1

i've got a question, is it possible to identify the creator of a .NET assembly, just with traces from VisualStudio within the assembly ?

Or can you even get a kind of unique ID of the creator out of it?

I don't mean the application information like company or description, they can be edited too easily.

Chilln
  • 228
  • 4
  • 15
  • 1
    Would the code signing tools suffice? – Rowland Shaw Mar 31 '10 at 11:17
  • Normally they would... But in this case its a bit different, i want to identify who made this assembly and no the code is not signed, would be too easy i guess. And even if you would sign, you could create a new keypair and nobody would know its yours... – Chilln Mar 31 '10 at 11:25
  • remember the difference between code signing and strong names. – Preet Sangha Mar 31 '10 at 11:51

1 Answers1

1

The answer based on the fact that the code is not strong named or signed is no. Ultiamtely the only way would be to use some kind of public authority isseued certificate based code signing approach. And that is say unequivocally (theft aside) that a particular certificate owner signed the code, not that someone wrote the code.

Into the realms of more conjecture perhaps, if the code was written via a unique compiler, then one could possibly work this out. However I cannot see even this being unequivocal as who ran the compiler etc....

Preet Sangha
  • 64,563
  • 18
  • 145
  • 216
  • But even if it is strong named, you could not identify someone because you could not assign the public key to one individual(you can generate a new keypair and nobody will know its your), can you? – Chilln Mar 31 '10 at 12:26
  • that why I use certificate based code signing as the example, not strong naming. – Preet Sangha Mar 31 '10 at 12:29
  • 1
    Yeah i understood that ;) But i just wanted somebody to approve that my understanding of strong naming is right. But nevermind all questions solved now. Thank you – Chilln Mar 31 '10 at 12:48