yudhiwidyatama/WebResourcesDecoder.aspx

## WebResourcesDecoder.aspx
<%@ Page Language="C#" AutoEventWireup="true"  %>
<%@ Import Namespace="System.Web.Configuration" %>
<%@ Import Namespace="System.Reflection" %>
<%@ Import Namespace="System.Text" %>
<%@ Import Namespace="System.Drawing" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Untitled Page</title>

    <script type="text/javascript">
		window.onload = ShowWebResources;

		function ShowWebResources()
		{
			var scripts = document.getElementsByTagName("script");
			ShowWebResourceByAttribute(scripts, "src");

			var links = document.getElementsByTagName("link");
			ShowWebResourceByAttribute(links, "href");
		}

		function ShowWebResourceByAttribute(elements, attributeName)
		{
			var resourcesDropDown = document.getElementById("resourcesDropDown");
			for (var i = 0; i < elements.length; i++)
			{
				var element = elements[i];
				var data = element.getAttribute(attributeName);
				if (data != null && data.match(/webresource.axd/i))
				{
					var assemblyData = data.match(/d=([^&]+)&/)[1];

					var option = document.createElement("option");
					option.innerHTML = assemblyData;
					option.value = assemblyData;
					resourcesDropDown.appendChild(option);
				}
			}
		}

		function UpdateResourceText(textBox)
		{
			var data = textBox.value;
			var matches = data.match(/d=([^&]+)&/);
			if (matches != null && matches.length > 0)
			{
				textBox.value = matches[1];
			}
		}
		</script>

		<script runat="server">
		protected void decryptButton_Click(object sender, EventArgs e)
		{
			string urlEncodedData = Request.Form["resourceTextBox"];
			if (string.IsNullOrEmpty(urlEncodedData))
				urlEncodedData = Request.Form["resourcesDropDown"];
			if (string.IsNullOrEmpty(urlEncodedData))
				return;

			byte[] encryptedData = HttpServerUtility.UrlTokenDecode(urlEncodedData);
			var pageType = typeof(System.Web.UI.Page);
			var allMethods = pageType.GetMethods(BindingFlags.Static | BindingFlags.NonPublic);
			decryptedLabel.Text = "Page methods : ";
			foreach (MethodInfo m in allMethods) {
			    if (m.Name == "DecryptString") {
			    	 decryptedLabel.Text = decryptedLabel.Text + m.Name + "\r\n";
			    	var decryptParams = m.GetParameters();
			    	var decryptParamTypes = new Type[decryptParams.Length];
			    	var c = 0;
			    	foreach (ParameterInfo paramInfo in decryptParams)
			    	{
			    	     decryptParamTypes [ c ] = paramInfo.ParameterType;
			    	     decryptedLabel.Text += "["+c+"]" + paramInfo.ParameterType.ToString() + "\r\n";
			    	     c++;
			    	}
			    	var purposeType = decryptParamTypes[1];
			    	FieldInfo[] infos = purposeType.GetFields(BindingFlags.Public|BindingFlags.Static);
					foreach (FieldInfo info in infos)
					{
						decryptedLabel.Text += "field " + info.Name +"\r\n";
					}
					var info1 = purposeType.GetField("AssemblyResourceLoader_WebResourceUrl", BindingFlags.Static|BindingFlags.Public);
					object obj1 = info1.GetValue(null);
					MethodInfo decryptString = m;
					try {
						string decryptedData = (string)decryptString.Invoke(null,new object[] { urlEncodedData, obj1});


				decryptedLabel.BackColor = Color.Lime;
				decryptedLabel.Text = decryptedData;
				return;
					}
					catch (TargetInvocationException ex0)
			{
				decryptedLabel.BackColor = Color.Red;
				decryptedLabel.Text += ex0.InnerException.Message;
			}
//					object webResourceUrl = info.GetValue(null);

			    }

			}
			Type machineKeySection = typeof(MachineKeySection);
			Type[] paramTypes = new Type[] { typeof(bool), typeof(byte[]), typeof(byte[]), typeof(int), typeof(int) };
			MethodInfo encryptOrDecryptData = machineKeySection.GetMethod("EncryptOrDecryptData", BindingFlags.Static | BindingFlags.NonPublic, null, paramTypes, null);

			try
			{
				byte[] decryptedData = (byte[])encryptOrDecryptData.Invoke(null, new object[]
				 { false, encryptedData, null, 0, encryptedData.Length });
				string decrypted = Encoding.UTF8.GetString(decryptedData);

				decryptedLabel.BackColor = Color.Lime;
				decryptedLabel.Text = decrypted;
			}
			catch (TargetInvocationException)
			{
				decryptedLabel.BackColor = Color.Red;
				decryptedLabel.Text += "Error decrypting data. Are you running your page on the same server and inside the same application as the web resource URL that was generated?";
			}
		}

		</script>
</head>
<body>
    <form id="form1" runat="server">
    <div>
		<label for="resourceTextBox">Paste a web resource URL:</label><br />
		<input type="text" id="resourceTextBox" name="resourceTextBox" onchange="UpdateResourceText(this)" /><br />
		<label for="resourcesDropDown">Select a web resource on this page:</label><br />
		<select id="resourcesDropDown" runat="server"></select><br />

		<asp:Button ID="decryptButton" runat="server" Text="Decrypt" OnClick="decryptButton_Click" />

