• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 287
  • Last Modified:

auto check file?

hello.

i would like to check my program (md5 hash?) when it runs, so it would close if it detects any changes...
i know reverse engeneering can break that protection but it would help.

but there is an obvious problem... how can i insert the md5 hash in the exe without making any change in the md5!

so i was searching a bit and i found this:
http://www.programmersheaven.com/zone24/cat277/4329.htm

its supposed to work for turbo pascal, but i also found this:
http://groups.google.com/group/borland.public.delphi.winapi/browse_thread/thread/8280661dafb11331/130a294eedce4996?

there was (2002 xD) an example for delphi but the link is broken :'(

so i was wondering if there is another way to do that? or someone knows how to modify the turbo pascal and the .inc file to work with delphi?

any hint would be appreciated a lot  :)
greetings.
0
lobo_estepario
Asked:
lobo_estepario
  • 6
  • 5
  • 2
  • +1
1 Solution
 
UbethatwayCommented:
Hi,

One thing you can try is to "pre-enter" a string the same size as the MD5 hash in your application somwhere (make sure the string is recognisable). Then compile your application and take the hash of it. You can then use a tool, such as ResHacker, to replace "pre-entered" string with the correct Md5 hash.

ResHacker is available here: http://www.angusj.com/resourcehacker/

I had a look at the Turbo Pascal tool you provided, but unless there iss a tool to convert the files automatically, doing it by hand would be long and arduous.

Hope that helps, Mark
0
 
2266180Commented:
best way in my opinion is to use something like this (command line build batch):

- compile program
- calculate md5
- crypt md5
- append crypted md5 to end of program
then
- at program load time, program will seek to it's size - length md5 hash (this length is constant ;) ) and loar md5 hash
- then it will calculate md5hash for the program exe - length md5 hash
OR
- it will copy the exe without the hash to a temp file, calculate the hash and then delete the temp file
crypting algorithm can bve something simple, just so the user will not be able to just replace the hash ;)

for such a solution and demos, see the answers of this question:http://www.experts-exchange.com/Programming/Programming_Languages/Delphi/Q_21905932.html


in Ubethatway's solution you will also have to skip the place where the hash is stored but in that case the place can be anywhere within the exe and is thus harder to implement.
0
 
CodedKCommented:
Ubethatway if you calculate the hash of your application and then store the hash to the string
(using ResHacker) or anything else then... that would change the hash of your application again ! :)

What if you store the hash in a file outside of your app ?
Of course you should encrypt the hash so noone would understand its an md5 hash.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
2266180Commented:
codedk, using my "algorithm", the hash of the application does not change as I explained it, you don't calculate the hash of the file that contains the exe and the hash, but just the first part, the exe. so the hash will be the same always.
0
 
CodedKCommented:
I know ciuly, i was talking about Ubethatway suggestion.
0
 
2266180Commented:
sorry, didn't scroll to see who the asker was :D
0
 
lobo_esteparioAuthor Commented:
allright im trying to make it work... ill take a look at that link ciuly ;-)

so ill let you know once i finish reading and trying all that stuff lol

greetings.
0
 
lobo_esteparioAuthor Commented:
well, i had some hardware issues so i couldnt use my pc in two days :-(

anyway, i tried your sample, ciuly. the one called: "modify exe string" and everytime i used a to insert the text "edit1" in b, it corrupts the file :-(

i will try to solve that but what i really wanna know is how can i be able to do this: "then it will calculate md5hash for the program exe - length md5 hash".

i mean how can i get the md5 hash of it if its not really a file (i cant copy the exe to other place, i need to work with just the exe).

thanks.
bye
0
 
2266180Commented:
that is most probably because you didn;t follow the instructions step by step as explained there. you MUST follow those step in that exact order:
download project files from http://www.ciuly.com/delphi/ModifyExeString.zip
compile B. then write the size manuallt in size.pas then compile B again.
THEN compile A (this was specified in one of the first posts :) )

regarding your second question. you have several ways to do that:
- you create another class, derived from tfilestream (or from TStream and passing a filename, or whatever), readonly, that will aways retrieve the content of that file up until the filesize-length(md5sum) (this length IS constant. it's 128 bit = 16 bytes)
- you modify the md5 hash algorithm to only read until the filesize - 16 (length of md5 hash)

and there are variations of the above and of course other implementations that can be more or less complicated. the above are the 2 most simple ones in my opinion.
0
 
lobo_esteparioAuthor Commented:
oops, my bad, sorry  :-(

so yes, that demo works fine!

now im gonna try to modify the md5 hash algorithm  :-)
0
 
2266180Commented:
if the md5hash algorithm you are using supports calculating on a stream, I suggest using the first option: it is much more faster to implement and more secure (since you wil not be modifying the md5hash algorithm, there are no chances for you to introduce bugs there) and more flexible ;)
0
 
lobo_esteparioAuthor Commented:
mmm, well im using this unit: http://www.sawatzki.de/Download/Delphi_MD5.zip

but, to be honest... im not quite sure where to make the changes  :-(

i will try to figure it out though.

greetings.

0
 
2266180Commented:
0
 
lobo_esteparioAuthor Commented:
Thanks  :-)

Im gonna analyze the code and then ill add some crypting and all that.

Thanks again.
greetings  ;-)

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now