views:

90

answers:

3

My client side application works only when online.

Could i check the integrity of a winforms client application on server side?

I would like to make my application useless when it will be pached.

I mean these guys http://www.webutils.pl/SFV%5FCalculator have something similar.

Of course in my case i don't want to upload the file, but perform a quick check regarding the application integrity.

A: 

You don't have to upload the entire file, you can choose to upload a checksum calculated locally and compare it to the server checksum.

Blindy
This approach can be tampered with...
Alix Axel
Anything can be tampered with, I'm just offering an alternative to uploading the entire file.
Blindy
A: 

What you could do on startup is generate a hash of the application file using MD5 or such an algorithm. The application will then send this hash to your web server and await a response. On the server side you could have a list of the allowed hashes.

The drawback is of course that the patch could be to disable precisely this functionality, but for casual users it ought to be good enough.

Conrad
I know the original md5 hash of my application. I would like to check if the file is tampered remotely
Chocol8
A: 

No, you can't do it.

The reason is that you can't trust anything they send you, because they could just hold the 'correct' file, and pass through the checksums of that.

About the best you can do is ensure that it has a certain private key, say, by asking it to encrypt something, and checking to see if it does it correctly. This may be something to think about.

What problem are you trying to solve, exactly?

Noon Silk
I would like to check remotely the md5 of my client side application.
Chocol8
It's just not possible. Also, you should not check MD5 anyway, as that hash is a broken hash, use SHA-256 instead. I think if you post your underlying problem, what you are trying to solve, we may be able to help.
Noon Silk