Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #16  
Old 12-24-2015, 01:48
BlackWhite BlackWhite is offline
Friend
 
Join Date: Apr 2013
Posts: 80
Rept. Given: 4
Rept. Rcvd 14 Times in 6 Posts
Thanks Given: 12
Thanks Rcvd at 48 Times in 21 Posts
BlackWhite Reputation: 14
So I want to study the exe files on the final url,
do you have ever backup them?
Thank you.

Quote:
Originally Posted by Shub-Nigurrath View Post
Essential literature for MD5 and other collisions is quite simple

First episode: Instantaneous generation of colliding MD5
rodevitoyem: eprint.iacr.org/2006/104.pdf
Poter omgpet: eprint.iacr.org/2006/105.pdf
The used method is called "bit tunneling�
*nix source: web.mit.edu/AFS/sipb/project/fastcoll/
win32 source: www.win.tue.nl/hashclash/fastcoll_v1.0.0.5_source.zip
win32 binary: www.win.tue.nl/hashclash/fastcoll_v1.0.0.5.exe.zip
Real-time generation of different files with the same MD5
Quite useless still because the files are fuzzy bloat of bits.

Second episode: Also other hash algorithms are colliding (2005)
How to Break MD5 and Other Hash Functions(Xiaoyun Wang and Hongbo Yu)
http://www.iacr.org/cryptodb/archive/2005/EUROCRYPT/2868/2868.pdf
Colliding X.509 Certificates (Arjen Lenstra, Xiaoyun Wang and Benne de Weger)
www.win.tue.nl/~bdeweger/CollidingCertificates/CollidingCertificates.pdf


Third Episode:different exe with the same MD5, CRC32, cksum16 e cksum32 (2005/2006)
EXEs with the same CRC32, and also 8 different files with the same MD5.
These are real exe with different functions
hexale.blogspot.com/2005/12/taking-advantage-of-md5-for-real.html
final url seems to not be anymore available anyway.. there were two interesting PoC launchers also provided

Fourth episode: the list of colliding things gets longer .. see attach
Reply With Quote
  #17  
Old 12-24-2015, 15:11
foosaa foosaa is offline
Friend
 
Join Date: Dec 2005
Posts: 106
Rept. Given: 36
Rept. Rcvd 13 Times in 11 Posts
Thanks Given: 163
Thanks Rcvd at 84 Times in 32 Posts
foosaa Reputation: 14
Smile

Quote:
Originally Posted by Shub-Nigurrath View Post
........
Third Episode:different exe with the same MD5, CRC32, cksum16 e cksum32 (2005/2006)
EXEs with the same CRC32, and also 8 different files with the same MD5.
These are real exe with different functions
hexale.blogspot.com/2005/12/taking-advantage-of-md5-for-real.html
final url seems to not be anymore available anyway.. there were two interesting PoC launchers also provided

.........
The executable for (different exe with the same MD5, CRC32, cksum16 and cksum32) can be downloaded from:

http://www.coresecurity.com/system/f...16-cksum32.zip

Hope it helps someone!
Reply With Quote
  #18  
Old 12-24-2015, 15:28
foosaa foosaa is offline
Friend
 
Join Date: Dec 2005
Posts: 106
Rept. Given: 36
Rept. Rcvd 13 Times in 11 Posts
Thanks Given: 163
Thanks Rcvd at 84 Times in 32 Posts
foosaa Reputation: 14
For another example and a detailed walk-through which you could try, see the following link:
http://www.win.tue.nl/hashclash/SoftIntCodeSign/

Authors
Marc Stevens, CWI, Amsterdam, The Netherlands
Arjen K. Lenstra, EPFL, Lausanne, Switzerland, and Bell Labs, Murray Hill, USA
Benne de Weger, TU/e, Eindhoven, The Netherlands

are the pioneers in producing MD5 collisions across a variety of things!

and if you want to deep dive into more specifics, then visit

http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/

Hope it helps someone!
Reply With Quote
The Following 2 Users Say Thank You to foosaa For This Useful Post:
BlackWhite (12-26-2015), quygia128 (12-30-2015)
  #19  
Old 12-26-2015, 21:54
BlackWhite BlackWhite is offline
Friend
 
Join Date: Apr 2013
Posts: 80
Rept. Given: 4
Rept. Rcvd 14 Times in 6 Posts
Thanks Given: 12
Thanks Rcvd at 48 Times in 21 Posts
BlackWhite Reputation: 14
Quote:
Originally Posted by foosaa View Post
For another example and a detailed walk-through which you could try, see the following link:
http://www.win.tue.nl/hashclash/SoftIntCodeSign/

Authors
Marc Stevens, CWI, Amsterdam, The Netherlands
Arjen K. Lenstra, EPFL, Lausanne, Switzerland, and Bell Labs, Murray Hill, USA
Benne de Weger, TU/e, Eindhoven, The Netherlands

are the pioneers in producing MD5 collisions across a variety of things!

and if you want to deep dive into more specifics, then visit

http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/

Hope it helps someone!



Terrific!
pow(2,50) calls to md5(), costing 6 months.
Reply With Quote
  #20  
Old 01-09-2016, 07:15
Mkz Mkz is offline
Friend
 
Join Date: Jan 2002
Posts: 98
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 5
Thanks Rcvd at 25 Times in 17 Posts
Mkz Reputation: 2
While this involves computing power not accessible to all of us, I had already read some of this stuff and the article on the practical case of creating a rogue CA, compromising the entire https security.
http://www.win.tue.nl/hashclash/rogue-ca/

They describe the process in detail, which includes interesting stuff not only to learn some of the md5 details but also the https / PKI workings, for those who haven't explored it before.
Using 200 PS3 machines, they could generate during one weekend 3 or 4 collisions, and after some tries reportedly succeeded in creating a certificate that any browser would accept as a legitimate CA
A fun read indeed.
Reply With Quote
The Following User Says Thank You to Mkz For This Useful Post:
tonyweb (01-10-2016)
  #21  
Old 01-11-2016, 18:03
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 919
Rept. Given: 60
Rept. Rcvd 419 Times in 94 Posts
Thanks Given: 68
Thanks Rcvd at 328 Times in 100 Posts
Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499
Indeed for what concerns the rougue-CAs the best way is always to break what's existing and catch low hanging fruits. I mean, there are so many house-made CAs in enterprises (e.g., handling enterprise stores, VPNs, and so on) that are vulnerable, not enough protected or even not updated that it is enough for years ahead. Not speaking of certificates that can be stolen from the enterprise BYOD terminals..

These studies are extremely interesting, but are accademic exercises, meant to force CA producers/sw vendor to change default hash algos or crypto suites. The problems above instead, will stay, whatever hash algo you use :-)
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Difficult debugging situation Git General Discussion 4 10-21-2005 20:13
cracking jcreator, is it difficult? doby General Discussion 6 09-27-2004 16:15


All times are GMT +8. The time now is 12:45.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )