|
Posted by The PocketTV Team on October 27, 2007, 3:04 am
Please log in for more thread options
we have a simple problem:
our application links (at run-time) with a critical DLL provided by a third
party.
we want to be absolutely sure that this DLL has not been replaced by another
DLL of the same name (and with the same symbols), but that could behave
differently. this DLL is related to DRM (digital right management), so we
want to make sure it has not been tampered with.
so basically we want to check that the DLL has a digital hash or checksum
(e.g. md5) that matches the one of the authentic dll (which we know).
what is the simplest way to obtain a digital hash of a DLL, at run time, on
the device?
is there a function that can do that, or should the cryptographic package be
used?
are there some code examples (C++) showing how to do that?
|
|
Posted by Gernot Frisch on October 29, 2007, 7:13 am
Please log in for more thread options
> is there a function that can do that, or should the cryptographic
> package be used?
>
> are there some code examples (C++) showing how to do that?
Here's my CRC32 code (gfcrc32.h)
#include <stdio.h>
// --------------------------------------------------------------- //
// ### CRC32 ###
// calculate CRC 32 checksum of a text
// --------------------------------------------------------------- //
class GFcrc32
{
unsigned long crc32_table[0x100];
unsigned long Reflect(unsigned long ref, char ch)
{
unsigned long value = 0;
// Swap bit 0 for bit 7
// bit 1 for bit 6, etc.
for(int i = 1; i < (ch + 1); ++i)
{
if(ref & 1) value |= 1 << (ch - i);
ref >>= 1;
}
return value;
}
public:
GFcrc32()
{
unsigned long ulPolynomial = 0x04c11db7;
for(int i = 0; i <= 0xFF; i++)
{
crc32_table[i]=Reflect(i, 8) << 24;
for (int j = 0; j < 8; j++)
crc32_table[i] = (crc32_table[i] << 1) ^ (crc32_table[i] & (1 <<
31) ? ulPolynomial : 0);
crc32_table[i] = Reflect(crc32_table[i], 32);
}
}
unsigned long Calculate(const char* text, unsigned long len)
{
unsigned long ulCRC(0xffffffff); //, len;
unsigned char* buffer;
// Get the length.
//len = (unsigned long)strlen(text);
// Save the text in the buffer.
buffer = (unsigned char*)text;
// Perform the algorithm on each character
// in the string, using the lookup table values.
while(len--)
ulCRC = (ulCRC >> 8) ^ crc32_table[(ulCRC & 0xFF) ^ *buffer++];
// Exclusive OR the result with the beginning value.
return ulCRC ^ 0xffffffff;
}
unsigned long Calculate(const char* filename)
{
FILE* pF = fopen(filename, "rb");
if(!pF) return -1;
fseek(pF, 0, SEEK_END);
size_t flen = ftell(pF);
fseek(pF, 0, SEEK_SET);
char* pB = new char[flen+1];
fread(pB, 1, flen, pF);
fclose(pF);
unsigned int rv = Calculate(pB, (unsigned long)flen);
delete[] pB;
return rv;
}
};
|
|
Posted by DragonSt0rm on October 29, 2007, 2:23 pm
Please log in for more thread options Gernot Frisch wrote:
> > is there a function that can do that, or should the cryptographic
> > package be used?
> >
> > are there some code examples (C++) showing how to do that?
>
> Here's my CRC32 code (gfcrc32.h)
While a homebrew CRC is ok for data integrity & co. (non security
checks), one should _ALWAYS_ use a well tested hash algorithm like sha1
or better when security is involved. Developping and validating a real
crypto algorithm it is a nontrivial mathematical task, homebrewed crypto
it is not the way to go.
As mater of fact, SHA1 it is today the weakest recommended hash
available for serious security applications, after some weaknesses has
been documented in MD5.
Nowdays, Microsoft does include crypto API by default so you get it
(almost :-) "for free" in your CE.
