Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

SHA-1 checksum vs .exe obfuscation

Posted on 2012-12-22
7
Medium Priority
?
586 Views
Last Modified: 2012-12-22
I have a Windows app that has been compromised (hacked).  I am looking at obfuscation but was wondering if generating a SHA-1 checksum and then checking it from within the program would suffice as far as letting me know the app has been compromised.

Comments?
0
Comment
Question by:rmmarsh
  • 3
  • 3
7 Comments
 
LVL 4

Expert Comment

by:brendonfeeley
ID: 38715619
File hashing will let you know whether or not it is different to known hashes for that file. However, it won't tell you what has changed or how it was done.

What do you mean when you say it "has been compromised"? How do you know?
0
 

Author Comment

by:rmmarsh
ID: 38715627
The guy has access to functions that are only available with a license, which he has not purchased.  I send a response to his email saying something was not working as it should, and I responded that he shouldn't even have access to that function... haven't heard from him since. :D

So, will it tell me if the program has been reverse-engineered?  (i.e. using .NET Reflector).  Is obfuscation better? (like Crypto Obfuscator)
0
 
LVL 4

Accepted Solution

by:
brendonfeeley earned 2000 total points
ID: 38715634
I think it's almost certain that it has been reverse engineered and/or the application has been patched in order to grant access to locked functionality. File hashing will definitely tell you if the file has been patched.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:rmmarsh
ID: 38715644
So, I guess I better byte the bullet for $150 USD and buy the obfuscator...   thanks for your insight.
0
 
LVL 4

Expert Comment

by:brendonfeeley
ID: 38715651
There is a good article here on how to go about securing .NET code:
http://msdn.microsoft.com/en-us/magazine/cc164058.aspx
0
 

Author Comment

by:rmmarsh
ID: 38715663
I saw that, plus a few others... settled on Crypto Obfuscation for .NET... seems to be the most comprehensive, plus they answered my emails right away... I like good support! :D  

Thanks again...
0
 
LVL 85

Expert Comment

by:ozo
ID: 38715742
If the app can be compromised, what prevents the SHA checking within the program from being compromised?
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month21 days, 6 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question