• Stars
    star
    410
  • Rank 105,468 (Top 3 %)
  • Language
    Python
  • Created almost 8 years ago
  • Updated almost 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Build two PDFs that have different content but identical SHA1 sums.

About

Generate two PDFs with different contents but identical SHA1 hashes.

PDFs are rendered into JPGs and merged into the output file. They must have the same page size and page count.

Requires ghostscript, turbojpeg, PIL, and Python 3.

Uses the "shattered" PDF prologue from shattered.io - credit to Marc Stevens et al. for the collision.

Similar to, but more flexible (supports more than one page, arbitrary-sized inputs, etc.) than the collision generator from http://alf.nu/SHA1.

Usage

Just run python3 collide.py PDF1.pdf PDF2.pdf, and it will generate out-PDF1.pdf and out-PDF2.pdf. These will contain the same content as the original input PDFs, but will have the same SHA1 hash. If the resulting PDFs don't work for you (e.g. they look corrupt, images have artifacts, etc.), try --progressive mode.

Remarks

There are two encoding modes: a more flexible "restart interval" mode and a more compatible "progressive" mode, switched by way of --progressive.

Restart intervals allow the image data to be reliably broken up into small chunks. However, some PDF renderers, such as my version of GhostScript, cannot parse the resulting JPEG correctly (as it has comments preceding the restart markers).

Progressive mode works with many smaller PDFs (at lower resolution, for example), but breaks down with larger images. However, it produces PDFs that are broadly compatible because it does not involve bending the JPEG spec. This is the mode used by Google+CWI in generating their own PoC PDF pair.

More Repositories

1

2048-ai

AI for the 2048 game
Python
1,069
star
2

universal-doom

A single .exe binary which runs DOOM on DOS 6, Windows 95 and Windows 10 (and probably everything in between).
Python
277
star
3

iOS-SOCKS-Server

iOS HTTP/SOCKS proxy server for fake-tethering
Python
259
star
4

eqgrp-free-file

Free sampling of files from the purported Equation Group hack.
Python
177
star
5

pwn-stuff

Miscellaneous utilities and such that I use for pwning. Open sourced since people might find these useful. Be warned: nothing is stable.
Python
129
star
6

ffsend

Python client for Firefox Send
Python
120
star
7

ntfsrecover

NTFS data-recovery program written in Python
Python
116
star
8

Il2CppVersions

Build scripts & historical header files for every available minor version of Unity's Il2Cpp project
C
108
star
9

ghidra-rickroll

Get rickrolled, right in your favourite NSA reverse engineering tool
C
77
star
10

socks5-ios

SOCKS server for iOS. Handy for defeating tethering speed limits, among other uses.
Objective-C
75
star
11

threes-ai

AI for the game Threes!
Python
57
star
12

iOS-Torrent-Client

A torrent client for iOS which runs on play.js - without sideloading or jailbreaking!
JavaScript
32
star
13

direct-handtracking

DIRECT - Depth IR Enhanced Contact Tracking
C++
30
star
14

fixedint

Fixed-width integers for Python
Python
28
star
15

doublethink

Doublethink challenge from DEF CON 2018
Python
23
star
16

ofxWin8Touch

Windows 8 touch driver for OpenFrameworks using WM_POINTER events
C++
21
star
17

openFrameworks-AndroidStudio

OpenFrameworks modifications to work with Android Studio
19
star
18

sstic-2021

Files for my solution to the SSTIC 2021 challenge
C
15
star
19

firefox-charset-extension

Override Character Encoding extension for Firefox
JavaScript
12
star
20

sublime-replace-with-python

"Replace with Python" for Sublime Text 2
Python
9
star
21

Insta360-X3-Firmware-Tools

Tools for unpacking and repacking firmware images for the Insta360 X3
Python
6
star
22

bgrep

Binary grep with support for sophisticated regexes and grep(1)-like usage
Python
6
star
23

steam-phishing-analysis

Analysis and dissection of a Steam login phishing site.
HTML
6
star
24

sstv-encoder

SSTV encoder for Terebeep challenge at PlaidCTF 2017
Python
5
star
25

net-nrbf

Utilities to dump and process .NET binary-serialized data streams.
Python
4
star
26

pogo-iv-reader

Screenshot-reading IV calculator for Pokemon GO
Python
4
star
27

android_remote_control

Control an Android phone's touchscreen via ADB.
Python
3
star
28

hexacon-2022

Files for my solution to the Hexacon 2022 challenge
Python
3
star
29

pandt

HCI P&T projects
C
3
star
30

libm3

Library for reading and writing Blizzard .m3 model files.
C++
3
star
31

sstic-2023

My writeup for the SSTIC 2023 challenge (https://www.sstic.org/2023/challenge/)
Python
3
star
32

ghidra-skeleton-language

Skeleton language module for Ghidra
Java
2
star
33

sarah2-attack

Cryptanalysis of the Sarah2 pen-and-paper cipher
Python
2
star
34

weka-android

Weka for Android.
Java
1
star
35

ofxGestureCam

OpenFrameworks addon for the Creative Gesture Cam
C
1
star