• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 544
  • Last Modified:

HOW TO CALCULATE THE CHECKSUM OF A PROGRAM TO PROTECT IT AGAINST CHANGES

I have a  (DOS-QBcompiled) program  wich by Dutch-Law my only start if there has been at startup a check
(checksum???)  that this program is not changed or manipulated by a user
How to  write code to do this checksum , it is allowed to do this checksum from another module first,  then if ok run/chain the tested program
0
BIAPRO
Asked:
BIAPRO
1 Solution
 
Harisha M GCommented:
Hi, you can use the standard hash generators, or write your own.

A simple checksum would be to find the sum of ASCII values of the characters and then find the modulus of that with some value.

If you want a 8-bit hash, then use {Sum of ASCII} MOD 256
If you want a 16-bit hash, then use {Sum of ASCII} MOD 65536
..

Hope this helps


---
Harish
0
 
BIAPROAuthor Commented:
Thanks, but what would be the syntax e.g.  in VB6  to calculate the value off a  exe-file
0
 
lostcarparkCommented:
You could simply open your EXE file, read every byte and add it to a checksum, then close the file.

chksum = 0
OPEN "myprog.exe" FOR INPUT AS #1
DO UNTIL EOF(1)
  GET #1, , char$
  byte = ASC(A$)
  chksum = chksum + byte
LOOP
IF chksum <> 12345 THEN
  PRINT "Program tampered."
  END
END IF


The file can check itself, but of course you need to know what the checksum is before you compile it, and changing the checksum will change the size of your program. You could write a second program to check the main one then launch, but I'm not sure if the main program could verify it was only launched from the checksum program. There's no use having a launcher to check the file if a hacker can bypass it just by running the main exe directly.

Your best bet is to write a small program to write the checksum and print it out. You can then insert the value it prints out into the above code. It will take a few attempts to refine it, but with a little trial and error you should be able to find the right checksum.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
hoomanvCommented:
0
 
schalcraftCommented:
Yikes, lets hope that this law doesnt get past the Dutch borders! The more I think about this conundrum the worse it gets. lostcarpark is right, but it gets even worse.

Basically it is impossible to write a program that could perform a self-verification based on a checksum etc.

For self-verification to occur, then the final checksum must be embedded in the program,  but this value will never be know until the program is compiled. Changing the source will then change the final checksum, which will then require another change in the source. Basically you are then stuck in a never ending loop.

The answer here is to employ a wrapper program. You then end up with two executables. One is the progam itself, the second is an add on program that verifies the checksum of the original program, and then launches the program if it is unchanged.  As lostcarpark highlighted above, this wont stop you running the real program directly. It also wont stop the program and the wrapper being modified and new checksums being embedded.

By the way, in VB its something like 'Shell "myprogram.exe", vbNormalFocus' to launch an external program.
0
 
HonorGodCommented:
 Another alternative (which would not require iteration) would be to have the checksum value (bytes) distributed throughout the executable, perhaps redundantly.  The checksum algorithm would "ignore" these distributed bytes while computing the checksum, and use them to compare the final value.
0
 
BIAPROAuthor Commented:
ok after some modification and change syntax for doscompiler I can run from dos or either dos-box in windows
this code I use in dos-compiler. The only work involved is that every time I change something to the program
wich need to be checked, I have to update the 'starting' program with the new chksum value, but that does not happing
a lot.  Anyway it works even in dos (Yes! still around)

RECLEN% = 1
RECNR% = FreeFile
Close RECNR%
OPEN "R",RECNR%,"PDSFIN.EXE",RECLEN%
FIELD #RECNR%, RECLEN% AS A$
B$ = Str$(LOF(RECNR%))
T# = (Val(B$) / RECLEN%) + 1
CHKSUM# = 0
For I# = 1 To T#
   GET #1,I#
   byte = ASC(A$)
   chksum#= chksum#+ byte
Next
Close
Print CHKSUM#
If CHKSUM# <> 4435828 Then End  ' value for this program  to start
RUN "PDSFIN"

0
 
lostcarparkCommented:
That looks good, but I notice you use FreeFile to get the first available file handle, but the use:

   GET #1,I#

Which reads from file #1. I expect that in almost every case FreeFile will return 1, so they should be the same thing, but for consistency you probably should use:

   GET #RECNR%,I#
0
 
BIAPROAuthor Commented:
True ,  it was a quick writing - test  ,  normally all my opening-calls contains  RECNR% at all location, I have to, due to some programs have more then 30 files open and closing,  ,  in dos  and in VB6,
but thanks for the advice anyway
Regards Jack
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now