Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Reverse Engineering .NET and Java - 1DevDay Detroit 2012

Fec6a312fc2dff26897c287bd941cdd8?s=47 Joe Kuemerle
November 18, 2012

Reverse Engineering .NET and Java - 1DevDay Detroit 2012

Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. A demo filled session on how easy it is to extract information from virtually any .NET or Java application.

Fec6a312fc2dff26897c287bd941cdd8?s=128

Joe Kuemerle

November 18, 2012
Tweet

Transcript

  1. Reverse Engineering Applications Presented By: Joe Kuemerle www.kuemerle.com @jkuemerle joe@kuemerle.com

  2. @jkuemerle / www.kuemerle.com Joe Kuemerle  Developer at BookingBuilder Technologies

     Over 15 years of development experience with a broad range of technologies  Focused on application and data security, coding best practices and regulatory compliance  Presenter at community, regional and national events.
  3. @jkuemerle / www.kuemerle.com

  4. @jkuemerle / www.kuemerle.com Why Reverse Engineer? Random fact: A 2007

    FBI study notes 70% of network abuse is due to insiders
  5. @jkuemerle / www.kuemerle.com

  6. @jkuemerle / www.kuemerle.com Ease of Reverse Engineering Managed Code (.NET

    and Java)  Why is it easy to reverse engineer Managed Code ◦ NET  All high level source is compiled to MSIL  IL is verbose (compared to assembly) / IL is well documented (CLI specification)  Open source compiler to reference  Shared Source CLI compiler  Rich metadata included in assembly  Support for reflection means code using reflection must be self describing, by default all that information is embedded in assemblies ◦ Java  High level source is compiled to bytecode  Bytecode is stored in a well defined structure / Bytecode to Opcode  Open Source compiler  Classes are self describing
  7. @jkuemerle / www.kuemerle.com What Can Be Reverse Engineered .NET: Any

    Managed Portable Executable (PE) • Windows Forms • AWT/Swing Applications • Silverlight • Applets • WPF • Servlets • SharePoint WebParts • EJBs • Compact Framework Applications • Android APKs • Office Business Applications • Windows Workflow • Micro Framework Applications • ASP.NET (with server access) • Windows Phone Java: Class, JAR, WAR, APK * Flash assemblies are also similar to a managed language assembly (consist of opcodes) and can be reverse engineered to resources and ActionScript source via similar methods
  8. @jkuemerle / www.kuemerle.com Native Tools • IDA Pro •$515 and

    up • Syser debugger $198 and up • DevPartner $2,400
  9. @jkuemerle / www.kuemerle.com Managed Code Tools

  10. @jkuemerle / www.kuemerle.com So what, it’s free and easy. Big

    deal! Once you (or someone else) has this knowledge what can they do? ◦ Look to see exactly how things *really* work ◦ Find out things they might not need to know  Passwords  Encryption Keys  Secret data ◦ Alter functionality  Bypass authentication checks  Unlock functionality  Alter the user interface  Add malicious code
  11. @jkuemerle / www.kuemerle.com Demo Time

  12. @jkuemerle / www.kuemerle.com Now What?

  13. @jkuemerle / www.kuemerle.com Raising Defenses ◦ Do not ship debug

    versions ◦ Strong Name assemblies to prevent alteration ◦ Authenticode signing ◦ JAR signing ◦ Do not embed secrets in the binaries  Use DPAPI to encrypt secrets  Public key signature validation ◦ Obfuscation
  14. @jkuemerle / www.kuemerle.com More Demos

  15. @jkuemerle / www.kuemerle.com Photo Attributes  http://flickr.com/photos/calavera/65098350/  http://flickr.com/photos/epitti/199843720/ 

    http://flickr.com/photos/moriza/77481889/  http://flickr.com/photos/dannyboyster/60371673/  http://flickr.com/photos/20406121@N04/263234 4166/  http://flickr.com/photos/rogersmith/126697530/  http://flickr.com/photos/docman/36125185/  http://flickr.com/photos/frozen-in-time/3858611/  http://flickr.com/photos/chubbybat/62206640/  http://www.flickr.com/photos/citrixonline/544724 8934
  16. @jkuemerle / www.kuemerle.com Tools  Reflector : http://www.red-gate.com/products/reflector/index.htm  Reflector

    Plug In Page : http://www.codeplex.com/reflectoraddins  ILSpy: http://ilspy.net/  JustDecompile: http://www.telerik.com/products/decompiler.aspx  Cecil Decompiler : http://evain.net/blog/articles/2008/12/15/cecil-decompiler  Dile : http://sourceforge.net/projects/dile  Snoop : http://snoopwpf.codeplex.com/  XAML Spy : http://xamlspy.com/  Crack.NET : http://cracknetproject.codeplex.com/  DJ Decompiler : http://members.fortunecity.com/neshkov/dj.html  JAD: http://www.kpdus.com/jad.html  Open Source Flash Decompiler : http://osflash.org/swf9tools  Java Decompiler: http://java.decompiler.free.fr/  APK Tool: http://code.google.com/p/android-apktool/  Smali: http://code.google.com/p/smali/  Dex2Jar: http://code.google.com/p/dex2jar/
  17. @jkuemerle / www.kuemerle.com References  Exploiting Software – Hoglund &

    McGraw – Addison Wesley  Brian Long : Reverse Engineering To Learn .NET Better ◦ http://www.blong.com/Conferences/DCon2003/Rever seEngineering/ReverseEngineering.htm  David Cumps : Reverse Engineering with Reflector and Reflexil ◦ http://blog.cumps.be/reverse-engineering-with- reflector-and-reflexil  Jason Haley http://jasonhaley.com  Jason Bock http://www.jasonbock.net/JB  Decompiling Java – Godfrey Nolan – Apress  Java Virtual Machine – Meyer & Downing – O’Reilly
  18. @jkuemerle / www.kuemerle.com