I Googled a sample for you:
http://www.ureader.com/message/948040.aspx
Hope this help,
DragonSt0rm
|
|
Posted by The PocketTV Team on October 29, 2007, 3:48 pm
Please log in for more thread options thanks.
i think CRC is too easy to defeat.
i figured that maybe it would be possible to use the "code signature" system
to do that, i.e. if we sign the dll with our signature, and load our
certificate in the certificate store of the device, we could check that the
dll is signed by our signature at run-time.
is there a way to check that a particular dll is signed with a particular
signature at run-time (i.e. is that possible with the crypto API ?
do all the devices allow installing a certificate on the device? or does
this require being "trusted"?
what we are trying to do seems to be a simple and common case (i.e. to
prevent applications from being tampered with). i think that when an
application that is code-signed is tampered with, the signature becomes
invalid. so using signatures is probably the best way. but on most windows
mobile professional devices, the security configuration of the device allows
un-signed applications to run. so i'm not sure how we can use signatures to
prevent code tampering. we don't want to spend days and do something overly
complicated.
any idea would be welcome.
> Gernot Frisch wrote:
>
>> > is there a function that can do that, or should the cryptographic
>> > package be used?
>> >
>> > are there some code examples (C++) showing how to do that?
>>
>> Here's my CRC32 code (gfcrc32.h)
>
>
> While a homebrew CRC is ok for data integrity & co. (non security
> checks), one should _ALWAYS_ use a well tested hash algorithm like sha1
> or better when security is involved. Developping and validating a real
> crypto algorithm it is a nontrivial mathematical task, homebrewed crypto
> it is not the way to go.
>
> As mater of fact, SHA1 it is today the weakest recommended hash
> available for serious security applications, after some weaknesses has
> been documented in MD5.
>
> Nowdays, Microsoft does include crypto API by default so you get it
> (almost :-) "for free" in your CE.
>
> I Googled a sample for you:
>
> http://www.ureader.com/message/948040.aspx
>
>
> Hope this help,
> DragonSt0rm
>
|
|
Posted by Scott Seligman on October 29, 2007, 4:39 pm
Please log in for more thread options >
>is there a way to check that a particular dll is signed with a
>particular signature at run-time (i.e. is that possible with the crypto
>API ?
>
>do all the devices allow installing a certificate on the device? or
>does this require being "trusted"?
You should be able to use the Crypto APIs to verify a module is signed,
and that is a signature ID that you're expecting.
That said, I'm not sure how you could verify the module that you've just
verified is the module loaded into your process.
>what we are trying to do seems to be a simple and common case (i.e. to
>prevent applications from being tampered with). i think that when an
>application that is code-signed is tampered with, the signature becomes
>invalid. so using signatures is probably the best way. but on most
>windows mobile professional devices, the security configuration of the
>device allows un-signed applications to run.
It's important to point out that when a signature becomes invalid
because someone modified the module itself the module isn't considered
unsigned. It's considered broken, and the OS will refuse to load it. I'm
don't believe there's anyway to configure CE to allow broken signatures
to load. This check happens even if CE doesn't know about the
certificate in question.
This doesn't make it impossible for someone to resign the module, of
course, but it does raise the bar for modifying an executable. There's
no way, afaik, to make it completely impossible for someone to modify
your executable before running it.
--
--------- Scott Seligman <scott at <firstname> and michelle dot net> ---------
All religions are founded on the fear of the many and the cleverness
of the few.
-- Stendhal
|
| Similar Threads | Posted | | 9]0 ***Hot stuff - check this out !!! 9]0 | January 28, 2006, 12:37 pm |
| Re: is there a api for check and send sms? | October 31, 2006, 12:44 am |
| Re: is there a api for check and send sms? | November 9, 2006, 3:17 am |
| how to check if dll is M2M-signed? | October 31, 2007, 5:18 pm |
| How i can check whether given file is graphic or not | June 20, 2005, 3:27 am |
| How to check the handset's profile? | October 14, 2005, 8:40 am |
| How to check the type of device/browser? | January 17, 2006, 2:54 am |
| Check type of device prior to install? | August 1, 2005, 11:04 pm |
| TAPI lineSetAppPriority: How to check which application has top priority. | April 20, 2006, 3:55 pm |
| Want to know about applications that call to check HeadSet profile!! | January 31, 2007, 5:37 am |
|
XML Sitemap