The utility MD5Dir by ROSE SWE, developed by Ralph Roth, is a freeware tool designed for generating cryptographic hash values for files within directories. This program specifically computes MD5, SHA1, and SHA3-256 hashes, which are essential for verifying data integrity and ensuring that files have not been altered.

1. Key Features and Usage

1.1. Basic Usage

The command syntax for using this tool is straightforward:

md5dir  [<dir/ | current dir (*)>]
        [-md5] [-sha1] [-sha3] [-all/-ms]
        [-ndot] [-nsub] [-ndate]  [-?|-h|-help]

  • <dir/>: Specifies the directory for which you want to compute the hashes. If no directory is specified, it defaults to the current directory.

  • (*): Valid options for directories include empty (current directory), ../, ~, /, ../dir/, /home/ralph/, etc.

1.2. Options

  • -md5: Compute MD5 hashes for the files.

  • -sha1: Compute SHA1 hashes for the files.

  • -sha3: Compute SHA3-256 hashes for the files.

  • -all or -ms: Compute all three hashes (MD5, SHA1, and SHA3-256). This will be slower due to the additional calculations.

  • -ndot: Output file sizes as plain numbers without formatting with dots.

  • -nsub: Do not process files in subdirectories, i.e., no recursive directory traversal.

  • -ndate: Do not include the date and time stamp in the output.

  • -?, -h, -help: Display help information.

2. Example Commands

  1. Compute MD5 Hashes for Current Directory: ` md5dir -md5 ` This command will compute MD5 hashes for all files in the current directory.

  2. Compute All Hashes for a Specific Directory Without Recursion: ` md5dir /home/ralph/documents -all -nsub ` This command computes MD5, SHA1, and SHA3-256 hashes for files in /home/ralph/documents but does not process any subdirectories.

  3. Compute SHA3 Hashes and Exclude Date/Time Stamps: ` md5dir -sha3 -ndate ` This command computes SHA3-256 hashes for files in the current directory and excludes date and time stamps from the output.

3. Notes

  • The utility only works with directories provided as command-line arguments and not with individual files.

  • The tool’s version and release date indicate active maintenance and updates, which ensures compatibility and security improvements over time.

4. Practical Applications

This hashing tool is particularly useful for: - Data Integrity Verification: Ensuring that files have not been altered during transfer or storage. - Backup Verification: Comparing hashes of backup files to ensure they are identical to the originals. - Security Audits: Verifying the integrity of files in sensitive directories to detect unauthorized changes.

5. Conclusion

MD5Dir is a versatile and reliable tool for computing cryptographic hashes of files in directories. Its support for multiple hashing algorithms and various command-line options makes it suitable for diverse use cases in data integrity and security verification.

6. False Positives

False Positive Detections: Microsoft Defender is incorrectly flagging the following items as malware within the Windows executable file. These detections are, in fact, false positives caused by the way Defender interprets the executable’s compression:

  • Program:Win32/Wacapew.C!ml

  • Program:Win32/Cayunamer.A!ml

  • Trojan:Win32/Wacatac.H!ml

  • Trojan:Win32/Wacatac.C!ml

The compression technique (UPX) used in the executable appears to trigger these erroneous alerts.