Click here to Skip to main content
11,928,919 members (52,212 online)
Click here to Skip to main content
Add your own
alternative version


92 bookmarked

Building Security Awareness in .NET Assemblies : Part 3 - Learn to break Strong Name .NET Assemblies

, 1 Nov 2004
Rate this:
Please Sign up or sign in to vote.
Building Security Awareness in .NET Assemblies : Part 3 of 3


NeCoders shall not be held responsible for any cases of software/files being hacked due to the information provided in this article.

General Overview

Welcome back to part 3 of the Building Security Awareness in .Net Assemblies series. In this article, I will share with you the possibility of breaking Strong Named .Net Assemblies. Make sure you have already read through part 1 and 2 before continuing on.

Questions pertaining to Strong Name

I do believe many others have the same doubts as I do on whether Strong Name keys could really protect the assembly from being tampered. I would like to share my doubts with you in this article.


  1. Question : Is Strong Name key secure?
    • Answer : Yes, Strong Name key uses RSA 1024 bit encryption.
  2. Question : Is Strong Name key breakable?
    • Answer : If you have enough computing power, time and knowledge on how to break RSA, the answer is yes.
  3. Question : Can Strong Name key be removed from .NET assemblies?
    • Answer : Yes, it can be removed very easily if you know how.

The Demonstration Test machine specifications :

  • Windows XP Professional Edition SP 1 1

  • Intel Pentium 4 2.6GHz

  • 256MB DDR-RAM

  • Visual Studio .Net 2003 Professional Edition

  • Microsoft .Net Framework 1.1
  1. Download the executable files that come with this article.
  2. Open your Visual Studio .Net 2003 command prompt.
  3. Make sure you are inside the CrackingIL/bin/debug directory.
  4. Type “ildasm CrackingIL.exe /”.

  1. You must be wondering, why we are repeating what we had done in part 1 and part 2 of the series. If you notice, the way to break Strong Name keys is by manipulating the Intermediate Language. But the problem is in part 2, we did modify the Intermediate Language and at the end when we tried to convert it back to an assembly, we will receive an error. I will explain in detail on which part of the Intermediate Language that you should modified to remove the Strong Name key.
  2. Open up the with a text editor. I use notepad.

  1. Take a look at the red boxes. From what I understand, each assemblies like System.Windows.Forms, System and mscorlib contains their own public key token and version number.
  2. Now, does our assembly contain a public key? The answer is yes. Before showing it to you, I will first show you 2 screenshots; one without Strong Name key and one with Strong Name key attached.

Without Strong Name :

With Strong Name :

  1. You will notice that the difference on both sides is that the Strong Name key assembly contains a public key. In order to tamper a Strong Named .Net Assembly, just remove that highlighted section. It will look like this.

  1. Now do some modifications to the existing Intermediate Language. You have to remove the registry checking so it will not prompt you for serial number or license. Look for this code.

  1. Then remove the lines of code from IL_0000 to IL_0075. You should have an output like this.

  1. Now just edit some text to prove that you have hijacked that Strong Named key .Net Assembly. Find the code with the phrase “Welcome to NeCoders” and replace it to “You are being hijacked, Strong Names are useless here”.

Change above to:

  1. Open your Visual Studio .Net 2003 command prompt, and type “ilasm”.

  1. Try to run CrackingIL.exe. You will see this.

  1. Congratulations! You had managed to manipulate .Net assemblies with Strong Name key attached to it.


Again, I hope you find this series of the article to be interesting. There will be more articles under this series, in terms of breaking and securing the .Net assemblies. Do check out article 4 when it is available as it will explaining the many theories in .NET security. This in return should provide you with a better understanding in this topic.




This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


About the Author

Chua Wen Ching
Software Developer
Malaysia Malaysia
I am Chua Wen Ching and it is great to be part of CodeProject network Smile | :)

You may also be interested in...

Comments and Discussions

QuestionCareful Here Pin
eduardna26-Mar-12 23:15
membereduardna26-Mar-12 23:15 
Strong names is for assigning an assembly identity to prevent name collision and provide CAS policy. Authenticode signatures would protect the file integrity and provide publisher identity and certificate revocation. Removing a strong name signature is not proving anything except that it can be done. In the ECMA spec there is details on a cleaner way to do this without even decompiling. If the assembly is part of a bigger product and that product is cryptographically tied to an Authenticode signature, all bets are off.
GeneralMy vote of 1 Pin
JanV800017-Nov-09 2:40
memberJanV800017-Nov-09 2:40 
RantSuperb Pin
SyntaxCheck10-May-08 1:47
memberSyntaxCheck10-May-08 1:47 
Questionis there other parts than 1,2&3? Pin
ZHM12-Feb-08 17:31
memberZHM12-Feb-08 17:31 
GeneralRe: is there other parts than 1,2&3? Pin
chuawenching4-Mar-08 17:19
memberchuawenching4-Mar-08 17:19 
GeneralRe: is there other parts than 1,2&3? Pin
ZHM5-Mar-08 12:48
memberZHM5-Mar-08 12:48 
QuestionBreak without removing? Pin
Ariston Darmayuda4-Jul-07 7:53
memberAriston Darmayuda4-Jul-07 7:53 
Questionwhat would you suggest to do when you have a strong name assembly that need to call a non strong named assembly? Pin
vvatclor28-Aug-06 12:29
membervvatclor28-Aug-06 12:29 
GeneralWaiting for part 4 of this series. Pin
horngsh1687-Jun-06 20:17
memberhorngsh1687-Jun-06 20:17 
QuestionHow can I assign Strong Name to DLL [modified] Pin
Nimit Patel22-May-06 4:13
memberNimit Patel22-May-06 4:13 
Generalwaiting 4 part 4 Pin
shystars8-Dec-05 20:35
membershystars8-Dec-05 20:35 
GeneralOffline thread Pin
Shaun Wilde25-Nov-04 21:56
memberShaun Wilde25-Nov-04 21:56 
GeneralRe: Offline thread Pin
chuawenching25-Nov-04 22:29
memberchuawenching25-Nov-04 22:29 
QuestionPossible to change the public key? Pin
King Pang12-Nov-04 22:59
memberKing Pang12-Nov-04 22:59 
QuestionSecure or not? Pin
uTILLIty10-Nov-04 22:15
memberuTILLIty10-Nov-04 22:15 
AnswerRe: Secure or not? Pin
hakervytas29-Nov-05 5:41
memberhakervytas29-Nov-05 5:41 
GeneralGreat Article Pin
Adam Goossens10-Nov-04 21:30
memberAdam Goossens10-Nov-04 21:30 
GeneralRe: Great Article Pin
Mashayekh4-Apr-05 0:21
memberMashayekh4-Apr-05 0:21 
GeneralExcellent, I am eagerly awaiting future parts Pin
John Cardinal10-Nov-04 7:12
memberJohn Cardinal10-Nov-04 7:12 
GeneralRe: Excellent, I am eagerly awaiting future parts Pin
chuawenching10-Nov-04 11:03
memberchuawenching10-Nov-04 11:03 
QuestionWhat strong names do PinPopular
punkrock9-Nov-04 14:55
memberpunkrock9-Nov-04 14:55 
AnswerRe: What strong names do Pin
chuawenching9-Nov-04 15:31
memberchuawenching9-Nov-04 15:31 
GeneralRe: What strong names do Pin
Some Pathetic Slob1-Dec-04 11:24
sussSome Pathetic Slob1-Dec-04 11:24 
GeneralRe: What strong names do Pin
chuawenching1-Dec-04 13:38
memberchuawenching1-Dec-04 13:38 
GeneralRe: What strong names do Pin
Anonymous6-Jan-05 0:36
sussAnonymous6-Jan-05 0:36 
GeneralStrong names Pin
Hugo Hallman9-Nov-04 12:37
memberHugo Hallman9-Nov-04 12:37 
GeneralRe: Strong names Pin
chuawenching9-Nov-04 13:16
memberchuawenching9-Nov-04 13:16 
GeneralRe: Missunderstanding to strong names Pin
Anonymous11-Nov-04 2:30
sussAnonymous11-Nov-04 2:30 
GeneralRe: Missunderstanding to strong names Pin
chuawenching11-Nov-04 16:05
memberchuawenching11-Nov-04 16:05 
GeneralRe: Missunderstanding to strong names Pin
JanSeda11-Nov-04 16:42
memberJanSeda11-Nov-04 16:42 
GeneralRe: Missunderstanding to strong names Pin
chuawenching11-Nov-04 16:53
memberchuawenching11-Nov-04 16:53 
GeneralRe: Strong names Pin
Kurt H11-Nov-04 10:58
memberKurt H11-Nov-04 10:58 
GeneralRe: Strong names Pin
Hugo Hallman11-Nov-04 11:10
memberHugo Hallman11-Nov-04 11:10 
GeneralRe: Strong names Pin
Kurt H11-Nov-04 11:52
memberKurt H11-Nov-04 11:52 
GeneralRe: Strong names Pin
chuawenching11-Nov-04 16:10
memberchuawenching11-Nov-04 16:10 
GeneralXenoCode Pin
staceyw9-Nov-04 9:40
memberstaceyw9-Nov-04 9:40 
GeneralRe: XenoCode Pin
chuawenching9-Nov-04 13:20
memberchuawenching9-Nov-04 13:20 
GeneralRe: XenoCode Pin
Shaun Wilde25-Nov-04 21:50
memberShaun Wilde25-Nov-04 21:50 
GeneralRe: XenoCode Pin
chuawenching25-Nov-04 22:25
memberchuawenching25-Nov-04 22:25 
GeneralRe: XenoCode Pin
Frank Hileman9-Jul-05 6:55
memberFrank Hileman9-Jul-05 6:55 
GeneralPotential problem with method Pin
Etienne Fortin9-Nov-04 6:03
memberEtienne Fortin9-Nov-04 6:03 
GeneralRe: Potential problem with method Pin
Anonymous9-Nov-04 6:24
sussAnonymous9-Nov-04 6:24 
GeneralNice one Pin
rawwool6-Nov-04 22:06
memberrawwool6-Nov-04 22:06 
GeneralRe: Nice one Pin
Anonymous6-Nov-04 22:54
sussAnonymous6-Nov-04 22:54 
GeneralRe: Nice one Pin
Hugo Hallman9-Nov-04 12:32
memberHugo Hallman9-Nov-04 12:32 
GeneralRe: Nice one Pin
chuawenching9-Nov-04 13:18
memberchuawenching9-Nov-04 13:18 
GeneralRe: Nice one Pin
rawwool10-Nov-04 6:58
memberrawwool10-Nov-04 6:58 
GeneralDisclaimer Pin
Horia Tudosie4-Nov-04 4:29
memberHoria Tudosie4-Nov-04 4:29 
GeneralRe: Disclaimer Pin
Misty_Blue11-Nov-04 12:00
memberMisty_Blue11-Nov-04 12:00 
GeneralGreat Job Pin
sandurea4-Nov-04 0:51
susssandurea4-Nov-04 0:51 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.151126.1 | Last Updated 1 Nov 2004
Article Copyright 2004 by Chua Wen Ching
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid