Building UWP file manager with fluent design in a month

It is possible. Even in working on free time. Yeah, yeah, now you think that this idiot is lying, or he built something horrible. Ok have a look at this: screenshot

You think this is something horrible? Dumb asshole. I don’t understand, what is a purpose of searching something horrible…ok, ok, if it is very important for you, search through source code. I’m pretty sure you will find something horrible for you.

How did it start? My friend informed me about Windows Developer Day Sweepstakes and, and have you seen prizes? “Custom Xbox controller with engraving” this was my motivation for starting development of just another file manager who believes he is the best in the world, like you, me and another guy next to you. Oh, sorry for calling file manager he, maybe she? Fuck this sexism, It…It!

Read More

.NET Reverse Enginering - Part 2

In Part 1 we cleaned our protected assembly and now it is decompilable and runnable.

In this part, we will try to remove activation checking.

Ok, Let’s do it.

Do you know what is fun in RE? It’s like playing chess with a developer of the program. It is necessary to guess his steps or start thinking like a developer.

In my case it isn’t just a ordinary developer, it is an author of a strong crypter.

Does it make sense? If you answered yes, I have some bad news for you, you are talking with text.

Read More

.NET Reverse Enginering - Part 1

Do you ever have the feeling that you are a piece of shit and you are just a man who knows how to combine source codes found from StackOverflow?

No ? Then go fuck yourself. Personally, I periodically have that feeling.

This feeling challenges me to learn new things, find ways to test my brain and playing with reverse engineering was a just the right thing for me to start feeling like a hard-core developer (or just something bit different from shit) again.

Here is my secret of learning new things:

  1. Feel like a shit.
  2. Do some “cool” stuff.
  3. Wait 15 minutes and go to point 1. ( Don’t use gotos in source codes. )

Ok, when you are in the right mood, let’s start with the main topic.

Lastelly we have been obfuscating a crypter that was written with VB.NET. Our main goal was to find out the logic and methods of encryption. I think that one of the hardest parts of reverse enginneering is determining logic, not just writing a patch or finding out a secret key from the program.

In this part:

  1. Removing various anti-reversing protections.
  2. Make program decompilable and runnable.
Read More

IdentityServer3 with Custom grant flow and Windows authentication

What we are going to do?

  1. Setup and configuration of the IdentityServer3.
  2. Creating a client for the IdentityServer3 with Flows.Other and AllowedCustomGrantTypes: "windows".
  3. Setup and configuration of the WindowsAuthenticationService.
  4. Creating a custom grant validator in IdentityServer3 for windows grant type.
  5. Creating a console client and get a token from IdentityServer3 by using the current Windows principal.

How does this all communicate?

Communication

The client (in our case a WPF-based desktop application) calls WindowsAuthenticationService for converting his/her current windows principal to jwt token, which is trusted by IdentityServer3. On the next step, the Client calls the IdentityServer’s /token endpoint (using custom grant: windows ), including in the request the jwt token got from WindowsAuthenticationService. IdentityServer3 will then issue a new token with requested scopes, custom claims and etc.

What are we going to achieve?

This configuration allows us to authenticate users in IdentityServer3 with windows authentication. In addition, we can add roles, claims to these users by using the IdentityManager.

Read More

Success Stories, Who Cares?

There are thousands of “success story” materials on the internet. If we combine and sum up majority of them, we will get a story like this:

… Today I woke up and felt that today is a day of a successful startup. I called my friend John, and we started creating our product for months: without sleeping, without eating and without sex. Our road to success was very hard. We have got tons of problems, but we handled all of them because we are smart and have the necessary capacity. Now we have a service that helps people find correct time for feeding their cats. …

Who cares guys? No really…

Read More

Asyn program chronous mming

If you can read this title, it means that you know just about everything about asynchronous programming.

You can leave this post alone and don’t bother.

Still here? OK, let’s dive in. To explain my understanding of asynchronous programming, I have decided to write a whole post in an asynchronous manner (like the title).
OK, I know what you think an another blog post about asynchronous bla-bla-bla. OK, you got me, this isn’t that kind of movie blog post, I am not going to waste your time and explain asynchronous programming, there are dozens of good materials you can find on the net.

You know me. Today I woke up and felt that today will be the day of asynchronous programming. Then I got notified about the “Your coffee is ready, my lord” event and scheduled the event handler to the thread pool. After a few context switches I finally drank my coffee, went to work and woke up and all this in a single OS time slice and started writing this post.

What is the purpose of writing this post if I am not going to explain what is asynchronous programming?

I just want to give you some real world examples of asynchronous things and share some code snippets that can be reused in multiple any WinForm or WPF desktop applications.

Read More

Oh, oh, oh Data ? No, OData!

It’s hard to believe, but today I woke up. Just trust me, I am not lying, I really woke up. I mean the feeling when you fell that you had a great sleep, and not just opened your eyes and went to work.

Anyway…..

Have you heard about asp.net WEBApi and new OData library for it?

I hope you know, otherwise, I am sure you can find more interesting things to waste your precious time on it. Like watching porn. By the way there is a bug-bounty program at Pornhub. And I can swear that I think there is a SQL Injection when uploading your homemade videos :)

Read More

Admin Panel? Not Enough?!

As usual I woke up from the smell of an unexploited hole. Today is the day of the second hacking experience.

Now I have an access to the admin panel, but what now? Oh yeah sure you are right. But just please stop for a second and think are you going to become a hacker too?

Oh, yes, we need to find something special, something extraordinary, something…something like file input.

Yes, thank you, I know that I am very smart indeed.

Read More

The day of the first hacking

Today I woke up and smelt that today is the day of the first hacking experience.

Find your target by smell. It usually stinks.

First I searched for input forms. e.g. a simple search form of a stincky website. And input the most dangereous symbol ever created by a human: the apostrophe.

url: /search/?'

We get the following result:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version.

Whoozay!!! Seems like this query is vulnerable to SQL Injection attack. Now we must determine type of attack we can use for injection.

Read More