Allow Configurator on secure desktop only (release mode)

[DonatJR]

fixes #55

regarding WIP: @SailReal the CageConfigurator.sconfig file must be copied to the public documents folder on install and the registry needs to have a corresponding entry

!! Only merge this after #91 !!

[SailReal]

I'm currently enhancing our installer. The application_path must be written by the installer or? It depends on the target folder specified by the user while installing.

[DonatJR]

Yeah, we can change the path to a placeholder and then replace it when installing

[SailReal]

I still have to rename the project...

[SailReal]

regarding WIP: @SailReal the CageConfigurator.sconfig file must be copied to the public documents folder on install and the registry needs to have a corresponding entry

Should be fixed now.

@DonatJR will review your additions in this pr now. Maybe you can check my?

[SailReal]

Awesome work, thx a lot 👍!!!

If I build the solution with release target, the cage manager will not be started by the chooser when selecting an config and pressing the start button. Only a error with message "Error communicating with service: Starting CageManager failed." is displayed.
If I start the CageManager manually before pressing the start button in the CageChooser, the desktop is switched and everything seems to be fine. After switching back, the same error message is displayed.

[SailReal]

Pls remove this empty newline.

[SailReal]

Maybe we should create an issue for that? Otherwise we can remove the FIXME.

[DonatJR]

#96

[SailReal]

Maybe we should create an issue for that as well?

[DonatJR]

this can just be deleted as we now explicitely want to be able to create a config for the Configurator

[DonatJR]

@SailReal Regarding your issue with the release mode: Did you copy all necessary files into the 'install folder'? If yes, did you recreate the config with the new release binary of the Configurator?

I think I know why (from the Service):

#ifdef _DEBUG
    return StartCageManager(session_id, filename, user_token);
#else
    if (SharedFunctions::ValidateCertificate(filename))
    {
        return StartCageManager(session_id, filename, user_token);
    }
    else
    {
        std::wostringstream os;
        os << "Failed to validate the integrity of CageManager! Not starting." << std::endl;
        ::OutputDebugString(os.str().c_str());
        return 0;
    }
#endif

In release mode the Manager must be signed ;)

[DonatJR]

@SailReal
can't request changes on my own PR :) additional things:

• can you remove the Configurator desktop shortcut? it cannot be launched with the shortcut anyway

apart from the comments your changes look good, thx!

[DonatJR]

I don't quite get the name of this function, why 'assimilate'?

[SailReal]

I meant something like customize...?

[DonatJR]

You can use @"one\slash\only" if you don't want to use characters which are needed to be escaped (with @ everything is interpreted literally

[DonatJR]

the json parsing can fail (if the file is missing or has a different structure), do we need a try catch here or does the installer handle it for us?

[SailReal]

The installer is handling the exception and also will rollback all changes on the system, will display an error message with the content of the exception so nothing to do for us I think...

[DonatJR]

I'm not sure patching the hash on the target system is a good idea. We can generate the hash once before creating the installer and just patch the correct path

[SailReal]

The hash looks different on our machines with the same target (debug) so I thought it will be the same result with the release target. I don't know what but something on the system must have an influence on the calculation of the hash over the binary. So I think the only way is it to calculate the hash on the target system but I think that should not decrease the security at all especially because up to the point of installation, the config is writable.

Maybe we should create an issue for that to think about how we can install the cage in a secure way on a already infected system.

[DonatJR]

but the hash only changes on creation. once it is created and signed the hash can be written to the config and the binary hash must be the same on the target machine for us to be sure there was no tampering during distribution

[SailReal]

Will create an issue for that.

[SailReal]

Did you copy all necessary files into the 'install folder'? If yes, did you recreate the config with the new release binary of the Configurator?

@DonatJR I used the installer to copy all files and also created new configs. Is it working on your device?

[SailReal]

I think I know why (from the Service):

oh nooooo you're right, the CageManager wasn't signed 😅 now it's working like a charm 😍

[bencikpeter]

Shouldn´t there be a default entry in Chooser to launch Configurator? I am a bit confused about how should I start Configurator in Release? I need an entry to launch Configurator, and to create entry I need Configurator? 🤔

[DonatJR]

@bencikpeter
The installer creates an entry in the registry. On your dev system you can simple create your on in the registry itself at Computer\HKEY_LOCAL_MACHINE\SOFTWARE(\WOW6432Node)\SharkCage\Configs (REG_SZ, with name and the path to the config file as value)

Or you can use the debug build of the Configurator to create configs and use them with the release build of all the other applications