博客讨论了如何在Java应用程序中防止JAR文件被篡改。作者指出,由于Java可以被反编译,因此无法通过常规的签名验证来确保代码完整。文章探讨了在客户端进行的验证的局限性,并提出寻求其他方法来检测原始JAR文件是否被修改。尽管确定代码未被篡改是理论上不可能的,但作者仍然在寻找一种中间解决方案,比如通过下载的验证类来检查JAR文件的有效性。
I'm writing a piece of software that is distributed as a JAR file. Currently, this JAR file can be tampered with to retrieve and save another file that our server transmits via URLClassLoader, be decompiled, and find various things in our code that should remain private for the security of the clients using it. Basically, I want to implement a way to check if the original JAR is tampered with. I know this is paradoxically impossible by implementing a check for validity of a SignedObject in the original class due to the nature of Java being able to be decompiled, but is there some other way that I can determine if code has been tampered with in the original file? This check can happen via an intermediary class that is downloaded to check for validity, or any other means that will be guaranteed to work. I've been sitting here all day trying to come up with a solution to this problem. Any help is welcomed.
解决方案
This is theoretically and practically impossible. The verification of jars occurs on the client side. Any cryptography is not presented to you in a verifiable fashion, and you trust that the client offers any crypto.
Even if you were to request arbitrary bytes from the jar file itself for verification, the evil user may configure for bytes to be taken from a good jar but presented by bad code.
You can use a cryptographic proof to ensure the other side has data, but making sure that it only has that copy/revision/version of that data is impossible. A determined attacker can feed you any lies as he can claim in any verification that he has the valid jar.
In short, presence of correct data does not imply exclusive presence of same.
428
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
