[BlackWhite]

It's well known that for a given md5 hash, we have no way to
calculate its message. And for the same reason, for a given file,
we have no way to produce another file whose md5 hash equals
to the given one.
According to Wang Xiaoyun's theory, we can produce two
128-bit data blocks whose md5 hashes collide. So why don't
we exploit these 128-bit collisions to produce two md5-collided
exe files?
Here is my method. Let's assume the first exe file is exe1, and
the other is exe2, then these two files are composed as follows:
exe1 = if(condition) func1(); else func2(); + func1() + func2() + md5_1
exe2 = if(condition) func1(); else func2(); + func1() + func2() + md5_2
Here "if(condition) func1(); else func2(); + func1() + func2()" is the
compiled exe file corresponding to exe1 or exe2(actually their source codes
are the same), while md5_1 & md5_2 are overlays appended to the compiled
exe file. And, md5_1 and md5_2 are two 128-bit md5-collided data blocks
calculated by applying Wang's theory, and on producing these collided
blocks, we should not use MD5's default seed values(0x67452301,
0xEFCDAB89, 0x98BADCFE, 0x10325476), in stead, we should use
md5(compiled exe file) as md5's seed value where the final step called
md5_final() should be removed, so that the collision between
md5_1 and md5_2 can be enlarged and finally results in the collision between
exe1 and exe2.
The "condition" mentioned above is to check one bit of the overlay.
The attachment is a zip file containing the source code and 2 md5-collided exe files.