usmiv4o

razorwire hash check for files

5 posts in this topic

#1 ·  Posted

#cs ----------------------------------------------------------------------------

 AutoIt Version: 3.2.4.3
 Author:         usmiv4o

 Script Function:
    AutoIt script to check if files in directory are changed. It is usefull for security contra-inteligense measures.

 Function Name:    LoadTripwireDB()
 Description:      Loads database (text file tripwire.txt) and compare files in /test folder for changes.
                    compares Hash (MD5) checksums. If they are not the same starts Initial()
 Function Name:    Initial()
 Description:      Checks directory and makes index of files and their MD5 checksums in text file (tripwire.txt)

 Function Name:    Hush()
 Description:      Checks file and returns its MD5 checksum.

 Requirement(s):   Windows XP
 Return Value(s):  On Success - Returns true. Files are the same as before.
                   On Failure - return false.

  Example:
 LoadTripwireDB()


#ce ----------------------------------------------------------------------------
#include <Crypt.au3>
#include <File.au3>
#include <Array.au3>


$sDir = @ScriptDir & "\Test"
$sFilePath = @ScriptDir & "\tripwire.txt"

Func Hush(ByRef $sFile)
    $sRead = FileOpen( $sFile)
    $dHash = _Crypt_HashData($sRead, $CALG_MD5) ; Create a hash of the text entered.
    ConsoleWrite("Hash of file " & $sFile & "  is " & $dHash & @CRLF)
EndFunc


    ;ConsoleWrite("Files in Dir are " & $aScriptDir[0] & @CRLF)
    ;$sFilePath = @ScriptDir & "\Examples.txt"
    ;_FileWriteFromArray($sFilePath, $aScriptDir, 1)
    ;_ArrayDisplay($aScriptDir, "1D display")

Func Initial()
    $aScriptDir = _FileListToArray($sDir)
    for $i = 1 To UBound($aScriptDir) - 1
        $dHash = _Crypt_HashData($i, $CALG_MD5)
        ;ConsoleWrite("File " & $aScriptDir[$i] & " is " & $dHash & @CRLF)
        ConsoleWrite($aScriptDir[$i] & ":" & $dHash & @CRLF)
        ;Hush($aScriptDir[$i])

        ;FileWrite

        $hFileOpen = FileOpen($sFilePath, $FO_APPEND)
        If $hFileOpen = -1 Then
            MsgBox($MB_SYSTEMMODAL, "", "An error occurred when reading the file.")
        EndIf
        FileWrite($hFileOpen, $aScriptDir[$i] & ":" & $dHash & @CRLF)
    Next
EndFunc

Func Monitor()
    $aScriptDir = _FileListToArray($sDir)
    for $i = 1 To UBound($aScriptDir) - 1

    Next
EndFunc

Func LoadTripwireDB()
    $comparison_ok = false
    $dArray = _FileListToArray($sDir)       ;directory
    $dArray0 = UBound($dArray) - 1
    $fArray =  FileReadToArray($sFilePath)  ;file
    $fArray0 = UBound($fArray)
    ;_ArrayDisplay($dArray, "files array")
    if $dArray0 = $fArray0 Then     ; are file same as recorded in txt file?
        ;ConsoleWrite("files in monitoring dir: " & $dArray[0] & " = file recorded: " & $fArray0 & @CRLF & $fArray[0]& @CRLF)
        for $i = 1 To UBound($dArray) - 1
            ;ConsoleWrite("i = " & $i & @CRLF)
            $dHash = _Crypt_HashData($i, $CALG_MD5) ;binary
            ;$dHash = BinaryToString($dHash)
            $ffhash = StringSplit( $fArray[$i-1],":")
            $fhash = $ffhash[2]

            ;ConsoleWrite("IsBinary $dHash " & IsBinary($dHash) & @CRLF)

            if  $dHash = $fhash  Then   ;if compared hashes are equal
                ;ConsoleWrite($fhash & ":" & $dHash & " equal" & @CRLF)
                ;ConsoleWrite("File:      " & $fhash & @CRLF & "Directory: " & $dHash & @CRLF & "equal:     yes " & @CRLF)

            Else                        ;if compared hashes are not equal
                ;ConsoleWrite("File:      " & $fhash & @CRLF & "Directory: " & $dHash & @CRLF & "equal:     not " & @CRLF)
                ;MsgBox(0,"hash md5",$fhash & ":" & $dHash & " not equal")
            EndIf

