Jump to content

MD5,SHA1,CRC32,RC4,BASE64,XXTEA machine code version

Ward

By Ward,
in AutoIt Example Scripts

 Share

Recommended Posts

  • Replies 108
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Ward
Ward

Thanks to Lazycat's great idea. He told us how to use the CallWindowProc API to run machine code. So I wrote some codes in Sphinx C--, and run them in AutoIt.   Here are MD5, SHA1, CRC32, RC4, and BAS

argumentum
argumentum

from 2008, OP is no longer at the forums. Good luck. SHA1_MD5_RC4_BASE64_CRC32_XXTEA.zip

Biatu
Biatu

I *think* this is 2010 version.   AutoIt Machine Code Algorithm Collection.zip

rajeshontheweb Universalist

rajeshontheweb

Posted
Posted

i have found this utility very very useful, mates. i had used MD5File.exe and similar utiilties earlier and used batch scripting etc to struggle deleting viruses in my network . this was very useful

but i have one suggestion. i am using this algorithm but i got lost some time ago. i had a tough time to find u to thank you. because ur script MD5.au3 doesnt have author info :-(

can u add a couple of lines of author info so that it would be very very useful.

Started late is much better than having never started it!!!!Failure is another step towards success. I've been messing around with:

Adding Entry to 'Hosts'File Information Lister (Logger)Yet Another AutoIT Error Handler Yet Another AutoIT Error Handler & Debugger Control your App's TaskBar Button YCurrency Ticker (Latest Release : 16 Apr 2009)_WinInetInternetCheckConnection UDF Symantec Definitions Lister UDF _GetLocalIPAddresses UDF UDF to get Special Folder Information WMI_NetworkAdapterConfiguration2Array WMI_CDRomDriveCapabilities  _ScriptExists - Check if your au3 script is running!! Uninstaller UDF Get Version for your application (at script level or compiled stage) Uninstaller Pro - faster alternative to windows application removal applet
Link to comment
Share on other sites
Armand Universalist

Armand

Posted
Posted

@KaFu

Mate, As my comment was mentioning ... don't let the DLLCall run on empty data and that's all!

[u]My Au3 Scripts:[/u]____________(E)Lephant, A Share download manager (RS/MU etc)Http1.1 Console, The Ez Way!Internet Reconnection Automation Suite & A Macro Recording Tool.SK's Alarm Clock, Playing '.MP3 & .Wav' Files._________________Is GOD a mistake of the Humanity Or the Humanity is a mistake of GOD ?!

Link to comment
Share on other sites
KaFu Universalist

KaFu

Posted
Posted

don't let the DLLCall run on empty data and that's all!

Right, now I've read it :P ... nevertheless I myself ran into problems trying to obfuscate the code... which can be resolved with the method I mentioned :unsure:, just didn't want to let this tip go to waste.

Best Regards

de.png OS: Win10-22H2 - 64bit - German, AutoIt Version: 3.3.16.1, AutoIt Editor: SciTE, Website: https://funk.eu
prog_icon_amt.png AMT - Auto-Movie-Thumbnailer (2022-Nov-26) prog_icon_bic.png BIC - Batch-Image-Cropper (2023-Apr-01) prog_icon_cop.png COP - Color Picker (2009-May-21)
prog_icon_dcs.png DCS - Dynamic Cursor Selector (2024-Feb-16) prog_icon_hmw.png HMW - Hide my Windows (2018-Sep-16) prog_icon_hrc.png HRC - HotKey Resolution Changer (2012-May-16) 
prog_icon_icu.png ICU - Icon Configuration Utility (2018-Sep-16) prog_icon_smf.png SMF - Search my Files (2023-Jun-03) - THE file info and duplicates search tool prog_icon_ssd.png SSD - Set Sound Device (2017-Sep-16)

Link to comment
Share on other sites
Jango Prodigy

Jango

Posted
Posted

Thanks to Lazycat's great idea. He told us how to use the CallWindowProc API to run machine code.

So I wrote some codes in Sphinx C--, and run them in AutoIt.

Hello,

Can you provide a link to get the Sphinx C-- compiler ? i can't find it doing search with google ...

Link to comment
Share on other sites
  • 1 month later...
ynbIpb Seeker

ynbIpb

Posted
Posted

You can add the MD5 hash to the end of the exe. When you check the hash, omit the last 16 bytes.

If you worry about it is too easy to be broken, maybe RC4 or XXTEA can be use to encrypt the hash.

Please show an example on how to implement it, given that the file can be of large size.

Thank you.

