Join Ted Neward for an in-depth discussion in this video Tamper proof, part of CLR Assemblies Deployment for .NET Developers.
- [Instructor] So let's put on our gray hat here, (laughing sinisterly) and let's pretend to be hackers. Let's see if we can, in fact, hack the People.assemblies. What we're going to do is we're going to go into the People assembly, and we're going to find this string here, this "Person" string, this'll be just a static string, and we're going to try to replace Person with, say, an all-uppercase version of it. Now, I do that simply because ASCII strings are easy to replace. So let me go in and open this file. And, specifically, we're going to go into the HelloWorld project directory where, remember, we have a compiled version of People.
Again, I don't want to touch the source code because I'm not a developer. I'm an evil hacker, and I want to try to hack this thing. I'm going to open People.dll. And, specifically, I can either just open it directly in hex view; or you can also use this Open With, and open it in some other form of editor. Here I can use any of these different forms of editors. This can be particularly helpful, depending upon the files you're looking at. I'm going to look at it in the Binary Editor. I get here this incredibly-arcane hex-based view.
As a matter of fact, interesting little tidbit, this program cannot be run in DOS mode. Every .NET file contains that string because the Portable Executable File Format is actually backwards compatible to the earlier MS-DOS File Format, which, by the way, the first two bytes were always MZ, named after the guy who invented the file format. Just chew on that for a little while. You can see these various .text, .rsrc, .reloc. These are all parts of the Common Object File Format.
They indicate what we're looking at. The #Strings, #US, #GUID, #Blob, those are actually strings that are part of the Metadata File Format. If we keep going down, we can see certain constant strings: Int32, mscorlib. There's our property file names: <Age>, k_BackingField, et cetera. What we are looking for, specifically, is that constant string that was that format string, and there it is. Now you'll notice it's [.P.e.r., because this is a Unicode string, and Unicode, of course, takes up more bytes than a standard ASCII string.
So, specifically, what I want to do, being very careful, 'cause I only want to change these values, going to change that to an E, that to an uppercase R, that to an uppercase S, that to an uppercase O, and this to an uppercase N. Ha ha ha! Mischief managed! Let's save this file off. Now, if we did this correctly, we should be able to go back to the compiled version of HelloWorld, and we should be able to just run it.
It loads a person. We want to be able to actually see the two-string output. But, the fact that it'll be able to load and run would be indication that we were successfully able to change the contents of this compiled code without the runtime knowing it, and that could be really really bad in the long run. So if we go into HelloWorld directory, we go into bin, we go into debug, there's HelloWorld. The People.dll file is the one that we just modified. So let's run HelloWorld.
Uh oh! HelloWorld has stopped working! A problem, that is to say, me, the evil hacker, caused the program to stop working correctly. More importantly, here, "The located assembly's "manifest definition does not match the assembly reference." What .NET is telling you, in very very circumspect language, is the contents of the assembly do not match what the manifest said they should; in other words, the public key hash doesn't match. As you can see, the .NET Framework has successfully prevented me from hacking People.dll and replacing it with a version that looks the same but has a different implementation, and .NET said: "Mischief no longer managed. Ha!"
- Reviewing the concept of assemblies
- Reviewing library assemblies in ildasm
- Working with assemblies and modules
- Working with assembly scope types
- Reviewing assembly names and versions
- Referencing assemblies from managed code