Skip to content

How To (Extremely Easy) DECOMPILE .NET Applications✅

2 de December de 2021

DisclaimerThis article is for educational and training orientation, we are not responsible for the misuse of the techniques and explanations mentioned in this article and/or the use of the tools mentioned/provided, also we do not assume responsibility for the actions carried out with the information of the same. Please use this information for ethical purposes.

All tools and decompilers mentioned are our own recommendations, nothing sponsored.


Index

Why decompile .NET applications?

From Dotnetsafer we do this article for a very simple reason, in our offices (a coworking space) there are quite a few companies that are developed in .NET.

One day at lunch I told them what we were doing and they didn’t understand anything, it turns out that they had no idea what decompilation is, they didn’t know that with a simple tool they could see, copy or modify their development.

Not in all cases you should worry, but for some of them the core of the business is the development itself and obviously it was not very funny.

I have to say that this happens in all compiled languages, but I will focus on .NET which is what we master.

What could be better than a step-by-step tutorial on how to decompile .NET applications?

In this article I am going to show basic notions about decompilation and reverse engineering, if you are interested in something more complex, do not hesitate to ask us!

Note: To carry out the practical parts we use DnSpy (.NET decompiler, it’s free and it has a lot of cool features), but we provide you with the same tool from https://decompiler.dotnetsafer.com so that you can carry out the tutorial from your browser without having to download anything ♥. (Simply to decompile drag the .NET application to the left part shown on the screen, the code will be displayed on the right part).

There are many .NET decompilers that you can use as an alternative to DnSpy like ilspy, justDecompile telerik decompiler, jetbrains dotPeek decompiler, Spices .NET decompiler, Redgate .NET Reflector and more (you can find them for Windows, Linux or macOs).

Is decompilation illegal?

The decompilation of applications is generally legal. According to Section 103 of the Digital Millennium Copyright Act (17 U.S.C. § 1201):

“A person in legal possession of a program may reverse-engineer and circumvent its protection if that is necessary to achieve “interoperability,” a term that broadly covers other devices and programs that can interact with it, make use of it, and to use and transfer data to and from it in useful ways.”

For example, in the USA it is legal as long as the software or application has been obtained legally and, as long as the licensing and use agreement of the application itself prohibits it.

In the European Union, decompilation is also legal as long as it is for interoperability purposes. However, reverse engineering and decompilation does not give you permission to publish the findings.

What is decompilation in .NET?

You might know that C# is a high level programming language and it uses a combination of static and JIT compilation. This means that the code is compiled down to bytecode.

Decompilation is the reverse of compilation (I’m going to patent this great explanation).

That is, the COMPILATION is basically:

  1. You write code
  2. You push the magic compile button and it becomes an executable/file/.exe/dll… (well, it should… surely you forgot a semicolon or something like that 😪) you will also have 103 warnings ⚠, but if you don’t open your eyes, you don’t see them 🤭.

The process will be something like this:

compile .NET applications

Well, decompile process is the opposite, you have an executable file, .dll, .exe…, and with a tool (decompiler) you get the original source code (in other words, the compiled code is converted into readable source code).

decompile .NET applications

And is it simple?🙄

I’d say it’s easier than compiling, but let’s see how it’s done.

If you are wondering how long it takes to decompile a .NET application, too little.

How To Decompile .NET and .NET Core Applications

Let’s decompile a simple .NET application:

decompile asp.net web application

In order to explain it well, we will use the DnSpy C# decompiler. There are several dll decompilers and each one is good for something in particular, but DnSpy is one of the best for decompiling and debugging .NET applications.

This can be used for any type of .NET assembly. It doesn’t matter if it is an ASP.NET web application or VB.NET application or even mobile applications (apk). Anything within the .NET Framework.

When we compile our .NET Core application, we will obtain the compiled files, in the case of .NET Core the .exe file will be the executable, but it will be in charge of executing the .dll that contains the code of our application.

Ok, let’s proceed to decompile the .dll file:

dnspy alternative reddit

To do this, all we have to do is drag it to DnSpy:

how to decompile asp.net web application

Once loaded, the original source code will be shown and we can work on it, we can analyze it, modify it, debug it, etc.

Viewing the source code of the decompiled .NET application

Once our application is decompiled, we can navigate through the source code as if it were our own project:

how to decompile vb.net application

Debug the .NET application

This will be useful to understand how it works or to obtain some values in memory.

