Integrity Checker
By Sarah Dean
Last updated: 30th April 2006
Contents
Description
Integrity Checker is a
straightforward application that checks the integrity of your files to
ensure they have not been tampered with.
The files you select for
protection will have their "known good" size stored together with
either a hash or HMAC (user selectable) generated from the contents of
each file. By comparing this
information with what is actually stored on your drives later, any
changes will be flagged up for your attention.
Screenshots of Integrity Checker are available.
Please email any bug reports, feature requests, comments, etc to me
at sdean12@sdean12.org
The latest version (as of 30th April 2006) is v2.0
The latest version is always available at: http://www.SDean12.org/IntegrityChecker.htm
Download
Download latest stable Integrity Checker
executables
Download source code for the
above stable version (see also SDeanComponents to download the OTFE, etc components required to compile this software)
Hashes and PGP signatures of the Integrity Checker software, as downloaded,
are available here
A beta version of the development version of Integrity Checker can also be downloaded. Note: This link may not work. If it doesn't, and you can download
the stable version, a beta version of the next version has not yet been
released. The beta version is unsupported, but please feel free to email
me if you have any comments on it.
Notes
-
Please, do read the documentation in this file before emailing
me! I know it's not much, and only really covers the basics, but...
-
Pretty much everything in Integrity Checker works as it seems, so I won't
go into too much detail as to how everything works. Besides, who reads
manuals anyway? ;) Anything you're not too sure of, just make an educated
guess; you'll probably be right!
- From
the main window, doubleclicking on a file will display details for that
file (including hash/HMAC value). Rightclicking brings up a context menu with various options.
-
Integrity Checker does not write anything to the Windows registry (for those that
are interested), unless you opt to associate ".ic" files with it.
- You may associate ".ic" files with Integrity Checker by selecting "View|Options...".
- You
can pause and/or cancel operations by clicking on the list of files (or
where the list is normally displayed; when adding directories the list
is not shown for performance reasons). The current operation will be paused after the current file has been processed.
- The file status indicator shows each file as being in one of the following states:
Status
|
Meaning
|
OK
|
The file details stored match those of the file currently stored on disk
|
Changed
|
The file details stored do not match those of the file currently stored on disk |
Deleted
|
The file has been deleted (or renamed).
|
Unchecked
|
The file could not be checked (e.g. if the file on disk is currently opened by another application)
|
Unknown
|
The file has not yet been checked to see if it has changed or not
|
- If
you use Integrity Checker together with an OTFE (on-the-fly encryption) system (e.g. FreeOTFE) to ensure your
system's security, it is recommended that you store a copy of the
Integrity Checker executable and any ".ic" files you have created inside your OTFE volume!
After mounting your OTFE volume, it is recommended that you only use
the copy of Integrity Checker and ".ic" files stored within the volume, and
for obvious security reasons - if your non-OTFE copy was compromised by an
attacker...
- Using
HMACs for your files is more secure than straightforward hashing. If
simple hashing is used, any
attacher wishing to modify files on your system can simply update your
".ic" files to match any files modified - effectivly covering their tracks. This form of
attack is not possible if
HMACs are used, since they require a password which is incorporated into
the hashing process. Any modifications to an ".ic" file which uses HMACs will result
in the HMACs it stores failing to match those of your files - alerting you of the tampering.
- For further information on HMACs, how they're generated and protect data, please see RFC2104 and RFC2202
-
Legal stuff:
-
I retain all rights to this software
-
You are free to distribute this software, although no charge may be
made of any kind for doing so (that includes any fees for copying and/or
the distribution media)
-
If you distribute this software, this file must be included with it, intact
and unmodified.
-
Any software derived from any part of Integrity Checker and/or it's source
code is to be released as freeware with full source code
-
Blah, blah, blah ... you use this software at your own risk ... blah, blah
... author takes no responsibility ... blah, blah ... (i.e. the usual disclaimers,
etc.)
Command Line Summary
Integrity Checker supports the following command line parameters:
|
-load <filename> |
Automatically load list contained in <filename> at startup
Note: If the path or filename specified has spaces in it, don't forget to surround <filename> with double quotes!
|
-hmac <key>
|
A key to be used for HMAC operations. If this is not specified, and one is needed, the user will be prompted for it.
|
-check
|
Check files in loaded list (requires "-load" to be present) |
|
-silent |
Do not show main dialog, but do show integrity check report when complete
|
|
-verysilent |
Do not show main dialog, or any other dialogs unless something goes wrong (e.g. integrity check fails one or more files) |
|
-quit |
Quit after carrying out command line instructions (i.e. load, check)
Note: If "-silent" or "-verysilent" is specified, "-quit" is implicit |
.ic File Format
".ic" files are straight text files with the following layout:
Version=<file version ID>
Hash=<hash used>
FileCount=<count of files in list>
KeyCheckRandom=<random data>
KeyCheckHMAC=<random data HMAC'd with the user's key>
<blank line>
Filename=<first filename>
FileSize=<first file's size>
FileHash=<first file's hash>
<blank line>
...Repeat the last 4 files for each file in list
Note: <file version ID>
identifies the version ID of the file format used - NOT the version of
the application creating the file. At present valid <file version ID> values are: 1.00 and 2.00
v2.00 always includes KeyCheckRandom and KeyCheckHMAC. v1.00 always omits these.
