Custom Hash Collision - AHS512 [HackTheBoo CTF 2022]
This challenge asks me to find a second string that hashes to the same thing as "pumpkin_spice_latte!" using this custom hash algorithm, AHS512. On analysis, AHS512 is just mixing up the input before passing it to SHA512. I'll find a logic error in how it is doing the mixing that allows for hash collisions, and on submitting that, get the flag.
☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf
[00:00] Introduction
[00:30] Connecting to the docker
[01:18] server.py overview
[02:39] Analysis of AHS512 class
[05:16] Adding print statements to look at function outputs
[07:14] f-string debug prints
[07:40] Printing bytes as binary strings
[09:07] Analyzing how the rotate function changes the bits
[11:22] Looking at a character that results in a high bit, 'p'
[12:30] Strategy for causing a collision
[13:27] Example with 'u'
[15:09] Building string that will collide with original
[16:00] Getting dummy flag on local server
[16:39] Getting real flag
[16:50] Summary
Watch video Custom Hash Collision - AHS512 [HackTheBoo CTF 2022] online without registration, duration hours minute second in high quality. This video was added by user 0xdf 06 November 2022, don't forget to share it with your friends and acquaintances, it has been viewed on our site 731 once and liked it 32 people.