Re: incorrect md5sums on PuTTY file

From: Simon Tatham (anakin_at_pobox.com)
Date: 08/11/04


Date: 11 Aug 2004 14:00:22 +0100 (BST)


> slrn <slrn@domain.invalid> wrote:
>> I can upload or send you the file with the
>> wrong checksums for investigation if prefer.

Simon Tatham <anakin@pobox.com> wrote:
> That sounds like a good idea. I'd prefer it if you could send me a
> URL rather than mailing me a large file.

[one e-mail exchange involving download details later]

Thanks; I've now got a file which has the md5sum you quote.

It turns out that it differs from the uncorrupted PuTTY 0.55
installer in exactly two byte positions:

 - the byte at position 0x7BEE8 has changed from 0x85 to 0x3E
 - the byte at position 0xAE6CE has changed from 0xF4 to 0x3E

If you can reverse those changes using a hex editor of some sort,
you should be able to reconstruct a valid 0.55 installer which
passes the md5sum test, at which point it will probably install OK!

Nothing obvious springs to mind as a cause of this sort of thing,
though. I'd expect malicious binary modification to be more
extensive (so as to include enough code to do something
interesting), and I'd also expect it to avoid tripping the
installer's own integrity check.

The only thing that springs to mind is that in both of the above
cases, the byte in question has been turned into a `>' character,
and in _both cases_ the following byte is a `<' character. I'm
therefore slightly tempted to wonder if an HTML-aware browser is
trying to be clever in some really weird way.

What browser did you use to download it? Is it consistently
corrupted in exactly the same way no matter how many times you try?
Does downloading via FTP, or from a mirror site, give the same
result?

Cheers,
Simon

-- 
Simon Tatham         "I thought I'd put my foot so far into my mouth I
<anakin@pobox.com>    wouldn't be able to sit down without standing up."


Relevant Pages

  • Re: Graphic converter query - transparency
    ... I was thinking of castle. ... make your installer available; an ftp site isn't a software installer in ... size of TeX has to do with anything. ... So you are saying that everything in that download is directly useful? ...
    (uk.comp.sys.mac)
  • Re: UNABLE TO CHECK FOR UPDATES ON THIS COMPUTER
    ... "Office Hotfix Installer encounter a problem..." ... i did download the windows installer cleanup utility w/o ... >There are some known issues with the Office Update site. ... >1) Use a utility to clean out the Windows Installer data, ...
    (microsoft.public.officeupdate)
  • Re: Problems downloading programs
    ... If I use the correct one the download window appears and depending on the ... mirror the download starts or not. ... > of the link in yours and as expected I saw a single character ... I checked the configuration and the toggle for "passive ftp" was already on. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: An alternative to Product Activation
    ... dongles will be regarded as a serious option by Codegear. ... Either the user could provide a username and password at the ... which is somehow embedded into the installer prior ... to download, or Codegear would generate them for you (probably the ...
    (borland.public.delphi.non-technical)
  • Solution for 646
    ... Before you install the update, click on the link on the page (cannot remember ... I have been trying to download updatees for widows vista. ... "Windows encountered an unknown error" error 646.any suggestions as what to ... that button then run or save the installer package then proceed to execute ...
    (microsoft.public.windowsupdate)