Using the SHA1 collision attack to solve the BostonKeyParty CTF challenge

| Posted in Security Articles |


  • Sumo

This is a writeup to the Boston Key Party CTF 2017 Prudential challenge – which I took part in over the weekend. .

I viewed the source of the webpage and found out an index.txt file was being referenced.

Snippets below:

require 'flag.php';
if (isset($_GET['name']) and isset($_GET['password'])) {
    $name = (string)$_GET['name'];
    $password = (string)$_GET['password'];
    if ($name == $password) {
        print 'Your password can not be your name.';
    } else if (sha1($name) === sha1($password)) {
      die('Flag: '.$flag);
    } else {
        print '<p class="alert">Invalid password.</p>';
} ?>


Two conditions need to be met here – to display the flag.

  1. The $name entered must not be the same as the $password
  2. The sha1($name) must be the same as sha1($password)


My thought-process at this point was to have different values for $name and $password but with the same sha1 signature. What immediately comes to mind is the SHA1 Collision attack recently revealed by the google team.

According to the google team, “It is now practically possible to craft two colliding PDF files and obtain a SHA-1 digital signature on the first PDF file which can also be abused as a valid signature on the second PDF file.”

Two different PDF files with the same checksum are available here:

I then came up with a quick and dirty python script to do the job. This script takes the value of the first pdf as parameter “name” and the second pdf as parameter “password”

import requests
import urllib2
rotimi = urllib2.urlopen("").read()[:500];
letmein = urllib2.urlopen("").read()[:500];
r = requests.get('', params={'name': rotimi, 'password': letmein});
print r.text

After running this, I got the flag : FLAG{AfterThursdayWeHadToReduceThePointValue}

Post a comment