How to check file hashes with a simple Python script to avoid malicious downloads

hash-comparison-python-script

This tutorial will help you build a very simple python3 script, that will compare your first input with your second input, which can be used to compare file hashes (like SHA256) before and after downloading them. One reason to do this is to make sure that we are downloading what we think we’re downloading, and not some modified file.

Python3 is a programming and scripting language that has a lot of functionality. You can create a lot of automated tools just using python3 and its available libraries. In fact, the script that we’ll make here is a really simple script that just uses the basics of python3. 

What are SHA256 hashes, and why do they matter?

When you download software, sometimes you can see SHA256 hashes on the website, like these:

Screenshot captured from: https://www.audacityteam.org/download/online-safety-when-downloading/ 
Screenshot captured from: https://www.gimp.org/downloads/ 
Screenshot captured from: https://www.jetbrains.com/pycharm/download/download-thanks.html?platform=windows&code=PCC 

But, what’s a hash in the first place? Cybersecurity and Infrastructure Security Agency (CISA) defines a hash value as:

A fixed-length string of numbers and letters generated from a mathematical algorithm and an arbitrarily sized file such as an email, document, picture, or other type of data. This generated string is unique to the file being hashed and is a one-way function—a computed hash cannot be reversed to find other files that may generate the same hash value. Some of the more popular hashing algorithms in use today are Secure Hash Algorithm-1 (SHA-1), the Secure Hashing Algorithm-2 family (SHA-2 and SHA-256), and Message Digest 5 (MD5).

https://www.us-cert.gov/ncas/tips/ST04-018

So SHA256 is a popular hashing algorithm in use today, which can further be defined as: 

SHA-256 algorithm is one flavor of SHA-2 (Secure Hash Algorithm 2), which was created by the National Security Agency in 2001 as a successor to SHA-1. SHA-256 is a patented cryptographic hash function that outputs a value that is 256 bits long.

Quoted from https://www.n-able.com/blog/sha-256-encryption

So, you can use SHA256 to prove the originality of a file. In short, SHA256 can be used to check that you downloaded the original and right file, not a modified file that may have malware, backdoors, or other maliciously injected changes inside. But, SHA256 has 64 digits of characters which is not very easy for humans to quickly compare. It just so happens that this is something computers are incredibly good at. So, isn’t it better to use a script that will compare those long hashes? 

Creating a file hash checker script with Python3

To make this simple python3 script, you need to install python3, and you need a text editor. You can download python3 from the official website. For the text editor, you can use any text editor you want, but I’m using Sublime text editor.

The first thing you want to do for this script is to let a user input the original file’s hash. The hash we can find on the software’s download page.

true_hash = input("Enter the official hash: ").upper()
Code language: JavaScript (javascript)

To do this, we can grab the user’s input using the input() function, and store that in a variable for later use. We can name this variable true_hash use .upper() to make the input become capital letters. This is useful for ensuring a uniform format across data that we will be comparing.

After that, you need a second line of code that will take the user’s second input for the downloaded file’s hash.

app_hash = input("Enter the downloaded application hash: ").upper()
Code language: JavaScript (javascript)

That line of code will make a second variable named app_hash and the value is also the input from user. We also use .upper() here, again to ensure uniformity.

After that, you just need to compare the first and second variables and check if they are exactly the same. For that, we can simply use an if statement.

if true_hash == app_hash: print("Your application is genuine!") else: print("Your application hash is not the same as the true hash")
Code language: PHP (php)

It will check if the true_hash variable matches with the app_hash variable. If it does, then it will print out the text inside the first print statement’s bracket: “Your application is genuine!” But, if it does not match, then it will print out the second text inside the second print statement’s bracket: “Your application hash is not the same as the true hash.

That’s all – it’s really simple, right? Now, we can save our script and check if the script works. You would run this command from where your python installation is located. For example, mine is at C:\Users\Asus\AppData\Local\Programs\Python\Python39

python.exe D:\Tools\Hash_checker.py Enter the official hash: A Enter the downloaded application hash: a Your application is genuine!
Code language: CSS (css)

There, we can see that the script is working! Now, for a better example, I will use the gimp software which is a free and open-source graphics editor.

From gimp’s website, we can see the sha256 hash of gimp’s setup:

So, we can see that gimp’s setup sha256 hash is 5e9eabe5739523a9fc347b4614d919418f3335e7aab082a65f71705421e85e04

Now, we can download the .exe file and then check to make sure the hashes match.

If you’re using Windows, you can get the installer’s hash using this PowerShell command:

Get-FileHash <path to the applications setup> -Algorithm SHA256 | Format-List
Code language: HTML, XML (xml)

There, we can see the SHA256 hash! Now, let’s compare those two hashes using the script we just made.

python.exe D:\Tools\Hash_checker.py Enter the official hash: 5e9eabe5739523a9fc347b4614d919418f3335e7aab082a65f71705421e85e04 Enter the downloaded application hash: 5E9EABE5739523A9FC347B4614D919418F3335E7AAB082A65F71705421E85E04 Your application is genuine!
Code language: CSS (css)

So, we can see that the script works fine! Now, you won’t need to compare those long hashes manually.

Adding a banner to our script

You can improve the script however you want. For now, I just want to add a banner to the script, so it will look better when using it. To make a banner, you can use a lot of libraries available for python. For this script, I used pyfiglet. To download it, you can do:

pip3.exe install pyfiglet
Code language: CSS (css)

To use pyfiglet, you need to import it to your script. You can do that by adding these two lines at the very top of your python script file:

import pyfiglet from pyfiglet import Figlet
Code language: JavaScript (javascript)

After that, you can make the banner using:

banner = Figlet(font='standard') print(banner.renderText('Hello, f0x!'))
Code language: PHP (php)

You can check more information about pyfiglet and figlet fonts at http://www.figlet.org/examples.html

You can change the text inside the bracket to whatever you like. Now, let’s check if the banner is working:

python.exe D:\Tools\Hash_checker.py
Code language: CSS (css)

As you can see, the banner is working just fine! That’s all for this post. You can learn more about python3 on the internet. There are a lot of courses out there to learn python3. I hope you enjoyed this article and thank you for reading it!

Related Articles

Responses

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.