Reverse Engineering Team Board

Reverse Engineering Team Board (http://www.reteam.org/board/index.php)
-   .NET Reverse Engineering (http://www.reteam.org/board/forumdisplay.php?f=28)
-   -   strong name protection issue? (http://www.reteam.org/board/showthread.php?t=4780)

zhgong007 08-27-2012 05:04 PM

strong name protection issue?
 
a .net 4 program A.exe, called a few .net dlls , say B.dll, c.dll, and D.dll. all these exetuables have strong name protections.
the main dongle protection code is in B.dll. I have used Ilasm to dump the "B.il" from B.dll. I remove the dongle protection code and also strong name code by editing B.il, and then recombile the modified B.il into a new B.dll. use this new DLL to replace the old B.dll. I have also removed strong name protection for all these programs. but A.exe is not able to run.
have I made any mistake?
I am not sure but I think it is due to the strong name protection. I noticed that even though I don't modify the dumped B.il, and recombile it into B.dll. A.exe is still not runnable. I notice that the file size of this new B.dll is different from the original one even though I don't make any change of the B.il
anybody can comment on my issue?

thanks a lot!

kao 08-27-2012 06:50 PM

In general, you cannot remove strong name from DLL and expect it to run. To verify if strong name is the issue, you can use Fusion log: http://msdn.microsoft.com/en-us/library/e74a18c4.aspx

There are tools which will resign DLL and fix EXE references too, for example "Assembly Resigner" by CodeCracker or "Strong Name Helper V1.5X" by whoknows. Google for them.

Also there are some ways to bypass strong name verification, see: http://blogs.msdn.com/b/mapo/archive...alidation.aspx and http://blogs.msdn.com/b/shawnfa/arch...me-bypass.aspx

zhgong007 08-29-2012 08:31 AM

thanks. seems working using resign tools instead of manually removing the publickey.

by the way, Kao is always the person who is most helpful in net reversing. he answers all questions in a professional way.

Git 08-29-2012 11:23 AM

The man certainly knows his .NET onions. Thanks for all your contributions over the years Mr. K.

Git

zhgong007 09-10-2012 09:32 AM

further to my question, I find although the main program is now exectable, one of the dll cant be loaded. the fusion log is as follows:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*** Assembly Binder Log Entry (10/09/2012 @ 14:19:59) ***

The operation failed.
Bind result: hr = 0x80131040. No description available.

Assembly manager loaded from: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr. dll
Running under executable C:\ProSource10\prosource2-cleaned.exe
--- A detailed error log follows.

=== Pre-bind state information ===
LOG: User = MLZ1\zhenggong
LOG: DisplayName = Xceed.Chart.Standard.v4.3, Version=4.3.100.0, Culture=neutral, PublicKeyToken=ba83ff368b7563c6
(Fully-specified)
LOG: Appbase = file:///C:/ProSource10/
LOG: Initial PrivatePath = NULL
LOG: Dynamic Base = NULL
LOG: Cache Base = NULL
LOG: AppName = prosource2-cleaned.exe
Calling assembly : (Unknown).
===
LOG: This bind starts in default load context.
LOG: No application configuration file found.
LOG: Using host configuration file:
LOG: Using machine configuration file from C:\Windows\Microsoft.NET\Framework\v4.0.30319\conf ig\machine.config.
LOG: Post-policy reference: Xceed.Chart.Standard.v4.3, Version=4.3.100.0, Culture=neutral, PublicKeyToken=ba83ff368b7563c6
LOG: GAC Lookup was unsuccessful.
LOG: Attempting download of new URL file:///C:/ProSource10/Xceed.Chart.Standard.v4.3.DLL.
LOG: Assembly download was successful. Attempting setup of file: C:\ProSource10\Xceed.Chart.Standard.v4.3.dll
LOG: Entering run-from-source setup phase.
LOG: Assembly Name is: Xceed.Chart.Standard.v4.3, Version=4.3.100.0, Culture=neutral, PublicKeyToken=null
WRN: Comparing the assembly name resulted in the mismatch: PUBLIC KEY TOKEN
ERR: The assembly reference did not match the assembly definition found.
ERR: Failed to complete setup of assembly (hr = 0x80131040). Probing terminated.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


so, from the log, the publickey doesn't match. the publickeytoken for original Xceed.Chart.Standard.v4.3.dll is indeed ba83ff368b7563c6. however, after I remove the strongname of the main program and its reference ( a number of dlls), it becomes zero. if I use the orginal Xceed.Chart.Standard.v4.3.dll to replace the resigned one. I still get the dll loading error. the strongname is removed by strong name helper 1.4

SO, Kao, could you show me a direction to fix this issue?

zhgong007 09-10-2012 01:04 PM

mr Kao, I get some clues from your previous post:

http://www.reteam.org/board/showpost...41&postcount=4

however, but I don't know how to update Assembly table, AssemblyRef table and don't know how to clean GAC cache.


could you give me some further instructions?

many thanks

zhgong007 09-18-2012 07:20 PM

after a few days' investigation, problem now solved.

the best tutorial about strong name protection removal can be found here:

http://tuts4you.com/download.php?view.2701



thank you,


All times are GMT -4. The time now is 08:55 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.