How would you do this?

  • Thread starter Thread starter Johnny Jörgensen
  • Start date Start date
J

Johnny Jörgensen

I would like my application to check an outside file (dll) to see that it
has not been modified or tampered with.

Is it possible to somehow generate a unique hashcode from the file itself
and check that? If so, what method would you use?

Or is there other (better) solutions?

Cheers,
Johnny J.
 
I would like my application to check an outside file (dll) to see that it
has not been modified or tampered with.

Is it possible to somehow generate a unique hashcode from the file itself
and check that? If so, what method would you use?
Click to expand...
Yes it is possible. Since you seem to have a security related purpose
to this then I would sugget one of the cryptographic hash functions,
either SHA256 or SHA512. Both of these are available in .NET:
System.Security.Cryptography.SHA256Managed and
System.Security.Cryptography.SHA512Managed

If you need some general background then the Wikipedia article is a
good introduction:
http://en.wikipedia.org/wiki/Cryptographic_hash_function
Or is there other (better) solutions?
Click to expand...
Probably not, this is one of the problems that cryptographic hash
functions are designed to solve.

rossum
 
I would like my application to check an outside file (dll) to see that
it has not been modified or tampered with.
Click to expand...

Did you compile the DLL yourself? If you did, you could sign the DLL which
will give you a signature. Then using reflection you can check the
signatures:

http://groups.google.com/group/microsoft.public.dotnet.framework/msg/7ccd12
b8770b0714

Depending on what you're doing, I think this check can be done
declaratively in the .config file.
 
Johnny said:
I would like my application to check an outside file (dll) to see that it
has not been modified or tampered with.

Is it possible to somehow generate a unique hashcode from the file itself
and check that? If so, what method would you use?

Or is there other (better) solutions?

Cheers,
Johnny J.
Click to expand...

I got a few questions:
- tampered by who?
- and why?
- and when?

The answers to those questions would be handy to have because... what if
the same person modifies your program too? Replacing that hash for instance?

You could, technically, produce a cryptographic hash of the file, and
sign it with an asymmetric cryptography algorithm, which would make it
impossible for someone without your private key to change the file and
then produce a new hash.

However, that same person could just as easily change the program so
that it either didn't check the dll, or just used his/her crypto keys
instead.

So it all depends on how paranoid you intend to be :)
 
True

I don't want to try to make my system 100% fool proof, because that is of
course not possible. But I do want to provide some sort of security.

The ways you describe to circumvent that security are of course possible...

/Johnny
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

1000 points if you can answer this question... 3
Code protection 1
Can a Class Library have the same version information as another assembly? 3
How do you do this? Simple ASP.NET GridView question 1
Tool Window and Focus 3
VistaDB Database 14
Modifying class at runtime 2
Communicate between Applications 9

Back
Top