When Hearts Collide
🌐 Love at First Breach 2026 - When Hearts Collide
| Category | Author |
|---|---|
| 🌐 Web | TryHackMe |
Challenge Prompt
My Dearest Hacker,
Matchmaker is a playful, hash-powered experience that pairs you with your ideal dog by comparing MD5 fingerprints. Upload a photo, let the hash chemistry do its thing, and watch the site reveal whether your vibe already matches one of our curated pups. The algorithm is completely transparent, making every match feel like a wink from fate instead of random swipes.
Come get your dog today!
You can access the web app here: http://MACHINE_IP
Problem Type
- Web
- MD5 Collision
Solve
When we load into the page, we are presented with Matchmaker, which will pair us up with our perfect dog based on MD5 hash:
MD5 has known collisons and the title “When Hearts Collide” suggests we are going to be making an intentional collision.
The instructions say if our hash is identical to a dog’s we will be matched:
Let’s click the “browse a random match” link so we can get a file to hash.
Here we are presented with an image of a dog. We will right click and save that image to our machine. Just to note, you don’t have to use this picture, you can use any picture.
I used the FastColl tool on GitHub to make my collision. We can run the following command in the terminal to run the tool in Docker:
1
docker run --rm -it -v $PWD:/work -w /work -u $UID:$GID brimstone/fastcoll --prefixfile dog_from_site.jpg -o file1.jpg file2.jpg
Let’s break that down real quick:
docker run - Starts a new container.
--rm - Automatically deletes the container after it exits (no leftover container).
-it -i = interactive -t = allocate terminal (Allows you see and interact with output.)
-v $PWD:/work - Mounts your current directory into the container at /work. Files in your current folder are visible inside the container. Any files created inside /work appear in your real directory.
-w /work - Sets the working directory inside the container to /work.
-u $UID:$GID - Runs the container as your user ID and group ID. This prevents output files from being owned by root.
brimstone/fastcoll - A Docker image containing FastColl, an MD5 collision generator.
--prefixfile dog_from_site.jpg - Uses dog_from_site.jpg as a chosen prefix. The generated collision files will start with the exact contents of dog_from_site.jpg. The collision blocks will be appended after it.
-o file1.jpg file2.jpg - Specifies the two output files: file1.jpg & file2.jpg. These two files will both begin with the exact contents of dog_from_site.jpg and differ after that prefix but have the same MD5 hash.
Then we can see our output files both have the same MD5 Hash:
First, we submit file1.jpg to get it in the database and we will be told there is no match:
Then, if we submit file2.jpg, it will match file1.jpg and we get the flag:
Here is another example using a cat picture instead following the same steps: