December 21, 2024
Cybersecurity / Windows 10

How to Verify Downloaded Files using Checksum

seraphby seraph
checksum

Introduction

Checking the hash of the downloaded file is a quick and easy method to verify that your file is safe, and was not corrupted during download, or modified by a malicious third-party before you downloaded it. In this tutorial you will learn what a checksum is, and conduct a short Lab exercise on how to execute a checksum using Windows built-in checksum utility certutil

What is a Checksum?

A checksum is a sequence of numbers and letters used to check data for errors. If you know the checksum of an original file, you can use a checksum utility to confirm your copy is identical. To produce a checksum, you run a program that puts that file through an algorithm. Typical algorithms used for this include MD5, SHA-1, SHA-256, and SHA-512. The algorithm uses a cryptographic hash function that takes an input and produces a string (a sequence of numbers and letters) of a fixed length. The input file can be a small 1 MB file or a massive 4 GB file, but either way, you’ll end up with a hash of the same length. Small changes in the file produce very different checksum.

Where to find the Checksum of a File?

Checksums often accompany software downloaded from the web so that users can ensure the file or files were not modified in transit. If the checksum from the software vendor matches the checksum of the downloaded installation files on your computer, then no errors or modifications were made. However, if the resulting hash does not match the hash from the website, then the downloaded file might have been corrupted or compromised by hackers.

Of course, not all websites offer you the chance to cross-reference a file hash to ensure file integrity. Unfortunately, because many people do not take the time to vet their downloads many major websites don’t offer file hashing comparisons.

How to use a Windows checksum Utilities

There are many tools and utilities out there for validating checksums on Windows, but for this lab we’ll use Windows built-in certutil command that already comes with Windows 10 to generate a checksum of a file. You don’t need any third-party utilities.

The syntax for the certutil command is:

certutil -hashfile [FILENAME] [HASH]

Replacing [FILENAME] with the file you want to validate, including its extension, and [HASH] with the hash algorithm of your choice. Windows’ certutil command can use the following hash algorithms to generate a checksum:

  • MD2
  • MD4
  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512

Checksum Lab

Now, conduct a short Lab exercise on how to execute a checksum using Windows built-in checksum utility certutil with a SHA256 hash algorithm.

Requirements

To participate in the checksum lab you will need the following tools:

  • Windows OS
  • notepad or wordPad application (any file types will suffice)

Step 1: Create a Text file

  1. Open Window’s notepad and type some text in it.
  2. Choose File **> **Save.
  3. Navigate to your Desktop.
  4. Type testMyHash.txt in the File name: field, and click Save.

In the screenshot below, you can see I’ve written the text “Hello, my name is Seraph” and saved my file as testMyHash.txt to my desktop:

Notepad application with the text, "Hello my name is Seraph" written in it

Step 2: Open Windows Terminal and calculates the checksum.

  1. Open Command Prompt by holding Windows Key and pressing "R". 2. Type “cmd” into the text field and press Enter.
  2. Navigate to the desktop location where the file is located. If you use the default settings, simple type:
cd desktop

Next enter the following command:

certutil -hashfile testMyhash.txt SHA256

Press enter to run the command, and you’ll see the SHA-256 hash for the file (see image below). Depending on the size of the file and the speed of your computer’s storage, the process may take a few seconds.

Windows terminal command

Step 3: Make a change to the testMyHash.txt File

  1. Navigate to the Desktop and open the testMyHash.txt file once again.
  2. Make a minor change to the text, such as deleting a letter, or adding a space or simply deleting the period at the end of the sentence. In my example, an exclamation mark (!) was added (*screenshot below).
  3. Make sure you click File **> **Save, and close Notepad.
  4. Go back to the Windows terminal, and enter the previous command again: certutil -hashfile testMyhash.txt SHA256. You can cycle through previous commands by simply pushing the up-arrow or down-arrow key on your keyboard.
Modify testMyHash.txt

Note: As you can see, an exclamation mark (!) was added to testMyhash.txt file. Now lets compare the calculated checksum to the original one:

Windows terminal command

As you can see, there is a difference in the hash values since we modified the textMyHash.txt file.

Conclusion

Now you know how to verify the integrity of downloaded files. As demonstrated by the lab example, just a simple subtle change in the file such as an exclamation mark can alter the checksum of the file dramatically. Whether you’re verifying a file you just downloaded is safe and wasn’t corrupted during download or to make sure that a nefarious person hasn’t hacked and altered files on the download server, the extra time it takes to check a file’s hash is well worth the effort.

If the command line is a bit too inconvenient for easy file verification, here are a few GUI based tools you can use instead

Please leave like or comment if you found this article interesting!

seraph

View all posts by seraph →

You might also like

SQL Injection

SQL Injection Attack – Hacker Challenge

Black, White, Grey Hat Hackers

Three Type of Hackers

PIP Install Malware

PIP Install Malware?!

Leave a Reply

Your email address will not be published.