We Keep Coding

Difference between md5sum created by c# and bash [duplicate]

This question already has an answer here:
bash, md5sum behaves strange
(1 answer)
Closed 2 years ago.
I'm trying understand why when i use a linux md5sum function, like this:
#!/bin/bash
p="4c4712a4141d261ec0ca8f90379"
Etime="123456"
TOTP=$(echo $Etime$p|md5sum|cut -f1 -d' ')
echo $TOTP
I've got: ce007ddfb5eb0ccda6d4a6ddd631c563
But when i trying generate md5sum in c# using this code:
public static string Hash()
{
string p = "4c4712a4141d261ec0ca8f90379";
string Etime = "123456";
string h = Etime + p ;
string r = md5test(h);
return r;
}
public static string md5test(string testString)
{
byte[] asciiBytes = ASCIIEncoding.UTF8.GetBytes(testString);
byte[] hashedBytes = MD5CryptoServiceProvider.Create().ComputeHash(asciiBytes);
string hashedString = BitConverter.ToString(hashedBytes).Replace("-", "").ToLower();
return hashedString;
}
I've got different value: acb6242ab9ad7a969fb27f10644a0283
I think the problem is in conversion bytes to string, but i'm not sure.
Does anyone could explain where i make mistake or how to do to have expected value:ce007ddfb5eb0ccda6d4a6ddd631c563
Thanks
Wojtek

The problem is the newline at the end of the output of echo. Use echo -n or printf instead:
TOTP=$(printf %s "$Etime$p" | md5sum | cut -f1 -d' ')

I rewritten the bash part of you test:
printf '1234564c4712a4141d261ec0ca8f90379' | md5sum
# prints: acb6242ab9ad7a969fb27f10644a0283 -
printf '1234564c4712a4141d261ec0ca8f90379\n' | md5sum
# prints: ce007ddfb5eb0ccda6d4a6ddd631c563 -
The difference is, that echo append a new line character. A solution is to use echo with option -n: echo -n .... A better solution is, to use printf instead of echo: printf %s%s' "$Etime" "$p"

Trying to replicate a Hash example in C#

I'm trying to consume an API and for that purpose I have to create a signature using SHA384. The docs describe doing:
signature = hex(HMAC_SHA384(base64(payload), key=api_secret))
They give an example:
~$ base64 << EOF
> {
> "request": "/v1/order/status",
> "nonce": 123456,
>
> "order_id": 18834
> }
> EOF
ewogICAgInJlcXVlc3QiOiAiL3YxL29yZGVyL3N0YXR1cyIsCiAgICAibm9uY2UiOiAxMjM0NTYs
CgogICAgIm9yZGVyX2lkIjogMTg4MzQKfQo=
In this example, the api_secret is 1234abcd
echo -n 'ewogICAgInJlcXVlc3QiOiAiL3YxL29yZGVyL3N0YXR1cyIsCiAgICAibm9uY2UiOiAxMjM0NTYsCgogICAgIm9yZGVyX2lkIjogMTg4MzQKfQo=' | openssl sha384 -hmac "1234abcd"
(stdin)= 337cc8b4ea692cfe65b4a85fcc9f042b2e3f702ac956fd098d600ab15705775017beae402be773ceee10719ff70d710f
It took a little while, but I realized that in order to replicate the base64 of the original string I had to replace "\r\n" with "\n".
Here's what I've got (ignoring the formatting that I wasted 20 minutes trying to make good):
var raw = #"{
""request"": ""/v1/order/status"",
""nonce"": 123456,
""order_id"": 18834
}
";
var data = raw.Replace("\r\n", "\n");
Console.WriteLine(data);
var data64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(data.ToCharArray()));
if (data64 != "ewogICAgInJlcXVlc3QiOiAiL3YxL29yZGVyL3N0YXR1cyIsCiAgICAibm9uY2UiOiAxMjM0NTYsCgogICAgIm9yZGVyX2lkIjogMTg4MzQKfQo=")
{
Console.WriteLine("base64's don't match");
}
Console.WriteLine("ewogICAgInJlcXVlc3QiOiAiL3YxL29yZGVyL3N0YXR1cyIsCiAgICAibm9uY2UiOiAxMjM0NTYsCgogICAgIm9yZGVyX2lkIjogMTg4MzQKfQo=");
Console.WriteLine(data64);
var key = Encoding.UTF8.GetBytes("1234abcd");
using (var hash = new HMACSHA384(key))
{
var hash64 = Convert.ToBase64String(hash.ComputeHash(Encoding.UTF8.GetBytes(data64)));
StringBuilder sb = new StringBuilder();
foreach (char c in hash64)
{
sb.Append(Convert.ToInt32(c).ToString("x"));
}
Console.WriteLine(sb.ToString());
// yields:
// 4d337a49744f70704c50356c744b68667a4a38454b79342f6343724a5676304a6a57414b7356634664314158767135414b2b647a7a753451635a2f3344584550
// should be:
// 337cc8b4ea692cfe65b4a85fcc9f042b2e3f702ac956fd098d600ab15705775017beae402be773ceee10719ff70d710f
}
My code's output doesn't match the documentation's expected output. Can someone see what I'm doing wrong?

