Is it possible to modify a file without changing its hash value_问答_开发者

Is it possible to modify a file without changing its hash value

开发者 https://www.devze.com 2023-01-09 16:44 出处：网络

I need to edit some cfg files for an applicat开发者_Go百科ion, but the thing is the application wont start if I do since it must match. I dont have the sources of the application.

I guess if the hash doesnt match the hash of the exe, it exits.

Could you bypass this somehow?

Actually, there is a way:

while(hash of malicious config file does not match original)
{
  make random, non-functional change to malicious config file.
}

This might take a while.

With cretain hash algorithms, you can append data to the end of a file (if an xml file, say, inside comment tags). But its probably more trouble than its worth. E.g., http://www.schneier.com/blog/archives/2005/06/more_md5_collis.html

If the program uses a good hash, it will be difficult to change without breaking the hash. Some applications use relatively poor hashes. It's relatively easy, for example, to edit a file without affecting a CRC-32 if you can afford to set 32 bits of the file to arbitrary values. Any idea what sort of hash function is used?

You can have the app quit checking, but no, there is no way to duplicate a crypto hash of an existing file. That's the point.

Does a file exist having your desired settings and with the same hash? possibly

Will you be able to find it? Almost certainly not

It's time to break out your disassembler and pull apart the application to get rid of the hash check I'm afraid. No other solution will do what you want in a timely manner.

This kind of validation is intentionally difficult to circumvent. Hashes generally work such that small changes in the input produce widely varied output. The check in this case is doing its duty, unfortunately for your situation.

Although in theory there are other inputs that hash to the same thing, they'll be very different from your input, not just a little different. Finding these inputs will also be as time-consuming and difficult as hacking encrypted data. So basically, no.

As some other posts have mentioned, if you are adventurous and life and death are at stake, you could disassemble the application binary and actually remove the machine language check for the hash. This is varsity-ninja work though.