yudhiwidyatama · June 2, 2020 01:54
diff --git a/WebResourcesDecoder.aspx b/WebResourcesDecoder.aspx
 <%@ Page Language="C#" AutoEventWireup="true"  %>
 <%@ Import Namespace="System.Web.Configuration" %>
 <%@ Import Namespace="System.Reflection" %>
 <%@ Import Namespace="System.Text" %>
 <%@ Import Namespace="System.Drawing" %> 
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

 <html xmlns="http://www.w3.org/1999/xhtml" >
 <head runat="server">
    <title>Untitled Page</title>
    
    <script type="text/javascript">
 		window.onload = ShowWebResources;
 		
 		function ShowWebResources()
 		{
 			var scripts = document.getElementsByTagName("script");
 			ShowWebResourceByAttribute(scripts, "src");
 			
 			var links = document.getElementsByTagName("link");
 			ShowWebResourceByAttribute(links, "href");
 		}
 		
 		function ShowWebResourceByAttribute(elements, attributeName)
 		{
 			var resourcesDropDown = document.getElementById("resourcesDropDown");
 			for (var i = 0; i < elements.length; i++)
 			{
 				var element = elements[i];
 				var data = element.getAttribute(attributeName);
 				if (data != null && data.match(/webresource.axd/i))
 				{
 					var assemblyData = data.match(/d=([^&]+)&/)[1];
 					
 					var option = document.createElement("option");
 					option.innerHTML = assemblyData;
 					option.value = assemblyData;
 					resourcesDropDown.appendChild(option);
 				}
 			}
 		}
 		
 		function UpdateResourceText(textBox)
 		{
 			var data = textBox.value;
 			var matches = data.match(/d=([^&]+)&/);
 			if (matches != null && matches.length > 0)
 			{
 				textBox.value = matches[1];
 			}
 		}
 		</script>
 		
 		<script runat="server">
 		protected void decryptButton_Click(object sender, EventArgs e)
 		{
 			string urlEncodedData = Request.Form["resourceTextBox"];
 			if (string.IsNullOrEmpty(urlEncodedData))
 				urlEncodedData = Request.Form["resourcesDropDown"];
 			if (string.IsNullOrEmpty(urlEncodedData))
 				return;
 			
 			byte[] encryptedData = HttpServerUtility.UrlTokenDecode(urlEncodedData);
 			var pageType = typeof(System.Web.UI.Page);
 			var allMethods = pageType.GetMethods(BindingFlags.Static | BindingFlags.NonPublic);
 			decryptedLabel.Text = "Page methods : ";
 			foreach (MethodInfo m in allMethods) {
 			    if (m.Name == "DecryptString") {
 			    	 decryptedLabel.Text = decryptedLabel.Text + m.Name + "\r\n"; 
 			    	var decryptParams = m.GetParameters();
 			    	var decryptParamTypes = new Type[decryptParams.Length];
 			    	var c = 0;
 			    	foreach (ParameterInfo paramInfo in decryptParams)
 			    	{
 			    	     decryptParamTypes [ c ] = paramInfo.ParameterType;
 			    	     decryptedLabel.Text += "["+c+"]" + paramInfo.ParameterType.ToString() + "\r\n";
 			    	     c++;
 			    	}
 			    	var purposeType = decryptParamTypes[1];
 			    	FieldInfo[] infos = purposeType.GetFields(BindingFlags.Public|BindingFlags.Static);
 					foreach (FieldInfo info in infos)
 					{
 						decryptedLabel.Text += "field " + info.Name +"\r\n";
 					}
 					var info1 = purposeType.GetField("AssemblyResourceLoader_WebResourceUrl", BindingFlags.Static|BindingFlags.Public);
 					object obj1 = info1.GetValue(null);
 					MethodInfo decryptString = m;
 					try {
 						string decryptedData = (string)decryptString.Invoke(null,new object[] { urlEncodedData, obj1});
 					   

 				decryptedLabel.BackColor = Color.Lime;
 				decryptedLabel.Text = decryptedData;
 				return;
 					}
 					catch (TargetInvocationException ex0)
 			{
 				decryptedLabel.BackColor = Color.Red;
 				decryptedLabel.Text += ex0.InnerException.Message;
 			}	
 //					object webResourceUrl = info.GetValue(null);
 					
 			    }
 			    
 			}
 			Type machineKeySection = typeof(MachineKeySection);
 			Type[] paramTypes = new Type[] { typeof(bool), typeof(byte[]), typeof(byte[]), typeof(int), typeof(int) };
 			MethodInfo encryptOrDecryptData = machineKeySection.GetMethod("EncryptOrDecryptData", BindingFlags.Static | BindingFlags.NonPublic, null, paramTypes, null);

 			try
 			{
 				byte[] decryptedData = (byte[])encryptOrDecryptData.Invoke(null, new object[]
 				 { false, encryptedData, null, 0, encryptedData.Length });
 				string decrypted = Encoding.UTF8.GetString(decryptedData);

 				decryptedLabel.BackColor = Color.Lime;
 				decryptedLabel.Text = decrypted;
 			}
 			catch (TargetInvocationException)
 			{
 				decryptedLabel.BackColor = Color.Red;
 				decryptedLabel.Text += "Error decrypting data. Are you running your page on the same server and inside the same application as the web resource URL that was generated?";
 			}		
 		}
 		
 		</script>
 </head>
 <body>
    <form id="form1" runat="server">
    <div>
 		<label for="resourceTextBox">Paste a web resource URL:</label><br />
 		<input type="text" id="resourceTextBox" name="resourceTextBox" onchange="UpdateResourceText(this)" /><br />
 		<label for="resourcesDropDown">Select a web resource on this page:</label><br />
 		<select id="resourcesDropDown" runat="server"></select><br />
 		
