• Natanael@slrpnk.net
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      It’s using a combination of multicollision attacks against MD5 and sequences of groups of alternate blocks of data representing the alphabet encoded in a way compatible with the file format.

      It’s basically <[a+random]/[b+random]/[c+random]…> * (length of message). The random data is crafted by the attack tool so each block has the exact same effect on the MD5 hashing algorithm as it processes each block. You need to decide how many variable blocks you need and where and their encoding in advance. You encode the blocks so the randomness isn’t visible in the final rendered file.

      When you have that prepped, you compute the final hash, then at each block position you select the block representing the letter you want (and its associated random data). So then you can select letters matching the actual file hash value.

      It only works against hash functions with practical multicollision attacks. Doesn’t work on SHA256 and newer hashes.