Hi, is there a program which can change the crc value of a file (so you have a file, edit it, but then the crc changes, but you want to have the crc of the origional file )?

Or cant this be done?

Thanks

i don't believe this is possible

here http://flashfxp.ws/zip/freeware/flashsfv2.0f.zip


but u need to a sfv file

thanks for the reply, but thats not what i meant, it has nothing to do with ftp etc. I just want to edit the crc of a file... not a sfv or something

/sorry i just read the title, my mistake "Crc checks" should be just changing crc value

ah

only edit some byte with a hex-editor and the crc value is changed

i agree to The Watcher cause the CRC Code is a result of the bits of the file i think!

I don't know about a program. but you have to be more specific CRC is not CRC.

CRC meaning cyclical redundancy check is ment for calculation made upon data, such as network traffic or computer files in order to detect errors in transmission and its not ment for security, that what integrity checkers are for. so its not hard to fake files if you know the algorithm.

the most widely used is CRC32

CRC checks work with binary division, the remainder represents the CRC value.
for common CRC-32 (like winzip) the divisor (also called polynominal) is 0x04C11DB7.
look for some pseudo code and write your own little app and also note CRC is not equal to checksum.
a checksum is done with binary addition.
generally if I want to compair to files you got no chance to fake the changes even if CRC says its equal

ok, i have a file, it has a crc value, now this file is scanned, if it hasnt the same crc value as the serverscanners says it must be, there is an error. If i edit the file, the crc changes, so how can i edit a file, while the CRC value doenst change (e.g. you can see the value in Winzip, CRC32, like you said)

But lik you say, it appearently is impossible to fake a crc calculation?

Not sure *exactly* what you are trying to do here so I'll just mind-dump.


General

First you need to look at the algorithm used to calculate the value. Some are simply there to verify the integrity of the data against corruption, others are there to ascertain integrity for security purposes.

For example, simple CRC/CRC32/Checksumming will change if you edit the file, but you can then add further 'garbage' bytes to correct it. This leaves you with only filesize to worry about. Packing the executable or, for example, lowering compression quality of a media file can provide you with enough headroom to add your changes AND the required garbage bytes to correct the calculated value - then, all you need concern yourself with is wether the resulting file is useable. For executables there is no real problem but media and other filetypes may not be so tolerant of garbage bytes.

Security often uses an MD5 hash or similar. This is more difficult as you have the problem of not knowing what garbage bytes you need to add to arrive at a particular value. No easy workaround for this, but if you have access to the system or program performing the evaluation then all is not lost.


When MD5 or similar hashes need to be faked on an owned system

As I said, you cannot simply calculate the value of garbage bytes required to change the hash of any given file to a particular value. However, hashes are pretty much unique and so you have the option of attacking the evaluating system.

An example of this is modifying the library that holds the algorithm. Say you use the microsoft program 'depends.exe' to see what functions and libraries 'securityprogram.exe' calls. You may find that it calls the 'calculatehashfromfile' function exported from 'hashnstuff.dll'. It is a simple matter to add code to this DLL (Or modify the IAT of the .exe) to intercept this call and return a false value. The code would see the (virtualy unique) hash of your modified file and instead return the hash of the original unmodified file.

This approach will also work against the operating system platform itself.

MD5 hashes are resilient to all but the above types of attack. If its an MD5 hash that you have to fake but you don't have access to the evaluating system then you should look for another way to achieve your ultimate goal, possibly one not requiring fooling an MD5 hash evaluation on a system beyond your control.

However, if you are trying to get around an MD5 hash check to fool a security audit for the purposes of installing a rootkit then this is certainly something you should look at. This is why filesystem audits SHOULD be initiated from bootable CD's regularly.


When you are not sure of the audit methods used on an owned system

Tricky if you're not a coder with kernel experience. Typically you'd be looking at misreporting the files contents AND any raw sector reads once it was loaded into memory. This can be achieved using a device driver or by shimming the original device driver. As well as protecting the target files you would additionaly require the driver to perform the same service for itself too. A cheap drive, a copy of microsofts DDK (Driver Development Kit) and perhaps DriverStudio would be useful if you wish to experiment with this.


Meandering post. Hope you found something relevant in there somewhere.


SG

good post SlippyG but I have to correct something

I have a irc bot with crc checker. This is good tool and i recomended it.