tags:

views:

140

answers:

3
+5  Q: 

How hard is it to tamper with a strong named assembly?

Assume I have a .NET assembly which is strong named. Only I have access to the private key. I then distribute the assembly to some client system.

How hard is it for the client to modify the assembly? Ie: what would they need to do to modify my assembly?

+13  A: 

Strong-naming does not prevent modifying the assembly, but it does prevent other applications which reference a strong-named assembly from inadvertently using a modified version.

Rex M  2009-12-07 03:06:40
+1 Well said, Rex.
Andrew Hare  2009-12-07 03:08:05
Of course, the other application(s) may also be modified to remove the strong-linking requirement.
Barry Kelly  2009-12-07 03:09:34
@Barry hence the "inadvertently using" part. If you modify the reference, it's not inadvertent :)
Rex M  2009-12-07 17:55:52
A: 

It's no different from modifying a non-strongly typed assembly. The only real difference is that they would have to run the strong name utility (sn.exe) in order to use the modified assembly.

Chris Conway  2009-12-07 03:11:30
Normally the private key is not distributed with the assembly, so strong naming it will still leave it incompatible with clients of the assembly, which have the public key embedded in their assembly references. It would be easier for them to modify the clients to remove the strong name requirement.
Barry Kelly  2009-12-07 03:17:08
Sorry, that is what I meant. They would use the sn.exe with the the -Vr option to bypass the strong name requirement.
Chris Conway  2009-12-07 13:29:01
A: 

As others have said, its very easy.

One technique you can use is to use the public key (or token) of your assembly to encrypt important information (such as algorithm parameters, connection strings, etc) in your assembly. This way if the public key has been changed or removed, the decryption will fail and your assembly would no longer run correctly. Obfuscators such as Crypto Obfuscator use this technique as one part of the protection.

logicnp  2009-12-07 10:49:59

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?