ossecsoft / obfuscar

Obfuscation .NET project
0 stars 2 forks source link

Xml serialization and deserialization failure #15

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Create a simple C# Windows Form project, Create a C# public class, i.e. 
Foo, with one public Property, i.e. AString; mark the class as 
[Serializable]
2. Create a Foo instance and set AString value; then use XmlSerializer to 
serialize the Foo instance. Deserialize the object graph and inspect the 
deserialized Foo instance's AString property
3. Obfuscate using "obfuscar" v1.3.2
4. Launch exe and invoke serialization function. Inspect the result XML 
file, the result XML file only has a declaration line and AString value is 
not there. Or try to use XmlSerializer to deserialize it, the AString has 
null value

What is the expected output? What do you see instead?

After obfuscation, one should be able to use XmlSerializer to serialize / 
deserialize.

What version of the product are you using? On what operating system?
obfuscar v1.3.2, Visual Studio 2008, Windows XP

Please provide any additional information below.

/* simple test code */
[Serializable]
public class Foo
{
    public Foo()
    {
    }

    private string s;
    public string AString
    {
        get { return this.s; }
        set { this.s = value; }
    }        
}

static byte[] XmlSerialize(object o)
{
    XmlSerializer xs = new XmlSerializer(o.GetType());
    using (MemoryStream ms = new MemoryStream())
    {
        xs.Serialize(ms, o);

        ms.Position = 0;
        ms.Close();

        byte[] data = ms.ToArray();

        return data;
    }
}

static T XmlDeserialize<T>(byte[] graph)
{
    XmlSerializer xs = new XmlSerializer(typeof(T));

    using (MemoryStream ms = new MemoryStream(graph))
    {
        return (T)xs.Deserialize(ms);
    }
}

Foo foo = new Foo();
foo.AString = "something";
byte[] graph = XmlSerialize(foo);
Foo xdFoo = XmlDeserialize<Foo>(graph);
//Unexpected: xdFoo.AString is null

Original issue reported on code.google.com by g...@dotnetsharp.com on 14 Mar 2009 at 10:18

GoogleCodeExporter commented 8 years ago
Binary serialization / deserialization will fail too.

But it could be fixed by modifying obfuscar.cs :: public void RenameFields( ); 
remove the use of nameGroups. After that fields always have distinctive name 
regardless of its types.

Without the above fix, the obfuscated assembly could effectively result in code 
such 
as:
private string A;
private List<int> A;

which will cause binary deserialization to fail.

Original comment by g...@dotnetsharp.com on 14 Mar 2009 at 10:27

GoogleCodeExporter commented 8 years ago
I'm not at all surprised that it doesn't work with reflection-based 
serializers. 
That's kind of the point...To strip and obfuscate the metadata information to 
the
point that without context, it can't be easily understood.

You might do better to use ISerializable.

Original comment by drcfor...@gmail.com on 14 Mar 2009 at 5:17