I show you how to Crack a .NET Application

With 3 clicks I have decompiled an application and I have been able to crack it

Published in

ByteHide

9 min readDec 2, 2021

⚠️Disclaimer: This article is for educational and training orientation, we are not responsible for the misuse of the techniques and explanations mentioned in this article and / or the use of the tools mentioned / provided, also we do not assume responsibility for the actions carried out with the information of the same. Please use this information for ethical purposes.

Hello to all developers 👋, I am Juan and I am part of the ByteHide team.

I do this article for a very simple reason, in our offices (a co-working space) there are quite a few companies that develop in .NET. One day at lunch I commented what we were doing and they did not understand anything, it turns out that they had no idea what decompilation is, they did not know that with a simple tool you could see, copy or modify its development, not in all cases you should be concerned, but for some of them the core of the business is the development itself and obviously it did not do much grace.

I have to say that this happens in all compiled languages, but I will focus on .NET which is what we master.

In this article I’m going to show basic notions about de-compilation and reverse engineering, if you are interested in something more complex, do not hesitate to ask us!

What is de-compilation

De-compilation is the reverse of compilation (I’m going to patent this great explanation).

That is, the COMPILATION is basically:

You write code
You push the magic compile button and it becomes an executable/file/.exe/dll… (Well, it should … surely you forgot a semicolon or something like that 😪) you will also have 103 warnings ⚠️, but if you don’t open your eyes, you don’t see them 🤭.

The process will be something like this:

Well, de-compilation is the opposite, you have an executable file, .dll, .exe…, and with a tool (decompiler) you get the original source code.

Example of decompilation of an application

And is it simple 🙄?
I’d say it’s easier than compiling, but let’s see how it’s done.

Decompiling a .NET / .NET Core application

Let’s decompile a simple application:

For this example we will use DnSpy. There are several tools and each one is good for something in particular, but DnSpy is one of the best for decompiling and debugging .NET applications.

When we compile our .NET Core application, we will obtain the compiled files, in the case of .NET Core the “.exe” file will be the executable, but it will be in charge of executing the “.dll” that contains the code of our application.

Ok, let’s proceed to decompile the .dll file:

To do this, all we have to do is drag it to DnSpy:

Dragging an application to the decompiler

Once loaded, the original source code will be shown and we can work on it, we can analyze it, modify it, debug it, etc.

Viewing the source code

Once our application is decompiled, we can navigate through the source code as if it were our own project:

This is what a decompiled application would look like

Debug the app

This will be useful to understand how it works or to obtain some values in memory.

For example, let’s put a breakpoint before doing a subtraction:

and then we will run the application:

Here is a simple example:

This is a function that can be very useful at times, but it can also be dangerous ⚡.

Modify the code

We can modify and re-compile the application without any problem:

How to modify the source code of a .NET application

We can also do it using IL code, but if we do not know it it will be much more complex.

We change that simple text:

Modifying some parts of the decompiled application source code

and we compile again:

Compiling the modified application

Now to save our modified application, we will give:

We will select the name of the file, its path and we will mark the following options:

Finishing compiling the modified .NET application

and we will have our modified application:

Ok, these are simple and unimportant examples, I leave to your imagination 💭 everything that could be done with these simple tools.

Now we are going to see other types of applications, because compilation in .NET is the same, it does not matter if you use C#, VB, ASP, Xamarin, Blazor, everything works in the same way, let’s see then with a Blazor application.

Decompiling a web application with Blazor

Now we have created a sample web application with Blazor, this is the application code in visual studio:

Basically it is an application that shows the weather and we have added ByteHide in the middle so that we can see it later in the decompiled application, here is the web application:

Ok, let’s get the code again.

First we will use our browser (it does not matter which one), since when loading the .NET libraries to display the application, it makes a call to obtain them.

We must enter inspection mode Ctrl + Shift + C and go to section Network, later reload the page with Ctrl + F5.

