Dot Net Deobfuscation – Generic String Decryption

Posted on October 9, 2011 by admin

Thanks to metadata, the object-oriented paradigm, leverageable framework libraries, and a well-documented assembly structure, Microsoft’s .Net Framework has gained a following among developers who don’t need the performance benefits of an unmanaged language like C++. However, for these same reasons, the resulting assembly is also much easier to decompile and reverse engineer. Obfuscation can be used to make an assembly harder to decompile by “muddying” the assembly to a human’s eye. Obfuscation has many parts, one of which is string encryption.

Strings can be crucial information for finding execution paths in an assembly, therefore it is always wise to encrypt them. String encryption comes in many flavors, some closer to “encoding” rather than “encryption”. Maybe I will do a case study on encryption some day, but for now, let’s have some fun and delve into removing the string encryption.

String Encryption in IL

One of the beauties of  programming is that there are many ways to implement an idea. Likewise, there are many ways of implementing string encryption, and I will focus on a method I found in a recent assembly I was researching. Continue reading

Posted in Reverse Engineering, Uncategorized | Leave a comment

Windows Live Writer Plugins – Part 2

Posted on October 4, 2011 by admin

Well, it is time for part 2. In this part I will detail rendering the syntax highlighting to an Image, showing that image just in the Editor view.

Generating the HTML

In order to generate an image of the code highlighting, I needed to actually generate an HTML page and make the call to the JavaScript library. By looking at the samples on SyntaxHighlighter’s Installation Page, it is pretty easy to construct a template html page to be embedded in your plugin library as a resource. I wrote a helper class in charge of consuming the resource, linking the JavaScript, linking the CSS, and finally substituting our plugin’s html.

Generating the Image

Generating an image of the rendered HTML is pretty straight forward, thanks to the HtmlScreenCapture class. The constructor takes the html as an argument, and the CaptureHtml method takes a timeout as an argument.

Linking the Image

One of the hardest parts of this phase was determining how to display a dynamic local image in the Editor window. For this, I turned to WindowsLiveLocal.WriterPlugin.dll, specifically the MapContenSource. First, we need to be able to save the generated image somewhere temporary, and then we need to recall it, telling WLW to render it. I knew there was a built in plugin for Bing’s Map API, and it makes sense that this type of plugin would need to answer the same questions.

Due to the lack of resources I found, reverse engineering became crucial for the success of this plugin. Back in the MapContentSource (using Reflector or your favorite .Net Decompiler), I came across the solution to the first part: UpdateMapImage. Continue reading

Posted in Uncategorized | Leave a comment

Windows Live Writer Plugins – Part 1

Posted on August 16, 2011 by admin

Looking for another way to add content to this site without using a browser and have a few more features, I came across Windows Live Writer. I quickly realized I needed a way of adding Code tags (with Syntax Highlighting), and being a programmer, went about looking at my options. I figured a Plugin would be the best way of doing this.

ContentSource

There are numerous sources on how to do this by deriving your plugin from ContentSource (WindowsLive.Writer.Api.dll) except I quickly realized a problem – the HTML being displayed in WLW and being published are the same for these sources. This is a problem – the preview for the code tag won’t have any Syntax Highlighting as you locally don’t have the library.

Enter SmartContentSource

According to the official Documentation:

Enable the insertion of HTML content with “smart” editing capabilities into a post. These capabilities include atomic selection, two-way editing by using the Sidebar, the ability to be resized, and the ability to have distinct HTML representations for editing and publishing contexts.

This is exactly what I was after – distinct representations. However, web searches revealed no references. As I have written in my plugin’s page Live Syntax, I turned to reverse engineering/decompiling the included assemblies. Using the WindowsLiveLocal.WriterPlugin.MapContentSource plugin as a guide, I looked into solving my biggest problem – having separate editing and publishing HTML. Continue reading

Posted in Uncategorized | Tagged , | Leave a comment

Put on a helmet…

Posted on June 1, 2011 by admin

Under construction.

Joomla has been ditched for WordPress and hopefully new content to go along with the CMS change.

I should have the site up soon, including links to the Zune 30gb games: Asteroids and GuessTheSong.

I have taken a more open stance on source distribution – I will be posting source as much as possible to accompany releases.

Posted in Uncategorized | Tagged , | Leave a comment