Airzero Sec

We Do Not Give Up ! Trust US !

Home » Archive for: November 2021

How To Protect C# Application From Decompiling?

- Posted in Website Security by

enter image description here

Many developers and programmers are still not aware that Portable Executable files can be decompiled into readable source code. Before going to the topic of what we do to stop or make it hard for the decompilers to reverse engineer the source code, we need to understand some basic concepts. A Cybersecurity consulting company can help you to provide the best-secured way to avoid decompilation for your application.

Is C# easy to decompile?

C# is easy to decompile because it contains metadata that can aid in decompilation. C# also compiles down to an intermediate language which maps much better to the exact source code. so it is easy to decompile. C# compiles to CIL. Typically, a lot more information about the exact source code, such as object-oriented concepts including class structure, can be gleaned from reading the CIL than from reading.

How to prevent decompilation against C# applications?

One way to make the C# application a little more difficult to crack would be to deliver it as a program that decrypts its instructions, compiles and runs them only when needed. This way, if someone finds out where the exact code is stored, it will still be encrypted and without a license it is unusable.

What is a Portable Executable file?

When source code is compiled, it generates a Portable Executable file. Portable Executable is either a DLL or an EXE. Portable executable file contains Microsoft Intermediate Language and Metadata. Microsoft intermediate language is ultimately converted by CLR into the native code which a processor can understand. Metadata contains assembly information like Assembly Name, what the Version is, Culture and the Public Key. Consult a cyber security solution that makes your application safe and portable.

How Can We Get Source Code from EXE?

Yes, you heard right we can get the source code from DLL or EXE. To show this, let's create a simple app first.

Steps to develop an application is:

  • Open Visual Studio
  • create a new project
  • select console-based application
  • Add some code to the newly created project

For example, start with the sample code below:

using System;
namespace MyConsoleApp {
internal class Program{

private static void Main(string[] args){
Console.WriteLine(PublicMethod());
Console.WriteLine(PrivateMethod());}

 public static string PublicMethod(){

// Your source code here
return "Public Method";}
private static string PrivateMethod(){

// Your source code here return "Private Method";}}}

OK! After that now builds the application, an EXE will be generated in the folder bin/debug. Now let's try to get the code from the EXE file:

  • open Visual Studio command prompt.
  • Type ildasm and hit enter( ILDASM basically has an ability to read intermediate language).
  • open the EXE file that was created.

As we can see, ILDASM disassembles the EXE and lots of useful information can be stored, though it does not provide the original code completely, a lot can be changed. The easy way to reverse engineer and get the exact code is that there are decompilers available and used for free, which can convert the Intermediate Language into the original source code.

When we open the EXE with a decompiler we are able to see the original code. This can lead to piracy and you can lose your profits.

How to Prevent EXE from Getting Decompiled?

The process of protecting the EXE and DLL from getting decompiled into the exact code is called Obfuscation. There is a lot of software available to Obfuscate the .NET assemblies. The below settings are related to confuserex.

  • Download obfuscate software that is available online.
  • Extract the zip and then run
  • Select the EXE you want to protect.
  • Once you are done makeup the directories and adding EXE, go to the Settings tab.
  • Click on the button “+”, you will see “true” under Rules
  • Click on the edit rule
  • A new window will appear
  • Click on the “+” button
  • You can choose different ways to add levels of protection
  • Select only with “Anti IL Dasm” and “Anti Tamper”(this is enough to make things hard to reverse engineer for decompilers).
  • Click on Done
  • Go to Protect tab
  • Click on Protect button
  • You can find the protected EXE in the output directory selected

ALL SET! Now you see your EXE cannot be decompiled anymore.

If you have any queries about this topic or have to get cybersecurity services and consultations against these serious cyber attacks. Feel free to contact us. AIRZERO SEC will always be your strong firewall. E-mail id: [email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

How To Avoid Decompile Android Apps Kotlin Or Java?

- Posted in Mobile App Security by

enter image description here

What Is Reverse Engineering In Android?

People often respect the open nature of Android as it is something that empowers innovators to build backbone products. But only a few know the opposite side of this openness Vulnerability. Having said that, Android offers app developers a big milestone that most mobile operating systems don’t. Being an open-source framework, it is fairly easy for an app developer to study its source code and modify it the way they want. The technique through which most app developers re-obtain source code either with the aim of recreating the program, to build something similar to it, or to identify an app’s weakness and its security is known as Reverse Engineering in Android.