Here will be the file that contains the code of our web application:

You can also obtain all the dependencies or own .net files that are used by the application

Well, we download it and open it again with DnSpy:

Modifying the operation of the Blazor application

Once we have the decompiled file we can do everything that I mentioned in the previous point.

Decompiling a mobile app with Xamarin

We raised the level of difficulty a little 🧨, but the operation is still the same.

We have created a simple application for mobile devices with Xamarin, the compiled application will have the extension .APK

The first thing we will do is unzip the APK, there are tools for this, but it is not necessary, for something so simple we can use Winrar, (yes, the program that never expires 🆓):

And we will copy all the files in a folder:

Inside the folder Assemblies all .NET files will be found:

Xamarin stores most executables in a single directory

Here comes the interesting thing, these files have lz4 compression, which will give us an error if we try to decompile it with DnSpy:

Trying to decompile the compressed application

For this I bring a simple solution, a small Python script that will help us decompress all the .NET .dll files.

Yes, this sounds very complex, and it seems that you must be an expert:

But it really is something very simple that we will do in less than a minute.

Decompress Xamarin .NET Libraries

If you don’t have Python on your machine, install it previously.

Once we have Python (I run it from the VSCode terminal) we proceed:

Install lz4:

python -m pip install lz4 or simply pip install lz4

Use of the decompression script

import lz4.block
import sys
import struct
import osdef print_usage_and_exit():
    sys.exit("usage: py .\\decompressor.py target_path")cwd = os.path.abspath(os.getcwd())def decompress(filePath):
    input_filepath = filePath
    output_path = os.path.join("extracted", "");if(not os.path.exists(output_path)):
        os.mkdir(output_path)output_filepath = os.path.join(output_path, os.path.basename(filePath))
    header_expected_magic = b'XALZ'with open(input_filepath, "rb") as xalz_file:
        data = xalz_file.read()if data[:4] != header_expected_magic:
            sys.exit("The input file does not contain the expected magic bytes, aborting ...")header_index = data[4:8]
        header_uncompressed_length = struct.unpack('<I', data[8:12])[0]
        payload = data[12:]print("header index: %s" % header_index)
        print("compressed payload size: %s bytes" % len(payload))
        print("uncompressed length according to header: %s bytes" % header_uncompressed_length)decompressed = lz4.block.decompress(payload, uncompressed_size=header_uncompressed_length)with open(output_filepath, "wb") as output_file:
            output_file.write(decompressed)
            output_file.close()
        print("result written to file")if __name__ == "__main__":
    n = 0
    for file in os.listdir(cwd):
        try:
            if(file.endswith(".dll")):
                decompress(file)
                n += 1;
        except:
            print("failed to decompress " + os.path.basename(file))print("\\nDecompressed ", n, " assemblies!")

The author of this script is Christian Reitter, X41 D-Sec GmbH, thank you for your article at X41 D-Sec GmbH, we have modified it to unzip all the files in the directory.

We will copy the code into a file called decompress.py and we will save it in the same path as our .dll files.

Decompress the files we need:

We will do it with py .\decompressor.py .\, we'll let it decompress all the .dll files in the directory.

In this case I am only interested in the two files corresponding to my application.

What has not been so difficult?

Now we have the files ready to open with DnSpy:

Decompiling the unzipped Xamarin application

Now again we can do everything I mentioned earlier, the procedure is always the same, only the way in which the files are compiled varies.

This applies to all applications under .NET, such as games developed in Unity with C#, virtual reality applications and augmented reality.

Did you like this article?

It has been very simple but I consider it fine for a basic level and learn a little about these topics 😊.

If you have found it interesting, do not hesitate to support it, and tell us below 👇 if you want to know something else, like let’s talk about cracking, injection and other aspects.

We could do some interesting practices or whatever you want to see around here.

And if you are reading this, it means that you belong to the 1% of the people who read the articles UNTIL THE END, tell me how many coffees ☕ you need per day to continue programming, if I see many coffees ☕ I will not feel alone and you will make my day!!! 😃👍

Thank you for your attention, we hope you have learned a lot!