Notepad++ Hijacked by State-Sponsored Hackers

who@feddit.org · 14 小时前

Notepad++ Hijacked by State-Sponsored Hackers

yetAnotherUser@discuss.tchncs.de · 2 小时前

Yes, but from what I understand this refers to the automatic update functionality and not Microsoft’s own .exe signature verification thing.

Couldn’t you do it like this:

Put hardcoded key into N++
If a new release is available: Download, then verify signature
If the signatures match, do whatever Windows requires to install an update

That should work, shouldn’t it?

9tr6gyp3@lemmy.world · 2 小时前

No, because you wouldn’t be able to execute the updated exe without a valid signature. You would essentially brick the install with that method, and probably upset Microsoft’s security software in the process.

yetAnotherUser@discuss.tchncs.de · edit-2 23 分钟前

I meant the old .exe would check the signatures before initializing the official Windows way to update. Effectively have this run whenever you start the application:

main() {
    if (update_available()) {
        exe_path = download_update()
        if (signature(exe_path) == SIGNATURE) {
            install_update(exe_path)
            restart()
        } else {
            put_up_a_warning_or_something()
            delete(exe_path)
        }
    }
# Rest of the application
# ...
}

The only thing I have no idea how to implement would be the install_update(path) function. But surely this is one way to install updates without signatures recognized by Microsoft, right?

And if for some reason you aren’t allowed to sign the .exe because this breaks something, then place an unsigned .exe in a signed zip folder.

Notepad++ Hijacked by State-Sponsored Hackers

Notepad++ Hijacked by State-Sponsored Hackers

Notepad++ Hijacked by State-Sponsored Hackers | Notepad++