August 13th, 2004, 05:33 AM
This program seems like it could be very very useful. I don' t know if anyone has seen or read about this (it is a bit old) but it still seems very interesting. The fact that it was able to include the US constitution and a copy of the Delaration of Independence in Microsoft Word was pretty cool. A question though, wouldn't this f*%k up an MD5 checksum on a fle even if it didn't alter the size of it?
August 13th, 2004, 09:12 AM
I saw this up on /. but I didn't get to take a look at it...
Anyways, yes, the MD5 would change. But since the program you changed works the same with or without hidden data, unless you have an IDS running that checks the MD5's automatically (not a bad idea) it probably wouldn't occur to you that there is something different about the program. And then you need another MD5 signature (or an unmodified program) to compare it against to see if there is, infact, a difference between what you have, and what you should have.
I don't see the program as greatly useful, but it could be a bit of fun to play with. I wouldn't be able to tell if a file I recieved had something hidden in it, and wouldn't want to waste time trying to do so when I've only come across one file that I know had something in it (it was posted here on AO) -- so to me, this program would just be a novelty item...but it isn't a bad piece of code for what it can do!
August 13th, 2004, 09:33 AM
The technique should be useful in further research and maybe application..
This is maybe out of topic, but i crawl into this person, Rakan El-Khalil (www.crazyboy.com) page and found a page about "how to search in the net"...
the interesting things about his explaination is that he wrote it by words, and i really mean it by words... an interesting writing to read..
August 13th, 2004, 09:44 AM
Why does it not change the filesize like he's stated on his website? is that because the file size is held within the header and this isnt changed?
its quite a cool thing to be able to do, and to be able to embedded the signiture within the program is quite good, and i can see many benifits to this, there could also be benifits with antipiracy, such as preventing the use of fake serials, but then cracks would be created.
August 17th, 2004, 07:00 AM
The reason the file size doesn't change is (as my /. research has shown) is that x86 is a very redundant language, with multiple functions that fit into the same amount of space. (Other research) The x86 microprocessor is very effecient in processing data in 8 bit chunks, compared to 3 bit chunks and the likes. (Guess) So, when the wrote x86 specs, they had 256 different operations or something. (/.) The operations + and -(-) take up the same amount of space. And - and -(+) take up the same amount of space. (Guess) Some of these aren't used very often, such as -(-), but since it is perfectly valid code, you can change those instructions in programs without changing functionality. Presto, you now have a way to hide and distinguish data!
I think the program simply looks at all addition and subtraction type operations, and then since some are interchangable, they make a pattern out of them. So + could represent 0, and -(-) could represent 1. Etc. Functionality wouldn't change, but you can store data. Of course, the data is encrypted with a secret key so you have to solve key distribution, but unlike most cryptographic applications an encrypted message is stored instead of a plain text one. And unlike a few, you don't need to keep around "the original" to decrypt it. (I can't name any of them, but I'm sure it is a practice, however un-great, used by some of the programs out there)
Oh, and embedding the signature is sort of a paradox (chicken vs. egg). How can you embed the signature into the program, if doing so changes the signature? Granted, it is possible to do this, but would take a while and a lot of computation to get it right...
I don't know the feasability of tying a program to a certain key using this. It is possible, but how would a CD pressing company handle this? Traditionally they are given a Gold Disc (not really gold, just a final copy of the disc they will copy) and they simply duplicate it. To do this, they'd have to ensure that the CD case's serial is compatible with the CD, which isn't an easy thing to do if you press millions of CDs and do a few thousand of them a day... Imagine them messing up, and you have to call the company because your CD key doesn't work?