Thread: It's not so difficult to produce two md5-collided exe files
View Single Post
  #12  
Old 12-15-2015, 09:05
BlackWhite BlackWhite is offline
Friend
  
Join Date: Apr 2013
Posts: 85
Rept. Given: 4
Rept. Rcvd 14 Times in 6 Posts
Thanks Given: 14
Thanks Rcvd at 56 Times in 25 Posts
BlackWhite Reputation: 14
Quote:
Originally Posted by Kerlingen View Post
The point is that you don't modify any existing code to a specific value, you just add some random data without any meaning while leaving the original EXE completely untouched.

This is just a normal collision of random data which has been done many times by many people and has nothing to do with EXE file. (and which cannot be used to create "bad" EXE files with the same hash as existing "good" EXE files)
Yes. No one can create a "bad" EXE with the same hash as the
existing "good" EXE if this "good" EXE is specified by others.

But if you craft that "good" EXE yourself, you can create a "bad" one,
and under some circumstances, you can defraud sb of a digital signature for
the "good" EXE and then apply to the "bad" one.

So my method is to some degrees concerned with EXE file. If you append
the collision data to a .doc file, it will not affect the contents of that
doc file, yet if you append the collision data to an exe, it can affect
the results of that exe.
Reply With Quote