Author: Tony Jose

I am a software engineer who is passionate about sharing my thoughts and ideas here. I was encouraged to blog by many fellow developers and by my mentors. You may notice that as years go by, my writing style, opinions of technologies, and coding styles have changed. I continue to evolve and try to learn and adapt to changes. I am incredibly thankful to all the great minds and programmers who gave me help and guidance to grow into what I am now. "If I have seen further it is by standing on the shoulders of Giants."

VIEWSTATE chunking

In my opinion, VIEWSTATE is what which makes ASP.NET, ASP.NET.  However this mode of memory, precisely the memory mechanism which stores the state, through a input type of hidden field might not work in those systems which has tight constraints over hidden vairables. This includes certain firewalls and proxies which restricts the hidden field to a certain limit. As the data withheld by these controls increases the size of this hidden field(__VIEWSTATE) increases, apparently and what results finally is the denial of VIEWSTATE and hence during the next phase on server side, the ASP.NET will fail to deserialize the user data.

But there is a way to overcome this problem. And that is what VIEWSTATE chunking is about. What VIEWSTATE chunking does is that, it simply divides the VIEWSTATE into set a hidden fields with a defined size limit. To perform that, go to the Web.config and provide the limit as shown below.

<configuration>
..
<system.web>
<pages maxPageStateFieldLength="20">... </pages>
</system.web>
</configuration>

The maxPageStateFieldLength parameter value is set to 20. Well, that is the number of bytes per each hidden field. Obviosuly, 20 bytes is very less and I did it for demonstraton only.

I have created a page with some text boxes. and filled it with values and created a button to perform Postback. And the following are the chunked STATE with set of values I received from the server.


<input type="hidden" name="__VIEWSTATEFIELDCOUNT" id="__VIEWSTATEFIELDCOUNT" value="5" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE4MTM5NTMz" />
<input type="hidden" name="__VIEWSTATE1" id="__VIEWSTATE1" value="MTgPZBYCAgMPZBYCAgEP" />
<input type="hidden" name="__VIEWSTATE2" id="__VIEWSTATE2" value="DxYCHgRUZXh0BQlzb21l" />
<input type="hidden" name="__VIEWSTATE3" id="__VIEWSTATE3" value="dGhpbmdkZGRmA1ctuFJC" />
<input type="hidden" name="__VIEWSTATE4" id="__VIEWSTATE4" value="RQdfo8rSra9Ik4399w==" />

Image source: flickr album of Cushing Memorial Library and Archives, Texas A&M’s.

0

.Obfuscator

Ofcourse, de-compilers and code re-engineers are the most elegant names related to a Cracker. However, securing the software/website from a Cracker demands some tricky measures to protect the code. Well, it is from the code where it starts. Susceptable applications for cracking are those which are mostly composed of Intermediate Languages and the certainly .NET and JAVA falls in there, because of the IL feature which provides the same feature of ‘multi-languag-ability'(.NET only). The reason is that Intermediate code can be well read using a Dissassembler.

The Visual Studio pack has a disassembler with it. To access it, go to the Visual Studio Tools and choose the Command prompt. and type ildasm.exe

It will pop up a new window where you can add the .exe, .dll, module file etc. Choose the appropriate and it will show, a table hierarchy, which lists the different components, controls,classes etc. used for developing the application. As an example, the following is a sample code IL code shown by loading a ASP.NET dll(A published one.)


//The class component.

.class public auto ansi beforefieldinit _Default
 extends [System.Web]System.Web.UI.Page
 implements [System.Web]System.Web.SessionState.IRequiresSessionState
{
} // end of class _Default

//The page load method.

.method family hidebysig instance void  Page_Load(object sender,
 class [mscorlib]System.EventArgs e) cil managed
{
 // Code size       84 (0x54)
 .maxstack  3
 .locals init (string V_0,
 int32 V_1,
 class [System.Web]System.Web.UI.WebControls.Label V_2)
 IL_0000:  ldstr      "something"
 IL_0005:  stloc.0
 IL_0006:  ldc.i4.0
 IL_0007:  stloc.1
 IL_0008:  br.s       IL_004e
 IL_000a:  newobj     instance void [System.Web]System.Web.UI.WebControls.Label::.ctor()
 IL_000f:  stloc.2
 IL_0010:  ldarg.0
 IL_0011:  ldfld      class [System.Web]System.Web.UI.WebControls.Label _Default::NewLabel
 IL_0016:  ldloc.0
 IL_0017:  callvirt   instance void [System.Web]System.Web.UI.WebControls.Label::set_Text(string)
 IL_001c:  ldloc.2
 IL_001d:  ldstr      "Label"
 IL_0022:  ldloca.s   V_1
 IL_0024:  call       instance string [mscorlib]System.Int32::ToString()
 IL_0029:  call       string [mscorlib]System.String::Concat(string,
 string)
 IL_002e:  callvirt   instance void [System.Web]System.Web.UI.Control::set_ID(string)
 IL_0033:  ldloc.2
 IL_0034:  ldstr      "Label "
 IL_0039:  ldloca.s   V_1
 IL_003b:  call       instance string [mscorlib]System.Int32::ToString()
 IL_0040:  call       string [mscorlib]System.String::Concat(string,
 string)
 IL_0045:  callvirt   instance void [System.Web]System.Web.UI.WebControls.Label::set_Text(string)
 IL_004a:  ldloc.1
 IL_004b:  ldc.i4.1
 IL_004c:  add
 IL_004d:  stloc.1
 IL_004e:  ldloc.1
 IL_004f:  ldc.i4.s   10
 IL_0051:  blt.s      IL_000a
 IL_0053:  ret
} // end of method _Default::Page_Load

Check the above Intermediate Code, In the actual code I have initalized a string variable with a value ‘something’ this is revealed in the Intermiate code. However, the hardest challenge, is revalation of the actual code. This possible by using a Reflector. I have used the Red Gate’s .NET reflector to retrive the actual code. And it revealed my Page_Load event of the deault.aspx web page completely.

protected void Page_Load(object sender, EventArgs e)
{
 string str = "something";
 for (int i = 0; i < 10; i++)
 {
 Label label = new Label();
 this.NewLabel.Text = str;
 label.ID = "Label" + i.ToString();
 label.Text = "Label " + i.ToString();
 }
}

This is what the real challenge is, the code is completely readable and understandable and one can understand the underlying steps of what is happening. This is real issue, because, a modified dll, is a huge threat, for Instance, Considering an E-commerce website scenario where a web hacker can put his code component in between a code or make some modifications to code, to steal the credit card numbers of the web users.In such scenario’s the threat is so severe.

One of way to ensure the security is by using an obfuscator. The purpose of obfuscator is to change the code to an unreadable form. Using an obfuscator is a preventive measure to avoid a cracker to modify or to tamper the code. One of the major obfuscator for .NET is Dofuscator. The community edition of Dotfuscator is available for free with the Visual Studio. To obfuscate, Simply choose the binaries(.exe’s and dlls) and bulid it(Cntrl + B).

Renaming feature is one of the feature available in the community edition. Other features such as String Encryption, Control flow etc. are available in the PRO version only. This is the output of the obfuscated code generated by the Dotfuscator. This is the same Page_Load event, shown above. Note that the argurments names, and method names are changed.

protected void a(object A_0, EventArgs A_1)
{
 string str = "something";
 for (int i = 0; i < 10; i++)
 {
 Label label = new Label();
 this.a.Text = str;
 label.ID = "Label" + i.ToString();
 label.Text = "Label " + i.ToString();
 }
}
0

Barcamp 7 – London

Barcamp London – 7

Barcamp London will be conducted on IBM’s Central London building, Southbank. The program will conducted on 24th and 25th of the October.

The organizers of the Barcamp are well aware of scarcity of tickets and sponsor’s, so for wise distribution of tickets, they seems to conduct a set of ‘ticket rounds’ and ways to obtain a ticket. (You ought to be quick, start refreshing the Barcamp 7 page to get the notice.)

Copyright to rash dash
IBM Central London , Copyright : rash dash

The organiser’s are searching for sponsors as well. If you are well wisher of geeks of all types, give them a nice contribution.

I will try my best to update this page and inform you latest news about the Barcamp 7. To get more details on Barcamp 7 – London go to http://www.barcamplondon.org

0

Blog at WordPress.com.

Up ↑