Search code examples
macosterminalchecksum

Running checksum check on an application - OSX

Ive just read about the issue with Malware inside of handbrake for OSX - link to article on hacker news.

Ive got handbrake installed on a few computers of mine, so wanted to check wether i had an infected copy. To do this i ran the following terminal command as suggested via handbrakes checksum page.

COMMAND : cd /Applications shasum -a 1 HandBrake-* && shasum -a 256 HandBrake-

From this i got the following response which seems to be blank.. any ideas wether this is saying that i have an infected file or if ive just run the initial terminal command wrong ?

RESPONSE : shasum: HandBrake-: Sams-MacBook-Pro:Applications Sam$

Solution

  • It appears the instructions on the HandBrake website are for checking the original .dmg file downloaded and saved in the ~/Downloads directory:

    ~/Downloads/HandBrake-1.0.7.dmg

    Open Terminal.app 

    cd ~/Downloads
shasum -a 1 HandBrake-* && shasum -a 256 HandBrake-*

    Result:

    6d2e5158f101dad94ede3d5cf5fda8fe9fd3c3b9  HandBrake-1.0.7.dmg
3cd2e6228da211349574dcd44a0f67a3c76e5bd54ba8ad61070c21b852ef89e2  HandBrake-1.0.7.dmg

    If you have a version of HandBrake already installed and want to verify the shasum:

    1. Check the version of HandBrake.app installed in /Applications
    2. Download the corresponding .dmg from the archive page (https://handbrake.fr/old.php)
    3. Run command (shown above) mentioned here on the .dmg and verify it matches
    4. If the returned shasums match the corresponding version mount the .dmg
    5. Finally, run the following commands:

    shasum -a 1:

    $ shasum -a 1 /Applications/HandBrake.app/Contents/MacOS/HandBrake && \
shasum -a 1 /Volumes/HandBrake-1.0.2/HandBrake.app/Contents/MacOS/HandBrake

    Result:

    95017f8cc3d634d71b45407830d22e65a9098cb8  /Applications/HandBrake.app/Contents/MacOS/HandBrake
95017f8cc3d634d71b45407830d22e65a9098cb8  /Volumes/HandBrake-1.0.2/HandBrake.app/Contents/MacOS/HandBrake

    shasum -a 256:

    $ shasum -a 256 /Applications/HandBrake.app/Contents/MacOS/HandBrake && \
shasum -a 256 /Volumes/HandBrake-1.0.2/HandBrake.app/Contents/MacOS/HandBrake

    Result:

    200c8ace634f792bffd3142f96c2187943c0243a441363220202552eb804dcec  /Applications/HandBrake.app/Contents/MacOS/HandBrake
200c8ace634f792bffd3142f96c2187943c0243a441363220202552eb804dcec  /Volumes/HandBrake-1.0.2/HandBrake.app/Contents/MacOS/HandBrake

    If the hashes match (showing twice each command) then you'll know the binary is legit.