Playing with the SHAttered PDFs

Security research, CTF writeups, and hacking adventures

📅 February 26, 2017 · 👤 gu4r15sm0 · 📁 misc
🏷️ cryptography sha1

SHA-1 Collision 

I’m playing with the PDFs created by the SHAttered.io researchers, you can download their paper explaining how they were able to generate a collision which also includes a Base64 encoded tar.bz2 archive of the 2 PDFs files from their site or from here. Artem Tashkinov, explains here and provides a link to a Pyhton3 script that creates collisions by Robert Xiao.

First, here is how the 2 PDFs look like so you can see they are very different

Original/Good PDF

Collision / BAD PDF

Both files have the same SHA1 hash:

igor@KYLO-REN:~$ sha1sum good.pdf bad.pdf
d00bbe65d80f6d53d5c15da7c6b4f0a655c5a86a good.pdf
d00bbe65d80f6d53d5c15da7c6b4f0a655c5a86a bad.pdf

Here's a diff of their Base64:

igor@KYLO-REN:~$ diff --side-by-side good.pdf.b64 bad.pdf.b64

JVBERi0xLjMKJeLjz9MKCgoxIDAgb2JqCjw8L1dpZHRoIDIgMCBSL0hlaWdod   JVBERi0xLjMKJeLjz9MKCgoxIDAgb2JqCjw8L1dpZHRoIDIgMCBSL0hlaWdod IDQgMCBSL1N1YnR5cGUgNSAwIFIvRmlsdGVyIDYgMCBSL0NvbG9yU3BhY2UgN   IDQgMCBSL1N1YnR5cGUgNSAwIFIvRmlsdGVyIDYgMCBSL0NvbG9yU3BhY2UgN IDggMCBSL0JpdHNQZXJDb21wb25lbnQgOD4+CnN0cmVhbQr/2P/+ACRTSEEtM   IDggMCBSL0JpdHNQZXJDb21wb25lbnQgOD4+CnN0cmVhbQr/2P/+ACRTSEEtM ISGFL+wJIzl1nDmxocY8TJfh//4Bf0bck6a2fgE7ApqqHbJWC0XKZ9aIx/hLj | ISGFL+wJIzl1nDmxocY8TJfh//4Bc0bckWa2fhGPApq2IbJWD/nKZ8yox/hbq aQkBxWtFwVMK/t+3YDjpcnIv561yjw5JBOBGwjBXD+nUE5ir4S71vJQr4zVCp | qQkB1d9FwU8m/t+z3DjpasIv571yjw5FvOBG0jxXD+sUE5i7VS71oKgr4zH+p rDUU503cDyzBqHTNDHgwWiFWZGEwl4lga9C/P5jNqARGKaEAAAAAAAAAAAAAA | rDUA603cDezBqGR5DHgsdiFWYN0wl5HQa9CvP5jNpLxGKbEAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA   AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA   AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA   AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA   AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAP/gABBKRklGAAEBAQBIAEgAAP/+ABNDcmVhdGVkIHdpdGggR0lNUP/bA   AAAAAP/gABBKRklGAAEBAQBIAEgAAP/+ABNDcmVhdGVkIHdpdGggR0lNUP/bA AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA   AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA AEMBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA   AEMBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA AQEBAQEBAQEBAf/CABEIAAgACAMBEQACEQEDEQH/xAAUAAEAAAAAAAAAAAAAA   AQEBAQEBAQEBAf/CABEIAAgACAMBEQACEQEDEQH/xAAUAAEAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAACf/+AAb//gAv/9oADAMBAAIQAxAAAAFTncUf/8QAF   AAAAAAAAAAAAAAAAAAAACf/+AAb//gAv/9oADAMBAAIQAxAAAAFTncUf/8QAF AAAAAAAAFib//gAG//4AM//aAAgBAQABBQKpU//EAB8RAAADCQAAAAAAAAAAA   AAAAAAAAFib//gAG//4AM//aAAgBAQABBQKpU//EAB8RAAADCQAAAAAAAAAAA Y2WGlf/+AAb//gBB/9oACAEDAQE/AZqKpW1TO7I4c55hIWa5DmBb/8QAHhEAA   Y2WGlf/+AAb//gBB/9oACAEDAQE/AZqKpW1TO7I4c55hIWa5DmBb/8QAHhEAA AAAAABQVFxMnRWNlhZT//gAG//4AQP/aAAgBAgEBPwGYThVVwVW2bNw+BKIaR   AAAAABQVFxMnRWNlhZT//gAG//4AQP/aAAgBAgEBPwGYThVVwVW2bNw+BKIaR AAAAAAAAAAAAAAAAFBMAEhUWRGJkhZT//gAG//4AM//aAAgBAQAGPwKtmk2xd   AAAAAAAAAAAAAAAAFBMAEhUWRGJkhZT//gAG//4AM//aAAgBAQAGPwKtmk2xd FBABAAAAAAAAAAAAAAAAAAAAAP/+AAb//gAS/9oACAEBAAE/IWAB//4ABv/+A   FBABAAAAAAAAAAAAAAAAAAAAAP/+AAb//gAS/9oACAEBAAE/IWAB//4ABv/+A AAAAEB//xAAUEQEAAAAAAAAAAAAAAAAAAAAA//4ABv/+ACj/2gAIAQMBAT8Qa   AAAAEB//xAAUEQEAAAAAAAAAAAAAAAAAAAAA//4ABv/+ACj/2gAIAQMBAT8Qa AAAAAAAAAAAAAAAA//4ABv/+ACj/2gAIAQIBAT8Qa8f/xAAUEAEAAAAAAAAAA   AAAAAAAAAAAAAAAA//4ABv/+ACj/2gAIAQIBAT8Qa8f/xAAUEAEAAAAAAAAAA Bv/+ABT/2gAIAQEAAT8QFT//2UFOR0X/4AAQSkZJRgABAQEASABIAAD//gATQ   Bv/+ABT/2gAIAQEAAT8QFT//2UFOR0X/4AAQSkZJRgABAQEASABIAAD//gATQ IEdJTVD/2wBDAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA   IEdJTVD/2wBDAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA AQEBAQEBAQEBAQEBAQEBAQH/2wBDAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA   AQEBAQEBAQEBAQEBAQEBAQH/2wBDAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/wgARCAAIAAgDAREAAhEBA   AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/wgARCAAIAAgDAREAAhEBA AAAAAAAAAAAAAAAACf/EABUBAQEAAAAAAAAAAAAAAAAAAAYH/9oADAMBAAIQA   AAAAAAAAAAAAAAAACf/EABUBAQEAAAAAAAAAAAAAAAAAAAYH/9oADAMBAAIQA ABQQAQAAAAAAAAAAAAAAAAAAAAD/2gAIAQEAAQUCf//EABgRAAIDAAAAAAAAA   ABQQAQAAAAAAAAAAAAAAAAAAAAD/2gAIAQEAAQUCf//EABgRAAIDAAAAAAAAA /9oACAEDAQE/Ad/b/Z/P/8QAGBEAAgMAAAAAAAAAAAAAAAAAAPA2prb/2gAIA   /9oACAEDAQE/Ad/b/Z/P/8QAGBEAAgMAAAAAAAAAAAAAAAAAAPA2prb/2gAIA xAAYEAACAwAAAAAAAAAAAAAAAAAA8Ddnp//aAAgBAQAGPwKpnJmJj//EABQQA   xAAYEAACAwAAAAAAAAAAAAAAAAAA8Ddnp//aAAgBAQAGPwKpnJmJj//EABQQA AAAAAAD/2gAIAQEAAT8hf//aAAwDAQACAAMAAAAQH//EABQRAQAAAAAAAAAAA   AAAAAAD/2gAIAQEAAT8hf//aAAwDAQACAAMAAAAQH//EABQRAQAAAAAAAAAAA AQMBAT8QD//EABQRAQAAAAAAAAAAAAAAAAAAAAD/2gAIAQIBAT8QD//EABQQA   AQMBAT8QD//EABQRAQAAAAAAAAAAAAAAAAAAAAD/2gAIAQIBAT8QD//EABQQA AAAAAAD/2gAIAQEAAT8QD//ZCmVuZHN0cmVhbQplbmRvYmoKCjIgMCBvYmoKO   AAAAAAD/2gAIAQEAAT8QD//ZCmVuZHN0cmVhbQplbmRvYmoKCjIgMCBvYmoKO MCBvYmoKOAplbmRvYmoKCjQgMCBvYmoKL1hPYmplY3QKZW5kb2JqCgo1IDAgb   MCBvYmoKOAplbmRvYmoKCjQgMCBvYmoKL1hPYmplY3QKZW5kb2JqCgo1IDAgb bmRvYmoKCjYgMCBvYmoKL0RDVERlY29kZQplbmRvYmoKCjcgMCBvYmoKL0Rld   bmRvYmoKCjYgMCBvYmoKL0RDVERlY29kZQplbmRvYmoKCjcgMCBvYmoKL0Rld YmoKCjggMCBvYmoKMTY5MwplbmRvYmoKCjkgMCBvYmoKPDwKICAvVHlwZSAvQ   YmoKCjggMCBvYmoKMTY5MwplbmRvYmoKCjkgMCBvYmoKPDwKICAvVHlwZSAvQ YWdlcyAxMCAwIFIKPj4KZW5kb2JqCgoKMTAgMCBvYmoKPDwKICAvVHlwZSAvU   YWdlcyAxMCAwIFIKPj4KZW5kb2JqCgoKMTAgMCBvYmoKPDwKICAvVHlwZSAvU bnQgMQogIC9LaWRzIFsxMSAwIFJdCj4+CmVuZG9iagoKMTEgMCBvYmoKPDwKI   bnQgMQogIC9LaWRzIFsxMSAwIFJdCj4+CmVuZG9iagoKMTEgMCBvYmoKPDwKI ZQogIC9QYXJlbnQgMTAgMCBSCiAgL01lZGlhQm94IFswIDAgOCA4XQogIC9Dc   ZQogIC9QYXJlbnQgMTAgMCBSCiAgL01lZGlhQm94IFswIDAgOCA4XQogIC9Dc OCA4XQogIC9Db250ZW50cyAxMiAwIFIKICAvUmVzb3VyY2VzCiAgPDwKICAgI   OCA4XQogIC9Db250ZW50cyAxMiAwIFIKICAvUmVzb3VyY2VzCiAgPDwKICAgI L0ltMCAxIDAgUj4+CiAgPj4KPj4KZW5kb2JqCgoxMiAwIG9iago8PC9MZW5nd   L0ltMCAxIDAgUj4+CiAgPj4KPj4KZW5kb2JqCgoxMiAwIG9iago8PC9MZW5nd YW0KcQogIDggMCAwIDggMCAwIGNtCiAgL0ltMCBEbwpRCmVuZHN0cmVhbQplb   YW0KcQogIDggMCAwIDggMCAwIGNtCiAgL0ltMCBEbwpRCmVuZHN0cmVhbQplb ZgowIDEzIAowMDAwMDAwMDAwIDY1NTM1IGYgCjAwMDAwMDAwMTcgMDAwMDAgb   ZgowIDEzIAowMDAwMDAwMDAwIDY1NTM1IGYgCjAwMDAwMDAwMTcgMDAwMDAgb MSAwMDAwMCBuIAowMDAwMDAxODc5IDAwMDAwIG4gCjAwMDAwMDE4OTcgMDAwM   MSAwMDAwMCBuIAowMDAwMDAxODc5IDAwMDAwIG4gCjAwMDAwMDE4OTcgMDAwM MTkyMiAwMDAwMCBuIAowMDAwMDAxOTQ1IDAwMDAwIG4gCjAwMDAwMDE5NzIgM   MTkyMiAwMDAwMCBuIAowMDAwMDAxOTQ1IDAwMDAwIG4gCjAwMDAwMDE5NzIgM MDAwMTk5OSAwMDAwMCBuIAowMDAwMDAyMDIwIDAwMDAwIG4gCjAwMDAwMDIwN   MDAwMTk5OSAwMDAwMCBuIAowMDAwMDAyMDIwIDAwMDAwIG4gCjAwMDAwMDIwN MDAwMDAwMjE0MiAwMDAwMCBuIAowMDAwMDAyMzA5IDAwMDAwIG4gCgp0cmFpb   MDAwMDAwMjE0MiAwMDAwMCBuIAowMDAwMDAyMzA5IDAwMDAwIG4gCgp0cmFpb IDkgMCBSIC9TaXplIDEzPj4KCnN0YXJ0eHJlZgoyMzkxCiUlRU9GCg==        IDkgMCBSIC9TaXplIDEzPj4KCnN0YXJ0eHJlZgoyMzkxCiUlRU9GCg==

Only 3 lines of the Base64 differ (marked in red), and there’s where the magic happens. SHAttered already took it’s first victim, WebKit’s Apache SVN, you can read about it here This means that is not only about SSL/TLS Certificates and encryption, it’s also about potential DoS of systems that are depended on SHA1 to do deduping or version control for example.

← Back to all posts