
PoC||GTFO-18 [pdf] - signa11
https://www.alchemistowl.org/pocorgtfo/pocorgtfo18.pdf
======
nneonneo
There are _five_ different files in this wonderful polyglot PDF. Spoilers
ahead:

    
    
        - The PDF you see when you open the file normally, with a big REJECTED stamp on the front page.
        - An HTML file, which is what you get if you open the file with extension .html or MIME-type text/html. This contains an SVG representation of the first page.
        - A ZIP file, which you can unpack by just running `unzip` over the file. This contains the various PoC code and other materials.
    

And, two more extra-special files which you can get by swapping the first 320
bytes with the other prefix of the SHAttered collision pair (this changes the
file contents but not the SHA-1 hash!):

    
    
        - A PDF which shows ACCEPTED and a coffee stain on the first page instead of REJECTED
        - An HTML file which contains a nice CHIP8 emulator.

------
diggan
Since they ask for mirroring, I mirrored the PDF on IPFS. If you have IPFS
running locally:

/ipfs/QmSLGcHPnPSRZzTmPpVhLt1nhGiaenZK1SFH8PpiozwS2G

Otherwise you can access it via a public gateway here:

[https://ipfs.io/ipfs/QmSLGcHPnPSRZzTmPpVhLt1nhGiaenZK1SFH8Pp...](https://ipfs.io/ipfs/QmSLGcHPnPSRZzTmPpVhLt1nhGiaenZK1SFH8PpiozwS2G/pocorgtfo18.pdf)

------
vbrandl
It bugs me probably more than it should, but I find it strange that issue 0x09
was followed by 0x10 instead of 0x0a...

~~~
saalweachter
If it makes you feel better, binary-coded decimal has a rich tradition.

------
Flockster
"Technical Note: This file, pocorgtfo18.pdf , is valid as a PDF, ZIP, and
HTML. It is available in two different variants, but they have the same SHA-1
hash"

Where do I find the second version? Couldn't find the link on the
alchemistowl.org webpage, but they are mentioning two different MD5 and SHA256
Hashes.

~~~
shakna
The hashes are on this [0] page... But I don't see any variant. Maybe it was
distributed on one of the mirrors?

[0]
[https://www.alchemistowl.org/pocorgtfo/](https://www.alchemistowl.org/pocorgtfo/)

~~~
nneonneo
The variant has the _same_ SHA-1 hash - you're meant to build it yourself. See
[https://shattered.io/](https://shattered.io/).

~~~
shakna
Ah, so variant referred to the puzzle. Sorry, my PDF reader rejected the mag
as invalid so I haven't quite read anything yet.

------
vbrandl
Following the call for new mirrors, I created another one:
[https://mirror.oldsql.cc/pocorgtfo/](https://mirror.oldsql.cc/pocorgtfo/)

