Validating .NET Framework Assemblies
Asked Answered
M

1

7

I just went through our german VB.NET forums and there was something interesting that gives me some kind of headache.

It is actually possible to edit the .NET Framework assemblies using ReflexIL or some other IL editor. The only thing you have to bypass is the Strong Name signature of the assembly. After changing the assembly IL, you have to run sn.exe -Vr [assemblyname] to kinda skip the strong name validation. After that you have to clear the cached native images. Just go through the C:\Windows\assembly directory and delete every image related to your assembly. Then reboot. When you are logged in, run ngen install [assemblyname]. Now the new native images are generated.

This works. I verified this procedure in my virtual environment (Windows XP x86). Now the thing that worries me the most is that you can easily bypass the .NET VerifyHash or VerifyData methods of the RSACryptoServiceProvider. This actually works, too. A friend of mine and me tested could verify this issue (see screenshots). That was fairly easy.

For example, if I'd create a licensing system built on the .NET Framework cryptography classes, it could be bypassed system-wide for every .NET application on the system using the framework. Also, everybody can log and change the input of functios that I call just by hooking into the methods.

Now my question is: Since this can be a huge problem, how can I do something about that? Of course a malicious user could just edit my application, but that would not be as bad as doing this system-wide. I was thinking about some framework checksum validation, but since there are alot of different updates for the .NET Framework, this seems to be impossible.

Any solutions or suggestions? Does Microsoft take care of this problem in some way?

Medellin answered 24/1, 2013 at 15:55 Comment(2)
You'll need to do the whole exercise again, but this time without an admin user name and password. It is a common fallacy in threat analysis, there's no point in locking the door when an intruder has the key.Fluent
Also, licensing systems are generally exercises in futility.Darlenadarlene
E
7

If an attacker has admin access to your computer (which is required for the attack you described), then you've pretty much lost. Anything you could do could be circumvented by the attacker.

Because of that, I think it is completely pointless trying to defend against this type of attack. If you have to deal with untrusted, potentially compromised computers, then you simply can't trust them to do anything sensitive and you have to do it on your own server, or something like that.

Eruption answered 24/1, 2013 at 19:49 Comment(3)
I know that it's pointless to do somthing about that. I was just interested why Microsoft makes it so easy. That wasn't the answer I was looking for, but okay.Medellin
I don't understand your line of reasoning. You say it doesn't make sense to prevent this kind of attacks, but you still think Microsoft should spend resources on it anyway?Eruption
Since MS has access to the Kernel the .NET Framework and the CLR, they at least could make it a little bit harder.Medellin

© 2022 - 2024 — McMap. All rights reserved.