Thread Reader
David Buchanan

David Buchanan
@David3141593

Sep 23, 2022
7 tweets
Twitter

The image in this tweet displays its own MD5 hash. You can download and hash it yourself, and it should still match - 1337e2ef42b9bee8de06a4d223a51337 I think this is the first PNG/MD5 hashquine.

badidea šŸŖ

badidea šŸŖ
@0xabad1dea

Aug 09 13
View on Twitter
Trick I want to see: a document in a conventional format (such as PDF) which mentions its own MD5 or SHA1 hash in the text and is right
This was particularly tricky to make work because the image data in a PNG needs to have a valid adler32 checksum, *and* a valid crc32 checksum. Each hex digit "pixel" needed its own colliding block, generated with UniColl. There are 448 of them, taking over 24h to compute.
The adler32 checksum was collided to a chosen value using 48 FastColl collisions, with a meet-in-the-middle technique. After the adler32, the crc32 was collided similarly, using another 48 FastColl blocks. As the name suggests FastColl is fast, and this part only took ~minutes.
UniColl: github.com/corkami/collisā€¦ FastColl: github.com/brimstone/fastā€¦
Contribute to brimstone/fastcoll development by creating an account on GitHub.
github.com/brimstone/fastā€¦
GitHub - brimstone/fastcoll
See also: a GIF hashquine twitter.com/__spq__/statusā€¦
spq

spq
@__spq__

Mar 06 17
View on Twitter
played around with this a bit, here is an animated gif displaying its md5sum: shells.aachen.ccc.de/~spq/md5.gif
Here's a behind-the-scenes look at what the collision data looks like. You can't see the garbage pixels in the final image because I used a clever palette. Right column is the main set of UniColl collisions, and the lower edge is the adler32 FastColl blocks.
More hashquine goodies: twitter.com/angealbertini/ā€¦
Ange

Ange
@angealbertini

Sep 23 22
View on Twitter
ICYDK the issue 0x14 of PoC or GTFO has articles about PostScript, GIF, PDF and NES (code) hashquines by @greg, @spq , @Mako, @Evan Sultanik and @Evan Teran. github.com/angea/pocorgtfā€¦ The issue itself is a PDF/NES hashquine.
a "Proof of Concept or GTFO" mirror with an extensive index with also whole issues or individual articles as clean PDFs. - GitHub - angea/pocorgtfo: a "Proof of Concept o...
github.com/angea/pocorgtfā€¦
GitHub - angea/pocorgtfo: a "Proof of Concept or GTFO" mirror with an extensive index with also...
David Buchanan

David Buchanan

@David3141593
Reverse Engineering, cryptography, exploits, hardware, file formats, and generally giving computers a hard time. Occasional CTF player. Fedi: @retr0id@retr0.id
Follow on Twitter
twitter-thread.com/t/1573218394358386688
Missing some tweets in this thread? Or failed to load images or videos? You can try to .