Reversing Code Injection for Tampering in DOT NET

 

The present article aims to demonstrate the main steps to perform a reverse code injection and tampering in DOT NET project. The reverse engineering technique can be applied in several areas, not only in software, because its purpose is to present to the one who is carrying out the process, the final result in its construction. Applied in software, such as malware analysis, reverse engineering is the process that involves decompiling the binary code into an assembly language, or even the language in which the program was written. This article will deal exclusively with reverse engineering and tampering with code developed on the .NET platform. Like other globally known languages, .NET is based on a virtual machine platform, that is, although it is compiled, the code is interpreted based on a framework where it is possible to use several programming languages like VB .NET, C # .NET, F # .NET, and so on.

 

1. INTRODUCTION

The reverse engineering technique can be applied in several areas, not only in software, because its objective is to present to the one who is carrying out the process, the final result in its form of construction. Applied in software, such as malware analysis, reverse engineering is the process that involves decompiling the binary code into an assembly language, or even the language in which the program was written. It is also possible to define reverse engineering as a multidisciplinary theory; besides having several techniques and methodologies, its use can produce consistent documentation beyond the source code. During the reverse engineering process, there is no alteration of the source code and the system follows the whole process during the entire process, that is, its functions remain intact. Data tampering is that act of modifying (destroying, manipulating or editing). With data at rest, such as DLL, a system application can suffer a security breach and an unauthorized intruder could deploy malicious code that corrupts the data or modifies programming code. Some techniques such as Code Injection are used to perform this procedure. The Code Injection technique, as the name suggests, is to add a snippet of code in a given program. Understanding IL code manipulation, we can make many changes to the source code of a DLL. With code manipulation, it is possible to interact with the system and even change it completely, even if we do not have the source code, which is also not a problem when using JustDecompile, ILSpy or dotPeek, for example.

 

2. THEORETICAL REFERENCE


2.1. Code Injection or Remote Code Execution (RCE)
This technique is often used by crackers to manipulate some program, in order to obtain some advantage, causing the program to act according to the will of the attacker. Code Injection or Remote Code Execution (RCE) refers to an attack in which an attacker can execute a malicious code, usually done by manipulating some URL, in order to deceive the validations of the system.

In Code Injection, the attacker is dependent on the limitations of the language that runs the code, and code injection usually occurs when an application evaluates the code without first validating it. The same type of technique can be employed directly, either against an executable file or a DLL.

 

Read complete in: https://hakin9.org/download/make-your-cloud-with-subutai/