| Author |
Message |
smuda
Joined: 08 Jan 2012
Posts: 18
Location: Sweden
|
 Posted: Sun Jan 08, 2012 4:06 pm Post subject: De-serialization of data seralized before obfuscation |
 |
|
Hi!
We have an object that we create in a software (which isn't obfuscated), serialize and save to disk. This is then distributed to the clients and is supposed to be de-serialized.
When there is no obfuscation (for example when only embedding the assembly handling this) it works fine.
However, adding the two assemblies involved to merging, even without obfuscation and flow control, it breaks the deserialization function since it cannot find the assembly referenced in the file.
What would be "best practices" to handle this scenario?
Best Regards,
John |
|
| Back to top |
|
 |
Brian Donahue
Joined: 23 Aug 2004
Posts: 6348
Location: Red Gate Software
|
| Posted: Tue Jan 10, 2012 10:56 am Post subject: |
|
|
Hi John,
The normal procedure is to work out which classes need to be serialized, then mark them with the Serializable attribute. If you mark the type [Serializable], then SmartAssembly will not rename it or make it private. If the type gets renamed or access modifier changes to private, then this will break the serialization process.
_________________
Brian Donahue
Technical Support
Red Gate Software Ltd.
44 (0)870 160 0037 ext 8521
US and CAN 1-866-RED GATE ext 8521 |
|
| Back to top |
|
|
smuda
Joined: 08 Jan 2012
Posts: 18
Location: Sweden
|
| Posted: Tue Jan 10, 2012 9:16 pm Post subject: |
|
|
Hi Brian,
All classes serialized are marked with the Serializable attribute already and when we created the serialized data the assemblies were strong signed.
When I use reflector on the merged assembly I can see all the classes with the Serializable attribute. When I'm testing they are unobfuscated and there is no control flow obfuscation.
Is there a "redirection functionality" which is supposed to handle redirection from the original filename and public key to the new assembly?
Best Regards,
John |
|
| Back to top |
|
|
Simon C
Joined: 26 Feb 2008
Posts: 140
Location: Red Gate Software
|
| Posted: Wed Jan 11, 2012 11:00 am Post subject: |
|
|
Unfortunately, this is an artefact of the .NET serialization system. By merging the assemblies defining the serialized classes into another you are changing the assembly identity. To .NET, a serialized instance of [AssemblyA]MyNs.MyType is completely different to [AssemblyB]MyNs.MyType.
In your case, the solution would be to create a SerializationBinder to map between the two assemblies in the merged assembly. |
|
| Back to top |
|
|
smuda
Joined: 08 Jan 2012
Posts: 18
Location: Sweden
|
| Posted: Sun Jan 22, 2012 6:57 am Post subject: |
|
|
Hi!
Just wanted to say that using a SerializationBinder worked perfectly.
| Code: |
class LicenseInfoDeserializationBinder : SerializationBinder
{
public override Type BindToType(string assemblyName, string typeName)
{
if (assemblyName.StartsWith("OriginalFilenameWithoutExtension"))
{
// When the type being deserialized originates from original assembly
// redirect do current assembly, since it is the same
// but obfuscated
assemblyName = Assembly.GetExecutingAssembly().FullName;
}
// For each assemblyName/typeName that you want to deserialize to
// a different type, set typeToDeserialize to the desired type.
var typeToDeserialize = Type.GetType(String.Format("{0}, {1}",
typeName, assemblyName));
return typeToDeserialize;
}
}
|
Thank you for your help!
Best Regards,
John |
|
| Back to top |
|
|
|
