picoCTF Solutions
picoCTF 2021Web ExploitationMedium

It is my Birthday picoCTF 2021 Solution

Published: April 2, 2026

Description

I sent out 2 invitations to my birthday party, but some friends said the links were identical! Upload two different PDF files that share the same MD5 hash to get the flag.

Setup

Remote

Navigate to the challenge URL.

bash
# Open the challenge URL in your browser

Solution

Walk me through it
Background: Hash Cracking for CTFs separates collision attacks (this challenge) from preimage and password recovery.
  1. Step 1Obtain precomputed MD5 collision PDFs
    MD5 collision pairs for PDF files have been publicly available since 2004. Download a pair from the corkami/collisions repository on GitHub or from sites hosting the original Vlastimil Klima and Marc Stevens collision examples.
    bash
    wget https://github.com/corkami/collisions/raw/master/examples/collision1.pdf
    bash
    wget https://github.com/corkami/collisions/raw/master/examples/collision2.pdf
    Learn more

    MD5 (Message Digest 5) was designed in 1991 as a cryptographic hash function. By 2004, Xiaoyun Wang and colleagues demonstrated practical collision attacks - finding two different inputs that produce the same 128-bit hash output. By 2008, researchers had forged an MD5-signed SSL certificate. MD5 is now considered completely broken for any security-critical application.

    The corkami/collisions GitHub repository by Ange Albertini is an excellent reference on file format collisions - it demonstrates MD5 collisions for PDF, JPEG, ZIP, and many other formats. The collision PDFs look different but hash to the same MD5 value.

  2. Step 2Verify the collision and upload both files
    Confirm same MD5, different bytes, then upload both. The server treats them as two distinct valid documents because its only equality check is MD5.
    bash
    md5sum collision1.pdf collision2.pdf
    bash
    sha256sum collision1.pdf collision2.pdf
    bash
    diff -q collision1.pdf collision2.pdf
    Learn more

    md5sum should show identical hashes for both files while sha256sum and diff confirm they are genuinely different. The collision is achieved by carefully choosing content in a section of the PDF that does not affect rendering - the visible pages look different, but the underlying byte sequences hash identically under MD5.

    Why PDFs are easy targets. The PDF format is built around indirect objects (1 0 obj ... endobj) and binary streams (stream ... endstream) that the renderer follows like pointers. A PDF can contain two streams whose first 64 bytes form an MD5 collision pair (generated with hashclash or the older unicoll from Marc Stevens), then a conditional like /Catalog /Pages X selects which stream to display based on a single byte that differs. Same MD5, two different rendered documents.

    Modern cryptographic standards use SHA-256 or SHA-3 instead of MD5. No practical collision attacks are known against SHA-256. Code signing, SSL certificates, and integrity verification should never rely on MD5 or SHA-1 (also broken since 2017).

Flag

picoCTF{...}

MD5 collision attacks have been broken since 2004 - precomputed collision pairs for common file formats like PDF are publicly available.

Want more picoCTF 2021 writeups?

Browse picoCTF 2021Full library

Useful tools for Web Exploitation

Related reading

What to try next