		<hr />
		<asp:Label ID="decryptedLabel" runat="server"></asp:Label>

    </div>
    </form>
</body>
</html>
	<%@ Page Language="C#" AutoEventWireup="true" %>
	<%@ Import Namespace="System.Web.Configuration" %>
	<%@ Import Namespace="System.Reflection" %>
	<%@ Import Namespace="System.Text" %>
	<%@ Import Namespace="System.Drawing" %>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

	<html xmlns="http://www.w3.org/1999/xhtml" >
	<head runat="server">
	<title>Untitled Page</title>

	<script type="text/javascript">
	window.onload = ShowWebResources;

	function ShowWebResources()
	{
	var scripts = document.getElementsByTagName("script");
	ShowWebResourceByAttribute(scripts, "src");

	var links = document.getElementsByTagName("link");
	ShowWebResourceByAttribute(links, "href");
	}

	function ShowWebResourceByAttribute(elements, attributeName)
	{
	var resourcesDropDown = document.getElementById("resourcesDropDown");
	for (var i = 0; i < elements.length; i++)
	{
	var element = elements[i];
	var data = element.getAttribute(attributeName);
	if (data != null && data.match(/webresource.axd/i))
	{
	var assemblyData = data.match(/d=([^&]+)&/)[1];

	var option = document.createElement("option");
	option.innerHTML = assemblyData;
	option.value = assemblyData;
	resourcesDropDown.appendChild(option);
	}
	}
	}

	function UpdateResourceText(textBox)
	{
	var data = textBox.value;
	var matches = data.match(/d=([^&]+)&/);
	if (matches != null && matches.length > 0)
	{
	textBox.value = matches[1];
	}
	}
	</script>

	<script runat="server">
	protected void decryptButton_Click(object sender, EventArgs e)
	{
	string urlEncodedData = Request.Form["resourceTextBox"];
	if (string.IsNullOrEmpty(urlEncodedData))
	urlEncodedData = Request.Form["resourcesDropDown"];
	if (string.IsNullOrEmpty(urlEncodedData))
	return;

	byte[] encryptedData = HttpServerUtility.UrlTokenDecode(urlEncodedData);
	var pageType = typeof(System.Web.UI.Page);
	var allMethods = pageType.GetMethods(BindingFlags.Static \| BindingFlags.NonPublic);
	decryptedLabel.Text = "Page methods : ";
	foreach (MethodInfo m in allMethods) {
	if (m.Name == "DecryptString") {
	decryptedLabel.Text = decryptedLabel.Text + m.Name + "\r\n";
	var decryptParams = m.GetParameters();
	var decryptParamTypes = new Type[decryptParams.Length];
	var c = 0;
	foreach (ParameterInfo paramInfo in decryptParams)
	{
	decryptParamTypes [ c ] = paramInfo.ParameterType;
	decryptedLabel.Text += "["+c+"]" + paramInfo.ParameterType.ToString() + "\r\n";
	c++;
	}
	var purposeType = decryptParamTypes[1];
	FieldInfo[] infos = purposeType.GetFields(BindingFlags.Public\|BindingFlags.Static);
	foreach (FieldInfo info in infos)
	{
	decryptedLabel.Text += "field " + info.Name +"\r\n";
	}
	var info1 = purposeType.GetField("AssemblyResourceLoader_WebResourceUrl", BindingFlags.Static\|BindingFlags.Public);
	object obj1 = info1.GetValue(null);
	MethodInfo decryptString = m;
	try {
	string decryptedData = (string)decryptString.Invoke(null,new object[] { urlEncodedData, obj1});


	decryptedLabel.BackColor = Color.Lime;
	decryptedLabel.Text = decryptedData;
	return;
	}
	catch (TargetInvocationException ex0)
	{
	decryptedLabel.BackColor = Color.Red;
	decryptedLabel.Text += ex0.InnerException.Message;
	}
	// object webResourceUrl = info.GetValue(null);

	}

	}
	Type machineKeySection = typeof(MachineKeySection);
	Type[] paramTypes = new Type[] { typeof(bool), typeof(byte[]), typeof(byte[]), typeof(int), typeof(int) };
	MethodInfo encryptOrDecryptData = machineKeySection.GetMethod("EncryptOrDecryptData", BindingFlags.Static \| BindingFlags.NonPublic, null, paramTypes, null);

	try
	{
	byte[] decryptedData = (byte[])encryptOrDecryptData.Invoke(null, new object[]
	{ false, encryptedData, null, 0, encryptedData.Length });
	string decrypted = Encoding.UTF8.GetString(decryptedData);

	decryptedLabel.BackColor = Color.Lime;
	decryptedLabel.Text = decrypted;
	}
	catch (TargetInvocationException)
	{
	decryptedLabel.BackColor = Color.Red;
	decryptedLabel.Text += "Error decrypting data. Are you running your page on the same server and inside the same application as the web resource URL that was generated?";
	}
	}

	</script>
	</head>
	<body>
	<form id="form1" runat="server">
	<div>
	<label for="resourceTextBox">Paste a web resource URL:</label><br />
	<input type="text" id="resourceTextBox" name="resourceTextBox" onchange="UpdateResourceText(this)" /><br />
	<label for="resourcesDropDown">Select a web resource on this page:</label><br />
	<select id="resourcesDropDown" runat="server"></select><br />

	<asp:Button ID="decryptButton" runat="server" Text="Decrypt" OnClick="decryptButton_Click" />

	<hr />
	<asp:Label ID="decryptedLabel" runat="server"></asp:Label>

	</div>
	</form>
	</body>
	</html>