in this post I’m going to tell you about RE C# programs(This is my favourite language for reversing :D). I prepared a very simple password program in C# which we’ll use to cover the fundamental concepts of C# reversing. This program is not obfuscated, so that it is again an easy to crack program for beginners, but in the next parts I’ll probably always give an obfuscated and a normal program, so you can chose what you want to use .
What is obfuscation do you ask? For now I only say that they make it a bit harder (But not that hard) for use to reverse the programs, but I’ll explain it more detailed in the next part.
Description of the todays RE Challenge
This challenge is a bit harder than the little python challenge we had before, but as soon as you installed the required tools it will be easier to crack the password “mechanism” (I think this time it can’t really be called a mechanism…) than in the python challenge.
The program can be just started without arguments.Then It will ask you for a password and says if it’s right or not. Very simple code, very simple cracking ;).
You can get the compiled program here: https://mega.nz#!XlYSQAJA!hI2bdYtPXxE3GdxDOQTwO39lrnukCkLMg6fA49RcQkk
If you are scared of any malware embedded, don’t run the program and read my explanation of reversing C# applications. This time you can look on yourself if it’s infected or not ;P. I don’t upload the source, because the process of reversing would be useless then…
How to RE C# Applications
Today I won’t give my way of accomplishing the task, but a full tutorial on how to use decompilers for RE C# apps. If you know how to use them properly this won’t be new for you and you can just wait for the next parts, because this one won’t be of any interest for you .
C# doesn’t compile into machine code, but in MSIL (MicroSoft Intermediate Language), so we can’t disassemble it properly. Maybe some of you think that’s bad, but here comes the great thing of MIL: We can just decompile the application to get normal sourcecode (If it’s not obfuscated ;))! I am not that experinced at RE that I can provide you a good explanation how this works, so I recommend you to just google it if you’re interested in the technique. For now it is only important that it works (And it’s scary how similar the decompiled source is…).
How do we use decompilers?
In this series I’ll only cover JetBrains dotPeek, which is the one I like the most. First download and install it from here: https://www.jetbrains.com/decompiler/. The install manager maybe confuses someone, but see it as the first challenge of decompiling C# applications to install the required tools. I won’t cover it here, because RE is already an advanced topic which I try to make as simple as possible here, but it should be possible for you to install it on your own .
After you have installed it just start it and have a look at the interface. Although I think it’s easy to understand, I’ll cover here some fundamentals.
To select the file you want to reverse just use File->Open. Now you should see a new item on the left list which can be explored via the file manager.
Find the source with opening the manager like I did on the left side of dotPeek. After a double-click on the Main function you should see the source code of the program. Note: I am always scared of how precise this works. Not only the mechanisms are reconstructed, but also the names of the variables and functions… In this case the decompiled source matches exactly the real source code! This will change when obfuscators come into play, but I’ll cover that next time ;).
Also for people who don’t know C# it should be no problem to find the password now ;P.
Reversing C# seems to be an easy challenge for us. Now we know how to use decompilers to get a real source, which is a great advantage over looking at the ASM code! In the next part I’ll show you how to RE, although the program is obfuscated. After that last part of introduction we’ll come to the real challenges where you can show how good you are at RE.