.NET IL Obfuscation Presented by: Sarath Chandra Dorbala.

Slides:

Advertisements

Similar presentations

Ahead of Time Dynamic Translation PreJit/NGEN by any other name George Bosworth Microsoft MRE04 March 21, 2004.

Advertisements

By Sam Nasr September 28, 2004 Understanding MSIL.

Using.NET Platform Note: Most of the material of these slides have been taken & extended from Nakov’s excellent overview for.NET framework, MSDN and wikipedia.

Systems Software.

Disassembling for Fun Jason Haley. Who is this guy?  Certifiable (MCSD.net certified that is)  Blog –

.NET Framework Overview Pingping Ma Nov 16 th, 2006.

Introducing the Common Language Runtime for.NET. The Common Language Runtime The Common Language Runtime (CLR) The Common Language Runtime (CLR) –Execution.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

Introducing the Common Language Runtime. The Common Language Runtime The Common Language Runtime (CLR) The Common Language Runtime (CLR) –Execution engine.

1 An Introduction to Visual Basic Objectives Explain the history of programming languages Define the terminology used in object-oriented programming.

Tahir Nawaz Visual Programming C# Week 2. What is C#? C# (pronounced "C sharp") is an object- oriented language that is used to build applications for.

Compiled by Benjamin Muganzi 3.2 Functions and Purposes of Translators Computing 9691 Paper 3 1.

Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.

A Free sample background from © 2001 By Default!Slide 1.NET Overview BY: Pinkesh Desai.

Overview of Microsoft.Net and Vb.Net ITSE 2349 Spring 2002 Material from Microsoft.Net an Overview for ACC faculty by Stuart Laughton and Introduction.

Lecture Roger Sutton CO530 Automation Tools 5: Class Libraries and Assemblies 1.

1 Introduction to.NET Framework. 2.NETFramework Internet COM+ Orchestration Orchestration Windows.NET Enterprise ServersBuildingBlockServices Visual Studio.NET.

M1G Introduction to Programming 2 4. Enhancing a class:Room.

Introduction to .Net Framework

© Janice Regan, CMPT 128, Jan CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.

An Introduction to ASP.NET Ed Dunhill blogs.msdn.com/edunhill SLIDE7.

© 2008 Dr. Paul Walcott – The University of the West Indies: Cave Hill CampusDr. Paul Walcott COMP6325 Advanced Web Technologies Dr. Paul Walcott The University.

High thoughts must have high language. Aristophanes

Module 1: Introduction to C# Module 2: Variables and Data Types

11 Getting Started with C# Chapter Objectives You will be able to: 1. Say in general terms how C# differs from C. 2. Create, compile, and run a.

CIS NET Applications1 Chapter 2 –.NET Component- Oriented Programming Essentials.

Appendix D: Microsoft.NET Framework Overview. Overview.NET Framework Architecture.NET Namespaces.

Lecture Set 1 Part B: Understanding Visual Studio and.NET – Structure and Terminology 1/16/ :04 PM.

Understanding Code Compilation and Deployment Lesson 4.

CSC 494/594 C# and ASP.NET Programming. C# 2012 C# Object-oriented language with syntax that is similar to Java.

Chapter 1: A First Program Using C#. Programming Computer program – A set of instructions that tells a computer what to do – Also called software Software.

Lecture 1 Programming in C# Introducing C# Writing a C# Program.

DEV 344.NET Obfuscation – Raising the Security Bar Gabriel Torok – President Bill Leach - CTO PreEmptive Solutions.

.NET Framework Danish Sami UG Lead.NetFoundry

DBPD: A Dynamic Birthmark-based Software Plagiarism Detection Tool

CS266 Software Reverse Engineering (SRE) Reversing and Patching Java Bytecode Teodoro (Ted) Cipresso,

EECS 354 Network Security Reverse Engineering. Introduction Preventing Reverse Engineering Reversing High Level Languages Reversing an ELF Executable.

Random Logic l Forum.NET l NET reflection Forum.NET 3 rd Meeting ● February 15, 2006 By Damián Laufer.

Introduction to VB.Net. What is.NET? A brand of Microsoft technologies A platform for creating distributed Web applications A combination of new and updated.

AUC Technologies Projects Consulting, Development, Mentoring, and Training Company Application Foundation Presented By : Naveed Sattar Software Engineer.

Created By: Kevin Cherry. A library that creates a display to run on top of your game allowing you to retrieve/set values and invoke methods.

Eagle: Maturation and Evolution 17th Annual Tcl Conference Joe Mistachkin.

Vikas Gonti. Dictionary Meaning: To confuse, to make obscure a problem with extraneous information or to darken. - In Terms of Technology:

Development and Debugging Tools for Windows Phone 7 Series Cullen Waters Software Development Engineer II Advanced Technology Group, Microsoft Corporation.

Compunet Corporation1 Programming with Visual Basic.NET Fundamentals of Programming Lecture # 1 Tariq Ibn Aziz.

PRIOR TO WEB SERVICES THE OTHER TECHNOLOGIES ARE:.

Chapter 1 Introduction. Chapter 1 -- Introduction2  Def: Compiler --  a program that translates a program written in a language like Pascal, C, PL/I,

Lecture 4: J# Execution Model. 2 MicrosoftIntroducing CS using.NETJ# in Visual Studio.NET 4-2 Objectives “J# programs execute like any other.NET program.

Getting Started with.NET Getting Started with.NET/Lesson 1/Slide 1 of 31 Objectives In this lesson, you will learn to: *Identify the components of the.NET.

July 22, 2001Introduction to.NET1 Introduction to.NET Framework Gholamali Semsarzadeh July 2001.

Text Introduction to.NET Framework. CONFIDENTIAL Agenda .NET Training – Purpose  What is.NET?  Why.NET?  Advantages  Architecture  Components: CLR,

METADATA IN.NET Presented By Sukumar Manduva. INTRODUCTION  What is Metadata ? Metadata is a binary information which contains the complete description.

Just-In-Time Compilation. Introduction Just-in-time compilation (JIT), also known as dynamic translation, is a method to improve the runtime performance.

Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.

Computer System Structures

Source Code Inspection and Software Reuse

Node.js Modules Header Mastering Node.js, Part 2 Eric W. Greene

Introduction to .NET framework

Application of Obfuscation Techniques on Android Applications

Cash Me Presented By Group 8 Kartik Patel, Aaron Zhong, Wen-Kai Chen,

Reverse engineering and debugging .Net applications

.NET and .NET Core 2. .NET Runtimes Pan Wuming 2017.

.NET Framework: Backdoors

Module 0: Introduction Chapter 2: Getting Started

Module 1: Getting Started

“just-in-time” compilation (JIT) technique prepared by - Harshada Hole

Advanced Programming: C# Lecture 01: Introduction

Obfuscation in .NET Atchyutuni Shilpa CS-795.

Obfuscation Aparna Belhe CS-795.

Presentation transcript:

.NET IL Obfuscation Presented by: Sarath Chandra Dorbala

Introduction.NET Compilation Process  Microsoft Intermediate Language (MSIL) Lowest common denominator language for.NET  Assembly stays in the same format unless executed  Just-in-time compiler converts it into machine code each time it is executed

Introduction (..contd)

Advantages:  Developer has a choice on the programming language  The corresponding compilers (for.NET) have to do little less than other standard compilers  The JIT can optimize the code on the fly depending upon the current state of the system Threats  Reverse Engineering

Decompiling.NET applications Steps to Decompile  Extract the MSIL from a.NET assembly  Convert MSIL back to higher level code (C# or VB.NET) Namespaces used for disassembly  System.Reflection.Emit – to emit metadata out of assembly  System.Reflection – provide managed view of loaded types, methods, and fields to dynamically create them Tools available  ILDASM (Ships with.NET framework)  Lutz Roeder’s (an employee of Microsoft) Reflector

Code snippet…

Usage ILDASM Open.NET Command prompt Type in the command  \> ILDASM

Screenshots – ILDASM

Reflector Reflector is available here  load.aspx?File=Reflector load.aspx?File=Reflector Open an assembly inside the reflector and the rest of the process is self explanatory

Screenshots – Reflector

Cure – Obfuscation IDEA: Hide the intent of a program without changing its runtime behavior It different from encryption Result: Assembly functionally similar to original but hard to reverse engineer

Obfuscation – Process

Dotfuscator Community Edition (DCE) Essential Techniques used to obfuscate  Renaming Metadata  Removing non-essential metadata

DCE – Renaming Metadata Basic Idea:  Renaming meaningful names with non-meaningful ones. Constraints on renaming  Three possible scenarios Application composed of assemblies stand-alone  Typically, Windows Forms applications Application composed of assemblies that are used by other applications  Typically, Shared Libraries Class of applications that plug into existing un-obfuscated frameworks  ASP.NET applications Overload induction – renaming after the extensive scope analysis

Example Overload Induction Figure 1: Original source code

..contd Figure 2: Decompiles code without obfuscation

..contd Figure 3: Decompiled code with overload induction

DCE - Removing non-essential metadata Basic Idea: Removal of certain details that are not used at runtime Examples: property names, event names, and method parameter names DCE removes all these types of metadata when it feels its safe to do so

DCE – Additional Techniques Additional techniques employed by DCE  Control Flow  String Encryption  Incremental Obfuscation  Size Reduction

DCE – Control Flow Basic Idea:  To hide the intent of a sequence of instructions without changing the logic  To remove clues for the decompilers to reproduce the higher level code Example:  Control Flow Example Control Flow Example

DCE – String Encryption Basic Idea:  To encrypt string literals Less secure because key to decrypt them must exist in the code itself It helps protect from reverse engineering to one more level.

DCE – Incremental Obfuscation Basic Idea:  To keep track of renaming for code maintenance purposes Dotfuscator uses a map file to keep track of name changes

DCE – Size reduction This does not impede reverse engineering It removes the code that is not used by the application Important for applications designed for Compact Devices or distributive applications

Obfuscation – A Word of caution A little more work need to be done for assemblies with strong name.  Tip – Delay signing (sign the assembly after obfuscation) While working with Reflection APIs  Tip – Insist DCE not to rename dynamically loaded types Working with bug fixes  Tip – Use map file generated by DCE to trace back to previous version of the code.

Conclusions Adding another level of machine independent code in process of translation is advantageous Additional care must be taken for such code for security purposes Obfuscation certainly impedes the hacker to get the intent of the code It makes code hard to read

References ETCodeObfuscation/ ETCodeObfuscation/ 1.aspx 1.aspx