[Tutor] application whitelisting

Albert-Jan Roskam fomcl at yahoo.com
Fri Sep 21 12:51:18 CEST 2012


My company just started application whitelisting. Now a new version of a (benign!!) dll does not work as it (or rather, its file hash, if I understood it correctly) is not whitelisted. Is there any way I can use the same dll of a newer version? I know this sounds like a hacking request, but my intentions are sincere. My only purpose is to use ctypes to use the functions that are present in the new, but not the old, dll version.

The code below is probably simplistic/naive, but it's a product of my frustration + curiosity. The strategy was to generate a dll that has the same file hash as the original dll by right-padding it with zero until the desired checksum is found. Why a zero? No idea. ;-)

PS: I guess virtual environment also cannot be used for this, right?

import hashlib
import contextlib

def generateFile(infile, desired_hash, hashtype="md5"):
    outfile = infile[:-4] + "_adjusted.dll"
    hashlib_ = hashlib.new(hashtype)
    with contextlib.nested(open(infile, "rb"), open(outfile, "wb")) as (f_in, f_out):
        observed_hash = hashlib_(f_in.read())
        found = observed_hash.hexdigest() == desired_hash
        counter = 0
        while True:
            counter += 1
            if found:
                f_out.write(f_in.read() + (counter * "0"))
                print "Got it: '%s'" f_out.name

infile = r"D:\temp\myown.dll"
generateFile(infile, '4151e067c17a753fc5c4ec1c507d28c9')

All right, but apart from the sanitation, the medicine, education, wine, public order, irrigation, roads, a 
fresh water system, and public health, what have the Romans ever done for us?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/tutor/attachments/20120921/ab0a063f/attachment.html>

More information about the Tutor mailing list