Collision: An Open-Source App to Check if Your Files Were Tampered With

Brief: A GUI program to let you check hash for your files to ensure that it is not malicious and true to its source.

Someone sends you a file, how do you verify that it’s the original one meant for you? How can you be certain that it hasn’t been tampered with?

Moreover, how can you verify that the file comes from an original source?

That’s where cryptographic hash functions come in. A hash function (such as SHA-1) is a checksum if it is used to verify a file. This helps you confirm whether the file has been modified or not.

If you are curious, you can refer to our guide on verifying checksum in Linux.

For every information/file, there will be a unique hash value (or checksum). So, even if a tiny bit of the file changes, the hash value changes entirely.

It’s primarily used in encryption, where every file/information is stored securely as hash values. Suppose an attacker gets hold of the database with hash values (instead of the real information), they cannot make sense of it. And, this is how encryption makes things secure.

While discussing hashing is beyond the scope of this article, it is important to know that it comes in handy when verifying the integrity of a file.

Collision: Easily Verify a File and Spot Malicious Files

collision

Without a GUI, you will have to use the terminal to generate hash values to compare/verify.

Collision makes it incredibly easy, without needing to launch a terminal or knowing to generate checksum values of a file. If you are not aware of it, our tutorial on verifying checksum in Linux should help.

When using Collision, you just add the file that you need to generate a hash value or verify it. It only takes a few clicks to protect yourself against malicious or tampered files.

While I show a text file in the screenshot, you can verify any type of file or generate a hash for your files before sending it to someone else. You can share the hash values generated with the recipient to let them validate your file.

collision hash values

It is a straightforward open-source app that just lets you do two things:

  • Generate Hash values (SHA-1, MD5, SHA-256, SHA-516)
  • Verify an item against a checksum or by directly using the file

Here’s How Collision App Works

To give you an example, I modified the original text file by adding a character to it and then tried verifying it.

Here’s what it looks like:

First, you need to open the original file that you want to compare it with or have the checksum value with you.

Open the original file first to generate the hash, and then head to the verify section to access a modified file.

collision file open

You will notice that it detects that it isn’t the same:

collision file check

In case you are checking against the checksum, first, open the file that you want to verify (here, we have the modified file).

collision file verify

And, then input the original checksum of the file. As we already know that we are testing a modified file, the result is what we expect, i.e., failed to verify integrity.

collision input checksum

Install Collision in Linux

Collision is primarily a GNOME-tailored app, but it works on any other distribution.

You can install it using the Flatpak package available, or build it from the source while exploring its GitHub page. You can refer to our Flatpak guide for help if you’re new to Linux.

If you prefer using the terminal, type in the following to install it:

flatpak install flathub dev.geopjr.Collision

To get started, you can also visit its official website.

Similar Posts

  • You can do verify files using preinstalled tools like sha512sum. For
    credibility you can use pgp/gpg to verify. It’s not like its difficult. Only
    one command. On almost all distros they come preinstalled.

  • I use GtkHash for this purpose, which is also available on Windows. You upload the file on the first row. You can optionally paste the checksum on the second row. After that is one row for each hash value (SHA-1, MD5, SHA-256, etc.) that you can enable or disable in settings. And a green dot appears next to anything that matches.

    Currently, using checksum text files confuses me, so I like it when the websites put the checksums directly on their webpages so I can just copy and paste. Other longer tutorials require GPG and I am utterly lost when it comes to that. 😂