Jump to content
usmiv4o

razorwire hash check for files

Recommended Posts

#cs ----------------------------------------------------------------------------

 AutoIt Version: 3.2.4.3
 Author:         usmiv4o

 Script Function:
    AutoIt script to check if files in directory are changed. It is usefull for security contra-inteligense measures.

 Function Name:    LoadTripwireDB()
 Description:      Loads database (text file tripwire.txt) and compare files in /test folder for changes.
                    compares Hash (MD5) checksums. If they are not the same starts Initial()
 Function Name:    Initial()
 Description:      Checks directory and makes index of files and their MD5 checksums in text file (tripwire.txt)

 Function Name:    Hush()
 Description:      Checks file and returns its MD5 checksum.

 Requirement(s):   Windows XP
 Return Value(s):  On Success - Returns true. Files are the same as before.
                   On Failure - return false.

  Example:
 LoadTripwireDB()


#ce ----------------------------------------------------------------------------
#include <Crypt.au3>
#include <File.au3>
#include <Array.au3>


$sDir = @ScriptDir & "\Test"
$sFilePath = @ScriptDir & "\tripwire.txt"

Func Hush(ByRef $sFile)
    $sRead = FileOpen( $sFile)
    $dHash = _Crypt_HashData($sRead, $CALG_MD5) ; Create a hash of the text entered.
    ConsoleWrite("Hash of file " & $sFile & "  is " & $dHash & @CRLF)
EndFunc


    ;ConsoleWrite("Files in Dir are " & $aScriptDir[0] & @CRLF)
    ;$sFilePath = @ScriptDir & "\Examples.txt"
    ;_FileWriteFromArray($sFilePath, $aScriptDir, 1)
    ;_ArrayDisplay($aScriptDir, "1D display")

Func Initial()
    $aScriptDir = _FileListToArray($sDir)
    for $i = 1 To UBound($aScriptDir) - 1
        $dHash = _Crypt_HashData($i, $CALG_MD5)
        ;ConsoleWrite("File " & $aScriptDir[$i] & " is " & $dHash & @CRLF)
        ConsoleWrite($aScriptDir[$i] & ":" & $dHash & @CRLF)
        ;Hush($aScriptDir[$i])

        ;FileWrite

        $hFileOpen = FileOpen($sFilePath, $FO_APPEND)
        If $hFileOpen = -1 Then
            MsgBox($MB_SYSTEMMODAL, "", "An error occurred when reading the file.")
        EndIf
        FileWrite($hFileOpen, $aScriptDir[$i] & ":" & $dHash & @CRLF)
    Next
EndFunc

Func Monitor()
    $aScriptDir = _FileListToArray($sDir)
    for $i = 1 To UBound($aScriptDir) - 1

    Next
EndFunc

Func LoadTripwireDB()
    $comparison_ok = false
    $dArray = _FileListToArray($sDir)       ;directory
    $dArray0 = UBound($dArray) - 1
    $fArray =  FileReadToArray($sFilePath)  ;file
    $fArray0 = UBound($fArray)
    ;_ArrayDisplay($dArray, "files array")
    if $dArray0 = $fArray0 Then     ; are file same as recorded in txt file?
        ;ConsoleWrite("files in monitoring dir: " & $dArray[0] & " = file recorded: " & $fArray0 & @CRLF & $fArray[0]& @CRLF)
        for $i = 1 To UBound($dArray) - 1
            ;ConsoleWrite("i = " & $i & @CRLF)
            $dHash = _Crypt_HashData($i, $CALG_MD5) ;binary
            ;$dHash = BinaryToString($dHash)
            $ffhash = StringSplit( $fArray[$i-1],":")
            $fhash = $ffhash[2]

            ;ConsoleWrite("IsBinary $dHash " & IsBinary($dHash) & @CRLF)

            if  $dHash = $fhash  Then   ;if compared hashes are equal
                ;ConsoleWrite($fhash & ":" & $dHash & " equal" & @CRLF)
                ;ConsoleWrite("File:      " & $fhash & @CRLF & "Directory: " & $dHash & @CRLF & "equal:     yes " & @CRLF)

            Else                        ;if compared hashes are not equal
                ;ConsoleWrite("File:      " & $fhash & @CRLF & "Directory: " & $dHash & @CRLF & "equal:     not " & @CRLF)
                ;MsgBox(0,"hash md5",$fhash & ":" & $dHash & " not equal")
            EndIf

