This document contains the notes from a presentation titled "Hacking .NET Applications: The Black Arts" given by Jon McCoy at AppSec USA 2014 in Denver, Colorado. The presentation covered attacking .NET applications by decompiling code, injecting code at runtime, exploiting weaknesses in validation checks, replaying registration codes, and cracking hardcoded crypto keys. It also discussed protections like obfuscation and discussed the risks of data leaks, weak crypto, and clear text password storage.
37. 37
CRACK THE KEY
Public/Private
3/B==Name*ID*7
Call Server
Demo = True;
Complex Math
==
==
==
==
== Complex Math
Change Key
ASK what is /B?
Hack the Call
Set Value
1% of the time the KeyGen is given
38. 38
PUBLIC/PRIVATE KEY
If you can beat them
Why join them
Key = “F5PA11JS32DA”
Key = “123456ABCDE”
39. Reg Code = f3V541
39
SERVER CALL
1. Fake the Call
2. Fake the Request
3. Fake the Reply
4. Win
“Send”
SystemID = 123456789
*Registered = True*
40. 40
REG CODE REPLAY
Name:
JON DOE
Code: ==
98qf3uy
!=
5G*C9P3
FAIL
54. 54
ATTACK VECTOR
VISUAL STUDIO
Exploit – Run arbitrary code
First noted in 2004
Get developer Keys
Attack the SVN & DB
www.pretentiousname.com/misc/
win7_uac_whitelist2.html
This presentation will cover
how to own closed source .NET applications.
I will cover the tools I will be releasing.
and
show how incredibly vulnerable .NET applications are
This is our target
values and functionality
This is the heart of the program
To Dig down into another application and make it to the correct Object
And that as well as know what the target is, is the hard part
Once found and accessed changing the value of a target is easy in comparison
This is our target
values and functionality
This is the heart of the program
To Dig down into another application and make it to the correct Object
And that as well as know what the target is, is the hard part
Once found and accessed changing the value of a target is easy in comparison