Reflector, the amazing dissembling tool, is developed by Red Gate Inc. Although it was available free of cost earlier nowadays the vendor has commercialized it. The Reflector is essentially used to decompile or disassemble .NET binaries. It can either be an executable or a dynamic linking library. This tool is limited to open binaries that are compiled or developed only under the CLR. We can't decompile any other native unmanaged assemblies. Conversely, this limitation poses advantage in a different fashion where we can easily anticipate the development framework of a DLL or EXE. If the binary is opened or decompiled in the reflector IDE then it is a .NET assembly otherwise not. The Reflector provides the following advantages to the Reverse Engineering professional:
After downloading and installing this software, the IDE will display something such as the following:
NOTE
Apart from such terrific advantages and features, I would like to eliminate a common misconception or myth that the Reflector is not able to edit the .NET source code or opcode in any manner. So, we can't save the assemblies like other dissemblers such as CFF explorer, IDA pro, and Ollydbg. It is just decompiled .NET assemblies. In terms of editing the .NET binaries, we need to import a sort of open-source add-on in the Reflector IDE. Thereby, we are provided a couple of other substantial capabilities such as editing the hex code, opcode, and reflect these modifications into another file with a different name.
Target Software
We are not relying on any ready-made software or on another third-party downloaded cracking file to show the dissembling tutorial of the corresponding assembly source code. Instead, we have developed a custom cracking software that surely fulfills the cracking exhibition.
We have created custom software called “
Champu” for exhibiting the dissembling and cracking. Don't ponder over the name; it is in fact my son's pet's name. As an analogy, this software is launched for testing purposes by its vendor and works for 15 days. After completion of the 15 days trial duration, it is automatically expired. This software presents many security restrictions, such as a 15-day trial duration, authentication in the form of a user name and password validation, and License key code to prevent the misuse of the software. You get a glance of this software for a 10-day grace period as in the following:
In the meantime, the user can operate its evaluation version by clicking the Continue button. It poses another user validation barrier where we must enter the correct user name and password to proceed as in the following.
Suppose the user is quite satisfied with this software's operability and performance and finally, he decides to buy the full version of this software, then he must register himself on the vendor website from where he gets the License Keycode to carry on the operations as in the following.
So, this software is well shielded by its vendor developer to stop impending trespass. We shall anticipate that it is nearly impossible to download the license key code from the internet or torrent sources. The user has no choice except to buy its license keys to proceed.
Is there any other way or option in which we can spare ourselves from spending money to get its full version copy?
Yes, Reverse Engineering with Reflector is the ultimate way to crack this software.
Dissembling the Target
As you can see in the following figure that the Continue button is disabled and the trial expired alert message is showing in the dialog box; we are not provided the source code of this software so we can modify the code and extend or eliminate this trial restriction. We have no other option to operate it except buying its product keys.
Ok, now it is showtime, ready for Action. We have only the Champu.exe; it's quite enough. Just launch the Reflector IDE and open the Champu.exe over there. It is successfully opened up as you can see in the figure. Now one thing is proven, that it is definitely a .NET assembly because it is dissembling into the editor.
The executable is automatically decompiled or disintegrates into its corresponding source code as you can see in the figure. It is presenting all the rudimentary information associated of this .NET assembly such as Application type, Version, Cryptographic key, copyright, GUID, and target framework as in the following:
We can also obtain the extra information about the external .NET assembly reference into this executable software along with the image resources as in the following:
Amazingly, we obtain much of the information about the target quite easily. Next, just right-click over the champu.exe and the IDE will show you the other significant operation options such as Analyzer, ILDASM, Command prompt, and Run as in the following:
You can optionally add or remove other .NET native assemblies such as System, System.Numerics and so on in the Reflector. Now, just expand the Champu from the left-pane and here you find the namespace definition referred to as Champu in the source code. Just select it and it will wrap-up everything inside the right-pane as in the following.
It can be clearly seen from the previous figure that Champu.exe has a namespace referred to as Champu that contains C_Trail, Login, and Register classes along with two static classes, Program and gData. We can virtually presume that these classes contain the actual functionality logic and are responsible for operating this software.
The assembly could contain numerous classes and all these contain 2 separate logics. So, it is very complicated to determine from where we start the tracing. We need to identify the entry point of this executable software. That is why right-clicking over the champu.exe and the Reflector provides an entry point option. In the right pane, it is displaying the Main() function of this assembly and the C Trial class is initially loading as in the following.
Up until now, we have determined the entry point C_Trail class where the Trial duration logic is actually implemented. So select this class from the left-pane after expanding the Champu namespace. This class shall provide us an overview of the control integrated into the Trial class user interface. It contains two methods, RegisteredUser() and TrailCheck(), as in the following:
Again, go to the TailCheck() method body by selecting it and we find the entire trial duration logic source as in the Visual Studio 2010 editor. We can easily determine that this software works for 15 days from the date 10/5/2013. Apart from that, we can locate the trial expired message in the source code.
We are here, just checking the source code of the TrailCheck() method. We are not sure of the calling or triggering condition of this method. So just select the TrailCheck() method from the left pane and click the Analyze option. It will display some useful information, such as who is using this method (the triggering condition is On_Load()) and to whom this method is dependent as in the following.
The .NET reflector exposed the source code in the C# language by default. Some programmers are not proficient or comfortable enough in the C# language. So we can instantly change the assembly source code into another .NET supported programming language such as VB.Net as in the following:
If we want the actual MSIL opcode instructions behind this source code, we can again change it into its corresponding IL code as in the following figure; here, we don't need to rely on the ILDASM tool separately.
Reflector also provides another amazing utility of importing and exporting the assembly source code into an XML file as in the following.
Finally, sometimes we need to ponder over the Global assembly cache that is the repository of all .NET assemblies. We can directly open up the GAC from Reflector as in the following: