0

I am burning an iso onto a CD using CD burning software. Before burning I take the 512sum of the image. After burning, I extract the image off the CD and check the sum again to make sure, and I get an incorrect checksum.

Thinking there was a glitch in the process, I do the entire process over again with the exact same results.

Then I boot a different OS and do the exact same things. Each time I copy the image from the burned CD, I get an incorrect check sum but the same incorrect checksum everytime. Is the iso possibly being modified while burning?

All this is being done on live distros on a computer with no harddisk or network interfaces. The CD is read using an external DVD drive and I am reasonably sure that the Live OSs and isos are clean.

It is weird that I keep getting the same incorrect checksum everytime I write back the image. Is this a sign of a persistent infection?

If this is an infection and the problem is the DVD drive, how can I check this without possibly infecting another computer?

user942937
  • 983
  • 8
  • 14
  • How do you get the checksum of the burnt disc? – user2233709 Mar 03 '19 at 08:30
  • 1
    ddd to a file then get the checksum of that. – user942937 Mar 03 '19 at 08:31
  • 2
    Have you checked whether the sizes match? I wouln’t be surprised if they did not. – user2233709 Mar 03 '19 at 08:33
  • 1
    Please see, maybe this helps: https://askubuntu.com/questions/145611/why-does-my-burned-ubuntu-dvd-have-a-different-hash-checksum-than-the-iso – LLub Mar 03 '19 at 09:04
  • @user2233709: It is not, but is close to it. I have burned many other CDs before and this has never happened with any of them. Is there a reason why the size of the image burned is larger than the original image in this case? – user942937 Mar 03 '19 at 10:54
  • 2
    @user942937 look at the end to see if it was padded with zeroes, and if that explains the whole difference. https://askubuntu.com/a/177625 – J.A.K. Mar 03 '19 at 11:32
  • 2
    If it does not, try the dd command listed there and use the diff command to see what changed, and where. – J.A.K. Mar 03 '19 at 13:42
  • @Refineo: I tried using the slowest speed like is says in the answer, but I get the same result. – user942937 Mar 05 '19 at 09:28
  • @J.A.K.: according to cmp it checks out. How can I tell if it's been padded only with zeroes? – user942937 Mar 05 '19 at 09:39
  • 1
    hexdump file.iso | tail -n 1000 might do it, just guessing. -n 1000 would depend on how much they differ in size. – J.A.K. Mar 07 '19 at 23:02
  • @J.A.K.: I tried reading the contents of the images using cat | tail and got an exact match. Using hexdump | tail on both gave me the exact same results except for the last line. – user942937 Mar 10 '19 at 06:02

0 Answers0