For some reason you are converting hash to base-64 string, then you convert each character of that string to int and that you convert to hex. All that is not needed and not described in "documentation". Instead, do like this:
var hashBin = hash.ComputeHash(Encoding.UTF8.GetBytes(data64));
var hashHex = BitConverter.ToString(hashBin).Replace("-", "").ToLowerInvariant();
Console.WriteLine(hashHex);

Deserialize a SecureString saved as text in C#

PowerShell can store a value securely in a file:
PS > Read-Host 'Enter password' -AsSecureString | ConvertFrom-SecureString | Out-File ~\Desktop\SerializedSecurePassword.txt
How does one deserialize the value stored in the text into a System.Security.SecureString in a C# application?
string path = #"C:\\Users\\<user>\\Desktop\\SerializedSecurePassword.txt";
string contents = File.ReadAllText(path);
System.Security.SecureString SecurePassword = ?;

Converting C# code to php encoding issue

I try to replicate this C# code in php to get the same output(I cannot change c# code only php).And here I'm stuck
public static string HashData(string textToBeEncripted)
{
//Convert the string to a byte array
Byte[] byteDataToHash = System.Text.Encoding.Unicode.GetBytes(textToBeEncripted);
//Compute the MD5 hash algorithm
Byte[] byteHashValue = new System.Security.Cryptography.MD5CryptoServiceProvider().ComputeHash(byteDataToHash);
return System.Text.Encoding.Unicode.GetString(byteHashValue);
}
The php code that I have made till now looks like this
$a = "test";
$a = mb_convert_encoding($a, "UTF-16LE");
$a = md5($a,true);
$a = unpack('C*', $a);
var_dump($a);
//with the output
array(16) { [1]=> int(200) [2]=> int(5) [3]=> int(158) [4]=> int(46) [5]=> int(199) [6]=> int(65) [7]=> int(159) [8]=> int(89) [9]=> int(14) [10]=> int(121) [11]=> int(215) [12]=> int(241) [13]=> int(183) [14]=> int(116) [15]=> int(191) [16]=> int(230) }
As you can see the output is the same as in the C# code
But I'm stuck at the function System.Text.Encoding.Unicode.GetString().How to replicate this in php?Or there is a easier way to get the same output?(I cannot change the C# code sorry)
Edit: Based on Vasiliy Zverev answers since the php hash is different a little bit.I end up making aproximating the hash value of php with the C# hash
function validare_parola($parola,$dbHash){
$parola = mb_convert_encoding($parola, "UTF-16LE");
$parola = md5($parola, true);
$parola = mb_convert_encoding($parola, "UCS-2BE", "UCS-2LE");
$parola = bin2hex($parola);
$procent;
similar_text($dbHash,$parola,$procent);
if($procent>=90){
return true;
}else{
return false;
}
}
$parola = "testa";
$dbHash = "10095018710be2bcbbf9bba3f9d91ce8";
if(validare_parola($parola,$dbHash)){
echo 'PASSWORD CORRECT.You can log in.';
}else{
echo 'INCORRECT PASSWORD.Try again.';
}
As a side note don't use md5 for passwords use php password hashing api
Edit2: I ended up using Vasiliy Zverev solution.
Edit3: For the value "111111" there is different output in php...
Edit4: Vasily Zverev updated his solution and now is working as expected

