Red Gate forums :: View topic - De-serialization of data seralized before obfuscation
Return to www.red-gate.com RSS Feed Available

Search  | Usergroups |  Profile |  Messages |  Log in  Register 
Go to product documentation
SmartAssembly 6
SmartAssembly 6 forum

De-serialization of data seralized before obfuscation

Search in SmartAssembly 6 forum
Post new topic   Reply to topic
Jump to:  
Author Message
smuda



Joined: 08 Jan 2012
Posts: 18
Location: Sweden

PostPosted: Sun Jan 08, 2012 4:06 pm    Post subject: De-serialization of data seralized before obfuscation Reply with quote

Hi!

We have an object that we create in a software (which isn't obfuscated), serialize and save to disk. This is then distributed to the clients and is supposed to be de-serialized.

When there is no obfuscation (for example when only embedding the assembly handling this) it works fine.

However, adding the two assemblies involved to merging, even without obfuscation and flow control, it breaks the deserialization function since it cannot find the assembly referenced in the file.

What would be "best practices" to handle this scenario?

Best Regards,

John
Back to top
View user's profile Send private message
Brian Donahue



Joined: 23 Aug 2004
Posts: 6677

PostPosted: Tue Jan 10, 2012 10:56 am    Post subject: Reply with quote

Hi John,

The normal procedure is to work out which classes need to be serialized, then mark them with the Serializable attribute. If you mark the type [Serializable], then SmartAssembly will not rename it or make it private. If the type gets renamed or access modifier changes to private, then this will break the serialization process.
Back to top
View user's profile Send private message
smuda



Joined: 08 Jan 2012
Posts: 18
Location: Sweden

PostPosted: Tue Jan 10, 2012 9:16 pm    Post subject: Reply with quote

Hi Brian,

All classes serialized are marked with the Serializable attribute already and when we created the serialized data the assemblies were strong signed.

When I use reflector on the merged assembly I can see all the classes with the Serializable attribute. When I'm testing they are unobfuscated and there is no control flow obfuscation.

Is there a "redirection functionality" which is supposed to handle redirection from the original filename and public key to the new assembly?

Best Regards,

John
Back to top
View user's profile Send private message
Simon C



Joined: 26 Feb 2008
Posts: 140
Location: Red Gate Software

PostPosted: Wed Jan 11, 2012 11:00 am    Post subject: Reply with quote

Unfortunately, this is an artefact of the .NET serialization system. By merging the assemblies defining the serialized classes into another you are changing the assembly identity. To .NET, a serialized instance of [AssemblyA]MyNs.MyType is completely different to [AssemblyB]MyNs.MyType.

In your case, the solution would be to create a SerializationBinder to map between the two assemblies in the merged assembly.
Back to top
View user's profile Send private message Send e-mail
smuda



Joined: 08 Jan 2012
Posts: 18
Location: Sweden

PostPosted: Sun Jan 22, 2012 6:57 am    Post subject: Reply with quote

Hi!

Just wanted to say that using a SerializationBinder worked perfectly.

Code:

class LicenseInfoDeserializationBinder : SerializationBinder
{
   public override Type BindToType(string assemblyName, string typeName)
   {
      if (assemblyName.StartsWith("OriginalFilenameWithoutExtension"))
      {
         // When the type being deserialized originates from original assembly
         // redirect do current assembly, since it is the same
         // but obfuscated
         assemblyName = Assembly.GetExecutingAssembly().FullName;
      }

      // For each assemblyName/typeName that you want to deserialize to
      // a different type, set typeToDeserialize to the desired type.
      var typeToDeserialize = Type.GetType(String.Format("{0}, {1}",
                                                          typeName, assemblyName));

      return typeToDeserialize;
   }
}


Thank you for your help!

Best Regards,

John
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic All times are GMT + 1 Hour
Page 1 of 1

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group