From: fc@all.net (Dr. Frederick B. Cohen)
To: ecarp@netcom.com (Ed Carp)
Message Hash: b4b733f77566c04ba8b46cbbc58008be33af73a1e4547d605d1c0f829300a758
Message ID: <9510131100.AA17114@all.net>
Reply To: <199510130455.VAA29233@netcom6.netcom.com>
UTC Datetime: 1995-10-13 11:03:17 UTC
Raw Date: Fri, 13 Oct 95 04:03:17 PDT
From: fc@all.net (Dr. Frederick B. Cohen)
Date: Fri, 13 Oct 95 04:03:17 PDT
To: ecarp@netcom.com (Ed Carp)
Subject: Re: looking for anti-tamper software
In-Reply-To: <199510130455.VAA29233@netcom6.netcom.com>
Message-ID: <9510131100.AA17114@all.net>
MIME-Version: 1.0
Content-Type: text
>
> I used to have this C source that I could embed in a program, and it
> would tell me if the software had been tampered with at runtime. I've
> lost/mislaid/whatever the source, and I was wondering if anyone had anything
> that would do the same thing. As I recall, it calculated a simple CRC and
> embedded it into the .EXE file (it was written for MS-DOS).
>
> It doesn't need to be cryptographically secure - I just need to check to see
> if the executable has been corrupted. I've leafed through alt.sources and
> comp.sources.*.
You are aware that there is a generic attack against all such defenses -
aren't you? It has been published for 7+ years. For details see:
A Short Course on Computer Viruses - Wiley and Sons - 94
--
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
Return to October 1995
Return to “fc@all.net (Dr. Frederick B. Cohen)”