Java self-checking program (self-checksuming)

Page 1 of 1

3 Replies - 1092 Views - Last Post: 29 December 2010 - 12:59 PM Rate Topic: -----

#1 Guest_Fallout2*


Reputation:

Java self-checking program (self-checksuming)

Posted 29 December 2010 - 04:39 AM

0 down vote favorite


Hi,

I have to do a little java self-checking programm (self-checksum). here my code sample

public class tamper {
      public static int checksum_self () throws Exception {
          File file = new File ("tamper.class");
          FileInputStream fr = new FileInputStream (file);
          int result;                   // Compute the checksum
          return result;
      }
      public static boolean check1_for_tampering () throws Exception {
            return checksum_self () != 0; // TO BE UPDATED!
      }
      public static int check2_for_tampering () throws Exception {
            return checksum_self ();
      }
      public static void main (String args[]) throws Exception {
          if (check1_for_tampering ()) {
            System.exit (-1);
          }
          float celsius = Integer.parseInt (args[0]);
          float fahrenheit = 9 * celsius / 5 + 32;
          System.out.println (celsius + "C = " + fahrenheit + "F");
      }
}


I have tried to do something like that

DigestInputStream sha = new DigestInputStream(fr, MessageDigest.getInstance("SHA"));
byte[] digest = sha.getMessageDigest();

for(..)
{
result = result + digest[i]
}


But then i don't really know how to check that ??

Your help will be really apreciate!

Thanks

Is This A Good Question/Topic? 0

Replies To: Java self-checking program (self-checksuming)

#2 g00se   User is offline

  • D.I.C Lover
  • member icon

Reputation: 3744
  • View blog
  • Posts: 17,121
  • Joined: 20-September 08

Re: Java self-checking program (self-checksuming)

Posted 29 December 2010 - 05:58 AM

You really need an external checksum to inspect - if the class can be tampered with, then so can its internally-stored checksum

In 'proper' cryptographic practice, the class file would be signed to ensure tamper-proofing
Was This Post Helpful? 0
  • +
  • -

#3 Guest_Fallou2*


Reputation:

Re: Java self-checking program (self-checksuming)

Posted 29 December 2010 - 12:49 PM

Thank you for your reply.

With a look on google, i found that piece of code:

DigestInputStream sha = new DigestInputStream(fr, MessageDigest.getInstance("SHA"));
	byte[] digest = sha.getMessageDigest();
	
        int result = 12  // why???
	for(..)
	{
	result = (result + digest[i]) % 16 /// why modulus 16 ?????
	}

        if (result != 10)
           System.out.println("error");


This code seems to work.... result = 10. If I modify a bit in the .class then it result is not 10 anymore. But i dont understand why result = 12 and why the mod...
Was This Post Helpful? 0

#4 pbl   User is offline

  • There is nothing you can't do with a JTable
  • member icon

Reputation: 8381
  • View blog
  • Posts: 31,956
  • Joined: 06-March 08

Re: Java self-checking program (self-checksuming)

Posted 29 December 2010 - 12:59 PM

The % 16 is to keep only the two rightmost bytes so making a word/short checksum
You could have done & 0xFFFF to achieve the same purpose

This post has been edited by pbl: 29 December 2010 - 01:07 PM
Reason for edit:: rightmost not leftmost

Was This Post Helpful? 0
  • +
  • -
Page 1 of 1