Basic File Hashing Using Native Tools on Linux, OSX, and Windows 10

August 5, 2016 | Views: 5258

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Wikipedia defines a cryptographic hash as “a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size (a hash function) which is designed to also be one-way function, that is, a function which is infeasible to invert” (1). In fact, hashing is so cool that Wikipedia has a second page devoted to hashes (2). LOL, as they say.

Hashing is important because it provides a method of ensuring data integrity; that is, a verification that the data has not been either intentionally or unintentionally modified. Data can be a string of text (example: password storage), a file (example: linux .deb file), a whole hard-drive (example: think forensic analysis), etc.

If you download software off of the net for your computer, you have likely seen references to file “checksums”, which is another name for a hash that has been created. As an example, go to https://www.virtualbox.org/wiki/Linux_Downloads and down the page, you’ll notice both “sha256 checksum” and “md5 checksum”.

Clicking on one of these links gives you a page of the appropriate checksum for each files that can be downloaded. The purpose of these hashes is to verify that the file has not been modified during the download. Likewise, on a Debian based linux distribution, you can see the file hash for each package. For example, the command “lsof” allows a user to view what files are open on a running system. On my computer, ff I run in the terminal “apt-cache show lsof”, I get information about the install package including the hashes for that package needed to perform an integrity check during the installation:

MD5sum: 18176923b596154e9c8d52e433120d5a

SHA1: f7844751b7b7a50c686c2b967c48f65b36f19d40

SHA256: 26efd10a89588c18ad4d6ce9468ea0ab6e53030ace3270c939a9dae44906addd

So, how do we manually perform this check on various operating systems? Let’s take a look.

What I’ll do is to create a text file called “test_file.txt” using a text editor with the following text: “This is the data in my file.” (without the quotes). I will then copy this to each operating system.

 

Linux

(Note: I am using Debian 8.5 as confirmed by “cat /etc/debian_version”)

For md5 checksums, we open a terminal window, cd to the directory where our file is located, then type:

“md5sum test_file.txt” (without the quotes). I receive the checksum followed by the file name:

f0eac7ea373ec547cc3dee88a3c50a3a test_file.txt

Using sha, it is a bit more involved because sha has several different bit sizes to choose from. On my Debian box, I see that I have several different ones to choose from:

junkwerks@porky-pig:~$ ls -l /usr/bin/sha*

-rwxr-xr-x 1 root root 43592 Mar 14 2015 /usr/bin/sha1sum

-rwxr-xr-x 1 root root 51784 Mar 14 2015 /usr/bin/sha224sum

-rwxr-xr-x 1 root root 51784 Mar 14 2015 /usr/bin/sha256sum

-rwxr-xr-x 1 root root 55880 Mar 14 2015 /usr/bin/sha384sum

-rwxr-xr-x 1 root root 55880 Mar 14 2015 /usr/bin/sha512sum

-rwxr-xr-x 1 root root 9065 Jul 22 10:59 /usr/bin/shasum

What we see are different binaries for each variation of sha on my system. Sha1 is older and deprecated but might sometimes still be used. The shaXXXsum listings refer to sha2 bit size variations, and shasum is actually a Perl file that calls the binary files with use of the “-a”. For example:

junkwerks@porky-pig:~$ shasum -a 256 test_file.txt

50d23ac06e007c665c478304ecc32125fa24f6ffd2552a4d7ca5ca72faa40e8b test_file.txt

As always, do a “man” to see what else you can do (example: “man shasum”).

 

OSX

Not surprisingly, OSX is very similar in use from the command line as Linux. The biggest difference I see upfront is the more restricted bit sizes and the difference in the names.

pig-pig:~ junkwerks$ ls -l /usr/bin/sha*

-rwxr-xr-x 38 root wheel 811 Aug 22 2015 /usr/bin/shasum

-rwxr-xr-x 1 root wheel 8629 Aug 22 2015 /usr/bin/shasum5.16

-rwxr-xr-x 1 root wheel 8629 Aug 22 2015 /usr/bin/shasum5.18

No big deal. We still run it the same manner from the terminal window:

pig-pig:junkwerks$ md5 test_file.txt

MD5 (test_file.txt) = f0eac7ea373ec547cc3dee88a3c50a3a

and

pig-pig:junkwerks$ shasum -a 256 test_file.txt

50d23ac06e007c665c478304ecc32125fa24f6ffd2552a4d7ca5ca72faa40e8b test_file.txt

 

Window 10

Obviously, things will be different here, although Win10 has a new Linux based command line, but I have not tried that yet. What has been around for a while though is PowerShell, and we can use it to do out hashing.

There are other downloadable freeware programs out there, but one must become proficient in command lines in this business, even on Windows (believe it or not).

Note: the command get-filehash is only available in PowerShell V4 and up.

So here’s how we do it. Open up a powershell (ps) terminal. In the ps window, type the following:

“get-help get-filehash”

Like man on the *nix examples before, here you’ll see the basic usage of the get-filehash command. Notice also, the various hash types and bit sizes. So here we go:

PS C:Usersjunkwerks.localDesktop> Get-FileHash -Algorithm MD5 test_file.txt

 

Algorithm Hash Path

——— —- —-

MD5 F0EAC7EA373EC547CC3DEE88A3C50A3A C:Usersjunkwerks.localtest_file.txt

and

PS C:Usersjunkwerks.localDesktop> Get-FileHash -Algorithm SHA256 test_file.txt

 

Algorithm Hash Path

——— —- —-

SHA256 50D23AC06E007C665C478304ECC32125FA24F6FFD2552A4D7CA5CA72FAA40E8B C:Usersjunkwerks.localtest_file.txt

 

Time to Play

1) Change the file name and re-hash the file. Did the hash change?

2) Open the file with a text editor, change 1 character, then save the file and re-hash it. Did the hash change?

 

Up next, we’ll do a quick review of uses for cryptographic hashing.

Happy hashing!


References

1. Online. Retrieved August 1, 2016. https://en.wikipedia.org/wiki/Cryptographic_hash_function

2. Online Retrieved August 2, 2016. https://en.wikipedia.org/wiki/Hash_function

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
4 Comments
  1. Awesome Read!

  2. thank you so much!

  3. Nice~ Keep it up!!~

  4. Loved this. Good article.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel