I just made a small and simple windows form. I uploaded the .exe to mediafire so anyone could download it, but when someone(or even myself) tries to download it: windows defender instantly deletes it, because it thinks it is a virus. Is this a problem with the code or does it has to do with something else?
Hash it to check it was not modified
Check with some digest algorithm like SHA-2 that the file you download from the site is actually the exact same that you uploaded.
If it is not the same, something fishy has happened to your file when on a trip to the internet. I wouldn't try to open it, and try to find another service to host your file.
Sign your executable with a certificate
Invest in some code signing certificate.
Some are free, and for beginning and test pourposes you can create it yourself and self-sign it, but it will still be frowned upon by anti-malwares and your system.
Other comments
Also, some code operations are considered "dangerous" by some antivirus, because theese operations are much more oftne found in exploits attempts than in real commercial code. I remember, when I was playing with simple console C++ code while learning, I did some unsafe operation with a simple string char[]. On my school computer, the result executable was automatically deleted with the McAfee guard within seconds of compilation...
Related
I'm creating a firmware update application (in C#, WPF, MVVM, .Net version still up in the air, but I hope to run it on Windows and Mac) that will allow the user to check for updates to both the application itself and for the latest firmware. I plan to use the common method of putting a file on a server that contains the latest version number and a URL to the files. The application will download the file, compare the versions in the file with the local versions, and download the latest files and/or update the application. Universally lacking in the 'how to's' of this method is the topic of security.
My initial thought was to put the "current version file" in a password protected secret folder, but then that seems overkill for a simple XML file. And since the user will be able to download the app from the website anyway, hiding/password protecting the URL to the application seems pointless. Even the firmware, being a binary file running on custom hardware, at first thought seems rather benign from a security perspective. But then again, I don't spend my days thinking of how to hack into systems.
So, in regards to just the process described above, what kinds of security measures should be taken to protect the server, data and user from attacks? And potentially as a bonus question, what security measures can be taken to protect the application update itself? With this, I can at least see the potential to trick the updater into installing malicious code, so a checksum to verify the updated file's integrity would be a minimum there.
OK, so my hard disk just crashed. Big deal. All my web dev code that was on it went along with it, and now I'm running ddrescue on Ubuntu trying to recover whatever data I can recover. The hard disk keeps disconnecting and sometimes it can quit responding for a long time so it's really a pain in the ass.
Anyway, back to the main topic--I have my web dev code which was packaged and uploaded to Azure; now what I'm wondering is if it's possible to obtain all my .cs files from the VM. I noticed approot and siteroot folders, but all I saw were the views, the .asax file, some other misc, stuff, nothing with the .cs extension.
Is there any way I can get a copy of the code I packaged? or (as a last resort) any way to get the .cspkg file and work from there?
The site you are seeing on the web role and inside the cspkg file is the output of the compile, so you can't get the original .cs files out of them. That said, you can use a tool like Reflector, Just Decompile, or a variety of other decompilers out there to reverse engineer your compiled bits into something that will be very close to the original C# code (not I'm assuming this is your own code, or code that doesn't have a provision against reverse engineering). This at least will let you use the bits on the webrole to get the majority of your code back, then review it to see how good a job it did.
Note, you can open the cspkg file. It's just a zip file. You can rename with a .zip file extension and open it up, but you won't find the .cs files in there. The only time you find this to be the case is if you have multiple websites within a single web role. The default packager for Windows Azure doesn't compile the additional sites, only packages up all the files in their root directory. Not at all helpful for actual deployments really, but this won't likely help you.
You are likely well ahead of me on this, but I'd recommend using a personal source control system of some sort to avoid this issue in the future.
I want to prevent executable being copied to another PC and thus i need to somehow save information inside my EXE file about that it was already used somewhere else on another PC.
Can i embed small piece of information like user's hard drive number into my EXE file so this information would be available when this EXE is copied to another PC?
I thought maybe there is a way to read and write to some resource file embedded in an EXE file but i presume that resource file is read only and if so is there is a place inside EXE file where i could keep information which i need?
You're fighting an uphill battle this way. It's possible to create a home-grown licensing scheme but be prepared to do a lot of work (I did it, so I speak from first-hand experience). Just some problems to solve:
If the hard drive fails and needs to be replaced, your user won't be able to use the program. Every time this happens, you'll get a support call with an angry user.
If the user runs your program inside a virtual machine, the hard drive serial number won't be unique - anyone can clone the virtual machine and now your program can be run on another machine.
Hard drive serial numbers can be changed - they don't come directly from the hardware.
What if the hard drive is a removable drive? Your user can run your program from a removable drive and then keep moving it to different machines.
Even if you get it done, how do you protect the license information from being modified?
If you really want to license your product, look at existing licensing products - they're not cheap but they already did the (considerable amount of) work that's necessary to have any kind of reliability.
Even if you only want to have minimal protection, consider this: you'll have to do a lot of work to get even minimal security of your secret token (whatever that is). If its security is minimal, then what's the point of you even doing all that work? If all you do is force people to put in a meaningless serial number, you'll just annoy your honest customers. If anyone wants to steal something that's not well protected, they will steal it. All a 'simple' protection scheme does is annoys your users and gives you a false sense of protection.
I ended up using Reprise RLM - I'm not associated with this company but I had a good experience with their sales and support people and their product worked well in the testing scenarios.
Ok, I analyzed all the variants that were proposed and decided that in my case it will be better to develop my own copy-protection system, due to the reason that I am an indie developer and not going to work with extra large applications.
Just in case, somebody faces to the same issue - here is the algorithm (well, one of them):
User starts APP1.EXE
APP1.EXE reads itself to some variable and adds HDD serial number to the end of it, e.g. HDD serial number - when you add something to the end it does not break EXE file and you do not have to worry about PE headers
Unfortunately, EXE cannot save itself in runtime so it saves its copy called APP2.EXE with the information about HDD
When APP2.EXE is saved APP1.EXE starts it as a separate process via Process.Start() and terminates itself
Now APP2.EXE is running and has the same content as APP1.EXE + HDD serial number so we simply write all bytes from APP2.EXE back to APP1.EXE, close current process and start APP1.EXE again
From now on APP1.EXE is running and have all needed information about current HDD so each time user starts APP1.EXE it compares HDD number at the end of its content with the actual one on user's PC, if they differ - terminate the process
Delete APP2.EXE so that user would not realize how these files exchange information about his HDD.
Useful info about self-deleting EXE can be found here :
http://www.catch22.net/tuts/self-deleting-executables
http://buffernow.com/selfdelete-executable-in-c/
P. S. I know that it is like a huge hole of security (I will not mention all of them) but implementation of this algorithm took just 20 lines of code in C# and was moved to a separate DLL which I can use everywhere and it works. There is NO any registration in the algorithm above and user can simply take this app and use it and I am sure that ~ 80% of them will not realize how this app is protected from copying.
Link to implementation : https://bitbucket.org/artemiusgreat/examples/src/ef7b60142277?at=master
Is there any way to make a file totally uneditable and undeleteable ? I am creating simple Anti-Virus program and I want to protect my malware signatures which are saved in files.
The short answer is 'you can't.' The long answer follows. =)
You may implement it via file permissions, but those can be changed if a process have enough privileges.
TMK, the only way to implement this kind of restriction is to keep a process running, with the file open in exclusive mode. That won't prevent an application like Unlocker from killing your main process or deleting the block handles, though.
No, you can't. If a software runs with enough privileges, it will be able to erase them along with your antivirus. This also happens with commercial antivirus software.
What you can do, in order to at least prevent modifications, is store the definitions as compressed, signed and, encrypted. In this way, unless the malware can obtain the criptographic key, it won't be able to meaningfully modify the virus database, but only to delete it. In both cases, your software can detect the intervention and try to react (but if a malware is privileged enough to delete system files, maybe it' already too late)
you cant really do so, but you can try outsmarting malware...
Save a checksum of the file so you know if it was tampered.
Use Async Encryption on the file (somwhat similar to 1.)
make the signatures downloadable through Internet access, and make your software download those...
check the last accessed times of the files.
there are many more tricks like the four above, but they are all NOT boolet proof...
One Crazy idea that i dont really know how to implement... but came to mind is that:
you can create a SATA/IDE Driver and make the a specific file unaccesible...
but again thats my kind of creativity crazy talk :)
The best you can do with C# is to just set the permissions of the file so that only your service has full access, and anyone else doesn't. That don't protects against someone/something that managed to get administrator access, as they always can change permissions.
What many antiviruses do for self-protecting their files and services is to install kernel-mode drivers that block both the critical files and processes, so not even administrators can stop them. Of course C# is unable to create them.
If you want a quick version scroll down to the "Edit|1|" part.
I HAVE done a bit of searching on this and can't seem to figure it out. I have a Webserver and a Minecraft server on the same machine (it never takes large loads so its ok) and I need the user to be able to put some input (in an html form), have that input saved in a file on the server, handled by a middleman app (which I've already got done and is in c#) and the middleman app interacts with the minecraft server.
Now everything I either have done before or know how to do. The only problem is saving the content of the form into a temporary text file so that the middleman app can do its magic. I thought about using SQL (since its on the server cause minecraft uses it for stats) but in my opinion its a bit overkill for something that will only be there for a few seconds. (not to mention then ill have to add SQL into the middleman app).
I don't really care where on the server the file ends up since I'll likely hard code the location into the middleman app and it will be deleted after the middleman app reads it. I can get saving to work in IDLE but not in this app on the server.
(I know this code won't take in anything from a form, this was just written as a test to save files)
import os
name = "none";
def editFile():
workfile = open("edit.x",'w')
workfile.write(name)
workfile.close()
def application(environ, start_response):
status = "200 OK"
output = "Testificate (Feature will be up shortly)"
response_headers = [('Content-type', 'text/plain'),('Content-Length',str(len(output)))]
start_response(status, response_headers)
return [output]
Extra Server info...
Hardware: Sufficiently powerful
WebServer: Wamp w/ Python Module installed on Apache
Also here is a link to what runs with that code Click HERE.
Edit|1|: I guess I didn't get much into the problem (It was late lastnight when I wrote this). Basically Any type of file will do. I want Ideally the simplest to implement. The above code has no result On the server. It never creates the file nor can it read from the file (if I create it manually). I've been working at it for about a day and a half now. I'm really just hoping Its a mistake on my part. Could the server config in wamp dis-allow the creation of files via Python?
Check out the tempfile module, for example, tempfile.mkstemp() with a known directory. Have your "middleman app" poll (or perhaps using inotify) the directory for new files, process the file, and then delete it when done.
So I realized what I did while at lunch today. (facepalming myself in the process). The reason it wasn't working was the fact that I used backslashes, not forward slashes. So here is the working version of the above (I used triple quotes just to be sure). I also changed it to be absolute path.
def editFile():
workfile = open("""C:/wamp/www/test/edit.txt""",'w')
workfile.write(name)
workfile.close()
After that it worked flawlessly. So if anyone else makes that small mistake here is a reminder. lol Thanks to "mhawke" for the reply on tempfiles Its good info to have in either case.