De-serialization of data seralized before obfuscation

smudasmuda Posts: 24
edited January 22, 2012 12:57AM in SmartAssembly
Hi!

We have an object that we create in a software (which isn't obfuscated), serialize and save to disk. This is then distributed to the clients and is supposed to be de-serialized.

When there is no obfuscation (for example when only embedding the assembly handling this) it works fine.

However, adding the two assemblies involved to merging, even without obfuscation and flow control, it breaks the deserialization function since it cannot find the assembly referenced in the file.

What would be "best practices" to handle this scenario?

Best Regards,

John
· Share on Twitter

Comments

  • Brian DonahueBrian Donahue Posts: 6,590 Bronze 1
    Hi John,

    The normal procedure is to work out which classes need to be serialized, then mark them with the Serializable attribute. If you mark the type [Serializable], then SmartAssembly will not rename it or make it private. If the type gets renamed or access modifier changes to private, then this will break the serialization process.
    · Share on Twitter
  • smudasmuda Posts: 24
    Hi Brian,

    All classes serialized are marked with the Serializable attribute already and when we created the serialized data the assemblies were strong signed.

    When I use reflector on the merged assembly I can see all the classes with the Serializable attribute. When I'm testing they are unobfuscated and there is no control flow obfuscation.

    Is there a "redirection functionality" which is supposed to handle redirection from the original filename and public key to the new assembly?

    Best Regards,

    John
    · Share on Twitter
  • Simon CSimon C Posts: 140
    Unfortunately, this is an artefact of the .NET serialization system. By merging the assemblies defining the serialized classes into another you are changing the assembly identity. To .NET, a serialized instance of [AssemblyA]MyNs.MyType is completely different to [AssemblyB]MyNs.MyType.

    In your case, the solution would be to create a SerializationBinder to map between the two assemblies in the merged assembly.
    · Share on Twitter
  • smudasmuda Posts: 24
    Hi!

    Just wanted to say that using a SerializationBinder worked perfectly.
    class LicenseInfoDeserializationBinder : SerializationBinder
{
	public override Type BindToType(string assemblyName, string typeName)
	{
		if (assemblyName.StartsWith("OriginalFilenameWithoutExtension"))
		{
			// When the type being deserialized originates from original assembly
			// redirect do current assembly, since it is the same
			// but obfuscated
			assemblyName = Assembly.GetExecutingAssembly().FullName;
		}

		// For each assemblyName/typeName that you want to deserialize to
		// a different type, set typeToDeserialize to the desired type.
		var typeToDeserialize = Type.GetType(String.Format("{0}, {1}",
		                                                    typeName, assemblyName));

		return typeToDeserialize;
	}
}

    Thank you for your help!

    Best Regards,

    John
    · Share on Twitter
Sign In or Register to comment.