MD5 enhanced verification challenge Wang Xiaoyun cracking [allyesno]

Author: allyesno

Team: freexploit

Date: 2006-05-30

I dreamed of a method to enhance MD5 verification. Woke up and tested it.

Everyone on Earth knows that MD5 has been broken by Wang Xiaoyun !!! Broken !!! Broken !!! Broken !!! Break ~~ (Shut up)

Instead of breaking down, we can use their algorithms to find the MD5 collision within several hours. You use an IBM p690 instance.

You can create two different things with the same MD5 content within an hour. A little interesting. IBM p690 is 32 CPUs, 8 GB memory

Sigh, which we cannot afford. Besides, this is only a collision. If you want to construct

It is even harder to create something with the same MD5 but different content. In terms of network security, if you want to construct a file

The same MD5, and the different content can run the trojan, that is more difficult to add!

There is no such thing as an absolute world. If one day is true, I mean, it may be tomorrow, and you suddenly find that there are more machines in your house.

31 CPUs and 7 GB of memory are added. What are you waiting for? Forge MD5 and create a backdoor.

You targeted the System File lsass.exe and detected that its MD5 value is

41919b8c4b96079ec210d1bf269ee39d. Then you open notepad and write a rootkit: LSASS. rootkit.

Note: The Key to writing rootkit in Windows notepad is that you must save it as. rootkit.

If you save the file as .txt, the rootkit written by many people cannot run in text format. This is the reason.

Okay. Let's compare the two items.

In this way, the rootkit has been written, because the MD5 value is the same as that of the System File lsass.exe, which makes the check more difficult.

Similarly, if you write a backdoor as a popular program, such as WinRAR, BT, icesword, and other software

For everybody to download, the MD5 value is the same, and that's more than Wahaha ..

After talking a lot of nonsense, I am now on the topic. If this happens one day, I dream of a reinforcement.

Verification Method.

I will not elaborate on the process of thinking. It is nothing more than brushing your teeth, washing your face, lying in bed, and coming up with something in the room.

Let's talk about this conjecture in detail.

We can append a verification file to lsass.exe and then combine them to check their MD5 values.

Even if you can construct the same MD5 rootkit as the system file, even if you can forge a verification file with the same MD5,

However, it is impossible to forge the MD5 value obtained from the verification file + lsass.exe, Wahaha ..

I guess you can pass the test. Let's test it :)

View

Someone can't wait to throw the cold water at this moment, allyesno sb. dream of it can also come up with MD5 to strengthen verification, childish!

I admit that I am Sb, but I am an elegant Sb!

From this test, we can draw a conclusion that two files with the same MD5 and the same file are appended respectively,

Although the MD5 values of these two files have changed, they will still be the same as those of both parties!

If I give up on this, the so-called hacker spirit will be gone (Note: I am not a hacker, I am a cainiao)

The so-called color wolf is to insert small JJ into the earth, and then rape the whole earth, the so-called Hacker is to hacked by XXX

Paste it in the reply to the Baidu Post Bar, and the whole Internet is hacked -_-!!!

I thought about it with my brain, timeline, and brain stem. I did another test. Let's see :)

The key is to use copy/B to combine the sequence and posture of the two? Who then? Who is there? Under whom? Very important!

Summary:
Reference:

When copy/B lsass.exe + md5check LSASS. rootkit + md5check is used, LSASS. MD5 LSASS. rootkit. MD5 is obtained. The MD5 values of the two will remain the same. When copy/B md5check1_lsass.exe md5check + LSASS. rootkit is used to obtain LSASS. MD5 LSASS. rootkit. MD5 The MD5 values of the two are not the same.

Reference:

This method can be used to verify the MD5 of a file, without fear of being forged. For specific applications, an additional verification file md5check and three MD5 values should be provided for files downloaded to others. The MD5 value of the downloaded file is used to verify the MD5 value of the file and the MD5 value after the combination of the two

If it is a system file, you can also follow the same method. Fortunately, the system files are not large, although many, but write programs to traverse. I can see it very quickly.

It's okay. Well, YY is done. If it's true that MD5 can be forged at will, I think MD5 has been

Instead of md6, 7, 8, and 9, you don't need to verify it in this way. ^_^

Postscript: I usually send the article to the Phantom Brigade and the security focus. A reporter asked me if you first sent the article to the Phantom or to the anjiao.

I sent it at the same time. The reporter said it was impossible. There must be a first, a second, and a second. I said, "You asked this question very unfriendly.

It's a bit cool, and it's still a little difficult for Chinese media to pick up. You make me unhappy. I think what you asked

This is a bit of a sense of separation, very unfriendly, sorry, I'm a little rough, because I'm not happy, you ask

Problem. Because you make me unhappy, I must make you unhappy, this is my way of life. I don't think you can make a bad media,

Only one good media can be created. This is what I do. As for you, I have no such question as whether you are happy or not.

I am. You don't want to hire me. I am very friendly. If you want to hire me, I will make you unhappy ." Relax just a joke ^_^

PS: Let's talk about all the things mentioned in this Article. Let's test them. More criticism. More advice.

To add two:
Iamidler: sha1 + MD5. In fact, this method is also proposed after Wang Xiaoyun's collision.
In addition, I add: use RAR compression and then verify that the MD5 data content is different. The MD5 is naturally different. Haha, but the RAR method is not safe. I just want to know why there are two situations.

Attachment: md5advanced.rar [required0Community meta download]
This file has been downloaded 18 times.