All geek questions in one place

C #, validation is correct

I have a C # program and one file from where it reads and writes some information. I need a user who cannot modify this file, I need to somehow check whether this file is correct (not changed by the user). Please, if you have ideas, write, discuss them together. Many thanks

+4
source share
6 answers

There is no absolutely reliable method to achieve the desired. If you have a hash file, the user can modify the file and restore the hash, and then your program will assume that the file is not modified. If you try to hide the hash in the registry, the user can easily use the SysInternals tools to determine the location where you save it.

Instead, you can sign a hash-like digital file, with the exception of the secret key. Again, you have a problem that the key must be kept secret, and its storage in the application or somewhere on the computer leaves the possibility for the user to find the key, and then again he can change the file and resign. that this modification is not detected by your program.

Perhaps your application can send a file, or perhaps just a file hash for efficiency, to the web service you are creating. The web service can digitally sign the file or hash and return the signature or store it on the server. Later, when the application reads the file, it can use the open and signal server (you must get it from the server to make sure the file was signed by the server) to check that the file has not been modified. Or you can resend the file or hash to the server if the server has saved the signature and it can verify the file and return the result to the application. Again, this is not complete proof. There would be ways for a user to spoof a web service, even if you are using SSL, there are ways to get around this. The user can completely hack your application and delete the verification code.

Judging by your other questions, this is part of the software activation system component. Just take a look at Adobe and Microsoft, and their unsuccessful attempts to create such a system. If you think you can do better, good luck. There are better ways to ensure that your software is used legally without activation systems that only frustrate your regular users.

+2
source

Compute the checksum or crc or hash file and write it in the file itself (calculate the hash before writing its hash). Then, when you upload the file, check for the presence of this hash, delete it and list the hash. Make sure they match. If they do not, then it is forged. Each time you change the contents yourself, update the checksum / hash.

+5
source

Check the MD5 hash algorithm.

0
source

You cannot restrict a user to your file system, but your application can store file parameters (created and changed timestamps, size) and create a hash on its contents to compare them with these values ​​before the next use of the file.

Upd.

If you want to avoid modifying a user’s file, you must limit its access to it, except for reading. So, you have 2 options:

  • Use security grants and remove the user from the ACL. If the user is an administrator, this is a bad idea. In other cases, you better define a user group if possible.
  • Use a database. It can be a small local database, which can only be modified by an advanced user, for example. SQLite But this only works on the assumption that the user cannot open this file (cannot install the appropriate tool ...)
0
source

If you just need to open the file for reading only in C #, you can do this by specifying the FileAccess.Read flag:

using (FileStream fs1 = new FileStream(path, FileMode.Open, FileAccess.Read)) { using (StreamReader rd1 = new StreamReader(fs1)) { while ((str = rd1.ReadLine()) != null) { //do stuff } } }
0
source

Can you use a hash to ensure that the file has not changed?

 public static void Main(string[] args) { using (HashAlgorithm hashAlg = new SHA1Managed()) { using (Stream file = new FileStream("C:\\test.txt", FileMode.Open, FileAccess.Read)) { byte[] hash = hashAlg.ComputeHash(file); Console.WriteLine(BitConverter.ToString(hash)); } } }

or

 BitConverter.ToString(MD5.Create().ComputeHash(File.ReadAllBytes("C:\\test.txt")))
0
source

Source: https://habr.com/ru/post/1299922/

More articles:


All Articles