Change the MD5 of a file.

Meh, wanted to do something in C++ 'cos I suck dick at it.

Anway, this is a simple function that changes the md5 of a specified file by implanting a random int value within it's reserved space in the DOS header. Of course, if the DOS Header of the file has been collapsed deliberately, this is more likely to just rape your PE and make it unusable, but if you're collapsing your DOS Headers, I think you'd know about it lol.

Enjoy.

Code:

#include <windows.h> //for ZeroMemory macro
#include <fstream> //derp obvious.
#include <time.h>

int quit(char* msg)
{
	printf(msg); //print the message to the console window
	return -1; //-1 is my signifier that the function failed.
}

char* ReadFromStream(std::fstream *baseStream, int offset, int dwSize)
{
	char* ret = new char[dwSize]; //create a buffer
	ZeroMemory(ret, sizeof(ret)); //zero the memory like a mad dawg
	baseStream->seekg(offset, std::ios::beg); //seek to the offset from the beginning of the stream
	baseStream->read(ret, dwSize); //read dwSize bytes from the stream into the buffer
	return ret; //return the buffer
}

char* intToBytes(int val)
{
	/**** not really my function, cbf learning bitshifting ***/
	char* ret = new char[4];
	ret[0] = (val >> 24) & 0xFF;
	ret[1] = (val >> 16) & 0xFF;
	ret[2] = (val >> 8) & 0xFF;
	ret[3] = val & 0xFF;
	return ret;
}

int ChangeMD5(char* file)
{
	using std::ios; //im too lazy to do more than one :: 
	
	//create the random int.
	srand(time(NULL) * time(NULL)); //seed the random, dont have to be too fancy
	int rnd = rand(); //generate a pseudo-random
	char *newMd5 = intToBytes(rnd); //convert our random to bytes.

	std::fstream PEStream (file, ios::binary | ios::in | ios::out); //open a stream to the file.

	char *buff = ReadFromStream(&PEStream, 0, 2); //read the start signature (MUST BE 'MZ' FOR ALL PE)
	if ( strcmp(buff, "MZ") != 0 ) { return quit("Not a valid PE File"); } //not a PE, exit with a message.

	buff = ReadFromStream(&PEStream, 0x3C, 4); //read 4 bytes from the stream.
	int lfanew = *reinterpret_cast<signed*>( buff ); //cast the char to a signed int

	buff = ReadFromStream(&PEStream, lfanew, 4); //read the PE signature from the stream
	if ( strcmp(buff, "PE\0\0") != 0 ) { return quit("Not a valid PE File"); } //PE files all have the signature PE followed by 2 null bytes.
	
	/** OKAY WE'VE VERIFIED IT'S A PE, NOW IT'S SAFE TO WRITE **/

	PEStream.seekp(0x1C, ios::beg); //seek to the start of the reserved space	
	PEStream.write(newMd5, 4); //write those bytes to the file in the reserved space
	
	PEStream.flush(); //flush all waiting shit.
	PEStream.close(); //close the stream
	return 0; //success
}

void main()
{
	if ( ChangeMD5("C:\\test.exe") == 0)
		MessageBoxA(NULL, "OMG FUCK YEAH", "MD5 Changed", 0); 
}

Comments/criticisms etc are welcome, I'm a C++ noob, so I probs fucked up some memory management somewhere.

Hmm.. Interesting..

Good job in C++

Very nice C++ scrub!

Nice Bro...
When i start Learning C# you start C++...You try to be like Big bro /me

Originally Posted by IamNotWhit

Nice Bro...
When i start Learning C# you start C++...You try to be like Big bro /me

Gotta stay ahead of the game nigga. Can't fall behind

Change the first 2 bytes from MZ to ZM

Originally Posted by mmbob

Change the first 2 bytes from MZ to ZM

While we're at it let's rip out the IAT and the section headers! That'll fool 'em good and proper.

Originally Posted by Jason

While we're at it let's rip out the IAT and the section headers! That'll fool 'em good and proper.

That would break the whole PE, or were you being sarcastic :/

Originally Posted by Broderick

That would break the whole PE, or were you being sarcastic :/

The latter... Jason would be a sarcastic one.

Originally Posted by Jason

Code:

using std::ios; //im too lazy to do more than one ::

paradox ! o;

you used 10 "::"'s in your code.

Originally Posted by freedompeace

Code:

using std::ios; //im too lazy to do more than one ::

paradox ! o;

you used 10 "::"'s in your code.

One "::" in a statement...derp?

std::ios::beg <- 2 "::"s

If you erase the whole DLL, the MD5 would change.

Change the MD5 of a file.

Post a Reply

Similar Threads

Tags for this Thread