picoCTF Solutions
picoCTF 2021Web ExploitationMedium

It is my Birthday

Published: April 2, 2026

Description

I sent out 2 invitations to my birthday party, but some friends said the links were identical! Upload two different PDF files that share the same MD5 hash to get the flag.

Setup

Remote

Navigate to the challenge URL.

# Open the challenge URL in your browser

Solution

  1. Step 1Obtain precomputed MD5 collision PDFs
    MD5 collision pairs for PDF files have been publicly available since 2004. Download a pair from the corkami/collisions repository on GitHub or from sites hosting the original Vlastimil Klima and Marc Stevens collision examples.
    wget https://github.com/corkami/collisions/raw/master/examples/collision1.pdf
    wget https://github.com/corkami/collisions/raw/master/examples/collision2.pdf
    Learn more

    MD5 (Message Digest 5) was designed in 1991 as a cryptographic hash function. By 2004, Xiaoyun Wang and colleagues demonstrated practical collision attacks -- finding two different inputs that produce the same 128-bit hash output. By 2008, researchers had forged an MD5-signed SSL certificate. MD5 is now considered completely broken for any security-critical application.

    The corkami/collisions GitHub repository by Ange Albertini is an excellent reference on file format collisions -- it demonstrates MD5 collisions for PDF, JPEG, ZIP, and many other formats. The collision PDFs look different but hash to the same MD5 value.

  2. Step 2Verify the collision and upload both files
    Confirm both files have different content but the same MD5 hash. Then upload collision1.pdf and collision2.pdf to the challenge site. It will verify the hash equality and display the flag.
    md5sum collision1.pdf collision2.pdf
    diff collision1.pdf collision2.pdf
    Learn more

    md5sum should show identical hashes for both files while diff confirms they are different. The collision is achieved by carefully choosing content in a section of the PDF that does not affect rendering -- the visible pages look different, but the underlying byte sequences hash identically under MD5.

    Modern cryptographic standards use SHA-256 or SHA-3 instead of MD5. No practical collision attacks are known against SHA-256. Code signing, SSL certificates, and integrity verification should never rely on MD5 or SHA-1 (also broken since 2017).

Flag

picoCTF{...}

MD5 collision attacks have been broken since 2004 -- precomputed collision pairs for common file formats like PDF are publicly available.

More Web Exploitation