Un’ottima guida la reversing.
Reverse Engineering “Microsoft F#”.
Author:Aodrulez.
F# is another programming language added to the already
crowded .NET Framework.F# is promising though! It is said to
encompass functional programming as well as imperative
object-oriented programming disciplines.
So far so good…. but the question that I have is…
Why mix it with .NET? Yeah…maybe .NET apps are easy to code
..maybe they are GUI-wise amazing…. Portable, since its again
similar to Java…all you need is .NET framework to run them…
& so on n on… but dear M$… portability comes with a price!
There can be tonnes that I’d like to mention..but lemme
concentrate on only one such price that one has to pay if they
are tryin to achieve portability the Java way! And what am
talking about is “Reverse Engineering”..or rather.. I should
put it as “Ease in Reverse Engineering”.First, lets analyze the
“Portability Technique” thats being used here.
Portability Technique:
The basic idea here is to have three major components..
1] Programming Language
2] Intermediate Form of Code.
3] Framework.
Now how this works is simple.The Programming Language
is designed in such a way that when you compile it.. Machine
Code is not generated unlike rest of the programming Languages
out there… instead… its converted to an Intermediate Form
(ByteCode in case of Java & IL in case of .NET).Now a computer
can understand what to do only if its in Machine Language…
so its understood that this Intermediate Form is completely
“Crap” to the computer.This is where the FrameWork comes into
play… Each time you run such an application, something called
as J-I-T… Just in Time Compiler..is called in.This is a part
of the Framework & the sole purpose of this app is to compile
the Intermediate Form into Machine specific code & then execute
it.Benefit of this technique?.. u guessed it!… Portability.
Okies, that was a pathetic way to describe the whole thing
but the sum-n-substance of it is correct.How is Protability
achieved? See… each time you compile an app in this Programming
Language… you always endup with Intermediate Form.This is
common for all platforms… Now its the job of the Framework to
make it work on a particular platform.So the only thing that has
to be done is to code a Platform-Specific Framework…n thats it!
All applications you code using this Programming Language can
run on all Platforms….for which the Framework has been
developed.
Downside?
Each application that you code & compile is in the
Intermediate-Form.And what you distribute as an app is actually
this Intermediate Form of your code.The problem with this is…
Decompilation!
Usually the applications coded in C/C++,Delphi etc contain
Machine Language Code.So we run a Disassembler on these & ultimately
end-up with the code of this applicaiton in Assembly Language Form.
Since goin through lots n lots of assembler code is really a
Head-Ache.. ripping out parts of your code & then converting them
into C/C++ equivalent code is a really tedious thing to be doing.
Now the problem with our Portable Programming Language is
that…the Intermediate Language has got its own OpCode & since
this is not Machine specific..u cannot Disassemble this code.
What I mean by this is.. if you put it through a Disassembler,
most of the Assembly Listing that you’ll get will be bogus…
But thats a Blessing in Disguise! since this Intermediate Form
has got its own OpCodes, if we have detailed info about the
structure of this Intermediate Form, we can code Decompilers for
it!
Decompiler?
A decompiler is a Tool that can go through a Programming
Languages’ Intermediate form & produce the actual “Source-Code”.
Yeah…u read it right…Source-Code! Most of the times, even
Variable & Function names are preserved!Its just like a
Disassembler..but also different in a lot of ways.For starters…
its “Programming Language” Specific.That means you can’t use a Java
Decompiler for an app coded in .NET .
So,if a Programming Language uses this “Portability Technique”,
technically, a Decompiler can be written no matter how cryptic the
Intermediate Form might be.That sounds grave does’nt it? So whats all
this got to do with F#?? Everything!…..
As i said in the Beginning itself, F# has been made .NET
Compliant.. that means…once compiled.. it’ll be in the IL form.
And there are tools already out there that can Decompile .NET Apps.
One of my Favourites is “.NET Reflector”.Its free, powerful, &
has got plugins too!
Lets Reverse an F# App….
Since this is just a PoC Paper… lets code an App in F#
& try to break (crack!) it.Quick search over internet shows that
Visual Studio (.NET one) is needed to code apps in F# easily.
A little more tinkering around showed me that all you really need
to code an F# app is its compiler.you really don’t need to install
the overbloated Visual Studio to make our small PoC application.
Just Download the compiler, install it & you are ready to have some
fun.
Here is the Code for our PoC App:
(Save as Aodrulez.fs)
#light
open System
open System.Windows.Forms
let form = new Form()
form.Width <- 170
form.Height <- 130
form.Visible <- true
form.Text <- "Aodrulez"
// Menu bar, menus
let mMain = form.Menu <- new MainMenu()
let mFile = form.Menu.MenuItems.Add("&File")
let mabout = form.Menu.MenuItems.Add("&About")
let miQuit = new MenuItem("&Quit")
mFile.MenuItems.Add(miQuit)
let btn1 = new Button()
do btn1.Text <- "Register"
do btn1.Location <- new System.Drawing.Point(42,40)
do form.Controls.Add(btn1)
// TextBox
let textB = new TextBox()
//textB.Dock <- DockStyle.Fill
textB.Text <- " Enter Code Here."
do textB.Location
System.Windows.Forms.MessageBox.Show("Aodrulez's F# Crackme V1.0\nHappy
Cracking!","Aodrulez");())
miQuit.Click.Add(fun _ -> form.Close())
btn1.Click.Add(fun _ -> (if textB.Text="Awesome" then
System.Windows.Forms.MessageBox.Show("Correct!\n :)","Aodrulez");()
else System.Windows.Forms.MessageBox.Show("Wrong :( . Try
again!","Aodrulez");()))
#if COMPILED
// Run the main code. The attribute marks the startup application
thread as "Single
// Thread Apartment" mode, which is necessary for GUI applications.
[]
do Application.Run(form)
#endif
To compile it… save this as Batch file & run it:
———————————————————————–
@setlocal
@REM 1. Configure the sample, i.e. where to find the F# compiler and
TLBIMP tool.
@if "%FSHARP_HOME%"=="" ( set FSHARP_HOME=..\..\..)
@set FSC=%FSHARP_HOME%\bin\fsc.exe
@REM 2. Build the sample
%FSC% --target-winexe -g Aodrulez.fs
@if ERRORLEVEL 1 goto Exit
:Exit
@endlocal
@exit /b %ERRORLEVEL%
———————————————————————–
Reversing F#:
Okies..now that we have the Test Application ready.. lets see how
it works!
As you can see above…we’ve designed a GUI based application that
needs some Code to be entered.It sure is’nt the one currently entered
🙂 .If you have a look at the Applications’ F# source-code above…
you’ll see that the actual code that the App is looking for is
“Awesome”.So lets try that one….
Yeah!..that was the Code our small little F# app was looking for.
Now this was no big deal! Anyone can reverse an App if you have its
Source-Code.So lets “Reverse Engineer” it the actual way….
Time For Some Reverse Engineering………………
Smoking Skull 
ottimo
sono d’accordissimo con te 😉