MD5 checksum problem
-
Hi all. I have two functions to generate MD5 checksum of a file. The problem is that when I am computing checksum of some files, then sometime both functions are generating same hashvalue for same file but for some files both functions are generating different values. The functions I am using are below : function 1
Public Function GetMD5(ByVal file As String) As String
Dim md5 As MD5CryptoServiceProvider = New MD5CryptoServiceProvider
Dim f As FileStream = New FileStream(file, FileMode.Open, FileAccess.Read, FileShare.Read, 8192)
md5.ComputeHash(f)
Dim hash As Byte() = md5.Hash
f.Close()
Dim buff As StringBuilder = New StringBuilder
Dim hashByte As Byte
For Each hashByte In hash
buff.Append(String.Format("{0:X1}", hashByte))
Next
Return buff.ToString()
End Functionfunction 2
Public function DoChecksum(ByVal file As String) as string
Dim csp As New MD5CryptoServiceProvider() Try Dim stm As FileStream = New FileStream(file, FileMode.Open, FileAccess.Read, FileShare.Read, 8192) Dim hash As Byte() = csp.ComputeHash(stm) stm.Close() Dim computed As String = BitConverter.ToString(hash).Replace("-", "")return computed
End functionTell me where is the problem. Is there any problem in writing code or anything else. Also suggest me how could I verify that file is modified or not by MD5 checksum. Thanks. Gagan
-
Hi all. I have two functions to generate MD5 checksum of a file. The problem is that when I am computing checksum of some files, then sometime both functions are generating same hashvalue for same file but for some files both functions are generating different values. The functions I am using are below : function 1
Public Function GetMD5(ByVal file As String) As String
Dim md5 As MD5CryptoServiceProvider = New MD5CryptoServiceProvider
Dim f As FileStream = New FileStream(file, FileMode.Open, FileAccess.Read, FileShare.Read, 8192)
md5.ComputeHash(f)
Dim hash As Byte() = md5.Hash
f.Close()
Dim buff As StringBuilder = New StringBuilder
Dim hashByte As Byte
For Each hashByte In hash
buff.Append(String.Format("{0:X1}", hashByte))
Next
Return buff.ToString()
End Functionfunction 2
Public function DoChecksum(ByVal file As String) as string
Dim csp As New MD5CryptoServiceProvider() Try Dim stm As FileStream = New FileStream(file, FileMode.Open, FileAccess.Read, FileShare.Read, 8192) Dim hash As Byte() = csp.ComputeHash(stm) stm.Close() Dim computed As String = BitConverter.ToString(hash).Replace("-", "")return computed
End functionTell me where is the problem. Is there any problem in writing code or anything else. Also suggest me how could I verify that file is modified or not by MD5 checksum. Thanks. Gagan
I think thats your problem:
buff.Append(String.Format("{0:X1}", hashByte))
{0:X1} means that all values between 0 and 15 are only display as 1 hex char while 16 - 255 are displayed with 2 hex chars. But
BitConverter.ToString(hash).Replace("-", "")
always uses 2 hex chars for every value between 0 and 255. Change {0:X1} to {0:X2} and it should work.
Greetings Covean
-
I think thats your problem:
buff.Append(String.Format("{0:X1}", hashByte))
{0:X1} means that all values between 0 and 15 are only display as 1 hex char while 16 - 255 are displayed with 2 hex chars. But
BitConverter.ToString(hash).Replace("-", "")
always uses 2 hex chars for every value between 0 and 255. Change {0:X1} to {0:X2} and it should work.
Greetings Covean
-
Thanks, it worked. Suggest me what should I do to verify that a file has modified by its hashvalue. Thanks. Gagan
-
Thanks, it worked. Suggest me what should I do to verify that a file has modified by its hashvalue. Thanks. Gagan
I do not exactly understand what you mean. To verify if some file was modified, I would compare the now new computed hash value with the one of a previous computed hash value (for example at creation time of the file). To compare these 2 values you could to a string or byte array compare. Is this the answer you were looking for?
Greetings Covean
-
I do not exactly understand what you mean. To verify if some file was modified, I would compare the now new computed hash value with the one of a previous computed hash value (for example at creation time of the file). To compare these 2 values you could to a string or byte array compare. Is this the answer you were looking for?
Greetings Covean
Actually I want to check whether file is modified,infected or corrupted by some viruses or malascious programs. Since you all told to compare hashvalues with previous computed one, I have no hashvalue at previous time. So if you have any idea to do so suggest me.. Thanks. Gagan
-
Actually I want to check whether file is modified,infected or corrupted by some viruses or malascious programs. Since you all told to compare hashvalues with previous computed one, I have no hashvalue at previous time. So if you have any idea to do so suggest me.. Thanks. Gagan
-
Actually I want to check whether file is modified,infected or corrupted by some viruses or malascious programs. Since you all told to compare hashvalues with previous computed one, I have no hashvalue at previous time. So if you have any idea to do so suggest me.. Thanks. Gagan
If you don't know the hash value of the uncorrupted version of this file, then you will not be able to check for some file corruption. In a good anti-virus-software there are many ways to reach this goal (in general they combine the following steps): 1. (very simple) Check the last-modified property of the file. 2. Do a first scan of all files and store the hash value of these files, after that the software can check if the file was modified. 3. Scan the file data for some known virus-signatures (short byte sequences extracted from an infected file/virus). 4. Do a heuristic file scan.
Greetings Covean
-
If you don't know the hash value of the uncorrupted version of this file, then you will not be able to check for some file corruption. In a good anti-virus-software there are many ways to reach this goal (in general they combine the following steps): 1. (very simple) Check the last-modified property of the file. 2. Do a first scan of all files and store the hash value of these files, after that the software can check if the file was modified. 3. Scan the file data for some known virus-signatures (short byte sequences extracted from an infected file/virus). 4. Do a heuristic file scan.
Greetings Covean
Thanks for your help. I got what I wanted. But I have still some doubts. As you suggested the approach, I have confusin in (3) Scan the file data for some known virus-signatures (short byte sequences extracted from an infected file/virus). Could you explain this??
-
Thanks for your help. I got what I wanted. But I have still some doubts. As you suggested the approach, I have confusin in (3) Scan the file data for some known virus-signatures (short byte sequences extracted from an infected file/virus). Could you explain this??
For example this is the signature of EICAR-testvirus/testfile.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
If you insert this string in a file (for ex. in a textfile), every anti-virus program should find an infection of this file! (but its not dangerous in any way) See this wikipedia article. This quote I found somewhere in the net: "A virus signature is an unique string of bits, or the binary pattern, of a virus. The virus signature is like a fingerprint in that it can be used to detect and identify specific viruses. Anti-virus software uses the virus signature to scan for the presence of malicious code."
Greetings Covean
-
Actually I want to check whether file is modified,infected or corrupted by some viruses or malascious programs. Since you all told to compare hashvalues with previous computed one, I have no hashvalue at previous time. So if you have any idea to do so suggest me.. Thanks. Gagan
These questions have been asked and answered a week ago, see here[^]. :|
Luc Pattyn [Forum Guidelines] [Why QA sucks] [My Articles]
I only read code that is properly formatted, adding PRE tags is the easiest way to obtain that.
[The QA section does it automatically now, I hope we soon get it on regular forums as well]