Follow us on Twitter!
Don't judge the unknown - Grindordie
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 19
Guests Online: 19
Members Online: 0

Registered Members: 82815
Newest Member: medjiking
Latest Articles
View Thread

HellBound Hackers | Computer General | Cryptography

Author

MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-07-07 18:12
Okay....
so this is a thread i remember from years ago on HTS... so if you remember it, you know i didnt steal the idea...just thought it was a fun discussion...

the challenge is, or rather question since we never decided if it was possible:

create a text file with the text:
My MD5 Check Sum is: <checksum>
where <checksum> is the actual md5 checksum...

so, thoughts? is it possible? if so, do it.

I personally do not think it is. the md5 of md5 would not come about to be itself, tho perhaps the md5 could come out like the end.... not sure


Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-07-07 18:37
Its certainly possible with CRC. There has been some work done on MD5 collisions which allow files of the same MD5 to be created... not read it in depth though so not sure how applicable it is here.

Interesting discussion.
Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-07-07 18:43
FaTaL_PrIdE wrote:
Its certainly possible with CRC. There has been some work done on MD5 collisions which allow files of the same MD5 to be created... not read it in depth though so not sure how applicable it is here.

Interesting discussion.


Yeah you can create files with same checksum... But can you predict whether "The checksum of this file is x" will have a checksum of x


Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-07-07 18:51
i'd be interested to find a use for this. and i'd love to see the method for creating such a file


Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-07-07 19:33
Heh, I remember this on HTS too :)
Theoretically it is possible, but not feasible. I also don't see how it could be done except for brute forcing, but then I'm no expert on the md5, or any other, hashing algorithm.

Effectively you need to find a collision such that
md5("My MD5 Check Sum is: $string") == $string




Edited by on 23-07-07 19:33
Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-07-07 19:53
i may code an app to find it.....just out of interest. that really....what is the use?


Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-07-07 20:03
hmm, wouldn't it have to be more like...
Code
md5("My MD5 Check Sum is: md5($string)) == md5($string)



and then cycle through every possibility of $string? makes sense to me at least.


Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-07-07 20:04
xtrmsk8r91 wrote:
hmm, wouldn't it have to be more like...
Code
md5("My MD5 Check Sum is: md5($string)) == md5($string)



and then cycle through every possibility of $string? makes sense to me at least.

Nope, the string is already an md5 hash


Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-07-07 20:27
ah ok that makes sense.

I'd be interested to see if anyone comes up with this, maybe I'll even write a script myself.


Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-07-07 20:28
im working on one atm



Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-07-07 20:53
Code

<?php

$1 = array("a", "b", "c", "d", "e", "f", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9");
$2 = $1;
$3 = $1;
$4 = $1;
$5 = $1;
$6 = $1;
$7 = $1;
$8 = $1;
$9 = $1;
$10 = $1;
$11 = $1;
$12 = $1;
$13 = $1;
$14 = $1;
$15 = $1;
$16 = $1;
$17 = $1;
$18 = $1;
$19 = $1;
$20 = $1;
$21 = $1;
$22 = $1;
$23 = $1;
$24 = $1;
$25 = $1;
$26 = $1;
$27 = $1;
$28 = $1;
$29 = $1;
$30 = $1;
$31 = $1;
$32 = $1;
foreach ($1 as $1s) {
foreach ($2 as $2s) {
foreach ($3 as $3s) {
foreach ($4 as $4s) {
foreach ($5 as $5s) {
foreach ($6 as $6s) {
foreach ($7 as $7s) {
foreach ($8 as $8s) {
foreach ($9 as $9s) {
foreach ($10 as $10s) {
foreach ($11 as $11s) {
foreach ($12 as $12s) {
foreach ($13 as $13s) {
foreach ($14 as $14s) {
foreach ($15 as $15s) {
foreach ($16 as $16s) {
foreach ($17 as $17s) {
foreach ($18 as $18s) {
foreach ($19 as $19s) {
foreach ($20 as $20s) {
foreach ($21 as $21s) {
foreach ($22 as $22s) {
foreach ($23 as $23s) {
foreach ($24 as $24s) {
foreach ($25 as $25s) {
foreach ($26 as $26s) {
foreach ($27 as $27s) {
foreach ($28 as $28s) {
foreach ($29 as $29s) {
foreach ($30 as $30s) {
foreach ($31 as $31s) {
foreach ($32 as $32s) {
if (md5("My MD5 Check Sum is: " .$1s .$2s .$3s .$4s .$5s .$6s .$7s .$8s .$9s .$10s .$11s .$12s .$13s .$14s .$15s .$16s .$17s .$18s .$19s .$20s .$21s .$22s .$23s .$24s .$25s .$26s .$27s .$28s .$29s .$30s .$31s .$32s)==$1s .$2s .$3s .$4s .$5s .$6s .$7s .$8s .$9s .$10s .$11s .$12s .$13s .$14s .$15s .$16s .$17s .$18s .$19s .$20s .$21s .$22s .$23s .$24s .$25s .$26s .$27s .$28s .$29s .$30s .$31s .$32s) {
echo $1s .$2s .$3s .$4s .$5s .$6s .$7s .$8s .$9s .$10s .$11s .$12s .$13s .$14s .$15s .$16s .$17s .$18s .$19s .$20s .$21s .$22s .$23s .$24s .$25s .$26s .$27s .$28s .$29s .$30s .$31s .$32s;
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}

?>





There it is (I think), Who wants to run it first?

EDIT: you might want to add
ini_set("max_execution_time", 9999999999)
and rename the variables if you ever decided to run this.




Edited by on 24-07-07 19:07
Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-07-07 21:22
Or
Code

set_time_limit( 0 );





Run it from console, then you can kill the php process if needed.


Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-07-07 21:33
1. Use code tags
2. Else use pastebin
3. A brute forcer should not be made in PHP. It should be C (or a variant thereof) of ASM

what is the use?
There is no use. But since when has that been a reason to not do something?

atrcomb: You created several identical Arrays, instead create one and then copy it to other variables if need be.


Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-07-07 21:34
i personally wouldnt have even used arrays.


Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-07-07 16:58
i hate hbh's code tag but w/e

Also seeing as I am still learning C++ and haven't tried learning C, and ASM confuses the crap out of me, my only choice was my best language: php. It's one way to do it, there are plenty of others.

But all in all as you can see my opinion is that this is possible but not probable.


Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-07-07 17:19
Coding it in asm would be easy (fancy it kaksii? Pfft ) but the issue still remains that it is a 32 char brute force which is impossible on current hardware.

BTW I'm kinda surprised that no-one pointed out to the guy who wrote the php one that he only needs a-f and 0-9 (hex chars). g-z is just making it take even longer than it needs to.
Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-07-07 19:00
FaTaL_PrIdE wrote:
Coding it in asm would be easy (fancy it kaksii? Pfft ) but the issue still remains that it is a 32 char brute force which is impossible on current hardware.


can't say its impossible...you might be lucky...or you can just wait the thousands of years it takes...or wait for like processors with loads of cores in them
Author

RE: MD5 Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-07-07 09:41
Hence the reason I said on current hardware. The chances of you being 'lucky' here are remote.