Failure of checksum when downloading C2

[qsmxpilot]

OK   I am a long time out of a daily job as a sysadmin.  I bought a pineapple and tried to download the c2-3.0.1.zip file.  My sha256 checksum doesn't match.  I feel pretty certain that it isn't a hack.  But I'm getting back in to things again and I want to be careful.  Please understand that I love all Unixen but I haven't been deep like this for some time.  

Ubuntu 20.04.1 

I used "shasum -a 256 -b c2-3.0.1.zip " and got  a totally different checksum. 

Can anyone point me in the right direction?

Thank YOU!

                            Terry

[chrizree]

Try sha256sum c2-3.0.1.zip instead

[qsmxpilot]

Thank You Chrizree!  I offer this:

tlm@sariah:~/Hak5$ shasum -a 256 -b c2-3.0.1.zip
a7b0046ad87ac34f3ff0427ad9bd856785a25651fd99d8b69fbdfb598786df67 *c2-3.0.1.zip
tlm@sariah:~/Hak5$ cat Hak5_sha256_cksum
cb3fbd5eaaa29cf1615f57850a5aea132ed6926a72e9ff0f6c1176ae67f1db62 *c2-3.0.1.zip
tlm@sariah:~/Hak5$ 
 

 Any ideas?

[chrizree]

And what is the output of sha256sum?

[qsmxpilot]

tlm@sariah:~/Hak5$ shasum -a 256 -b c2-3.0.1.zip
a7b0046ad87ac34f3ff0427ad9bd856785a25651fd99d8b69fbdfb598786df67 *c2-3.0.1.zip

Which is different than the sha256 listed above for the software.

Is that what you needed?

[chrizree]

No, you are using shasum, I was asking about the result of running sha256sum, a totally different command. However, there is no real reason that the result should differ from running shasum as you have, but I'm not usually using shasum. Instead, I'm always using the command/utility for each kind of checksum type (i.e. md5sum, sha1sum, sha256sum, sha512sum, etc.), I just wanted to do it "my way" when trying to give you advise. How many times have you downloaded the zip file? If just once, then I would suggest to download it several times and compare the checksums. Something might have gone wrong during download.

[qsmxpilot]

Thank you for your patience, @chrizree    I did not see the difference.   When I was learning, I only remembered cksum. My apologies. 

When I first downloaded and the checksum was incorrect, I downloaded it again.  I then downloaded it a third time this morning.  All checksums were consistent on each file, but still they disagreed with expected checksum.  Here are my detailed results:

Quote

tlm@sariah:~/Hak5$ ls -alrt
total 134612
-rw-rw-r--   1 tlm tlm 45932660 Nov 10 14:15 test1_c2-3.0.1.zip
-rw-rw-r--   1 tlm tlm       79 Nov 10 14:37 Expected_Hak5_chksum
-rw-rw-r--   1 tlm tlm 45932660 Nov 10 14:40 test2_c2-3.0.1.zip
drwxrwx--- 235 tlm tlm    24576 Nov 10 21:32 ..
-rw-rw-r--   1 tlm tlm 45932660 Nov 11 07:12 c2-3.0.1.zip
drwxrwxr-x   2 tlm tlm     4096 Nov 11 07:17 .

Quote

tlm@sariah:~/Hak5$ cat Expected_Hak5_chksum
cb3fbd5eaaa29cf1615f57850a5aea132ed6926a72e9ff0f6c1176ae67f1db62 *c2-3.0.1.zip
tlm@sariah:~/Hak5$ sha256sum -b test1_c2-3.0.1.zip
a7b0046ad87ac34f3ff0427ad9bd856785a25651fd99d8b69fbdfb598786df67 *test1_c2-3.0.1.zip
tlm@sariah:~/Hak5$ sha256sum -b test2_c2-3.0.1.zip
a7b0046ad87ac34f3ff0427ad9bd856785a25651fd99d8b69fbdfb598786df67 *test2_c2-3.0.1.zip
tlm@sariah:~/Hak5$ sha256sum -b c2-3.0.1.zip
a7b0046ad87ac34f3ff0427ad9bd856785a25651fd99d8b69fbdfb598786df67 *c2-3.0.1.zip
tlm@sariah:~/Hak5$ cat Expected_Hak5_chksum
cb3fbd5eaaa29cf1615f57850a5aea132ed6926a72e9ff0f6c1176ae67f1db62 *c2-3.0.1.zip

I do note that the "Expected" checksum is shorter.  So I'm wondering if I am making some other mistake.

Your assistance is very much appreciated, @chrizree!      Thank YOU!    

[chrizree]

OK, no problem! The expected checksum just visually appears as being shorter, but it's just plain "true type font magic" that fools the eye. If pasting the checksums into a fixed width text editor, the length of the checksums are all the same.

Sadly I have no access to the checksums (or zip files) myself since I have made in-place upgrades of an existing instance of Cloud C2 from 2.x to 3.0.0 and further on to 3.0.1. To me, only two major options remains as possible explanations. Either that your downloads are actively tampered with along the way (something I would see as highly non likely although possible) or that Hak5 has released a checksum that is not valid for the actual file downloaded and that you are the first one noticing it (could be that the checksum for 3.0.0 has "stuck" and is displayed for 3.0.1, or such).

[qsmxpilot]

Is there someone I need to alert?

[chrizree]

Not sure what version of Cloud C2 you are running. If being licensed for something other than the community edition, I would ask Hak5 support. But, if running the community edition (that only has community support), I would hope that someone with the correct answers appears in this thread. Preferably someone from Hak5.

[Irukandji]

It's combined with all of them. Only the license Key. witch determines what you have access too.

[chrizree]

I wasn't referring to functionality between the different versions, but the right to contact support when experiencing problems.

[Foxtrot]

Hi,

This issue has been fixed and has been updated in the Download Portal. When we released 3.0.1 the ZIP file did not initially have the binaries marked as executable, so we quickly updated it so they would be, but in the process forgot to update the SHA256 sum that is displayed on the Download Portal.

@qsmxpilot The SHA256 sum you are seeing on your downloaded .zip (A7B0046AD87AC34F3FF0427AD9BD856785A25651FD99D8B69FBDFB598786DF67) is correct.

I apologize for any confusion caused by this.