none
Assign strong name to third part DLL

    Question

  • Hi,

       I am using third party dll like companentart.web.ui.dll which is not assigned as strong name. I can't have any code for modification so how can assign strong name to third party dll.

      So please help me by providing solution for third paty strong name.

     

     

    Friday, May 12, 2006 9:25 AM

Answers

  • Nope, sn can only be used to sign an assembly that has been delay signed. I doubt that the 3rd party DLL has been delay signed. Even if it had been, you'd need the private key that they delay signed it with.

    I have encountered this problem before. What I've done in that circumstance is simply asked the 3rd party developer to sign the assembly. Failing that I round-trip it through IL and sign it myself.

    So, you use ildasm (http://msdn.microsoft.com/library/en-us/cptools/html/cpconMSILDisassemblerIldasmexe.asp?frame=true) to disassemble it to a .il file and .resources file, and then use ilasm (http://msdn.microsoft.com/library/en-us/cptools/html/cpconMSILAssemblerIlasmexe.asp?frame=true) to reassemble it, passing in your new key. Works a charm unless the assembly is obfuscated.

    Since doing this is technically reverse engineering, it is advised to try and get permission before. Generally 3rd party authors are quite good and will happily supply you with a signed assembly on request. In fact, I've only ever had to use round-tripping once, for a tool we bought, which then became unsupported. I still notified the developer though, and only resorted to round-tripping when he became uncommunicative.

    Friday, May 12, 2006 3:49 PM
  • This article comes up every so often .... what it shows you how to do is strip the strong name of an assembly, which changes the assembly's identity.  This is not a security issue with the CLR, since you cannot tamper with an assembly and have it maintain the same identity without also having administrative privileges on the local machine.

    Since the assembly identity is used for binding, evaluating matches against StrongNameMembershipCondition, matching InternalsVisibleTo attributes, etc if you've changed the identity you've lost most of what you were gaining in the first place by being able to tamper with the assembly -- you might as well have written the code yourself and signed it with your own key.

    -Shawn

    Wednesday, May 24, 2006 12:03 AM
    Moderator

All replies

  • Nope, sn can only be used to sign an assembly that has been delay signed. I doubt that the 3rd party DLL has been delay signed. Even if it had been, you'd need the private key that they delay signed it with.

    I have encountered this problem before. What I've done in that circumstance is simply asked the 3rd party developer to sign the assembly. Failing that I round-trip it through IL and sign it myself.

    So, you use ildasm (http://msdn.microsoft.com/library/en-us/cptools/html/cpconMSILDisassemblerIldasmexe.asp?frame=true) to disassemble it to a .il file and .resources file, and then use ilasm (http://msdn.microsoft.com/library/en-us/cptools/html/cpconMSILAssemblerIlasmexe.asp?frame=true) to reassemble it, passing in your new key. Works a charm unless the assembly is obfuscated.

    Since doing this is technically reverse engineering, it is advised to try and get permission before. Generally 3rd party authors are quite good and will happily supply you with a signed assembly on request. In fact, I've only ever had to use round-tripping once, for a tool we bought, which then became unsupported. I still notified the developer though, and only resorted to round-tripping when he became uncommunicative.

    Friday, May 12, 2006 3:49 PM
  • I can recommend you read the article Building Security Awareness in .NET Assemblies : Part 3 - Learn to break Strong Name .NET Assemblies if you would like to go down the dark path of hacking the assembly.

    As Sean said, you should probably get permission first.
    Friday, May 12, 2006 7:38 PM
  • This article comes up every so often .... what it shows you how to do is strip the strong name of an assembly, which changes the assembly's identity.  This is not a security issue with the CLR, since you cannot tamper with an assembly and have it maintain the same identity without also having administrative privileges on the local machine.

    Since the assembly identity is used for binding, evaluating matches against StrongNameMembershipCondition, matching InternalsVisibleTo attributes, etc if you've changed the identity you've lost most of what you were gaining in the first place by being able to tamper with the assembly -- you might as well have written the code yourself and signed it with your own key.

    -Shawn

    Wednesday, May 24, 2006 12:03 AM
    Moderator
  • Solution of the assigning the strong name to the third part DLL by using following command on visual studio command prompt.

