[Tutorial] [.NET] Trial Limit Injection

Results 1 to 9 of 9
  1. #1
    Moderator Quackster is offline
    ModeratorRank
    Dec 2010 Join Date
    AustraliaLocation
    3,408Posts

    [Tutorial] [.NET] Trial Limit Injection

    [Tutorial] [.NET] Trial Limit Injection
    Hello.

    Just screwing around with Mono.Cecil. And I decided to make a 30 day limit check when you run a file through Mono.Cecil, don't judge my code please.

    I coded this myself, by creating the function in C# and using a decompiler to locate the correct OpCodes.

    You don't have to change to keep it days, you can change the method "FromDays" as you desire.

    It calls on the Main(); function the DateVerify, and it will output an injected method such as;

    Code:
    public static void DateVerify()
    {
    	DateTime now = DateTime.Now;
    	DateTime value = DateTime.Parse("7/03/2013 11:36:00 PM");
    	if (now.Subtract(value) >= TimeSpan.FromDays(30.0))
    	{
    		throw new Exception("The time period has surpassed 30 days!");
    	}
    }
    Code:
    private double Time = 30;
    
      public void RunTask()
      {
    
        for (var modules = 0; modules < Program.Assembly.Modules.Count; modules++)
        {
        var module = Program.Assembly.Modules[modules];
    
        for (int types = 0; types < module.Types.Count; types++)
        {
        var type = module.Types[types];
    
        for (int methods = 0; methods < type.Methods.Count; methods++)
        {
        var method = type.Methods[methods];
    
        if (method.Name == "Main")
        {
        var methodDateCheck = new MethodDefinition("DateVerify", MethodAttributes.Public | MethodAttributes.Static | MethodAttributes.HideBySig, Program.Assembly.MainModule.Import(typeof(void)));
    
        InsertTimeCheck(type, methodDateCheck);
    
        type.Methods.Add(methodDateCheck);
    
        var worker = method.Body.GetILProcessor();
    
        var call = worker.Create(OpCodes.Call, methodDateCheck);
        worker.InsertAfter(method.Body.Instructions[0], call);
        worker.InsertAfter(call, worker.Create(OpCodes.Nop));
        }
        }
        }
        }
      }
    
      public void InsertTimeCheck(TypeDefinition type, MethodDefinition method)
      {
        var dateNow = DateTime.Now;
        var assembly = Program.Assembly;
    
        TypeReference declaringType = type;
        ModuleDefinition module = declaringType.Module;
        TypeReference variableType = module.Import(type);
    
        VariableDefinition result = new VariableDefinition("start", module.Import(typeof(DateTime)));
        method.Body.Variables.Add(result);
    
        result = new VariableDefinition("oldDate", module.Import(typeof(DateTime)));
        method.Body.Variables.Add(result);
    
        result = new VariableDefinition(module.Import(typeof(bool)));
        method.Body.Variables.Add(result);
    
        var worker = method.Body.GetILProcessor();
    
        worker.Append(worker.Create(OpCodes.Nop));
        worker.Append(worker.Create(OpCodes.Call, assembly.Import(typeof(DateTime).GetMethod("get_Now", Type.EmptyTypes))));
        worker.Append(worker.Create(OpCodes.Stloc_0));
        worker.Append(worker.Create(OpCodes.Ldstr, dateNow.ToString()));
        worker.Append(worker.Create(OpCodes.Call, assembly.Import(typeof(DateTime).GetMethod("Parse", new[] { typeof(string) }))));
        worker.Append(worker.Create(OpCodes.Stloc_1));
        worker.Append(worker.Create(OpCodes.Ldloca_S, (byte)0));
        worker.Append(worker.Create(OpCodes.Ldloc_1));
        worker.Append(worker.Create(OpCodes.Call, assembly.Import(typeof(DateTime).GetMethod("Subtract", new[] { typeof(DateTime) }))));
        worker.Append(worker.Create(OpCodes.Ldc_R8, Time));
        worker.Append(worker.Create(OpCodes.Call, assembly.Import(typeof(TimeSpan).GetMethod("FromDays", new[] { typeof(long) }))));
        worker.Append(worker.Create(OpCodes.Call, assembly.Import(typeof(TimeSpan).GetMethod("op_GreaterThanOrEqual", new[] { typeof(TimeSpan), typeof(TimeSpan) }))));
        worker.Append(worker.Create(OpCodes.Ldc_I4_0));
        worker.Append(worker.Create(OpCodes.Ceq));
        worker.Append(worker.Create(OpCodes.Stloc_2));
        worker.Append(worker.Create(OpCodes.Ldloc_2));
    
