Hi Michael

It IS possible to fool the CLR to skip the strong name verification of a strong named assembly. All you need to do a tweak a particular byte in the assembly metadata. Please follow this thread:
http://www.google.co.uk/groups?hl=en&lr=&threadm=%23UDXSOX0EHA.3820%40TK2MSFTNGP11.phx.gbl&rnum=2&prev=/groups%3Fq%3DRahul%2BKumar%2Bgroup:*security*%26hl%3Den%26lr%3D%26selm%3D%2523UDXSOX0EHA.3820%2540TK2MSFTNGP11.phx.gbl%26rnum%3D2

Wow, very interesting. I'm going to check into it and see what's going on. If what Frank says is true, I'd think that to be a security problem for many companies. Interesting indeed.

And even easier: just register the original strong-named assembly in the GAC and then overwrite it with patched one. Works like a charm. Of course, you have to have certain priviliges, but usually this is not an issue, right?

sn -Vr
caspol -s on|off

Mike,

if I have my assemblies strongly signed and I use Linkdemand to check the immediate caller, it means that I can modify the public key and fool the security checks?

Patrick.

XapoH, can you go into more detail? I installed a test into the GAC, then overwrote it (C:\windows\assembly\test.exe\blabla\test.exe), and was not able to get it to load.

LF, you're right, it's -Vr, not -Vu. At any rate, as I put in my article, no, that does not work. Turning off caspol didn't do the trick either.

Thanks for the suggestionss, but they are all *system* settings -- not something you can distribute in a patch. As usual, a good patch will modify as little as possible. Disabling system security, playing with the GAC, etc. violate this basic idea.

Patrick: By replacing the strong name, you can play with items on the local disk. If a user has access to the exe and can modify it, he can do anything (basic principal of security). He could just remove the linkdemands.

Now, according to that newsgroup thread, you can set one byte to zero and make the framework not check the strong name, but other programs still consider it a strong name. I haven't been able to repro it yet. Also, the poster in the thread (Frank) appeared to say it only had to do with references loading, and not the .NET framework applying CAS. i.e., it wouldn't work just for a cracked program. I'm gonna look into it and see what's the real story.

Mike, I did it with .dll files. Not sure if you really can install .exe in GAC. Don't have any in mine...

Hmm, I'll have to check into that then.

I have noticed that some assemblies use an AssemblyKeyName registered with the Crypto Service Provider instead of using an AssemblyKeyFile. Do you think this option provides better security and how easily is this type of strong naming cracked?

Gary, as far as cracking, no, using a key or container makes no difference.

It seems that Fusion in .NET Framework 2.0 recognizes that the assembly has a public key and hence it knows that it must validate that key using the strong name signature. Unlike previous versions of .NET Fusion checks that the strong name signature data directory in the CLR header has valid values. So turning off some bytes makes no difference now.

Is there any way around that or finally it's well-protected?