Bug in "Control-Flow-Obfuscation" of "Strictly valid" level

.NET obfuscator and automated error reporting

Bug in "Control-Flow-Obfuscation" of "Strictly valid" level

Postby jackjoy » Fri Apr 11, 2014 7:27 am

Version :

original source code:
Code: Select all
/// <summary>
        /// Converts a value to a Float
        /// </summary>
        private static float ToFloat(object value, TypeInfo sourceType)
            // handle for supported conversions.
            switch (sourceType.BuiltInType)
                case BuiltInType.Float:
                    return (float)value;
                case BuiltInType.Boolean: return Convert.ToSingle((bool)value);
                case BuiltInType.SByte:   return Convert.ToSingle((sbyte)value);
                case BuiltInType.Byte:    return Convert.ToSingle((byte)value);
                case BuiltInType.Int16:   return Convert.ToSingle((short)value);
                case BuiltInType.UInt16:  return Convert.ToSingle((ushort)value);
                case BuiltInType.Int32:   return Convert.ToSingle((int)value);
                case BuiltInType.UInt32:  return Convert.ToSingle((uint)value);
                case BuiltInType.Int64:   return Convert.ToSingle((long)value);
                case BuiltInType.UInt64:  return Convert.ToSingle((ulong)value);
                case BuiltInType.Double:  return Convert.ToSingle((double)value);

                case BuiltInType.String:
                    return XmlConvert.ToSingle((string)value);
            // conversion not supported.
            throw new InvalidCastException();

result code:(ILSPY)

Code: Select all
// Opc.Ua.TypeInfo
private static float (object , TypeInfo )
   BuiltInType expr_01 = .BuiltInType;
   BuiltInType builtInType;
   if (2 != 0)
      builtInType = expr_01;
   float arg_B3_0;
   switch (builtInType)
   case BuiltInType.Boolean:
      return Convert.ToSingle((bool));
   case BuiltInType.SByte:
      return Convert.ToSingle((sbyte));
   case BuiltInType.Byte:
      return Convert.ToSingle((byte));
   case BuiltInType.Int16:
      return Convert.ToSingle((short));
   case BuiltInType.UInt16:
      float expr_87 = arg_B3_0 = Convert.ToSingle((ushort));
      if (8 != 0)
         return expr_87;
   case BuiltInType.Int32:
      return Convert.ToSingle((int));
   case BuiltInType.UInt32:
      return Convert.ToSingle((uint));
   case BuiltInType.Int64:
      arg_B3_0 = Convert.ToSingle((long));
   case BuiltInType.UInt64:
      return Convert.ToSingle((ulong));
   case BuiltInType.Float:
      return (float);
   case BuiltInType.Double:
      return Convert.ToSingle((double));
   case BuiltInType.String:
      return XmlConvert.ToSingle((string));
      throw new InvalidCastException();
   return arg_B3_0;

when call with the following(the argument '123' can be replaced with any number):
Code: Select all
var a = xxx.ToFloat((UInt16)123,BuiltInType.Float);

Always return 0.0 with any input argument.

It seems the added obfuscation code has bugs related il instructions order.
Posts: 6
Joined: Wed Jun 30, 2010 1:47 am

Postby Chris.Allen » Mon Apr 14, 2014 2:04 pm

Thanks for letting us know. I have created an internal bug reference for this.
Posts: 579
Joined: Thu Mar 12, 2009 3:17 pm

Return to SmartAssembly 6

Who is online

Users browsing this forum: No registered users and 0 guests