Created
May 4, 2015 21:58
-
-
Save saelo/ff1f03ace4bd2f05614a to your computer and use it in GitHub Desktop.
Find php md5 collisions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Find php md5 collisions (var_dump(md5('240610708') == md5('QNKCDZO'));) | |
* | |
* gcc -Ofast -std=c99 -lcrypto -o phpcoll phpcoll.c | |
* | |
* Copyright (c) 2015 Samuel Groß | |
*/ | |
#include <stdio.h> | |
#include <unistd.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include <openssl/md5.h> | |
size_t hashcount = 0; | |
inline int check(unsigned char* md) | |
{ | |
if (md[0] == 0x0e) { | |
for (int i = 1; i < 16; i++) { | |
unsigned char hn = md[i] >> 4; | |
unsigned char ln = md[i] & 0xf; | |
if (hn >= 0xa || ln >= 0xa) { | |
return 0; | |
} | |
} | |
return 1; | |
} | |
return 0; | |
} | |
int main(int argc, char** argv) | |
{ | |
unsigned char md[16]; | |
if (argc < 2) { | |
printf("Usage: %s prefix", argv[0]); | |
return 0; | |
} | |
size_t length = strlen(argv[1]); | |
char* data = calloc(1, length + 1024); | |
if (!data) { | |
printf("calloc failed"); | |
return -1; | |
} | |
strcpy(data, argv[1]); | |
char* ptr = data + length; | |
size_t curlength = length + 1; | |
*ptr = 0x2f; | |
while (1) { | |
if (*ptr == 0x7e) { | |
char* curr = ptr; | |
while (*++curr == 0x7e) { | |
if (curr - ptr >= 1024) { | |
puts("wat"); | |
return -1; | |
} | |
} | |
memset(ptr, 0x30, curr - ptr); | |
if (*curr == 0x0) { | |
*curr = 0x30; | |
curlength++; | |
} else { | |
*curr = *curr + 1; | |
} | |
} else { | |
*ptr = *ptr + 1; | |
} | |
MD5_CTX md5ctx; | |
MD5_Init(&md5ctx); | |
MD5_Update(&md5ctx, data, curlength); | |
MD5_Final(md, &md5ctx); | |
hashcount++; | |
if (check(md)) { | |
puts(data); | |
printf("tried %lu hashes\n", hashcount); | |
return 0; | |
} | |
} | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment