md5deep ile pratik hashing islemleri

Hepimiz md5, sha2(md5sum) gibi programlari kullanmisizdir. Bazen indirdigimiz bir programin gercekten orjinal oldugunu(ozellikle acik kodlu uygulamalarda) bazen de kendi yaptigimiz islerin degistirilmedigini ispat etmek icin… Klasik md5 programi basit isler icin idealdir fakat yapacaginiz isler karmasiklastikca yetersiz kalir ve sizi cesitli scriptler yazmaya zorlar.

md5,md5sum gibi programlarin yetersiz kaldigi durumlarda md5deep kullanabilirsiniz. Biraz daha fonksiyonel ve kolay kullanimlidir.

FreeBSD icin kurulum

[[email protected] ~]# cd /usr/ports/
[[email protected] /usr/ports]# make search name=md5deep
Port: md5deep-1.12
Path: /usr/ports/security/md5deep
Info: Program to compute various message digests recursively
Maint: [email protected]
B-deps: gettext-0.16.1 gmake-3.81_1 libiconv-1.9.2_2
R-deps:
WWW: http://md5deep.sourceforge.net

[[email protected] /usr/ports]# cd security/md5deep/
[[email protected] /usr/ports/security/md5deep]# make && make install

Komple bir diskin hashini almak ve bu arada ne kadar sure kaldigini izlemek icin -e parametresi kullanilabilir.

# md5deep -e /dev/ad0
/dev/ad0: 24983MB of 76324MB done, 00:41:26 left

ya da bir dizin altindaki tum dosyalari(altdizinler ile birlikte) hashlerini almak icin -r parametresini kullanabilirsiniz.

md5deep -r -e -o f *> test1

# more test1
6ec60e9f18efcf94621ebd2a0c553213 /usr/ports/security/md5deep/Makefile
eafcff0f9867b06f8c4437d2d7e7e744 /usr/ports/security/md5deep/distinfo
dbd59d6fce59472b5dd480d51c1e5353 /usr/ports/security/md5deep/pkg-descr
4bb47d512fbe6f5e68d7cee7130f4762 /usr/ports/security/md5deep/work/md5deep-1.12/algorithms.h
80cb2ba85cd43862fa652802adf62e15 /usr/ports/security/md5deep/work/md5deep-1.12/CHANGES
6c54cf8b1e58f7ed2728f64b48be959f /usr/ports/security/md5deep/work/md5deep-1.12/cycles.c
9783ada389ff3ee6fbd1949fd244da3e /usr/ports/security/md5deep/work/md5deep-1.12/dig.c
3b4f0f1b47ef008cc34e933f7dc84a41 /usr/ports/security/md5deep/work/md5deep-1.12/files.c
b448174fdb12610e67e75793eea95de2 /usr/ports/security/md5deep/work/md5deep-1.12/hash.c
06ec79ab67c1bdb214663aef028840f1 /usr/ports/security/md5deep/work/md5deep-1.12/hashTable.c
5174137279a948e11f8cfbbcd58fd46b /usr/ports/security/md5deep/work/md5deep-1.12/hashTable.h
2acc84cf16dd3310b7ec1f5a206cc898 /usr/ports/security/md5deep/work/md5deep-1.12/helpers.c
2f550dca1ea099f2807ad60779594054 /usr/ports/security/md5deep/work/md5deep-1.12/main.c
6027ad2acfb7a9add818e82541e9804e /usr/ports/security/md5deep/work/md5deep-1.12/Makefile
c4efd25b00d1359ed73d35e1beb2e73d /usr/ports/security/md5deep/work/md5deep-1.12/match.c
82625272b89d7cb462689f4274615322 /usr/ports/security/md5deep/work/md5deep-1.12/md5.c
58e8e6f929fdd471e494d10f46254ac2 /usr/ports/security/md5deep/work/md5deep-1.12/md5.h
6a58a03fb9907a92f9d11ea7e057f583 /usr/ports/security/md5deep/work/md5deep-1.12/md5deep.1
3adc3ba72a3974d5cff948fa2cfa1c93 /usr/ports/security/md5deep/work/md5deep-1.12/md5deep.h
edf7015e392612ce509195a457d663b8 /usr/ports/security/md5deep/work/md5deep-1.12/README

Sonrada bu dosyalar arasinda degisenlerini bulmak icin -x parametresini kullanabilirsiniz.

# md5deep -x test1 -r *
/usr/ports/security/md5deep/work/md5deep-1.12/md5.c

Benzer sekilde hashing icin md5 yerine

md5deep – Compute MD5 message digests
sha1deep – Compute SHA-1 message digests
sha256deep – Compute SHA-256 message digests
tigerdeep – Computer Tiger message digests
whirlpooldeep – Compute Whirlpool message digests

kullanilabilir.

This entry was posted in Forensic. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

eight − 4 =