-3

Why this PHP comparison it wont return True and is there a way i can make it return true ?

<?php

highlight_file(__FILE__);
error_reporting(0);
$first = $_GET['first_flag'];

echo ' :: ' . md5($first);
echo ' :: ' . $first ."<br/>";

if($first == md5($first)){
    echo "True";
}else {
    echo "False";
}


?>

when i put QNKCDZO it returns :

:: 0e830400451993494058024219903391 :: QNKCDZO False

Edit316
  • 1
  • 1

1 Answers1

6

The key is to notice that the comparison is done using ==, which opens up options involving type juggling.

Strings in the format 1e2 (where 1 and 2 are numbers of any size) are interpreted as scientific-notation floating point values by PHP. Because any value in the form 0e... evaluates to zero (zero to any power still equals zero), the next step is to find a number X for which the md5 hash of 0eX is of the same form.

The MD5 hash of 0e215962017 is 0e291242476940776845150308577824, note that every character other than the initial 0e is numeric.

So when comparing the values (loosely, using ==), both evaluate to zero.

Credit to https://github.com/bl4de/ctf/blob/master/2017/HackDatKiwi_CTF_2017/md5games1/md5games1.md , which had done the (much harder) work of actually finding the number.

iainn
  • 16,826
  • 9
  • 33
  • 40