TheSilentLink's Blog

Blog about anything and everything


Checking File Integrity

I feel like it is important to talk about file integrity and checking the checksum of a file. Lot of people don’t seem to know what this is, why it is important or how to get a checksum, and so I have decided to write about it!

What is this and why is it important

Every file has a hash. This is a random string on letters and numbers that is calcuated using an algorithm. Everytime the same algorithm is ran against the same file it will return the same string of random letters and numbers. However, if anything about the file changes, even 1 btye then the algorithm will return a completely different set of random letters and numbers.

For example if I run the algorithm MD5 on the Luigi Mansion PAL ISO for GameCube I should get: 0f09da2b8e32bcb352bfb727fb1ea725

If I don’t get this string then it means that the download or dump is corrupted and should be either re-downloaded or re-dumped. Additionally, it could mean that someone has modified the download and might have added malware to it. They could have also modified the hash on the website to make it so if you check the hash against the malicious download it will match and thus, if you are downloading programs like an operating system you might want to check the signature of the file containing the hash to ensure that the hash is from an developer of the software. Checking signatures is outside of the scope of this guide however but if you are interested feel free to do some research!

For checking if your games are dumped without any errors, you can use redump.org. This is a website that has calculated the hashes of games using multiple algorithms and put them online so anyone can ensure that their game dump has no issues. This is particularly important for disc based consoles as a scratch on the disc could make the dump have issues when played and will change the hash of file making it very obvious if the dump is invalid.

How to check hash on Linux

Most websites use the MD5 algorithm but some might use SHA1 or SHA256 or something else.

If you want to check the hash of a file using MD5 simply open a terminal and run:

md5sum filename

Replace filename with the path to the file you want to check.

md5sum Linux

To use another algorithm such as SHA1 or SHA256 then just use sha1sum or sha256sum respectively. Usually algorithm+sum will be the correct command to use to get the hash you need.

How to check hash on macOS

For macOS you can just use: md5 filename to get a md5 hash. For SHA though you need to use: shasum -a algorithm filename.

Replacing algorithm with the algorithm you want to use such as 1, 224, 256, 384, or 512. By default if you don’t add -a it will use SHA1.

How to check hash on Windows

For Windows you need to open a command prompt. This can be done by searching for CMD in the start menu. To get an MD5 checksum you just need to use:

certutil -hashfile filename MD5

Replace MD5 with SHA1, SHA256, SHA512 or any other algorithm if you want a different checksum.

Conclusion

Hopefully this helped some people to ensure that their downloads aren’t corrupted and safe to use. Make sure to replace filename with the path to the file you want to check!