ELF 文件的 CRC 校验和
[英]CRC checksum of ELF file
问题描述
I need an opinion from somebody who has some experince with assuring file integrity.
我需要一些在确保文件完整性方面有经验的人的意见。 I am trying to protect the integrity of my file with a crc checksum.我正在尝试使用 crc 校验和来保护我的文件的完整性。 My primary goal is to make harder bypassing a licence file check (which consist in disassembling the executable and removing a conditional jump).我的主要目标是更难绕过许可证文件检查(包括反汇编可执行文件并删除条件跳转)。
I came up with the following idea:我想出了以下想法:
unsigned long crc_stored = 4294967295;
char* text_begin = (char*)0xffffffffffffffff;
char* text_end = (char*)0xffffffffffffffff;
int main(){
unsigned long crc = calc_checksum(text_begin, text_end);
if (crc == crc_stored)
//file is ok
}
I edit the .data section of the elf binary in the following way: text_begin and text_end will contain the begin and end address of the .text section, and crc_stored the crc checksum of the .text section.我编辑.data通过以下方式精灵二进制部分: text_begin和text_end将包含开始和结束地址.text部分, crc_stored了的CRC校验.text部分。
I would like to know whether this is a proper way of doing this, or there are better methods?我想知道这是否是这样做的正确方法,或者有更好的方法?
Edit: Karoly Horvath has right.编辑:Karoly Horvath 是对的。 Let's say I use the crc check to decrypt some code.假设我使用 crc 检查来解密一些代码。 I would like to know which is the best way ro checksum protect the executable.我想知道哪种是 ro 校验和保护可执行文件的最佳方式。 Olaf also has right.奥拉夫也有权利。 I can use a sha algorithm.我可以使用 sha 算法。 The question is the same.问题是一样的。
Edit2: please stop saying that any protection can bypassed. Edit2:请不要再说任何保护都可以绕过。 I know and I just want to make it harder.我知道,我只是想让它变得更难。 Please answer the question if you can.如果可以,请回答这个问题。
2 个解决方案
解决方案1
1 2015-11-17 03:07:22
Let me see.让我看看。 You have code that does this:您有执行此操作的代码:
int main() {
if (!license_ok()) { exit(1); }
// do something useful
}
You are worried that someone will disassemble your code, and patch out the conditional jump, so you are proposing to change the code this way instead:您担心有人会反汇编您的代码,并修补条件跳转,因此您建议以这种方式更改代码:
int main() {
if (calc_checksum() != stored_crc) { exit(1); }
if (!license_ok()) { exit(1); }
// do something useful
}
I hope you see that this "solution" is not really a solution at all (if someone is capable of patching out one conditional jump, surely he is just as capable of patching out two such jumps).我希望你看到这个“解决方案”根本不是一个真正的解决方案(如果有人能够修补一个条件跳转,那么他肯定也有能力修补两个这样的跳转)。
You can find ideas for a more plausible / robust solution in one of the many books on the subject.您可以在有关该主题的众多书籍之一中找到有关更合理/可靠的解决方案的想法。
解决方案2
0 2020-10-11 00:11:57
Do not stop the programme from running.不要停止程序运行。 If the license is wrong at the start some strange behaviour is likely after 1 to 5 minutes, causing segfaults, wrong calculations, whatever.如果许可证在开始时是错误的,那么 1 到 5 分钟后可能会出现一些奇怪的行为,导致段错误、错误计算等等。 But in some indirect ways.但在某些间接方面。 Like a 2nd thread that modifies calculations or changes a random bit in the stack of another thread if the license is wrong.就像第二个线程一样,如果许可证错误,它会修改计算或更改另一个线程堆栈中的随机位。
Also get a Map of yourself at runtime by /proc/self and run a checksum on your .text sections at runtime.还可以在运行时通过/proc/self获取自己的 Map 并在运行时对.text部分运行校验和。 That way you also can find some runtime modifications.这样您还可以找到一些运行时修改。
But the bitter truth is, if it is runnable then it is just a question of how much effort the attacker needs to get a unlicensed copy running.但残酷的事实是,如果它是可运行的,那么问题只是攻击者需要付出多少努力才能运行未经许可的副本。 It is not important to make it unrunnable.让它不可运行并不重要。 Just the effort of getting it cracked must be bigger than the effort.只是破解它的努力必须大于努力。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.