Powerpoint from CodepaLOUsa 2011.
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. A demo filled session on how easy it is to extract information from virtually any .NET or Java application (yes, including Silverlight).
4. Background of Joe Kuemerle Lead Developer at PreEmptive Solutions Over 15 years of development experience with a broad range of technologies Focused on application and data security, coding best practices and regulatory compliance Presenter at community, regional and national events.
6. Reasons To Reverse Engineer Curiosity – see how things work Risk Management – see what the bad guys see Recovery – recover lost / damaged source Illegal Activity – be the bad guy Random fact: Between 26% and 48% of security events are caused by insiders. http://blog.zeltser.com/post/3497622496/touchy-security-topics-insider-threat
7. Ease of Reverse Engineering Managed Code (.NET and Java) Why is it easy to reverse engineer Managed Code NET All high level source is compiled to MSIL IL is verbose (compared to assembly) / IL is well documented (CLI specification) Open source compiler to reference Shared Source CLI compiler Rich metadata included in assembly Support for reflection means code using reflection must be self describing, by default all that information is embedded in assemblies Java High level source is compiled to bytecode Bytecode is stored in a well defined structure / Bytecode to Opcode Compiler will be open sourced (Java 1.7) Classes are self describing
12. So what, it’s free and easy. Big deal! Once you (or someone else) has this knowledge what can they do? Look to see exactly how things *really* work Find out things they might not need to know Passwords Encryption Keys Secret data Alter functionality Bypass authentication checks Unlock functionality Alter the user interface Add malicious code