        Next
        ;ConsoleWrite("hashes are equal" & @CRLF)
        $comparison_ok = true
    Else
        ConsoleWrite("number of files in monitoring dir are not same as recorded" & @CRLF)
        ConsoleWrite("directory: " & $dArray[0] &":"& "files: " & UBound($fArray) - 1 & @CRLF)
    EndIf
    Return $comparison_ok
EndFunc

#main
if LoadTripwireDB() = true Then
    ConsoleWrite(" hashes are equal " & @CRLF)
ElseIf  LoadTripwireDB() <> true Then
    ConsoleWrite(" hashes are not equal " & @CRLF)
    ConsoleWrite(" hashes are not equal " & @CRLF)
    Initial()
EndIf

 

tripwire.au3

tripwire.txt


I have nothing to be proud: I am Bulgarian :~But there is no better place than 127.0.0.1Tutorial for newbies

Share this post


Link to post
Share on other sites



#2 ·  Posted

BTW, MD5 is rather weak nowadays, especially for security (anti-malicious) purposes.  SHA2 is way more secure (today and for some time).


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

#3 ·  Posted

Hashing is a very good way to check the integrity of a file but something that should be noted is hashing large files will make this slow.

The Hash function hashes the first 524,288 characters (roughly 4mb if my math is correct); doesn't seem like a lot but then it's going to run that string through the actual hashing algorithm. A quicker way would be just to check the Date Modified, Date Created attributes, and size of the file.

Share this post


Link to post
Share on other sites

#4 ·  Posted

32 minutes ago, InunoTaishou said:

A quicker way would be just to check the Date Modified, Date Created attributes, and size of the file.

All these attributes can too easily be tampered with.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

20 minutes ago, jchd said:

All these attributes can too easily be tampered with.

Yup, didn't say it was the best way to check integrity, just a quicker way.

Just warning if someone was trying to use this to monitor dozens of files that may be hundreds of mbs each. Since autoit cannot multi thread and create a process to hash each one, hashing each one of them, sequentially, is going to take a while (I tried a long time ago on about 100 files that were a few gbs each and it took, I think, around 40 minutes to do them all, can't remember the exact time since it was so long ago).

Edited by InunoTaishou

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • Graeme
      By Graeme
      I was looking for a way to calculate the sha512 value of files downloaded and eventually came across crypt.au3 in my include folder. It looks good but when I looked at the global constants the three values for Sha 2 are commented out. Is there a reason for that or should these be made available?
    • 5ervant
      By 5ervant
      What's the best way to receive file from a desktop app?
      app.exe will execute a cmd with "au3file.exe /path/of/the/file.xml" and the au3file.exe will get and delete that. Or else? THE MOST IMPORTANT PART OF THE QUESTION
      And best way to transfer file to a desktop app?
      au3file.exe do a $_POST request and the app.exe MUST HAVE a local HTTP server that can receive $_POST, but it looks heavy 'cause the app must have a server such XAMPP. au3file.exe execute a cmd with "app.exe /path/of/the/file.xml" and the app.exe will now get that file and delete. Or else?  
    • Fenzik
      By Fenzik
      ; Title .........: Password
      ; AutoIt Version : 3.3.14.2
      ; Description ...: UDF to work with passwords. Mostly ported from Javascript at http:rumkin.com/tools/password/passchk.php and improved a bit
      ; Author(s) .....: Fenzik + Team Adaptech
      ; #CURRENT# =====================================================================================================================
      ;_Password_Generate
      ;_Password_GetcharsetSize
      ;_Password_GetEntropy
      ;_Password_IsCommonWord
      ;_Password_Startup
      ; ===============================================================================================================================
       
      It's my first UDF so please be nice.:)
       
      If somebody have better idea how to store common dictionary and frequency table please post here...
       
      Have fun!
       
      Fenzik
       
      Password.zip
    • FrancescoDiMuro
      By FrancescoDiMuro
      Good evening everyone
      I'm working on this little project for a week, and, what I'm trying to do could be useful for many users as well...
      I'm trying to do a "Report Generator", which reads the data that have to report from a text file (.txt) formatted with this pattern;
      Data1;Data2;Data3;Data4;Data5;;

      YES, there are 2 semi-colon at the end of the line.

