简体繁体 English

如何检测桌面应用程序是否已被修改？

[英]How to detect if desktop application has been modified?

原文 2011-11-14 07:59:59 9 3 c++/ windows/ macos/ qt/ cross-platform

How to detect if desktop application has been modified? 如何检测桌面应用程序是否已被修改？

The application communicates with a web service, so we can maybe hash the desktop, and then check if the checksum matches or something like this? 应用程序与Web服务通信，因此我们可以散列桌面，然后检查校验和是否匹配或类似的东西？ or what do you suggestion? 或者你的建议是什么？

3 个解决方案

Just don't let the application do anything you wouldn't allow the person modifying the application to do. 只是不要让应用程序做任何你不允许修改应用程序的人做的事情。 Then it doesn't matter whether the application was modified or not. 然后，应用程序是否被修改无关紧要。

Your proposed solution is like a bank trying to design a pen that can't be used to write bad checks and then trying to make sure customers always use that pen to write their checks. 您提出的解决方案就像一家银行试图设计一支不能用于编写不良支票的笔，然后试图确保客户始终使用该笔来编写支票。 It's much more sane to stop worrying about what pen customers use to write their checks and just reject any check that's for more than the customer's balance. 更不用担心笔客户用来写支票的情况，只是拒绝任何超出客户余额的支票。

Or, to put it another way: 或者，换句话说：

1) If the application asks your web service to do something that you do not want it to do, what difference does it make if the application is modified or not? 1）如果应用程序要求您的Web服务执行您不希望它执行的操作，那么如果应用程序被修改，它会有什么不同？

2) If the application asks your web service to do something that you do want it to do, what difference does it make if the application is modified or not? 2）如果应用程序要求您的Web服务执行您希望它执行的操作，那么如果应用程序被修改，它会有什么不同？

In sum, it makes no difference. 总之，它没有任何区别。

While David's answer is an excellent summary of my opinion on your problem (better than I could have said it myself), I do recognize that some environments really do want to accomplish what you've asked for: some way to attest to a remote system that you're really running exactly the software that you say you are. 虽然大卫的答案是我对你的问题的一个很好的总结（比我自己能说的更好），我确实认识到某些环境确实想要完成你所要求的：某种方式来证明远程系统你真正运行的是你说的软件。

IBM's TrouSers is one portion of a software stack that is working to make remote attestation a reality. IBM的TrouSers是软件堆栈的一部分，致力于使远程认证成为现实。 The entire stack relies on the TPM chips built into some commodity motherboards, a trusted BIOS that performs a cryptographic checksum of the boot loader, a trusted boot loader that performs a cryptographic checksum of the operating system kernel and important system utilities, and the operating system support (TrouSers) that can manage the TPM and verify the software in question. 整个堆栈依赖于内置于某些商品主板中的TPM芯片，执行引导加载程序加密校验和的可靠BIOS，执行操作系统内核和重要系统实用程序的加密校验和的可信引导加载程序以及操作系统支持（TrouSers），可以管理TPM并验证相关软件。

It's important to note that the TPM chips are not designed for FIPS 140 -style tamper protection. 值得注意的是，TPM芯片并非专为FIPS 140型篡改保护而设计。 Even with a fully-operational remote attestation stack, a hardware owner can more or less do as they wish. 即使使用完全可操作的远程证明堆栈，硬件所有者也可以或多或少地按照自己的意愿执行操作。 So it is vital to have good physical security controls on the hardware to prevent untrusted people from tampering with the devices. 因此，对硬件进行良好的物理安全控制以防止不受信任的人员篡改设备至关重要。

Best way is to calculate the checksum of the executable and store it in a secure place. 最好的方法是计算可执行文件的校验和并将其存储在安全的地方。 You can recalculate the checksum and validate against the the stored checksum whenever you want. 您可以随时重新计算校验和并验证存储的校验和。 If the value does not match then the executable has been changed. 如果值不匹配，则可执行文件已更改。 This is what is done for most of the downloads available on the internet. 这是对互联网上大多数下载所做的工作。 The publisher publishes the checksum along with the download. 发布者发布校验和以及下载。 This download can be mirrored. 此下载可以镜像。 Users downloading from mirrored sites are expected to match the checksum of the download against the published chekcsum to ensure that the download is not tampered. 从镜像站点下载的用户应与下载的校验和与已发布的chekcsum匹配，以确保下载不被篡改。