Verify that file is not altered/replaced

Question

I need to pass secure information to an executable in my application. In other words I have the line:

Process.Start("someExecutable.exe","MyUsername, myPassword");

I want to prevent people from seeing those parameters. (The username and password are specified by the user at run time so I do not have to worry about those parameters).

Now a problem that I have now is: If someone replaces someExecutable.exe with their own program they will be able to see the credentials!

For future reference I refere to someExecutable.exe (program I am sending the credientials as arguments as ) A and I will refere to the executable created by this program as B

I will like to prevent that problem here are some solutions I have think of:

1. Compute the hash of A and check it before executing it.

   static bool? VerifyThatExeIsReliable(string pathOfExe)
   {
       if (System.IO.File.Exists(pathOfExe) == false)
           return null;            
   
       var bytes = System.IO.File.ReadAllBytes(pathOfExe);
   
       using (SHA1Managed a = new SHA1Managed())
       {
           var hash = a.ComputeHash(bytes);
   
           StringBuilder formatted = new StringBuilder(2 * hash.Length);
           foreach (byte b in hash)                
               formatted.AppendFormat("{0:X2}", b);                
   
           var code = formatted.ToString();
   
           if (code == "4835658749AF89A65C5F4835658749AF89A65C5F")
               return true;
       }            
   
       return false;
   }
   

   the problem with this approach is that the hash 4835658749AF89A65C5F4835658749AF89A65C5F will be stored in the executable A and if someone opens this program with a hex editor he is going to be able to find the hash and modify it. In other words they will calculate the sha1 hash of the program they write and place that hash instead of 4835658749AF89A65C5F4835658749AF89A65C5F

2. Use a the file Watcher class to detect when the file has been modified. If my program is not running I will not be able to detect this

3. make sure that the user is not able to see the command line arguments passed to that executable: See command line arguments being passed to a program

Answer 1

To solve the problems with option #1, Use asymmetric encryption on the hash, that way your program (and the user) will only be able to decrypt the hash, not encrypt a different one. Of course if they can edit compiled C# code then you can't stop them from altering it to not decrypt the hash, but that requires a lot more time and expertise.

To solve problem #2, store a hash of executable A in your program, and verify that executable A matches the hash before starting it.

As for #3, as far as I am aware there is no way to resolve the problem. However, if you are able to modify the target program you could send the username and password via an encrypted network socket, for example.

Note also that it is possible to reverse engineer .NET applications, and that you should possibly consider running some kind of obfuscation tool on your executable if security is important to you. Ultimately its not about making the program 100% tamper-proof, because that is impossible. Its about making it not worth the bother to anyone who would have a reason to do so.