        var last = worker.Create(OpCodes.Ret);
    
        worker.Append(worker.Create(OpCodes.Brtrue_S, last));
        worker.Append(worker.Create(OpCodes.Nop));
        worker.Append(worker.Create(OpCodes.Ldstr, "The time period has surpassed 30 days!"));
        worker.Append(worker.Create(OpCodes.Newobj, assembly.Import(typeof(Exception).GetConstructor(new[] { typeof(string) }))));
        worker.Append(worker.Create(OpCodes.Throw));
        worker.Append(last);
      }


  2. #2
    Account Upgraded | Title Enabled! AngraMainyu is offline
    True MemberRank
    May 2011 Join Date
    446Posts

    Re: [Tutorial] [.NET] Trial Limit Injection

    This is incredibly easy to inline out, just so you know. Emitting IL offers no advantage over doing it normally, but it is a lot more tedious.

  3. #3
    Moderator Quackster is offline
    ModeratorRank
    Dec 2010 Join Date
    AustraliaLocation
    3,408Posts

    Re: [Tutorial] [.NET] Trial Limit Injection

    Quote Originally Posted by AngraMainyu View Post
    This is incredibly easy to inline out, just so you know. Emitting IL offers no advantage over doing it normally, but it is a lot more tedious.
    Yeah I know, but if you were to create your own .NET protection program and you'd have a 'free' version, this would be ideal to put this in. :)

  4. #4
    Account Upgraded | Title Enabled! AngraMainyu is offline
    True MemberRank
    May 2011 Join Date
    446Posts

    Re: [Tutorial] [.NET] Trial Limit Injection

    Quote Originally Posted by Quackster View Post
    Yeah I know, but if you were to create your own .NET protection program and you'd have a 'free' version, this would be ideal to put this in. :)
    If you were to create your own packer in .NET, you're doing it wrong period. I mean, I guess it's not protecting state secrets or anything but it takes under a minute to just NOP the function out.

  5. #5
    Moderator Quackster is offline
    ModeratorRank
    Dec 2010 Join Date
    AustraliaLocation
    3,408Posts

    Re: [Tutorial] [.NET] Trial Limit Injection

    Quote Originally Posted by AngraMainyu View Post
    If you were to create your own packer in .NET, you're doing it wrong period. I mean, I guess it's not protecting state secrets or anything but it takes under a minute to just NOP the function out.
    Who cares? It's a tutorial how to inject a method with Mono.Cecil - and that was merely an example.
    The Habbo archives: http://alex-dev.org/archive/

  6. #6
    Developer BurakDev is offline
    True MemberRank
    Mar 2013 Join Date
    ParisLocation
    377Posts

    Re: [Tutorial] [.NET] Trial Limit Injection

    Nice, very useful method for inject class in assembly

  7. #7
    Account Upgraded | Title Enabled! AngraMainyu is offline
    True MemberRank
    May 2011 Join Date
    446Posts

    Re: [Tutorial] [.NET] Trial Limit Injection

    Quote Originally Posted by Quackster View Post
    Who cares? It's a tutorial how to inject a method with Mono.Cecil - and that was merely an example.
    Well now, that's different. I thought this was about using it as an anti-debug technique. Now you should write a helper class that takes a .NET framework MethodInfo's IL stream and writes it to a Mono.Cecil ILProcessor.

  8. #8
    Developer iGalaxy is offline
    True MemberRank
    Jul 2013 Join Date
    C:/xampp/htdocsLocation
    514Posts

    Re: [Tutorial] [.NET] Trial Limit Injection

    Hopefully now on emulators dont come on licensed methods.. LOL!

  9. #9
    Developer BurakDev is offline
    True MemberRank
    Mar 2013 Join Date
    ParisLocation
    377Posts

    Re: [Tutorial] [.NET] Trial Limit Injection

    Quote Originally Posted by iGalaxy View Post
    Hopefully now on emulators dont come on licensed methods.. LOL!
    Useless, is very easy to crack it



Advertisement