Verifying file integrity by hashing with md5 and sha1 is todays topic. Downloading files poses risks, even when we know where they are being downloaded from. You can be sure they have not been tampered with or corrupted by verifying the hash provided by the author. This post and accompanying YouTube video will show you how to easily calculate the hash in Windows or Linux.
Calculating the hash in Linux
Calculating hashes in Linux is really easy since the utilities are installed by default on most distributions. Lets begin by creating a file with abcd1234 as it’s content. Now calculate the md5 hash by typing the following command:
md5sum test.txtAnd you should get back this:
9ff1a0c82d7268b89aeeb112c7f9250b test.txtSo far so good, we have calculated the md5 hash of the file. This hash is dependent on everything in the file, change one character and it will be totally different. Lets try it, edit the file and add the letter g to the end and rerun the hash calculation, you now get:
0673c410e689ae89e3f0559b4c6bca25 test.txtNow take it back out and do the md5sum again, you should get the original value:
9ff1a0c82d7268b89aeeb112c7f9250b test.txtWhich we do, but what if we add a space to the end? Lets see:
e8a102fb5ae9648412cfb853c0a8d408 test.txtYep a space is a character so it’s different. So based on that test how hard would it be for a miscreant to add a space to a piece of malware so it’s md5 hash would not show up on VirusTotal? Pretty darn easy. To calculate a sha1 hash just replace md5sum with sha1sum, or to do sha256 use sha256sum, and to do sha512, you got it sha512sum.
Calculating the hash in Windows
Windows is just as easy as Linux but we have to install the utility before we start. To check the hash you need Microsoft’s FCIV (File Checksum Integrity Verifier) utility. Download it from Microsoft and install it by first creating a FCIV directory then let it extract the files there. Open powershell and cd to the FCIV directory and execute the following (use a file that is in your downloads directory):
./fciv.exe -md5 -sha1 c:\Users\your-user-name\Downloads\putty-64bit-0.70-installer.msiAnd it should produce a result that looks something like this:
PS C:\Users\eda\FCIV> ./fciv.exe -md5 -sha1 C:\Users\eda\Downloads\putty-64bit-0.70-installer.msi
//
// File Checksum Integrity Verifier version 2.05.
//
MD5 SHA-1
-------------------------------------------------------------------------
983d8c71dd6eeed78012112b85734318 bc42729dc6f5c1089febbe139e2af09db9f0736d c:\users\eda\downloads\putty-64bit-0.70-installer.msiNow you have the tools to check md5 and sha(x) checksums for all the files you download or malware you encounter.
If you have questions feel free to ask them in the comments below. I hope you enjoyed this blog post and the accompanying video, if you did please take a moment and give it a like also consider subscribing to my YouTube channel. I enjoy doing tutorials and how-to’s on cyber security topics and as long as they are popular I’ll keep doing them.
References
- SSH, The Secure Shell: The Definitive Guide
- Vi and Vim Editors Pocket Reference
- Computer Forensics: Incident Response Essentials
- Microsoft Support FCIV
Some of the links we provide on the site are affiliate links and your use of that link provides this site with needed funding to provide this free content; and we greatly appreciate it! Without your support we could not sustain the site.
See Ya
