saelo/phpcoll.c

## phpcoll.c
/*
 * Find php md5 collisions (var_dump(md5('240610708') == md5('QNKCDZO'));)
 *
 * gcc -Ofast -std=c99 -lcrypto -o phpcoll phpcoll.c
 *
 * Copyright (c) 2015 Samuel Groß
 */

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/md5.h>

size_t hashcount = 0;

inline int check(unsigned char* md)
{
    if (md[0] == 0x0e) {
        for (int i = 1; i < 16; i++) {
            unsigned char hn = md[i] >> 4;
            unsigned char ln = md[i] & 0xf;
            if (hn >= 0xa || ln >= 0xa) {
                return 0;
            }
        }
        return 1;
    }
    return 0;
}

int main(int argc, char** argv)
{
    unsigned char md[16];

    if (argc < 2) {
        printf("Usage: %s prefix", argv[0]);
        return 0;
    }

    size_t length = strlen(argv[1]);
    char* data = calloc(1, length + 1024);
    if (!data) {
        printf("calloc failed");
        return -1;
    }
    strcpy(data, argv[1]);

    char* ptr = data + length;
    size_t curlength = length + 1;
    *ptr = 0x2f;

    while (1) {
        if (*ptr == 0x7e) {
            char* curr = ptr;
            while (*++curr == 0x7e) {
                if (curr - ptr >= 1024) {
                    puts("wat");
                    return -1;
                }
            }

            memset(ptr, 0x30, curr - ptr);
            if (*curr == 0x0) {
                *curr = 0x30;
                curlength++;
            } else {
                *curr = *curr + 1;
            }
        } else {
            *ptr = *ptr + 1;
        }

        MD5_CTX md5ctx;
        MD5_Init(&md5ctx);
        MD5_Update(&md5ctx, data, curlength);
        MD5_Final(md, &md5ctx);

        hashcount++;

        if (check(md)) {
            puts(data);
            printf("tried %lu hashes\n", hashcount);
            return 0;
        }
    }

    return 0;
}
	/*
	* Find php md5 collisions (var_dump(md5('240610708') == md5('QNKCDZO'));)
	*
	* gcc -Ofast -std=c99 -lcrypto -o phpcoll phpcoll.c
	*
	* Copyright (c) 2015 Samuel Groß
	*/

	#include <stdio.h>
	#include <unistd.h>
	#include <stdlib.h>
	#include <string.h>
	#include <openssl/md5.h>

	size_t hashcount = 0;

	inline int check(unsigned char* md)
	{
	if (md[0] == 0x0e) {
	for (int i = 1; i < 16; i++) {
	unsigned char hn = md[i] >> 4;
	unsigned char ln = md[i] & 0xf;
	if (hn >= 0xa \|\| ln >= 0xa) {
	return 0;
	}
	}
	return 1;
	}
	return 0;
	}

	int main(int argc, char** argv)
	{
	unsigned char md[16];

	if (argc < 2) {
	printf("Usage: %s prefix", argv[0]);
	return 0;
	}

	size_t length = strlen(argv[1]);
	char* data = calloc(1, length + 1024);
	if (!data) {
	printf("calloc failed");
	return -1;
	}
	strcpy(data, argv[1]);

	char* ptr = data + length;
	size_t curlength = length + 1;
	*ptr = 0x2f;

	while (1) {
	if (*ptr == 0x7e) {
	char* curr = ptr;
	while (*++curr == 0x7e) {
	if (curr - ptr >= 1024) {
	puts("wat");
	return -1;
	}
	}

	memset(ptr, 0x30, curr - ptr);
	if (*curr == 0x0) {
	*curr = 0x30;
	curlength++;
	} else {
	curr = curr + 1;
	}
	} else {
	ptr = ptr + 1;
	}

	MD5_CTX md5ctx;
	MD5_Init(&md5ctx);
	MD5_Update(&md5ctx, data, curlength);
	MD5_Final(md, &md5ctx);

	hashcount++;

	if (check(md)) {
	puts(data);
	printf("tried %lu hashes\n", hashcount);
	return 0;
	}
	}

	return 0;
	}