UUHash: Difference between revisions

UUHash is a hash algorithm employed by clients on the FastTrack network. It is employed for its ability to hash very large files in a very short period of time, even on older computers. However, this is achieved by only hashing a fraction of the file. This weakness makes it trivial to create a hash collision, allowing large sections to be completely altered without altering the checksum.

This method is used by Kazaa and is exploited by anti-p2p agencies to corrupt downloads.

UUHash will hash the first 300 kilobytes using MD5 and then apply a smallhash function (identical to the CRC32 checksum used by PNG) to 300 KB blocks at file offsets 2ⁿ MB with n being an integer incremented from 0 until the offset reaches end of file. Finally the last 300 KB of the file are hashed. If the last 300 KB of the file overlap with the last block of the 2ⁿ sequence this block is ignored in favor of the file end block.

So, for example:

offset 1 MB, 300 KB hashed

offset 2 MB, 300 KB hashed

offset 4 MB, 300 KB hashed

offset 8 MB, 300 KB hashed

...

last 300 KB of file hashed

The 128 bit MD5 hash and the 32 bit smallhash are then concatenated yielding the 160 bit hash used to identify files on the FastTrack network.

The actual hash used on the FastTrack network is a concatenation of 128 bit MD5 of the first 300 KB of the file and a sparse 32 bit smallhash calculated in the way described above. The resulting 160 bits when encoded using Base64 become the UUHash.

The name UUHash is an unfortunate choice and derives from the sig2dat utility which creates URIs referencing files on Kazaa. These URIs are of the form:

sig2dat://|File: surprise.mp3|Length:5845871Bytes|UUHash:=1LDYkHDl65OprVz37xN1VSo9b00=

Not considering the fact that this URI format is not RFC conformant, it is clear that UUHash refers to the Base64-encoding of the hash and not the hash itself.

• How Overpeer was able to corrupt data on the FastTrack network