Are there any c# .net free software composition analysis tools to check opensource component used and its vulnerabilities and license

I have situation where I have to anlyse the third party components\libraries used in the code within the license terms and no know vulnerabilities.

I know there are tool name blackduck and whitesource which can meet the expectation, but we cannot afford costly tools.

Is there any free stable tools available for such analysis. One I came across is OWASP dependency.

Appreciate any help over here.

Asymmetric XML Encryption (in .NET)

I’m trying to decrypt XML EncryptedData in .NET Framework:

<xenc:EncryptedData Id="_741139241b38dfd707421728b0fd4041" Type="">     <xenc:EncryptionMethod Algorithm="">         <ds:DigestMethod Algorithm=""/>     </xenc:EncryptionMethod>     <ds:KeyInfo>         <xenc:EncryptedKey Id="_db6a41a40ccb22cbef88275caff4d05d">             <xenc:EncryptionMethod Algorithm=""/>             <ds:KeyInfo>                 <xenc:AgreementMethod Algorithm="">                     <xenc11:KeyDerivationMethod Algorithm="">                         <xenc11:ConcatKDFParams AlgorithmID="0000002A687474703A2F2F7777772E77332E6F72672F323030312F30342F786D6C656E63236B772D616573323536" PartyUInfo="0000001673796D756C61746F722E6C6F67696E2E676F762E706C" PartyVInfo="0000000743552D554D5750">                             <ds:DigestMethod Algorithm=""/>                         </xenc11:ConcatKDFParams>                     </xenc11:KeyDerivationMethod>                     <xenc:OriginatorKeyInfo>                         <ds:KeyValue>                             <dsig11:ECKeyValue>                                 <dsig11:NamedCurve URI="urn:oid:1.2.840.10045.3.1.7"/>                                 <dsig11:PublicKey>xxxx</dsig11:PublicKey>                             </dsig11:ECKeyValue>                         </ds:KeyValue>                     </xenc:OriginatorKeyInfo>                 </xenc:AgreementMethod>             </ds:KeyInfo>             <xenc:CipherData>                 <xenc:CipherValue>xxxx</xenc:CipherValue>             </xenc:CipherData>         </xenc:EncryptedKey>     </ds:KeyInfo>     <xenc:CipherData>         <xenc:CipherValue>xxxx</xenc:CipherValue>     </xenc:CipherData> </xenc:EncryptedData> 

As I understand I need to implement these steps:

  1. recreate public key stored in OriginatorKeyInfo node using x, y parameters from PublicKey and specified curve, result is publicKey
  2. do KeyAgreement (algorithm:ECDH-ES) operation using my private key and publicKey from step 1, result is sharedKey
  3. do Key Derivation Function (algorithm: ConcatKDF) operation using sharedKey, result is unwrappingKey
  4. do Key Unwrap (algorithm kw-aes256) on EncryptedKey>CipherData>CipherValue using unwrappingKey, result is encryptionKey
  5. do decrypting (algorithm aes256-gcm) on EncryptedData>CipherData>CipherValue using encryptionKey

Currently I’m at step 1. Using jose-jwt I can create public key with EccKey.New(x, y, CngKeyUsages.KeyAgreement), but I don’t understand why there is no curve name parameter? If someone knows way of making this work or some examples (bouncy castle?) please comment.

Cracking .NET random

I know .NET has two PRNGs, one secure and one insecure. I would like to be referenced to a tool/article about cracking the insecure one (I want to use it to test an .aspx site). I searched it all over but I only found references to cracking The random of Java, C and PHP.

.NET application protection technique against cracking

I’m trying to protect my software against cracking. Protection against cracking is crucial before listing the product on market.

Info about the software:

  • Built using .NET C# (Framework 4.5.2)
  • WinForms
  • 32 bit

I have made a several protection layers:

  • Obfuscation, Renaming, anti-debugging
  • Encrypted communications between software and API server (RSA) public key hard-coded
  • The client will generate a temporary AES keys and encrypt it with server public key then sends it to server, The server will decrypt the data with his RSA Private key and respond with a new AES keys encrypted with the ones provided by the client at first request. Then any communication from client to server will be signed by server RSA pub key and encrypted by AES Keys provided by the server.

  • Verify libraries integrity by requesting libraries checksum from API and compare it.

And the most important part is, the application will once request “custom data” from API server and store it in memory, to be used by internal software functions. When a function in the application called it will use the “custom data” as input, so there’s no way for the software to operate correctly without having the “custom data”

The API server provides the “custom data” after verifying software activation code and machine unique ID.

The question is:

  • With all of these layers, can the software cracked?
  • Can the custom data layer bypassed?
  • If a cracker bypassed the protection layers until the “custom data” part, it’s possible to clone the software with the “custom data” meaning the software can operate without need to request the custom data from the API?

What i mean by custom data is making the software hybrid, always needs data from API to function

I am counting on the “custom data” protection layer.

Please let me hear your recommendations. thanks a lot

almacenar intentos en base de datos .net

tengo una consulta estoy haciendo un sistema en .net y sql server , lo que quiero hacer es cuando un usuario se logee, almacene en mi base al usuario que entro o al usuario que erro su cuenta en el login y me diga cuantas veces entro o la hora, les agradecería por la ayuda .

