Solved

auto check file?

Posted on 2006-07-04
14
257 Views
Last Modified: 2010-04-05
hello.

i would like to check my program (md5 hash?) when it runs, so it would close if it detects any changes...
i know reverse engeneering can break that protection but it would help.

but there is an obvious problem... how can i insert the md5 hash in the exe without making any change in the md5!

so i was searching a bit and i found this:
http://www.programmersheaven.com/zone24/cat277/4329.htm

its supposed to work for turbo pascal, but i also found this:
http://groups.google.com/group/borland.public.delphi.winapi/browse_thread/thread/8280661dafb11331/130a294eedce4996?

there was (2002 xD) an example for delphi but the link is broken :'(

so i was wondering if there is another way to do that? or someone knows how to modify the turbo pascal and the .inc file to work with delphi?

any hint would be appreciated a lot  :)
greetings.
0
Comment
Question by:lobo_estepario
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 3

Expert Comment

by:Ubethatway
Comment Utility
Hi,

One thing you can try is to "pre-enter" a string the same size as the MD5 hash in your application somwhere (make sure the string is recognisable). Then compile your application and take the hash of it. You can then use a tool, such as ResHacker, to replace "pre-entered" string with the correct Md5 hash.

ResHacker is available here: http://www.angusj.com/resourcehacker/

I had a look at the Turbo Pascal tool you provided, but unless there iss a tool to convert the files automatically, doing it by hand would be long and arduous.

Hope that helps, Mark
0
 
LVL 28

Expert Comment

by:ciuly
Comment Utility
best way in my opinion is to use something like this (command line build batch):

- compile program
- calculate md5
- crypt md5
- append crypted md5 to end of program
then
- at program load time, program will seek to it's size - length md5 hash (this length is constant ;) ) and loar md5 hash
- then it will calculate md5hash for the program exe - length md5 hash
OR
- it will copy the exe without the hash to a temp file, calculate the hash and then delete the temp file
crypting algorithm can bve something simple, just so the user will not be able to just replace the hash ;)

for such a solution and demos, see the answers of this question:http://www.experts-exchange.com/Programming/Programming_Languages/Delphi/Q_21905932.html


in Ubethatway's solution you will also have to skip the place where the hash is stored but in that case the place can be anywhere within the exe and is thus harder to implement.
0
 
LVL 16

Expert Comment

by:CodedK
Comment Utility
Ubethatway if you calculate the hash of your application and then store the hash to the string
(using ResHacker) or anything else then... that would change the hash of your application again ! :)

What if you store the hash in a file outside of your app ?
Of course you should encrypt the hash so noone would understand its an md5 hash.
0
 
LVL 28

Expert Comment

by:ciuly
Comment Utility
codedk, using my "algorithm", the hash of the application does not change as I explained it, you don't calculate the hash of the file that contains the exe and the hash, but just the first part, the exe. so the hash will be the same always.
0
 
LVL 16

Expert Comment

by:CodedK
Comment Utility
I know ciuly, i was talking about Ubethatway suggestion.
0
 
LVL 28

Expert Comment

by:ciuly
Comment Utility
sorry, didn't scroll to see who the asker was :D
0
 

Author Comment

by:lobo_estepario
Comment Utility
allright im trying to make it work... ill take a look at that link ciuly ;-)

so ill let you know once i finish reading and trying all that stuff lol

greetings.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:lobo_estepario
Comment Utility
well, i had some hardware issues so i couldnt use my pc in two days :-(

anyway, i tried your sample, ciuly. the one called: "modify exe string" and everytime i used a to insert the text "edit1" in b, it corrupts the file :-(

i will try to solve that but what i really wanna know is how can i be able to do this: "then it will calculate md5hash for the program exe - length md5 hash".

i mean how can i get the md5 hash of it if its not really a file (i cant copy the exe to other place, i need to work with just the exe).

thanks.
bye
0
 
LVL 28

Expert Comment

by:ciuly
Comment Utility
that is most probably because you didn;t follow the instructions step by step as explained there. you MUST follow those step in that exact order:
download project files from http://www.ciuly.com/delphi/ModifyExeString.zip
compile B. then write the size manuallt in size.pas then compile B again.
THEN compile A (this was specified in one of the first posts :) )

regarding your second question. you have several ways to do that:
- you create another class, derived from tfilestream (or from TStream and passing a filename, or whatever), readonly, that will aways retrieve the content of that file up until the filesize-length(md5sum) (this length IS constant. it's 128 bit = 16 bytes)
- you modify the md5 hash algorithm to only read until the filesize - 16 (length of md5 hash)

and there are variations of the above and of course other implementations that can be more or less complicated. the above are the 2 most simple ones in my opinion.
0
 

Author Comment

by:lobo_estepario
Comment Utility
oops, my bad, sorry  :-(

so yes, that demo works fine!

now im gonna try to modify the md5 hash algorithm  :-)
0
 
LVL 28

Expert Comment

by:ciuly
Comment Utility
if the md5hash algorithm you are using supports calculating on a stream, I suggest using the first option: it is much more faster to implement and more secure (since you wil not be modifying the md5hash algorithm, there are no chances for you to introduce bugs there) and more flexible ;)
0
 

Author Comment

by:lobo_estepario
Comment Utility
mmm, well im using this unit: http://www.sawatzki.de/Download/Delphi_MD5.zip

but, to be honest... im not quite sure where to make the changes  :-(

i will try to figure it out though.

greetings.

0
 
LVL 28

Accepted Solution

by:
ciuly earned 300 total points
Comment Utility
0
 

Author Comment

by:lobo_estepario
Comment Utility
Thanks  :-)

Im gonna analyze the code and then ill add some crypting and all that.

Thanks again.
greetings  ;-)

0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Have you ever had your Delphi form/application just hanging while waiting for data to load? This is the article to read if you want to learn some things about adding threads for data loading in the background. First, I'll setup a general applica…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now