Scribd
Upload
32 views

Assignment No 01 Info Security

The document discusses a Python program that implements polymorphism to generate different versions of a 'Hello World' program each time it is run. The program generates random garbage data and inserts it into the code before saving and executing the file. A cryptographic hash is also generated as a signature for each unique file.

Uploaded by

Aleeza Anjum
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
32 views

Assignment No 01 Info Security

The document discusses a Python program that implements polymorphism to generate different versions of a 'Hello World' program each time it is run. The program generates random garbage data and inserts it into the code before saving and executing the file. A cryptographic hash is also generated as a signature for each unique file.

Uploaded by

Aleeza Anjum
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Information Security

Assignment no: 01

Submitted to: Dr. Abid Rauf

Submitted by: Aleeza Anjum (20-CS-101)

Moaz Ali (20-CS-69)

1
Problem:
In class, we discussed about mutation in viruses. Viruses changes themselves to avoid detection
and we named the techniques as:

 Oligomorphic Viruses
 Polymorphic Viruses
 Metamorphic Viruses

You are required to implement any one of the above techniques. You will be using a basic “hello
world” program instead of a malicious code of virus. Yourcodedexecutable should have different
signatures after each execution. You can generate signatures using any of the known hashing
techniques.

Solution:
First, you need to install the pycryptodome library to generate cryptographic hashes:

pip install pycryptodome


Now, let's create the polymorphic "Hello, World!" program:

import os

import random

import string

from Crypto.Hash import SHA256

def generate_garbage(n):

return ''.join(random.choice(string.ascii_letters) for _ in range(n))

def polymorphic_hello_world():

garbage = generate_garbage(random.randint(10, 50))

hello_world_code = f"""

2
def main():

print('Hello, World!')

if name == 'main':

main()

Garbage data

{garbage}

"""

return hello_world_code

def save_and_execute_hello_world():

hello_world_code = polymorphic_hello_world()

file_name = f"hello_world_{random.randint(1000, 9999)}.py"

with open(file_name, 'w') as f:

f.write(hello_world_code)

os.system(f"python {file_name}")

return file_name

def generate_signature(file_name):

3
with open(file_name, 'rb') as f:

content = f.read()

hash_obj = SHA256.new()

hash_obj.update(content)

return hash_obj.hexdigest()

if name == "main":

file_name = save_and_execute_hello_world()

signature = generate_signature(file_name)

print(f"File Name: {file_name}")

Introduction
In the realm of cybersecurity and programming, polymorphism is a technique used to make code
appear different each time it's executed while retaining its core functionality. This enhances
security by making it more difficult for adversaries to analyze and detect patterns. The provided
Python program exemplifies this concept by generating a polymorphic "Hello, World!" script
adorned with random "garbage" data as comments. Additionally, it calculates a cryptographic
signature to further obfuscate the script's identity.

Dependencies
To facilitate cryptographic hashing, the program relies on the pycryptodome library. This library
can be installed via pip using the command provided.

pip install pycryptodome

Code Structure

4
generate_garbage: This function crafts a random string of ASCII letters, ranging in length
from 10 to 50 characters. The generated string serves as the "garbage" data appended to the end
of the script.

polymorphic_hello_world: Here, a Python script is assembled, featuring the classic "Hello,


World!" functionality along with the random garbage data generated by the previous function.
This combination creates a polymorphic script that exhibits unique characteristics upon each
execution.

save_and_execute_hello_world: Responsible for storing the generated script in a file with


a random name and subsequently executing it using the os.system function. The function returns
the name of the created file.

generate_signature: This function accepts a file name as input, reads its contents, and
computes its SHA256 hash using the Crypto.Hash library. The resulting hash value is returned as
a hexadecimal string, serving as the signature of the script.

Main Functionality: Within the __main__ block, the program orchestrates its primary
operations. It initiates the generation and execution of the polymorphic "Hello, World!" script via
the save_and_execute_hello_world function, followed by the calculation of its signature using
generate_signature. Finally, it prints both the name of the generated file and its signature to the
console.

Conclusion
By leveraging polymorphism, the provided code demonstrates a simple yet effective means of
enhancing code obfuscation and resilience against analysis. This technique finds application in
various security domains, including malware evasion and anti-debugging strategies, where
disguising code can be pivotal in safeguarding against threats.

You might also like