I have discovered a software crack where the license check assembly (.NET) has been altered but the digital signature and the strong name are both still perfectly intact.
Strong naming is easy to inject back into modified or recompiled assemblies, however, I thought a digital signature (authenticode certificate) was much, much harder to bypass. How is it that these crackers have managed to heavily modify this assembly yet maintain the digital signature and the exact file size?
The signature was not re-applied, it still contains the date it was originally signed. Until now I thought that it meant the DLL was tamper proof but clearly not.
- How difficult is it to tamper with an assembly without altering the digital signature?
- Is a digital signature worth anything more than for Windows UAC since it clearly doesn't mean the file was not altered.
- Is this just a problem with .NET assemblies or are native assemblies also vulnerable?