Attacking an update mechanism with MD5 and RSA

I am currently working on a software challenge that requires you to unlock several features of a software. The software is written in Java. One of them is the update mechanism of the firmware. All you have to do is download a file from a web server and perform some checks before updating. I need to find a way to overcome these checks so I can update the firmware using my own firmware update.

How the update mechanism works:

  1. The software downloads a file from the web server. It is a ZIP file that should have the following structure:

    | Contents of the zip file | Security Tag: | Day |
    • Contents of the zip-file: Here I have to add a file version.txt it must contain a number x> 1.0, (The software reads this part as ZipInputStream.)
    • SecurityTag: This is a string that must be in this file! I can not change that.
    • Day: The day used during the exam.
  2. It takes the contents of the zip file and checks if version.txt File is included and extracts the number from it.

  3. It hashes the contents of the zip file Hash = MD5 (contents of the ZIP file)

  4. Take the tag and decrypt it with RSA: t = (day) ^ e mod N, I know e and N,

  5. It will check if hash == t

Somehow I have to pass this exam, but I do not know how. I began to investigate various types of attacks, but none of them seemed appropriate to overcome this control.

Is there an attack scenario that I miss here? Can someone show me the right direction?

magento2 – Authorizing Net MD5 on SHA512 patch does not work

Currently we have a Magento shop in Magento version 2.2.5 and use Authorize net as the default payment method. Due to the last update of Authorize net I have tried to update the patch. I followed this link

After applying this patch to my current installation, I get the following error message when I try to run the setup: di: compile

The class Magento Sales Api PaymentFailuresInterface does not exist in

I have confirmed that it is because of this new patch by returning to the old state. Any suggestions?

thank you in advance

Why is a 45-character hex string not an MD5 hash?

If this string is placed in hash detection tools, it is not identified as a hash. As far as I knew, an MD5 had a 32-digit string of hex numbers. Everything below is hex. What other rules does md5 have to prevent this from being a hash?


Here is just an example of an ID error for this string:

"Your hash can be one of the following:
Sorry we can not identify your hash. "