🕵️ Hacking a NET Application

Hacking User & Password information from a NET Assembly

So you are interested in hacking a simple NET Application with like all the nerdy stuff!?

Then i’m glad to tell you, that you are very welcome, go ahead and let’s hack!

This example will work for C# as well, even it is presented with a Visual Basic NET Application.

In the first few lines i will write a bit about my own experience with hacking, that i experienced „on“ myself.

After that i will show you some kind of basic example application, which is like our victim.

In the last step i will explain, which tool you would need to inspect those specific files.

You will also learn how to find the information you need inside those tools.

Liking humour & videos? Heres the YouTube version

If you like watching videos and having like actual live examples – i’ve also got you covered!

Just visit my YouTube channel or click the following video to load and watch it:

Why knowing how to hack some things is important

Even if you’re not that in the dark sitting hacker person, yet knowing about hacking is very important in terms of programming.

Why – you ask? Because actively hacking has obviously something really important to do with the opposite.

Knowing how attacker actually attacks, will make you stronger in defending yourself.

So if you understand the concepts, you have a (better) chance to actually defend against them – right!?

You can see, that the old and good saying „wisdom is power“ isn’t that bad at all.

This also counts for programming or software development as well.

Sometimes learning attacking turns to defending

Defending against hackers in a possible matter, is like one of the basic essences.

I mean who wants to build application basically everyone could get like for free, or even script kiddies can crack.

Sure there are unavoidable situations or better said different aspects, where you can’t protect yourself, or your app.

I had to hardly learn myself, that those aspects aren’t the real key of importance, too!

This is where we are about to switch to my own little story behind that whole thing.

My own background and contact points of hacking

Even if i don’t really know to where like i should actually start telling you, i will try to find some starting point.

One of the things, which stuck in my mind till today – and it’s like 15 years ago – is the following thingy.

I was a little gamer bro, who was playing his current MMO called „Silkroad Online“ like insane.

Everyone who knows about the so called „china grinders“ knows what i’m talking about..

Those games are the definition of „spend all your time“, because they are so grinding based, hence the name..

A whole load of work – gone

You are essentially slaying like 5000 monsters to get almost no drops and zero exp.

As you can imagine there were like many scammers and fakers which tried to scam or hack your account.

Despite this i liked the game and i can’t exactly tell why, i think it was the chinese and dragonball like style.

You had like this whole chinese world built around the silkroad lore (and i really love „the“ asian lore).

Then there was this dragonball like aspect, where you can shoot your own „kamehameha“ which kept me for long enough.

In the end i spent hours and hours fighting those monsters for like almost nothing and even wasted some *cough* bucks.

As i always had this „hmm, i gotta find a solution for that“-mentality, i also tried to do this time.

After all the outcome wasn’t that good in the end, but well, i think that’s the price you gotta pay, huh!?

Searching for help

So i started searching for like helpers with leveling and found different leveling services, but they were mostly very expensive..

Not much time after that, i found something called „bot„, which was basically just a software.

Those were/are tools which will take the leveling aspect in their hand and basically tell your ingame character what to do – so you don’t have to.

There was a free bot which i downloaded and installed and boom – the problem happened.

It did its level job pretty well, but had like an integrated trojan aspect, which spied on my credentials and transferred my data to its owner.

So not many days after the installation, one of my accounts was gone – yeah, i had multiple…

This is the whole story why i started learning programming and hacking – i wanted to create my own bot to compensate my lost time and my lost account!

Back to the main topic – hacking a NET application!

How i started programming like logins – ew

So now the story begins, where i started programming at all and like login screens.

I think every beginner in programming did it like this at some point.

On the one side you are just making your first steps and on the other side you just want to make it work.

You don’t have much knowledge – if any at all – about this persistence thingy called database, nor the security thingy called cryptography, etc.

This makes you – especially at the beginning – think, that you can just do this thing, which is known as hardcoding.

You just put variables inside the code (or something similar) with fixed values like:

variableA = "ValueB"

Then you can go ahead and easily compare this value in terms of an authentication screen like:

user = "User"
password = "password"
if enteredUser = user and enteredPassword = password then...

So far this doesn’t seem like anything hacky, but read a few more lines and let me explain!

One big problem is, that even if you think that only „noobs“ do this, i’ve seen too many agencies and similar small firms did that as well.

I mean it’s one thing if you’re doing this on your own, local computer, for yourself with no customer data involved.

But i really think it’s something different when „companies“ do things like this, knowing that it’s totally wrong!

Especially in my work as a freelancer & teacher i learned, that small business i supported, sometimes persisted on like „nah we will do it like this, it’s okay“.

Some other excuses i hear a lot are like „It’s only a small customer, that’s okay“, or „there’s no budget left, just do it“!

Even if this involved software for other customers which got their software like delegated to freelancers.

Creating the sample application – our victim

So now let’s jump to the hacking action and see what malicous things can actually happen if you’re doing it like above yourself.

You can go ahead now and create a new windows forms application (dotnet Core 3.1 in the example above).

The first Form will be the „frmLogin„, which is – as you’ve may guessed – the form where the login will happen.

Basic login form controls

Add the usual login controls like 2 textboxes for the user and the password, as well as the button to start the login process.

Name the button – like you should always do – for example „btnLogin“ and put the following code inside the handler:

Private Sub btnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
    Dim loginFailed = Not CheckLogin(tbUser.Text, tbPassword.Text)
    If loginFailed Then
        MessageBox.Show("Login failed!")
        Return
    End If
    successfullySubmitted = True
    Dim mainForm = New frmMain()
    mainForm.Show()
    Close()
End Sub

private void btnLogin_Click(object sender, EventArgs e)
{
    var loginFailed = !CheckLogin(tbUser.Text, tbPassword.Text);
    if (loginFailed)
    {
        MessageBox.Show("Login failed!");
        Return;
    }
    successfullySubmitted = true;
    var mainForm = new frmMain();
    mainForm.Show();
    Close();
}

The code will call the check „Check-Login“-function which we will declare in a second and invert the result.

We are doing this to use this „early return„-block in the next few lines, to display a short message and well – return early.

Then we are setting a flag to true, to avoid closing the form, but ignore this for now, you can see it later with the complete code.

The protected content – the main form

Next we are creating a new „frmMain“ instance and show it in the next step.

In the last step we are closing the current form, so we are basically closing the login form, to only leave the main form open.

Right now is the time to define the „CheckLogin„-function, before we continue adding the main form:

Private Function CheckLogin(user As String, password As String) As Boolean
    Dim credentialsMatching = user = "User" AndAlso password = "password"
    Return credentialsMatching
End Function

private bool CheckLogin(string user, string password)
{
    var credentialsMatching = user == "User" && password == "password";
    returnn credentialsMatching;
}

Now create an additional form and call it like „frmMain“, you can leave the form as it is.

You could add something like code to handle the closing of the app for you, but this isn’t necessary.

Maybe you want to download the complete project down below, so you can see everything in total.

Currently the app should look something like this:

Hacking our sample application

To actually start hacking our little NET application, you need a tool, which is actually provided by the NET Framework itself.

So there is no big magic, or big action like „yeah you need to download x, y, z.. blabla..“.

Everything you need, is mostly already in place, if you installed Visual Studio.

The needed tool – „ildasm“

The tool needed is called „IL-Disassembler“ or in short „ildasm“ and resides in the „C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools“ folder.

Maybe you will find the tool in a slightly different location, if you have a different version of Visual Studio, etc.

Double click the tool to open it and the following screen will appear:

Then go ahead and select your „<YourApplicationName>.dll„-file with the „File->Open“ menu item (sorry, i only have the german version).

You can find this file inside the debug folder of your app (don’t forget to start debugging at least once, so the files are created!).

Just a quick side note: This will also work for the release „.dll“-file!

Expand the nodes as shown in the screenshot, then you will find the function we are looking for.

If you finally double click that „CheckLogin“-function, a dialog will appear, where you can inspect the IL code for this function.

There you will see you hardcoded credentials – congratulations, you hacked the program!

Downloads

Related posts

• How to filter a DataGridView in VB NET
• Hacking a Webshop
• Converting DaVinci Resolve markers to YouTube chapters