Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Reverse Engineering .NET and Java

3,008 views

Published on

Powerpoint from CodepaLOUsa 2011.

Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. A demo filled session on how easy it is to extract information from virtually any .NET or Java application (yes, including Silverlight).

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Reverse Engineering .NET and Java

  1. 1. Reverse Engineering Applications<br />Presenter: Joe Kuemerle / @jkuemerle<br />Session Number: 505<br />
  2. 2. Code PaLOUsa 2011 Sponsors<br />
  3. 3. Code PaLOUsa 2011 Sponsors<br />
  4. 4. Background of Joe Kuemerle<br />Lead Developer at PreEmptive Solutions<br />Over 15 years of development experience with a broad range of technologies<br />Focused on application and data security, coding best practices and regulatory compliance<br />Presenter at community, regional and national events.<br />
  5. 5. Why Reverse Engineer?<br />
  6. 6. Reasons To Reverse Engineer<br />Curiosity – see how things work<br />Risk Management – see what the bad guys see<br />Recovery – recover lost / damaged source<br />Illegal Activity – be the bad guy<br />Random fact:<br />Between 26% and 48% of security events are caused by insiders.<br />http://blog.zeltser.com/post/3497622496/touchy-security-topics-insider-threat<br />
  7. 7. Ease of Reverse Engineering Managed Code (.NET and Java)<br />Why is it easy to reverse engineer Managed Code <br />NET<br />All high level source is compiled to MSIL<br />IL is verbose (compared to assembly) / IL is well documented (CLI specification)<br />Open source compiler to reference<br />Shared Source CLI compiler<br />Rich metadata included in assembly<br />Support for reflection means code using reflection must be self describing, by default all that information is embedded in assemblies<br />Java <br />High level source is compiled to bytecode<br />Bytecode is stored in a well defined structure / Bytecode to Opcode<br />Compiler will be open sourced (Java 1.7)<br />Classes are self describing<br />
  8. 8. Availability of Tools<br />Native reverse engineering tools tend to cost money <br /><ul><li> IDA Pro
  9. 9. $515 and up
  10. 10. Syser debugger $198 and up
  11. 11. DevPartner $2,400</li></li></ul><li>Availability of Tools<br />Managed tools tend to cost less<br />ILDASM/ILASM - $0<br />Reflector - $0 ($35 after May 30, 2011)<br />Dile - $0<br />WPF Snoop - $0<br />Silverlight Spy - $0 ($100 full)<br />JAD - $0<br />Javasnoop- $0 <br />Cecil Decompiler - $0<br />ILSpy - $0<br />(Future) JetBrainsDecompiler- $0<br />(Future) TelerikDecompiler- $0<br />
  12. 12. So what, it’s free and easy. Big deal!<br />Once you (or someone else) has this knowledge what can they do?<br />Look to see exactly how things *really* work<br />Find out things they might not need to know<br />Passwords<br />Encryption Keys<br />Secret data<br />Alter functionality<br />Bypass authentication checks<br />Unlock functionality<br />Alter the user interface<br />Add malicious code<br />
  13. 13. Demo Time<br />
  14. 14. Now What?<br />So, how do I stop all this monkeying around with my code?<br /><ul><li>You don’t stop it. All you can do is raise the bar</li></li></ul><li>Raising Defenses<br />There are some steps<br /> you can take to make <br /> life more difficult and to <br /> deter the casual attacker<br />Do not ship debug versions<br />Strong Name assemblies to prevent alteration<br />Authenticode signing for commercial applications<br />JAR signing<br />Do not embed secrets in the binaries<br />Use DPAPI to encrypt secrets<br />Public key signature validation<br />Obfuscation<br />Tamper notification<br />
  15. 15. More Demos<br />
  16. 16. Tools<br />Reflector : http://www.red-gate.com/products/reflector/index.htm<br />Reflector Plug In Page : http://www.codeplex.com/reflectoraddins<br />Reflixil: http://sourceforge.net/projects/reflexil<br />ILSpy: https://github.com/icsharpcode/ILSpy<br />Cecil Decompiler : http://evain.net/blog/articles/2008/12/15/cecil-decompiler<br />Dile : http://sourceforge.net/projects/dile<br />Snoop : http://snoopwpf.codeplex.com<br />Silverlight Spy : http://firstfloorsoftware.com/silverlightspy<br />Crack.NET : http://www.codeplex.com/cracknetproject<br />DJ Decompiler : http://members.fortunecity.com/neshkov/dj.html<br />JAD: http://www.kpdus.com/jad.html<br />FernFlower (online Java decompiler): http://www.reversed-java.com/fernflower<br />Javasnoop: http://code.google.com/p/javasnoop<br />Open Source Flash Decompiler : http://osflash.org/swf9tools<br />
  17. 17. References<br />Exploiting Software – Hoglund & McGraw – Addison Wesley<br />Brian Long : Reverse Engineering To Learn .NET Better<br />http://www.blong.com/Conferences/DCon2003/ReverseEngineering/ReverseEngineering.htm<br />David Cumps : Reverse Engineering with Reflector and Reflexil<br />http://blog.cumps.be/reverse-engineering-with-reflector-and-reflexil<br />Jason Haley http://jasonhaley.com<br />Jason Bock http://www.jasonbock.net/JB<br />Decompiling Java – Godfrey Nolan – Apress<br />Java Virtual Machine – Meyer & Downing – O’Reilly<br />
  18. 18. Questions and Answers<br />@jkuemerle / joe at kuemerle.com<br />http://www.speakerrate.com/jkuemerle<br />
  19. 19. Photo Attributes<br />http://flickr.com/photos/calavera/65098350/<br />http://flickr.com/photos/epitti/199843720/<br />http://flickr.com/photos/moriza/77481889/<br />http://flickr.com/photos/dannyboyster/60371673/<br />http://flickr.com/photos/20406121@N04/2632344166/<br />http://flickr.com/photos/rogersmith/126697530/<br />http://flickr.com/photos/docman/36125185/<br />http://flickr.com/photos/frozen-in-time/3858611/<br />http://flickr.com/photos/chubbybat/62206640/<br />

×