        Next
        ;ConsoleWrite("hashes are equal" & @CRLF)
        $comparison_ok = true
    Else
        ConsoleWrite("number of files in monitoring dir are not same as recorded" & @CRLF)
        ConsoleWrite("directory: " & $dArray[0] &":"& "files: " & UBound($fArray) - 1 & @CRLF)
    EndIf
    Return $comparison_ok
EndFunc

#main
if LoadTripwireDB() = true Then
    ConsoleWrite(" hashes are equal " & @CRLF)
ElseIf  LoadTripwireDB() <> true Then
    ConsoleWrite(" hashes are not equal " & @CRLF)
    ConsoleWrite(" hashes are not equal " & @CRLF)
    Initial()
EndIf

 

tripwire.au3

tripwire.txt


I have nothing to be proud: I am Bulgarian :~But there is no better place than 127.0.0.1Tutorial for newbies

Share this post


Link to post
Share on other sites

BTW, MD5 is rather weak nowadays, especially for security (anti-malicious) purposes.  SHA2 is way more secure (today and for some time).


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

Hashing is a very good way to check the integrity of a file but something that should be noted is hashing large files will make this slow.

The Hash function hashes the first 524,288 characters (roughly 4mb if my math is correct); doesn't seem like a lot but then it's going to run that string through the actual hashing algorithm. A quicker way would be just to check the Date Modified, Date Created attributes, and size of the file.

Share this post


Link to post
Share on other sites
32 minutes ago, InunoTaishou said:

A quicker way would be just to check the Date Modified, Date Created attributes, and size of the file.

All these attributes can too easily be tampered with.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites
20 minutes ago, jchd said:

All these attributes can too easily be tampered with.

Yup, didn't say it was the best way to check integrity, just a quicker way.

Just warning if someone was trying to use this to monitor dozens of files that may be hundreds of mbs each. Since autoit cannot multi thread and create a process to hash each one, hashing each one of them, sequentially, is going to take a while (I tried a long time ago on about 100 files that were a few gbs each and it took, I think, around 40 minutes to do them all, can't remember the exact time since it was so long ago).

