Exetools - It's not so difficult to produce two md5-collided exe files

Exetools (https://forum.exetools.com/index.php)

- General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)

- - It's not so difficult to produce two md5-collided exe files (https://forum.exetools.com/showthread.php?t=17279)

So I want to study the exe files on the final url,
do you have ever backup them?
Thank you.

Quote:

Originally Posted by Shub-Nigurrath (Post 103429)

Essential literature for MD5 and other collisions is quite simple

First episode: Instantaneous generation of colliding MD5
rodevitoyem: eprint.iacr.org/2006/104.pdf
Poter omgpet: eprint.iacr.org/2006/105.pdf
The used method is called "bit tunneling��
*nix source: web.mit.edu/AFS/sipb/project/fastcoll/
win32 source: www.win.tue.nl/hashclash/fastcoll_v1.0.0.5_source.zip
win32 binary: www.win.tue.nl/hashclash/fastcoll_v1.0.0.5.exe.zip
Real-time generation of different files with the same MD5
Quite useless still because the files are fuzzy bloat of bits.

Second episode: Also other hash algorithms are colliding (2005)
How to Break MD5 and Other Hash Functions(Xiaoyun Wang and Hongbo Yu)
http://www.iacr.org/cryptodb/archive/2005/EUROCRYPT/2868/2868.pdf
Colliding X.509 Certificates (Arjen Lenstra, Xiaoyun Wang and Benne de Weger)
www.win.tue.nl/~bdeweger/CollidingCertificates/CollidingCertificates.pdf

Third Episode:different exe with the same MD5, CRC32, cksum16 e cksum32 (2005/2006)
EXEs with the same CRC32, and also 8 different files with the same MD5.
These are real exe with different functions
hexale.blogspot.com/2005/12/taking-advantage-of-md5-for-real.html
final url seems to not be anymore available anyway.. there were two interesting PoC launchers also provided

Fourth episode: the list of colliding things gets longer .. see attach

Quote:

Originally Posted by Shub-Nigurrath (Post 103429)

........
Third Episode:different exe with the same MD5, CRC32, cksum16 e cksum32 (2005/2006)
EXEs with the same CRC32, and also 8 different files with the same MD5.
These are real exe with different functions
hexale.blogspot.com/2005/12/taking-advantage-of-md5-for-real.html
final url seems to not be anymore available anyway.. there were two interesting PoC launchers also provided

.........

The executable for (different exe with the same MD5, CRC32, cksum16 and cksum32) can be downloaded from:

http://www.coresecurity.com/system/f...16-cksum32.zip

Hope it helps someone! :)

For another example and a detailed walk-through which you could try, see the following link:
http://www.win.tue.nl/hashclash/SoftIntCodeSign/

Authors
Marc Stevens, CWI, Amsterdam, The Netherlands
Arjen K. Lenstra, EPFL, Lausanne, Switzerland, and Bell Labs, Murray Hill, USA
Benne de Weger, TU/e, Eindhoven, The Netherlands

are the pioneers in producing MD5 collisions across a variety of things! :)

and if you want to deep dive into more specifics, then visit

http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/

Hope it helps someone! :)

Quote:

Originally Posted by foosaa (Post 103467)

Terrific!
pow(2,50) calls to md5(), costing 6 months.

While this involves computing power not accessible to all of us, I had already read some of this stuff and the article on the practical case of creating a rogue CA, compromising the entire https security.
http://www.win.tue.nl/hashclash/rogue-ca/

They describe the process in detail, which includes interesting stuff not only to learn some of the md5 details but also the https / PKI workings, for those who haven't explored it before.
Using 200 PS3 machines, they could generate during one weekend 3 or 4 collisions, and after some tries reportedly succeeded in creating a certificate that any browser would accept as a legitimate CA :)
A fun read indeed.

Indeed for what concerns the rougue-CAs the best way is always to break what's existing and catch low hanging fruits. I mean, there are so many house-made CAs in enterprises (e.g., handling enterprise stores, VPNs, and so on) that are vulnerable, not enough protected or even not updated that it is enough for years ahead. Not speaking of certificates that can be stolen from the enterprise BYOD terminals..

These studies are extremely interesting, but are accademic exercises, meant to force CA producers/sw vendor to change default hash algos or crypto suites. The problems above instead, will stay, whatever hash algo you use :-)