Jump to the post that solved this thread.
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Solved: 3 Years, 8 Months, 1 Week, 5 Days, 12 Hours, 15 Minutes, 17 Seconds ago Question about - MyBB File Verification
#1
Solved: 3 Years, 8 Months, 1 Week, 5 Days, 12 Hours, 15 Minutes, 17 Seconds ago
I want to ask something about the feature MyBB uses to check "File Verification" in the Admin CP under "Tools and Maintenance".

Because I have made a lot of changes to my forum, I'm getting a lot of error's on files now making that feature not very good for me, it doesn't show all is OK. Thing is though, I know how to get the MD5 Hash of a changed file, I use a great program called: Traders Little Helper.

I decided to try and change some things to get that option to give me the all clear on files. I changed the path in the file called "admin/modules/tools/file_verification.php". So that it checked the file_verification file on my server. I downloaded the 1601.txt file and made some change with hash codes, or removed some listed that got checked to get the OK on some image files.

Thing is though on some changed PHP files, even if I edited the md5 hash to match the new it uses in that TXT file stored on my server. Still it will not give me an all clear on it. Now I've done this with vBulletin files in the past after I edited them also (so they had a new md5 hash), which I changed accordingly in the stored hash codes file and it was accepted.

How comes this doesn't work now when doing the same with MyBB. I edited a core file for a mod I use, then I get the new md5 hash for it, edited the 1601.txt file to reflect the changed md5 used now. But it still won't give a clear on it?
Reply
#2
Solved: 3 Years, 8 Months, 1 Week, 5 Days, 12 Hours, 15 Minutes, 17 Seconds ago
The File Verification feature will only show "OK" if all the original files are there and have not been edited.

It basically tells you if each file is original (OK) or edited (Changed)
Reply
#3
Solved: 3 Years, 8 Months, 1 Week, 5 Days, 12 Hours, 15 Minutes, 17 Seconds ago
I don't think you understand what I'm saying here. Each file uses a long MD5 Hash humber to check it's not been changed. I can open a file, edited it, then use the program I mentioned above to get it's new MD5 Hash used. When I used vBulletin, all I would then need to do is open the file that stores the MD5 Hash code numbers and change the one for the file I just edited, changing it to the new MD5 for that edited file.

By doing that, the file would be accepted as still being legit. But for some reason you can do the same with the 1601.txt file, make my forum link to it stored on my server. But still gives an error. Keep in mind that I'm not talking here about checking the MD5's from MyBB, but on my server instead by editing the URL path leading to the file that does the checking.
Reply
#4
Solved: 3 Years, 8 Months, 1 Week, 5 Days, 12 Hours, 15 Minutes, 17 Seconds ago
Ok i see what you mean now , but why would you go to this trouble just to have the "File Verification" status OK ?
Reply
#5
Solved: 3 Years, 8 Months, 1 Week, 5 Days, 12 Hours, 15 Minutes, 17 Seconds ago
So I can see much more easy if a hacker has changed any files in the future, or uploaded any new ones. It becomes harder to know if they have or not now, if your already getting a long list of errors because you removed some default avatars that come with MyBB, changed a few core files, uploaded some new images. Doing all this gives validation errors because they are listed in the 1601,txt file that contains hash codes.

For example, I can remove the default avatars that comes with MyBB. Then also remove all MD5 lines that mention them. I get the OK on that. The problem is with PHP files.
Reply
#6
Solved: 3 Years, 8 Months, 1 Week, 5 Days, 12 Hours, 15 Minutes, 17 Seconds ago
What you're trying to do works fine when I do it so you must be missing something... for some reason each file is listed 4 times in the checksum file, sometimes with different MD5s, so make sure you're changing all 4 to the 'edited' MD5, and it should work.
Can you still feel the butterflies?

Free never tasted like pudding.
Reply
#7
Solved: 3 Years, 8 Months, 1 Week, 5 Days, 12 Hours, 15 Minutes, 17 Seconds ago
Core files are only change if you have install any plugin that directly edit the core files. If any plugin do such, File Verification tool will point out which file has been edited. That's useful to know at certain points where it is necessary to know from where the error starts.
Reply
#8
Solved: 3 Years, 8 Months, 1 Week, 5 Days, 12 Hours, 15 Minutes, 17 Seconds ago
Core file changes I've made are all manual edits, I only use 2 plug-ins here that are active. Akismet and Questions and Answers at registration.

In layman terms, all I'm trying to do here, is do the checking of the 1601.txt file stored on my server, and not from MyBB. That way I can edit the MD5's in it to try and get the OK on PHP core files listed after using traders little helper to get the new MD5 and add that in that 1601.txt file.

I understand I can't change the MD5 Hash numbers stored at MyBB in that 1601.txt file. Hence why I have to do the checking of an edited version stored on my server instead.
(01-05-2011, 06:44 PM)MattRogowski Wrote:  What you're trying to do works fine when I do it so you must be missing something... for some reason each file is listed 4 times in the checksum file, sometimes with different MD5s, so make sure you're changing all 4 to the 'edited' MD5, and it should work.

I did not try changing all 4 listed. I did notice that 2 are usually the same number, while the other two are different. I'll try changing all 4 mentions of it then to the new MD5 and see what happens.

What I did was try adding two more new lines, giving 6 for the file if you get what I mean.

Thanks, I'll try doing it that way you said later
Reply
#9
Solved: 3 Years, 8 Months, 1 Week, 5 Days, 12 Hours, 15 Minutes, 17 Seconds ago
This user has been denied support. This user has been denied support.
Those multiple checksums are alternatives, either of which should be accepted as valid (ftp ascii transfers change newlines in files, thereby changing the checksum, but the file is still OK). So you shouldn't have to change all of them (or any), you should be able to just add your own alternatives...

Also double check how MyBB calculates the checksum. It does not necessarily have to be the same as md5sum in the command line or the same as the program you're using.
Reply
#10
Solved: 3 Years, 8 Months, 1 Week, 5 Days, 12 Hours, 15 Minutes, 17 Seconds ago
I think the program I'm using that worked OK for vBulletin MD5's. Is not doing so with MyBB MD5's. I just tried doing it two ways then. First I removed 4 mentions of the file: /global.php

2ce4bdaf0850302cd05f3422507c9983 ./global.php
1495a3bacb531902dac41dbcc87a9fd5 ./global.php
2ce4bdaf0850302cd05f3422507c9983 ./global.php
007a5a4fc6794e0665dd5518110999b4 ./global.php

Putting this there instead: (new MD5 got using the program Traders Little Helper)

53885eada92708750939731d3ddb8beb ./global.php
53885eada92708750939731d3ddb8beb ./global.php
53885eada92708750939731d3ddb8beb ./global.php
53885eada92708750939731d3ddb8beb ./global.php

I also tried just adding 2 and 4 new extra lines, not removing the default ones listed also. Same issues on PHP files, they are not being accepted. It must be the program I'm using?

What program with get the correct MD5's to work with for MyBB.
Reply
Jump to the post that solved this thread.


Forum Jump:


Users browsing this thread: 1 Guest(s)