flat assembler
Message board for the users of flat assembler.

Index > Heap > file signatures.

Author
Thread Post new topic Reply to topic
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Hello everyone! I'm having little question to you.. How does signatures work with files ? It's embedded in it or what they does ? Signature I mean Certificates that some executables got. Is there any way to grab it or make new one ? Thank you.
Post 27 Jul 2011, 15:53
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17278
Location: In your JS exploiting you and your system
revolution
You are asking about digital signatures (google it).

They can't be forged so easily. You would need either some unbelievable luck or some extreme hardware to do it. And by 'extreme' we are talking about stuff that does not yet exist in this world.
Post 27 Jul 2011, 16:10
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Yep, don't worry about that, those "bad programs" aren't going to be able to forge certificates easily. They would have to steal private key from someone with valid certificate (like stuxnet authors did), and if that happens the antimalware you are developing has nothing to do about it.
Post 27 Jul 2011, 16:18
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
I got it. But there is 1 problem too(If possible), If I'll modify file's code section with custom code, it won't change signature right ? I'm trying to make new one for my applications and I'm trying to find best way to do that and protect too! Thanks for help. Smile
Edit:
Never mind, I'm just trying to make new signature for my applications. How can I do that ?
Post 27 Jul 2011, 19:08
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
If you want new code section for your application, change source code and recompile your application.

To sign your application, you need to get certificate issued by certification authority that is trusted by your OS. Read up: http://goo.gl/xMY9k
Post 27 Jul 2011, 20:15
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
vid
Thank you very much. Smile
Post 27 Jul 2011, 20:23
View user's profile Send private message Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
Out of curriosity, how much one of those certifications cost?
Post 28 Jul 2011, 00:15
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Depends on particular certification authority, really. There are hundreds of them in current PKI tree, probably no one really knows all. Generally it is expensive, especially with Root CAs:

http://www.thawte.com/code-signing/index.html
http://www.verisign.com/code-signing/microsoft-authenticode/index.html?sl=productdetails
http://www.instantssl.com/code-signing/
Post 28 Jul 2011, 00:45
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Wow! It costs SO MUCH ! Surprised Why people should start using them with that price ? What it can do can someone explain me ? )) Thanks. Smile
Post 28 Jul 2011, 01:54
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17278
Location: In your JS exploiting you and your system
revolution
Signing gives authenticity and integrity (and non-anonymity). If people trust you and you send them signed code then they can run it with confidence that it has not been altered by anyone else.
Post 28 Jul 2011, 01:58
View user's profile Send private message Visit poster's website Reply with quote
Gunner



Joined: 28 Jul 2003
Posts: 17
Location: In my head
Gunner
http://www.globalsign.com/ has certs for 99$ a year for individual certs. 3 years for 244 is a steal!

Why so much? I for one think that it keeps the crapware authors from getting them. Doubt they would spend that money just to spread their crap.

_________________
~Rob (Gunner)
Forum Spam List Checker
Window Error Lookup Tool
and MORE!
Post 28 Jul 2011, 02:43
View user's profile Send private message Visit poster's website Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
On the other hand people who write freeware that require 64-bit kernel drivers are looking at having to pay to provide freeware. So it has some downside too. Sad

The alternative is selfsigning without a root authority and using test signing. Sort of okay for individual use but not so good for distribution.
Post 28 Jul 2011, 03:05
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.