How Reverse Engineering Can Be Used To Decompile App Code?

Android apps are always weak so it is easy to attack as the code is not rendered into machine code, passing it prone to extraction and reverse engineering. The vulnerable program can then be used for a variety of reasons, which could be a dangerous issue for any serious mobile app business such as:

  • Re-using the code for one’s own benefit
  • Find vulnerabilities in the code
  • Search for personal and sensitive data hardcoded in the code
  • Malware fishing
  • Modifying the functionality of an existing application

What Are Some Threats To A Decompiled Android Code?

  • Android Malware and Security Issues
    Android apps have serious issues from various types of malware such as spyware, trojan, adware etc. Although some malware is not supposed to cause any threat, there is some malware that can lead to unexpected and unwanted problems like localized denial of service, abnormal battery conditions etc. Moreover, malware like Spywares can access a smartphone’s camera and microphone module to send data back to hackers. Adware is another type of malware that utilizes the existing various communication platforms like Email, MMS, Bluetooth or SMS etc. To transmit dangerous advertisements to certain numbers of people.
  • Security problems due to code de-compiling in Android
    The code that is extracted can result in decreased security, freely available in-app purchases and can lead to misplaced user data that could result in bad pricing elasticity. These are some of the reasons why someone would de-compile your program, and you can now know a little bit of the damage they can put you through. In mobile application development, security is even more than a regular need as most of the apps have heavy data such as Financial apps or Healthcare apps.

We often come across problems like this one.

A good company will never go behind their customer’s back and develop a similar app for a rival, and most developers won’t leave their name within the app’s program. Air Zero Sec, one of the best cybersecurity company in Kerala, will help you with these types of common threats that happen in android applications. However, a few developers leave their names inside the comments, which can then be used to extract the agency or freelancer that developed it. But that isn’t what I want you to take from this problem. By now, you are able to understand and know that people are actively trying to decompile your apps, and you need to do something about it. Find a trusted cybersecurity service provider and they will resolve the issues that your company is facing.

How To Avoid Android App Decompilation On To Prevent Reverse Engineering?

  • Put Important Code on Server When you put your important program on the server, it reduces the chances of stealing your source code, as the main program will remain on the server and only results can be seen. A server farm is a huge expense, and it’s not a great solution for everyone. Moreover, if there is an issue of poor network connectivity, your Android app users will be irritated and your customers are more likely to lose business. There is a better solution too. Suppose there is a block of a program that you do not want to let out. Keep that block of the program in hardware that you control. This will make the extractor job painful to get your apk source code. And, to add more security and safety, you could add double obfuscation to combat any middle attacks.

  • Use Proguard Proguard is an obfuscation tool that is useful for safeguarding applications using a license database. The tool helps to increase the difficulty of reversing your Android app code. A commercial version of Proguard is also available named Dexguard. Dexguard goes the extra mile in the matter of security and safe increasing difficulty. Though, your program could always be converted into small, which is useful for developers to figure out what you do with it. But, again, if you don’t want people to see your program, don’t put it on their devices.

Conclusion

There are, of course, other ways to make Android reverse engineering harder, but the above two are the most effective among all. If you have any queries about this topic or have to get services and consultations against these serious cyber threats. Feel free to contact us. AIRZERO SEC will be your strong firewall.
E-mail id: [email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

Why Laravel is the Secured Framework For SQL Injection?

- Posted in Website Security by

enter image description here

What Is SQL Injection?

SQL Injection is a type of cyber attack that makes it possible to execute criminal SQL statements. These statements control the database server behind any web application. Hackers can use SQL Injection vulnerabilities to destroy application security measures. They can go around authentication of a web page and retrieve the content of the whole SQL database. They can also use SQL Injection to add, delete and modify records in the database. The best cyber security company that you approach will always provide the best to protect your database from SQL injection and attacks.

An SQL Injection vulnerability may affect any website that uses an SQL database such as MySQL, Oracle, or others. Criminals may use it to gain unauthorized access to your personal and highly important data like:

  • Customer information
  • Personal data
  • Trade secrets
  • Intellectual property and more

SQL Injection attacks are one of the oldest and very dangerous web application vulnerabilities. Cyber security service providers will help you with this serious problem.

Why Laravel Framework?

Laravel is a web app development framework with expressive and royal syntax that makes the entire web development process faster, simple, and more enjoyable for developers by eliminating all the pain points associated with handling the most complex PHP code.

It simplifies some of the mostly executed tasks like routing, authentication, sessions, caching, and others so that developers can focus on building most business-related features of the web application. Laravel protects the web apps from SQL injection as long as you're using the fluent query builder.

Laravel does this by making secured and prepared statements that are going to escape any user input that may come in through the apps. If attackers add a new input to a form, they may try to insert a query and then run their own SQL query to damage your application database. However, this won't work while you are using Eloquent. Eloquent is going to protect from this SQL query and the invalid query will just be saved as text into your database.

What Are The Types Of SQL Injection Attack Vectors That Laravel Can’t Protect?

Developers usually make mistakes by thinking Laravel protects from all SQL injections and attacks, while there are some attack points that Laravel cannot protect, here are the most common causes of SQL injections that we saw in the latest Laravel applications during our security Checks.

SQL Injection via column name

The first common mistake that we see is that a lot of people think that Laravel would escape any dimension that is passed to Query Builder or Eloquent. But in reality, it’s not that safe to pass user-controlled column names to the query builder.

It’s important to mention that the demonstrated attack point is fixed on the Laravel versions, but still, Laravel warns developers even in the new documentation to not pass user-controlled column names to Query Builder without whitelisting.

Commonly, even if there is no chance to turn a custom column into an injected SQL string, we still do not recommend allowing to sort the data by any user-provided column name, since it can introduce a dangerous security issue.

SQL Injection via validation rules

Let’s take a look at the following simplified validation code:

$id = $request->route('id');
$rules = [ 'username' => 'required|unique:users,name,' . $id,];

$validator = Validator::make($request->post(), $rules);

Whether Laravel uses $id here to command that database and $id is not escaped, it will allow a hacker to perform an SQL injection.

How to prevent SQL injection in Laravel?

Laravel’s Eloquent ORM uses PDO binding that protects web apps from SQL injections. This relevant feature ensures that no client could modify the intent of the SQL queries.

Consider the example of the form used to collect users’ email addresses from a database. the form will search for an email address, for instance, “[email protected]”. Now imagine that the SQL query is modified to:

SELECT * FROM users WHERE email = '[email protected]' or 1=1

In the above example, 1=1 is a simple expression that always evaluates to be true. If it is attached to the above query with the OR condition, the query will fetch all records from the table because the SELECT condition will evolve to be always true.

Now consider another direction of the attack in which the query is modified directly to the command “drop table users” and instead of the email address, “[email protected]” is written. The query will look like this:

SELECT * FROM users WHERE email = '[email protected]'; drop table users;

When this query is executed, the table “users” will be deleted from the database.

When the PDO parameter binding is in place, the input is in quotes and the query will look like this:

SELECT * FROM users WHERE email = '[email protected] or 1=1'

Since no records will match with either the email or the “1=1”, the query will not be returning anything.

This framework provides other ways of talking to databases, such as raw SQL queries. Yet, Eloquent remains one of the most popular options.

Laravel framework uses PDO binding to prevent SQL injection attacks because no variable gets to the database without validation.

If this is the case, one should always use prepared SQL queries to prevent misplacement. Consider the following statement that looks ripe for SQL injection:

Route::get('this-is-prone-to-sql-injection', function() {
$name = "'ancy' OR 1=1";
return DB::select(
DB::raw("SELECT * FROM users WHERE name = $name"));});

Here the statement 1=1 used in the OR condition will result in returning all the rows in the user’s table. This can be prevented by using the following code instead:

Route::get('safe-from-sql-injection', function() {
$name = "'ancy' OR 1=1";
return DB::select(
DB::raw("SELECT * FROM users WHERE name = ?", [$name]));});

Laravel replaces the question marks with the query, automatically escaping the input variables. This protects the query from SQL injection attacks.

If you have any queries about this topic or have to get services and consultations against this serious cyber threat. Feel free to contact us. AIRZERO SEC will be your strong firewall.
E-mail id: [email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/
Email id: [email protected]