      In detail, Data1 is a date/time stamp with this format: YYYY/MM/DD HH:MM:SS ;

      When the script starts, the user is prompted to choose 2 dates which I'll call as:
      Report_Date_Start; Report_Date_Start. So, the report, should cover all dates between Report_Date_Start AND Report_Date_End.

      And, already at this point, I don't know how to do the query... How can I say to the script:
      SELECT * FROM (.txt) WHERE Data1 BETWEEN Report_Date_Start AND Report_Date_End; ?

      I thought that I could do a _DateDiff, but if the difference between the two dates is months and not days, how can I do the trick?
      Should I make a Switch...Case with the _DateDiff() and see then calculate all the dates between Report_Date_Start AND Report_Date_End... But then, how can I compare the dates in the file with all the dates between Report_Date_Start AND Report_Date_End? I'm going crazy, I know...

      I've already made a "Export Tool", which exports the content of the .txt file in a .db, managed with SQLite... I mean, there I could easily do a query like I did above the thread, but, this "export", for 1080 rows, takes 28 seconds to be done. And, 1080 rows are daily rows that are added every day in the .txt file, so, in a week, the file could be easily 7000+ rows, which means that the "export" would take 3 minutes to be done... And we can go over and over...
      I'll post just for be "complete" what I've done about the export, so, maybe, someone could say how to improve it in terms of efficency...
       
      Local $aContenutoFileAuditReport = "" _FileReadToArray($sFileAudit_Report, $aContenutoFileAuditReport) If(IsArray($aContenutoFileAuditReport) And Not @error) Then Local $aContenutoFileAuditReport_Splitted = "" Local $sQuery = "" Local $hInizioConteggio = TimerInit() For $i = 1 To UBound($aContenutoFileAuditReport) - 1 $aContenutoFileAuditReport_Splitted = StringSplit($aContenutoFileAuditReport[$i], ";") $sQuery = "INSERT INTO FileDB_Report(DATESTAMP, TIMESTAMP, USER_ID, OBJECT_ID, DESCRIPTION, COMMENT) " & _ "VALUES(" & _ _SQLite_FastEscape($aContenutoFileAuditReport_Splitted[0]) & "," & _ _SQLite_FastEscape($aContenutoFileAuditReport_Splitted[1]) & "," & _ _SQLite_FastEscape($aContenutoFileAuditReport_Splitted[3]) & "," & _ _SQLite_FastEscape($aContenutoFileAuditReport_Splitted[4]) & "," & _ _SQLite_FastEscape($aContenutoFileAuditReport_Splitted[5]) & "," & _ _SQLite_FastEscape($aContenutoFileAuditReport_Splitted[6]) & ");" If(_SQLite_Exec($hFileDB_Report, $sQuery) <> $SQLITE_OK) Then ConsoleWrite("Errore durante l'esecuzione della query #" & $i & @CRLF) Else ConsoleWrite("Query eseguita correttamente #" & $i & @CRLF) EndIf Next ConsoleWrite("Esportazione completata in: " & Round(TimerDiff($hInizioConteggio)/1000, 0) & " secondi") Else MsgBox($MB_ICONERROR, "Errore!", "Errore durante la lettura del file nell'array." & @CRLF & "Errore: " & @error) EndIf I know that I can't do queries from a .txt file...
      [19:18] 
      I've been writing this post from 18:40 maybe...
      By the way, if @jchd or someone else could tell me if I can import a formatted .txt file in SQLite and then, do queries on the DB, I'd be very happy for that...
      About the report in PDF, I'm talking with @taietel in order to know how to create a PDF.
      I hope someone will help me
      Sorry for the "long" list of questions...
      Thank you for everything you've done for me
      I have to say that this is the community of programming language that I've loved most!
      By the way, I'll be back tomorrow in the morning ( ~ 9:15 a.m. Italian time ), so, excuse me if I can't answer before that time.
      Hope you guys have a wonderful day/night.

      Thanks again

      Francesco
    • ur
      By ur
      We can get a list of file using the below code.
      Local $aFileList = _FileListToArray(@DesktopDir, "*") Is there any option to use the above one recursively to get sub folders and their contents also.??
      And also, is there any way to serialize the above array locally to some file and load it later when we want in another program on another machine so that we can compare its contents with a folder in different machine, which is not network connected also.?