Home > Uncategorized > Cracking .NET Software

Cracking .NET Software

Are you familiar with this picture ?

image

If you are not then you have to visit this cool website regulary. If you have already, congrats. then you are a cool person to.😀

This is what exactly we will do in this blog post. I always thought that to crack software is really hard at university. A couple a days ago i found that actually that’s pretty simple and i believe that you can do it also. Of course i’m not want you to be pirate. Let’s just do it for fun.🙂

Don’t worry we don’t have to deep dive into assembly or machine language thing in this stuff. I will.. maybe next time, if i have a chance to do it. But today it’s only a simple start for you to get your hands dirty.

I know all this stuff because previously i want to crack my friends software because it can be run in Windows 8. I try to find out why the license mechanism is not working on my Machine.

My first try is to get a the coolest software decompiler  in .NET world. Reflector. If you don’t have one, please go get it and use the trial version to get the feel how great it is. I see the license routine and found out where i can leverage the weakness of this software. Just drag the assembly to reflector and open the related method. Very simple to use. Turns out that this assembly hasn’t been obsfucated first.

You definitely have to obfuscate your assembly if it’s not open source project.

 

image

Here’s another assembly that has been obfuscated. You can still see the code, but i bet it will hurt your eyes, just give up and buy the license.

image 

I include the assembly in my project, create a simple main program in my software. I try to do reflection because some of the assembly is internal. So another best practice again is…

image

For a really critical and high privacy class, you should keep the access at least as possible. don’t create all class public by default. that’s just plain stupid !!! If you don’t want everyone get access to it try to make it internal.

There is a very good book that will support my statement. You can check this cool book.

image

 

After a couple of headaches i finally found a very nice reflector add ins that help me to crack that software. Have you ever heard about reflexil ? That cool tools can modify an IL (intermediate language) and save the result. That’s exactly what we’re looking for. Just go download the latest version.

image

Extract the file and then add to reflector.
image

image

And now you can find the interesting method and see the IL 

image

If you are not into IL, don’t worry. You can just modify the method directly and insert the relevant code. Very simple. Just right click in instruction window and choose this one

image

And all you have to do is replace the whole class with yours. You have to make it compile-able. Compile and click ok. Your evil IL will be inserted.

image

Now you can save the modified assembly by right clicking the assembly, choose reflxil and save as…

image

And then replace the original assembly with this one. And you are done. Right next door to hell because of cracking other people software.🙂

 

Use this information to protect your software only. Of course that’s depend on your heart right ?

 

http://sourceforge.net/projects/reflexil/?source=dlp
http://geekswithblogs.net/MarkPearl/archive/2010/09/01/crack-.net-applications-101-ndash-part-2.aspx
http://geekswithblogs.net/MarkPearl/archive/2010/08/31/crack-.net-applications-101-ndash-part-1.aspx
http://stackoverflow.com/questions/451453/how-to-get-a-static-property-with-reflection

Cheers

Categories: Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: