Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

StrongName a .NET assembly without access to original keyfile

I've made some changes to the code in an existing .NET assembly dll. I do not have the keyfile used to sign the code. How can I force the .NET executable to load it, without registering it for skipping verification (not portable), without removing StrongNames (Damages application)?

like image 967
Kurt Nauck Avatar asked Dec 04 '22 14:12

Kurt Nauck


2 Answers

You can't, and that's the whole point of strong names.

Strong names verify that an executable file has not been tampered with by someone who is not the author. (Anyone with the original key file is assumed to be the author.) Since you do not have the key file, you must not be the author, and as such strong naming prevent you from doing the changes you want to do.

If you want to load your DLL, you'll have to use either solution you suggested.

EDIT Since .NET 3.5 SP1, strong name verification is bypassed provided at least one of the following conditions is met:

  • the assembly is fully signed with Authenticode;
  • the assembly is fully trusted (without any regards to its strong name evidence);
  • the assembly is loaded into a fully trusted AppDomain (which is what happens with desktop applications in most scenarios);
  • the assembly is loaded from a location under the AppDomain's ApplicationBase (i.e. the assembly is distributed with the application and exists in the same directory).

Basically, strong name verification was disabled for every use case except Silverlight. It's possible, however, for a system administrator to re-enable name verification by default with a registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework]
"AllowStrongNameBypass"=dword:00000000

Microsoft says that the reason this change is allowed is that strong names were not an integrity checking mechanism but were an assembly identification mechanism. For actual integrity checking, Authenticode is the way to go.

This means that for all practical purposes, strong names aren't useful to prevent tampering, and anyone can tamper with any assembly and still have it load correctly, unless the system administrator prevents it.

To correctly answer this question, then, it should be mentioned that modifying an assembly will invalidate its strong name, and as such there is no way to edit a DLL without invalidating the strong name if the snk is not available. However, it will not prevent it from loading in most cases.

like image 116
zneak Avatar answered Dec 10 '22 11:12

zneak


You can edit a .NET dll in Reflexil (.NET Reflector addon) and preserve the original signature on the modified code. Thank you for your answers.

To those of you who wish to edit an assembly and not resign it, use Reflexil. Just because people are downvoting this answer, it doesn't mean that it is wrong.

like image 37
Kurt Nauck Avatar answered Dec 10 '22 10:12

Kurt Nauck