Prev: Hash table with coarse integer keys
Next: How to tell if another process has a file open.
From: Peter on 7 Jun 2010 08:08
Hello

How can I ensure that a assembly (dll) is not manipulated (e.g.
hexeditor).

I thought that sign the assembly (snk-File), this ensures.

I have tried the following.

1.
Create assembly Test.Dll with AssemblyVersionAttribute("1.1.*") and
sign with Test.snk (Property-Page and/or
AssemblyKeyFileAttribute(@"Test.snk")

2.
Create UseTest.Exe with reference to Test.Dll.

--> Now UseTest.Exe requires the desired Test.Dll, ok

However, I can manipulate Test.dll (Hexeditor) an use it !! e.g.
Class Test1 in Test.Dll

public class Test1
{
public static void SayHallo()
{
System.Windows.Forms.MessageBox.Show("Hallo Peter");
}
}

Change text Hallo Peter with hexeditor to Hallo Qeter


Do I something wrong ?
or is signing not at all thought my problem ?

Is there built in mechanism to "checksum" a assembly

thank you
Peter














From: kndg on 8 Jun 2010 04:21
On 6/7/2010 8:08 PM, Peter wrote:
> Hello
>
> How can I ensure that a assembly (dll) is not manipulated (e.g.
> hexeditor).
>
> I thought that sign the assembly (snk-File), this ensures.
>
> I have tried the following.
>
> 1.
> Create assembly Test.Dll with AssemblyVersionAttribute("1.1.*") and
> sign with Test.snk (Property-Page and/or
> AssemblyKeyFileAttribute(@"Test.snk")
>
> 2.
> Create UseTest.Exe with reference to Test.Dll.
>
> --> Now UseTest.Exe requires the desired Test.Dll, ok
>
> However, I can manipulate Test.dll (Hexeditor) an use it !! e.g.
> Class Test1 in Test.Dll
>
> public class Test1
> {
> public static void SayHallo()
> {
> System.Windows.Forms.MessageBox.Show("Hallo Peter");
> }
> }
>
> Change text Hallo Peter with hexeditor to Hallo Qeter
>
>
> Do I something wrong ?
> or is signing not at all thought my problem ?
>
> Is there built in mechanism to "checksum" a assembly
>
> thank you
> Peter
>

Hi Peter,

At first, I also thought that the CLR would throw an exception (since
the assembly had been tampered!), but after checking that myself, yes
your observation is correct - the CLR did not verify the hash and just
happily execute the tampered assembly. It will only throw exception if
it is compiled using the old framework (version 1.1 and lower).

My first guess is probably for performance reason. Verifying the
assembly's hash each time the assembly is loaded would increase the
application start-up time. My second guess is unless the assembly is
installed in GAC, nothing can prevent the assembly from being tampered.
I had seen a lot of discussion on the internet on how to break/modify
the signed assembly.

As for the workaround, maybe you can install the assembly in GAC or
attach a digital certificate to it.

Regards.

--- news://freenews.netfront.net/ - complaints: news(a)netfront.net ---
 | 
Pages: 1
Prev: Hash table with coarse integer keys
Next: How to tell if another process has a file open.