开发者

Does signing an assembly or an exe with a digital certificate makes it secure against tampering attacks?

I tried creating a temporary certificate using makecert and creating a spc from the certificate using cert2spc. I signed some exe with the generated spc. I then use the binary editor in VS 2008 to flip some bits (tampered it) in the exe. To my surprise I was able to execute the application.

I was expecting that开发者_Go百科 the system will detect the tampering and will complain. Hence the question.

Any guidance would be appreciated.


No, because any code in the binary to check the signature can also be tampered with.

I recommend obtaining a copy of IDA Pro and disassembling one of your binaries. After you have the raw assembler you can edit specific opcodes using a hex editor. In short, this is the tactic that the cracker community uses. I don't believe that there will ever be a way to stop this, the ps3 and xbox360 both use digital signatures to protect their binaries, but this doesn't stop piracy.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