Making a file signa...
 
Notifications
Clear all

Making a file signature analyser tool

6 Posts
6 Users
0 Likes
580 Views
(@tomb1992)
Posts: 1
New Member
Topic starter
 

Hi guys, i need help with making a file signature analyser but i'm a bit of a noob at it. An example of what i have to create is in this software called OS forensics

http//www.osforensics.com/

So basically this software has two tabs that i need in my project. The first tab is a 'create signature' section which allows you to select a file or a group of files from your documents and from this save a seperate file with the extension ".OSFsig". (but lets say for this example i have converted a .doc file)

The second tab is a 'compare signature' tab.

To test this second tab you have to make a small change to the .doc file that you have converted into an OSFsig file, it can be as much as placing an extra character into a word document. This changed document has to be converted into an OSFsig document so that you now have two OSFsig documents.

You can then place these two OSFsig documents into the compare signature section and it will show you that the document has been modified.

I hope you understand what i mean. I really need help with this so i suppose my questons are
how do i go about doing all of this?
what programming language should i use and what software should i write the code in?
is there any way that i can maybe extract the parts i need from the software i have provided above to see how they have gone about doing it?
Thank you

 
Posted : 16/01/2013 2:23 am
(@athulin)
Posts: 1156
Noble Member
 

what programming language should i use and what software should i write the code in?

This sounds very much like some kind of class assignment, and if it is, you'll have to work with whatever context and/or constraints you get from there.

Apart from that, use the programming language you know best, that you have access to, and which (directly or indirectly) provides the functionality you need. There's apparently a GUI involved, so you want something GUI-capable.

You should be able to whip up a 'demo' fairly quickly, doing nothing real, but which shows the GUI and how you operate it easily, but that fakes the main collection and application of signatures. If you can't do *that*, you're probably out of your depth – go and have a chat with whoever gave you the assignment.

If you find the full assignment difficult, it splits easily in two if you assume you have already collected a 'signature' (or several), can you do the second part?

And if this is something that builds on earlier classes (in programming), it may be that you need to revisit those.

is there any way that i can maybe extract the parts i need from the software i have provided above to see how they have gone about doing it?

Yes, is there? Does that software come with a license that allows that kind of thing, for starters?

I don't expect answers to any of those questions. I'm assuming this is a class assignment, which means it should mainly be done by you, not by someone else. Just like running the 110 m hurdle.

 
Posted : 16/01/2013 12:48 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Additionally, it sounds more like you are looking/wanting/whatever a hash/checksum, rather than a "file signature", which I personally tend to interpret usually as "magic numbers", i.e. you need something like CRC32 or MD5 algorithms too. ?

What you asked about
http//en.wikipedia.org/wiki/File_signature

What I understood at first glance
http//en.wikipedia.org/wiki/File_format#Magic_number
http//www.garykessler.net/library/file_sigs.html

What you probably meant
http//en.wikipedia.org/wiki/Checksum

jaclaz

 
Posted : 17/01/2013 12:59 am
Passmark
(@passmark)
Posts: 376
Reputable Member
 

I guess I should be flattered that someone decided to set up a project or assignment around reverse engineering my software -)

Seriously however, if you are starting from the point of not knowing a programming language, and not knowing which IDE to use, there is really no hope of just jumping in the deep end and getting it done. What you really need to be looking at is going to get a solid education first. Everyone who had a hand in writing our code has a degree computer science and 10+ years of experience coding.

Ignoring the question of legality, there is also zero chance of you just nicking our code and calling it your own, given your level of expertise. It would be a long detailed exercise to hack out the machine code for this particular function and turn in back into a standalone tool. Our code is more complex than it might initially appear. It looks inside Zip files, Email archives, does direct access into disk images via the MFT, can compare branches in the Windows registry, deals with re-parse points, use multiple hash algorithms, etc… It also does careful memory management to allow millions of files to be compared at a time with limited RAM. I am guessing you don't need a lot of this, in which case it would be quicker writing something from scratch, even though technically it isn't impossible to rip off our code.

For the record the source code is C++ in Visual Studio 2010. Assuming this is a class assignment here is a hint. The key to getting this to work well for large data sets is recursion, good memory management and fast sorting algorithms.

 
Posted : 17/01/2013 4:05 am
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

You can then place these two OSFsig documents into the compare signature section and it will show you that the document has been modified.

Ask yourself, what do your really want to do do you want to see if the file has been changed or if the file signatures differ (i.e. is this a Word 2003 document or a Word 2007 document, and has it been resaved in a later version?)

Checking file signatures (md5/sha256) for match/missmatch and detection of modification are two different problems.

 
Posted : 26/01/2013 7:16 pm
(@alastairfay)
Posts: 36
Eminent Member
 

Seriously however, if you are starting from the point of not knowing a programming language, and not knowing which IDE to use, there is really no hope of just jumping in the deep end and getting it done. What you really need to be looking at is going to get a solid education first. Everyone who had a hand in writing our code has a degree computer science and 10+ years of experience coding.

This. ^^

If you can'y even write the essential "Hello World", how are you going to code the rest of the assignment?

Walk before you can run

 
Posted : 28/01/2013 2:16 pm
Share: