How can I tell if a downloaded ISO is complete?

I just ran into a nasty problem with an ISO download from Microsoft. I successfully burnt it to a rewritable DVD, and copied the contents to the local hard drive on another machine, but when I went to run them they were corrupt. It turns out the download had been truncated.

Now, OK, sometimes that happens - but it surprised me that the truncated file (which was only slightly more than 60% of the actual ISO) burnt successfully and seemed to be presenting me with a sensible file system, to the extent that I could (apparently) successfully copy the files.

So, is there some way I could have tested the file to see if it was complete or not? The MS web site did not provide any information about the expected size, so I'm looking for a generic solution: given an ISO file which may or may not be truncated, is there some way to tell? Do commonly used CD/DVD (data) formats include any embedded information about how much data is supposed to be on the disk, or even better, some kind of CRC?

A solution that detects most truncated images will be accepted, it doesn't need to be perfect. (I'd prefer something that doesn't give false positives, though.)

[Addendum: a comparison of the disk burnt with the truncated image with the files extracted from the full image suggests that chunks of the data from many of the files were replaced with random information, perhaps from the contents of a previous burn to the same rewritable disk.]

Harry Johnston

Posted 2011-10-17T21:43:13.367

Reputation: 5 054

– Ƭᴇcʜιᴇ007 – 2011-10-17T21:52:12.237

Most Microsoft ISOs have a CRC32 checksum of 0xFFFFFFFF. Even though CRC32 is not a cryptographic hash, it's still useful for checking against basic corruption -- but not truncation. – user1686 – 2011-10-17T22:10:00.310

2Depending on the ISO, MSDN subscriptions have MD5 checksums. – surfasb – 2011-10-18T01:03:35.217

@grawity, sadly, it looks as if MS no longer do that. My old ISO of Windows 2000 has the checksum you mention, but more recent ISOs don't. – Harry Johnston – 2011-10-18T01:26:46.933

@surfasb, this was an ISO from the download center, service pack 1 for Visual Studio 2010. – Harry Johnston – 2011-10-18T01:27:33.110

I found the MD5. Look for my answer. – surfasb – 2011-10-18T03:15:07.473

Answers

A quick-n-dirty method: if you install 7-Zip, you can right-click an ISO and open it as an archive - something I usually do anyway to unpack it (as an alternative to burning to DVD). From there, you can test the archive using the 'Test' command in the toolbar.

Geoff

Posted 2011-10-17T21:43:13.367

Reputation: 2 335

That means tha .iso format has its own checksum – Eduard Florinescu – 2015-08-31T19:36:08.020

@EduardFlorinescu No, ISO has no checksum. 7zip will noticed if there are bytes missing at the end of file. Except if only a small part is missing, that does not belong to any file inside the ISO. So this is a good method if there is no real checksum available, but it is not 100% reliable. – David Balažic – 2019-06-23T18:06:41.933

I use PeaZip myself but the principle is the same. – Harry Johnston – 2011-10-20T21:45:22.657

The easiest way, assuming that the source provides the correct output for you, is to take a hash of the completed file. If the hashes match, you're good to go. In this specific example, I know Microsoft publishes the MD5 or SHA-1 hash of their major ISOs. (I believe most legitimate software vendors who provide ISO files have this readily available these days.)

EDIT: This information may not be readily available directly on the download page, but you can often find it if you look. This is really the only 100% foolproof way to be absolutely sure you have what you're supposed to.

Shinrai

Posted 2011-10-17T21:43:13.367

Reputation: 18 051

The MS download center doesn't usually provide MD5 hashes, in my experience. (I just did a random check of a few downloads, and none of them provided hashes.) – Harry Johnston – 2011-10-18T00:43:04.353

-1: MD5 hash is useful for checking against corruption, not for truncation. – William C – 2011-10-18T02:12:37.463

7Negative @William C, a truncated file will fail an MD5 hash match just like a corrupt one. – Chris Nava – 2011-10-18T03:23:40.383

@WilliamC - I can only add to what everybody else said. How on earth do you think that wouldn't cause a hash mismatch? The two files need to be bit-for-bit identical (okay, in theory you can get the same hash from two different files but that would be an ASTRONOMICALLY unlikely possibility). – Shinrai – 2011-10-18T14:14:57.270

@HarryJohnston - I was thinking OS installers, personally, but there probably are a lot of things (especially older ones) that don't. I thought MSDN did this for anything sizeable and relatively recent, but I don't have an active subscription so... – Shinrai – 2011-10-18T14:17:08.513

@Shinrai it's not that hard to make an md5 collision. http://en.wikipedia.org/wiki/MD5#Collision_vulnerabilities

– Rob – 2011-10-18T14:28:31.443

1@Rob: Purposefully finding a MD5 collision is relatively easy; having an accidentally corrupted ISO (where "corrupted" would mean "doesn't have every bit where it should be" - this covers both alteration and incompleteness) with a MD5 sum matching that of the correct ISO is ... exteremely unlikely (as in "blue moon, flying pigs, Hell frozen over"). Note that most vendors provide MD5 and SHA1 hashes; the probability of both colliding accidentally is zero plus epsilon. – Piskvor left the building – 2011-10-18T14:43:14.007

I thought I wrote "But that's unlikely for a corrupt/truncated download" in my post. D: – Rob – 2011-10-18T14:58:40.753

@Rob - Piskvor already said what I had in mind, but apparently you already realized it, sooo... ;) – Shinrai – 2011-10-18T15:15:03.613

+1 for good advice, although realistically I'm unlikely to bother unless the hash is easily available. – Harry Johnston – 2011-10-20T21:45:04.810

The ISO from the download center is the same one you can get from MSDN.

The MD5 is 61c2088850185ede8e18001d1ef3e6d12daa5692 vs2010sp1dvd1.iso

I hope that helps. If you don't have a MD5, you can download one here.

http://corz.org/windows/software/checksum/simple-checksum.php

surfasb

Posted 2011-10-17T21:43:13.367

Reputation: 21 453

That looks to be the SHA-1, not the MD5, but the point is this stuff is out there. :) – Shinrai – 2011-10-18T14:18:30.057

+1, thanks, I now know I really do have an intact copy of this particular ISO. – Harry Johnston – 2011-10-20T21:39:08.087

If the source did not provide any checksums for you, you should first check the file size and see if it matches. If not, it means that your download is ended prematurely.

Also in linux, you can use wget, with -c command to continue aborted downloads. I have never tried to continue a download started from another application (mostly browser) but I think it should be fine.

I always use wget as a download manager as it fails rarely and allows continuing aborted downloads. One should have a download manager in their tools for downloading large files consistently even though one does not use it every day.

Umur Kontacı

Posted 2011-10-17T21:43:13.367

Reputation: 363

The MS download center usually only indicates the approximate file size, and in some cases (such as this one, the Visual Studio 2010 service pack 1 ISO) not even that much. So I didn't have any way of knowing how big the file was supposed to be. – Harry Johnston – 2011-10-18T00:44:49.670