Assign strong name to third part DLL

Question

Hi,

   I am using third party dll like companentart.web.ui.dll which is not assigned as strong name. I can't have any code for modification so how can assign strong name to third party dll.

  So please help me by providing solution for third paty strong name.

 

 

Answer 1

See the documentation on the Strong Name Tool (Sn.exe): http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html/cpgrfstrongnameutilitysnexe.asp

Answer 2

Nope, sn can only be used to sign an assembly that has been delay signed. I doubt that the 3rd party DLL has been delay signed. Even if it had been, you'd need the private key that they delay signed it with.

I have encountered this problem before. What I've done in that circumstance is simply asked the 3rd party developer to sign the assembly. Failing that I round-trip it through IL and sign it myself.

So, you use ildasm (http://msdn.microsoft.com/library/en-us/cptools/html/cpconMSILDisassemblerIldasmexe.asp?frame=true) to disassemble it to a .il file and .resources file, and then use ilasm (http://msdn.microsoft.com/library/en-us/cptools/html/cpconMSILAssemblerIlasmexe.asp?frame=true) to reassemble it, passing in your new key. Works a charm unless the assembly is obfuscated.

Since doing this is technically reverse engineering, it is advised to try and get permission before. Generally 3rd party authors are quite good and will happily supply you with a signed assembly on request. In fact, I've only ever had to use round-tripping once, for a tool we bought, which then became unsupported. I still notified the developer though, and only resorted to round-tripping when he became uncommunicative.

Answer 3

I can recommend you read the article Building Security Awareness in .NET Assemblies : Part 3 - Learn to break Strong Name .NET Assemblies if you would like to go down the dark path of hacking the assembly.

As Sean said, you should probably get permission first.

Answer 4

This article comes up every so often .... what it shows you how to do is strip the strong name of an assembly, which changes the assembly's identity.  This is not a security issue with the CLR, since you cannot tamper with an assembly and have it maintain the same identity without also having administrative privileges on the local machine.

Since the assembly identity is used for binding, evaluating matches against StrongNameMembershipCondition, matching InternalsVisibleTo attributes, etc if you've changed the identity you've lost most of what you were gaining in the first place by being able to tamper with the assembly -- you might as well have written the code yourself and signed it with your own key.

-Shawn

Answer 5

Solution of the assigning the strong name to the third part DLL by using following command on visual studio command prompt.

E.g. Lets say the name of the third party DLL is myTest.dll.
Step 1: Dis-assemble the assembly
        ildasm myTest.dll /out:myTest.il

Step 2: Re-Assemble using your strong-name key
        ilasm myTest.il /res:myTest.res /dll /key:myTest.snk /out:myTestSN.dll

This code work perfectly to assign strong name.

for verification you can use following command,
sn -vf myTestSN.dll

From
Nimit Patel
nimit_104@yahoo.com

    

 

Answer 6

Hi Shawn,

I agree that this no security issue as there would be a clear identity mismatch for the clr.
Isn't it clear infringement of IPR if anyone can sign 3rd party assembly using his public/private key and claiming it as theirs !!

rgds

-Choppala

Answer 7

The simple ildasm/ilasm roundtrip does not work when an unsigned assembly does reference another unsigned assembly. You have to take care of many more locations to get a working program. The free tool Signer does take care of this issues and makes it really easy to sign unsigned assemblies at binary level:

http://www.codeplex.com/Signer

Yours,

   Alois Kraus

 

 

Answer 8

Thanks Nimit!  This is exactly what I needed! 

Answer 9

Hi Nimit,

 

I have two third party dlls, which i need to strong name. I used ur above said method, which worked fine with one of the dlls but not with the second one. Im nt sure abt mentionin the dll's name here...so..for understanding sake..

1st dll name - mytest.dll  and the 2nd one is mytest.web.dll. I am unable to strong name the second one using ur approach. Ny help in this will be appreciated.

 

 

From,

E$$

 

Answer 10

I have the simplest Solution to assigning a "Strong Name".

1. Open your Solution in VS.

2. Right-Click on the project that requires a "Strong Name" and click properties.

3. Go to the "Signing" tab and check the "Sign the assembly" option.

4. From the dropdown below, select "New".

5. Give the project anyname as it will just be strong naming the project.

- You can also include a password if you like, but its not necessary.

6. Then click OK, then save.

Build your solution again....and you will see that the error does not appear no more.

---

Tshepiso

Answer 11

I believe the question was about signing 3d party assemblies, for which you do not have the code / visual studio project files...

Answer 12

1) If the 3rd party assembly is delay signed, you can just add it to the Skip Verification list:
SN -Vr YourAssemblyName
So CLR will no longer validate this assembly while loading it.

2) If it is a weakly named assembly, you have to go Sean's way: disassemble then reassemble and sign it with your .snk file...
Or you can try this tool: http://www.codeplex.com/Signer .

Answer 13

E$$$: The complete steps to do this are mentioned on this blog: http://buffered.io/2008/07/09/net-fu-signing-an-unsigned-assembly-without-delay-signing/ including the steps on how to sign it with multiple reference, could help solve the issue that you are facing

//SM

Answer 14

Thank you so much Nimit Pate

I appreciate your effort

Regards,
Tariq Mardawi

---

T-Fire