Edited by InunoTaishou

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By Scriptmaster
      <NEWBIE ALERT>
      Is it possible to unzip a zip file in Autoit without using a dll!
      My script downloads a zip file to a temporary directory (successfully) and it must be unzipped to (Or moved to after unzip) another a folder which just happens to be
      @scriptdir & "file.exe" Thanks in advance
    • By Inpho
      Hi All,
      I intend on keeping custom functions/UDFs (works in progress) here; if anyone wants to use any code, feel free.
      String functions:
      #AutoIt3Wrapper_AU3Check_Parameters=-d -w- 1 -w 2 -w 3 -w 4 -w 5 -w 6 #include-once ; #FUNCTION# ==================================================================================================================== ; Name ..........: _DateTimeGet ; Description ...: Returns the date and time formatted for use in sortable filenames, logs, listviews, etc. ; Syntax ........: _DateTimeGet(iType = 1[, $bHumanFormat = False]) ; Parameters ....: $iType - [optional] an integer value. Default is 1. ; 1 - Date and time in file-friendly format; 20190115_113756 ; 2 - Date in file-friendly format; 20190115 ; 3 - Time in file friendly format; 113756 ; $bHumanFormat - [optional] a boolean value. Default is False. ; True - Includes slashes in the date and colons in the time with a space inbetween ; False - No slashes or colons included with an underscore inbetween ; Return values .: Success - String ; Failure - Sets @error to non-zero and returns an empty string ; Author ........: Sam Coates ; =============================================================================================================================== Func _DateTimeGet($iType = 1, $bHumanFormat = False) If $iType < 1 Or $iType > 3 Then Return (SetError(-1, 0, "")) ;; Param1: ;; 1 = Date and time in file friendly format: 20190115_113756 ;; 2 = Date in file friendly format: 20190115 ;; 3 = Time in file friendly format: 113756 ;; Param2: ;; True = Use human-readable format: 15/01/2019 11:37:56 Local $sTime = @HOUR & ":" & @MIN & ":" & @SEC Local $sDate = @MDAY & "/" & @MON & "/" & @YEAR If $iType = 1 Then If $bHumanFormat = False Then $sTime = StringReplace($sTime, ":", "") $sDate = StringReplace($sDate, "/", "") $sDate = StringTrimLeft($sDate, 4) & StringMid($sDate, 3, 2) & StringLeft($sDate, 2) Return ($sDate & "_" & $sTime) Else Return ($sDate & " " & $sTime) EndIf ElseIf $iType = 2 Then If $bHumanFormat = False Then $sDate = StringReplace($sDate, "/", "") $sDate = StringTrimLeft($sDate, 4) & StringMid($sDate, 3, 2) & StringLeft($sDate, 2) EndIf Return ($sDate) ElseIf $iType = 3 Then If $bHumanFormat = False Then $sTime = StringReplace($sTime, "/", "") EndIf Return ($sTime) EndIf EndFunc ;==>_DateTimeGet ; #FUNCTION# ==================================================================================================================== ; Name ..........: _FileToFileExtension ; Description ...: Returns a file extension from a filename/FQPN (Fully Qualified Path Name) ; Syntax ........: _FileToFileExtension($sPath) ; Parameters ....: $sPath - a string value. ; Return values .: Success - String ; Failure - Empty string as returned from StringTrimLeft() ; Author ........: Sam Coates ; =============================================================================================================================== Func _FileToFileExtension($sPath) Return (StringTrimLeft($sPath, StringInStr($sPath, ".", 0, -1))) EndFunc ;==>_FileToFileExtension ; #FUNCTION# ==================================================================================================================== ; Name ..........: _FileToFileName ; Description ...: Returns a filename from a FQPN (Fully Qualified Path Name) ; Syntax ........: _FileToFileName($sPath[, $bIncludeExtension = True]) ; Parameters ....: $sPath - a string value. ; $bIncludeExtension - [optional] a boolean value. Default is True. ; Return values .: Success - String ; Failure - Empty string as returned from StringLeft() ; Author ........: Sam Coates ; =============================================================================================================================== Func _FileToFileName($sPath, $bIncludeExtension = True) Local $sReturn = StringTrimLeft($sPath, StringInStr($sPath, "\", 0, -1)) If $bIncludeExtension = False Then $sReturn = StringLeft($sReturn, StringInStr($sReturn, ".", 0, -1) - 1) Return ($sReturn) EndFunc ;==>_FileToFileName ; #FUNCTION# ==================================================================================================================== ; Name ..........: _FileToFilePath ; Description ...: Returns a folder path from a FQPN (Fully Qualified Path Name) ; Syntax ........: _FileToFilePath($sPath) ; Parameters ....: $sPath - a string value. ; Return values .: Success - String ; Failure - Empty string as returned from StringLeft() ; Author ........: Sam Coates ; =============================================================================================================================== Func _FileToFilePath($sPath) Return (StringLeft($sPath, StringInStr($sPath, "\", 0, -1) - 1)) EndFunc ;==>_FileToFilePath ; #FUNCTION# ==================================================================================================================== ; Name ..........: _StringLeft ; Description ...: Searches for a string inside a string, then removes everything on the right of that string ; Syntax ........: _StringLeft($sString, $sRemove[, $iCaseSense = 0, $iOccurrence = 1]) ; Parameters ....: $sString - a string value. The string to search inside. ; $sRemove - a string value. The string to search for. ; $iCaseSense - an integer value. Flag to indicate if the operations should be case sensitive. ; $iOccurrence - an integer value. Which occurrence of the substring to find in the string. Use a ; negative occurrence to search from the right side. ; Return values .: Success - String ; Failure - Empty string as returned from StringLeft() ; Author ........: Sam Coates ; =============================================================================================================================== Func _StringLeft($sString, $sRemove, $iCaseSense = 0, $iOccurrence = 1) Return (StringLeft($sString, StringInStr($sString, $sRemove, $iCaseSense, $iOccurrence) - 1)) EndFunc ;==>_StringLeft ; #FUNCTION# ==================================================================================================================== ; Name ..........: _StringRandom ; Description ...: Returns a string of random characters ; Syntax ........: _StringRandom($iAmount[, $iType = 1]) ; Parameters ....: $iAmount - an integer value. Length of returned string ; $iType - [optional] an integer value. Default is 1. ; 1 - Return digits (0-9) ; 2 - Return hexadecimal (0-9, A - F) ; 3 - Return Alphanumeric upper (0-9, A - Z) ; 4 - Return Alphanumeric (0-9, A - Z, a - z) ; 5 - Return Alpha upper (A - Z) ; 6 - Return Alpha (A - Z, a - z) ; Return values .: Success - String ; Failure - Empty string and @error flag as follows: ; @error : 1 - $iAmount is not a positive integer ; 2 - $iType is out of bounds ; Author ........: Sam Coates ; =============================================================================================================================== Func _StringRandom($iAmount, $iType = 1) If $iAmount < 1 Or IsInt($iAmount) = 0 Then Return (SetError(-1, 0, "")) Local $sString = "" Local $iRandomLow = 1, $iRandomHigh = 62 #Tidy_Off Local Static $aCharId[63] = [0, Chr(48), Chr(49), Chr(50), Chr(51), Chr(52), Chr(53), Chr(54), Chr(55), Chr(56), Chr(57), Chr(65), Chr(66), Chr(67), _ Chr(68), Chr(69), Chr(70), Chr(71), Chr(72), Chr(73), Chr(74), Chr(75), Chr(76), Chr(77), Chr(78), Chr(79), Chr(80), _ Chr(81), Chr(82), Chr(83), Chr(84), Chr(85), Chr(86), Chr(87), Chr(88), Chr(89), Chr(90), Chr(97), Chr(98), Chr(99), _ Chr(100), Chr(101), Chr(102), Chr(103), Chr(104), Chr(105), Chr(106), Chr(107), Chr(108), Chr(109), Chr(110), Chr(111), _ Chr(112), Chr(113), Chr(114), Chr(115), Chr(116), Chr(117), Chr(118), Chr(119), Chr(120), Chr(121), Chr(122)] #Tidy_On If $iType = 1 Then ;; digits: 1 - 10 $iRandomHigh = 10 ElseIf $iType = 2 Then ;; hexadecimal: 1 - 16 $iRandomHigh = 16 ElseIf $iType = 3 Then ;; alnumupper: 1 - 36 $iRandomHigh = 36 ElseIf $iType = 4 Then ;; alnum: 1 - 62 $iRandomHigh = 62 ElseIf $iType = 5 Then ;; alphaupper: 11 - 36 $iRandomLow = 11 $iRandomHigh = 36 ElseIf $iType = 6 Then ;; alpha: 11 = 62 $iRandomLow = 11 $iRandomHigh = 62 Else Return (SetError(-2, 0, "")) EndIf For $i = 1 To $iAmount $sString &= $aCharId[Random($iRandomLow, $iRandomHigh, 1)] ;; append string with corresponding random character from ascii array Next Return ($sString) EndFunc ;==>_StringRandom ; #FUNCTION# ==================================================================================================================== ; Name ..........: _StringTrimLeft ; Description ...: Searches for a string inside a string, then removes everything on the left of that string ; Syntax ........: _StringTrimLeft($sString, $sRemove[, $iCaseSense = 0, $iOccurrence = 1]) ; Parameters ....: $sString - a string value. The string to search inside. ; $sRemove - a string value. The string to search for. ; $iCaseSense - an integer value. Flag to indicate if the operations should be case sensitive. ; $iOccurrence - an integer value. Which occurrence of the substring to find in the string. Use a ; negative occurrence to search from the right side. ; Return values .: Success - String ; Failure - Empty string as returned from StringTrimLeft() ; Author ........: Sam Coates ; =============================================================================================================================== Func _StringTrimLeft($sString, $sRemove, $iCaseSense = 0, $iOccurrence = 1) Return (StringTrimLeft($sString, StringInStr($sString, $sRemove, $iCaseSense, $iOccurrence) + StringLen($sRemove) - 1)) EndFunc ;==>_StringTrimLeft Examples:
      ConsoleWrite(_StringRandom(100, 6) & @CRLF) ConsoleWrite(_StringTrimLeft("C:\Windows\System32\cmd.exe", "C:\Windows\System32\") & @CRLF) ConsoleWrite(_StringLeft("C:\Windows\System32\cmd.exe", "cmd.exe") & @CRLF) ConsoleWrite(_FileToFileName("C:\Windows\System32\cmd.exe") & @CRLF) ConsoleWrite(_FileToFilePath("C:\Windows\System32\cmd.exe") & @CRLF) ConsoleWrite(_FileToFileExtension("C:\Windows\System32\cmd.exe") & @CRLF) ConsoleWrite(_StringRandom(6, 4) & "-" & _StringRandom(4, 4) & "-" & _StringRandom(4, 4) & "-" & _StringRandom(4, 4) & "-" & _StringRandom(6, 4)& @CRLF)  
    • By dinotom
      Can files be read from the web or the cloud?
      I am trying to read this file but get the file open error.
      #include <FileConstants.au3> #include <MsgBoxConstants.au3> ;Assign the file path to a variable Local $sFilePath = "C:\Automation\test.txt" Local $sFilePathAzure ="https://batlgroupimages.blob.core.windows.net/files/test.txt" Local $nLineNumberToLookFor = 0 ;Open the file test.txt in append mode. ;If the folder C:\Automation does not exist, it will be created. Local $hFileOpen = FileOpen($sFilePathAzure, $FO_APPEND + $FO_CREATEPATH) ;Display a message box in case of any errors. If $hFileOpen = -1 Then MsgBox($MB_SYSTEMMODAL, "", "An error occurred while opening the file.") EndIf ;Set the file position to beginning for reading the data from the beginning of the file. FileSetPos($hFileOpen, 0, $FILE_BEGIN) ;Read the data from the file using the handle returned by FileOpen ;Local $sFileRead = FileRead($hFileOpen) ;Read the 2nd line of data from the file using the handle returned by FileOpen Local $sFileReadLine = FileReadLine ($hFileOpen,2) ;Close the handle returned by FileOpen. FileClose($hFileOpen)  
    • By RestrictedUser
      Q1) How to do GUIDelete() while using the script when a specific process starts?
      Q2) How to change (X) "Close"button behavior? 
      Q3) I am VPS Retailer and i want to control my Users that uses bad programs, such as Port Scanners and so on... I had created script to tell me what are they doing, but they removes my script from Windows Registry Startup paths, Common Startup paths, Task Schedules and so on... How to make my script protect itself from being closed and start as main process of windows at startup? 
    • By Pike
      Hey Everyone, I haven't been here in a while and recently picked up my old project. Still an FNG!
      To the point: I want to be able to push the button and either play an mp3, open a file, or open an exe program (all with the same button). The problem is that I don't know how to code for that at "case 1"
              Case 1                                                                                                                                             
                  Local $sRead = IniRead("config.ini", "Config", "One", "Default")                                
                  SoundPlay($sRead, @HotKeyPressed)                                                                     <-------------------------------
                  Run($sRead, @HotKeyPressed)                                                                                 <------------------------------- This 'Run' doesn't work even by itself!
      See code below for layout. If you need more information I will attach more code or answer any questions. Any help is greatly appreciated.
       
