best practices and regulatory compliance Presenter at user groups, code camps, CodeMash 2009 and MSDN Developer Conference 2009
Why Reverse Engineer?
Reasons To Reverse Engineer Curiosity – see how things work Risk Management – see what the bad guys see Recovery – recover lost / damaged source Illegal Activity – be the bad guy Random fact: According to a 2007 FBI study 70% of network abuse is due to insiders.
Ease of Reverse Engineering.NET Why is it easy to reverse engineer.NET? All high level source is compiled to MSIL IL is verbose (compared to assembly) IL is well documented (CLI specification) Open source compiler to reference Shared Source CLI compiler Rich metadata included in assembly Support for reflection means code using reflection must be self describing, by default all that information is embedded in assemblies
What Can Be Reverse Engineered Any Managed Portable Executable (PE) Windows Forms Console Applications Office Business Applications ASP.NET (with server access) WCF DLLs WPF SharePoint WebParts SQL Server CLR Assemblies Windows Workflow Assemblies Compact Framework Applications Micro Framework Applications Silverlight
Availability of Tools Native reverse engineering tools tend to actually cost money IDA Pro $515 and up Syser debugger $198 and up DevPartner $2,400
Availability of Tools Managed tools tend to cost less ILDASM/ILASM - $0 Reflector - $0 Dile - $0 WPF Snoop - $0 Silverlight Spy - $0 Mono Cecil Decompiler - $0
So what, its free and easy. Big deal! Once you (or someone else) has this knowledge what can they do? Look to see exactly how things *really* work Find out things they might not need to know Passwords Encryption Keys Secret data Alter functionality Bypass authentication checks Unlock functionality Alter the user interface Add malicious code
Now What? So, how do I stop all this monkeying around with my code? You dont stop it. All you can do is raise the bar
Raising Defenses There are some steps you can take to make life more difficult to deter the casual attacker Strong Name assemblies to prevent alteration Authenticode signing for commercial applications Do not embed secrets in the binaries Use DPAPI to encrypt secrets Public key signature validation Obfuscation
Questions and Answers
References (Tools) Reflector :http://www.red- gate.com/products/reflector/index.htmhttp://www.red- gate.com/products/reflector/index.htm Reflector Plug In Page : Dile : Snoop : Silverlight Spy :
References (Articles) Brian Long : Reverse Engineering To Learn.NET Better everseEngineering/ReverseEngineering.htm everseEngineering/ReverseEngineering.htm David Cumps : Reverse Engineering with Reflector and Reflexil reflector-and-reflexil reflector-and-reflexil Jason Haley Jason Bock