Link to comment
Share on other sites
  • Moderators
Melba23 Universalist

Melba23

Posted
  • Moderators
Posted (edited)

ynbIpb,

First take an .exe file - it will not be changed by the script, but I would use a copy if I were you! :-)

Then run this code - you will have to amend the file paths and names to suit your system:

#include <md5.au3>

Global $iBufferSize = 0x20000
$sFilename = "M:\Program\Au3 Scripts\HashTest.exe"
$iRemaining = FileGetSize($sFilename)
Global $hFileHandle = FileOpen($sFilename, 16)
$iTotal = 0
$MD5CTX = _MD5Init()

For $i = 1 To Ceiling($iRemaining / $iBufferSize)
    If $iRemaining > $iBufferSize Then 
        _MD5Input($MD5CTX, FileRead($hFileHandle, $iBufferSize))
        $iRemaining -= $iBufferSize
        $iTotal += $iBufferSize
    Else
        _MD5Input($MD5CTX, FileRead($hFileHandle, $iRemaining))
        $iTotal += $iRemaining
    EndIf
Next
$vHash = _MD5Result($MD5CTX)

$sOrg_File_Contents = FileRead($sFilename)
FileClose($hFileHandle)

$hFileHandle = FileOpen("M:\Program\Au3 Scripts\HashAdded.exe", 18)
FileWrite($hFileHandle, $sOrg_File_Contents & StringTrimLeft($vHash , 2))
FileClose($hFileHandle)

MsgBox(0,"Hash",$vHash)

You should now have 2 .exe files, one 32 bytes bigger than the other because of the added hash.

Now run this code. Again you should amend the file paths and names to suit your system:

#include <md5.au3>
#Include <String.au3>
#include <WinAPI.au3>

Global $iBufferSize = 0x20000

; Org file

$sFilename = "M:\Program\Au3 Scripts\HashTest.exe"
$iRemaining = FileGetSize($sFilename)
Global $hFileHandle = FileOpen($sFilename, 16)
$iTotal = 0
$MD5CTX = _MD5Init()
For $i = 1 To Ceiling($iRemaining / $iBufferSize)
    If $iRemaining > $iBufferSize Then 
        _MD5Input($MD5CTX, FileRead($hFileHandle, $iBufferSize))
        $iRemaining -= $iBufferSize
        $iTotal += $iBufferSize
    Else
        _MD5Input($MD5CTX, FileRead($hFileHandle, $iRemaining))
        $iTotal += $iRemaining
    EndIf
Next
$vHash1 = _MD5Result($MD5CTX)
FileClose($hFileHandle)
ConsoleWrite("Original file total bytes read      : " & $iTotal & @CRLF)

; File with 32 byte hash added to end

$sFilename = "M:\Program\Au3 Scripts\HashAdded.exe"
$iRemaining = FileGetSize($sFilename) - 32
Global $hFileHandle = FileOpen($sFilename, 16)
$iTotal = 0
$MD5CTX = _MD5Init()
For $i = 1 To Ceiling($iRemaining / $iBufferSize)
    If $iRemaining > $iBufferSize Then 
        _MD5Input($MD5CTX, FileRead($hFileHandle, $iBufferSize))
        $iRemaining -= $iBufferSize
        $iTotal += $iBufferSize
    Else
        _MD5Input($MD5CTX, FileRead($hFileHandle, $iRemaining))
        $iTotal += $iRemaining
    EndIf
Next
$vHash2 = _MD5Result($MD5CTX)
FileClose($hFileHandle)
ConsoleWrite("Exe less added hash total bytes read: " & $iTotal & @CRLF)

; Now read original hash added to the file
$iRemaining = FileGetSize($sFilename)
Global $hFileHandle = FileOpen($sFilename, 16)
$iTotal = 0
For $i = 1 To Ceiling($iRemaining / $iBufferSize)
    If $iRemaining > $iBufferSize Then 
        FileRead($hFileHandle, $iBufferSize)
        $iRemaining -= $iBufferSize
        $iTotal += $iBufferSize
    Else
        $sHash_Section = FileRead($hFileHandle, $iRemaining)
        $iTotal += $iRemaining
    EndIf
Next
FileClose($hFileHandle)
ConsoleWrite("Exe with added hash total bytes read: " & $iTotal & @CRLF)
$sHash_Bytes = StringRight($sHash_Section, 64)
$sHash_Chars = ""
For $i = 1 To 64 Step 2
    $sHash_Chars &= Chr(Dec(StringMid($sHash_Bytes, $i, 2)))
Next

