As members of a relatively small community of "computer people" at the GW campus, many of us are frequently called upon by friends, families, neighbors and random people to inspect a file they suspect may be malicious. Unfortunately, there is no obvious and easy way to do this, especially for a non-power user. Thus, we thought it would be a good idea to spend the 36 hours of HopHacks to develop a tool that allows for even the simplest of computer users to check a suspect file in the same manner as we would. In this way we are protecting the innocent dwellers who frequent the interwebs from the denizens of its exploitative dark side.
What it does
Provides advanced security for the general user - checks the file against 21 million hashes of malicious virus database and looks for and identifies executables by their headers within the file. As one of the most common methods of disguising an executable is injecting it into a MP3 song file, we also added the capacity for the application to examine and identify legitimate MP3 files as such
How I built it
We used Java to build an easy to use, portable applet that compares the file and its signatures and headers to public APIs and databases. A plan to serve either the applet or an interactive CGI page over the web was also almost implemented but roadblocked by compatibility issues that can be overcome in the future.
Challenges I ran into
Perl and Java do not "play nice", and it is very hard to make their executables start or access eachother, or share data between them. The database was also very large and took a long time to process. Finally, the Echoprint API was very complex to implement correctly.
Accomplishments that I'm proud of
The database of 21 million signatures runs efficiently and searches rapidly.
What I learned
Open source API's can be very complex to implement. Some of our team members learned a small amount of PHP, Python, and tactics for "gluing code"
What's next for Project Identity
Finishing the web based CGI page to allow for the scanning of files without the installation of an app Integrate in database, including c code for grabbing file headers Offering recommendations for apps to properly open files