C# dll 强命名,不检测修改

发布于 2024-09-09 08:38:03 字数 306 浏览 11 评论 0原文

据我了解,强命名会创建程序集的加密哈希,用作加载 dll 的强名称。

我希望使用此功能来检测二进制文件的损坏,以通知用户该软件存在问题并且需要重新安装。

这适用于对二进制文件的一些更改,但是我发现修改二进制文件,尤其是二进制文件中的静态字符串,不会导致应用程序报告它无法找到具有适当强名称的 dll。

谁能向我解释一下程序集中的哪些数据用于创建强名称,以及为什么强命名并不总是检测到 dll 的修改?有没有一种方法可以强制它在强命名中包含附加信息?

有没有其他方法可以检测二进制文件的损坏?

干杯

瑞安

It is my understanding that strong naming creates a cryptographic Hash of the a assembly to which is used as a strong name to load the dll.

I was hoping to use this feature to detect corruption of a binary to inform the user there is a problem with the software and they need to reinstall it.

This works for some changes to the binary, however i've found modifying the binary, especially static strings within the binary, does not cause the application to report that it cannot locate a dll of the appropriate strong name.

Can anyone explain to me what data from an assembly is used to create the strong name, and why strong naming does not always detect the modification of the dll? Is there a way that i can force it to include additional information in the strong naming?

Is there a alternate way i can detect a corruption of a binary?

Cheers

Ryan

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

失退 2024-09-16 08:38:03

据我所知,强命名中使用的哈希包括整个文件,所以我不确定为什么某些更改没有触发验证。

您的程序集是否有可能添加到跳过验证列表中?

As far as I know, the hash used in strong-naming includes the entire file, so I am not sure why some changes are not tripping the verification.

Is there any chance your assembly is added in skip-verification list?

别再吹冷风 2024-09-16 08:38:03

对程序集进行强命名时创建的数字签名会对程序集的内容进行哈希处理(任何 Authenticode 签名例外)、程序集的强名称数据以及 PE 标头校验和,然后使用私有签名对哈希进行签名钥匙。

也许它是您要更改的排除项目之一,在这种情况下,强名称仍将正确验证,并且程序集仍将正常加载。

根据定义,强名称由四个属性组成:文件名(减去扩展名)、版本号、区域性标识和公钥令牌(公钥的哈希值)。无法在强命名约定中包含附加信息。

The digital signature created when strong naming an assembly hashes the contents of the assembly, with the exception of any Authenticode Signature, the assembly's strong name data, and the PE header checksum, then signs the hash with the private key.

Perhaps it was one of the excluded items that you were changing, in which case the strong name will still verify correctly and the assembly will still load just fine.

A strong name by definition consists of four attributes: a file name (minus extension), a version number, a culture identity, and a public key token (a hash of the public key). There is no way to include additional information in the strong naming convention.

白日梦 2024-09-16 08:38:03

我检测到同样的行为。我对程序集进行了强命名,然后使用十六进制编辑器修改了一些静态字符串。令人惊讶的是,加载程序集的可执行文件没有抛出任何异常,而只是加载了更改后的库。
在 Microsoft 文档中进行一些搜索后,我发现了一个对我有帮助的提示。

据说有一种旁路机制,当某些条件成立时,可以更快地加载程序集。

https://learn.microsoft.com/de-de/dotnet/standard/ assembly/create-use-strong-named#bypass-signature-verification-of-trusted-assemblies

要禁用此功能,绕过您在 app.config 中放置了一个标志。

<runtime>
   <bypassTrustedAppStrongNames enabled="false" />
</runtime>

执行此操作后,修改程序集时可执行文件将引发异常。

输入图片此处描述

I detected the same behaviour. I strong named the assemblies then I modified some static strings with an hex editor. Suprisingly, the executable that is loading the assembly did not throw any exception but just loaded the altered library.
After some searching in Microsoft docs I found a hint that helped me.

It is saying that there is a bypass mechanism that shall load the assemblies faster when some conditions are true.

https://learn.microsoft.com/de-de/dotnet/standard/assembly/create-use-strong-named#bypass-signature-verification-of-trusted-assemblies

To disable this bypassing you have put a flag in the app.config.

<runtime>
   <bypassTrustedAppStrongNames enabled="false" />
</runtime>

After doing that the executable is throwing an exception when the assembly was modified.

enter image description here

软糯酥胸 2024-09-16 08:38:03

您应该看看这里:Authenticode 签名和强名称签名如何使用 Authenticode 签名对 .Net 程序集进行签名?

这两个签名是完全独立的。强名称有助于为程序集提供唯一的标识。 Authenticode 允许您验证程序集的作者是谁。

如果两种类型的签名都应用于程序集,则强名称签名将包装在 Authenticode 签名中。这意味着我可以修改 Authenticode 签名的字节,使其不再有效,而无需使强名称签名无效。反之则不然 - 修改强名称签名的字节会使其和 Authenticode 签名都失效。

You should take a look here: Authenticode Signatures and Strong Name Signatures and How do I Sign .Net assemblies with Authenticode signature?

These two signatures are completely independent of each other. A strong name helps to provide a unique identity for an assembly. Authenticode allows you to verify who the author of the assembly is.

And

If both types of signatures are applied to an assembly, the strong name signature is wrapped within the Authenticode signature. Meaning that I could modify the bytes of the Authenticode signature so that it is no longer valid without invalidating the strong name signature. The reverse is not true -- modifying the bytes of the strong name signature would invalidate both it and the Authenticode signature.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文