Reverse Engineering And Cracking A .Net Binary Using dnSpy

Learning how to crack a .net binary

Syscall59 — Alan Vivona

Published in

syscall59

2 min readDec 22, 2019

Let’s see how to solve this .net crackme. Let’s try the crackme with some random credentials to see how it goes.

We can see reading through the code that the registration key depends on the result of a random value. My first idea was that maybe the random number generation is guessable when providing no seed for the constructor. Here’s the validation code.

But after checking how the Random constructor work when it’s given no seed I concluded that’s not an option. Here are the official docs for you to check.

Random Constructor (System)

Random(Int32) Initializes a new instance of the Random class, using the specified seed value. public: Random(int Seed)…

docs.microsoft.com

Random.Next Method (System)

Returns a random integer. Returns a non-negative random integer. public: virtual int Next(); public virtual int Next…

docs.microsoft.com

As the key depends on this random value given by the Random.Next()method the most efficient way to crack the binary is to patch it.

I removed the validation for the serial using dnSpy and as you can see here the cracked binary works for any username and password you provide.

And that was it! Hope you enjoyed this writeup

Syscall 59

The latest Tweets from Syscall 59 (@syscall59). Over-featured script kiddie. Linux & Reverse engineering junkie. Italy

twitter.com