1

Context

I work as a game developer at a studio that develops an MMO. We built an authoritative server but still run into issues with exploits and automation. I downloaded the main bot used to hack our game in an effort to determine how it exploits our server so we can patch accordingly.

Question

I decompiled the .exe using dotPeek to get the source files but ran into an issue: I only got the source files for the launcher. The launcher injects the core assembly into our application at runtime. It does so by storing the assembly as hex data in a .resource file. Any idea of how I can get the source code from this .resource file?

Solution

Thanks for everyone's help. I got the source files by extracting the binary data from the .resource file and writing it to a .dll file and then decompiling it using dotPeek. See my solution for more details.

sk84z
  • 193
  • 1
  • 3
  • 10
  • Try to dump it using MegaDumper or other tool ( I only know mega dumpber ) – Kaj Jun 11 '18 at 18:13
  • You can use ILSpy to dump it... Note that you can even cheat: you can create a console application, put the exe as an `Add Reference` (yes, even exe can be Add-Referenced) and then use parts of it through reflection. – xanatos Jun 11 '18 at 18:15
  • @xanatos is ILSpy has a dump method ? – Kaj Jun 11 '18 at 18:17
  • @kaj If I remember correctly it has... Don't have it here... – xanatos Jun 11 '18 at 18:18
  • I don't think so, it's just a decompiler, ( As I remember ) . – Kaj Jun 11 '18 at 18:18
  • @kaj Installed it. If you click on an embedded resource, you get in the "main" pane a button "Save" – xanatos Jun 11 '18 at 18:23
  • 1
    Ah ok, I meant dump it in run time, you will get all assemblies and all dependencies even in res or embed or some where else. **I mean, even the assembly hidden in res, will appear as an assembly and ready to read it's contents.** – Kaj Jun 11 '18 at 18:25

3 Answers3

2

Shouldn't you be able to use GetManifestResourceStream to get the embedded data?

Ardowi
  • 59
  • 7
1

Thanks everyone for the help - a combination of using a decompiler and reading the binary assembly data at runtime and writing it to a .dll file helped me get the source code:

I used dotPeek to decompile the launcher. In assembly explorer, I then right clicked the assembly and selected Export to Project... I then opened the project in Visual Studio and inserted a line that used File.WriteAllBytes to write the the byte[] (already available via their application, but this just got the binary data from the .resource file using ResourceManager.GetObject) to a .dll file. I then opened that .dll file in dotPeek and wala - source code visible.

sk84z
  • 193
  • 1
  • 3
  • 10
0

I recommend designing around the problem, a kind of soft-captcha enforced by the server. The truth of your problem is: .Net is open to extension. Rather than engage in a 'cat and mouse arms race' around the client exe, think about how you detect non-human activity, or how to randomly demand human-only activity.

If your game is worth the attention, they will overcome you. They are many :)

Davesoft
  • 724
  • 1
  • 4
  • 10