1995-10-13 - Re: looking for anti-tamper software

Header Data

From: fc@all.net (Dr. Frederick B. Cohen)
To: ecarp@netcom.com (Ed Carp)
Message Hash: b4b733f77566c04ba8b46cbbc58008be33af73a1e4547d605d1c0f829300a758
Message ID: <9510131100.AA17114@all.net>
Reply To: <199510130455.VAA29233@netcom6.netcom.com>
UTC Datetime: 1995-10-13 11:03:17 UTC
Raw Date: Fri, 13 Oct 95 04:03:17 PDT

Raw message

From: fc@all.net (Dr. Frederick B. Cohen)
Date: Fri, 13 Oct 95 04:03:17 PDT
To: ecarp@netcom.com (Ed Carp)
Subject: Re: looking for anti-tamper software
In-Reply-To: <199510130455.VAA29233@netcom6.netcom.com>
Message-ID: <9510131100.AA17114@all.net>
MIME-Version: 1.0
Content-Type: text


> 
> I used to have this C source that I could embed in a program, and it
> would tell me if the software had been tampered with at runtime.  I've
> lost/mislaid/whatever the source, and I was wondering if anyone had anything
> that would do the same thing.  As I recall, it calculated a simple CRC and
> embedded it into the .EXE file (it was written for MS-DOS).
> 
> It doesn't need to be cryptographically secure - I just need to check to see
> if the executable has been corrupted.  I've leafed through alt.sources and
> comp.sources.*.

You are aware that there is a generic attack against all such defenses -
aren't you? It has been published for 7+ years.  For details see:

	A Short Course on Computer Viruses - Wiley and Sons - 94

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236




Thread