I've been thinking a bit about the use of hashes and whether it is actually appropriate to use at all for interactive things like PDF files.
And my conclusion is nah, neh, nope. Although It's all about context.
Anyhow to proof a tiny point, here's proof of concept.
2 executables with the same SHA-1 & MD5 sum.
To test:
- Download the poc file on any windows machine.
- Unzip with 7zip
- Run both executable
- Verify with a tool of your choice that the SHA-1 & MD5 checksums correspond.
(The machine does not need an internet connection)
One of the binaries will print "Evil" while the other will print "Liev" (a Dutch word for nice/cute)
Figuring out how this works.. is an exercise for the reader :)
Please be very cautious about using hashes/checksums and think about what purpose you are using them for.
GetModuleFileName or argv[0]?
BeantwoordenVerwijderenchange the filenames and find out ;)
VerwijderenYou can swap around the filenames all you like :)
VerwijderenUnpacking with 7zip onto a network drive (actually a VirtualBox shared folder) and executing gives "Evil" for both files.
BeantwoordenVerwijderenUnpacking with KDE Ark 16.12.2 and then copying it to the NTFS drive of the Win 7 VM gives "I will not reveal my secrets to you" for both files.
Has anyone tried unpacking onto a FAT32 filesystem? I'm about to go to bed and too lazy right now to get out a pendrive.
isn't the correct spelling lief, not liev?
BeantwoordenVerwijderenAbsolutely, but I spelled phonetically
VerwijderenThank you! That was a fun challenge? Should I share the results?
BeantwoordenVerwijderenPlease, share!
VerwijderenFeel free to, ofcourse :)
BeantwoordenVerwijderenhttps://medium.com/@dalmoz/a-collision-too-perfect-279a47fb5d42
BeantwoordenVerwijderenFinally... Thank you!
Verwijderen