sábado, octubre 25, 2008

Reflector Add-In's Save the Day

Recently my brother had a problem with an old winforms application we developed to help him upload images and product information. The issue was really simple, once I had a chance to run and debug the application the issue was evident. The app was using FTP to upload pictures to the website and the credentials were invalid.

image

Easy I thought, go to the config file and change it, it'll probably be encrypted and might give me a hard time to hack. I opened it and didn't find anything. Let's open reflector and see what's happening I have a Stack Trace to start with, but that wasn't the best place. I remembered the name of the user, so the Reflector Add-in Code Search quickly pointed me to the right place:

image

From there a double click sent me to the method

image

Great. Someone thought it was safer to hard code it instead of using the web.config.

Then the question remains, how can we change it? The proper solution would be to open Visual Studio, connect to TFS, get the sources, edit recompile and sent back the new version. However I don't think the latest version is stable, so I would need to search for a label to get the latest deployed version. I'm running on a really slow connection now and that would probably take a while, beside it's sunday and I'm ready to go surfing (or at least try to).

Option 2. In that same screen just open Reflexil (another Reflector-Addin) locate the IL line that sets the password (this is not as hard as it sounds) and edit the string.

image

Then we simply save the assembly. This was probably the hardest part, this was the first time I used Reflexil and I was expecting the Save As option to be right next to the place where I do the edit, in the Tools menu or a toolbar, I finally found the option when clicking file in Reflector.

image

After that, just save the file e-mail it and ready to go, but then I had the brilliant idea of write this post and it took me more time than the fix.

You can find this an other reflector add-ins in http://www.codeplex.com/reflectoraddins

6 comentarios:

Rulas dijo...

How can anyone hardcode those valus ñ_ñ...

Best regards my friend!! add my contact in msn messenger it would be good to chat a little.

Good luck!!

Miguel Madero dijo...

What's up?
I don't remember who was it, I could see that in TFS, but I think it was better to just fix it than looking for guiltys, specially since it might be me.

:(

I have you in MSN. It's still the nikes account?

Rulas dijo...

Lol, and yes nikes85, and if u have me aceept me! ñ_ñ I never see you logged in...well I'm not online very often neither.

Miguel Madero dijo...

I'm not on MSN at busienss hours, so probably the best way would be e-mail :)
When I'm at home I leave the MSN on all the time.

Anónimo dijo...

Esta muy bueno el tip, como para corregir errores de tipos que ya no trabajan ahí =).

Saludos por allá Miguelón, les hablo en español nomas para que no se te olvide de rato (eso y que además tantas horas de XNA no me hacen pensar bien)

Suerte nos vemos.

Miguel Madero dijo...

Jajaja, mas que eso era porque me daba flojera traerme el codigo fuente de ese proyecto de TFS, porque finalmente el codigo esta ahi :)


Que tal XNA?