neoEdge verification
Quote from fkapnist on October 16, 2022, 10:03 amI want to use neoEdge.exe in my VisualNEO Win projects. Is there an easy verification method to make sure the end user's copy of neoEdge is authentic and has not been changed? Thanks.
I want to use neoEdge.exe in my VisualNEO Win projects. Is there an easy verification method to make sure the end user's copy of neoEdge is authentic and has not been changed? Thanks.
Quote from Darbdenral on October 16, 2022, 9:47 pm@fkapnist, Is it signed by SinLios Soluciones Digitales? Code signing files is the best way that proves where a file came from and that it has not been modified or tampered with. An image hash of the file is used along with certificate.. I wish more plugin authors would do the same with their VisualNeoWin plugins.. Maybe you could compare the hash of a fresh copy of NeoEdge.exe with your project NeoEdge.exe at startup and handle any changes with a warning, etc.
@fkapnist, Is it signed by SinLios Soluciones Digitales? Code signing files is the best way that proves where a file came from and that it has not been modified or tampered with. An image hash of the file is used along with certificate.. I wish more plugin authors would do the same with their VisualNeoWin plugins.. Maybe you could compare the hash of a fresh copy of NeoEdge.exe with your project NeoEdge.exe at startup and handle any changes with a warning, etc.
Quote from Darbdenral on October 16, 2022, 10:58 pm@fkapnist, example included..
@fkapnist, example included..
Uploaded files:
- You need to login to have access to uploads.
Quote from fkapnist on October 17, 2022, 10:59 amQuote from Darbdenral on October 16, 2022, 10:58 pm@fkapnist, example included..
@darbdenral
Different versions of neoEdge.exe are in circulation and I'm not sure your hashcheck method can be used for them all. I decided instead to look for discrete keyword/phrases embedded within the exe file to satisfy that it is a genuine copy of neoEdge.exe. The keyword in this example is "VisualNeoWin"
FileWrite "[TempDir]getEdge.cmd" "All" "Find [#34]VisualNeoWin[#34] neoEdge.exe >[#34][TempDir][#34]x.dat" Run "[TempDir]getEdge.cmd" "" "Wait+Hidden" "" "" FileToVar "[TempDir]x.dat" "[xdat]" SearchStr "VisualNeoWin" "[xdat]" "[xdatvar]" "" If "[xdatvar]" "=" "0" FileErase "[TempDir]getEdge.cmd" FileErase "[TempDir]neoEdge.exe" AlertBox "Corrupt file." "neoEdge.exe may be a corrupted file. Please download a fresh copy of neoEdge.exe." Return EndIf
Quote from Darbdenral on October 16, 2022, 10:58 pm@fkapnist, example included..
Different versions of neoEdge.exe are in circulation and I'm not sure your hashcheck method can be used for them all. I decided instead to look for discrete keyword/phrases embedded within the exe file to satisfy that it is a genuine copy of neoEdge.exe. The keyword in this example is "VisualNeoWin"
FileWrite "[TempDir]getEdge.cmd" "All" "Find [#34]VisualNeoWin[#34] neoEdge.exe >[#34][TempDir][#34]x.dat" Run "[TempDir]getEdge.cmd" "" "Wait+Hidden" "" "" FileToVar "[TempDir]x.dat" "[xdat]" SearchStr "VisualNeoWin" "[xdat]" "[xdatvar]" "" If "[xdatvar]" "=" "0" FileErase "[TempDir]getEdge.cmd" FileErase "[TempDir]neoEdge.exe" AlertBox "Corrupt file." "neoEdge.exe may be a corrupted file. Please download a fresh copy of neoEdge.exe." Return EndIf
Quote from Darbdenral on October 20, 2022, 8:39 am@fkapnist,
Different versions of neoEdge.exe are in circulation and I'm not sure your hashcheck method can be used for them all. I decided instead to look for discrete keyword/phrases embedded within the exe file to satisfy that it is a genuine copy of neoEdge.exe. The keyword in this example is "VisualNeoWin"
Yes, updates could pose a problem with the hash check.. You would need to add the new hash to a list on each update, checking for them all. But the advantage is you would know everyone is using an authentic version that had not been changed.
Brad
Different versions of neoEdge.exe are in circulation and I'm not sure your hashcheck method can be used for them all. I decided instead to look for discrete keyword/phrases embedded within the exe file to satisfy that it is a genuine copy of neoEdge.exe. The keyword in this example is "VisualNeoWin"
Yes, updates could pose a problem with the hash check.. You would need to add the new hash to a list on each update, checking for them all. But the advantage is you would know everyone is using an authentic version that had not been changed.
Brad