stackoom
  简体   繁体   中英

Does signing an assembly or an exe with a digital certificate makes it secure against tampering attacks?

 原文  2010-02-10 11:06:48       security/ digital-certificate/ tampering

Question

I tried creating a temporary certificate using makecert and creating a spc from the certificate using cert2spc. I signed some exe with the generated spc. I then use the binary editor in VS 2008 to flip some bits (tampered it) in the exe. To my surprise I was able to execute the application.

I was expecting that the system will detect the tampering and will complain. Hence the question.

Any guidance would be appreciated.

1 answers

solution1
 1  2010-02-10 18:15:58

No, because any code in the binary to check the signature can also be tampered with.

I recommend obtaining a copy of IDA Pro and disassembling one of your binaries. After you have the raw assembler you can edit specific opcodes using a hex editor. In short, this is the tactic that the cracker community uses. I don't believe that there will ever be a way to stop this, the ps3 and xbox360 both use digital signatures to protect their binaries, but this doesn't stop piracy.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Creating a Digital Certificate without signing it How to secure project against hacks and attacks? Secure PHP login against replay attacks Secure Nexus against supply chain attacks Is using Heroku Postgres secure against MITM attacks? Are hashed and salted passwords secure against dictionary attacks? Does this protect against injection attacks? Is BasicDBObject.parse() secure against NoSQL injection attacks? Does HTTPS protect against CSRF attacks? how does this protect against csrf attacks?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM