Jump to content
Sign in to follow this  

SHA256 and Sha512

Recommended Posts


Interesting discussion though.

UDF List:

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post

Link to post
Share on other sites

Much sensationalism here. Little practical results.

Drifting away from SHA-1 is understandable but still not a hurry in most use cases.

Avoiding NSA-compromised PRNG is certainly a bit more urgent, let it be only for showing they did the wrong move (again).


Speaking of Collisions... Impersonation (Much Sensationalism)

Here is an example you can taste....

17/09/2013 14:43:36


Date   : 01/08/2013

Size   : 1114112

Version: 6.1.7601.18229

MD5    : 365A5034093AD9E04F433046C4CDF6AB

SHA1   : 7244AE695F8E5A730857781635ACB2969F15C594

and another even better:

17/09/2013 14:48:13


Date   : 01/08/2013

Size   : 274944

Version: 6.1.7601.18229

MD5    : 1B7343C3765638D4D17CB925F84F8ABE

SHA1   : B001F04386EBE09DDAC86297FA7B18AF37ABAFFF

This is how you test...

First checks the MD5   Here: https://www.virustotal.com/en/#search

Then check the SHA-1 same way but in another window...

Then compare all the signatures.... and Poof Impersonation discovered!

Not sensationalism... simple hack by highly funded and technically adept professionals...

They can spoof almost anything... but there is a catchf!

They cant spoof the two in tandem!

They can spoof the MD5 or the Sha-1 but not both...

So get vigilant and do some comparission and you will identify all off their attempts many will blow your mind!

Once you identify the impersonation, you then simply use the target to reverse engineer and aquire the code, method etc...

You can use this tool to find the impersonations Advanced Process Analysis and Identification System

(It's what I use: https://hermes-computers.ca//apais_1.php )

oh... and yes I wrote it, and it's in Autoit!


Edited by MindlessGenius

Share this post

Link to post
Share on other sites

Look: czardas himself admitted volontarily that even his use of SHA-1 would be overkill in his use case. That's true for still many everyday use cases. Targets are simply not worth the effort, as -- as you say : "simple hack by highly funded and technically adept professionals..."

You know that people in charge of protecting really valuableor sensitive data have been using other hashes, or combination of distinct hashes for very long time.

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this