Need some tips on in memory patching of a .Net dll

[Sailor_EDA]

Hi folks,

I'm working on a target that uses a .Net dll that has all the security call for the serial checking etc. The problem is that this dll is strongname protected so if I just byte patch, the executable detects this at runtime and says the dll is corrupt and so on.

I haven't had much luck with strongname protected dll's before and I'm hoping one of you can help me with this.

I've read a long time back that the solution is to have a loader that patches the dll in memory once its loaded. I haven't had much luck in finding any tuts that talk about this specific case.

In addition, this particular target also utilizes a ha$p license manager however, by looking at the disassembled code I'm sure this can be bypassed pretty easily.

In anycase, here is a link to the target. PM for the password.

http://www.megaupload.com/?d=4MSYPFEH

Btw, this is an addon to M$ Vi$io so you'll need that to use it. In spite of being an addon, it has its own exe file that works as a loader. The exe is written in vba I couldn't gather much information from IDA.

Any tips or pointers?

Sailor_EDA

[Sailor_EDA]

I've been reading up on strong-naming dll and I have a question. If I alter the dll, can I resign it, does it have to be with the original PublicPrivate key used by the vendor to sign the dll or can I produce my own key? I haven't tried it out as yet and that is probably the best way to find out but I was just checking if at lest in theory it should work.

This is what I've been referring to:
hxxp://msdn.microsoft.com/en-us/library/6f05ezxy(v=vs.80).aspx

if the dll doesn't check the strongname, just remove it in any way you like
otherwise, patch the check (can be complicated)
and if you just want to skip strongname verification, theres no need to patch it
look up msdn, there's an option to

[bytexorer]

if you want to bypass Strong Name verification for an assembly, you can use

Code:

SN.EXE /Vr AssmeblyFileName

be aware that 32 bit version of SN.EXE will not work on 64 bit machines. you have to use 64 bit version of sn.exe on 64 bit machines.
you have to run sn.exe on evey machine per patched assembly file.
64 bit version is located on :

Code:

C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\x64\

and 32 bit version on:

Code:

C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\

on my Windows 7 64 Bit machine.

[congviet]

Refer:http://msdn.microsoft.com/en-us/library/6f05ezxy(v=vs.71).aspx
to create a key pair.
Using attach file to resign strong name.
RE-Sign.zip
Can patch some bytes of target by winhex.