Custom Hash Collision - AHS512 [HackTheBoo CTF 2022]
This challenge asks me to find a second string that hashes to the same thing as "pumpkin_spice_latte!" using this custom hash algorithm, AHS512. On analysis, AHS512 is just mixing up the input before passing it to SHA512. I'll find a logic error in how it is doing the mixing that allows for hash collisions, and on submitting that, get the flag.
☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf
[00:00] Introduction
[00:30] Connecting to the docker
[01:18] server.py overview
[02:39] Analysis of AHS512 class
[05:16] Adding print statements to look at function outputs
[07:14] f-string debug prints
[07:40] Printing bytes as binary strings
[09:07] Analyzing how the rotate function changes the bits
[11:22] Looking at a character that results in a high bit, 'p'
[12:30] Strategy for causing a collision
[13:27] Example with 'u'
[15:09] Building string that will collide with original
[16:00] Getting dummy flag on local server
[16:39] Getting real flag
[16:50] Summary
Смотрите видео Custom Hash Collision - AHS512 [HackTheBoo CTF 2022] онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь 0xdf 06 Ноябрь 2022, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 731 раз и оно понравилось 32 людям.