This project is read-only.

Tampering Confusion & Authenticode

Jul 22, 2013 at 12:52 PM

I'm using the October 2012 version of Confuser and would like to protect my assemblies with the tampering confusion. After obfuscation I'm signing the file with an Authenticode certificate. Since the file's checksum differs now from the original value after confusion, the tampering detection detects that my assembly has been changed. Is there any possibility to call signtool before the MD5 hash gets written into the assembly by Confuser?

Thank you!
Mar 13, 2014 at 8:42 PM
Probably not. Because Authenticode does the same thing: it checks whether the file has been modified. And since confusing the assembly certainly modifies it, the Authenticode signature would become invalid. At least that would not prevent your application from running, but you gain no benefit in signing it anymore.

IIRC, Authenticode specifies what parts of the file are covered by the signature, so it might be technically possible to (1) first confuse the file but yet omitting the anti-tamper checksum, (2) then sign it with signtool but leave out the part where the Confuser checksum will be added, and (3) finally compute a new checksum and write it to the file. Authenticode then would not validate that checksum (like it probably also leaves out its own signature, which cannot depend on itself), and Confuser would accept the file as unmodified. But unfortunately I have no clue how one would accomplish that.
Mar 14, 2014 at 5:02 AM
I believe it's possible to have anti tamper and Authenticode together, however I don't think it could be done in current version of Confuser. I'll look into implementing it in future.