i'm trying to solve a challenge where i have faced a problem that is related to md5 hash collision . here is the php code :
if ($_GET['param1'] !== $_GET['param2']) {
if (md5($_GET['param1']) === md5($_GET['param2'])) {
die($flag);
}
}
i have found multiple hash collison examples . but they do not produce the same hash!
these are two strings that are supposed to produce this hash : 79054025255fb1a26e4bc422aef54eb4
string1=
d131dd02c5e6eec4 693d9a0698aff95c 2fcab58712467eab 4004583eb8fb7f89
55ad340609f4b302 83e488832571415a 085125e8f7cdc99f d91dbdf280373c5b
d8823e3156348f5b ae6dacd436c919c6 dd53e2b487da03fd 02396306d248cda0
e99f33420f577ee8 ce54b67080a80d1e c69821bcb6a88393 96f9652b6ff72a70
string2 =
d131dd02c5e6eec4 693d9a0698aff95c 2fcab50712467eab 4004583eb8fb7f89
55ad340609f4b302 83e4888325f1415a 085125e8f7cdc99f d91dbd7280373c5b
d8823e3156348f5b ae6dacd436c919c6 dd53e23487da03fd 02396306d248cda0
e99f33420f577ee8 ce54b67080280d1e c69821bcb6a88393 96f965ab6ff72a70
but when i check the hashes in this code below they don't have the collision problem:
<?php
$code1="d131dd02c5e6eec4 693d9a0698aff95c 2fcab58712467eab 4004583eb8fb7f89 55ad340609f4b302 83e488832571415a 085125e8f7cdc99f d91dbdf280373c5b d8823e3156348f5b ae6dacd436c919c6 dd53e2b487da03fd 02396306d248cda0 e99f33420f577ee8 ce54b67080a80d1e c69821bcb6a88393 96f9652b6ff72a70";
$code2="d131dd02c5e6eec4 693d9a0698aff95c 2fcab50712467eab 4004583eb8fb7f89 55ad340609f4b302 83e4888325f1415a 085125e8f7cdc99f d91dbd7280373c5b d8823e3156348f5b ae6dacd436c919c6 dd53e23487da03fd 02396306d248cda0 e99f33420f577ee8 ce54b67080280d1e c69821bcb6a88393 96f965ab6ff72a70";
echo $code1;
echo "\n";
echo $code2;
echo "\n";
echo md5($code1);
echo"\n";
echo md5($code2);
echo"\n";
if(md5($code1) === md5($code2)){
print("hash collision\n");
}
else{
print("not equal");
}
?>
i'm getting not equal .
i know it probably has to do with the spaces in the string or the hexadecimal format of the strings ;
they dont produce the same hash in bash command echo -n "string" | md5sum
too . how can i create the collison in php code?
the strings are taken from the wikipedia page : https://en.wikipedia.org/wiki/MD5
you can run the php code online here : https://onecompiler.com/php/3zuqj997z
the two strings are related to md5 hash collision problem . but i'm not getting equal md5 hashes as supposed to.
Hash collisions typically happen in carefully crafted binary data, not in plain English letters strings. Sample data is an hexadecimal dump, and you're meant to generate a binary string from it:
$code1 = hex2bin(
"d131dd02c5e6eec4693d9a0698aff95c2fcab58712467eab4004583eb8fb7f8955ad340609f4b30283e488832571415a085125e8f7cdc99fd91dbdf280373c5bd8823e3156348f5bae6dacd436c919c6dd53e2b487da03fd02396306d248cda0e99f33420f577ee8ce54b67080a80d1ec69821bcb6a8839396f9652b6ff72a70"
);
$code2 = hex2bin(
"d131dd02c5e6eec4693d9a0698aff95c2fcab50712467eab4004583eb8fb7f8955ad340609f4b30283e4888325f1415a085125e8f7cdc99fd91dbd7280373c5bd8823e3156348f5bae6dacd436c919c6dd53e23487da03fd02396306d248cda0e99f33420f577ee8ce54b67080280d1ec69821bcb6a8839396f965ab6ff72a70"
);