Author Topic: How do you deal with reverse engineering in .NET?  (Read 969 times)

0 Members and 1 Guest are viewing this topic.

Keith™

  • Villiage Idiot
  • Seagull
  • Posts: 16805
  • Superior Stupidity at its best
Re: How do you deal with reverse engineering in .NET?
« Reply #15 on: August 10, 2020, 01:15:07 PM »
I'm just about done with a project I've been working on solo for nearly 4 years. Yes, a project, in development for 4 years. Close to 2m lines of code.

{blink}

2m lines / 48 months / 160 hours / 60 min ~ 4 lines code per minute = working from non trivial existing code base and/or use of many third party code libraries. Amiright? Does not diminish visioneering, architecting or applied expertise, just an observation / musing out loud.

To be fair, I've worked a whole lot more than 160 hours per month. Some months was significantly more. For a while the normal day was 18-20 hours but after a few months production wasn't on my side. Too much re-work because of exhaustion. Excitement when a project is new :-)

Also keep in mind that much of the code (maybe 40%) was able to be ported from an earlier project maybe 10 years old or so. Some modules required significant rewrite while some required almost nothing.

AND
Code - C#: [Select]
  1. { // sometimes this is a line of code
  2. } // as is this

There are a few third party libraries that needed to be tweaked (not rewritten) and some of my own libraries that didn't require anything other than:
Code - C#: [Select]
  1. using somelibrary;

Even still, I rebuild them before testing just to make sure I have the latest references.
Proud provider of opinion and arrogance since November 22, 2003 at 09:35:31 am
CadJockey Militia Field Marshal

MP

  • Seagull
  • Posts: 17686
  • Have thousands of dwgs to process? Contact me.
Re: How do you deal with reverse engineering in .NET?
« Reply #16 on: August 11, 2020, 06:06:04 PM »
To be fair, I've worked a whole lot more than 160 hours per month. Some months was significantly more. For a while the normal day was 18-20 hours but after a few months production wasn't on my side. Too much re-work because of exhaustion. Excitement when a project is new :-)

Can easily see that.

Also keep in mind that much of the code (maybe 40%) was able to be ported from an earlier project maybe 10 years old or so. Some modules required significant rewrite while some required almost nothing.

Ditto previous comment + previous post.

AND
Code - C#: [Select]
  1. { // sometimes this is a line of code
  2. } // as is this

Counts as legit code to me.

There are a few third party libraries that needed to be tweaked (not rewritten) and some of my own libraries that didn't require anything other than:
Code - C#: [Select]
  1. using somelibrary;

Even still, I rebuild them before testing just to make sure I have the latest references.

{nodding}

At peaks in my current assignment (solely a coder until about 2 weeks ago) I've reached ridiculous peak coding rates of just over a line per minute (11K lines month, 37.5 hour work weeks), noting (1) 80/20 LISP/VBA, both which I've leveraged for decades so rare need for help / google (2) the majority of the work was highly enjoyable - I was inspired - or there were stupid deadlines (3) can't rule out some copy / paste tho every solution was written leveraging existing libraries I wrote or by adding to said libraries (4) buckets of coffee.

Engineering Technologist • CAD Specialist • Programmer Analyst
Design • Drafting • Document Control • Automation.
cadanalyst@fastmail.comhttps://cadanalyst.slack.comhttp://linkedin.com/in/cadanalyst

Keith™

  • Villiage Idiot
  • Seagull
  • Posts: 16805
  • Superior Stupidity at its best
Re: How do you deal with reverse engineering in .NET?
« Reply #17 on: August 12, 2020, 12:35:51 AM »
A kindred spirit ...
and here it is midnight, swapping libraries (I hate that I have to support some legacy data, but it pays well), editing some code and rebuilding binaries for anther version.

One of my beta testers sent a few data files to me today that couldn't be loaded ... whoda thunk there was a huge difference between 9 and 11

Oh and a "feature" requested by the testers included a notification of the record total prior to processing. They got that, but in the meantime, I broke the code ... :-/

and finally
Code - C#: [Select]
  1. ft ^= filetype.ID; //damnit I hate when they add filetypes and I don't filter them out ... at least it's only a few lines
Proud provider of opinion and arrogance since November 22, 2003 at 09:35:31 am
CadJockey Militia Field Marshal

abwenZ

  • Mosquito
  • Posts: 3
Re: How do you deal with reverse engineering in .NET?
« Reply #18 on: September 10, 2020, 09:47:59 PM »
...
Decompilers don't reconstitute code as it is written, rather they reconsitute code as it is executed. Meaning that your "switch" may be reconstituted as a series of "if" or vice versa depending upon how the compiler and decompiler interpreted the machine code. That is only an example, but I think you get the meaning.
...

You're wrong. That's what disassemblers are.

A decompiler and a disassembler are different tools, obviously the decompilers do not rebuild native code (you know IDA or a similar tool?), but they are capable of reconstructing the disassembled code of a .NET or Java app/dll

Tools for static analysis:

Native (and more):
Ghidra: https://www.nsa.gov/resources/everyone/ghidra/
IDA  (not free): https://www.hex-rays.com/products/ida/

For .NET: https://github.com/0xd4d

For Java (not free) http://neshkov.com/dj.html

the latter is an app (native code) that is "protected" with Themida, but...