MD5 Help!
 

Is there any way to edit the MD5 of a file? or some program that does this?
:confused::confused:
Thank you for your help!

The MD5 of a file is a calculation based upon the data contained within it. Changing one byte in the file will result in a completely different hash. There is no way to predict the result of a hash or change the file in a way to get a specific hash you want. If the program calculates its own MD5 for an integrity check, one way that you can do that would be to patch its MD5 hash routine to return the value you want. To do this, just see what registers or stack addresses the MD5 values are returned on and simply patch the routine to feed in the correct values. There will be 4, 32-bit values in all. The patch code would look something like:

@chessgod101,

How do I find the MD5 hash routine and correct it? and what program to use?

here is some info

There was some work done and a program produced which did much better than brute force. It's on my old computer, I'll try to find it soon.

Git

@byvs
I believe that when you apply the patch in your app any error message is displayed, it would not be possible for you trace this error using the call stack of olly?

Why not to use the excellent cryptochecker by Alephz?
http://forum.exetools.com/showthread.php?t=13569

it can help to find it.

@Guys!
To summarize my questions:
A file unpacked by MPRESS. After unpacking, the file opens and closes soon after without displaying an error message. I wonder what is happening and may be possible to enlist the help of friends from forum to resolve the problem.

Information:
File / Header CheckSum: 009C4B55 / 00315E12

+ Crypto Check for file '.\Unpacked.exe' [00000000:009B5B5A]

(*** sorry my english, because use Google translator)

send me file on pm i wanna look

@byvs:
Hi,

Try to set a BP on TerminateProcess, MessageBox, ...
Or BPs on ALL API...

Regards.

@LaDidi:

And how do I do that? This is the "X" in the question !. could teach me?

Regards.

In my opinion,if you want to patch th MD5 value, the best way is to find the original value which hasn't been encrypted.That would be more easy.

1.You must sure what algo CLEAR MD5(without modification init table)
2.You must find programm/procedure WHO calc CheckSum(and find start/length adresses)
3. You must find place,where store original MD5 CheckSum (recalculateand replace )
4. Also useful procedure check/compare MD5 in you program
PS for brutforce MD5 chech sum aloso uses rainbow tables, but i think its noy you way
PSS sory for my "GOOD" english

@byvs:
If you use Olly, it's easy.
Seach for all intermodular call, BPx on API you need.
When you break use Call stack.

Are you positive it's caused by an invalid md5 sum?
Perhaps it's something more common like the packed file has an overlay or it is checking a value from the pe header like section size.