I have one C# application. when it release before pakage, I'm use IntelliLock encrypted it. and use startssl digital-signature it.(actually I don't know how use it , Is possible use it validate the dll?)
but I'm still worry about this: there is 1 or 2 dll use check use identity, and very small. I worry it be modify and replace by same name . then application will not check identity.
So my problem is , is there any way to check the dll is not be modify after the IntelliLock and startssl digital singed step?
thank you very much.
I believe your best be would be to try to load the bytes from the DLL and calculate a checksum .A checksum is a cumulative calculation of the bytes in the file based off of a table of pre-calculated values. checksum can be calculated using a library or your own implementation. I would read the file contents then calculate a check-sum.
You will need to verify the value either over the web or by referencing a value stored locally. One way some are able to get around this and modify your file is to run your application, decompile and find out how the checksum is calculated, modify the DLL, then change the checksum stored locally to match. Using a webAPI on a server to verify the checksum may be the most secure method.
Some use MD5 as a checksum as shown here: Calculate MD5 Checksum
And enough information to get you started here: Generating a checksum for a file