NahamCon CTF 2024 Walkthrough: Not Quite The Same
This challenge is a fun one in the Miscellaneous category. This is a great example about how these challenges can introduce topics that may not be part of a conventional learning path in schools or certifications.
Okay so MD5 hashes and .png files as well as "colliding with greatness". Let's take a look at the website so we can get a good understanding of what's going on.
Okay so it definitely to look at two .png files and look at the hash. Judging by the title of the challenge and the instructions, it likely wants the same hash. Let's just try using the same PNG file.
Okay, that doesn't work. Let's try using hash collision. Hash Collision is when two pieces of data provide the same hash. In simple terms, think of a hash function as a machine that takes any input, like a name or a number, and spits out a unique-looking code. Ideally, every unique input should get a unique code. However, sometimes two different inputs end up with the same code. This situation is called a hash collision.
We can generate our own hash collision using tools like HashClash (https://github.com/cr-marcstevens/hashclash), or we can just use premade images online. Credit to corkami on Github (https://github.com/corkami/collisions/blob/master/examples/free/README.md)
Grab md5-1.png and md5-2.png and throw them in.
With that, we have the flag and can move on. This exercise highlights the practical implications of hash collisions and how they can create vulnerabilities in systems that rely on hash functions for security. Through this challenge, we gain a deeper understanding of the importance of choosing robust cryptographic functions and the potential pitfalls of weaker ones like MD5.