Rick's Ramblings

A couple of the tools I use for binary hacking:

• UltraEdit
• Visual Studio Command Prompt (As Administrator)
• SNReplace (I modified the code slightly)
• .NET Reflector

One of the problems with binary hacking a .net executable is references. Say you have an executable and a .dll file that is referenced by the executable. If you modify the .dll and resign it with a new public key token, the executable’s reference will be broken.

You are welcome to download the following code and binaries to "crack" along with me.

Crack Me Test files

In the zip file above, I have the following files:

In the Common Library class library code, is the following:

<rant>This is BAD for you to protect your executables this way. There are even professional .NET component designers who use methods like this. All you have to do is change the false to a true and it is cracked. Please, you are selling these components to developers, some who know how to crack, and most know how to use reflector at least. Duh!</rant>

Open up ILDASM by typing ILDASM at the visual studio command prompt. Once you open the CommonLibrary.dll Go to the view menu, and choose “show bytes”. Navigate to the method you wish to crack, in this case the CommonLibrary.LicenseProtector.IsLicensed() function and double-click on it. This brings up the IL code for it, but more importantly, by turning on the “show bytes” it allows you to find this method in the binary file.

Now go ahead and open the CommonLibrary.dll in UltraEdit or any other binary editor. We are going to change the false to a true.

According to the picture above on the right, we are looking for the following hex code 16 0B 16 0B 07 2A. Your code may vary. Once we find it, and are sure we are in the right place by searching again for it, we can now edit it. Change the 16s to 17s. This makes the false to a true.

This is how it looks after. 17 0B 17 0B 07 2A.

Now that we’ve cracked it, we have to re-sign it with a public key. Run the following, which creates a crack.snk key file.

Then we can run the SNReplace. The code for that is at the top of the article, create a console app and paste that code there.

Now, open the CrackMeTest.exe in reflector and the commonlibrary.dll in reflector. When you click on the CrackMeTest.exe in reflector, you will see the public key token, which is 82db601ed5cd3521 (On my machine). Since you re-signed the commonlibrary.dll you will see a different public key token. If you navigate in Reflector to the method CommonLibrary.LicenseProtector.IsLicensed() you will see it returns true.

Great, but now we have to fix the reference between the exe and dll. Write down the public key tokens for both. Now we run the resigner on the executable.

This will change the public key of the executable to the same as the dll file. Plus it will help us, since we won’t have duplicates for the public key since we re-signed our exe.

Open the exe in UltraEdit. We are looking for the old key, which in this case is 82 DB 60 1E D5 CD 35 21 (May be different on your machine). When we find it, we just swap that out with the new key, and then we re-sign the executable again. Voila, the reference to the .dll has changed to the new key.