The signature would probably be computed only over data segments (or equivalent) in the executable file format, and stored outside of those sections. This approach doesn't work when the person with the binary can write to the binary (which is usually always). They can just change the signature to match whatever changes they've made to the binary. Further tamper-proofing is a game of cat-and-mouse. A determined user with a debugger can circumvent most of what you can bake into your binary.
Other anti-theft and anti-tampering approaches exist. The only way to ensure what code is being run is to not have the client run it; you can hide functionality behind a network. This places an additional burden on you to provide reliable resources. If you believe your software has been tampered with, you revoke access to the license (and therefore to some functionality of the program). This ends up turning into a legal hassle, so you'll want to consult a lawyer about how and when you can actually do this, and how to craft such a contract that enables you to do this. I don't think I would be worried about this sort of thing unless I was in some very specific circumstances. And the circumstances I can think of where I'd be concerned about this, I might use other approaches (OS security features, audited remote access requirements, etc.) to ensure the software was tamper-proof. Without specifics on what you are writing (or have written), it's hard to offer more specific thoughts. Kind regards, --dho Op di 23 jul. 2019 om 11:51 schreef clement auger <clementauger...@gmail.com>: > > Hi, > > I m looking for a technique to prevent binary alteration once distributed in > the wild. > > I have no clue what i m asking for. > > I was imagining a solution where a signature is prepended to the binary and > checked during the startup sequence. > > However i do understand (well ... i imagine it) the chicken and egg problem > behind this question (no way to sign a binary that will gets its signature > inserted right after its signature was computed) > > Is there anything possible ? > > Is it something i should be worried of, to start with ? (independently of the > interest that altering such binary might raises, i d prefer a strictly > technical analysis) > > thanks for feedbacks. > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/194e2e4f-e41b-4c23-b241-f8fe1f5da154%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAFgOgC8hDDUD2NDOKw5BF3i3P%2BdxMZLTqVR3b7ZN9Es6ke5eFw%40mail.gmail.com.
