MD5 Hash Collision Lab

Notes

• This lab is based on the MD5 Collision Attack Lab by Wenliang Du.

  • Copyright 2018 by Wenliang Du. This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. If you remix, transform, or build upon the material, this copyright notice must be left intact, or reproduced in a way that is reasonable to the medium in which the work is being re-published.

  • I have simplified this to make it more accessible to beginning programmers/non-programmers
  • I have adapted it to our local environment.
  • You should read through the above lab for a more complete coverage.
• The goal is to demonstrate the collision weakness in the MD5 hash function.
• We will attempt to build two different executable files with the same MD5 sum.
  • This will take advantage of the fact that each 512bit block is processed independently.
  • The state of the computation is based on the previous state.
  • And it is possible to build "nonsense segments" that are different but have the same hash value.
• So we will
  • Produce code with at least a 512 bit (128 characters) data set that has minimal impact on a computation.
  • Split the executable at this point, into two pieces
  • insert two different 512bit blocks with the same hash value but different values.
  • Concatenate the executable back to form two different executable files.
• This is very easy for us to detect, but
  • Remember, we are working on a simplified solution.
  • A proof of concept.
  • We could be much more sophisticated and be far less detectable.

  From here:

  • Setup for the lab
  • Make two different executable files with the same MD5 Hash.
  • Make a benevolent and malicious version of the executable.