Project of AEREZONA DEVELOPERS. Contact Us at: +92-300-3308001 email at: [email protected]
HomeTech NewsCybersecurityl+f: Monomorph - one MD5 hash for everything

l+f: Monomorph – one MD5 hash for everything

Published on

- Advertisement -

Some researchers rely on MD5 hashes to identify malware. An exploit developer provides a tool that always packs shellcode with the same hash.

The IT security researcher and exploit developer David Buchanan has developed the Monomorph tool, which converts any compressed shell code up to four kbytes in size into a 4 MByte file. And it always has the same MD5 hash. Buchanan explains his motivation: “Some people still insist on using MD5 to reference file samples. For various reasons that don’t make sense to me.” If any of these people ended up analyzing code packaged with Monomorph, they would eventually become very confused.

MD5-Monomorph is available as an open source project on GitHub. While previous examples used a single MD5 collision to produce the same hash for a “good” and a “bad” application, the “MD5-Monomorphic Shellcode Packer” takes the concept to the next level.

- Advertisement -

Buchanan explains how the python script works as follows: For each bit to be coded, he precalculated a colliding MD5 block with the FastColl tool. Each collision creates a pair of blocks that can be swapped without changing the overall MD5 hash. The loader checks which block was chosen at runtime to decode the bit. Therefore, Monomorph needs 4*1024*8 collisions for 4 kbytes of data, adding up to 4 Mbytes in the output file.

Due to the precalculated MD5 blocks, Monomorph is very fast when encoding shellcode into an executable file. The software that has so far only run under 64-bit x86 Linux always delivers the MD5 value 3cebbe60d91ce760409bbe513593e401 return. Porting to other platforms should be easy, but generate a different (but always the same) MD5 checksum there.

- Advertisement -

Latest articles

Xbox Game Pass in December 2022: See which games enter and leave the catalog

We have reached the last month of 2022, but subscription platforms still have a...

Brave already has ads, preserving privacy, in its search engine

Brave is an organization that develops privacy-by-design products, and is now launching the global...

More like this