NiNi's Den

2017::SECCON::Write-up

Word count: 195 / Reading time: 1 min
2017/12/18 Share

I will add write-up of printf machine in next few day.

SHA-1 is dead - 100 point

SHA-1 is dead
http://sha1.pwn.seccon.jp/
Upload two files satisfy following conditions:

file1 != file2
SHA1(file1) == SHA1(file2)
SHA256(file1) <> SHA256(file2)
2017KiB < sizeof(file1) < 2018KiB
2017KiB < sizeof(file2) < 2018KiB
* 1KiB = 1024 bytes

Just download sha1 collision pdf made by Google, then concatenate it with something.
Actually we don’t need to check the result of SHA-256 of two pdf……
Maybe wa can find a SHA-256 collision?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
import requests
import urllib2
from hashlib import sha1
from hashlib import sha256
import urllib
pdf1 = urllib2.urlopen("http://shattered.io/static/shattered-1.pdf").read()[:500]
pdf2 = urllib2.urlopen("http://shattered.io/static/shattered-2.pdf").read()[:500]
pdf1 = pdf1.ljust( 2065409, "\00") #padding pdf to 2017Kib + 1
pdf2 = pdf2.ljust( 2065409, "\00")
while True:
check1 = sha256(pdf1).hexdigest()
check2 = sha256(pdf2).hexdigest()
if check1 != check2:
break
else:
pdf1 = pdf1+"\00"
pdf2 = pdf2+"\00"
file1 = open("upload1","w")
file2 = open("upload2","w")
file1.write(pdf1)
file2.write(pdf2)
print sha1(pdf1).hexdigest()
print sha1(pdf2).hexdigest()
print sha256(pdf1).hexdigest()
print sha256(pdf2).hexdigest()
print len(pdf1)
print len(pdf2)

Original Author: Terrynini

Original link: http://blog.terrynini.tw/en/2017-SECCON-Write-up/

Publish at: December 18th 2017, 8:39:47

Copyright: This article is licensed under CC BY-NC 4.0

CATALOG