Presentation is loading. Please wait.

Presentation is loading. Please wait.

.NET IL Obfuscation Presented by: Sarath Chandra Dorbala.

Published byMelanie Copeland Modified over 9 years ago

Similar presentations

Presentation on theme: ".NET IL Obfuscation Presented by: Sarath Chandra Dorbala."— Presentation transcript:

1 .NET IL Obfuscation Presented by: Sarath Chandra Dorbala

2 Introduction.NET Compilation Process  Microsoft Intermediate Language (MSIL) Lowest common denominator language for.NET  Assembly stays in the same format unless executed  Just-in-time compiler converts it into machine code each time it is executed

3 Introduction (..contd)

4 Advantages:  Developer has a choice on the programming language  The corresponding compilers (for.NET) have to do little less than other standard compilers  The JIT can optimize the code on the fly depending upon the current state of the system Threats  Reverse Engineering

5 Decompiling.NET applications Steps to Decompile  Extract the MSIL from a.NET assembly  Convert MSIL back to higher level code (C# or VB.NET) Namespaces used for disassembly  System.Reflection.Emit – to emit metadata out of assembly  System.Reflection – provide managed view of loaded types, methods, and fields to dynamically create them Tools available  ILDASM (Ships with.NET framework)  Lutz Roeder’s (an employee of Microsoft) Reflector

6 Code snippet…

7 Usage ILDASM Open.NET Command prompt Type in the command  \> ILDASM

8 Screenshots – ILDASM

9 Reflector Reflector is available here  http://www.aisto.com/roeder/dotnet/Down load.aspx?File=Reflector http://www.aisto.com/roeder/dotnet/Down load.aspx?File=Reflector Open an assembly inside the reflector and the rest of the process is self explanatory

10 Screenshots – Reflector

11 Cure – Obfuscation IDEA: Hide the intent of a program without changing its runtime behavior It different from encryption Result: Assembly functionally similar to original but hard to reverse engineer

12 Obfuscation – Process

13 Dotfuscator Community Edition (DCE) Essential Techniques used to obfuscate  Renaming Metadata  Removing non-essential metadata

14 DCE – Renaming Metadata Basic Idea:  Renaming meaningful names with non-meaningful ones. Constraints on renaming  Three possible scenarios Application composed of assemblies stand-alone  Typically, Windows Forms applications Application composed of assemblies that are used by other applications  Typically, Shared Libraries Class of applications that plug into existing un-obfuscated frameworks  ASP.NET applications Overload induction – renaming after the extensive scope analysis

15 Example Overload Induction Figure 1: Original source code

16 ..contd Figure 2: Decompiles code without obfuscation

17 ..contd Figure 3: Decompiled code with overload induction

18 DCE - Removing non-essential metadata Basic Idea: Removal of certain details that are not used at runtime Examples: property names, event names, and method parameter names DCE removes all these types of metadata when it feels its safe to do so

19 DCE – Additional Techniques Additional techniques employed by DCE  Control Flow  String Encryption  Incremental Obfuscation  Size Reduction

20 DCE – Control Flow Basic Idea:  To hide the intent of a sequence of instructions without changing the logic  To remove clues for the decompilers to reproduce the higher level code Example:  Control Flow Example Control Flow Example

21 DCE – String Encryption Basic Idea:  To encrypt string literals Less secure because key to decrypt them must exist in the code itself It helps protect from reverse engineering to one more level.

22 DCE – Incremental Obfuscation Basic Idea:  To keep track of renaming for code maintenance purposes Dotfuscator uses a map file to keep track of name changes

23 DCE – Size reduction This does not impede reverse engineering It removes the code that is not used by the application Important for applications designed for Compact Devices or distributive applications

24 Obfuscation – A Word of caution A little more work need to be done for assemblies with strong name.  Tip – Delay signing (sign the assembly after obfuscation) While working with Reflection APIs  Tip – Insist DCE not to rename dynamically loaded types Working with bug fixes  Tip – Use map file generated by DCE to trace back to previous version of the code.

25 Conclusions Adding another level of machine independent code in process of translation is advantageous Additional care must be taken for such code for security purposes Obfuscation certainly impedes the hacker to get the intent of the code It makes code hard to read

26 References http://msdn.microsoft.com/msdnmag/issues/03/11/N ETCodeObfuscation/ http://msdn.microsoft.com/msdnmag/issues/03/11/N ETCodeObfuscation/ http://aspnet.4guysfromrolla.com/articles/080404- 1.aspx http://aspnet.4guysfromrolla.com/articles/080404- 1.aspx http://www.15seconds.com/issue/040310.htm http://en.wikipedia.org/wiki/Obfuscated_code

Download ppt ".NET IL Obfuscation Presented by: Sarath Chandra Dorbala."

Similar presentations

Ahead of Time Dynamic Translation PreJit/NGEN by any other name George Bosworth Microsoft MRE04 March 21, 2004.

Ahead of Time Dynamic Translation PreJit/NGEN by any other name George Bosworth Microsoft MRE04 March 21, 2004.
By Sam Nasr September 28, 2004 Understanding MSIL.

By Sam Nasr September 28, 2004 Understanding MSIL.
Using.NET Platform Note: Most of the material of these slides have been taken & extended from Nakov’s excellent overview for.NET framework, MSDN and wikipedia.

Using.NET Platform Note: Most of the material of these slides have been taken & extended from Nakov’s excellent overview for.NET framework, MSDN and wikipedia.
Systems Software.

Systems Software.
Disassembling for Fun Jason Haley. Who is this guy?  Certifiable (MCSD.net certified that is)  Blog –

Disassembling for Fun Jason Haley. Who is this guy?  Certifiable (MCSD.net certified that is)  Blog –
.NET Framework Overview Pingping Ma Nov 16 th, 2006.

.NET Framework Overview Pingping Ma Nov 16 th, 2006.
Introducing the Common Language Runtime for.NET. The Common Language Runtime The Common Language Runtime (CLR) The Common Language Runtime (CLR) –Execution.

Introducing the Common Language Runtime for.NET. The Common Language Runtime The Common Language Runtime (CLR) The Common Language Runtime (CLR) –Execution.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
Introducing the Common Language Runtime. The Common Language Runtime The Common Language Runtime (CLR) The Common Language Runtime (CLR) –Execution engine.

Introducing the Common Language Runtime. The Common Language Runtime The Common Language Runtime (CLR) The Common Language Runtime (CLR) –Execution engine.
1 An Introduction to Visual Basic 2005. 2 Objectives Explain the history of programming languages Define the terminology used in object-oriented programming.

1 An Introduction to Visual Basic Objectives Explain the history of programming languages Define the terminology used in object-oriented programming.
Tahir Nawaz Visual Programming C# Week 2. What is C#? C# (pronounced C sharp) is an object- oriented language that is used to build applications for.

Tahir Nawaz Visual Programming C# Week 2. What is C#? C# (pronounced "C sharp") is an object- oriented language that is used to build applications for.
Compiled by Benjamin Muganzi 3.2 Functions and Purposes of Translators Computing 9691 Paper 3 1.

Compiled by Benjamin Muganzi 3.2 Functions and Purposes of Translators Computing 9691 Paper 3 1.
Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.

Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.
A Free sample background from www.powerpointbackgrounds.com © 2001 By Default!Slide 1.NET Overview BY: Pinkesh Desai.

A Free sample background from © 2001 By Default!Slide 1.NET Overview BY: Pinkesh Desai.
Overview of Microsoft.Net and Vb.Net ITSE 2349 Spring 2002 Material from Microsoft.Net an Overview for ACC faculty by Stuart Laughton and Introduction.

Overview of Microsoft.Net and Vb.Net ITSE 2349 Spring 2002 Material from Microsoft.Net an Overview for ACC faculty by Stuart Laughton and Introduction.
Lecture Roger Sutton CO530 Automation Tools 5: Class Libraries and Assemblies 1.

Lecture Roger Sutton CO530 Automation Tools 5: Class Libraries and Assemblies 1.
1 Introduction to.NET Framework. 2.NETFramework Internet COM+ Orchestration Orchestration Windows.NET Enterprise ServersBuildingBlockServices Visual Studio.NET.

1 Introduction to.NET Framework. 2.NETFramework Internet COM+ Orchestration Orchestration Windows.NET Enterprise ServersBuildingBlockServices Visual Studio.NET.
M1G413283 Introduction to Programming 2 4. Enhancing a class:Room.

M1G Introduction to Programming 2 4. Enhancing a class:Room.
Introduction to .Net Framework

Introduction to .Net Framework
© Janice Regan, CMPT 128, Jan. 2007 0 CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.

© Janice Regan, CMPT 128, Jan CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.

Similar presentations

Ads by Google