; Or use Win_API functions
Global $nBytes
$iRemaining = FileGetSize($sFilename)
$tBuffer = DllStructCreate("byte[32]")
$hFile = _WinAPI_CreateFile($sFilename, 2, 2)
_WinAPI_SetFilePointer($hFile, $iRemaining - 32)
_WinAPI_ReadFile($hFile, DllStructGetPtr($tBuffer), 32, $nBytes)
_WinAPI_CloseHandle($hFile)
$sHash_API = BinaryToString(DllStructGetData($tBuffer, 1))

MsgBox(0, "Hashes", $vHash1 & @CRLF & $vHash2 & @CRLF & "0x" & $sHash_Chars & @CRLF & "0x" & $sHash_API)

The final MsgBox gives me 4 identical hashes - for the original file, for the new file once stripped of the added hash, and the twice the actual hash that was added to the new file. All 4 match the hash that was shown at the end of the first script.

I hope you find this useful.

M23

Edit 1: Changed second script so the whole file does not have to be read into memory to get at the added hash - as requested by ynbIpb. :-)

Edit 2: Added the Win API method as suggested by crashdemons.

Edited by Melba23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites
ynbIpb Seeker

ynbIpb

Posted
Posted

Thank you for the example.

But now I wonder:

; Now read original hash added to the file

$sContents_Plus_Hash = FileRead($hFileHandle)

$sHash_Bytes = StringRight($sContents_Plus_Hash, 64)

This step reads the whole file in memory?

and if my file is very big?

Link to comment
Share on other sites
  • Moderators
Melba23 Universalist

Melba23

Posted
  • Moderators
Posted (edited)

ynbIpb,

If you are concerned about the size of the file, then use a similar trick to that used in the code to hash the files. Set a $iBufferSize variable and read the file in sections until you get to the last section which includes the hash. I am sure you can code that for yourself! ;-)

M23

Edit: But if you do not want to I have amended the example above. :-)

Edited by Melba23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites
crashdemons Universalist

crashdemons

Posted
Posted

ynbIpb,

If you are concerned about the size of the file, then use a similar trick to that used in the code to hash the files. Set a $iBufferSize variable and read the file in sections until you get to the last section which includes the hash. I am sure you can code that for yourself! ;-)

If you use _WinAPI_SetFilePointer you can read/write data from specific positions in a file, instead of starting at the first character.

See the _WinAPI_SetFilePointer examples in the Help File.

My Projects - WindowDarken (Darken except the active window) Yahsmosis Chat Client (Discontinued) StarShooter Game (Red alert! All hands to battlestations!) YMSG Protocol Support (Discontinued) Circular Keyboard and OSK example. (aka Iris KB) Target Screensaver Drive Toolbar Thingy Rollup Pro (Minimize-to-Titlebar & More!) 2D Launcher physics example Ascii Screenshot AutoIt3 Quine Example ("Is a Quine" is a Quine.) USB Lock (Another system keydrive - with a toast.)

Link to comment
Share on other sites
  • Moderators
Melba23 Universalist

Melba23

Posted
  • Moderators
Posted

crashdemons,

Thanks for that memory jog - completely forgot about the API call. I have added code for it to the example above.

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites
crashdemons Universalist

crashdemons

Posted
Posted (edited)

Not to be picky, but can this line be removed from _MD5Init() and _MD5Result()

$CodeBuffer = 0

$Codebuffer is only actually used, locally, in _MD5()

Depending upon Au3Check settings, both of these can generate 2 warnings:

...\MD5.au3(21,17) : WARNING: $CodeBuffer possibly not declared/created yet
    $CodeBuffer = 0
    ~~~~~~~~~~~~~~~^
...\MD5.au3(21,17) : WARNING: $CodeBuffer: declared, but not used in func.
    $CodeBuffer = 0
    ~~~~~~~~~~~~~~~^
...\MD5.au3(58,17) : WARNING: $CodeBuffer possibly not declared/created yet
    $CodeBuffer = 0
    ~~~~~~~~~~~~~~~^
...\MD5.au3(58,17) : WARNING: $CodeBuffer: declared, but not used in func.
    $CodeBuffer = 0
    ~~~~~~~~~~~~~~~^

These issues aren't really critical and you can handle them how you like, if you like - I thought I'd just point them out.

Edited by crashdemons

My Projects - WindowDarken (Darken except the active window) Yahsmosis Chat Client (Discontinued) StarShooter Game (Red alert! All hands to battlestations!) YMSG Protocol Support (Discontinued) Circular Keyboard and OSK example. (aka Iris KB) Target Screensaver Drive Toolbar Thingy Rollup Pro (Minimize-to-Titlebar & More!) 2D Launcher physics example Ascii Screenshot AutoIt3 Quine Example ("Is a Quine" is a Quine.) USB Lock (Another system keydrive - with a toast.)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...