Spoofing is the easy thing, as the hashing is done in the client. You'd just have to figure out the protocol to get the file with a known hash (and other metadata, probably).
However, "guessing" the hash for a file that you don't have is not. The chance that you'll get a file by trying random hashes is very very very small.
However, "guessing" the hash for a file that you don't have is not. The chance that you'll get a file by trying random hashes is very very very small.