Wednesday, April 2, 2008

Embedding signatures into executables

If you embed a signature of the file into the file, doesn't this by definition change the file's signature?

  1. Set the swappable instructions in the program to their bitwise equivalent of 0.
  2. Calculate a signature based on that number.
  3. Swap the instructions to encode that number.

To decode.

  1. Find swappable instructions.
  2. Determine what bit setting they're at.
  3. Set their bit setting to 0.
  4. Recalc signature based on the new bit setting.
  5. Compare to the bit setting you just retrieved.

I would still recommend publishing a separate public key, however,
and include an encrypted signature in the program. As you say, it can
always be changed and re-encoded.

On the other hand, this might be useful on a server, by
encoding a public key and checker on a CD-R and checking all your
programs periodically against the CD-R key. You could encode signatures
in each program and be able to upgrade programs from a central encoding
server without having to write a new cd each time.

Say you have an executable:


Your signature checking routine then does this:


and computes the hash


And then sends:


To reverse, we extract the hash (deadbabeca) and the "original" executable.

Then we compute the hash (of 1_3_3_7...) and check if it matches...

In summary, we embedded a checksum, but we removed it before we checked it. Simple, really.


Patrick said...

I have no idea what you just said. :)

Nod said...

I don't either, which is why I posted it -- a digital sticky note to refer to later.

It's a quote from a Slashdot article.


Related Posts with Thumbnails