https://github.com/pwntester/ysoserial.net/blob/v2/ysoserial/Plugins/ViewStatePlugin.cs#L47

I don't think this is an issue as it only uses it to create the ViewState object - does it cause any error when you run it in v2? If yes, I need to update it.

Hi! Unable to compile with v2, compile with v3.5, but the plugin does not support it,Could it be my configuration error?Compiling platform is vs2017 and vs2019.

Hi,

I have similar problem, also fail to compile with v2 but successfully compile with v3.5.

In my environment, this line throws an exception "Unable to find assembly".

File: ysoserial\Plugins\ViewStatePlugin.cs
47:     Assembly systemWebAsm = Assembly.Load("System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a");

After I modified it to Assembly.Load("System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a");, it works.

But when continue executing, it throws an exception again here:

File: ysoserial\Plugins\ViewStatePlugin.cs
202:    var machineKeySectionType = systemWebAsm.GetType("System.Web.Configuration.MachineKeySection");
203:    var getApplicationConfigMethod = machineKeySectionType.GetMethod("GetApplicationConfig", BindingFlags.Static | BindingFlags.NonPublic);
204:    var config = (MachineKeySection)getApplicationConfigMethod.Invoke(null, emptyArray);

So I checked my assembly file C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll.
Found that MachineKeySection doesn't have method GetApplicationConfig in this assembly.

Did I miss or misunderstand something?

By the way, I also found a bug on line 166.
https://github.com/pwntester/ysoserial.net/blob/v2/ysoserial/Plugins/ViewStatePlugin.cs#L166

var container = Activator.CreateInstance(null, "ysoserial.Generators." + gadget + "Generator");

It should be ysoserial_frmv2.Generators. in v2 branch,
I found it few weeks ago, but sorry I forgot to make pull request to fix this.

We cannot compile with version 2 as we have no complete gadget chain for v2 :( So while the payload may work on a system with .NET 2, it is because they also have .NET 3.5 in their GAC.

I am not actively supporting v2 so it pretty much relies on the community these days. I may address them in the future when I am done with new changes of the latest version :)

I have updated the repo to reflect some of these. I haven't updated the ViewState plugins yet.

I have now also updated the ViewState plugin for v2 - please let me know if there are still issues with it.

A couple of comments in case anyone runs into a similar issue with version 2 and MAC validation failing even though you have the correct validationkey.

1. I was able to successfully validate the validationkey was correct by using the latest .net 4 version of ysoserial.net, of course the payloads will fail because v4 dll's are not found.

2. When I tried to use this v2 branch to validate the MAC and generate a payload, I could not get my ASP 2 application to properly validate the MAC, even though the key was correct. The System.Web dlls appear to be slightly different from v2 to v4, not sure if that was the issue when retrieving the machinekey.

3. I was able to successfully combine https://github.com/0xacb/viewgen to generate the full encoded payload, by using the gadget from this v2 repo and outputting it to base64 w/ losformatter. Then I encoded that payload w/ the viewgen method and that successfully created me a v2 payload that worked.