https://github.com/fyxme/crc-32-hash-collider
CRC-32 collision finder
https://github.com/fyxme/crc-32-hash-collider
brute-force bruteforce collision crc-32 crc32 go golang
Last synced: 2 months ago
JSON representation
CRC-32 collision finder
- Host: GitHub
- URL: https://github.com/fyxme/crc-32-hash-collider
- Owner: fyxme
- Created: 2021-07-08T14:05:50.000Z (almost 4 years ago)
- Default Branch: master
- Last Pushed: 2024-10-10T20:13:44.000Z (8 months ago)
- Last Synced: 2025-04-14T23:05:49.876Z (2 months ago)
- Topics: brute-force, bruteforce, collision, crc-32, crc32, go, golang
- Language: Go
- Homepage:
- Size: 2.93 KB
- Stars: 8
- Watchers: 1
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CRC-32 hash collider
CRC-32 collision finder
[CRC-32 algorithm](https://en.wikipedia.org/wiki/Cyclic_redundancy_check#CRC-32_algorithm) outputs a 32-bit unsigned value and therefore can be easily bruteforced to find hash collisions.
This code uses the IEEE polynomial, however can be easily modified to other polynomials.
Written because I was looking for a tool to generate CRC-32 collisions during a CTF but couldn't find any at the time...
*After learning more about CRC-32, I've come to realise that there are faster ways to find collisions and reverse the output value. Since CRC-32 is not a cryptographic hash function, there are mathematical ways to reverse the hash value to a valid input. For more information, see the following tool: [crc32](https://github.com/theonlypwner/crc32).*
## Usage
To use this tool, simply modify the crc-32 target value and run:
```bash
go run collide.go
```
## Example
Looking to find a collision for CRC-32 value: -432570933
_Note: old python versions generated signed integers and therefore allowed negative CRC-32 values_
```golang
// target CRC-32
// & 0xffffffff is to convert to uint
// required since old python versions allowed negative values to be produced
// hence its needed if you want to find a collision for a "negative" crc hash value
const target = -432570933 & 0xffffffff
// max string length
maxLen := 5
```
Running it produces the following output:
```
$ go run collide.go
Collision found: 4iSg@
```
Which can be verified using `ipython`:
```
In [1]: import binascii
In [2]: print(binascii.crc32("4iSg@"))
-432570933
```