Thread: It's not so difficult to produce two md5-collided exe files
View Single Post
  #4  
Old 12-14-2015, 12:09
BlackWhite BlackWhite is offline
Friend
  
Join Date: Apr 2013
Posts: 85
Rept. Given: 4
Rept. Rcvd 14 Times in 6 Posts
Thanks Given: 14
Thanks Rcvd at 56 Times in 25 Posts
BlackWhite Reputation: 14
Quote:
Originally Posted by Kerlingen View Post
I don't really get it. In order to produce two EXE with identical MD5, the two EXE must be identical before appending the overlay. This way it's not possible to produce one fraudulent EXE with the same MD5 as the original EXE.

You can only append different random data producing the same MD5, but this cannot influence the execution of the EXE since it doesn't rely on that information in it's unmodified state (the overlay is not present in the unmodified state).
1. You may take func1() as exe1, and func2() as exe2

2. Though md5_1 & md5_2 seem random and their values rely on the
compiled exe file, yet there are rules in the variation according to Wang's
theory, and you can rely on the difference of one bit located at some position say byte 0x13 bit 7
between md5_1 & md5_2 to control the execution of func1() or func2().
Reply With Quote