Replace TurbleActive.dll with a fake one?

Hey Chris,

Use the static TurboActivate libraries (they're built into your app). Or verify the TurboActivate.dll has a proper Authenticode signature. Or take a hash of TurboActivate, then hard-code that into your app and verify the hash of TurboActivate before you continue with your app.

Hi Wyatt,

thank you for your quick reply and suggestion. Actually, i used solution 2 check signature before call TurboActive.dll.

thanks-Chris

Hi,

Can some one show me how to calculate the hash of the turboActivate.dll ?

Many thanks,

Don

Use MD5, SHA1, or SHA-256. If you tell me your language (C#, VB.NET, C++, etc.) I'll be able to point you in the right direction.

Hi Wyatt,

As many of us are not always thinking of these simple hacker tricks, I would suggest to add a small article in the "intro" documentation of TA/TF on how to secure the DLL to avoid this hack. A simple mention like "Oh, and check the DLL signature or compare it with a hash of your own to make sure a hacker does not drop-replace our DLL with a broken one".

After reading this post couple days ago I simply saw that I completely overlooked this problem and implemented a check in my application.

Best regards,Alexandre Leclerc

You're right, we'll update our articles with a note about this.

So, I'm currently implementing a crc32 check to my Air software, win and osx.

What files does I need to check ? All of them ?Win :systa.exeTurboActivate.datTurboActivate.dll

OSX :systaTurboActivate.datlibTurboActivate.dylib

Well, for Adobe AIR, systa.exe & TurboActivate.dll (or systa & libTurboActivate.dylib on Mac OS X).