Post: [C#] Detect tampering of files
Options
09-23-2015, 02:38 AM
#1
Winter
Purple God
anyway, enough of that!
What use can detecting of file tampering be to me?
If someone for example, decompiled a .dll, added some malicious code to it and it replaced the one that the application used, the malicious code would run without any other changes occurring, file tamper protection is highly recommended when making a real world application.
Cool cool, how do I do it?
bool CompareMD5(string path, string MD5Hash) {
if (BitConverter.ToString(MD5.Create().ComputeHash(File.ReadAllBytes(path))).Replace("-", "") == MD5Hash)//IS will pick up on the references
return true;
return false;
}
then it's as simple as doing
if (!CompareMD5(Environment.CurrentDirectory + "\\File Here.dll", "MD5HASH HERE"))
Application.Exit();
How can I just get the MD5 of a file?
string CalculateMD5(string path) {
return BitConverter.ToString(MD5.Create().ComputeHash(File.ReadAllBytes(path))).Replace("-", "");
}
pretty simple eh?
The following 6 users say thank you to Winter for this useful post:
09-23-2015, 03:34 AM
#2
Sloth
Banned
Originally posted by Granny
A little while ago bass haxor had edited PS3Lib to allow free use of readlv2/writelv2 and people started "making edits of that" but wern't aware that it was actually reading your console-id and sending it to the makers of these "edits of bass haxors", it's why Enstone didn't release the functionality without doing an import because he knew exactly what people would do with it. (Rambling a little bit, but people were criticizing him for not adding more when he was limited to the PS3's short memory span that it'll leave for games)
anyway, enough of that!
What use can detecting of file tampering be to me?
If someone for example, decompiled a .dll, added some malicious code to it and it replaced the one that the application used, the malicious code would run without any other changes occurring, file tamper protection is highly recommended when making a real world application.
Cool cool, how do I do it?
then it's as simple as doing
How can I just get the MD5 of a file?
pretty simple eh?
anyway, enough of that!
What use can detecting of file tampering be to me?
If someone for example, decompiled a .dll, added some malicious code to it and it replaced the one that the application used, the malicious code would run without any other changes occurring, file tamper protection is highly recommended when making a real world application.
Cool cool, how do I do it?
bool CompareMD5(string path, string MD5Hash) {
if (BitConverter.ToString(MD5.Create().ComputeHash(File.ReadAllBytes(path))).Replace("-", "") == MD5Hash)//IS will pick up on the references
return true;
return false;
}
then it's as simple as doing
if (!CompareMD5(Environment.CurrentDirectory + "\\File Here.dll", "MD5HASH HERE"))
Application.Exit();
How can I just get the MD5 of a file?
string CalculateMD5(string path) {
return BitConverter.ToString(MD5.Create().ComputeHash(File.ReadAllBytes(path))).Replace("-", "");
}
pretty simple eh?
I've always thought about implementing this in to my major projects but I never really put too much thought in to it, now that the code is readily available here I don't really have an excuse to put it off any longer.
Thanks for this should help people with program security
09-23-2015, 05:51 AM
#3
Winter
Purple God
Originally posted by Sloth
I've always thought about implementing this in to my major projects but I never really put too much thought in to it, now that the code is readily available here I don't really have an excuse to put it off any longer.
Thanks for this should help people with program security
Thanks for this should help people with program security
Yeah, it's always good to verify the assemblys integrity since dll's are weakpoints in applications.
09-23-2015, 09:01 AM
#4
Mango_Knife
In my man cave
Originally posted by Granny
A little while ago bass haxor had edited PS3Lib to allow free use of readlv2/writelv2 and people started "making edits of that" but wern't aware that it was actually reading your console-id and sending it to the makers of these "edits of bass haxors", it's why Enstone didn't release the functionality without doing an import because he knew exactly what people would do with it. (Rambling a little bit, but people were criticizing him for not adding more when he was limited to the PS3's short memory span that it'll leave for games)
anyway, enough of that!
What use can detecting of file tampering be to me?
If someone for example, decompiled a .dll, added some malicious code to it and it replaced the one that the application used, the malicious code would run without any other changes occurring, file tamper protection is highly recommended when making a real world application.
Cool cool, how do I do it?
then it's as simple as doing
How can I just get the MD5 of a file?
pretty simple eh?
anyway, enough of that!
What use can detecting of file tampering be to me?
If someone for example, decompiled a .dll, added some malicious code to it and it replaced the one that the application used, the malicious code would run without any other changes occurring, file tamper protection is highly recommended when making a real world application.
Cool cool, how do I do it?
bool CompareMD5(string path, string MD5Hash) {
if (BitConverter.ToString(MD5.Create().ComputeHash(File.ReadAllBytes(path))).Replace("-", "") == MD5Hash)//IS will pick up on the references
return true;
return false;
}
then it's as simple as doing
if (!CompareMD5(Environment.CurrentDirectory + "\\File Here.dll", "MD5HASH HERE"))
Application.Exit();
How can I just get the MD5 of a file?
string CalculateMD5(string path) {
return BitConverter.ToString(MD5.Create().ComputeHash(File.ReadAllBytes(path))).Replace("-", "");
}
pretty simple eh?
Not bad, to be honest it can really help
Here are the MD5 of the ps3lib if anybody interesting:
4.2:
PS3Lib.dll: FA1CCFC1DBDAF7A802F1D34B700D40AD
CCAPI.dll: 354B2756F5A2A377296EFFF0353059B1
4.3:
PS3Lib.dll: 7BE3DB9B7608CB05CCF56C5C606EBD60
4.4:
PS3Lib.dll: F0E04EFE7B2AA47711535915E2B1A1AB
The following user thanked Mango_Knife for this useful post:
10-28-2015, 02:11 PM
#5
Bitwise
Mario!
To be perfectly honest, when it comes to file security MD5 is pretty gay. I'd either go with HMAC-SHA256/SHA256 or cyclic redundancy check (CRC), also note that this can easily be bypassed, implying that file security is the only security you have on the system. (memory protection would make your file security way more secure, but even that can be bypasses >_<
Security is a really tough field, it involves many upon many different skillsets to perfect, but at least this scene is now aware of checking hashes, gj.
EDIT:
Oops I misread the thread, I assumed this was for security purposes - good job. Me and Extern (from Xbox scene) where talking about developing a system to do something like this, but divide the file into different segments to hash, to detect part corruption - so you don't have to re-download/install the whole file again, instead our system retrieves the original file buffer (ofc has to be specified, along with original seg hashes (auto-stored when confirming file is original)) and checks both hashed seg's to double check that corruption has occurred, and what exact segments to over-write. Pretty simple and cool, and could save you tons of time.
P.S
Unrelated note, but you should seriously look more into logical booleans. In your compare function, that if statement is not needed at all. You can simply do something like this:
Security is a really tough field, it involves many upon many different skillsets to perfect, but at least this scene is now aware of checking hashes, gj.EDIT:
Oops I misread the thread, I assumed this was for security purposes - good job. Me and Extern (from Xbox scene) where talking about developing a system to do something like this, but divide the file into different segments to hash, to detect part corruption - so you don't have to re-download/install the whole file again, instead our system retrieves the original file buffer (ofc has to be specified, along with original seg hashes (auto-stored when confirming file is original)) and checks both hashed seg's to double check that corruption has occurred, and what exact segments to over-write. Pretty simple and cool, and could save you tons of time.
P.S
Unrelated note, but you should seriously look more into logical booleans. In your compare function, that if statement is not needed at all. You can simply do something like this:
// cleaner version of your code
public string CalculateMD5(string path)
{
return BitConverter.ToString(MD5.Create().ComputeHash(File.ReadAllBytes(path))).Replace("-", "");
}
public bool CompareMD5(string path, string MD5Hash)
{
return CalculateMD5(path) == MD5Hash;
}
// more practical code
public byte[] calc_md5hash(byte[] data){
return MD5.Create().ComputeHash(data);
}
public bool compare_md5hash(byte[] data, byte[] hash) {
return calc_md5hash(data).SequenceEqual(hash);
}
Last edited by
Bitwise ; 10-28-2015 at 02:42 PM.
The following 3 users say thank you to Bitwise for this useful post:
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
