How can code (reliably) detect a change in itself?

Question

Supposed I have written a program, and I want to make sure that its code will not be changed (for now, let's assume we are using an interpreted / scripting language, so "just compile it" is not a valid answer).

So I would like to detect if someone changes the code. How can I do this reliably?

The most obvious way is to hash the code, put the hash into the code, and verify it - but of course this does not work, as it is pretty easy to simply rehash the code. You would have to know the hash in advance and put it into it while calculating the hash, but this is a chicken-egg problem, obviously.

Are there any other options that are reliable?

As far as I know: No. You also don't really specify what you mean by: "I would like to detect if someone changes the code". What would happen if a change was detected? — KIKO Software, Mar 19 '17 at 10:38
What's the problem you're trying to solve, or risk you're trying to mitigate, with this? — jonrsharpe, Mar 19 '17 at 10:49
@KIKOSoftware The software should just be able to detect it, without anyone being able to disable the protection. — Golo Roden, Mar 19 '17 at 20:15
@jonrsharpe It's not an actual problem at hand, it's more out of curiosity and interest. — Golo Roden, Mar 19 '17 at 20:15
@Golo: What is the point of detecting a change, reliably, when you won't use this detection for anything? It could stop the code executing, or tell the user the code was tampered with, but no, it does nothing. Why? Anyway, if there's access to the source code of the detector, it can always be disabled. — KIKO Software, Mar 19 '17 at 20:26
The only way, you can protect your PHP code reliably, is if part of what it does is handled by code that you control, for instance on a webserver. This is normally done by creating an API, which is just a way to give users access and protect the code at the same time. Just a random link: https://api-platform.com (I think you know all this?) — KIKO Software, Mar 19 '17 at 20:33
@KIKOSoftware Have you never tried anything, just because it's a brain teaser, and you wanted to solve it? By the way, I have not been talking about PHP. And yes, I know what APIs are, how web platforms work, and all this. It's a riddle, if you want to say so. Not more, not less. — Golo Roden, Mar 19 '17 at 21:29
@Golo: How interesting this might be, in theory, I was expecting that there was a concrete issue behind your question. There isn't. That's a pity. See: https://stackoverflow.com/help/on-topic — KIKO Software, Mar 19 '17 at 21:37
Curiosity and interest are great, but a very poor fit for practical and answerable Q&A; there's no goal state to tell you when it's answered, no way to determine appropriate requirements and constraints. — jonrsharpe, Mar 19 '17 at 23:35
@jonrsharpe Yes, there is: The question is answered if somebody comes up with a "yes, like this: ..." or "no, can't be done, because ..." answer. — Golo Roden, Mar 20 '17 at 20:32
But that's rarely the kind of answer to questions like this. The answers change over time (we used do it like X but now Y has come up with Z...), depending on where you're deploying code (on Q OS you can use this but R doesn't have it), etc.That's why the context and constraints of a practical problem help, it avoids http://xyproblem.info. I suspect the short answer to this is "no" - there's no way to write a program that can reliably detect whether it's been modified, because it can't tell whether the modification detection functionality has been modified. — jonrsharpe, Mar 20 '17 at 21:56

xhg · Answer 1 · 2017-03-19T10:49:39.940

2

You can use asymmetric cryptography (should be digital sigantures scheme). Use key A to encrypt the hash of the code and ship with your main software, then you program use key B to decrypt the shipped hash to see if they match. Since you are the only one that can do the encryption, others cannot fake a shipped hash.

Append:

But I think it cannot solve the TRUE problem. One might modify your code even the key B shipped with it. So in order to achieve your goal, the verification has to be done by 3rd party like platform (Operating System). For example: Apple's gatekeeper.

edited Mar 19 '17 at 10:49

answered Mar 19 '17 at 10:44

xhg

1,850
2
21
35

This does not actually solve the problem, because it would be easy to completely remove the check. So this only moves the problem to another layer, doesn't it? – Golo Roden Mar 19 '17 at 20:18
Yep, since by the time I wrote the answer, I realize it is impossible to keep the integrity by itself, because itself is mutable and all integrity checking can be disabled. So it has to be done by another party. – xhg Mar 19 '17 at 20:22
Just like software cracking always exists – xhg Mar 19 '17 at 20:23

score 0 · Answer 2 · answered Mar 21 '17 at 08:57

No, it can't be done.

... because in the end the code has to be executed by a computer. That means that your code, or any transformation of it, is available on the machine running it, and therefore it can, in theory, be changed.

The fact that it can be changed means that the detector, that detects any change to the code, can be changed as well. Hence such a detector is never totally reliable.

How can code (reliably) detect a change in itself?

2 Answers2