I’m a developer of a game in c#, and I have a security feature in which my server dynamically creates a DLL with some secret keys in it and uploads this DLL to amazon s3, and then pushes out challenges to people are random. When the clients receive this challenge they have 30 seconds to respond.
The clients download the DLL from amazon s3, and using reflection call a method, which takes in a key sent to them by the server.
The dll then takes the key passed into the function, the secret key randomly built into the dll, and a crc hash of the GetCallingAssembly() and hashes them together. This result is returned to the client and the client pushes the response back to the server.
Back to the question… We have a hacker who has somehow found a way to fake GetCallingAssembly and to better understand this, so that I may find a way to prevent it or use something a little harder to fake, I would like to replicate what he did.
From what I’ve gained its an application he is using, he did NOT use code to do this. But i have found NOTHING in regards to this. Any help with be greatly appreciated so that i can remove this guys security hole.
There are a variety of techniques that could be used for this. For example, the Moles framework allows one to replace the implementation of even static methods on BCL assemblies. It accomplishes this via use of a CLR profiler, which may or may not be what your hacker has done.