Skip to content

Instantly share code, notes, and snippets.

@angea

angea/mycar.sh

Last active December 21, 2024 07:41
Show Gist options
  • Save angea/e07d697e1365645d9a134df01531a67c to your computer and use it in GitHub Desktop.
Save angea/e07d697e1365645d9a134df01531a67c to your computer and use it in GitHub Desktop.
Download ZIP
Generate an EICAR CRC collision
Raw
mycar.sh
#!/bin/bash
# Generate an EICAR CRC collision
# Albertini Stevens 2024
echo -n 'AAAAAA<=EICAR CRC collision? Use Shake128/Kangaroo12/Blake3 instead!' > text
#sha256sum text
#xxd text
#echo
cat text | crchack -b 0.0:+.8*6:1 -b 0.1:+.8*6:1 -b 0.2:+.8*6:1 -b 0.3:+.8*6:1 -b 0.4:+.8*6:1 -b 0.5:+.8*6:1 - 6851cf3c > mycar
sha256sum mycar
xxd mycar
echo
touch -t 202412281445.00 mycar
zip -0Xll mycar.zip mycar
unzip -v mycar.zip
echo
sha256sum mycar.zip
xxd mycar.zip
exit
Expected output w/ PoCs contents
ea72d161f62ac0df51c95021508260f4280ed1094337ce81f962526a8d35c4dd mycar
00000000: 4470 5652 5558 3c3d 4549 4341 5220 4352 DpVRUX<=EICAR CR
00000010: 4320 636f 6c6c 6973 696f 6e3f 2055 7365 C collision? Use
00000020: 2053 6861 6b65 3132 382f 4b61 6e67 6172 Shake128/Kangar
00000030: 6f6f 3132 2f42 6c61 6b65 3320 696e 7374 oo12/Blake3 inst
00000040: 6561 6421 ead!
updating: mycar (stored 0%)
Archive: mycar.zip
Length Method Size Cmpr Date Time CRC-32 Name
-------- ------ ------- ---- ---------- ----- -------- ----
68 Stored 68 0% 2024-12-28 14:45 6851cf3c mycar
-------- ------- --- -------
68 68 0% 1 file
6534dd9e2904be289ccaa8c26f409bce1851940975e22714681f90e6e4ed571d mycar.zip
00000000: 504b 0304 0a00 0000 0000 a075 9c59 3ccf PK.........u.Y<.
00000010: 5168 4400 0000 4400 0000 0500 0000 6d79 QhD...D.......my
00000020: 6361 7244 7056 5255 583c 3d45 4943 4152 carDpVRUX<=EICAR
00000030: 2043 5243 2063 6f6c 6c69 7369 6f6e 3f20 CRC collision?
00000040: 5573 6520 5368 616b 6531 3238 2f4b 616e Use Shake128/Kan
00000050: 6761 726f 6f31 322f 426c 616b 6533 2069 garoo12/Blake3 i
00000060: 6e73 7465 6164 2150 4b01 021e 030a 0000 nstead!PK.......
00000070: 0000 00a0 759c 593c cf51 6844 0000 0044 ....u.Y<.QhD...D
00000080: 0000 0005 0000 0000 0000 0000 0000 00a4 ................
00000090: 8100 0000 006d 7963 6172 504b 0506 0000 .....mycarPK....
000000a0: 0000 0100 0100 3300 0000 6700 0000 0000 ......3...g.....
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment