Re: incorrect md5sums on PuTTY file
From: Simon Tatham (anakin_at_pobox.com)
Date: 11 Aug 2004 14:00:22 +0100 (BST)
> slrn <email@example.com> wrote:
>> I can upload or send you the file with the
>> wrong checksums for investigation if prefer.
Simon Tatham <firstname.lastname@example.org> wrote:
> That sounds like a good idea. I'd prefer it if you could send me a
> URL rather than mailing me a large file.
[one e-mail exchange involving download details later]
Thanks; I've now got a file which has the md5sum you quote.
It turns out that it differs from the uncorrupted PuTTY 0.55
installer in exactly two byte positions:
- the byte at position 0x7BEE8 has changed from 0x85 to 0x3E
- the byte at position 0xAE6CE has changed from 0xF4 to 0x3E
If you can reverse those changes using a hex editor of some sort,
you should be able to reconstruct a valid 0.55 installer which
passes the md5sum test, at which point it will probably install OK!
Nothing obvious springs to mind as a cause of this sort of thing,
though. I'd expect malicious binary modification to be more
extensive (so as to include enough code to do something
interesting), and I'd also expect it to avoid tripping the
installer's own integrity check.
The only thing that springs to mind is that in both of the above
cases, the byte in question has been turned into a `>' character,
and in _both cases_ the following byte is a `<' character. I'm
therefore slightly tempted to wonder if an HTML-aware browser is
trying to be clever in some really weird way.
What browser did you use to download it? Is it consistently
corrupted in exactly the same way no matter how many times you try?
Does downloading via FTP, or from a mirror site, give the same
-- Simon Tatham "I thought I'd put my foot so far into my mouth I <email@example.com> wouldn't be able to sit down without standing up."