I need to edit some cfg files for an application, but the thing is the application wont start if I do since it must match. I dont have the sources of the application.
I guess if the hash doesnt match the hash of the exe, it exits.
Could you bypass this somehow?
Does a file exist having your desired settings and with the same hash? possibly
Will you be able to find it? Almost certainly not
Actually, there is a way:
while(hash of malicious config file does not match original)
{
make random, non-functional change to malicious config file.
}
This might take a while.
With cretain hash algorithms, you can append data to the end of a file (if an xml file, say, inside comment tags). But its probably more trouble than its worth. E.g., http://www.schneier.com/blog/archives/2005/06/more_md5_collis.html
It's time to break out your disassembler and pull apart the application to get rid of the hash check I'm afraid. No other solution will do what you want in a timely manner.
This kind of validation is intentionally difficult to circumvent. Hashes generally work such that small changes in the input produce widely varied output. The check in this case is doing its duty, unfortunately for your situation.
Although in theory there are other inputs that hash to the same thing, they'll be very different from your input, not just a little different. Finding these inputs will also be as time-consuming and difficult as hacking encrypted data. So basically, no.
As some other posts have mentioned, if you are adventurous and life and death are at stake, you could disassemble the application binary and actually remove the machine language check for the hash. This is varsity-ninja work though.
If the program uses a good hash, it will be difficult to change without breaking the hash. Some applications use relatively poor hashes. It's relatively easy, for example, to edit a file without affecting a CRC-32 if you can afford to set 32 bits of the file to arbitrary values. Any idea what sort of hash function is used?