Connect with us


Explained: COMELEC election results hash codes; what was changed?



On Thursday morning, May 12, an IT expert who’s said to be monitoring the ongoing quick count of votes claimed that the data sent to the transparency server may have been altered.

The following screengrab shows how the IT expert confirmed that the hash codes of the files transmitted to the Comelec’s transparency server was possibly altered.

Tampered Hash Codes

To give us a better outlook about what each command does, we started by typing the most relevant lines below.

rodelaniban@Rodels-Macbook-Air:~/results/processing$ cat Hash(md5sum): 962213f5ecd5348d0f57ac1df0e0e4929.
rodelaniban@Rodels-Macbook-Air:~/results/processing$ md5
MD5 ( 962213f5ecd5348d0f57ac1df0e0e4929.
rodelaniban@Rodels-Macbook-Air:~/results/processing$ cd results_nle2016_05092016_2000
rodelaniban@Rodels-Macbook-Air:~/results/processing/results_nle2016_05092016_2000$ ls
results_nle2016_05092016_2000.hash   results_nle2016_05092016_2000.txt
rodelaniban@Rodels-Macbook-Air:~/results/processing/results_nle2016_05092016_2000$ cat results_nle2016_05092016_2000.hash
results_nle2016_05092016_2000.txt. Hash (md5sum): b5cf93b92c0a7b6f114fc4849337a3ca.
rodelaniban@Rodels-Macbook-Air:~/results/processing/results_nle2016_05092016_2000$ md5 results_nle2016_2000.txt
MD5 (results_nle2016_05092016_2000.txt) = 7370d0daf9a76d026afbdeabad55c2ae

So, how do we know what are the type of commands he’s using?


Linux Terminal Commands

At first glance, the lines of code presented above may be confusing, even dizzying, to anyone who doesn’t have an IT or programming background, particularly on Linux commands. To shed some light on these codes, we are going to dig further so you’ll understand the concepts better.

Assuming that you’re using Windows or MacOS PC, you can interact with your computer using a mouse and keyboard through a graphical user interface (GUI). An example of a GUI is your web browser (e.g. Chrome, Firefox, IE, Opera). Each action you perform on the GUI using the mouse (like clicking on the refresh button or pressing F5) executes a command. Basically, it’s a set of graphical icons and visual representation such as Windows.

On the other hand, Comelec-Smartmatic uses Linux systems. Comelec’s IT personnel interacts with the servers from their computers using the mouse and keyboard through a command-line terminal, which is a text-based interface using typed command labels or text navigation. The Linux command-line terminal also has an equivalent application in Windows PC known as the command/MS-DOS prompt.

From the screengrab above, we have re-written the code below appending line numbers before each command for easier reference and explanation later. The command on LINE 0001 generates an output or response that is printed on LINE 0002.

LINE 0001:  rodelaniban@Rodels-Macbook-Air:~/results/processing$ cat
LINE 0002: Hash(md5sum): 962213f5ecd5348d0f57ac1df0e0e4929.
LINE 0003:  rodelaniban@Rodels-Macbook-Air:~/results/processing$ md5
LINE 0004:  MD5 ( 962213f5ecd5348d0f57ac1df0e0e4929.
LINE 0005:  rodelaniban@Rodels-Macbook-Air:~/results/processing$ cd results_nle2016_05092016_2000
LINE 0006:  rodelaniban@Rodels-Macbook-Air:~/results/processing/results_nle2016_05092016_2000$ ls
LINE 0007:  results_nle2016_05092016_2000.hash   results_nle2016_05092016_2000.txt
LINE 0008:  rodelaniban@Rodels-Macbook-Air:~/results/processing/results_nle2016_05092016_2000$ cat results_nle2016_05092016_2000.hash
LINE 0009:  results_nle2016_05092016_2000.txt. Hash (md5sum): b5cf93b92c0a7b6f114fc4849337a3ca.
LINE 0010:  rodelaniban@Rodels-Macbook-Air:~/results/processing/results_nle2016_05092016_2000$ md5 results_nle2016_2000.txt
LINE 0011:   MD5 (results_nle2016_05092016_2000.txt) = 7370d0daf9a76d026afbdeabad55c2ae
LINE 0012:  rodelaniban@Rodels-Macbook-Air:~/results/processing/results_nle2016_05092016_2000$

To interpret the set of commands, below are the terminal commands used:

  • The “cat” command displays the contents of the file being called.
  • The “md5” command runs an algorithm to verify the integrity of a downloaded file in the form of generated hash codes based on the contents of the file or package being called.
  • The “cd” command allows the user to change or navigate to another directory such as a folder or a zipped file.
  • The “ls” command allows the user to list the files and sub-directories of the current directory.

Digital Signatures

Each computer program, commonly known as software, always has “before” and “after” versions.

  1. a source code that is readable by humans; and,
  2. an object code or compiled file or the executable program readable by machines.

The source code consists of sets of programming statements created by a programmer with a text editor or visual programming tool and saved in a file. A compiler will be used to convert the source code into an executable computer program or object code.

The source code is the most important version of the program and for this reason, a compiled program often needs some later enhancements or debugging to fix issues.

In order to maintain the integrity of the executable program, a hash code will be generated using any form of hashing methods such as MD5, SHA-1 or SHA-256.

The hash code is a unique identifier of any computer program, also known as a digital fingerprint. This is also widely used by most software applications that can be downloaded on the Internet, to check whether the original files have been repackaged with malicious software or virus.

In the case of Comelec-Smartmatic, the source codes underwent a thorough review (The Review Process, The System, and Deployment) before it was compiled and deployed into the Vote Counting Machines (VCMs) to be usable. A single character change in the source code can also change the hash codes.

File/Folder Naming Structure

The strength of a folder and file naming convention is dependent on the specified naming structure and the quality and quantity of the data elements chosen to build it.

Complex hierarchical folder structures require extra browsing at time of storage and at the time of file retrieval. By having all the essential information concisely in the file name itself, both the search and identification of the file is streamlined and more precise.

Let’s take a look at the following line taken from the screengrab.

LINE 0012:  rodelaniban@Rodels-Macbook-Air:~/results/processing/results_nle2016_05092016_2000$

The above line means, username@computername:~/directory/…/sub-directories$.

You may also have noticed that the file name is composed of this string “results_nle2016_05092016_2000“, which can be broken down into 4 elements as follows:

  • results means Results
  • nle2016 means National and Local Elections 2016
  • 05092016 means May 09, 2016 (the date of when the file was created)
  • 2000 means 8:00 PM (the 24-hour time-stamp format of when the file was created)

The file name can then be interpreted as “Results of the National and Local Elections 2016 on May 09, 2016 as of 8:00 PM”.

Hash Code Changed

Let’s discuss each line for you to understand what does each command mean.

LINE 0001:  rodelaniban@Rodels-Macbook-Air:~/results/processing$ cat
LINE 0002: Hash(md5sum): 962213f5ecd5348d0f57ac1df0e0e4929.

The command on LINE 0001, “cat”, instructs the computer to display the contents of the given file. It is expected to return the hash code of the .zip file it pairs with, which is 962213f5ecd5348d0f57ac1df0e0e4929.

LINE 0003:  rodelaniban@Rodels-Macbook-Air:~/results/processing$ md5
LINE 0004:  MD5 ( 962213f5ecd5348d0f57ac1df0e0e4929.

The command on LINE 0003, “md5”, tells the computer to run the md5 hashing algorithm on the given file. It is expected to output the same hash code as what’s returned on LINE 0002, which is 962213f5ecd5348d0f57ac1df0e0e4929.

LINE 0005:  rodelaniban@Rodels-Macbook-Air:~/results/processing$ cd results_nle2016_05092016_2000

The command on LINE 0005 above, “cd results_nle2016_05092016_2000”, tells the computer to change its current directory, which you can see on LINE 0006 below.

LINE 0006:  rodelaniban@Rodels-Macbook-Air:~/results/processing/results_nle2016_05092016_2000$ ls
LINE 0007:  results_nle2016_05092016_2000.hash   results_nle2016_05092016_2000.txt

The command on LINE 0006, “ls”, retrieves the list of files inside the current directory, which are printed out on LINE 0007.

LINE 0008:  rodelaniban@Rodels-Macbook-Air:~/results/processing/results_nle2016_05092016_2000$ cat results_nle2016_05092016_2000.hash
LINE 0009:  results_nle2016_05092016_2000.txt. Hash (md5sum): b5cf93b92c0a7b6f114fc4849337a3ca.

The command on LINE 0008, “cat results_nle2016_05092016_2000.hash”, instructs the computer to display the contents of the .hash file, which tells us on LINE 0009 that the .txt file should have a hash code equivalent to b5cf93b92c0a7b6f114fc4849337a3ca.

LINE 0010:  rodelaniban@Rodels-Macbook-Air:~/results/processing/results_nle2016_05092016_2000$ md5 results_nle2016_05092016_2000.txt
LINE 0011:   MD5 (results_nle2016_05092016_2000.txt) = 7370d0daf9a76d026afbdeabad55c2ae

The command on LINE 0010, “md5 results_nle2016_2000.txt”, generates a hash code of the text file that is printed on LINE 0011 which is 7370d0daf9a76d026afbdeabad55c2ae.

The Claim

The discrepancies in the hash codes is clearly visible at LINES 0008 and 0011. This is what the IT expert claimed to be the indicator that the transparency server has been compromised.

Marcos’ camp, through lawyer Francesca Huang, alleged on Wednesday, May 11, that a new script was introduced to the Transparency Server of the Commission on Elections (Comelec) “from which the PPCRV obtains its data for the quick count,” which “was able to alter the hash codes of the packet data” that could have boosted the votes of his rival, Leni Robredo.

But, is it really a valid claim? If it is, what could be the possible reasons and what are the files that can possibly be affected?

Comelec admits tweak

Comelec chief Andres Bautista on Thursday said that the tweaking of the script in the server meant only to replace a question mark (“?) to “ñ” in a candidate’s name, making sure that the integrity of poll results remain unaffected amid unproven claims of electoral fraud. The tallies remain unchanged, so no cheating was made underway to increase Robredo’s votes in any way. Comelec clarified that it was only a minor cosmetic change that did not affect the votes for any candidate.

Below is the screenshot of the written report on the inner Hash Code issue.

Comelec hash codes change response 2

via Inquirer

Comelec hash codes change response 1
Comelec hash codes change response 3

Comelec briefing

Watch the Comelec briefing about the script tweak below.


Basically, the script was only introduced to correct a character due to Unicode Transformation Format (UTF) encoding issues and it has nothing to do with the poll results.

For example, you are sending a text message with an emoji ” 🙂 ” to your friend using an iPhone. Your friend received the message through his Nokia phone and noticed that instead of seeing an  emoji in the message, he’s seeing a “?”. So what does that mean?

That means that the older version of Nokia phones doesn’t understand and was not able to transform the emoji into its correct character encoding. Mainly, because the characters that transforms to emoji don’t exist in Nokia. Thus, displaying the “?” instead.

Be Informed. Beat the Trolls, Share the Truth!



Pimentel sees dismissal of ICC complaint versus Duterte



Senate President Aquilino “Koko” Pimentel III said on Friday that the charges against President Rodrigo Duterte before the International Criminal Court (ICC) will likely be dismissed for lack of jurisdiction.

“I believe that simply is the procedure in the ICC – they give every complainant an initial chance to survive (sic),” Pimentel said in a message sent to reporters last Friday.

He added that he believes that after the initial interview, the complaint will be dismissed in just a matter of time. He says that it will be dismissed because of lack of jurisdiction.

The ICC has informed the Philippine government that it will be conducting a preliminary examination on the anti-illegal drugs campaign of the Duterte administration to see if there is a basis to conduct a formal investigation into alleged crimes against humanity that the president allegedly committed.


