The 1337 PNG Hashquine | Hackaday

A hashquine is a enjoyment way to demonstrate off your crypto-methods — It’s a file that has its personal hash. In some file kinds it is trivial, you just pick the hash to hit, and then place random facts in a comment or other invisible field till you get a collision. A Python script that prints its have hash would be uncomplicated. But not every single file variety is so easy. Get PNG for instance. these data files are break up into chunks of knowledge, and each chunk is equally CRC-32 and adler32 checksummed. Make a single transform, and every thing variations, in three destinations at when. Good luck locating that collision. So how specifically did [David Buchanan] generate that gorgeous PNG, which does in actuality md5sum to the price in the image? Quite cleverly.

md5sum hashquine.pngLuckily [David] shared some of his tricks, and they are quite neat. The technique he facts is a satisfy-in-the-middle hack, the place 36 pairs of MD5 collision blocks are uncovered, with the knowledge that these 36 blocks will get extra to the file. For every block, either A or B of the pair will get plugged in at that site, and the md5sum won’t change. It’s a complete of 2^36 feasible mixtures of these blocks, which is extra computation than was practical for this unique hack. The option is to pre-compute the success of each and every possible blend of the to start with 18 blocks, and retailer the benefits in a lookup desk. The 2nd 50 percent of the collisions are run backwards from a goal CRC benefit, and the result checked towards the lookup desk. Come across a hit, and you just found a sequence of blocks that matches equally your focus on md5sum and CRC32 final results.

Many thanks to [Julian] for the tip! And as he explained it, this hack is just one that will get much more amazing the much more you imagine about it. Appreciate!

Leave a Reply