Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

MD5 sum - how to run on downloaded file

Posted on 2016-08-03
13
Medium Priority
?
92 Views
Last Modified: 2016-08-03
I downloaded a JavaScript file from a vendor's site. The email contained a long hex code called an MD5 sum.
e.g. They said:
Important: verify the md5 sum we have computed before using:
00351e49b26963291e0264f6a52286b2

From what I understand, this sum represents a "fingerprint" that is computed from the source code file before it's downloaded. Now, I need to run the file that I downloaded to my PC through (for lack of a better word) and MD5 generator to confirm the download was OK. In other words, this generator should spit out the same hex code.

What is the best way to do the above? (Ideally, the software would be free. :) )

Thanks!
Steve
0
Comment
Question by:Stephen Kairys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
13 Comments
 
LVL 9

Expert Comment

by:James Bilous
ID: 41740942
Are you on linux or windows?
0
 
LVL 4

Author Comment

by:Stephen Kairys
ID: 41740966
James,
On Windows. (Win10). Thanks!
0
 
LVL 9

Expert Comment

by:James Bilous
ID: 41740968
Here's a free command line tool provided by Microsoft to verify MD5's:

https://www.microsoft.com/en-us/download/details.aspx?id=11533
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 4

Author Comment

by:Stephen Kairys
ID: 41740986
James,
Thank you. This tool looks promising per my needs; however, I am concerned that the supported versions stop before Win7. In fact, the release date of the tool seems to predate the release date of Win8, which I think (don't hold me to it), was October, 2012.

Microsoft MD5 tool info
Will I be OK with Win10, or should we look for a tool (either from Microsoft or otherwise) that is supported for Win10?

Thanks,
Steve
0
 
LVL 9

Accepted Solution

by:
James Bilous earned 1400 total points
ID: 41741005
Ah sorry, forgot  about that requirement. In that case you can probably just use CertUtil which is built into Windows 10. Run it like this:

C:\> CertUtil -hashfile your/path/file.js MD5

Open in new window

1
 
LVL 4

Author Comment

by:Stephen Kairys
ID: 41741053
@James, no worries. :)

I tried the utility, but the resultant MD5 code differs from what the vendor provided, even discounting the embedded spaces added by CertUtil.

Vendor: 4e0968786313dec27558fdc5241ea0dd
CertUtil: 35 32 26 82 8c 14 0d 7a c5 89 74 19 f1 96 96 63

This issue occurred with two different downloads, five days apart, so I doubt seriously that two separate downloads would have been corrupted. In fact, I ran a file compare (using EXAMDIFF) on them, and the only delta was per a comment containing the file date. If there was corruption, I'd imagine there'd be numerous deltas...

Maybe there's some parameter I need to feed to CertUtil?

Thanks!
0
 
LVL 9

Expert Comment

by:James Bilous
ID: 41741085
Metadata can change on a file which, when compared using diff on the file content itself, can show no differences but vastly different checksums. Are you certain that md5 is for the exact file you downloaded? There's no possibility that the vendor provided md5 has changed?

There are no other parameters in md5, it is a very specific algorithm. There are of course other algorithms that CertUtil can run such as SHA(256, 512, etc etc), but from the look of your original post the vendor has been explicit about the checksum being md5.
0
 
LVL 4

Author Comment

by:Stephen Kairys
ID: 41741091
I may have to contact the vendor then.

But, I'm curious: how can two files show "no differences but vastly different checksums".  I would think that two identical files, when run through the same algorithm that produces an MD5 sum would always return the same sum....what am I missing? :)
0
 
LVL 9

Expert Comment

by:James Bilous
ID: 41741122
Files are not just what you see when you open them up. There is "metadata" that is associated with them, or "data about the data", that may include things like creation date, author, organization, revisions dates, etc, visible only through property inspection. For example, if you right click the file in question, click properties and go over to the "details" tab, you'll see all the metadata associated with the file. Changing this will change the overall checksum of the file, since it is an encryption of every single byte associated with the payload, not just the content visible to someone in a text editor, for example.
0
 
LVL 14

Assisted Solution

by:Schnell Solutions
Schnell Solutions earned 600 total points
ID: 41741139
Stephen, can you please send us the link of the download file and where they have their MD5 information to make a test?
2
 
LVL 4

Author Comment

by:Stephen Kairys
ID: 41741238
Problem solved!

I should have mentioned that the downloaded file is a ZIP file containing the JS file. i assumed the MD5 sum provided in the email applied to the .JS file; however, it applied to the ZIP file! :) Once I ran CERTUTIL on the ZIP file for two different instances, the sum appears to be fine.
 
Thank you, everyone!  I realized this "flaw in my process" when starting to write a response to SchnellSolutions per to download the file. Working with both of you helped me brainstorm this issue.

Points coming shortly!
0
 
LVL 4

Author Closing Comment

by:Stephen Kairys
ID: 41741244
@James,
Thank you again for educating me about the CertUtil Utility. I'm sure i'll have use for it again.

@Schnell - Your sensible offer of trying the download is what led my brain to find the solution, so you earned points as well! :) Thanks!

Great collaboration, both of you!

Steve
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41741264
Great :)

Thanks for the feedback
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question