Binary Exploitation [pwnable.kr] - (Level 2) Collision
|Daddy told me about cool MD5 hash collision today. I wanna do something like that too!
Below is the source code of the challange which you will see on the server.
unsigned long hashcode = 0x21DD09EC;
#What are Hashes?
and why is there a collision between them, you might ask!
Hash are core elements of the modern digital signature. Input to a hash function is data for
which you want to create a signature for, and output is a unique fixed-sized signature.
This conversion of input data to signature is done by a special algorithm like MD5, SHA1,
SHA256, etc. output of these algorithms is called hash value or message digest.
Hash algorithm can be applied to any data/document or any size and its hash value can be
considered as the unique identification of that document, and in future, if anyone changes
the content of data/document the resulting hash value also change. Hashes are used in
block-chains, digital certificates, etc, to validate the integrity of the document issued.
Ideally, no two different sets of data/document should have the same hash value, that will result in the hash collision which is bad because then we can generate duplicate data/document of the same hash value, which make the hash value useless for integrity check.
This challenge uses one such over-simplified such hash algorithm and our task is to
provide an input that will result in hash value 0x21DD09EC, we have to generate
a hash collision.
The program takes one input parameter which is the data which will be hash and it
should be of fixed size 20 bytes. The hash algorithm converts the char pointer
to integer pointer which will transform 20 bytes into 5 integer data and then it
does the addition of those values. The result of this hashing should be 0x21DD09EC
to get the flag.
Plan one byte at a time. One way to visualize the input would that input is 5 groups of 4 bytes.
The first byte of each group will affect the first byte of the resultant hash second byte of
each group will affect the second byte, so on and so forth.
To give a hex input you need to do command-line fu, the following command will be the solution
to the challenge.
echo -e "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\xe8\x05\xd9\x1d"
This challenge is to give you a peek of how hashes are created and how to manipulate them
to create a collision.