Change Hash of a file for Security-Testing

IT-Security products very often rely on blacklisting based on hash-values of a file. In order to test those products, for example if the products promises to be hash/signature-less, that it can detect all kings of polymorphic threats or some other promise, it can be helpful to be able to change the hash of a file without changing to file too much.

In Windows this can be done using cmd or powershell:

echo "asdasdasd" >> file.exe

Using powershell (4.0 or higher) you can use "Get-FileHash .\file.exe -Algorithm MD5" to check the hash of the file:

Get-FileHash .\file.exe -Algorithm MD5
Get-FileHash .\file.exe -Algorithm SHA1
Get-FileHash .\file.exe -Algorithm SHA256
Get-FileHash .\file.exe -Algorithm SHA384
Get-FileHash .\file.exe -Algorithm SHA512
Most IT-Security products use MD5 hashing for their blacklisting purpose, some use SHA1 or SHA256 hashing.

To change the hash of the file:
PS C:\Users\Flo\Downloads> Get-FileHash .\KeePass-2.40-Setup.exe -Algorithm MD5

Algorithm Hash Path
--------- ---- ----
MD5 351D9EF64047F792AEE0520FFD27A78A C:\Users\...

PS C:\Users\Flo\Downloads> echo "HashAppend" >> .\KeePass-2.40-SetupTestHash.exe
PS C:\Users\Flo\Downloads> Get-FileHash .\KeePass-2.40-SetupTestHash.exe -Algorithm MD5
Algorithm Hash Path
--------- ---- ----
MD5 2A41BDF3C7498664998A97DBF6341F75 C:\Users\...
  -> Hash changed, executable still can be opened/used.

1 comment:

  1. how do you change hash using command prompt?

    ReplyDelete

Update proxmox 6.4.x to 7.x

Updating a proxmox system from version 6.4.x to 7.x using https://pve.proxmox.com/wiki/Upgrade_from_6.x_to_7.0 Proxmox VE 6.x is based on De...