Crypto plug-in: Difference between revisions
(→Quick Example: HashCalc Update) |
(→Introduction: Version update) |
||
| Line 7: | Line 7: | ||
== Introduction == | == Introduction == | ||
'''Version:''' 1. | '''Version:''' 1.2. | ||
This plugin provides you cryptographic interface using the [http://en.wikipedia.org/wiki/Cryptographic_Application_Programming_Interface CryptoAPI]. | This plugin provides you cryptographic interface using the [http://en.wikipedia.org/wiki/Cryptographic_Application_Programming_Interface CryptoAPI]. | ||
| Line 20: | Line 20: | ||
=== Hash Algorithms (Supported by [http://en.wikipedia.org/wiki/Cryptographic_Application_Programming_Interface CryptoAPI]) === | === Hash Algorithms (Supported by [http://en.wikipedia.org/wiki/Cryptographic_Application_Programming_Interface CryptoAPI]) === | ||
This section shows you all of the | This section shows you all of the supported Hash Algorithms by the Crypto Plugin. | ||
[http://en.wikipedia.org/wiki/SHA-1 Secure Hash Algorithms] (SHA-1 only)<BR> | |||
[http://en.wikipedia.org/wiki/MD5 MD5]<BR> | |||
[http://en.wikipedia.org/wiki/MD4 MD4]<BR> | |||
[http://en.wikipedia.org/wiki/MD2_%28cryptography%29 MD2]<BR> | [http://en.wikipedia.org/wiki/MD2_%28cryptography%29 MD2]<BR> | ||
=== Sources === | === Sources === | ||
[http://msdn2.microsoft.com/en-us/library/aa379908.aspx Method used for the hash] | [http://msdn2.microsoft.com/en-us/library/aa379908.aspx Method used for the hash] | ||
=== History === | |||
1.2 - November 25, 2013 | |||
* Fixed CryptAcquireContext NTE_BAD_KEYSET (0x80090016) and NTE_KEYSET_ENTRY_BAD (0x8009001A) errors | |||
* Technical note: original Crypto.dll was unpacked and patched (CryptAcquireContext call parameters patched; corresponding relocation records removed; version information updated) | |||
1.1 - May 6, 2004 | |||
* Created Hash Calculator example | |||
* Improved documentation | |||
1.0 - April 7, 2004 | |||
* Initial release | |||
* Supported algorithms: MD5|SHA1|MD2|MD4|MAC | |||
== How to use == | == How to use == | ||
Revision as of 21:36, 25 November 2013
| Author: GAG (talk, contrib) |
Links
cryptoplg12.zip (10.3 KB) (plugin dll + readme + examples)
hashcalc12.zip (31.2 KB) (Calculates the hash for Strings or specified files)
Introduction
Version: 1.2.
This plugin provides you cryptographic interface using the CryptoAPI.
Plugin DLL size: 3 660 bytes (not packed), 2 886 bytes (upx packed)
Hash Algorithms (Supported by Crypto Plugin)
Using this plugin you can get common cryptographic hashes.
Here is a list of algorithms currently supported by the Crypto Plugin
MD5, SHA-1, MD2, MD4, SSL3, MAC, HMAC
Hash Algorithms (Supported by CryptoAPI)
This section shows you all of the supported Hash Algorithms by the Crypto Plugin.
Secure Hash Algorithms (SHA-1 only)
MD5
MD4
MD2
Sources
History
1.2 - November 25, 2013
- Fixed CryptAcquireContext NTE_BAD_KEYSET (0x80090016) and NTE_KEYSET_ENTRY_BAD (0x8009001A) errors
- Technical note: original Crypto.dll was unpacked and patched (CryptAcquireContext call parameters patched; corresponding relocation records removed; version information updated)
1.1 - May 6, 2004
- Created Hash Calculator example
- Improved documentation
1.0 - April 7, 2004
- Initial release
- Supported algorithms: MD5|SHA1|MD2|MD4|MAC
How to use
String Hash
Crypto::HashData "MD5" "String to be hashed" Pop $0
File Hash
Crypto::HashFile "MD5" "$WINDIR\notepad.exe" Pop $0
Implemented in software
Quick Example
Calculate the hash of the file you want checked using the Hash Calculator (hashcalc12.zip). From there I was able to use Crypto to ensure that notepad hasn't changed:
Crypto::HashFile "MD5" "$WINDIR\notepad.exe" Pop $0 StrCmp $0 "FF7F14FDA901090E337488A1900E3660" +3 MessageBox MB_OK|MB_TOPMOST|MB_SETFOREGROUND|MB_ICONSTOP "ERROR: notepad.exe has been changed!!!" Quit
Detailed Explanation: (of the code above)
Crypto::HashFile "MD5" "$WINDIR\notepad.exe"
This generates the hash of notepad.exe and then pushes that hash into a stack (which is in memory reserved by NSIS).
Pop $0
Then the returned hash is "popped" off of the stack and then thrown into the user defined variable $0.
StrCmp $0 "FF7F14FDA901090E337488A1900E3660" +3
The user defined variable $0 and "FF7F14FDA901090E337488A1900E3660" (which is the hash generated by hashcalc12.zip) are then compared. If they are equal then +3 means to go plus three commands down. Therefore MessageBox and Quit commands are skipped. If they aren't equal then it continues to the next command (or +1)
MessageBox MB_OK|MB_TOPMOST|MB_SETFOREGROUND|MB_ICONSTOP "ERROR: notepad.exe has been changed!!!"
Quit
Since the two checksums don't match, show the user an error and then exit the program.
Software Example
File: uharc sfx examples.zip (95 KB)
Short Description: This is a real world implementation of the Crypto plugin. It does an MD5 on the extractor right before extracting the archive, this ensures that the extractor isn't tampered with and the user isn't tricked into giving their password away.
How can a file be tampered with and why?
Lets say someone really wants that password. Well they (or malware) can replace the extractor (uharc.exe) with a dummy exe file with the same name that takes all the arguments given to it and puts them into a text file to be read by the evil doer. Well since the password is one of the arguments passed off to extract the archive then you can see where this would be a problem. The advantage to having an MD5 checksum of a file is to ensure that it is not changed (or replaced). Whether it be changed for malicious purpose or simply a corrupted file.
Another use for checksums
If you are managing your software then you can make your update process even faster. If you create an MD5 checksum of all the files that are currently installed on the system, then you can compare those checksums with the checksums of all the files that are in your patch. Anything that doesn't match will be installed (or reinstalled) and all the checksums that match will simply be skipped. This way your installer doesn't have to take the time to install all the files, only the ones that need to be updated.
