An open API service indexing awesome lists of open source software.

https://github.com/fyxme/crc-32-hash-collider

CRC-32 collision finder
https://github.com/fyxme/crc-32-hash-collider

brute-force bruteforce collision crc-32 crc32 go golang

Last synced: 2 months ago
JSON representation

CRC-32 collision finder

Awesome Lists containing this project

README

        

# CRC-32 hash collider

CRC-32 collision finder

[CRC-32 algorithm](https://en.wikipedia.org/wiki/Cyclic_redundancy_check#CRC-32_algorithm) outputs a 32-bit unsigned value and therefore can be easily bruteforced to find hash collisions.

This code uses the IEEE polynomial, however can be easily modified to other polynomials.

Written because I was looking for a tool to generate CRC-32 collisions during a CTF but couldn't find any at the time...

*After learning more about CRC-32, I've come to realise that there are faster ways to find collisions and reverse the output value. Since CRC-32 is not a cryptographic hash function, there are mathematical ways to reverse the hash value to a valid input. For more information, see the following tool: [crc32](https://github.com/theonlypwner/crc32).*

## Usage

To use this tool, simply modify the crc-32 target value and run:

```bash
go run collide.go
```

## Example

Looking to find a collision for CRC-32 value: -432570933

_Note: old python versions generated signed integers and therefore allowed negative CRC-32 values_

```golang
// target CRC-32
// & 0xffffffff is to convert to uint
// required since old python versions allowed negative values to be produced
// hence its needed if you want to find a collision for a "negative" crc hash value
const target = -432570933 & 0xffffffff

// max string length
maxLen := 5
```

Running it produces the following output:
```
$ go run collide.go
Collision found: 4iSg@
```

Which can be verified using `ipython`:
```
In [1]: import binascii
In [2]: print(binascii.crc32("4iSg@"))
-432570933
```