Verifying File Integrity

The internet provides us access to content from around the world. When downloading files from the internet we need to verify that the file we have downloaded is the actual file that we were attempting to get and that it hasn’t been modified someone where in the middle (i.e. Man In The Middle attacks, hijacked website, etc…) and has been downloaded correctly (i.e. interrupted network connection, FTP binary download instead of ASCII).

When updating the firmware of a device, the integrity of the new firmware file is of utmost importance. You are replacing the machine level control code on the device that all the applications and operational code depend on, including the System Kernel. Malware or hacker tools embedded in the firmware file will likely go undetected and undeterred by Operating System and Application level software (since it occurs at a hardware level)

As with all issues of Cybersecurity, the balance must be obtained between security and convenience. How critical is the piece of equipment you are updating? Are there safety implications to corrupted or tampered firmware?

For the purpose of this article, we are going to be looking at the first level of verification only, FILE HASHES. Alternate methods include certificates and digital signatures which are not covered in this article.

File Types (typical)

.sfv – CRC32 Checksum

.md5 – MD5 Checksum in 128-bit form (md5sum)

.sha1 – 160-bit hash in sha1sum form

How to Verify File Integrity

Note: This guide is for informational purposes only and ICI is not responsible for any damages resulting from running these commands. Should you require further information or clarification, please contact us.

Windows command line example using CertUtil:

  • File name to check is c:\windows\explorer.exe
  • Open a command prompt and run the following command

certutil -hashfile c:\windows\explorer.exe MD5

The system will respond with the following that you can compare against an MD5 obtained from the download source

MD5 hash of c:\windows\explorer.exe:
CertUtil: -hashfile command completed successfully.

Windows PowerShell example using Get-FileHash

  • Filename to check is c:\windows\explorer.exe
  • Open a PowerShell terminal and run the following command

Get-FileHash c:\windows\explorer.exe -Algorithm MD5 | Format-List

PowerShell will respond with

Algorithm : MD5
Hash : 800EF617DDC3C635CD25E20E0EC39CC6
Path : C:\windows\explorer.exe