Categories
Tech

Checking a File Hash on Windows

Get-FileHash filename for SHA256

Short version

Get-FileHash <filename> for SHA256

Get-FileHash

Why?

File hashes are created by running a hashing algorithm against a file. Although the hash sizes are fixed, any change (even the smallest) will change the output. When you compare the file hash of a file you downloaded to the hash displayed on the source’s website you’ll know the file hasn’t been changed if the file hashes match.

Imagine if someone man in the middle’d a linux iso and you created a server VM template with it.

Example

Let’s make a test.txt file to use as an example.

test.txt
This is not a virus
PS C:\Users\aaron\Desktop> Get-FileHash .\test.txt

Algorithm Hash Path
--------- ---- ----
SHA256 3F65A201F0BC5FEE298421034CD6FB210BCDB29AE8642CFF4A1EE17B52BF75C1 C:\Users\aaron\Desktop\test.txt

Now let’s change a space character to alt+0160

test.txt
This is not a virus
PS C:\Users\aaron\Desktop> Get-FileHash .\test.txt

Algorithm Hash Path
--------- ---- ----
SHA256 689A3572BF7A1811359B006AB21A9F791722B02645CD87A3764E96817FE48296 C:\Users\aaron\Desktop\test.txt

Only one space was changed here. You might not be able to see the difference if you opened both versions of the file but the data is different so it changes the hash.

Command

You can use Get-FileHash <filename> in powershell to get file hash. Windows will use SHA256 by default.
There are other algorithms available by using the -Algorithm parameter.

Get-FileHash

Leave a Reply

Your email address will not be published. Required fields are marked *