phphashmd5md5sumhash-collision

why are these two supposed-to-produce-hash-collision-in-md5 strings are not producing the same hash in php?


i'm trying to solve a challenge where i have faced a problem that is related to md5 hash collision . here is the php code :

if ($_GET['param1'] !== $_GET['param2']) {
    if (md5($_GET['param1']) === md5($_GET['param2'])) {
        die($flag);
    }
}

i have found multiple hash collison examples . but they do not produce the same hash! these are two strings that are supposed to produce this hash : 79054025255fb1a26e4bc422aef54eb4 string1=

d131dd02c5e6eec4 693d9a0698aff95c 2fcab58712467eab 4004583eb8fb7f89
55ad340609f4b302 83e488832571415a 085125e8f7cdc99f d91dbdf280373c5b
d8823e3156348f5b ae6dacd436c919c6 dd53e2b487da03fd 02396306d248cda0
e99f33420f577ee8 ce54b67080a80d1e c69821bcb6a88393 96f9652b6ff72a70

string2 =

d131dd02c5e6eec4 693d9a0698aff95c 2fcab50712467eab 4004583eb8fb7f89
55ad340609f4b302 83e4888325f1415a 085125e8f7cdc99f d91dbd7280373c5b
d8823e3156348f5b ae6dacd436c919c6 dd53e23487da03fd 02396306d248cda0
e99f33420f577ee8 ce54b67080280d1e c69821bcb6a88393 96f965ab6ff72a70

but when i check the hashes in this code below they don't have the collision problem:

<?php
$code1="d131dd02c5e6eec4 693d9a0698aff95c 2fcab58712467eab 4004583eb8fb7f89 55ad340609f4b302 83e488832571415a 085125e8f7cdc99f d91dbdf280373c5b d8823e3156348f5b ae6dacd436c919c6 dd53e2b487da03fd 02396306d248cda0 e99f33420f577ee8 ce54b67080a80d1e c69821bcb6a88393 96f9652b6ff72a70";
$code2="d131dd02c5e6eec4 693d9a0698aff95c 2fcab50712467eab 4004583eb8fb7f89 55ad340609f4b302 83e4888325f1415a 085125e8f7cdc99f d91dbd7280373c5b d8823e3156348f5b ae6dacd436c919c6 dd53e23487da03fd 02396306d248cda0 e99f33420f577ee8 ce54b67080280d1e c69821bcb6a88393 96f965ab6ff72a70";
echo $code1;
echo "\n";
echo $code2;
echo "\n";
echo md5($code1);
echo"\n";
echo md5($code2);
echo"\n";
if(md5($code1) === md5($code2)){
  
  print("hash collision\n");
}
else{
  print("not equal");
}

?>

i'm getting not equal . i know it probably has to do with the spaces in the string or the hexadecimal format of the strings ; they dont produce the same hash in bash command echo -n "string" | md5sum too . how can i create the collison in php code? the strings are taken from the wikipedia page : https://en.wikipedia.org/wiki/MD5 you can run the php code online here : https://onecompiler.com/php/3zuqj997z

the two strings are related to md5 hash collision problem . but i'm not getting equal md5 hashes as supposed to.


Solution

  • Hash collisions typically happen in carefully crafted binary data, not in plain English letters strings. Sample data is an hexadecimal dump, and you're meant to generate a binary string from it:

    $code1 = hex2bin(
        "d131dd02c5e6eec4693d9a0698aff95c2fcab58712467eab4004583eb8fb7f8955ad340609f4b30283e488832571415a085125e8f7cdc99fd91dbdf280373c5bd8823e3156348f5bae6dacd436c919c6dd53e2b487da03fd02396306d248cda0e99f33420f577ee8ce54b67080a80d1ec69821bcb6a8839396f9652b6ff72a70"
    );
    $code2 = hex2bin(
        "d131dd02c5e6eec4693d9a0698aff95c2fcab50712467eab4004583eb8fb7f8955ad340609f4b30283e4888325f1415a085125e8f7cdc99fd91dbd7280373c5bd8823e3156348f5bae6dacd436c919c6dd53e23487da03fd02396306d248cda0e99f33420f577ee8ce54b67080280d1ec69821bcb6a8839396f965ab6ff72a70"
    );
    

    Demo