I designed an application which reads alphabets from text files placed in debug folder and displays them on dot matrix screen. I want to keep the Text files confidential, Is there any way to distribute my application while keeping the files and folder inside "bin" hidden. One way that i can think of is to encrypt the data , but it's not an efficient solution for me as there are around hundred files. Any kind of suggestion will be helpful
Thanks !!
The approach would vary depending on the type of application (web, desktop, mobile, etc.). Assuming this is a desktop application...
You could embed the resources then attempt to use an obfuscator (example Redgate's SmartAssembly) to increase the level of difficulty of decompiling your application o access the file(s). Some obfuscator tools (example Crypto Obfuscator For .NET) allow for encryption signed with certificates to increase the level of security.
Note that embedding and obfuscating is not guaranteed but depending on your average user, and the importance of the files, it may be just enough.
Related
We are trying to make sure that our users can't under any circumstances alter the files in any way.
Is there a way to prevent normal non-admin users from interacting with files that my application need to interact with?
Say there are N amount of files that my application interact with. Once the application get a reference for these files then users should not be able to interact with them. Right now I am making a copy of the files and hide them under appdata in my applications folder.
This works for the normal Joe, who is just doing his job and working hard as he will never try to look for trouble down there, but the bored Adam will probably go and play hacker when nothing special happens.
The files are storred on the local computer until they are sent, with another application, to a remote database. The time between the files first interaction with my application and the event of being transferred to the database can range from seconds to weeks.
I have a local database on the computer, but I can not store the files there because there can be N amount files that needs to be transferred and some other data needs to be stored in the database as well. I believe the max capacity of the database is 4 GB, which would make it impossible to store the data.
The computer is also not under my supervision, so I am not allowed to change OS settings, and I can't store the data remotely either, because if I could then it would be sent to the remote server.
My current solution hack solution would be to hold the file in memory (so it can't be changed durring the process) create a hash of it, which I will store in the database, and then make X amount of copies that I will spread out in different parts of the computer. This way Adam needs to touch more than one file, which are all in a non-disclossed location, to be able to sabotage everything. This would also require him to search in a couple of folders to find the files, which would require work and which Adam will probably try to avoid.
The problem here is that I don't really know what kind of sociopathic maniac Adam is, so even by going this far would still be throwing die with god.
That's why I am wondering if there are places where Adam can't touch or ways to hide/lock the files in a way so that Adam can't alter och destroy them?
Is there a way to prevent normal non-admin users from interacting with files that my application need to interact with?
Programs run in the context of the user that starts them. If your user is not able to edit a file, your program won't be able to edit it, either. If your program is able to edit the file, your users WILL ultimately have that ability. There is no separating the two.
As an example, zip files also support password protection. So you could put everything in a password-protected zip file, where the password is embedded/obfuscated in your application and not known to the user. In this case, it will be extremely difficult for the user to open the zip file in the normal way. But even then, the user will still able to tamper with the file via a text editor. They may not come out with anything useful, but they did still modify the file.
The one thing you can do is detect the tampering. You can compute and save a hash value for your files, and check the contents of the file match the saved hash.
One other thing option you may have is using multiple databases. I don't know what kind of database you have that's giving you a 4 GB limit, but if it's something file-based like sqlite there's no reason not to have multiple files. Keep in mind, though, the user still has the ability to tamper with these files in a text editor. If it's SQL Server Express, the version with the 4 GB limit has been end-of-life and fully-unsupported for several years and should not be used! Newer releases of Express are still free and now offer a 10 GB limit, and also allow you to have multiple databases with a 10 GB limit each.
How Can a Web Page Display What Version a File is In Program Files Directory?
For example, if I wanted to send a user a URL that would show the user what version of our software is installed (version number and release date) on their Windows PC. I'm just talking about file properties, not actually running something.
Is there a way to do this with .Net/ASP.Net?
The answer is no.
The best you can do with HTML5 or Javascript is to let the user select a file and even then you have very limited access to properties (at most name, size and type) without having the user upload the file.
The most efficient solution right now would be to serve a very basic clickonce application which would locate the files, read the properties and send the information back to the server. From there you can choose to redirect the user back to your website with the information you collected.
Generally access to the Programm folder is limited at best. There used to be a time when we even would write data like Configuration files there. That was Windows 95/98. And it was frowned upon back then.
With the introduction of NTFS with Windows NT (and later XP in the Consumer area), enforceable rules were put in place. Rights tend to be highly limited. This is even more true of Webservers, as they tend to be prime targets for hacking. The only rights you can expected a Webserver to have is read rights to it's programm and the content directory. Maybe if the admin is really nice and it really helps with performance, it might have write rights on a Temporary subfolder of Contents.
Reading out your version from a file is propably possible with only read rights, but not the right way. Usually you just let the compiler hardcode (insert as constant) whatever Version is given in the Project file or by the Version Tracking Software.
So the first thing is that you need some approach of Version Control. And then your answer depends "however this Version control mechanism does tracking of the Compiled version". There is some limited version tracking support in Visual Studio itself. But there is also full, 3rd party Version tracking Software.
i have an windows application that i have made by visual studio 2008.this application uses some graphical files such as jpeg.i make a setup for this appreciation but i worry about such files being modified by client.would you please help me how to protect those files ?
To detect such a tampering you should add your graphical files as resource within your application (or load from another assembly) and use Strong-Name signing. Even if it is not completely secure, it should prevent the most ones from altering your resource files.
You could embed the images into resource files that get included in the exe.
The easiest way is to use the images as a resource.
If you don't want to do that for any reason, then you could also calculate a cypher of the jpegs (maybe MD5) and check them against the one you previously stored in the code while loading the load program (form.load or whatever).
You could sign your files this way no one would be able to change the files without having your certificate.
this might be overkill and it depends on how mutch security you want else just place the images as resources.
I am planning to create a screen saver. Thinking of trying out some WPF as well. Anyways, I am not quite sure how I would organize the screen saver on disk in the file system. I have mainly two related issues that I am very uncertain on how to solve:
Normally an application lives, with all its 3rd party assemblies, static resources, images, etc., in the Program Files folder and is run from there. For example C:\Program Files\MyScreenSaver. But (if I haven't missed something) the executable of a screen saver in windows need to have the scr extension and to live in the system folder, for example C:\Windows\System32. How do you program the screen saver so that it can find the "rest of itself"? Would you use the windows registry? Or creat some sort of config file next to the scr file with the path to the rest? And would you make the scr to just be sort of a launcher of an exe in the application folder? Or would this be a bad idea?
I also want the screen saver to download new content from certain places on the internet. But where do I put it, and how does the screen saver find it? If I have understood correctly, an application is not to create new contents in its application folder, but rather in a user folder. How do I find that folder? Do you build it up from environment variables? And in what specific directory should things like this really be in? For example on Vista I see that you have one folder called C:\ProgramData. You also have C:\Users\username\AppData\Local, C:\Users\username\AppData\LocalLow and C:\Users\username\AppData\Roaming. Have also seen a lot of programs dump stuff in the my documents folder (although I hate programs cluttering up my documents folder, so I will probably try to avoid that :p).
What are some best practices when it comes to these issues of laying out your application in the file system? I am want it to be best and "most correct" for Windows 7, which means it will probably work the same in Vista as well (?), but it would also need to work in XP, since a lot of people are using that still.
I'm still using XP :)
System.Environment.SpecialFolders is what you want for these special locations.
Say,
System.Environment.SpecialFolder.LocalApplicationData
For a screen saver I'd try to put most of it in the .exe (.scr) file. It might make the executable quite big but I think it's worth it.
For the downloaded content use application data folder, or maybe allow user to set the location (put the path in registry). For example if you are downloading images, the user might want to put that in My Pictures folder.
You can put it in the System32 (or SysWOW64) folder, but you can also put it in just the Windows folder, which would prevent x86 vs x64 issues.
You can find some other hard to find, but important information about writing screen savers here:
https://github.com/steveniles/MandelZoom/wiki
(Disclosure: I wrote the above wiki as a companion for the source code of one of my own screen savers.)
I want to write a program that will encrypt an entire folder and it's sub-folders, I have no problem doing this but I would like to make the entire encryption process rather transparent by letting a user double click it and have it open as if it weren't encrypted, say if it were a picture or a word document and it'd open in it's respective application.
How can a running program of mine become notified about the opening of a target file, stop the file from opening, do what it needs to do (decrypt), followed by running the resulting decrypted file.
How can I watch a file and do this in C#? Can I watch for other interactions like the user copying a watched file (since it won't be in a watched folder, it should be decrypted i.e. it's dragged to a USB device), or for deleting a watched file (say if I want to shred a file before deletion)?
P.S. The FileSystemWatcher doesn't quite meet my needs. EDIT: What I mean is that FileSystemWatcher will tell me when a file is being opened, deleted and all those events, but it won't let me step in real quick, decrypt the file, and hand it back to the process that normally opens that file.
You can rename files, add them your own extension, like thepicture.jpg.encrypted. Set your program as a default program for this extension and handle opening them
It's impossible in C#. the bare minimum would need you to use user-mode hooks on NtCreateFile, NtOpenFile, etc. You can't achieve that in C#. That wouldn't even work properly due to kernel-mode code which may try to access your files. The proper way of doing this would be to write a I/O minifilter (in C of course).
EDIT: If you're really desperate, try EasyHook - it allows you to hook functions from C#. I haven't tried it though, and it does seem risky hooking vital functions like NtCreateFile. Plus you need a fair bit of Native API knowledge.
Are you using Windows? If so, why not use the built-in BitLocker?
See this link:
BitLocker drive encryption
If you are thinking about a competitive application to BitLocker, add a comment, as I can point you in that direction as well.
Instead of trying to reinvent the wheel, use NTFS file encryption. You can encrypt single files or entire folders or drives. Plus it's completely transparent to the user and does exactly what you asks (e.g. automatically decrypt when copying to a UBS drive, etc). Just use System.IO.File.Encrypt(string) - there couldn't be anything easier.
You can't do this from usermode.
Unfortunately the only way to do this is to write a minifilter driver. Minifilter drivers allow you to intercept IO requests to files, you can then encrypt/decrypt the files you care about on the fly.
It sounds simple, but encryption minifilter drivers are very, very, difficult to get right. You will have to end up shadowing file objects which is a real challenge. Check with www.osr.com, they have a ton of information on doing exactly what you want to do.
If you choose to go this route I would recommend getting a copy of VMWare Workstation and download VirtualKD. It will let you debug at near fire-wire speeds into a VM. I would start with x64 Win7 and get remote shares working first.