.NET & Java Reversing
Managed Code
Managed code (.NET, Java) is much easier to reverse than native binaries because it compiles to intermediate bytecode with rich metadata, allowing near-perfect decompilation.
.NET Reversing with dnSpy
csharp
// dnSpy - .NET decompiler and debugger
// Open .exe or .dll → Browse classes → View decompiled C#
// Example decompiled output
public class LicenseChecker {
public static bool ValidateLicense(string key) {
string expected = GenerateKey(Environment.MachineName);
return key == expected;
}
private static string GenerateKey(string seed) {
using (MD5 md5 = MD5.Create()) {
byte[] hash = md5.ComputeHash(Encoding.UTF8.GetBytes(seed));
return BitConverter.ToString(hash).Replace("-", "");
}
}
}
// Patching with dnSpy:
// 1. Right-click method → Edit Method
// 2. Change: return key == expected;
// To: return true;
// 3. File → Save Module
// Alternative tools:
// - ILSpy (view only)
// - dotPeek (JetBrains)
// - de4dot (deobfuscation)Java Reversing
bash
# Java decompilation tools
# JD-GUI - Simple GUI decompiler
# Procyon - Modern decompiler
# CFR - Handles modern Java well
# JADX - Good for Android APKs
# Decompile JAR with CFR
java -jar cfr.jar target.jar --outputdir ./decompiled
# Decompile single class
java -jar cfr.jar MyClass.class
# Android APK analysis
jadx -d output/ app.apk
# Common obfuscators:
# - ProGuard (free, basic)
# - DexGuard (commercial)
# - Allatori (Java)
# De-obfuscation strategies:
# - Rename classes/methods based on usage
# - String decryption (find decrypt method, hook it)
# - Control flow analysis