Absolutly excellent :) Thankyou
I shall enjoy delving into this :) Pete --- In [email protected], "Peter Luijer" <[EMAIL PROTECTED]> wrote: > > Hi Pete, > > I wrote a little test-application that uses the approach given by > Glenn B. Lawler where the MD5 is attached at the end of the .exe > > You can find it here (D6, 5kBytes ZIP): > http://delphi.videoripper.org/IntegrityCheck.zip > > The project consists of 2 applications: > - The actual application that needs to be "protected" (HashCheck) > - A separate (console type) tool that does the dirty job of > adding an MD5 hash at the end of an exe-file (FileHasher) > > Both the test-app as the tool use the TDCP_md5 component of the > Cryptographic Component Library v2 (the same you already use) which > can be found on http://www.cityinthesky.co.uk/ > > - Compile both applications > - First run the "HashCheck" normally: you should see a failure on > the mainform, complaining that the file isn't correct > - Now close it again and, from Windows explorer, drop that .exe on > FileHasher: if all's well an extra file is added (called > "inputfile".old), which is the old compiled executable. > The "new" executable is the one WITH the MD5 attached. > You can run it again ("direct" or through the IDE; DON'T rebuild) > and you'll see that it is successfully validated now. > > There are no comments in the code; I just wrote it quickly, but it > shouldn't be too hard to understand. > > > Greetz, > > Peter. > > > > -----Original Message----- > > From: [email protected] > > [mailto:[EMAIL PROTECTED] On Behalf Of petesouthwest > > Sent: Friday, January 20, 2006 8:48 AM > > To: [email protected] > > Subject: [delphi-en] Re: Including a file integrity check using md5 > > > > > > > It's always a bad thing to think, as a programmer, you can outsmart > > > a hacker and even you're right to make things as hard as > > possible for > > > such a person, an approach like this is easy to circumvent: a hacker > > > could easily wipe out the entire check (using NOP's or by always > > > returning true at the comparison) or by "updating" the hash after > > > patching (cracking) the application. > > > > I know it would only delay them for a while! It would be just one more > > thing they would have to do. I also like the fact that it ensures the > > app hasnt got corrupted during download. > > > > > > > But to return to the issue at hand: you can overcome this MD5-hash > > > "chicken & egg-problem" by NOT including that part of the file where > > > it's stored, while doing the hashing. > > > > > > > Can you tell me how I would do that? A the moment I'm using a > > thirdparty md5 code from > > http://www.cityinthesky.co.uk/cryptography.html, I load the exe into a > > TMemoryStream, and then assign that to the hashing component and set > > it going by: > > Hash:= TDCP_md5.Create(Self); > > Hash.Init; > > Hash.UpdateStream(Source,Source.Size); > > Hash.Final(Digest); > > Source.Free; > > > > How would I go about only giving part of my file, and how would I know > > which bit to give? > > > > Thanks > > Pete > > > > > > > > > > > > > > ----------------------------------------------------- > > Home page: http://groups.yahoo.com/group/delphi-en/ > > To unsubscribe: [EMAIL PROTECTED] > > Yahoo! Groups Links > > > > > > > > > > > > > > > ----------------------------------------------------- Home page: http://groups.yahoo.com/group/delphi-en/ To unsubscribe: [EMAIL PROTECTED] Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/delphi-en/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
