[GH-ISSUE #53] SNS Claims Unsigned Assembly is Signed

kerem commented

2026-02-25 21:30:33 +03:00

Owner

Originally created by @bkonia on GitHub (Oct 30, 2019).
Original GitHub issue: https://github.com/brutaldev/StrongNameSigner/issues/53

Originally assigned to: @brutaldev on GitHub.

I used the Nirsoft Strong Name Remover utility to remove a signature from a signed assembly. After running the remove operation, I confirmed it was removed using snremove -d. However, when I load that assembly into SNS, it still shows that it's signed and refuses to sign it again.

Can you explain why this is happening? Also, it would be nice if SNS included the ability to remove a signature, so we don't need to use a separate utility for that.

Originally created by @bkonia on GitHub (Oct 30, 2019). Original GitHub issue: https://github.com/brutaldev/StrongNameSigner/issues/53 Originally assigned to: @brutaldev on GitHub. I used the [Nirsoft Strong Name Remover](https://www.nirsoft.net/dot_net_tools/strong_name_remove.html) utility to remove a signature from a signed assembly. After running the remove operation, I confirmed it was removed using snremove -d. However, when I load that assembly into SNS, it still shows that it's signed and refuses to sign it again. Can you explain why this is happening? Also, it would be nice if SNS included the ability to remove a signature, so we don't need to use a separate utility for that.

kerem

2026-02-25 21:30:33 +03:00

closed this issue
added the
bug
label

kerem commented

2026-02-25 21:30:33 +03:00

Author

Owner

@brutaldev commented on GitHub (Oct 30, 2019):

I have some upgrades planned for SNS (probably over the holidays) so I'll take the removal option into consideration. Not sure why it still thinks it's signed, the remover must still be leaving a marker behind, only an assembly diff would explain if it actually removing it correctly.

Do you have an assembly example you used to reproduce this problem, or do you believe it happens to all assemblies you remove the strong-name from?

@brutaldev commented on GitHub (Oct 30, 2019): I have some upgrades planned for SNS (probably over the holidays) so I'll take the removal option into consideration. Not sure why it still thinks it's signed, the remover must still be leaving a marker behind, only an assembly diff would explain if it actually removing it correctly. Do you have an assembly example you used to reproduce this problem, or do you believe it happens to all assemblies you remove the strong-name from?

kerem commented

2026-02-25 21:30:33 +03:00

Author

Owner

@bkonia commented on GitHub (Oct 30, 2019):

It seems to happen with all assemblies. I just tested it with the SNS assembly (Brutal.Dev.StrongNameSigner.dll) and it did the same thing.

@bkonia commented on GitHub (Oct 30, 2019): It seems to happen with all assemblies. I just tested it with the SNS assembly (Brutal.Dev.StrongNameSigner.dll) and it did the same thing.

kerem commented

2026-02-25 21:30:33 +03:00

Author

Owner

@gep13 commented on GitHub (Nov 20, 2019):

@bkonia did you happen to find a solution/workaround for this? I have the same requirement, and I have found the exact same thing happens when I attempt what you try above.

@gep13 commented on GitHub (Nov 20, 2019): @bkonia did you happen to find a solution/workaround for this? I have the same requirement, and I have found the exact same thing happens when I attempt what you try above.

kerem commented

2026-02-25 21:30:33 +03:00

Author

Owner

@jzabroski commented on GitHub (Nov 20, 2019):

It's possible the Fake Sign bit is being set. https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/compiler-options/publicsign-compiler-option

@jzabroski commented on GitHub (Nov 20, 2019): It's possible the Fake Sign bit is being set. https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/compiler-options/publicsign-compiler-option

kerem commented

2026-02-25 21:30:33 +03:00

Author

Owner

@gep13 commented on GitHub (Nov 20, 2019):

@jzabroski how would I verify if that is the case or not?

@gep13 commented on GitHub (Nov 20, 2019): @jzabroski how would I verify if that is the case or not?

kerem commented

2026-02-25 21:30:33 +03:00

Author

Owner

@jzabroski commented on GitHub (Nov 20, 2019):

Just a guess - haven't tried it -
github.com/jbevain/cecil@b2d248c1ca/Mono.Cecil.PE/ImageReader.cs (L288)

On Wed, Nov 20, 2019 at 10:42 AM Gary Ewan Park notifications@github.com
wrote:

@jzabroski https://github.com/jzabroski how would I verify if that is
the case or not?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/brutaldev/StrongNameSigner/issues/53?email_source=notifications&email_token=AADNH7L4WRRWD2DP6YIK6ITQUVLFZA5CNFSM4JG4MWG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEESNEWA#issuecomment-556061272,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AADNH7IAUGAM6Q2777GGHMTQUVLFZANCNFSM4JG4MWGQ
.

@jzabroski commented on GitHub (Nov 20, 2019): Just a guess - haven't tried it - https://github.com/jbevain/cecil/blob/b2d248c1caacf411f4b0433a807e7497a6f8e1a0/Mono.Cecil.PE/ImageReader.cs#L288 On Wed, Nov 20, 2019 at 10:42 AM Gary Ewan Park <notifications@github.com> wrote: > @jzabroski <https://github.com/jzabroski> how would I verify if that is > the case or not? > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/brutaldev/StrongNameSigner/issues/53?email_source=notifications&email_token=AADNH7L4WRRWD2DP6YIK6ITQUVLFZA5CNFSM4JG4MWG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEESNEWA#issuecomment-556061272>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AADNH7IAUGAM6Q2777GGHMTQUVLFZANCNFSM4JG4MWGQ> > . >

kerem commented

2026-02-25 21:30:33 +03:00

Author

Owner

@bkonia commented on GitHub (Nov 20, 2019):

@bkonia did you happen to find a solution/workaround for this? I have the same requirement, and I have found the exact same thing happens when I attempt what you try above.

No, I'm just waiting for the upgrade from @brutaldev

@bkonia commented on GitHub (Nov 20, 2019): > @bkonia did you happen to find a solution/workaround for this? I have the same requirement, and I have found the exact same thing happens when I attempt what you try above. No, I'm just waiting for the upgrade from @brutaldev

kerem commented

2026-02-25 21:30:33 +03:00

Author

Owner

@brutaldev commented on GitHub (Nov 21, 2019):

I'll look at this today and see if I can get it fixed up. Thanks for all the info, will be useful to track down why this happens.

@brutaldev commented on GitHub (Nov 21, 2019): I'll look at this today and see if I can get it fixed up. Thanks for all the info, will be useful to track down why this happens.

kerem commented

2026-02-25 21:30:33 +03:00

Author

Owner

@gep13 commented on GitHub (Nov 21, 2019):

@brutaldev let me know if you need a volunteer to test anything out. Happy to help where I can.

@gep13 commented on GitHub (Nov 21, 2019): @brutaldev let me know if you need a volunteer to test anything out. Happy to help where I can.

kerem commented

2026-02-25 21:30:33 +03:00

Author

Owner

@brutaldev commented on GitHub (Nov 22, 2019):

Sorry guys, I'll take a look at this soon, yesterday and today was consumed with project work :(

@brutaldev commented on GitHub (Nov 22, 2019): Sorry guys, I'll take a look at this soon, yesterday and today was consumed with project work :(

kerem commented

2026-02-25 21:30:33 +03:00

Author

Owner

@gep13 commented on GitHub (Nov 22, 2019):

@brutaldev totally understand, I know how things can go sometimes. I genuinely wouldn't have any idea on where to start with looking into this, so not in a position to help out from a code point of view, but please let me know if there is anything I can do to help within testing/verification, etc.

@gep13 commented on GitHub (Nov 22, 2019): @brutaldev totally understand, I know how things can go sometimes. I genuinely wouldn't have any idea on where to start with looking into this, so not in a position to help out from a code point of view, but please let me know if there is anything I can do to help within testing/verification, etc.

kerem commented

2026-02-25 21:30:33 +03:00

Author

Owner

@brutaldev commented on GitHub (Nov 25, 2019):

Fixed up in version 2.6.0. The remover only sets the bit to highlight that the assembly is not signed (but keeps the public key - thanks @jzabroski). Delay-signed assemblies will be seen as NOT being signed, the UI will indicate the signing type as well and there is a new property to determine this if you use the API.

Will add full-fledged removing at a later stage which is easy enough, not sure if this tool is the right thing to do that...

@brutaldev commented on GitHub (Nov 25, 2019): Fixed up in version [2.6.0](https://github.com/brutaldev/StrongNameSigner/releases/tag/2.6.0). The remover only sets the bit to highlight that the assembly is not signed (but keeps the public key - thanks @jzabroski). Delay-signed assemblies will be seen as NOT being signed, the UI will indicate the signing type as well and there is a new property to determine this if you use the API. Will add full-fledged removing at a later stage which is easy enough, not sure if this tool is the right thing to do that...

kerem commented

2026-02-25 21:30:33 +03:00

Author

Owner

@gep13 commented on GitHub (Nov 25, 2019):

@brutaldev thank you so much for doing this! I have just taken this for an initial spin, and it seems to work! Going to give this a larger test in the actual place that I need to make use of it to see if everything there works, but seems like it is going to! Thanks again!

@gep13 commented on GitHub (Nov 25, 2019): @brutaldev thank you so much for doing this! I have just taken this for an initial spin, and it seems to work! Going to give this a larger test in the actual place that I need to make use of it to see if everything there works, but seems like it is going to! Thanks again!

Rows
Columns

[GH-ISSUE #53] SNS Claims Unsigned Assembly is Signed #46