I'm not sure posting this is a good idea.
Zip still uses CRC32 as the primary verification method, and IIRC ClrMAME will still use CRC32 when rebuilding (SHA1 errors only get picked up on a full scan)
While it's pretty easy to brute force such things there is no legitimate reason to do so, some older databases still only contain CRC32 information for unknown roms, and giving pokeroms a tool to rebuild these files with fake ones benefits nobody at all. It's basically dangerous and not helpful to anybody. Brute Forcing SHA1 is pretty much in reach now, and if somebody does that in an easy to use tool too it breaches the entire integrity of the MAME database (the whole reason there is SHA1 in the first place is because CRC32 became insecure like this, but still exists for legacy reasons eg. the load by CRC zip support)
Widespread availability of such tools is only likely to result in MAME dropping CRC32 completely, and possibly even SHA1 completely, and switching to a newer, more secure hash algorithm, which will be more computationally expensive, and irreversibility break the load by CRC features and likewise break the existing support tools, also making scanning significantly more computationally expensive as they will no longer be able to use the informatoin in the zip headers.