KeyCheckRandom is simply a string of random letters, characters, etc
while KeyCheckHMAC is KeyCheckRandom HMAC'd with the same user key as
used to HMAC the files listed. These two are used in order to check
that the user enters the correct HMAC key. If the user is not HMACing
their files (just using straightforward hashes), the values of these
entries are to be set to empty strings.
TODO List
-
Sort out my PGP installation so that I can specify a PGP signature that
can be used to check the authenticity of the packages.
-
The source code could do with a little tidying up...
- Add
support for drag'n'drop "ic" files onto the application (drag 'n' drop
for ".ic" files to load them, or files & directories to add them to
the current list?)
- Add support for stuff like ".md5" files - the file checked is the same filename as the .md5 file, less the .md5 extension. (Note to self: md5 file may have other stuff in it, like the filename of the file to be checked, or multiple files/hashes)
- Filter the list of files to show only deleted/failed/whatever
files? (This is a low priority as it would probably involve more work
that it's worth - and you can always view this information by selecting "View|Report..." after carrying out an operation)
-
etc, etc...
Known Bugs
Bugs with v2.0:
Appendix A: Version History
- v2.0 (30th April 2006)
- Added HMAC support for greater security
- Changed email address from sdean12@sdean12.org to (finally!) sdean12@sdean12.org
- Updated PGP public key to reflect new email address
- Improved support for MS Windows XP Themes
- Switched from Delphi 5 to Delphi 7
- v1.0.1 (6th April 2005)
-
v1.00.00 (4th April 2005) - Initial release
Appendix B: PGP Public Key
To send PGP encrypted email to me, please feel free to use the following
PGP public key block:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com
mQGiBDekay4RBADuX/QEq7W9POZ3V5xIGj4lpO4+LB+LhY2+ZMi0/jMtsMQg6niJ
ctPBjyKCmm0LwleojZyLo7ArJ1Bkw4dswYbaULEDC+nB4KEwOsJzfdceJ8jI063g
KFZylqpuhAdEKr0am1UScp91O9HndO/TvW+Tz26MGdpHZMSR6ppAISyhSQCg/+eD
Me3ocRdWgJRK3QFPqJ8sZ4sD/jOzuQoWEjcCS+9RCW3ciCbBdsdpeZ+JTSwwiurj
tQ+vOZVmDxx+rBuN2f20BqeXGA1ySaZBkO3FTEcctxN37v7lh7LVa2Has+RZyNL1
P35sTUgJW0/v6ZcevG4pTMhWjQWPQsUGKHVIvHekEDTy+aeYb3kUvZBWJVnQXgJC
3oc/A/9OzHJMDyyezEDdElqAggilPatwIM61WdtX6r0fWF+JG0KrrNCD3PS6FR3O
EVryJdhgqUnmgjUYap50w2IeAgcRronaI8rxaQJHpp2v213Tt8b2Bs/FkZ77AAzI
xLgvQUQkhL8GNf3gtEO8ATJXVB6yswTWgmOFzCHSMH4zYJziprQgU2FyYWggRGVh
biA8c2RlYW4xMkBzZGVhbjEyLm9yZz6JAEsEEBECAAsFAkPGE8oECwMCAQAKCRAt
2N+++s56l4HlAKC32vR75faqWiy9+pcaDkcsiWoy1wCdFl5khqK1wDDnscmFEeWM
7jPhxoe5Ag0EN6RrLhAIAPZCV7cIfwgXcqK61qlC8wXo+VMROU+28W65Szgg2gGn
VqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZSTz09jdvOmeFX
klnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI61Brwv0YAWCvl
9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/ClWxiNjrtVjLhd
ONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrKlQzZlp+r
0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVekyCzsAAgIH/2eFQW6w68YNeovi
EvJt1i41orLsBIvbR8M3ql6ly75zdIScRCREtORSb2JNRXkfiqc7Fca6gnmqUBNU
woo4NJAjyEz7ADyUxcA+uAU57anyqZeXUhQUZ5s/wEU77nYBFx0fNh+SlsNF4yL8
z5vJQvwUGJLvLZs1Ap1RSGxYMWJk0kdBu2j5wS0el6FrpqoXzrJZpPUpiegUPOqY
hg54Q0ddn9ksGO4LJUClhIjX/y54Pu9cWrcO+mKJ2kSZOM6zCXqErIek3J4xYy/W
CxJHtXjLEg5y2XMam45qKC6CmKcFwJJiVufWSWSCqqVYG30f9g1w44AYmn/VCIXx
t6ygcr6JAEYEGBECAAYFAjekay4ACgkQLdjfvvrOepdPnACg1HGvpsdlEQkb8VZc
rWbmoZyMLoYAoPBjVMIiYkdWD2t0cKaR/de8Rjct
=Hejr
-----END PGP PUBLIC KEY BLOCK-----
Email me at: sdean12@sdean12.org
Return to the main page page