Sign in
 
.NET Framework Developer Center > .NET Development Forums > .NET Base Class Library > Application signed with Authenticode runs when tampered.
Ask a questionAsk a question
Search Forums:
 

AnswerApplication signed with Authenticode runs when tampered.

  • Monday, November 02, 2009 3:54 PMgarbo75 Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Hi,
    I have an .NET WinForms application signed with Authenticode certificate by signtool. One of the benefit of digital sign is guaranteed security of an application – protection against code modifications by third parties and protection against getting infected with a harmful code. So I have made some tests. I have randomly modified executable by hexEditor but application still runs without any warning that something was changed inside. The only difference is that certificate is no longer valid for this executable but this information is available only by viewing file properties on signs tab and clicking details button on a certificate. How to force integrity check on startup from local disk?


     

Answers

  • Friday, November 06, 2009 1:37 PMNicole Calinoiu Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote

    .NET treats an assembly with an invalid authenticode signature pretty much the same way it treats an unsigned assembly.  It will be loaded, but it will not have the publisher evidence associated with the signature.  (See http://blogs.msdn.com/shawnfa/archive/2005/12/13/502779.aspx for details.)  This makes quite a bit of sense it you think about it a bit since anyone who can change the assembly could completely strip away the signature as well.

    If you want to prevent an assembly with an invalid signature from being able to execute on the local machine, you will need to change your CAS policy to not grant any permissions to unsigned code run from the local machine zone.

     
  • Friday, November 06, 2009 1:42 PMStephen Cleary Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    Nicole hit the nail on the head.

    Put another way, any code you execute from your own machine has FullTrust. So it doesn't need a valid authenticode / strong name signature. When the user runs the program, he is telling the computer that he trusts that executable completely.

           -Steve
    Programming blog: http://nitoprograms.blogspot.com/
      Including my TCP/IP .NET Sockets FAQ

    Microsoft Certified Professional Developer
     

All Replies

  • Friday, November 06, 2009 8:58 AMeryangMSFT, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Hi,
    Could you tell me what sign tool are you using?
    Actually, Strong Name in .NET provides integration verification of an assembly, it prevents our assembly from been modified by others. it may what you need, following links give more details about how to assign a strong name to an assembly:
    http://www.csharp411.com/net-assembly-faq-part-3-strong-names-and-signing/
    http://www.codeguru.com/columns/experts/article.php/c4643/

    Thanks,
    Eric
    Please remember to mark helpful replies as answers and unmark them if they provide no help.
     
  • Friday, November 06, 2009 12:26 PMgarbo75 Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Hi,
    Could you tell me what sign tool are you using?
    Actually, Strong Name in .NET provides integration verification of an assembly, it prevents our assembly from been modified by others. it may what you need, following links give more details about how to assign a strong name to an assembly:
    http://www.csharp411.com/net-assembly-faq-part-3-strong-names-and-signing/
    http://www.codeguru.com/columns/experts/article.php/c4643/

    Thanks,
    Eric
    Please remember to mark helpful replies as answers and unmark them if they provide no help.
    Hi,
    Thank you for response. I'm using signtool in this way:

    signtool sign /f Authenticode2009.pfx /p p@ssw0rd /t http://time.certum.pl signed.exe

    I'm also using strong name for application. I can send you samples of my tests by email.

    Pawel
     
  • Friday, November 06, 2009 1:37 PMNicole Calinoiu Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote

    .NET treats an assembly with an invalid authenticode signature pretty much the same way it treats an unsigned assembly.  It will be loaded, but it will not have the publisher evidence associated with the signature.  (See http://blogs.msdn.com/shawnfa/archive/2005/12/13/502779.aspx for details.)  This makes quite a bit of sense it you think about it a bit since anyone who can change the assembly could completely strip away the signature as well.

    If you want to prevent an assembly with an invalid signature from being able to execute on the local machine, you will need to change your CAS policy to not grant any permissions to unsigned code run from the local machine zone.

     
  • Friday, November 06, 2009 1:42 PMStephen Cleary Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    Nicole hit the nail on the head.

    Put another way, any code you execute from your own machine has FullTrust. So it doesn't need a valid authenticode / strong name signature. When the user runs the program, he is telling the computer that he trusts that executable completely.

           -Steve
    Programming blog: http://nitoprograms.blogspot.com/
      Including my TCP/IP .NET Sockets FAQ

    Microsoft Certified Professional Developer