0

Let us suppose we have a Win Forms application with a button that if pressed checks a statement, and in case the evaluation is true it performs an action.

private void Button_Click(object sender, EventArgs e)
    {
        if(a==b)
        {
            //do something here
        }
        else
        {
           //do nothing
        }
    }

The matter here is the security. As far as I know, with tools like IlSpy or Reflector it is possible to view the source code, modifying it and rebuild a new executable. So, in this case bypassing this condition for an attacker would be trivial, like putting a==a in place of a==b.

Let us suppose there is a solution that completely defeats this, the only option now is to debug the assembly with a debugger like x64dbg.

The question is: is it possible in this case to hijack the execution of the app? If yes, is there a way to protect from this?

Wall
  • 293
  • 3
  • 13
  • 1
    Your question is very broad and plenty of info is available on the internet. Best protection is to have your app logic running on your server and your window only show /send data. Hey, I can reflect the entire .net framework. Microsoft seem ok with that – T.S. Jul 17 '20 at 18:04
  • As @T.S. said - there are plenty of discussions on this topic... and you really can't protect any code unless you can control machine the code runs on. Generally common user devices (phones, laptops, desktops) can't provide much protection. If you need that type of protection consider game consoles PS/Xbox/Nintendo - they make much more efforts to guarantee that code executed matches code you published... If your treat model is less strict store apps have some level of protection to only run matching binaries... – Alexei Levenkov Jul 17 '20 at 18:18

1 Answers1

-3

//If yes, is there a way to protect from this?//

Signtool is the helper here. ...........

https://learn.microsoft.com/en-us/dotnet/framework/tools/signtool-exe

Sign Tool is a command-line tool that digitally signs files, verifies signatures in files, and time-stamps files.

......

https://www.twelve21.io/using-signtool-exe-to-sign-a-dotnet-core-assembly-with-a-digital-certificate/

Here is a good article on good/bad:

https://blog.lextudio.com/signing-your-code-for-the-good-and-the-bad-350b25d2b38d

Signing your code is a very important step to confirm that you ship something that can be trusted by others. However, it comes at a price, because you need to pay a certificate authority for a valid certificate.

granadaCoder
  • 26,328
  • 10
  • 113
  • 146
  • Once again, people down voting without giving an explanation. How is 'signtool' not relevant to the question the OP asked? "If yes, is there a way to protect from this?" – granadaCoder Jul 17 '20 at 17:35
  • What is the point of signing assembly when the question is about user recompiling decompiled code and clearly allowing all verifications to be skipped? – Alexei Levenkov Jul 17 '20 at 18:04