PDA

View Full Version : Strong-Name with AssemblyRef problem ...


kappasm
December 3rd, 2010, 16:24
Hi,

I have one problem with remotion of Strong-Name on EXE that load an DLL (the DLL is in Mixed-Mode).

The EXE is a Service that start on Windows load. The DLL is a License Check that I have patched also
previous version, but this new version, after patching, do not start for the license check.

With "ProcMon.exe" I have verified that DLL is loaded by EXE.

Main.exe (.Net Application)
|
\--DLL.exe (.Net+C/C++ Application Mixed-Mode)

I have patched DLL.exe with previous fix but after replace the DLL, the Service do not start. After few
search with google and in many forum I have undestood that .NET use a Strong-Name and PublicKey.

For remove Strong-Key, PublicKey and PublicKeyOrToken I have follow this procedure with CFF Explorer

For Patched DLL :

- .NET Directory -> Flags -> Remove Strong Name signed
- .NET Directory -> StrongNameSignature RVA -> Fill with 0x00000000
- .NET Directory -> StrongNameSignature Size -> Fill with 0x00000000
- .NET Directory -> MetaData Stream -> Tables -> Assembly -> 1 - Main -> Flags -> Remove PublicKey
- .NET Directory -> MetaData Stream -> Tables -> Assembly -> 1 - Main -> PublicKey -> Fill with 0x0000

For Original Main.exe

- .NET Directory -> MetaData Stream -> Tables -> AssemblyRef -> !!! ... Problem ... !!!

I have found one problem at this point, the DLL reference is not here !!! Why ???

How can bypass the Strong-Name if I can't remove the Assembly Reference ???

Does anyone ever run into something similar ?

I have one packet to test this phenomenon without install all software.

Someone wants to try ?

Kappasm.

Woodmann
December 3rd, 2010, 17:46
Howdy,

You cant just change an assembly with Strong Names.
It is supposed to fail, thats why you have strong names.

Try SNRemove first.

Woodmann

kappasm
December 4th, 2010, 03:30
Hi Woodmann

Quote:
[Originally Posted by Woodmann;88479]
You cant just change an assembly with Strong Names.
It is supposed to fail, thats why you have strong names.

Try SNRemove first.


I have follow many guides and all say to proceed in that way, but I do not understood where is the problem. I do not find AssemblyRef in main.exe which refers to the dll.

Kappasm.

Kurapica
December 4th, 2010, 05:46
can you upload the software first ?

we can't help unless we check the software but remember

no crack requests

kappasm
December 4th, 2010, 06:30
Hi Kurapica,

Quote:
can you upload the software first ?


Yes, the software need of two Install (Prefer "..\Program Files\.." directory) :

(1) Download and Install This http://www.multiupload.com/OGFPKJIE0X

After Install previous tool you select two next mode :

(a) "Simple Manual Install" with this pack, read .doc inside to install and test installation

http://www.multiupload.com/OEHH114MRY

(b) "Full Automatic Install" with this pack, read .doc inside to install and test installation

http://www.multiupload.com/LZSIRQIVZA

Quote:
... but remember no crack requests


No crack request, only help to find/bypass the problem of patching .NET DLL with Strong-Name remove.

Surely this thing is of interest for others

I'm waiting any suggestion ...

Thanks.

Kappasm

Kurapica
December 4th, 2010, 06:43
sorry but maybe I can't help because I can't download a 140 MB package here

also it requires IIS and some other components so this is really a fat-ass application for

me

maybe someone else can help

kappasm
December 4th, 2010, 07:28
Hi Kurapicam,

your help would be valuable, you surrender now ?

Quote:
[Originally Posted by Kurapica;88489]sorry but maybe I can't help because I can't download a 140 MB package here

also it requires IIS and some other components so this is really a fat-ass application for me


You can install without IIS, works equally well without. I can see if you can get it to work even without the pack of 140 Mbytes.

Meanwhile, maybe you can take a look at the executable

!!! ATTENTION !!!

I have made "Single Full Install Packet". This packet working very well, I have testing on Windows XP Clear Installation with .NET Framework already install.

This is a packet : http://www.multiupload.com/63YDUWZ72S

Kappasm

Kurapica
December 4th, 2010, 12:38
Quote:
Hi Kurapicam,

your help would be valuable, you surrender now ?


this is really rude, don't you think ? and you also typed my name wrong

anyway, I'm sure you didn't bother reading any tutors, besides loading a dll dynamically

is a core feature in .NET but clearly you don't know about it too.

After looking at your files in reflector for less than 5 minutes and I'm not promoting my

skills here, I found the method which loads the DLL dynamically and here is a shot

http://img89.imageshack.us/img89/9867/21674065.png

Code:
L_01f2: pop
L_01f3: nop
L_01f4: nop
L_01f5: ldstr "Agilent.Cdf.Core.Licensing.Service.Utilities, Culture=neutral, PublicKeyToken=55333af07c70062e"
L_01fa: call class [mscorlib]System.Reflection.Assembly [mscorlib]System.Reflection.Assembly::Load(string)
L_01ff: stloc.s 'assembly'
L_0201: ldloc.s 'assembly'


as you can see it loads a file and specifies the public key which you removed so it fails

all you have to do now is to decrypt the strings and rebuild the assembly with public key set to "null"

Code:
L_01f5: ldstr "Agilent.Cdf.Core.Licensing.Service.Utilities, Culture=neutral, PublicKeyToken=null"


you can code your own tool to decrypt the strings or simply use SmartAssembly Explorer to deobfuscate the strings, I guess there is nothing more to say.

P.S : Please don't send me any more PMs

kappasm
December 4th, 2010, 17:47
Hi Kurapica,

I now have not misspelled , I do not know how that could but will not happens again.

Quote:
this is really rude, don't you think ? and you also typed my name wrong


I touched the wrong "nerve", sorry

Quote:

anyway, I'm sure you didn't bother reading any tutors, besides loading a dll dynamically is a core feature in .NET but clearly you don't know about it too.


You're wrong, I read of everything but not what I needed.

Quote:

After looking at your files in reflector for less than 5 minutes and I'm not promoting my

skills here, I found the method which loads the DLL dynamically and here is a shot

Code:
L_01f2: pop
L_01f3: nop
L_01f4: nop
L_01f5: ldstr "Agilent.Cdf.Core.Licensing.Service.Utilities, Culture=neutral, PublicKeyToken=55333af07c70062e"
L_01fa: call class [mscorlib]System.Reflection.Assembly [mscorlib]System.Reflection.Assembly::Load(string)
L_01ff: stloc.s 'assembly'
L_0201: ldloc.s 'assembly'


as you can see it loads a file and specifies the public key which you removed so it fails


When one chews. NET for breakfast, I do not expect more.

Quote:

all you have to do now is to decrypt the strings and rebuild the assembly with public key set to "null"

Code:
L_01f5: ldstr "Agilent.Cdf.Core.Licensing.Service.Utilities, Culture=neutral, PublicKeyToken=null"


you can code your own tool to decrypt the strings or simply use SmartAssembly Explorer to deobfuscate the strings, I guess there is nothing more to say.


OK, thanks very much for your "extraordinary" help.

Quote:

P.S : Please don't send me any more PMs


We were not engaged ? You leave it in front of everyone ?

Kappasm