Dailydave mailing list archives

Re: multistage shellcode

From: Mordy Ovits <movits () bloomberg com>
Date: Mon, 2 Aug 2004 09:36:02 -0400

On Sunday 01 August 2004 03:27 pm, wirepair wrote:

has anyone else attempted this type of check? and if so, anything smaller
than 25bytes???


A very simple checksum algorithm is to loop over the data adding each 32-bit 
word to a running total, allowing integer overflow to do its thing.  Then you 
compare the 4 bytes you're left with to the one you stored.  It's a tiny 
algorithm.  It's not a cryptographic checksum, as some changes can cancel 
others out, but it'll catch even a single bit flip.  You don't need more; 
you're facing random mangling, not a malicious attacker.

Mordy
-- 
Mordy Ovits
Network Security
Bloomberg L.P.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Current thread:

multistage shellcode wirepair (Aug 01)
- Re: multistage shellcode Mordy Ovits (Aug 02)
  - Re: multistage shellcode dave (Aug 02)