Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (4)

Resolved Solution for DLL hijacking

  1. How-to
0
Votes
Undo
  1. Tejaswini Gubba
    Tejaswini Gubba
  2. PowerBuilder
  3. Monday, 24 June 2024 11:14 AM UTC

Hello Appeon Support,

 

We have a large thick-client PowerBuilder application, written many years ago, that our Security Team have raised a risk against.

 

The risk is “DLL Hijacking”

 

This application is built and deployed as 1 x Exe + numerous PBD’s, + all the associated DLL’s (e.g. libjcc.dll, pbapl.dll, pbvm.dll etc)

 

Is there some way these DLL’s can be “signed” to prevent a hacker from inserting their own DLL in place of a legitimate DLL ?

 

We believe this is possible by using PowerClient (please confirm) – but we are searching for a simpler solution than PowerClient.

 

Many Thanks

  1. DLL
  2. PowerBuilder
PB 2019 R3 IDE won't open
R6025 Pure Virtual Function call error. Microsoft ...
Responses (4)
David Peace (Powersoft)
David Peace (Powersoft) Accepted Answer Pending Moderation
  1. Tuesday, 25 June 2024 14:11 PM UTC
  2. PowerBuilder
  3. # 1

You probably do not want to hear this but your PBDs can be Hijacked, you should compile everything into the EXE to prevent this. The good news is that Appeon have added security to PowerClient to prevent the PBDs being hijacked.

As Roland says the runtime DLLs are signed.

Hope that helps.

David

Comment
Roland Smith
  1. Roland Smith
  2. Tuesday, 25 June 2024 19:19 PM UTC
The theoretical hacker would have to have the same version of PowerBuilder and the source code of the target. They would have to open the target in PowerBuilder, figure out how the application works (without a database on their machine), make some malicious changes, deploy the application, and finally copy it to the compromised PC. This seems highly unlikely. I doubt very many hackers have even heard of PowerBuilder.
  1. Helpful
David Peace (Powersoft)
  1. David Peace (Powersoft)
  2. Wednesday, 26 June 2024 07:50 AM UTC
Quite true Roland



However, In our case the Source to an application we purchased was stolen prior to our purchase and the company that stole it was trying to steal and support our customers. It would have been quite trvial for them to replace the license logic with their own by substituting the PBD. However, we built the app as a full EXE which stopped that. The law suit stopped them altogether.
  1. Helpful
Simon Jutzi
  1. Simon Jutzi
  2. Wednesday, 26 June 2024 08:19 AM UTC
That may be true, but it is not the way how IT security should be approached (Kerckhoffs's principle).
  1. Helpful
There are no comments made yet.
Roland Smith
Roland Smith Accepted Answer Pending Moderation
  1. Monday, 24 June 2024 13:11 PM UTC
  2. PowerBuilder
  3. # 2

1: This is a user forum. Occasionally employees will answer but it is not Appeon Support.

2: What version of PowerBuilder? I believe they started signing the DLLs but we would need to know what version you have before we can say if yours are signed or not.

Comment
There are no comments made yet.
Tejaswini Gubba
Tejaswini Gubba Accepted Answer Pending Moderation
  1. Tuesday, 25 June 2024 08:16 AM UTC
  2. PowerBuilder
  3. # 3

Hi @Roland Smith,

We are using PB2022 1892 MR. Thanks!

Comment
Load more comments
Roland Smith
  1. Roland Smith
  2. Tuesday, 25 June 2024 12:43 PM UTC
To sign your application, you have to compile it to machine code (DLL files). Then you can use any signing tool on them.
  1. Helpful 3
Andreas Mykonios
  1. Andreas Mykonios
  2. Tuesday, 25 June 2024 13:51 PM UTC
Also a single exe could be signed...

Andreas.
  1. Helpful 1
Simon Jutzi
  1. Simon Jutzi
  2. Wednesday, 26 June 2024 08:22 AM UTC
Does the PBVM checks DLL signatures? Probably not.
  1. Helpful
There are no comments made yet.
Tejaswini Gubba
Tejaswini Gubba Accepted Answer Pending Moderation
  1. Thursday, 27 June 2024 04:16 AM UTC
  2. PowerBuilder
  3. # 4

thanks all for your replies :) 

@Roland smith

if the DLLs are already signed,

1. Do we need to run them through a “signing tool”

2. Are having “signed DLLs sufficient protection against DLL Hijacking?

Comment
Roland Smith
  1. Roland Smith
  2. Thursday, 27 June 2024 13:03 PM UTC
#1 The PB Runtime DLL files are already signed so you don't need to do anything.

#2 I don't know what the PB Runtime does if it detects one of the DLLs has been altered.
  1. Helpful 1
Armeen Mazda @Appeon
  1. Armeen Mazda @Appeon
  2. Thursday, 27 June 2024 16:05 PM UTC
PB Runtime doesn't do anything if DLLs have been altered. It is either PowerClient or PowerServer project types that has such integrity checking. But Tejaswini said he doesn't want to use PowerClient so I don't know.
  1. Helpful
Tejaswini Gubba
  1. Tejaswini Gubba
  2. Friday, 28 June 2024 09:33 AM UTC
Many thanks for your comments they are very helpful – one more question – can you recommend a signing-tool for the non-PB DLLs ?,

And can these tools be integrated into the build process/pipeline ?
  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.