Reduced the necessary code to achieve gadget generation for MessagePackTypeless #147
Conversation
|
@pwntester @irsdl |
|
I think if it is just a DLL then you can add it to https://github.com/pwntester/ysoserial.net/tree/master/ysoserial/dlls/ and load it from there but if it is a series of DLLs, then perhaps to keep the size low, you can make folder within the Helpers folder and call it something like |
|
BTW, did you update the README using the actual generate output? I think we can merge this and any changes in the future can be applied later. I admit I haven't run the latest version on my box but I trust that you have done it yourself and it works :) |
After running through some test code today I found that the approach of using a dynamic assembly to generate surrogate types isn't actually necessary. You can simply write the surrogate classes manually and then reference them, even if they're in the same assembly and it'll still work just fine.
I've made the changes as described above and also added MessagePackTypeless and MessagePackTypelessLz4 to the README. In addition I've added them both to the default Base64 behaviour and also included SharpSerializerBinary as that should also be in the same place.
I went back and forth on the pros and cons of continuing to use a dynamic assembly as I figured it reduces clutter in the codebase, since it's only used for generating this payload, however I figured that there may be other serializers that could use the bait-and-switch approach, too. Open to thoughts on this.