Closed Leseratte10 closed 4 years ago
DacoTaco
commented
4 years ago have you verified that the array is undefined? in theory it should indeed be undefined which means it can be anything (0xFF , 0x00, 0x84, ... ), but normally it should come from the stack and the stack should be 00 from the loader that loaded the binary (afaik).
even if its undefined it should never be a full 0xFF or actual hash, right?
Leseratte10
commented
4 years ago "verified" that it is undefined? Per the C standard, a local non-static variable declared inside a function is undefined. Even if it's set to 00 in this version, that could always change with a new compiler update. It's unlikely that it'll be a full hash consisting of just 0xff, but currently the memset only sets the first five bytes, not the full hash. Still unlikely, but not impossible. The stack doesn't always contains 00, it might contain 00 at program start, but that function isn't executed at the start. Assuming the compiler doesn't do anything special, it'll probably contain whatever the previous function left on the stack.
In the installer, FileHash_D2 is set to 0xff to ensure it is different from FileHash_D1. However, FileHash_D1 isn't set anywhere, that means its contents are undefined, and could in theory be 0xFF, which could cause the installer to believe that two blocks of memory are identical when the hashing fails. The D1 hash should be explicitly set to something different.