What's new

SHA 256 Verification failure?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Howard_inGA

Senior Member
While trying to check my download signatures in both CMD or Powershell in Win 11, I'm getting a failure that I can't pinpoint. Here is the command used and the returned result. Note that they are the same in both, and fail when used on the trx file itself or the zip file.

Powershell-
PS C:\Users\howar> certutil -hashfile C:\Users\howar\Downloads\Computer Items\Router Info\ASUS RT-AC5300\RT-AC5300_386.11_0.zip sha256
Expected no more than 2 args, received 5
CertUtil: Too many arguments

Usage:
CertUtil [Options] -hashfile InFile [HashAlgorithm]
Generate and display cryptographic hash over a file

Options:
-Unicode -- Write redirected output in Unicode
-gmt -- Display times as GMT
-seconds -- Display times with seconds and milliseconds
-v -- Verbose operation
-privatekey -- Display password and private key data
-pin PIN -- Smart Card PIN
-sid WELL_KNOWN_SID_TYPE -- Numeric SID
22 -- Local System
23 -- Local Service
24 -- Network Service

Hash algorithms: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512

CertUtil -? -- Display a verb list (command list)
CertUtil -hashfile -? -- Display help text for the "hashfile" verb
CertUtil -v -? -- Display all help text for all verbs

PS C:\Users\howar>

CMD Prompt-
C:\Windows\System32>certutil -hashfile C:\Users\howar\Downloads\Computer Items\Router Info\ASUS RT-AC5300\RT-AC5300_386.11_0.zip SHA256
Expected no more than 2 args, received 5
CertUtil: Too many arguments

Usage:
CertUtil [Options] -hashfile InFile [HashAlgorithm]
Generate and display cryptographic hash over a file

Options:
-Unicode -- Write redirected output in Unicode
-gmt -- Display times as GMT
-seconds -- Display times with seconds and milliseconds
-v -- Verbose operation
-privatekey -- Display password and private key data
-pin PIN -- Smart Card PIN
-sid WELL_KNOWN_SID_TYPE -- Numeric SID
22 -- Local System
23 -- Local Service
24 -- Network Service

Hash algorithms: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512

CertUtil -? -- Display a verb list (command list)
CertUtil -hashfile -? -- Display help text for the "hashfile" verb
CertUtil -v -? -- Display all help text for all verbs

Any ideas as to what I'm doing wrong?
 
I believe certutil verifies certificates. I don't think it calculates checksums.
Anyone know how to verify the chksums and file integrity??
 
Anyone know how to verify the chksums and file integrity??
On my Mac:

Code:
cd /xxx/xxx/Downloads/GT-AX6000_388/

echo "59a7377f3b3a7d61b74ea9a6d12d0c4793020da8fe3c8c74aec174731e3f28cd  RT-AC68U_386.11_0.trx" | shasum -a 256 --check
 
I stand corrected...

Code:
D:\>certutil -hashfile testfile.dat SHA256
SHA256 hash of testfile.dat:
95c2e38c1bab6425ae988aa7d5da9f0f4df126486a222c55d5ef194316bb8b60
CertUtil: -hashfile command completed successfully.

I think your problem was the spaces in the filename. You probably need to quote it.
Code:
D:\>certutil -hashfile "test file.dat" SHA256
SHA256 hash of test file.dat:
95c2e38c1bab6425ae988aa7d5da9f0f4df126486a222c55d5ef194316bb8b60
CertUtil: -hashfile command completed successfully.
 
I stand corrected...

Code:
D:\>certutil -hashfile testfile.dat SHA256
SHA256 hash of testfile.dat:
95c2e38c1bab6425ae988aa7d5da9f0f4df126486a222c55d5ef194316bb8b60
CertUtil: -hashfile command completed successfully.

I think your problem was the spaces in the filename. You probably need to quote it.
Code:
D:\>certutil -hashfile "test file.dat" SHA256
SHA256 hash of test file.dat:
95c2e38c1bab6425ae988aa7d5da9f0f4df126486a222c55d5ef194316bb8b60
CertUtil: -hashfile command completed successfully.
So, this worked to get the cksum. However, the SHA's don't match for the .zip file and the result?? Here is what I saw:

C:\Users\h*****\Router Info\ASUS RT-AC5300>certutil -hashfile RT-AC5300_386.11_0.zip SHA256
SHA256 hash of RT-AC5300_386.11_0.zip:
39d7ac6c2e3c0e0a6642451e76acd23258feb49be9c3d578d703cd0733e7275d
CertUtil: -hashfile command completed successfully.

Here is the signature from the download page:
95f53aa65962ec0c09c8a34b92b035fe8d89a98ed2f6ba58e635ff2475b268f7
and here is the download address for the zip: https://sourceforge.net/projects/asuswrt-merlin/files/RT-AC5300/Release/
I've tried downloading multiple times, but the SHA returns the same result with the discrepancy??

Ideas??
 
The SHA256 hash from the download page is for the .trx file. You are applying it to the whole compressed folder (.zip file)
 
The SHA256 hash from the download page is for the .trx file. You are applying it to the whole compressed folder (.zip file)
Thank you, sir! It all checks now...

SHA256 hash of RT-AC5300_386.11_0.trx:
95f53aa65962ec0c09c8a34b92b035fe8d89a98ed2f6ba58e635ff2475b268f7
CertUtil: -hashfile command completed successfully.

The KEY TO THE WHOLE MESS is to use the cd command to select the directory where the file is stored. Then, just use
certutil -hashfile RT-AC5300_386.11_0.trx SHA256

THERE YOU HAVE IT...SHA MADE EASY??!-)
 
You can also use native Powershell command:
Code:
Get-FileHash .\RT-AC5300_386.11_0.trx | Format-List
 
Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top