My .NET Application Hacked. What to Do?

So, your application is popular and it got the first hacks. Congratulations on being awesome but this also means you probably have a constant flow of headache since then.

Attack on .NET application

The most widespread hack is cracking the licensing algorithm of your application so it can be used and pirated for free. Another subtle but common hack is to use your application as a shell for malware payloads. If your application communicates with the server then there is one more attack surface: unsolicited use of your server facilities.

The given factors are tightly coupled with probable false positive detections your application may get from anti-viruses (AVs).

The good news is that you can mitigate most of the threats with a few simple tricks. Let me show you how:

  1. Ensure that all your assemblies have strong names, e.g. signed with your assembly key. This measure guarantees the authenticity and integrity of your assemblies in the eyes of .NET platform and AVs that may run in the system

  2. If your EXE loads external assemblies such as plugins then you should take care to validate them. What some virus makers do is they take your EXE and try to use it as a running shell for malicious code. If the virus gets some spread, you become the one to blame in AV's opinion. So, if you load the external assemblies by Assembly.LoadFrom etc then it is a must to ensure they have trusted public key tokens (and the only key token you can fully trust is the token of your key)

  3. Ensure that assembly info is filled with relevant information. Assembly info such as description, version, product and company are important data used by AV heuristics. When the data are "default", AV gives the highest risk score; that's why it is important to ensure that data consist of custom and true values

  4. Ensure that EXE has an assigned application icon. The icon size should be larger than 15085 bytes. There are two main reasons to have it:

    • It helps your customers to identify the application
    • It affects AV heuristics in a favorable manner
  5. Ensure that .NET assemblies are digitally signed (Authenticode). If you have a valid code signing certificate then use it to digitally sign all .DLL and .EXE files authored by you or your organization

  6. Obfuscate your .NET assemblies. This measure raises the barrier for hackers to mess with your code, service and intellectual property. Eazfuscator.NET does awesome obfuscation job for .NET platform

  7. Virtualize the licensing code. Licensing algorithm has the biggest impact on the ROI of your application. This is the point where sale comes in, and when licensing gate is hacked it literally means fewer sales. Learn more about virtualization

  8. Encrypt the traffic and authenticate the client when it talks to your server. The first thing to do when the application connects to your server is to authenticate it. Not only in sense of customer ID but also in terms of integrity of your application. What you can do is this: you can implement a virtualized black box in your application so it securely solves the challenge from the server. If the client's response is correct then the server assumes that the application integrity is ok; otherwise the server assumes that application integrity is violated

I hope these quick tips will help you to make a better software.

comments powered by Disqus