Login/Register
How hard is it to tamper with a strong named assembly?
Asked Answered
Solved c#.netstrongname
U

3

5

Assume I have a .NET assembly which is strong named. Only I have access to the private key. I then distribute the assembly to some client system.

How hard is it for the client to modify the assembly? Ie: what would they need to do to modify my assembly?

Usa answered 7/12, 2009 at 3:4 Comment(0)
S
15

Strong-naming does not prevent modifying the assembly, but it does prevent other applications which reference a strong-named assembly from inadvertently using a modified version.

Settling answered 7/12, 2009 at 3:6 Comment(2)
Of course, the other application(s) may also be modified to remove the strong-linking requirement.Chirp
@Barry hence the "inadvertently using" part. If you modify the reference, it's not inadvertent :)Settling
B
0

It's no different from modifying a non-strongly typed assembly. The only real difference is that they would have to run the strong name utility (sn.exe) in order to use the modified assembly.

Barnum answered 7/12, 2009 at 3:11 Comment(2)
Normally the private key is not distributed with the assembly, so strong naming it will still leave it incompatible with clients of the assembly, which have the public key embedded in their assembly references. It would be easier for them to modify the clients to remove the strong name requirement.Chirp
Sorry, that is what I meant. They would use the sn.exe with the the -Vr option to bypass the strong name requirement.Barnum
K
0

As others have said, its very easy.

One technique you can use is to use the public key (or token) of your assembly to encrypt important information (such as algorithm parameters, connection strings, etc) in your assembly. This way if the public key has been changed or removed, the decryption will fail and your assembly would no longer run correctly. Obfuscators such as Crypto Obfuscator use this technique as one part of the protection.

Kolosick answered 7/12, 2009 at 10:49 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.