Skip to content

How to create MD5 and SHA1 hashes and a hashing database of files or folders in Windows 7

08/10/2016

Step 1 – Download the file hashing software (FCIV.exe) from Microsoft

https://support.microsoft.com/en-us/kb/841290

***

Step 2 – Create a new C:\FCIV folder

Copy a picture over to this folder for easy testing.

***

Step 3 – Install FCIV to FCIV Folder

fciv-install

Browse to FCIV folder

fciv-step-4

***

Step 4 – Create both MD5 and SHA1 hashes

MD5 hashes are not longer considered safe, despite the fact that they have been widely used.  A female mathematician called Wang developed an attack, which has shown how to create an MD5 collision.  The safer option is to use a SHA1 hash along with an MD5 hash – together.  There is no known attack that can break  both hashing systems in unison.

The syntax for generating two hashes simultaneously is -both

fciv-both

***

Step 5 – Create MD5/SHA1 hashes of an entire directory

Next  we hash an entire directory  c:\steampunk

Syntax is:

fciv.exe c:\steampunk -both

All the files in the steampunk directory will be hashed in both MD5 and SHA1 for you.

fciv-steampunk-dir

Perhaps you’d like to hash your sysinternals directory.

 

fciv.exe c:\sysinternals -both

 

fciv-sysinternals-directory-both-hashes

***

Step 6 – Display MD5 hashes of a file

Change into FCIV folder – we are going to select the first file to hash.  The default hash is MD5.  If you don’t select a hash, the MD5 hash will be generated for you.

MD5 Syntax

fciv.exe c:\steampunk\618284.png

fciv-file-md5

SHA1 Syntax

fciv.exe c:\steampunk\618284.jpg -sha1

fciv-file-sha1

Both Hashes

fciv.exe c:\steampunk\618284.jpg -both

fciv-file-both

The 323d hash is in the MD5 format.

***

Step 7 – Microsoft Example syntax.

fciv.exe c:\mydir\myfile.dll
fciv.exe c:\ -r -exc exceptions.txt -sha1 -xml dbsha.xml
fciv.exe c:\mydir -type *.exe
fciv.exe c:\mydir -wp -both -xml db.xml

If you get the path wrong, you’ll get this error.

Remember it’s good to make mistakes – you’ll learn faster when you make an error.

fciv-wrong-path

***

Step 8 – Create a Hash Database

If you need to check the hashed files to ensure they have not changed, then create a hash database.  Here it’s called “db”.

fciv.exe c:\file -both -xml db

See the line “Create new XML database”.

fciv.exe c:\file -both -xml db

The hash is now stored in a database called db.

fciv-create-database

Add Sysinternals hashes

fciv.exe c:\sysinternals -both -xml db

 

fciv-sysinternals-directory-added-to-database

***

Step 9 – List the hashes in your Hash database

Need to check the hashes of your database?

fciv.exe -list -xml db

fciv-list-database

Use notepad to open the file db to see your hash.

fciv-db-notepad

Now, you have generated hashes of a file, and added that hash to a database.

List your Sysinternals hashes

fciv -list -both -xml db

 

fciv-sysinternals-listed-directory-in-database

***

Step 10 – Hash another file

fciv.exe c:\steampunk\steampunk_1.jpg

fciv-hash-second-file-to-database

Notice the hash starting 981 is MD5 and 9b3 is SHA1

Okay, now lets add the hash to the database and see what we get.

fciv-add-a-second-hash-to-db

List out the database db.

fciv.exe -list -xml db

We can see that Steampunk_1 has been added, however only MD5 hashes are displayed.

fciv-list-database-wtih-new-hash

Here’s how to display SHA1 hashes in the database in a cmd prompt

 

fciv -list -both -xml db

fciv-display-sha1-in-database

There we are.  Our database can now list both hashes for all files added to it.

This database provides our evidence of the original hash.

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: