BetaLeaf

API for generating cryptographic hash for online file. Does it exist?

13 posts in this topic

So here is my code. This basically checks cameyo.com if the local copy is the latest version and if not downloads the latest version. It also hides the latest version since this script launches checks for and launches the latest version anyways. For anyone wondering, cameyo is an application virtualization (or simply put, it makes portable apps) utility. They also let you host on their site and run programs in html5 browsers over RDC.

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Icon=Cameyo_32512.ico
#AutoIt3Wrapper_UseUpx=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
Ping("google.com") ;trying to ping cameyo.com always results in failure. I have no idea why.
If @error Then ;internet is down. Use the local copy.
    TrayTip("Cameyo", "No Updates Found." & @CRLF & "Reason: You are offline.", 5);tell user the offline error message.
    ShellExecute("Cameyo_USB.exe", $cmdlineraw);launch the local version.
Else ;internet is up
    If InetGetSize("https://online.cameyo.com/apps/1/download") <> FileGetSize("Cameyo_USB.exe") Then ;compare the filesize of both the online and local versions. If they differ, download the latest version. This can be unreliable if the latest version is the same size as before but autoit doesn't have any other method for checking online versions.
        If FileExists("Cameyo_USB.exe") = 1 And ProcessExists("Cameyo_USB.exe") = 0 Then ;if the local version exists and is not running
            If FileDelete("Cameyo_USB.exe") = 0 Then ;delete it
                MsgBox(16, "Cameyo", "Cannot delete Cameyo_USB.exe. Access Denied.") ;give an error message if it was not able to delete the local version
                Exit;terminate this script. It is recommended to reboot this computer and try again.
            EndIf
        EndIf
        TrayTip("Cameyo", "Downloading Latest Version." & @CRLF & "Please wait...", 5);tell user script is downloading the latest version.
        InetGet("https://online.cameyo.com/apps/1/download", "Cameyo_USB.exe", 1);download the latest version.
        TrayTip("Cameyo", "Launching...", 5);tell user the latest version is being launched.
    Else
        TrayTip("Cameyo", "You have the latest version.", 5);tell user the local version is the latest version.
    EndIf
    ShellExecute("Cameyo_USB.exe", $cmdlineraw)
EndIf

;This will hide the Latest Version from view as it is not necessary. This script will always launch the latest version, either by grabbing it from the website or using the local copy.
FileSetAttrib("Cameyo_USB.exe", "+H");hide the local version.
If FileExists("Cameyo_USB.data") And FileGetAttrib("Cameyo_USB.data") <> "HD" Then ;if directory exists and is not already hidden
    Do
        FileSetAttrib("Cameyo_USB.exe", "-H");unhide it.
        Sleep(100)
    Until FileExists("Cameyo_USB.data") = 1;
    FileSetAttrib("Cameyo_USB.data", "+H");hide the directory.
EndIf

Sleep(5000);sleep for 5 seconds so the traytip does not disappear before the user can read it.

 The issue I have with this is, if the developers update the file and it is the same size, my script won't be able to tell because it only checks file size. I would have to download the file everytime I launch the script (which is time consuming). I want a way to check if the file online has changed. The file is usually around 15mb. As I see it, I need an api to generate a cryptographic hash for the online copy and compare it with a hash generated by autoit on the local copy. So my questions is..

 

TLDR: Does anyone know of an API to generate cryptographic hashes for files hosted online?


False Positive Reporter - Mass email all anti virus vendors with an attachment of your program for fast and easy whitelisting.

PortableApps.com App Creation Wizard  - A simple GUI-based Wizard for creating PortableApps.

SoundBoard - Play any song or sound you want at the press of a hotkey.

My GitHub Page: https://github.com/BetaLeaf

Share this post


Link to post
Share on other sites



How could something like that work? The file needs to be downloaded by someone (API or you) to calculate hash.

1 person likes this

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

I see they have a version number on the page https://online.cameyo.com/apps/1 .  Perhaps you could use the I.E. automation UDF to load the page and look at the version number?

[EDIT] Punctuation...

Edited by mrider

How's my riding? Dial 1-800-Wait-There

Trying to use a computer with McAfee installed is like trying to read a book at a rock concert.

Share this post


Link to post
Share on other sites

No need to even use an _IE function.

BinaryToString(InetRead("https://online.cameyo.com/apps/1"))

Will parse the page. Then you can just look for

Quote

<td>Version</td>

To get the version number. Shows up on the next line inside another <td></td>

Share this post


Link to post
Share on other sites
On 3/10/2016 at 6:17 PM, trancexx said:

How could something like that work? The file needs to be downloaded by someone (API or you) to calculate hash.

The idea is both the host where the file is being stored and the api will have much faster connection speed and will be able to verify in a few seconds, regardless of the connection of the user. 

On 3/10/2016 at 6:32 PM, mrider said:

I see they have a version number on the page https://online.cameyo.com/apps/1 .  Perhaps you could use the I.E. automation UDF to load the page and look at the version number?

[EDIT] Punctuation...

The file always has a version of 1.0.0.0 so this won't work. I need to be able to check the version of both the remote and local versions. This would be remote only. That's why I though about an api that could hash the file with md5 or sha1.

On 3/10/2016 at 6:48 PM, InunoTaishou said:

No need to even use an _IE function.

BinaryToString(InetRead("https://online.cameyo.com/apps/1"))

Will parse the page. Then you can just look for

To get the version number. Shows up on the next line inside another <td></td>

Same as above.


False Positive Reporter - Mass email all anti virus vendors with an attachment of your program for fast and easy whitelisting.

PortableApps.com App Creation Wizard  - A simple GUI-based Wizard for creating PortableApps.

SoundBoard - Play any song or sound you want at the press of a hotkey.

My GitHub Page: https://github.com/BetaLeaf

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

I'm looking at the page, and the version number of the download is 3.1.1427, the date is 19 Feb. 2016.  Assuming they keep up with the date and version number on that page, then what you need to do is record the date and version of what you download, and then check the page to see if what is currently on the page is greater than the last thing you downloaded.  Don't try to reference the current file, simply store the last value you saw when downloading.

That of course assumes they keep up with their page at the remote end.  But "3.1.1427" is pretty specific.  I bet they do keep up with it.

 

The problem with doing an MD5 or SHA hash is that you need a local copy of the file to test the bytes.  There might be a site somewhere that will let you point them at a URL and they will download it and do the check sum, but that's pretty unlikely.  For one thing, that's a denial of service waiting to happen, and for another, it would be an easy way to get the remote site in trouble for unauthorized downloads.

 

[EDIT] If the remote site takes suggestions, then I would suggest to them that they calculate their own MD5 and SHA hash sums and post them.  Windows users aren't so used to seeing those values -- BUT -- the site does not have any easy way to tell if the file was corrupted in transit, nor do they have an easy way to see if a compromised version has been substituted.

Edited by mrider

How's my riding? Dial 1-800-Wait-There

Trying to use a computer with McAfee installed is like trying to read a book at a rock concert.

Share this post


Link to post
Share on other sites
1 hour ago, AutoBert said:

Use virustotal.com to get the hash, btw.: donlaoded software maybe dangerous: https://www.virustotal.com/de/file/dd2da35cd554df349448228497126e39d13ef9a207da5a72c85934cbcdc0d6e9/analysis/1457898055/

Can you elaborate on how this is supposed to work?


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites
1 person likes this

Share this post


Link to post
Share on other sites

Glad to know I was wrong.  Although it'd be interesting to see what Virus Total would make of a really large file.  Especially if lots of computers submitted lots of links to lots of large files all at once. :)


How's my riding? Dial 1-800-Wait-There

Trying to use a computer with McAfee installed is like trying to read a book at a rock concert.

Share this post


Link to post
Share on other sites

Only thing is virustotal is just downloading the file and then getting the hash. So you've got to wait for it to finish downloading, account for an instance if the Reanalyze or View Analysis pops up, wait for the redirect, and then grab the hash.

Sounds a lot easier to just download the file locally and check it.

That or whenever you download/update you store a key on the local computer with the version and date from the download page. That way you can parse the page for the Version and date and check it with your local file.

Unless you've got a server that can periodically download and hash the file. Storing the results on a webpage that your script(s) can parse and see if there's an update available.

Share this post


Link to post
Share on other sites
14 minutes ago, InunoTaishou said:

Sounds a lot easier to just download the file locally and check it.

it's easier but not in all cases faster. And the OP don't like to download (maybe) only for hashing.  But when hash tell's there is a new one and he download it, it's faster.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now