ICC prosecutor Fatou Bensouda said that the preliminary examination that will be conducted will analyze the crimes allegedly committed in the Philippines in the context of the anti-drug campaign of the government from July 1, 2016.

She also clarified that a preliminary examination is not an investigation but a process to examine the information available and determine if there is reasonable basis to proceed with an investigation in accordance to the criteria established by the Rome Statute.

The Rome Statute is the treaty that established the ICC. It was signed by 123 states, including the Philippines.

The ICC has jurisdiction over genocide, crimes against humanity, and war crimes.

Pimentel, a Duterte ally, doubted that what happened in the Philippines under the president’s war on drugs falls under serious and grave crimes.

“Look at the crimes under the ICC’s jurisdiction. Do you honestly believe what has happened here in the Philippines falls under any of those very serious and grave crimes? Honestly?” he asked.



Continue Reading


Watch how artists’ group teaches Filipinos about their rights during TokHang



Resbak, an alliance of artists, posted an almost six-minute video on their Facebook page about what you should do when you are dealing with the police during Operation TokHang. With over 7,000 deaths, the group wanted to educate the Filipinos about what to do when they suddenly find themselves the subject of TokHang. They easily abbreviates these eight fundamental rights into M.A.T.A.P.A.N.G.

  • M for Manahimik. You can choose to keep quiet and not answer the cops’ questions during interrogations.
  • A for Ayoko. You don’t really need to grant the cops entry into your home if they say they want to search your home for illegal drugs.
  • T for Tumawag. You can call your lawyer and avail of his services even if you don’t have money to pay for it.
  • A for Alis. You can leave if the cops cannot provide enough basis to keep you in the police station.
  • P for Pribado. You should only be frisked for illegal items in a private place and only cops of the same sex should do it.
  • A for Alamin. You have the right to know the name and rank of the cop in charge of the operation.
  • N for Numero. You can call Resbak at 0956 874 2385 if you or someone’s rights got violated under TokHang.
  • G for Go. You go and follow the rules indicated above.

You can watch the video below, which was done as a spoof of the recently concluded Miss Universe 2017.


Continue Reading


Are you in DCW’s list? Here are tips on how to remove your name from that list and more



If you find your name in Duterte Cyber Warrior’s “Wall of Shame,” which may make you a target of cyber threats, such as identity theft and other kinds of attacks, you can do something about it.


Facebook user Khary Woulfe posted some tips on how you can hit back at the group’s threats.

Before visiting the page, make sure to do “Disable COOKIES, JAVASCRIPT and POP-UPS from your browser before clicking the link,” Woulfe said.

He also referred netizens to a safer version of the list, similar to the one posted by the Superficial Gazette. You can access it here.

As for taking your name, Woulfe suggested these tips:

  1. Verify your Facebook with your phone number. This is required to change your FB username.
  2. Change your username everyday (or more frequent than that.) The Messenger change username option is the fastest way to do so. (Otherwise, go to if you’re on computer or on web version of Facebook.)
    This way, your old Facebook address included on their lists will point instead to a 404 (Page Not Found) page.

“However, if you haven’t provided your username beforehand and your link has been listed as, the link would still point to your profile right after changing your username. If this is your case, it is better to deactivate your account for the mean time,” he added.


Woulfe also gave tips on how to take down the website hosting DCW’s list.

Here are the steps:

  1. Go to and select Violent Threats.
  2. Fill in Full name with any name that isn’t your true name.
  3. Fill in your email address.
  4. Fill in Evidence URL with
  5. Fill in Logs with:
    The link provided points to a website hosted on CloudFlare. The “Wall of Shame” is actually a list of Facebook profiles with links pointing to profiles that they are going to steal infos and photos. They also send death threats and other forms of black mails. I believe such kind of activity is illegal. My family and friends are included in the list. Please don’t allow your services to be instrumental to such kind of illegal activites. Thank you.
  6. Click Submit.

 Be Informed. Beat the Trolls, Share the Truth!


Continue Reading

What Others Read