      Much Respect,
      Pike
       
      Func _HandleButton() $iClickCount += 1 $iTimer = TimerInit() AdlibRegister("CheckButtonPress", $CheckTime) EndFunc Func CheckButtonPress() If TimerDiff($iTimer) < $CheckTime Or $iTimer = 0 Then Return Switch $iClickCount Case 1 Local $sRead = IniRead("config.ini", "Config", "One", "Default") SoundPlay($sRead, @HotKeyPressed) Run($sRead, @HotKeyPressed) Case 2 MsgBox(0, "INFORMATION:", "Choose the file you want designated to this button") Local $sFileOpenDialog = FileOpenDialog(0, @ScriptDir & "\", "All (*.*)", $FD_FILEMUSTEXIST + $FD_MULTISELECT) If @error Then MsgBox($MB_SYSTEMMODAL, "", "No file(s) were selected.") EndIf Local $sFileName = InputBox("INFORMATION:", "Please Name Your File?" & @CRLF _ & @CRLF _ & "6 Characters or Less", "") IniWrite(@ScriptDir & "\config.ini", "Config", "One", $sFileOpenDialog) IniWrite(@ScriptDir & "\config.ini", "Config", "NameOne", $sFileName) EndSwitch $iClickCount = 0 AdlibUnRegister() EndFunc  

×
×
  • Create New...