如何防止我的.NET应用程序对DLL劫持? [英] How can I proctect my .NET application against DLL Hijacking?
问题描述
由于遗留和设计问题强大的命名/签名现在不是一个选项
如果您不知道什么DLL劫持是额外的信息:
我遇到过类似的问题,最后写了我自己的逻辑来验证DLL。对我来说,我只是用LGPL的方式(我不能修改dll)使用该DLL,但是想确保我的应用程序使用正版的dll(不是高清的)。
简单解决方案:
- 在开发应用程序时,将创建MD5的校验和,并对应用程序中的哈希进行硬编码
- 每次启动应用程序时,使用相同的逻辑生成dll文件的MD5校验和,并将其与硬编码的文件进行比较。
- 您可能会已经知道了,但这里是如何有效地生成文件的校验和(见答案: https://stackoverflow.com/a/1177744/ 392850 )
更好的解决方案:
- 使用强哈希算法和盐生成dll的哈希值
- 生成RSA密钥值对(私钥和公钥)
- 使用私钥加密dll的哈希值
- Emb在您的应用程序中编辑公钥加密散列和盐
- 应用程序启动后,使用公钥解密加密散列
- 在运行时再次使用相同的盐生成哈希,并与使用公钥解密的哈希进行比较。
如果您有任何证书,可信任的CA喜欢verisign,您可以使用该证书而不是使用RSA密钥对。
这样即使有人用破解的dll替换了你的dll,哈希也不会匹配您的应用程序将知道劫持尝试。
这种方法可能比只给dll一个强名称更好,因为可能是强名称验证可以通过运行
SN -Vr HijackedAssembly
希望这可以帮助您,或希望了解数字签名内容如何工作的人。
We have a .NET 3.5 application with registered extensions. How can we protect it against DLL Hijacking attacks?
Because of legacy & design problems strong naming/signing is not an option right now
Extra Information if you don't know what DLL Hijacking is:
I had came across similar issue, I had ended up writing my own logic for verifying the dll. For me I was just using that dll in LGPL fashion (I can't modify the dll), but wanted to make sure that my application uses the genuine dll (not the hi-jacked one).
Simple solution:
- While developing the application create MD5 Checksum of the dll and hardcode the hash in the application
- Everytime you start the application use the same logic to generate the MD5 Checksum of the dll file and compare it with the hardcoded one.
- You might be already aware but here is how to efficiently generate the Checksum of a file (see answer: https://stackoverflow.com/a/1177744/392850)
Better solution:
- Generate hash of the dll, with strong Hashing algorithm and salt
- Generate RSA key value pair (private key and public key)
- Encrypt the hash of the dll with your private key
- Embed the public key, "encrypted hash" and salt in your application
- Upon application start, decrypt the "encrypted hash" with your public key
- Generate the Hash again at runtime with the same salt, and compare with the hash decrypted using the public key
If you have any certificate from trusted CA like verisign, you can use that certificate instead of using RSA key value pair.
This way even if someone replaces your dll with cracked dll, the hash will not match and your application will know the Hijacking attempt.
This approach could is better than only giving dll a strong name because, may be strong name verification can be disabled by running
SN -Vr HijackedAssembly
Hope this helps you, or someone who wants to understand how digital signature things work internally.
这篇关于如何防止我的.NET应用程序对DLL劫持?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!