 		<asp:Button ID="decryptButton" runat="server" Text="Decrypt" OnClick="decryptButton_Click" />
 		
 		<hr />
 		<asp:Label ID="decryptedLabel" runat="server"></asp:Label>
 		
    </div>
    </form>
 </body>
 </html>
	<%@ Page Language="C#" AutoEventWireup="true" %>
	<%@ Import Namespace="System.Web.Configuration" %>
	<%@ Import Namespace="System.Reflection" %>
	<%@ Import Namespace="System.Text" %>
	<%@ Import Namespace="System.Drawing" %>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

	<html xmlns="http://www.w3.org/1999/xhtml" >
	<head runat="server">
	<title>Untitled Page</title>

	<script type="text/javascript">
	window.onload = ShowWebResources;

	function ShowWebResources()
	{
	var scripts = document.getElementsByTagName("script");
	ShowWebResourceByAttribute(scripts, "src");

	var links = document.getElementsByTagName("link");
	ShowWebResourceByAttribute(links, "href");
	}

	function ShowWebResourceByAttribute(elements, attributeName)
	{
	var resourcesDropDown = document.getElementById("resourcesDropDown");
	for (var i = 0; i < elements.length; i++)
	{
	var element = elements[i];
	var data = element.getAttribute(attributeName);
	if (data != null && data.match(/webresource.axd/i))
	{
	var assemblyData = data.match(/d=([^&]+)&/)[1];

	var option = document.createElement("option");
	option.innerHTML = assemblyData;
	option.value = assemblyData;
	resourcesDropDown.appendChild(option);
	}
	}
	}

	function UpdateResourceText(textBox)
	{
	var data = textBox.value;
	var matches = data.match(/d=([^&]+)&/);
	if (matches != null && matches.length > 0)
	{
	textBox.value = matches[1];
	}
	}
	</script>

	<script runat="server">
	protected void decryptButton_Click(object sender, EventArgs e)
	{
	string urlEncodedData = Request.Form["resourceTextBox"];
	if (string.IsNullOrEmpty(urlEncodedData))
	urlEncodedData = Request.Form["resourcesDropDown"];
	if (string.IsNullOrEmpty(urlEncodedData))
	return;

	byte[] encryptedData = HttpServerUtility.UrlTokenDecode(urlEncodedData);
	var pageType = typeof(System.Web.UI.Page);
	var allMethods = pageType.GetMethods(BindingFlags.Static \| BindingFlags.NonPublic);
	decryptedLabel.Text = "Page methods : ";
	foreach (MethodInfo m in allMethods) {
	if (m.Name == "DecryptString") {
	decryptedLabel.Text = decryptedLabel.Text + m.Name + "\r\n";
	var decryptParams = m.GetParameters();
	var decryptParamTypes = new Type[decryptParams.Length];
	var c = 0;
	foreach (ParameterInfo paramInfo in decryptParams)
	{
	decryptParamTypes [ c ] = paramInfo.ParameterType;
	decryptedLabel.Text += "["+c+"]" + paramInfo.ParameterType.ToString() + "\r\n";
	c++;
	}
	var purposeType = decryptParamTypes[1];
	FieldInfo[] infos = purposeType.GetFields(BindingFlags.Public\|BindingFlags.Static);
	foreach (FieldInfo info in infos)
	{
	decryptedLabel.Text += "field " + info.Name +"\r\n";
	}
	var info1 = purposeType.GetField("AssemblyResourceLoader_WebResourceUrl", BindingFlags.Static\|BindingFlags.Public);
	object obj1 = info1.GetValue(null);
	MethodInfo decryptString = m;
	try {
	string decryptedData = (string)decryptString.Invoke(null,new object[] { urlEncodedData, obj1});


	decryptedLabel.BackColor = Color.Lime;
	decryptedLabel.Text = decryptedData;
	return;
	}
	catch (TargetInvocationException ex0)
	{
	decryptedLabel.BackColor = Color.Red;
	decryptedLabel.Text += ex0.InnerException.Message;
	}
	// object webResourceUrl = info.GetValue(null);

	}

	}
	Type machineKeySection = typeof(MachineKeySection);
	Type[] paramTypes = new Type[] { typeof(bool), typeof(byte[]), typeof(byte[]), typeof(int), typeof(int) };
	MethodInfo encryptOrDecryptData = machineKeySection.GetMethod("EncryptOrDecryptData", BindingFlags.Static \| BindingFlags.NonPublic, null, paramTypes, null);

	try
	{
	byte[] decryptedData = (byte[])encryptOrDecryptData.Invoke(null, new object[]
	{ false, encryptedData, null, 0, encryptedData.Length });
	string decrypted = Encoding.UTF8.GetString(decryptedData);

	decryptedLabel.BackColor = Color.Lime;
	decryptedLabel.Text = decrypted;
	}
	catch (TargetInvocationException)
	{
	decryptedLabel.BackColor = Color.Red;
	decryptedLabel.Text += "Error decrypting data. Are you running your page on the same server and inside the same application as the web resource URL that was generated?";
	}
	}

	</script>
	</head>
	<body>
	<form id="form1" runat="server">
	<div>
	<label for="resourceTextBox">Paste a web resource URL:</label><br />
	<input type="text" id="resourceTextBox" name="resourceTextBox" onchange="UpdateResourceText(this)" /><br />
	<label for="resourcesDropDown">Select a web resource on this page:</label><br />
	<select id="resourcesDropDown" runat="server"></select><br />

	<asp:Button ID="decryptButton" runat="server" Text="Decrypt" OnClick="decryptButton_Click" />

	<hr />
	<asp:Label ID="decryptedLabel" runat="server"></asp:Label>

	</div>
	</form>
	</body>
	</html>