Solved

SHA-1 checksum vs .exe obfuscation

Posted on 2012-12-22
7
560 Views
Last Modified: 2012-12-22
I have a Windows app that has been compromised (hacked).  I am looking at obfuscation but was wondering if generating a SHA-1 checksum and then checking it from within the program would suffice as far as letting me know the app has been compromised.

Comments?
0
Comment
Question by:rmmarsh
  • 3
  • 3
7 Comments
 
LVL 4

Expert Comment

by:brendonfeeley
Comment Utility
File hashing will let you know whether or not it is different to known hashes for that file. However, it won't tell you what has changed or how it was done.

What do you mean when you say it "has been compromised"? How do you know?
0
 

Author Comment

by:rmmarsh
Comment Utility
The guy has access to functions that are only available with a license, which he has not purchased.  I send a response to his email saying something was not working as it should, and I responded that he shouldn't even have access to that function... haven't heard from him since. :D

So, will it tell me if the program has been reverse-engineered?  (i.e. using .NET Reflector).  Is obfuscation better? (like Crypto Obfuscator)
0
 
LVL 4

Accepted Solution

by:
brendonfeeley earned 500 total points
Comment Utility
I think it's almost certain that it has been reverse engineered and/or the application has been patched in order to grant access to locked functionality. File hashing will definitely tell you if the file has been patched.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:rmmarsh
Comment Utility
So, I guess I better byte the bullet for $150 USD and buy the obfuscator...   thanks for your insight.
0
 
LVL 4

Expert Comment

by:brendonfeeley
Comment Utility
There is a good article here on how to go about securing .NET code:
http://msdn.microsoft.com/en-us/magazine/cc164058.aspx
0
 

Author Comment

by:rmmarsh
Comment Utility
I saw that, plus a few others... settled on Crypto Obfuscation for .NET... seems to be the most comprehensive, plus they answered my emails right away... I like good support! :D  

Thanks again...
0
 
LVL 84

Expert Comment

by:ozo
Comment Utility
If the app can be compromised, what prevents the SHA checking within the program from being compromised?
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now