-1

I am trying to encrypt SHA-1 the following string:

commit 218\0tree 64a7513fad0b86d34b6feedbf9c2e99135819861 parent 233634213baf3f40236233f28c6646f20786a80a author CTF user <me@example.com> 1390678027 +0000 committer CTF user <me@example.com> 1390678027 +0000 Give me a Gitcoin 200

It is a git hash-object input, with the header along with the commit message. The results I am getting are very different from one method to the other.

Using git hash-object, I get bed6b1001619ad84548d05db65a75ac80bf79f31.

Using Ruby's digest/sha1, I get e729e36abf0fa4da392b8f2acc1561ec5d298af9.

Using http://www.sha1-online.com, I get d543ddbfb7607464f5f964b9a3536eccedd1e1a4.

This is extremely confusing. Which one is it and why am I unable to mimic git-hash-object's functionality? I read http://git-scm.com/book/en/Git-Internals-Git-Objects and followed the instructions there but I cannot seem to get the right hash digest.

Here is my ruby snippet:

Digest::SHA1.hexdigest "commit #{body.length}\0#{body}"

Is there a way in git to see the hash-object header, or the string it uses to hash out the SHA-1? What is wrong with my method above?

darksky
  • 20,411
  • 61
  • 165
  • 254
  • It isn't completely clear what problem you are trying to solve. You might want to look at the answers for this question - http://stackoverflow.com/questions/552659/assigning-git-sha1s-without-git – D.Shawley Jan 25 '14 at 19:41
  • @D.Shawley I am trying to get the git hash-object SHA-1 value manually instead of using git-hash-object. I looked at that question and I am doing precisely that. – darksky Jan 25 '14 at 19:43
  • Where did you get the string starting with `tree 64a751...`? If you're comparing to an actual git commit, note that commit data contains embedded newlines, it's not all on one line. – torek Jan 25 '14 at 19:46
  • @torek From git-write-tree. `tree` is on one line, `parent` is on another, `author` is on another and `committer` is on another. Then there are two new lines and then the commit message. With this, I get a SHA-1 of `56e4a594dc02c21dfa82c237e3b8c53ed9c8f4c5`. Still not `bed6b..`. Any idea what else I'm missing? – darksky Jan 25 '14 at 19:52
  • Ah, I meant more like, did you `git cat-file -p` an actual commit whose ID was known. If I take your tree, parent, etc and put them in a file I get one that's at least 220 bytes long, including all newlines, which is longer than the 218 indicated, so I'm pretty sure there's some data out of sync here. – torek Jan 25 '14 at 20:07
  • @torek You're correct. I had invalid newlines and data out of sync. I got it now. Thanks! – darksky Jan 25 '14 at 20:27

1 Answers1

4

hello fellow stripe capture the flag contestant :)

this is how you do it (make sure that there is a newline!)

require 'digest/sha1'

content = "tree #{tree}
parent #{parent}
author CTF user <me@example.com> #{timestamp} +0000
committer CTF user <me@example.com> #{timestamp} +0000

Give me a Gitcoin

1
"

Digest::SHA1.hexdigest "commit #{content.length}\0#{content}"
phoet
  • 18,688
  • 4
  • 46
  • 74