Re: multistage shellcode

[dave <dave () immunitysec com>]

Mordy Ovits wrote:

> On Sunday 01 August 2004 03:27 pm, wirepair wrote:
>  
>
> > has anyone else attempted this type of check? and if so, anything smaller
> > than 25bytes???
> >    
>
> A very simple checksum algorithm is to loop over the data adding each 32-bit 
> word to a running total, allowing integer overflow to do its thing.  Then you 
> compare the 4 bytes you're left with to the one you stored.  It's a tiny 
> algorithm.  It's not a cryptographic checksum, as some changes can cancel 
> others out, but it'll catch even a single bit flip.  You don't need more; 
> you're facing random mangling, not a malicious attacker.
>
> Mordy
>  
Also remember to choose your "tag" properly. If the mangling is actually 
a filter, than choose a tag that doesn't fit through the filter.

-dave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave