1password/electron-hardener

electron-hardener

A Rust library and command line tool to harden Electron binaries against runtime behavior modifications

.

This provides a way to harden Electron applications against a specific class of runtime behavior modification. Specifically, if an unprivileged process can't write to the application's binary file or process address space, it should not be able to change what an app does at runtime.

The library provides two sets of functionality:

  • An interface to view and modify the status of fuses in an application, similar to the official fuses package.
  • A fast and configurable alternative implementation of the electron-evil-feature-patcher tool created by Dimitri Witkowski. All patches it can perform are also exposed in this crate. See its README for more details on how it works.

Usage

Library

The library exposes a simple and configurable interface:

use electron_hardener::{ElectronApp, Fuse, NodeJsCommandLineFlag};

let mut app = ElectronApp::from_bytes(&mut application_bytes)?;

app.set_fuse_status(Fuse::RunAsNode, false)?;

app.patch_option(NodeJsCommandLineFlag::Inspect)?;

Check out the command line tool's source or the example to see more ways to use it.

Command line tool

The command line tool exposes the same functionality and interface as electron-evil-feature-patcher:

 ./path/to/packaged/electron/app

Install

Library

In your project's Cargo.toml file:

electron_hardener = "0.1"

Command line tool

Make sure you have a Rust compiler installed and then run

cargo install 

Electron compatibility

electron-harder tracks the latest stable version of Electron. Functionality is currently tested on a minimum version of Electron 13. Older versions may partially work but this is not guaranteed.

MSRV

The Minimum Supported Rust Version is currently 1.46.0. This will be bumped to the latest stable version of Rust when needed.

Credits

Made with ❤️ by the 1Password team, with full credits to Dimitri Witkowski for taking the time and effort to discover the command line flags that can be disabled, and finally creating the original tool which served as inspiration for this project.

License

Licensed under either of Apache License, Version 2.0 or MIT license at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this crate by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Versions

Find the latest versions by id

v0.2.2 - Sep 22, 2021

[0.2.2] - 2021-09-22

Changed

  • Updated minimum supported Electron version to 15.
  • Deprecated patching with NodeJsCommandLineFlag. This has been superseded by the NodeCliInspect fuse.
  • Deprecated patching with DevToolsMessage. It is no longer needed due to the functionality provided by the NodeCliInspect fuse.

New

  • Added support for Electron's experimental cookie encryption fuse added in version 13.
  • Added support for Electron's new fuses to disable NodeJS debugging flags and environment variables.
  • Added support for Electron's new ASAR integrity fuses to protect against unknown code from being ran.

v0.2.1 - Jun 02, 2021

v0.2.0 - Jun 01, 2021

Release v0.2.0 with support for Electron 13.

v0.1.0 - Apr 23, 2021

Information - Updated Dec 06, 2021

Stars: 317
Forks: 9
Issues: 0

Rust library for Self Organising Maps (SOM)

Add rusticsom as a dependency in Cargo

Rust library for Self Organising Maps (SOM)

Rust library for parsing configuration files

The 'option' can be any string with no whitespace

Rust library for parsing configuration files

Rust library for the Pimoroni Four Letter pHAT

This library aims to port ht16k33 (or rather a fork, as of right now) so credit goes to ht16k33-diet

Rust library for the Pimoroni Four Letter pHAT

Rust library for emulating 32-bit RISC-V

This library can execute instructions against any memory and register file that implements

Rust library for emulating 32-bit RISC-V

Rust library for connecting to the IPFS HTTP API using Hyper/Actix

You can use actix-web as a backend instead of hyper

Rust library for connecting to the IPFS HTTP API using Hyper/Actix

Rust library to manipulate file system access control lists (ACL) on macOS, Linux, and FreeBSD

This module provides two high level functions, getfacl and setfacl

Rust library to manipulate file system access control lists (ACL) on macOS, Linux, and FreeBSD

Rust library translation (rust-src/rust-std/stdlib/rustlib translation)

This is the place to translate Having a documentation in your native language is essential if you don't speak English, and still enjoyable even if...

Rust library translation (rust-src/rust-std/stdlib/rustlib translation)

Rust library for using Infrared hardware decoders (For example a Vishay TSOP* decoder),

enabling remote control support for embedded project

Rust library for using Infrared hardware decoders (For example a Vishay TSOP* decoder),

Rust library for interaction with the OriginTrail Decentralized Knowledge Graph

open up an issue on this repository and let us know

Rust library for interaction with the OriginTrail Decentralized Knowledge Graph

Rust library for parsing COLLADA files

Notice: This library is built around files exported from Blender 2

Rust library for parsing COLLADA files

Rust library for low-level abstraction of MIPS32 processors

This project is licensed under the terms of the MIT license

Rust library for low-level abstraction of MIPS32 processors
Facebook Instagram Twitter GitHub Dribbble
Privacy