Skip to content

Instantly share code, notes, and snippets.

@zer0tonin

zer0tonin/MainClass.java

Created November 18, 2016 19:58
Show Gist options
  • Save zer0tonin/059b47be7ec609eae26bd052ab3d735d to your computer and use it in GitHub Desktop.
Save zer0tonin/059b47be7ec609eae26bd052ab3d735d to your computer and use it in GitHub Desktop.
Download ZIP
Minimal AV engine
Raw
MainClass.java
import java.io.*;
import java.nio.file.Files;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
public class MainClass {
public static void main(String args[]) {
try {
BufferedReader sigReader = new BufferedReader(new InputStreamReader(new FileInputStream("Signature.DAT")));
String sigLine = null;
//Reading all the signatures
try {
while ((sigLine = sigReader.readLine()) != null){
ArrayList<String> detected = detection(sigLine);
//Printing the List of detected files
if(!detected.isEmpty()){
System.out.println("Signature " + sigLine +" detected in :");
for(Iterator<String> it = detected.iterator(); it.hasNext(); ){
System.out.println(it.next());
}
} else {
System.out.println("No detection for signature " + sigLine);
}
}
} catch (IOException e) {
e.printStackTrace();
}
} catch (FileNotFoundException e) {
e.printStackTrace();
}
}
public static ArrayList<String> detection(String signature) {
ArrayList<String> result = new ArrayList<String>();
//Listings the files in program
File folder = new File("Programs");
ArrayList<File> suspects = new ArrayList<File>(Arrays.asList(folder.listFiles()));
for (Iterator<File> it = suspects.iterator(); it.hasNext();){
File current = it.next();
switch(signature.length()){
case 32 :
if(md5(signature, current)){
result.add(current.getName());
}
break;
case 40:
if(sha1(signature, current)){
result.add(current.getName());
}
break;
default :
if(sigInFile(signature, current)) {
result.add(current.getName());
}
break;
}
}
return result;
}
/*
* Checks if every line in the file contains the signature
*/
public static boolean sigInFile(String signature, File suspect) {
try {
BufferedReader fileReader = new BufferedReader(new InputStreamReader(new FileInputStream(suspect)));
String line = null;
try {
while((line = fileReader.readLine()) != null){
if(line.contains(signature)){
return true;
}
}
fileReader.close();
} catch (IOException e) {
e.printStackTrace();
}
} catch (FileNotFoundException e) {
e.printStackTrace();
}
return false;
}
//Compares the signature with the md5
public static boolean md5(String signature, File suspect) {
MessageDigest md;
try {
md = MessageDigest.getInstance("MD5");
byte[] fileArray;
try {
fileArray = Files.readAllBytes(suspect.toPath());
md.update(fileArray);
byte[] md5filearray = md.digest();
String result = "";
for (int i=0; i < md5filearray.length; i++) {
result += Integer.toString( ( md5filearray[i] & 0xff ) + 0x100, 16).substring( 1 );
}
result = result.toUpperCase();
if(signature.contains(result)){
return true;
}
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return false;
}
//Compare the signature with the SHA1
public static boolean sha1(String signature, File suspect) {
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] fileArray;
try {
fileArray = Files.readAllBytes(suspect.toPath());
md.update(fileArray);
byte[] sha1filearray = md.digest();
String result = "";
for (int i=0; i < sha1filearray.length; i++) {
result += Integer.toString( ( sha1filearray[i] & 0xff ) + 0x100, 16).substring( 1 );
}
result = result.toUpperCase();
if(signature.contains(result)){
return true;
}
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return false;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment