Reputation: 10476
Spoofing .net assemblies and discuss about a previously posted note
I searched for proctecting .net assemblies from spoofing and found this post very useful. However, I see a very clear contradiction in the post. In one point it is stated that strong name is not useful if the user is complicit:
But if the user is complicit in the spoofing (which would be the case if he is trying to cheat), then code signing will be no more than a speed bump and provides no real protection. Certainly, Strong Names don't provide protection comparable to e.g. PunkBuster.
And few lines later the writer states something completely in contrast:
Then, when you add a reference to your signed assembly, if someone tries to put a different assembly in with the same assembly name (not the fully qualified one, just the name without version, hash and public key) and same type name, the CLR fill fail when trying to load the type, indicating that it couldn't find it; the type is resolved using the fully-qualified assembly name, along with the namespace and type name.
So:
1) Is this a contradiction or I am loosing something? Is the writer in the first paragraph talking about the situation in which validating strong name was disabled and is not going to be re-enabled?
Moreover,surprisingly it is stated that:
If the attacker has the ability to modify the strong name of an assembly that you referenced, then they can just as easily modify your assembly and all others involved in the execution
2) How is it possible to modify a deployed assembly's (for example a DLL) strong name?
Upvotes: 3
Views: 223
Answers (1)
Reputation: 23721
There doesn't appear to be a contradiction here - the second quote indicates correctly that simply replacing the referenced assembly with another one containing types of the same name, has a different (or no) strong-name will fail because this assembly will not match the one indicated in the reference. Essentially, this is the system's way of protecting itself from modification not intended by the user.
However, if the modification is intended (i.e. the user is complicit, per the first quote) then there are simple means to enable loading of a modified assembly, for example by disabling strong-name checks (which would allow an assembly with an invalid signature, say as a result of it having been modified) to still be loaded, or by changing the assembly reference itself.
In answer to your second question, whilst the standard assembly signing tool sn doesn't have an option to replace an assembly's strong name with another, it is certainly possible, and a brief search should find various tools capable of doing so. (In fact, it's easy enough to do it with a simple hex editor).
Upvotes: 1
Related Questions
- How to use Microsoft Fakes Assemblies on Process.Start
- Protecting assembly from hacker
- Windows Impersonation: A Flaw in the Ointment
- How to prevent spoofing of DLLs in .NET
- Hack into .Net Library, Is it Possible?
- Prevent methods call from unwanted assemblies
- reflection is possible on obfuscation
- .net Assembly security question
- Secure C# Assemblies from unauthorized Callers
- Securing .net Assemblies