I'm trying to write some polymorphic C++ code for a computer security course I am taking. Our only requirement is that we take an MD5 hash before and after compilation/execution, and the values must be different.
I'm just brainstorming at the moment, but do you all have any suggestions for some file manipulations that I could do to yield a unique hash each time?
I too am not quite sure what you are asking. For example what are you MD5 hashing before compile time (the cpp file?) and after (the exe file?). Of course they would always both have unique MD5 hashes under those circumstances. I think you maybe confused as to what true polymorphic code is. In short, polymorphic code actually modifies itself every time the code is executed (in the context of a computer virus it would be the executable).
Okay, I was being a bit vague because I have received some bad feedback from being too specific. I have an assignment to write a basic polymorphic "program" (I don't want to use the V word, even though it is for educational purposes and will not propagate [I will fail if it does]).
The code itself has to be polymorphic, meaning something, somewhere, changes each time the program is run (I'm assuming within the body of the code). To prove that some manipulation is done, we will take an MD5 hash of the file/program/code, run it, and then get another MD5 hash and compare. If the hashes are different, then the code is assumed (for the purpose of our assignment) to be polymorphic...or at least to my understanding. Polymorphic code is of importance in computer security (and the context of this course) because anti-virus programs have a hard time tracking them since they are always changing.
I guess my question is if anyone has any ideas about how to accomplish this. I have absolutely no idea if I am right about any of my assumptions at this point, and I am also confused as to how one can alter source code when a program has already been compiled...
a basic polymorphic "program" (I don't want to use the V word, even though it is for educational purposes and will not propagate [I will fail if it does]).
I thought so. I just wanted to make sure I was understanding you correctly, first.
You could try something like purposely inserting a string with a particular shape in the program (e.h. "sample string 184567185091"), opening the executable file, looking for this string, and change some part of the string to something else.
I think doing something more clever with the code would be infeasible in C++.
Polymorphism isn't altering the source code. It means that the compiler doesn't know what methods to call because it is determined at runtime using a virtual lookup table.
My only thoughts are that you could create a hierarchy of classes and have each one sport a hash method. Implement a different algorithm for each and that way the hash will be dynamic and will depend on which object the method is being called from.
My problem is understanding how to insert this string, and how I can open the executable file (which is in a format that isn't human readable...right?) and look for said string? Also, how can I open the .exe if I can only turn in two files, which are the .cpp and the associated .exe file?
Just so I'm not being misunderstood, this is the specific requirement.
Problem Statement:
1a. Write and compile a program written in C++ that executes on the class virtual machine. The online virtual machine image is the only machine that your code will be tested on. No testing will be done in the turn-in directory, so you can make no assumptions about a particular directory path your program will execute in.
1b. When executed, your program will display a message to the terminal returning the MD5 hash value of the current executable file in the following format: “The original hash value is <hash value> - <your name>”.
1c. After the executable file has been modified then display the following message: “The modified hash value is <hash value> - <your name>”.
1d. Any extra interim files should be deleted and the only modified executable should remain.
The evaluation criteria for this project follows: Does the hash value of the virus executable file change with each execution of the virus? Project submissions that cause any damage other than the rewrite of the executable file will be graded as failed projects.
My problem is understanding how to insert this string
Declaring the string should be enough. For example, constchar *string="this exists";
how I can open the executable file (which is in a format that isn't human readable...right?) and look for said string?
The executable is a file like any other. If you know how to open and read a file in general then you should be able to do it.
Also, how can I open the .exe if I can only turn in two files, which are the .cpp and the associated .exe file?
When you run a program, the program is copied to memory at load time. The idea is to have to the memory version of the program alter the disk version of the program.
If you're writing polymorphic code, I guess you know your way round the operating system you're using.
In the Windows case, I know how you can alter the in-memory image--given the right privileges--but replacing the copy on the disk is harder. I think that might need help from outside as Windows locks all running executable and loaded DLLs. And I am unaware of low levels hacks to do it.
You can still do something like
1. Run executable (e.g. 1.exe).
2. Copy 1.exe to 2.exe (reads are allowed).
3. Run 2.exe. Terminate 1.exe.
4. 2.exe modifies 1.exe.
5. Run 1.exe. Terminate 2.exe.
6. 1.exe deletes 2.exe.
I used something like this once to implement self-updates. The trick is figure out how to tell the program in which step of this metaprogram it is.