I would first like to preface this article in saying: If you’re .net library is being protected by a single boolean function, you deserve to be hacked… :)

It’s actually not that hard to binary hack an assembly. I first learned it by reading these blog entries: Part 1 Part 2

When you change an .net executable by re-signing it after hacking, you have a small problem. Any dlls or executables referencing this executable will break because the public key has changed.

You can fix this by round-tripping to IL code and back.

ildasm.exe File.exe /text /out=File.il

Then edit the public key in the .IL file(s), and run this:

ilasm.exe File.il /exe /output=OutExe /key=PubKey.snk

Voila! All references replaced.


To hack a binary, you need a good hex editor. I use UltraEdit. Here’s the code for a IsLicensed() method.

Code Snippet
  1. public bool IsLicensed()
  2. {
  3.     try
  4.     {
  5.         this.License = LicenseManager.Validate(base.GetType(), this);
  6.         return true;
  7.     }
  8.     catch (Exception)
  9.     {
  10.         return false;
  11.     }
  12. }

All you would have to do is change the Return False to Return True. Not a good way to protect your code. In binary, 16 is false, and 17 is true. so editing one byte changing from 16 to 17 and then re-signing makes a control be fully licensed. The license check will always fail, but by returning true, it’s licensed (as far as it knows). Remember to remove the old one from the GAC, and to update all references.

About these ads