Skip to content

How to create MD5 and SHA1 hashes and a hashing database of files or folders in Windows 7


Step 1 – Download the file hashing software (FCIV.exe) from Microsoft


Step 2 – Create a new C:\FCIV folder

Copy a picture over to this folder for easy testing.


Step 3 – Install FCIV to FCIV Folder


Browse to FCIV folder



Step 4 – Create both MD5 and SHA1 hashes

MD5 hashes are not longer considered safe, despite the fact that they have been widely used.  A female mathematician called Wang developed an attack, which has shown how to create an MD5 collision.  The safer option is to use a SHA1 hash along with an MD5 hash – together.  There is no known attack that can break  both hashing systems in unison.

The syntax for generating two hashes simultaneously is -both



Step 5 – Create MD5/SHA1 hashes of an entire directory

Next  we hash an entire directory  c:\steampunk

Syntax is:

fciv.exe c:\steampunk -both

All the files in the steampunk directory will be hashed in both MD5 and SHA1 for you.


Perhaps you’d like to hash your sysinternals directory.


fciv.exe c:\sysinternals -both




Step 6 – Display MD5 hashes of a file

Change into FCIV folder – we are going to select the first file to hash.  The default hash is MD5.  If you don’t select a hash, the MD5 hash will be generated for you.

MD5 Syntax

fciv.exe c:\steampunk\618284.png


SHA1 Syntax

fciv.exe c:\steampunk\618284.jpg -sha1


Both Hashes

fciv.exe c:\steampunk\618284.jpg -both


The 323d hash is in the MD5 format.


Step 7 – Microsoft Example syntax.

fciv.exe c:\mydir\myfile.dll
fciv.exe c:\ -r -exc exceptions.txt -sha1 -xml dbsha.xml
fciv.exe c:\mydir -type *.exe
fciv.exe c:\mydir -wp -both -xml db.xml

If you get the path wrong, you’ll get this error.

Remember it’s good to make mistakes – you’ll learn faster when you make an error.



Step 8 – Create a Hash Database

If you need to check the hashed files to ensure they have not changed, then create a hash database.  Here it’s called “db”.

fciv.exe c:\file -both -xml db

See the line “Create new XML database”.

fciv.exe c:\file -both -xml db

The hash is now stored in a database called db.


Add Sysinternals hashes

fciv.exe c:\sysinternals -both -xml db




Step 9 – List the hashes in your Hash database

Need to check the hashes of your database?

fciv.exe -list -xml db


Use notepad to open the file db to see your hash.


Now, you have generated hashes of a file, and added that hash to a database.

List your Sysinternals hashes

fciv -list -both -xml db




Step 10 – Hash another file

fciv.exe c:\steampunk\steampunk_1.jpg


Notice the hash starting 981 is MD5 and 9b3 is SHA1

Okay, now lets add the hash to the database and see what we get.


List out the database db.

fciv.exe -list -xml db

We can see that Steampunk_1 has been added, however only MD5 hashes are displayed.


Here’s how to display SHA1 hashes in the database in a cmd prompt


fciv -list -both -xml db


There we are.  Our database can now list both hashes for all files added to it.

This database provides our evidence of the original hash.

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: