!bxVOQwsVoHhZcmNDGw:nixos.org

Nix + dotnet

126 Members
24 Servers

Load older messages

SenderMessageTime
5 May 2025
@gggkiller:matrix.orgGGG* I don't know if anyone else has a better (or more reliable?) method to do it14:12:12
6 May 2025
@wiiplayer2:matrix.orgWaldemar Tomme

Just a 5min guess: Could the output of binwalk help here?

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
14137         0x3739          Unix path: /usr/share/dotnet

I did not investigate what's stored at that offset or if it even is at the same offset but this seems like it might be a bit more reliable...

06:12:20
@wiiplayer2:matrix.orgWaldemar Tomme(I tried it on an already patched version because I did not have anything else lying around, so it might also be a red herring)06:13:16
@gggkiller:matrix.orgGGGhm, I'll check13:44:27
@gggkiller:matrix.orgGGGis the hex the offset?13:44:34
@corngood:corngood.comCorngood 
        /// <summary>
        /// hash value embedded in default apphost executable in a place where the path to the app binary should be stored.
        /// </summary>
        private const string AppBinaryPathPlaceholder = "c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2";
        private static readonly byte[] AppBinaryPathPlaceholderSearchValue = Encoding.UTF8.GetBytes(AppBinaryPathPlaceholder);

this might be an option. it gets replaced with the dll name, but there's a separate copy of it in two parts that stays in the executable for comparison

13:45:06
@corngood:corngood.comCorngood * 
        /// <summary>
        /// hash value embedded in default apphost executable in a place where the path to the app binary should be stored.
        /// </summary>
        private const string AppBinaryPathPlaceholder = "c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2";
        private static readonly byte[] AppBinaryPathPlaceholderSearchValue = Encoding.UTF8.GetBytes(AppBinaryPathPlaceholder);

this might be an option. it gets replaced with the dll name, but there's a separate copy of it in two parts that stays in the executable for comparison

it's also in singlefilehost

13:45:23
@corngood:corngood.comCorngood 
#define EMBED_HASH_HI_PART_UTF8 "c3ab8ff13720e8ad9047dd39466b3c89" // SHA-256 of "foobar" in UTF-8
#define EMBED_HASH_LO_PART_UTF8 "74e592c2fa383d4a3960714caef0c4f2"
#define EMBED_HASH_FULL_UTF8    (EMBED_HASH_HI_PART_UTF8 EMBED_HASH_LO_PART_UTF8) // NUL terminated

bool is_exe_enabled_for_execution(pal::string_t* app_dll)
{
    constexpr int EMBED_SZ = sizeof(EMBED_HASH_FULL_UTF8) / sizeof(EMBED_HASH_FULL_UTF8[0]);
    constexpr int EMBED_MAX = (EMBED_SZ > 1025 ? EMBED_SZ : 1025); // 1024 DLL name length, 1 NUL

    // Contains the EMBED_HASH_FULL_UTF8 value at compile time or the managed DLL name replaced by "dotnet build".
    // Must not be 'const' because std::string(&embed[0]) below would bind to a const string ctor plus length
    // where length is determined at compile time (=64) instead of the actual length of the string at runtime.
    static char embed[EMBED_MAX] = EMBED_HASH_FULL_UTF8;     // series of NULs followed by embed hash string

    static const char hi_part[] = EMBED_HASH_HI_PART_UTF8;
    static const char lo_part[] = EMBED_HASH_LO_PART_UTF8;
13:46:56
@gggkiller:matrix.orgGGGisn't that replaced though13:48:11
@corngood:corngood.comCorngood binwalk doesn't work for me for a trivial apphost build dotnet new console, because the only thing changed in the apphost is the dll name (above). it might work for singlefilehost, where the managed stuff is appended 13:48:41
@gggkiller:matrix.orgGGGhm13:49:21
@corngood:corngood.comCorngood it is, but the hi_part and low_part are kept so it can verify that the replacement has happened 13:49:23
@gggkiller:matrix.orgGGG I wonder what's the likelyhood of c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2 appearing in a normal binary 13:49:39
@gggkiller:matrix.orgGGGmaybe as a set of bytes it could happen, but as a sequence of ASCII characters I'm not sure13:49:51
@corngood:corngood.comCorngoodI think that would depend on where it came from. Maybe I can track that down.13:50:32
@corngood:corngood.comCorngoodIf it's guid-ish then ~013:50:46
@gggkiller:matrix.orgGGG I'm doing a simple preliminary test by doing grep -sRl 'c3ab8ff13720e8ad9047dd39466b3c89' /nix/store 13:50:55
@gggkiller:matrix.orgGGGit seems like they just SHA-256'd "foobar"13:51:13
@gggkiller:matrix.orgGGGaccording to the comment on the code you posted13:51:19
@corngood:corngood.comCorngoodoh, lol. that was stupid of them13:51:29
@corngood:corngood.comCorngoodit's probably fine, but they could have easily avoided the possibility of someone else doing the same thing13:51:59
@corngood:corngood.comCorngoodstill, they were only concerned about their codebase and dependencies13:52:28
@corngood:corngood.comCorngoodwe don't need to differentiate already-patched or source-built binaries, do we?13:53:39
@gggkiller:matrix.orgGGGno, this was only so I could make a hook to do the patching we do for pre-built .NET apps13:54:13
@gggkiller:matrix.orgGGGthat adds the whole ICU, Kerberos, OpenSSL and etc. deps13:54:25
@corngood:corngood.comCorngoodBut I mean we're not mixing other stuff in the same outputs that are being patched?13:56:10
@gggkiller:matrix.orgGGGeven if we do, there shouldn't be any harm I think13:56:36
@corngood:corngood.comCorngoodI'm just thinking about if we make a general hook for doing this. We might want to warn against using it on already patched things. Like you said it probably wouldn't break anything. Patched runtime would still explicitly load libs from /nix/store.13:57:17
@gggkiller:matrix.orgGGGyeah, looking at the actual effects of it, it'd only add a few unnecessary RPATH and needed entries13:57:53
@gggkiller:matrix.orgGGGbut it wouldn't result in anything more in the nix store nor unnecessary packages being pulled in13:58:07

Show newer messages

Back to Room ListRoom Version: 9