I've been working on a project in C++ using openGL and am looking to save the current scene to a text file. Something simple along the lines of, cube at x,y,z and its color etc.
My question is about how to make sure that the file has not been changed by a user. I thought about calculating a checksum of the string and including that in the file.
e.g. checksum, string
But again this is open to the user modifying the values.
Any recommendations or is this just a case of writing a good parser?
Cheers
theoretically: you can't.
practically: encrypt it and obfuscate the key within your program (this is how much of DRM works)
although you will never be able to stop a determined user. Why is it so important that the user can't modify it?
If you want users to be able to read, but not modify make the last line a HMAC of the file and a secret key.
Instead of preventing the user from changing the file is better to validate file's content before using it. Create a good parser that is able to detect (and repair?) errors.
Let the user do whatever he wants because some errors might be fixable. Give warnings. With hashing you will prevent your users to do anything.
How strict is your requirement that the file not be user-modifiable? That is, how much effort are you willing to expend to make sure the user can't tinker with the file? Does the file need to be user-readable? If you really don't want the user to change the file, maybe encryption of some sort is the answer (provided the user doesn't need to be able to read the file). Something like this trivial XOR encryption scheme might be enough.
Related
I want to make a simple console application that will execute some usefull functions that I regularly use for my school (to check if a number is prime, to write factors of a number, solve a quadratic equation etc.).
But as I was making it I decided to add some details about the app to make the user interface prettier: to write the name of the app, version ...
I came to an idea to have an admin password which I can type in and then I can modify those extra details or change the password.
But if I have a password that I store like a const variable or a regular variable const string password = "blablabla;" every time I run the app it will have the same password "blablabla" so is there a way to somehow change the password and other extra data so the program saves the new values permanently?
I thought to save all those extra information in some file and then read them from it every time, but then if the file is changed then the data will be to and I don't want that. I want to change the data only with an admin password. I also thought I can encrypt those information but still thay can be easely changed.
I also thought that the program can open the source code and then modify those initialized values, but then I need to compile that file and I also don't want that.
I only want an .exe app that will run and can change those information permanently with an admin password.
Does anyone now if this can be done and how?
I'm writing this app in C++.
Thank you in advance
is there a way to somehow change the password and other extra data so the program saves the new values permanently?
In theory, you may be able to modify the constants in the data segment of the executable. How to do that is dependent on the executable format. But I would consider that a kludgy workaround and it would be difficult to prevent someone from modifying the executable without the password. What you really want is variables. And you have a good idea for how to initialize the variables:
I thought to save all those extra information in some file
A good idea. Simple solution, probably appropriate for the scope of your app.
if the file is changed then the data will be to and I don't want that. I want to change the data only with an admin password.
Then protect the file somehow. You could, for example not give anyone write permission to the file. Or if you're paranoid (this is just a small console app just for you, right?) encrypt it...
I also thought I can encrypt those information but still thay can be easely changed.
It won't be easy without the key. Sure they can modify the cryptotext, resulting in garbage data, but if you are concerned about that, realize that if they have write access to your files, they can just delete the program itself.
If you want to go this far though, consider storing your data in a full-fledged database which will have authentication and encryption already implemented.
You need to add Windows resources to your application and then update them run-time.
https://msdn.microsoft.com/en-us/library/ms648004%28v=vs.85%29.aspx
I am using visual studio to develop a windows form application in c++ to detect certain anomalies and log it.
The log file that I am intending to create will be of a common format such as .txt. I do not want users of the computer to modify this file that is I want only my program to modify it( I want users to read this file not modify it).
Is there any way to achieve this??
if you want to hide the content from other users then encrypt the file or use a binary format that only your program will be able to understand.
As long as the file resides on a publicly accessible area in the file system, then other users will be able to access it.
You can put the file in a specific user's Documents area, which might go some way to protecting the file from other users of that machine, but not from administrators.
You could even set the file attributes to "hidden" or something along those lines, to further make it hard for people to find it. But a complete access block is difficult (if not impossible).
After all this, you can also use NirMH's method to ensure that even if someone finds and attempts to read the file, then the encryption should make it difficult to crack it open. A binary format can still be read with a hex editor, if someone is really keen to read your file.
I have a proprietary application which uses an xml config. Currently I use boost::property_tree to read the xml file.
I would like to deploy both executable and xml file on a more public system and want to avoid anyone, including that system's administrator, from reading the xml.
Ideally, I would like to maintain the clear text xml on my system so I can easily manually modify it. Then I would call some encrypt command on the file, deploy it on the more public machine and have the executable decrypt it on the fly. I'd use the same key and just hardcode it into the source of the executable.
Is this a reasonable approach? What is the easiest way to implement this? Is there a better way?
Since you're already using boost, you could always serialize it. If you use binary archives, the file will be essentially unreadable. I guess my follow-up question would be: do you also want it to be secure? Or just unreadable?
If the code runs on the client's machine, then in principle you can never prevent the data from becoming known, because it has to be on the client's machine. You can try to obfuscate, but ultimately the client will have to be able to read the data, so it has to know it.
If you were to simply embed an encryption key in your program, the client could just scan through the file and extract the key. If you work a bit harder you can make Skype, but even that has been deconstructed.
It all depends on the seriousness of your need to protect the data. If it's absolute, then you cannot do it, but if you just want to keep the casual visitor out, you could try and make it a bit harder... tell us some details if you're serious about this.
If your goal is to prevent someone from casual inspection, then that is a reasonable approach.
If you must ensure (for some weird reason) that the configuration cannot be read, it is a foolish errand, because the program can read it, so a user who is determined to do so can do it as well. Either by disassembling the program, or simply by doing a memory dump from the debugger. Having that said, a simple, lightweight encryption will be good enough, because even the toughest encryption will be broken in the same way.
You might also consider whether using an explicitly human-readable format such as xml is well-suited if you don't want people to read it.
I had a very similar case. I used a compression algorithm to store the file 'encrypted'. zlib can be used for C++. You can easily encrypt and decrypt your file, both from command-line and from code. To add some more 'security' you can xor the compressed file with a password.
This a both simple to implement and easy to use. Of course I won't use such method if my clients are hackers, or have a financial incentive to read the XML.
I'm writing a game that will have a lot of information (configuration, some content, etc) inside of some xml documents, as well as resource files. This will make it easier for myself and others to edit the program without having to edit the actual C++ files, and without having to recompile.
However, as the program is starting to grow there is an increase of files in the same directory as the program. So I thought of putting them inside a file archive (since they are mostly text, it goes great with compression).
My question is this: Will it be easier to compress all the files and:
Set a password to it (like a password-protected ZIP), then provide the password when the program needs it
Encrypt the archive with Crypto++ or similar
Modify the file header slightly as a "makeshift" encryption, and fix the file's headers while the file is loaded
I think numbers 1 and 2 are similar, but I couldn't find any information on whether zlib could handle password-protected archives.
Also note that I don't want the files inside the archive to be "extracted" into the folder while the program is using it. It should only be in the system's memory.
I think you misunderstands the possibilities brought up by encryption.
As long as the program is executed on an untrusted host, it's impossible to guarantee anything.
At most, you can make it difficult (encryption, code obfuscation), or extremely difficult (self-modifying code, debug/hooks detection), for someone to reverse engineer the code, but you cannot prevent cracking. And with Internet, it'll be available for all as soon as it's cracked by a single individual.
The same goes, truly, for preventing an individual to tamper with the configuration. Whatever the method (CRC, Hash --> by the way encryption is not meant to prevent tampering) it is still possible to reverse engineer it given sufficient time and means (and motivation).
The only way to guarantee an untampered with configuration would be to store it somewhere YOU control (a server), sign it (Asymmetric) and have the program checks the signature. But it would not, even then, prevent someone from coming with a patch that let's your program run with a user-supplied (unsigned) configuration file...
And you know the worst of it ? People will probably prefer the cracked version because freed from the burden of all those "security" measures it'll run faster...
Note: yes it is illegal, but let's be pragmatic...
Note: regarding motivation, the more clever you are with protecting the program, the more attractive it is to hackers --> it's like a brain teaser to them!
So how do you provide a secured service ?
You need to trust the person who executes the program
You need to trust the person who stores the configuration
It can only be done if you offer a thin client and executes everything on a server you trust... and even then you'll have trouble making sure that no-one finds doors in your server that you didn't thought about.
In your shoes, I'd simply make sure to detect light tampering with the configuration (treat it as hostile and make sure to validate the data before running anything). After all file corruption is equally likely, and if a corrupted configuration file meant a ruined client's machine, there would be hell to pay :)
If I had to choose among your three options, I'd go for Crypto++, as it fits in nicely with C++ iostreams.
But: you are
serializing your data to XML
compressing it
encrypting it
all in memory, and back again. I'd really reconsider this choice. Why not use eg. SQLite to store all your data in a file-based database (SQLite doesn't require any external database process)?
Encryption can be added through various extensions (SEE or SQLCipher). It's safe, quick, and completely transparent.
You don't get compression, but then again, by using SQLite instead of XML, this won't be an issue anyway (or so I think).
Set a password to it (like a password-protected ZIP), then provide the password when the program needs it
Firstly, you can't do this unless you are going to ask a user for the password. If that encryption key is stored in the code, don't bet on a determined reverse engineer from finding it and decrypting the archive.
The one big rule is: you cannot store encryption keys in your software, because if you do, what is the point of using encryption? I can find your key.
Now, onto other points. zlib does not support encryption and as they point out, PKZip is rather broken anyway. I suspect if you were so inclined to find one, you'd probably find a zip/compression library capable of handling encryption. (ZipArchive I believe handles Zip+AES but you need to pay for that).
But I second Daniel's answer that's just displayed on my screen. Why? Encryption/compression isn't going to give you any benefit unless the user presents some form of token (password, smartcard etc) not present in your compiled binary or related files. Similarly, if you're not using up masses of disk space, why compress?
I want to verify if the text log files created by my program being run at my customer's site have been tampered with. How do you suggest I go about doing this? I searched a bunch here and google but couldn't find my answer. Thanks!
Edit: After reading all the suggestions so far here are my thoughts. I want to keep it simple, and since the customer isn't that computer savy, I think it is safe to embed the salt in the binary. I'll continue to search for a simple solution using the keywords "salt checksum hash" etc and post back here once I find one.
Obligatory preamble: How much is at stake here? You must assume that tampering will be possible, but that you can make it very difficult if you spend enough time and money. So: how much is it worth to you?
That said:
Since it's your code writing the file, you can write it out encrypted. If you need it to be human readable, you can keep a second encrypted copy, or a second file containing only a hash, or write a hash value for every entry. (The hash must contain a "secret" key, of course.) If this is too risky, consider transmitting hashes or checksums or the log itself to other servers. And so forth.
This is a quite difficult thing to do, unless you can somehow protect the keypair used to sign the data. Signing the data requires a private key, and if that key is on a machine, a person can simply alter the data or create new data, and use that private key to sign the data. You can keep the private key on a "secure" machine, but then how do you guarantee that the data hadn't been tampered with before it left the original machine?
Of course, if you are protecting only data in motion, things get a lot easier.
Signing data is easy, if you can protect the private key.
Once you've worked out the higher-level theory that ensures security, take a look at GPGME to do the signing.
You may put a checksum as a prefix to each of your file lines, using an algorithm like adler-32 or something.
If you do not want to put binary code in your log files, use an encode64 method to convert the checksum to non binary data. So, you may discard only the lines that have been tampered.
It really depends on what you are trying to achieve, what is at stakes and what are the constraints.
Fundamentally: what you are asking for is just plain impossible (in isolation).
Now, it's a matter of complicating the life of the persons trying to modify the file so that it'll cost them more to modify it than what they could earn by doing the modification. Of course it means that hackers motivated by the sole goal of cracking in your measures of protection will not be deterred that much...
Assuming it should work on a standalone computer (no network), it is, as I said, impossible. Whatever the process you use, whatever the key / algorithm, this is ultimately embedded in the binary, which is exposed to the scrutiny of the would-be hacker. It's possible to deassemble it, it's possible to examine it with hex-readers, it's possible to probe it with different inputs, plug in a debugger etc... Your only option is thus to make debugging / examination a pain by breaking down the logic, using debug detection to change the paths, and if you are very good using self-modifying code. It does not mean it'll become impossible to tamper with the process, it barely means it should become difficult enough that any attacker will abandon.
If you have a network at your disposal, you can store a hash on a distant (under your control) drive, and then compare the hash. 2 difficulties here:
Storing (how to ensure it is your binary ?)
Retrieving (how to ensure you are talking to the right server ?)
And of course, in both cases, beware of the man in the middle syndroms...
One last bit of advice: if you need security, you'll need to consult a real expert, don't rely on some strange guys (like myself) talking on a forum. We're amateurs.
It's your file and your program which is allowed to modify it. When this being the case, there is one simple solution. (If you can afford to put your log file into a seperate folder)
Note:
You can have all your log files placed into a seperate folder. For eg, in my appplication, we have lot of DLLs, each having it's own log files and ofcourse application has its own.
So have a seperate process running in the background and monitors the folder for any changes notifications like
change in file size
attempt to rename the file or folder
delete the file
etc...
Based on this notification, you can certify whether the file is changed or not!
(As you and others may be guessing, even your process & dlls will change these files that can also lead to a notification. You need to synchronize this action smartly. That's it)
Window API to monitor folder in given below:
HANDLE FindFirstChangeNotification(
LPCTSTR lpPathName,
BOOL bWatchSubtree,
DWORD dwNotifyFilter
);
lpPathName:
Path to the log directory.
bWatchSubtree:
Watch subfolder or not (0 or 1)
dwNotifyFilter:
Filter conditions that satisfy a change notification wait. This parameter can be one or more of the following values.
FILE_NOTIFY_CHANGE_FILE_NAME
FILE_NOTIFY_CHANGE_DIR_NAME
FILE_NOTIFY_CHANGE_SIZE
FILE_NOTIFY_CHANGE_SECURITY
etc...
(Check MSDN)
How to make it work?
Suspect A: Our process
Suspect X: Other process or user
Inspector: The process that we created to monitor the folder.
Inpector sees a change in the folder. Queries with Suspect A whether he did any change to it.
if so,
change is taken as VALID.
if not
clear indication that change is done by *Suspect X*. So NOT VALID!
File is certified to be TAMPERED.
Other than that, below are some of the techniques that may (or may not :)) help you!
Store the time stamp whenever an application close the file along with file-size.
The next time you open the file, check for the last modified time of the time and its size. If both are same, then it means file remains not tampered.
Change the file privilege to read-only after you write logs into it. In some program or someone want to tamper it, they attempt to change the read-only property. This action changes the date/time modified for a file.
Write to your log file only encrypted data. If someone tampers it, when we decrypt the data, we may find some text not decrypted properly.
Using compress and un-compress mechanism (compress may help you to protect the file using a password)
Each way may have its own pros and cons. Strength the logic based on your need. You can even try the combination of the techniques proposed.