0

I have a dll that is digitally signed, when my application start I want check that this dll is "original", in particular isn't replaced with a fake one. How can I do this checking the Authenticode signature?

I never did something like this, and I need a bit help to start.

UPDATE

I want prevent someone from replacing the dll with their own and provide their own api method to this dll, and thus myApp.exe always appearing properly licensed.

I asked to the author and he tell me:

"There are steps you can take to prevent the type of cracking you mentioned. For instance, somewhere in your code you can verify TurboActivate by checking that the Authenticode signature is still valid (TurboActivate is code-signed). Or, if you want a simpler solution, you can do a simple MD5 or CRC check. This will prevent "drop in" replacement of TurboActivate with a malicious version."

Improve this question
22
  • 1
    Use a strong named assembly - stackoverflow.com/questions/2354129/… Commented Feb 23, 2018 at 13:38
  • @auburg the dll is not mine, is provided by another author so I does not have access to the code Commented Feb 23, 2018 at 13:40
  • Afaik .Net does that automatically when you use a strong named signed library by including the public key in the reference. Commented Feb 23, 2018 at 13:40
  • 1
    @FacundoColidio One thing to keep in mind is that your program can (thanks to the wonders of decompilers and other useful tools) also be easily modified - e.g. remove the check completely or replace the IL code where you check the license with a function that always returns true. (You could consider this the simplest form of cracking) Commented Feb 23, 2018 at 13:52
  • 1
    Tampering with a native dll is way harder and more work than just tampering with your program to circumwent the calling of the dll. Checking the native dll in that case is kinda pointless... like reinforcing the steel door with extra lead bands while it is set right next to an open window. Commented Feb 23, 2018 at 14:20

1 Answer 1

Reset to default
1

If the dll is a regular reference of your program, the check will be done automatically for you and your program won't start if it has been tampered with. You don't need to do anything extra, it's part of the normal startup and finding all referenced assemblies routine.

If this assembly is loaded "behind your back" at some point in your program, you can look at it and check it's token:

var assembly = AppDomain.CurrentDomain.GetAssemblies().First(a => a.FullName.Contains("TurboActive"));
var token = assembly.GetName().GetPublicKeyToken();

// check if token is *their* valid token
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

@FacundoColidio Are you looking for something like certificate pinning but for dlls? You might want to provide a bit more detail in your question - simply "checking" the signature might not be enough depending on what you are trying to do.
@nvoigt unfortunately I get on the first line of your code: "the sequence does not contains elements", maybe this is because the dll is loaded dynamically
Then there are no dlls loaded at the time you call it. You need to call it after the dll is loaded (whenever that may be... I wonder how that works, a dll is loaded, but you did not reference anything... sounds fishy.
@nvoigt Turns out the dll is not a .Net assembly
Ahm, I just read that it's a native dll? Then this won't work.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.