    E.g. Lets say the name of the third party DLL is myTest.dll.
    Step 1: Dis-assemble the assembly
            ildasm myTest.dll /out:myTest.il


    Step 2: Re-Assemble using your strong-name key
            ilasm myTest.il /res:myTest.res /dll /key:myTest.snk /out:myTestSN.dll

    This code work perfectly to assign strong name.

    for verification you can use following command,
    sn -vf myTestSN.dll



    From
    Nimit Patel
    nimit_104@yahoo.com

        

     

    Wednesday, May 24, 2006 4:20 AM
  • Hi Shawn,


    I agree that this no security issue as there would be a clear identity mismatch for the clr.
    Isn't it clear infringement of IPR if anyone can sign 3rd party assembly using his public/private key and claiming it as theirs !!

    rgds


    -Choppala
    Friday, February 2, 2007 4:09 AM
  • The simple ildasm/ilasm roundtrip does not work when an unsigned assembly does reference another unsigned assembly. You have to take care of many more locations to get a working program. The free tool Signer does take care of this issues and makes it really easy to sign unsigned assemblies at binary level:

    http://www.codeplex.com/Signer

    Yours,

       Alois Kraus

     

     

    Friday, February 2, 2007 12:13 PM
  • Thanks Nimit!  This is exactly what I needed! 
    Thursday, March 22, 2007 2:14 PM
  • Hi Nimit,

     

    I have two third party dlls, which i need to strong name. I used ur above said method, which worked fine with one of the dlls but not with the second one. Im nt sure abt mentionin the dll's name here...so..for understanding sake..

    1st dll name - mytest.dll  and the 2nd one is mytest.web.dll. I am unable to strong name the second one using ur approach. Ny help in this will be appreciated.

     

     

    From,

    E$$

     

    Tuesday, May 13, 2008 4:59 AM
  • I have the simplest Solution to assigning a "Strong Name".

    1. Open your Solution in VS.
    2. Right-Click on the project that requires a "Strong Name" and click properties.
    3. Go to the "Signing" tab and check the "Sign the assembly" option.
    4. From the dropdown below, select "New".
    5. Give the project anyname as it will just be strong naming the project.
    - You can also include a password if you like, but its not necessary.
    6. Then click OK, then save.

    Build your solution again....and you will see that the error does not appear no more.


    Tshepiso
    • Proposed as answer by Tzhepiezo Thursday, September 11, 2008 4:37 PM
    • Edited by Tzhepiezo Thursday, September 11, 2008 4:38 PM
    Thursday, September 11, 2008 4:37 PM
  • I believe the question was about signing 3d party assemblies, for which you do not have the code / visual studio project files...
    Thursday, September 18, 2008 1:41 PM
  • 1) If the 3rd party assembly is delay signed, you can just add it to the Skip Verification list:
    SN -Vr YourAssemblyName
    So CLR will no longer validate this assembly while loading it.

    2) If it is a weakly named assembly, you have to go Sean's way: disassemble then reassemble and sign it with your .snk file...
    Or you can try this tool: http://www.codeplex.com/Signer .

    • Proposed as answer by Michael_Peng Friday, May 15, 2009 10:08 AM
    Monday, April 27, 2009 11:09 AM
  • E$$$: The complete steps to do this are mentioned on this blog: http://buffered.io/2008/07/09/net-fu-signing-an-unsigned-assembly-without-delay-signing/ including the steps on how to sign it with multiple reference, could help solve the issue that you are facing

    //SM
    Thursday, July 2, 2009 11:37 AM
  • Thank you so much Nimit Pate

    I appreciate your effort

    Regards,
    Tariq Mardawi
    T-Fire
    Thursday, August 6, 2009 11:28 AM
  • This was exactly what I needed, how easy it can be at times! =o)
    Thursday, February 11, 2010 8:40 AM
  • A complication in this process is that the unsigned assembly may be in an earlier version of .Net than that of ildasm used to dissassemble. If this is the case the .il file will contain no data except the header and be very small (< 1 Kbyte). If is is reassembled using ilasm, then the resulting dll will also be much smaller than the unsigned assembly, and the output from ilasm will not include the line "Signing file with strong name". There will often be a number of different versions of ildasm on the machine running Visual studio. Try an earlier version of ildasm is any of the above problems are observed. A later version of ilasm will still work on .il files produced with earlier versions of ildasm.
    Thursday, June 5, 2014 12:51 AM