The image in this tweet displays its own MD5 hash.
You can download and hash it yourself, and it should still match - 1337e2ef42b9bee8de06a4d223a51337
I think this is the first PNG/MD5 hashquine.
Trick I want to see: a document in a conventional format (such as PDF) which mentions its own MD5 or SHA1 hash in the text and is right
This was particularly tricky to make work because the image data in a PNG needs to have a valid adler32 checksum, *and* a valid crc32 checksum.
Each hex digit "pixel" needed its own colliding block, generated with UniColl. There are 448 of them, taking over 24h to compute.
The adler32 checksum was collided to a chosen value using 48 FastColl collisions, with a meet-in-the-middle technique.
After the adler32, the crc32 was collided similarly, using another 48 FastColl blocks.
As the name suggests FastColl is fast, and this part only took ~minutes.
Here's a behind-the-scenes look at what the collision data looks like. You can't see the garbage pixels in the final image because I used a clever palette.
Right column is the main set of UniColl collisions, and the lower edge is the adler32 FastColl blocks.
Reverse Engineering, cryptography, exploits, hardware, file formats, and generally giving computers a hard time. Occasional CTF player. Fedi: @retr0id@retr0.id