0

I need to make a Python module that takes an MD5 from WITHIN ITSELF and calculates its own MD5, and look for mismatch. However, every time I calculate an MD5, I put it in the file, recheck it, and it's different.

Can anyone get me out of this black hole?

Yeniaul Adrianad
  • 21
  • 5
  • 5
    When you change the contents of a file its hash changes… This sounds like an [XY Problem](https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem). What is your _real_ goal? – ChrisGPT was on strike Feb 07 '16 at 03:37
  • 2
    Use the program to calculate it's own md5. Store this in a separate file, then when the program starts up, compare the calculated md5 to the one stored on file. You have to note that any time you make a change to the program, you have to use it to generate a new md5 which you can then use to verify it again – smac89 Feb 07 '16 at 03:47
  • @Chris To have a program that checks itself once every month for errors AND does the other functions. – Yeniaul Adrianad Feb 08 '16 at 22:23
  • @Smac89 I need something that no user can screw up without flat out screwing the program. Another file would allow edits, and that could be bad in what I have in mind for a purpose. – Yeniaul Adrianad Feb 08 '16 at 22:25
  • @YeniaulAdrianad, so sign the binary cryptographically? MD5 isn't considered secure anymore. Or host its SHA-256 hash on your website and compare against that? – ChrisGPT was on strike Feb 08 '16 at 22:42
  • @YeniaulAdrianad, plus, if there's a way for _you_ to embed a file's own hash in the file, how does that accomplish your goal of making sure users don't modify it? A user could trivially find this post, learn how to do it, modify the file and update its hash to match! – ChrisGPT was on strike Feb 09 '16 at 15:16
  • @Chris but Py2exe! And obfuscation! – Yeniaul Adrianad Feb 19 '16 at 02:11
  • @YeniaulAdrianad, I hope that's a joke? IMO it's entirely irrelevant to this question. – ChrisGPT was on strike Feb 19 '16 at 02:13
  • @Chris -.- I was SAYING that unless you can reverse Py2EXE, there's no way to edit the script. if there's a way for you to embed a file's own hash in the file, how does that accomplish your goal of making sure users don't modify it? A user could trivially find this post, learn how to do it, modify the file and update its hash to match! – Yeniaul Adrianad Feb 21 '16 at 22:42
  • @YeniaulAdrianad, [security through obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity) is always a bad idea, and I found [`unpy2exe`](https://github.com/matiasb/unpy2exe) in about three seconds of searching. Don't rely on `py2exe` for security. Your goal to embed a file's own hash in itself is impractical and would provide basically no security no matter how much you argue. (The `py2exe`-compiled binary would have a different hash anyway, but I'm sure you already know that.) – ChrisGPT was on strike Feb 22 '16 at 02:14

0 Answers0