For example, let’s put a breakpoint before doing a subtraction:

decompile .net exe to source code

and then we will run the application:

decompile .net assembly online

Here is a simple example:

visual studio decompiler

This is a function that can be very useful at times, but it can also be dangerous ⚡.

Modify the code of the decompiled .NET application

We can modify and re-compile the decompiled .NET application without any problem:

craking to decompile asp net web application

We can also do it using IL code, but if we do not know it it will be much more complex.

We change that simple text:

changing cil body .net core application

and we compile again:

compiling .net core application

Now to save our modified application, we will give:

saving module dnspy

We will select the name of the file, its path and we will mark the following options:

metadata dnspy

and we will have our modified application:

.net decompile app

Ok, these are simple and unimportant examples, I leave to your imagination 💭 everything that could be done with these simple tools.

Now we are going to see other types of applications, because compile process in .NET is the same, it does not matter if you use C#, VB (Visual Basic , ASP, Xamarin, Blazor, everything works in the same way, let’s see then with a Blazor application.

Decompiling a Blazor Web Application

Now we have created a sample web application with Blazor, this is the application code in visual studio:

decompiling a Blazor .NET application

Basically it is an application that shows the weather and we have added Dotnetsafer in the middle so that we can see it later in the decompiled application, here is the web application:

decompile .NET applications

Ok, let’s get the code again.

First we will use our browser (it does not matter which one), since when loading the .NET libraries to display the application, it makes a call to obtain them.

We must enter inspection mode Ctrl + Shift + C and go to section Network, later reload the page with Ctrl + F5.

Here will be the file that contains the code of our web application:

.net blazor file

You can also obtain all the dependencies or own .net files that are used by the application

Well, we download it and open it again with DnSpy:

decompiling blazor with DnSpy

Once we have the decompiled file we can do everything that I mentioned in the previous point.

Decompiling a Xamarin Mobile Application

We raised the level of difficulty a little 🧨, but the operation is still the same.

We have created a simple application for mobile devices with Xamarin, the compiled application will have the extension .APK

The first thing we will do is unzip the APK, there are tools for this, but it is not necessary, for something so simple we can use winrar, (yes, the program that never expires 🆓):

decompiling apk

and we will copy all the files in a folder:

decompiling xamarin apk

Inside the folder Assemblies all .NET files will be found:

.net xamarin files

Here comes the interesting thing, these files have lz4 compression, which will give us an error if we try to decompile it with DnSpy:

dnspy error decompiling xamarin files

For this I bring a simple solution, a small Python script that will help us decompress all the .NET .dll files.

Yes, this sounds very complex, and it seems that you must be an expert:

hacking .net

But it really is something very simple that we will do in less than a minute.

Decompress Xamarin .NET Libraries

If you don’t have Python on your machine, install it previously.

Once we have Python (I run it from the VSCode terminal) we proceed:

Install lz4:

https://dev-to-uploads.s3.amazonaws.com/i/ua8pyhcf6ard0h1dx2pl.png

python -m pip install lz4 or simply pip install lz4

Use of the decompression script

The author of this script is Christian Reitter, X41 D-Sec GmbH, thank you for your article at X41 D-Sec GmbH, we have modified it to unzip all the files in the directory.

We will copy the code into a file called decompress.py and we will save it in the same path as our .dll files.

Decompress the files we need

decompress .net xamarin applications

We will do it with py .\decompressor.py .\, we’ll let it decompress all the .dll files in the directory.

In this case I am only interested in the two files corresponding to my application.

What has not been so difficult?

how decompile .net apps

Now we have the files ready to open with the DnSpy dll decompiler:

decompiling xamarin applications with dnspy

Now again we can do everything I mentioned earlier, the procedure is always the same, only the way in which the files are compiled varies.

This applies to all applications under .NET, such as games developed in Unity with #, virtual reality applications and augmented reality.

Did you like this article?

It has been very simple but I consider it fine for a basic level and learn a little about these topics 😊.

If you have found it interesting, do not hesitate to support it, and tell us below 👇 if you want to know something else, like let’s talk about crackinginjection and other aspects.

Also, if you want to learn more about decompiling and reverse engineering I would recommend you to look for reverse engineering forums (yes, there are such forums).

Thank you for reading the article ❤ and remember that in dotnetsafer we will be uploading articles about security in relation to .NET 🛡.

You have an online C# decompiler at https://decompiler.dotnetsafer.com so that you can comfortably do all the tests in this article without having to download any program.

Thank you for your attention, we hope you have learned a lot!

goodbye
Settings