Highlighted

RAM dump protection when writing Adobe Illustrator plugin

New Here ,
May 10, 2020

Copy link to clipboard

Copied

I am writing a plugin for adobe Illustrator. I am questioned by the Information Security team regarding the safety of the plugin. In particular they would like to see if and how Adobe Illustrator and its plugin implements RAM dump protection and Hooking Detection. Questions

1) Does Adobe Illustrator has RAM dump protection and Hooking Detection in place

2) Does it apply to its plugin?

3) Does the plugin need to implement them? if yes, how?

 

Reference:

RAM dump Protection:

RAM can be dumped by using a hooking framework like Frida, but there are some libraries for windows and other programming languages to limit this such as “SecureZeroMemory” function for windows which zero the data.

 

Hooking Detection:

Any application can be programmed to verify on what platform(OS) it is running and is there any rogue hooking processes(applications- Frida) trying to get attached to the original application, if this is detected on the platform(OS) then the application has to be terminated.

TOPICS
SDK, Third party plugins

Views

591

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

RAM dump protection when writing Adobe Illustrator plugin

New Here ,
May 10, 2020

Copy link to clipboard

Copied

I am writing a plugin for adobe Illustrator. I am questioned by the Information Security team regarding the safety of the plugin. In particular they would like to see if and how Adobe Illustrator and its plugin implements RAM dump protection and Hooking Detection. Questions

1) Does Adobe Illustrator has RAM dump protection and Hooking Detection in place

2) Does it apply to its plugin?

3) Does the plugin need to implement them? if yes, how?

 

Reference:

RAM dump Protection:

RAM can be dumped by using a hooking framework like Frida, but there are some libraries for windows and other programming languages to limit this such as “SecureZeroMemory” function for windows which zero the data.

 

Hooking Detection:

Any application can be programmed to verify on what platform(OS) it is running and is there any rogue hooking processes(applications- Frida) trying to get attached to the original application, if this is detected on the platform(OS) then the application has to be terminated.

TOPICS
SDK, Third party plugins

Views

592

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
May 10, 2020 1
Adobe Community Professional ,
May 10, 2020

Copy link to clipboard

Copied

Hey I have no idea about any of this but it sure sounds interesting. One thing I do know is that in Illustrator you do sometimes get an "Out of memory (RAM)" error alert that comes up as a result of some expensive rendering action a user might do, such as adding a 3D effect. This box comes up as part of Illustrator's native UI operations and looks ugly.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 10, 2020 1
Adobe Community Professional ,
May 10, 2020

Copy link to clipboard

Copied

Adobe SDK's don't cover these topics providing any functionality around these nor do they discuss if these things are implemented in the native application itself or not. I would also discuss with the security team if such extreme implementations are indeed required by the plugin. These seem to be very advanced topics(i read about them right now). My approach to implementing this would be the following

  • Verify if these hacks can be expolited if no special handling is done. If yes then proceed on to the next step
  • Consider the feasibility of implementing solution for each hack, like for ex Ram dump protection, identify the data that needs to be protected, like some passwords keys etc. I read that strings can't be effectively protected but char * so make the necessary changes. Making the change blindly everywhere would be an overkill in terms of code refactoring and may be performance.

-Manan

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 10, 2020 0
Resources