   Private Sub BTNINGRESAR_Click(sender As Object, e As EventArgs) Handles BTNINGRESAR.Click       Try          datos.Usuario_1 = TXTUSER.Text         datos.Contraseña_1 = TXTPASS.Text          If funcion.validar_sesion(datos) = True Then              Preguntas.Show()         ElseIf (contador = 3) Then              MsgBox("Demasiado intentos fallidos")             Me.Close()          Else 'contar loos numeros de intentos               MsgBox("Usuario o Contraseña Invalido, Intente de Nuevo")             TXTUSER.Clear()             TXTPASS.Clear()             contador += 1          End If       Catch ex As Exception         MsgBox(ex.Message)     End Try End Sub 

¿Cómo usar pivot para un campo de una consulta en C# .net?

Tengo una consulta

Tengo una método que devuelve una lista de datos(idColaborador,nombreColaborador,unidad Organizativa, fecha_registro).

Lo que yo quiero es invertir el campo fecha_registro de columna a fila como se trabaja en pivot.

Al principio intente hacerlo el pivot desde base de datos y llamarlo en un procedimiento almacenado pero el problema es que al recibir los datos me traía demasiadas columnas ya que trae todos los días del mes y al momento de mapearlo en mi método tendría que crear la cantidad de atributos necesarios de acuerdo a las columnas que reciba de mi procedimiento es por ello que estoy intentando hacerlo por .net.

Aquí encontré una página de ejemplo pero yo soy nuevo en estos temas y les pido que me puedan ayudar

public List<Sigeri> ExportarResumenHoras()         {  List<Sigeri> lista = new List<Sigeri>();         DatabaseHelper helper = null;         SqlDataReader dr = null;         try         {              helper = new DatabaseHelper(Conexion.Instancia.CadenaConexionDS());             helper.AddParameter("@MesAño", "082019");              dr = (SqlDataReader)helper.ExecuteReader("PA_Control_horas", System.Data.CommandType.StoredProcedure);             while (dr.Read())             {                 var obj = new Sigeri()                 {                     Colaborador = new Colaborador()                     {                         IdColaborador = dr["Id_Colaborador"].ToString(),                         NombreColaborador = dr["Nombre_Colaborador"].ToString()                     },                     Proyecto = new Proyecto()                     {                         IdUnidadOrganizativa=dr["Id_Unidad_Organizativa"].ToString()                     },                     Fecha_registro = DateTime.Parse(dr["Fecha_Registro"].ToString())                  };                 lista.Add(obj);             }          }         catch (Exception ex)         {             throw ex;          }         finally         {             if (helper != null)                 helper.Dispose();         }         return lista;     } 

Ya que luego deseo exportarlo a excel y debe mostrar algo parecido a esta imagen.

introducir la descripción de la imagen aquí

Este sería mi controlador donde se exportaría en excel lo que reciba de mi método ExportarResumenHoras

public JsonResult ExportarResumenHoras()         {             List<Sigeri> data = GestionResumenHoras.Instancia.ListaResumenHoras();              ExcelPackage pkg = new ExcelPackage();             ExcelWorksheet ws = pkg.Workbook.Worksheets.Add("Detalle(Semana)");                ws.Cells["A6"].Value = "DNI";             ws.Cells["B6"].Value = "NOMBRE COLABORADOR";             ws.Cells["C6"].Value = "PROYECTO UO";              int rowstart = 7;             //int columna = 4;             if (data != null)             {                 foreach (Sigeri obj in data)                 {                     ws.Cells[string.Format("A{0}", rowstart)].Value = obj.Colaborador.IdColaborador;                     ws.Cells[string.Format("B{0}", rowstart)].Value = obj.Colaborador.NombreColaborador;                     ws.Cells[string.Format("C{0}", rowstart)].Value = obj.Proyecto.IdUnidadOrganizativa;                     ws.Cells[string.Format("D{0}", rowstart)].Value = obj.Fecha_registro;                  }             }             ws.Cells["A:AZ"].AutoFitColumns();                MemoryStream memoryStream = new MemoryStream();             pkg.SaveAs(memoryStream);             memoryStream.Position = 0;              var bytes = memoryStream.ToArray();             Session["archivoResumenHoras"] = bytes;             return Json(new { success = true }, JsonRequestBehavior.AllowGet);         } 

Disassembling a .NET manually

I would like to statically sign a malware, specifically MSIL Crypter, with a YARA rule. I want to sign specific functions (Assembly.Load for example) but I couldn’t find an informative documentation about how to disassemble a .NET binary into CIL which will help me understand which sequence of bytes to sign. Would be glad to get some help with it.

Sharepoint online/365 integration (Upload files) on React app hosted on Azure and WebApi C# .Net Core 2.2

I’m struggling since some weeks ago trying to interact/automate a way to upload files from a Web App created in React and upload files to a Sharepoint Online Site – in a specific folder. The WebApp is hosted in Azure and using a C# .Net Core 2.2 as backend.

I’m trying to using some kind of REST API that help me out with this task (Could be on React in frontend, or in C# Core or C# MS FW .Net for backend) I’m searching across internet a way to do it but all the testings were failed.

Someone can give me some insight, tip or advice on how to achieve this?

I’m trying:

  • Use code from Microsoft WebPage (Using jQuery).

  • Using PnP, but on my localhost I receive a CORS problem (I’m trying using Client ID and Secret ID to interact with Sharepoint).