View Full Version : CRC Checkup...Need some info!
RedStorm
May 4th, 2002, 00:01
Is there a way (any tools) to change checksum of the file so when CRC is performed it "believes" nothing has been changed??
I used LordPE (something similar to ProcDump) but it doesnt do the job...Unless CRC is bit more than just plain Checksum...
I did test....
Test 1. I do not touch any info iside of the exe with any HexEditor but use LordPE to change to some custom Checksum it reports invalid exe...
Test 2. Than I use HexEditor to chage single byte inside (ofcourse checksum changes) REPORT: Invalid Exe
Test 3. Than in edited exe I change the Checksum to match the Checksum of the UNTOUCHED file but still REPORT: Invalid exe....
Any ideas??
You have to know what checksum they're performing. Is it CRC32? MD5? Something they made up themselves? If it's CRC32, then finding the correct bytes is almost trivial. If it's MD5, you've got about the same probability of finding the correct byte as the probability that all the quarks in your underwear will jump six feet to the left and reassemble themselves as a can of mandarin oranges.
Pyrae
May 4th, 2002, 16:42
Hi mike and others,
some more info on the 'trivial' finding of the correct bytes in a CRC32 style checksum would be much appreciated as many protections still use a CRC32 sum over the whole file.
@RedStorm
The CRC value LordPE can correct is only a checksum of the PE header - therefore it's absolutely irrelevant for any validation checks over the whole file.
well dont know how to answer your qestions but u have troubles patching a file with CRC check just make a loader...
ancev
May 5th, 2002, 23:01
hi,
if is crc16, 32 or 48, you can use that tool.
ancev
ps: sources(in asm, of course) included.
whyIII
April 9th, 2004, 04:19
let me try it first
dELTA
April 9th, 2004, 07:39
The suggestions so far in this thread seem to be about creating a patch that preserves the original checksum, or in other ways unnecessarily complicated. The common way would be just to make any patch you want, then see what checksum this results in, and then patch in this checksum as the "correct" one in the application, simple as that.
PS1.
Of course, when finding the location where the "correct" checksum i stored, you have most likely already located the checksum compare code, and might as well patch a jump in that one instead.
PS2.
The only time this will not work is when something in the application will be decrypted at runtime, having the checksum as the key. In this case, patch the crc function to always return the original "correct" checksum instead.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.