The solution, updated:
$a = "SF0D9G9SGGF0gdsfg976590";
$a = mb_convert_encoding($a, "UTF-16LE");
$a = md5($a, true);
$res = '';
for($i=0; $i<16; $i+=2) {
// System.Text.Encoding.Unicode.GetString(byteHashValue) replaces invalid characters to 0xfffd ('я')
// while PHP to 0x003d ('?') or empty string. So replace them like C# does
$a2 = mb_convert_encoding($a[$i].$a[$i+1], "UTF-16LE","UTF-16LE"); // check if this is invalid UTF-16 character
if(strlen($a2)==0 || $a[$i]!=$a2[0]) {
// replace invalid UTF-16 character with C# like
$v = 0xfffd;
}
else {
// prepare a word (UTF-16 character)
$v = ord($a[$i+1])<<8 | ord($a[$i]);
}
// print each word without leading zeros as C# code does
$res .= sprintf("%x",$v);
}
echo($res);

Removed this variant because it was wrong. See correct code above.

.NET md5 doesn't equal md5sum.exe on unix

So I have an issue with comparing MD5 sums of the same text using the same techniques. I am using .NET MD5 tools and Unix's md5sum.exe program.
Here's my .NET code:
public void Test()
{
string str1 = "testline1";
string str2 = "testline2";
StringBuilder sb = new StringBuilder();
sb.Append(str1);
sb.Append(Constants.vbLf);
sb.Append(str2);
string hash = GetMD5Hash(sb.ToString());
//hash = 4fb435ffb8e071151c3411dd3a922460
}
public string GetMD5Hash(string text)
{
byte[] hash;
using (MD5 md5 = MD5.Create())
{
hash = md5.ComputeHash(Encoding.UTF8.GetBytes(text));
}
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
sb.Append(hash[i].ToString("x2"));
}
return sb.ToString();
}
I have a server running a unix based OS which has md5sum.exe on it. On my server I have a file which is simply:
testline1
testline2
Let's say the file is named testFile.txt
I have tried running multiple variations of md5sum to see if I can get these values to equal to no avail.
$md5sum testFile.txt //22f877bcf8985a0f038a5b70086b955d
$echo -n $(cat testFile.txt) | md5sum //1e192bb9877cc2f20e7010d499c0a306
$echo -E $(cat testFile.txt) | md5sum //83b6873b79ca36952eb58ea05083c02e
$unix2dos testFile.txt //converting file to dos just in case line endings are issue
$md5sum testFile.txt //d302436fa25c7faaab75ceca1f1df16d
$echo -n $(cat testFile.txt) | md5sum //94f0c8f7e9820cb6eda9e911ee21b2a8
$echo -E $(cat testFile.txt) | md5sum //f39452a70621ed225057073e86f17858
I have worked at this for hours and cannot seem to get these MD5 to match. Any ideas?

Your testFile.txt has a newline at the end of the second line, whereas your .NET code is not putting a newline at the end of the second line. If you run your file through xxd, you'll be able to see the extra newline that's tripping you up.

This is probably due to the different line-breaks on each OS.
See here for how to convert one of those files to match the other's line breaks, and I bet your checksums will then match: http://en.wikipedia.org/wiki/Newline#Conversion_utilities

echo -n "root" | md5sum
The problem is newline, when to get the result in terminal, if you don't use -n, the result is wrong.
-n do not output the trailing newline