Logic behind auto update my app?

[doctorized]

I make a Window app (it is not listed in Windows store) and I want to add support for checking online for newer version and if so, run the update. I have a website where I can upload the updated version. How could it search for the newer version? I do not want code, but the logic behind that. What is a good way to check securely? For example, should I have a txt file with the latest version written in it (for example 1.23.4567), should I use an encrypted way...? I expect your ideas and recommendations.

[NicTheQuick]

You do not have to encrypt anything if the software itself is free. Just put a machine readable version list on your server that contains all the available versions, their download link, a SHA256 (or higher) hash and a signature for the download and for the version file itself. Using a public key that you can ship with your application you can then download the version file, check its signature against the public key, extract the download links, download them and check the integrity and the signature of the download again.

You could of course skip the signature part but then you might be vulnerable against DNS spoofing where someone sends the user to the wrong download server via manipulated DNS records. With a proper signature, which can be self signed, you can always check if the downloads are coming from your server.

[doctorized]

I got a notification that a user called 'Herbert Terry' posted a replay here but I do not see either his post or himself at all in the members list. Anyway. To avoid DNS attacks, spoofings and so on, I thought to have a simple php file with content like the folowing:

Code: Select all

<?php
echo "iV7bpLUqiqGhk/1B/ArzzUnr9sqxVHRdkDks95cT+iZ4jRZx6Qj8hZbKny5egUWIr2BCB/YTglNQjZZYBP+jW5EPZtU=";
?>

Of cource the echo string will be much bigger containing the following data:
1) latest app version,
2) full path of the file on server,
3) SHA3-512 hash string of the file on server,
4) SHA3-512 hash string of the app.
The file on the server will be AES-256 CBC encrypted with a password containing chars from the full ascii set, 0 to 255, plus some XOR encryption (if I can call it so) found on this forum with a 2048 byte encryption key containing chars from the full ascii set, 0 to 255 (to be honest, all the chars...). That's why the echo encrypred text contains the SHA3-512 hashs of the encrypted file and the decrypted too.
The echo string will have the same fate with AES and XOR with different keys obviously. After that it faces Base64 encryption.
I guess now I am good, aren't I?

[tj1010]

Secondary process that has privileges to overwrite files that removes a hash of the signature appended to the Elf, Mach, or PE, then version&size check over http. What good is MITM if they can't break RSA or SPHINCS? The only attack is if they hack the server and make end users download a big file or exploit memory corruption.

Using packer library in the updater and a signed hash table for all the files contained is another way. This is what Microsoft(.XVD) and Sony(.PUP) do with game consoles for updates. As a perk you can use lzma compression with a bigger symbol-table(better ratio) than individual file compression..

Side Note: TLS has had PSK support since 1.1 that can't be defeated with DH, ECDH, and nonce interception with tools like sslstrip
Side Note 2: They won't defeat 224 bit SHA3
Side Note 3: If they are using ARP, DNS tunneling, DNS rebinding, or DNS poisoning chances are they are already inside some server or subnet; PKI would make all that useless for MITM, though..

[doctorized]

Secondary process that has privileges to overwrite files that removes a hash of the signature appended to the Elf, Mach, or PE, then version&size check over http. What good is MITM if they can't break RSA or SPHINCS? The only attack is if they hack the server and make end users download a big file or exploit memory corruption.

Using packer library in the updater and a signed hash table for all the files contained is another way. This is what Microsoft and Sony do with game consoles for updates. As a perk you can use lzma compression..

Side Note: TLS has had PSK support since 1.1 that can't be defeated with DH, ECDH, and nonce interception with tools like sslstrip
Side Note 2: They won't defeat 224 bit SHA3
Side Note 3: If they are using ARP, DNS tunneling, DNS rebinding, or DNS poisoning chances are they are already inside some server or subnet; PKI would make all that useless, though..

How do I add subtitles to your post?
I guess you mean that the encryption I use can be breached. I am not pretty sure what to do to shield the whole thing.

[tj1010]

Secondary process that has privileges to overwrite files that removes a hash of the signature appended to the Elf, Mach, or PE, then version&size check over http. What good is MITM if they can't break RSA or SPHINCS? The only attack is if they hack the server and make end users download a big file or exploit memory corruption.

Using packer library in the updater and a signed hash table for all the files contained is another way. This is what Microsoft and Sony do with game consoles for updates. As a perk you can use lzma compression..

Side Note: TLS has had PSK support since 1.1 that can't be defeated with DH, ECDH, and nonce interception with tools like sslstrip
Side Note 2: They won't defeat 224 bit SHA3
Side Note 3: If they are using ARP, DNS tunneling, DNS rebinding, or DNS poisoning chances are they are already inside some server or subnet; PKI would make all that useless, though..

How do I add subtitles to your post?
I guess you mean that the encryption I use can be breached. I am not pretty sure what to do to shield the whole thing.

No I said you can use 224bit SHA3 and save bandwidth and storage. They aren't going to find hash collision or brute force it.

The rest is just design stuff you can ignore. I actually use PB packer library and signed hash tree for one of my products. An attacker can have root on my update-server and still not touch clients.. Hard code a download-size limit in the updater.

[doctorized]

I actually use PB packer library and signed hash tree for one of my products.

How do you implement it?

[Piero]

I saw "repacks sites" (in case, be VERY careful!) that do not only have cracks of anything; they also offer "much more compressed" downloads!

This is to say:
Do not waste too much of your time about copy/update protection!
…but OPTIMAL, LOSSLESS compression may be worth a look… (again: in case, be VERY careful!)

[doctorized]

I saw "repacks sites" (in case, be VERY careful!) that do not only have cracks of anything; they also offer "much more compressed" downloads!

This is to say:
Do not waste too much of your time about copy/update protection!
…but OPTIMAL, LOSSLESS compression may be worth a look… (again: in case, be VERY careful!)

I have made my mind. I am going to do the things I wrote in a previous post. Nothing else, nothing more.
On the other hand, it would be useful for me to learn some things about TLS etc.