Avatar of rmmarsh
rmmarsh
Flag for United States of America asked on

SHA-1 checksum vs .exe obfuscation

I have a Windows app that has been compromised (hacked).  I am looking at obfuscation but was wondering if generating a SHA-1 checksum and then checking it from within the program would suffice as far as letting me know the app has been compromised.

Comments?
C#.NET ProgrammingEncryption

Avatar of undefined
Last Comment
ozo

8/22/2022 - Mon
brendonfeeley

File hashing will let you know whether or not it is different to known hashes for that file. However, it won't tell you what has changed or how it was done.

What do you mean when you say it "has been compromised"? How do you know?
rmmarsh

ASKER
The guy has access to functions that are only available with a license, which he has not purchased.  I send a response to his email saying something was not working as it should, and I responded that he shouldn't even have access to that function... haven't heard from him since. :D

So, will it tell me if the program has been reverse-engineered?  (i.e. using .NET Reflector).  Is obfuscation better? (like Crypto Obfuscator)
ASKER CERTIFIED SOLUTION
brendonfeeley

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
rmmarsh

ASKER
So, I guess I better byte the bullet for $150 USD and buy the obfuscator...   thanks for your insight.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
brendonfeeley

There is a good article here on how to go about securing .NET code:
http://msdn.microsoft.com/en-us/magazine/cc164058.aspx
rmmarsh

ASKER
I saw that, plus a few others... settled on Crypto Obfuscation for .NET... seems to be the most comprehensive, plus they answered my emails right away... I like good support! :D  

Thanks again...
ozo

If the app can be compromised, what prevents the SHA checking within the program from being compromised?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.