Mr Heelis
Reputation: 2546
Can a PHP file reflectively know the hash of itself?
I have a requirement to see if a file has been altered - is it possible to have a hash "know" what the hash is after the hash and then insert it into the code?
I guess what I am talking about is rather odd, but it may be possible by creating deliberate collisions.
Here is a pseudo code
EG:
FILE1)#
_______
|<?php
| require("someRequire.php");
| checkThisFilesHashEquals(originPathName,"QJFOQOFJEQWOFHWEGHWG");
|
and therefore FILE1 itself's hash is "QJFOQOFJEQWOFHWEGHWG" because checkThisFilesHashEquals(originPathName) does in fact check that the hash of originPathName does in fact equal "QJFOQOFJEQWOFHWEGHWG"
Has anyone heard of anyone doing this? Using collisions to somehow self hash a file?
Upvotes: 0
Views: 92
Answers (1)
Scott Arciszewski
Reputation: 34103
PoC || GTFO 14 contains its own MD5 hash, and demonstrates the code necessary to pull off such a feat.
Upvotes: 1
Related Questions
- PHP - Hash contents of uploaded file
- Create your own hash in PHP?
- PHP - How safe/strong is this hashing?
- How does hash_file work in PHP for password protected files?
- PHP : Decrypt password from hash
- Is PHP's hash_file streaming internally?
- How to check if file hash has changed with php
- hashing file in custom pattern
- Hashing Salting
- Programatically changing hash of a file without corrupting it