home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PsL Monthly 1993 December
/
PSL Monthly Shareware CD-ROM (December 1993).iso
/
prgmming
/
dos
/
c
/
tagsgen.exe
/
CRCSET.DOC
< prev
next >
Wrap
Text File
|
1991-07-13
|
35KB
|
1,070 lines
CRCSET version 1.31
Copyright (c) 1991 by Kevin Dean
Kevin Dean
Fairview Mall P.O. Box 55074
1800 Sheppard Avenue East
Willowdale, Ontario
CANADA M2J 5B9
CompuServe ID: 76336,3114
Contents
--------
Warranty ............................ 1
License ............................. 2
Introduction ........................ 3
What is a CRC? ...................... 4
How CRCSET Works .................... 8
How to Use CRCSET ................... 13
Vulnerability ....................... 16
Warranty
The author of CRCSET (hereafter referred to as "the author") makes no
warranty of any kind, expressed or implied, including without limitation, any
warranties of merchantability and/or fitness for a particular purpose. The
author shall not be liable for any damages, whether direct, indirect, special,
or consequential arising from a failure of this program to operate in the
manner desired by the user. The author shall not be liable for any damage to
data or property which may be caused directly or indirectly by use of the
program.
In no event will the author be liable to the user for any damages,
including any lost profits, lost savings, or other incidental or consequential
damages arising out of the use or inability to use the program, or for any
claim by any other party.
- Page 1 -
License
This program is public domain. As such, it may be freely distributed
by anyone by any means. No person or organization may charge for this program
except for a minimal charge to cover handling and distribution.
Having said that, I would also like to add that this algorithm has
taken a lot of time and work to develop. If you like this program, send me a
postcard and let me know. I would also be interested in copies of your own
programs if you feel that that is appropriate.
Also, if you have any questions or would like to see some more
features in the program, drop me a note by surface or electronic mail (my
address is on the first page of this file). I will answer all mail regarding
this program.
Customization is available.
- Page 2 -
Introduction
CRCSET is an anti-virus utility. Its purpose is to protect programs
(in which supporting code is linked) with one of the most effective weapons
against computer viruses: the Cyclic Redundancy Check, or CRC. A full
understanding of the CRC is not required to use this utility; if you like, you
can skip over the discussion of the CRC to the section entitled "How to Use
CRCSET".
There are many utilities that perform CRC checks on other programs
(VALIDATE.COM by McAfee associates is one) but most of these are external
programs that are usually run only once, if at all. The CRC generated by
these utilities must be compared to a value in an external file; if the values
match, the program is not infected.
This approach has two problems: the first is that the CRC check is
run only once when the user gets the program, if at all. Most people would
never run the check a second time. The second problem is that the CRC is
stored in an external file (e.g. the documentation). If someone wants to tack
a virus onto the program, it becomes a simple matter to run the validation
program, copy the CRC values to the documentation, and distribute the infected
program. Anyone running the validation program would find the same CRC in the
program as in the documentation, and in comes the virus.
Another (increasingly popular) approach is for the CRC to be stored in
the program itself (the .EXE file) and for the program to do its own check
every time it is loaded. This method is much more effective than the previous
one because it means that the moment the program is infected and the CRC
changes, the infection will be detected the next time the program is run.
There is a potential problem with this method, but before I get into
that, we need some background.
- Page 3 -
What is a CRC?
The CRC, or Cyclic Redundancy Check, is an error-checking algorithm
used in many types of computer operations, especially in data transfer. For
example, whenever your computer writes to disk, the disk controller calculates
the CRC of the data being written and writes it with the data. If your disk
should somehow become corrupted, the CRC check will fail when you next try to
read the data and the disk controller will return with an error, forcing DOS
to display the critical error "Data error reading drive C:". Most file
transfer protocols (like Xmodem, Zmodem, and some derivatives of Kermit) also
use a CRC check to validate the data being transmitted; if the CRC transmitted
with the data does not match the CRC calculated by the receiving program, then
the transmission has failed and the sending program is asked to retry the
transmission.
The actual calculation of the CRC is very simple. The algorithm
consists of two parts, a CRC polynomial and a CRC register, and is really an
exercise in modulo-2 arithmetic. The rules for modulo-2 arithmetic are shown
in the following table:
0 + 0 = 0
0 + 1 = 1
1 + 0 = 1
1 + 1 = 0
For those of you familiar with binary logic, these rules are equivalent to
the exclusive-or operation. Note: under modulo-2 arithmetic, subtraction is
equivalent to addition.
There is nothing magical about modulo-2 arithmetic and it has no
special properties that make it better suited to CRC calculations than
standard arithmetic; rather, since modulo-2 arithmetic doesn't carry from one
column to the next (i.e. 1 + 1 = 0 with no carry), it's just easier to
implement in hardware and software than any other method. Consider the
following:
1. Binary addition, normal rules of carry
101101001
+ 110110111
-----------
1100100000
2. Binary addition, modulo-2 arithmetic (no carry)
101101001
+ 110110111
-----------
011011110
The first addition requires us to carry any overflow from right to left. The
second addition requires no carry operations and can be performed much faster
both by humans and by computers.
The CRC algorithm can best be illustrated by the following diagram of
a 4-bit CRC generator:
- Page 4 -
CRC polynomial
------------1-----------0-----------1-----------1
| 3 | 2 1 | 0 |
| ----- v ----- ----- v ----- v
+ <-| x |<- + <-| x |<------| x |<- + <-| x |<- +
^ ----- ----- ----- -----
| CRC register
---- binary data stream
Each '+' symbol represents modulo-2 addition. The numbers above the CRC
register are the bit numbers of the register.
The CRC is calculated as follows:
1. Initiali