Forgot your password?
typodupeerror
Security

+ - .NET CAS Tamper-Proofing is Broken-> 5

Submitted by
duncan bayne
duncan bayne writes "If your .NET application relies on Code Access Security to prevent tampering, bad news: there's a free tool called Reflexil that allows anyone to bypass such protection. TFA explains what Microsoft says CAS tamper proofing does, how it's broken with Reflexil, and what the consequences are for applications that depend upon it, in particular software licensing solutions. (Disclosure: I wrote TFA, and it contains a plug for our product which doesn't rely on CAS)."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

.NET CAS Tamper-Proofing is Broken

Comments Filter:
  • Here's how the "attack" works:

    1. You ship Foo.exe and Foo.dll to a customer. Foo.exe is linked to Foo.dll using a strong name, meaning that the loader will require the DLL to be signed with a particular private key (and ignore other files called Foo.dll that aren't signed with the key).
    2. The customer modifies Foo.exe so that it links to Foo.dll using a simple filename instead of a strong name.
    3. Oh no, the customer can now replace Foo.dll with his own version that behaves differently!

    Er.. so what? It's har

    • You're right in that once you've shipped your app, there's no way to completely prevent tampering; every form of DRM is simply a means of raising the bar higher and higher. The trick is to make the bar sufficiently high by structuring your application well and using high-quality licensing and obfuscation tools.

      The reason it's news is that Microsoft has been plugging CAS as a means to tamper-proof applications targeting the .NET Framework. Up until recently (i.e. the release of the Reflexil plugin for Refl

      • by Mr2001 (90979)

        Up until recently (i.e. the release of the Reflexil plugin for Reflector) there was no easy way to perform step 2 - that is, remove the strong-name requirement from the .EXE.

        Er... couldn't you always do this with ILDASM + Notepad + ILASM? Tools to modify IL have been part of the .NET SDK forever.

        That's akin to saying that you must realize that when you lend your car to someone, he can do whatever he wants with it, so car rental companies should just choose a business model that doesn't involve cars being returned in working order.

        Only half-right. Yes, car rental companies must realize that bad things can happen when their cars are borrowed, but that doesn't mean they shouldn't expect the cars to be returned in working order. They have a credit card and address on file, and damage will be apparent when the car is returned (or theft, when it's not returned), so they can both discourage damage in the first place an

        • Er... couldn't you always do this with ILDASM + Notepad + ILASM? Tools to modify IL have been part of the .NET SDK forever.

          Quite possibly, but up until now no-one has produced a plugin that makes it literally a ten-second operation for an almost totally unskilled user.

          They have a credit card and address on file, and damage will be apparent when the car is returned (or theft, when it's not returned), so they can both discourage damage in the first place and recover the costs of damage when it occurs. ... Tha

          • by Mr2001 (90979)

            Quite possibly, but up until now no-one has produced a plugin that makes it literally a ten-second operation for an almost totally unskilled user.

            OK, so now it takes 10 seconds instead of 60 and requires a tiny bit less knowledge. What does that change? Removing the strong name doesn't get you anything unless you have a hacked version of the strong-named assembly, and an almost totally unskilled user still won't be able to make one of those.

            for the most part businesses won't let dodgy pirated software from an untrusted source anywhere near their networks.

            This means that a reputable company who wants your (licensed) software then has two options: pay for it, or hire a developer to crack your licensing.

            This scenario seems pretty bizarre to me. What company is "reputable" enough to eschew a torrent -- which costs nothing to obtain and no effort to install, and only carries a small risk which is mitigated by due d

Error in operator: add beer

Working...