Browse Source

Clean source, remove website from src.

master
ben 3 years ago
parent
commit
3111008246
  1. 92
      README.md
  2. BIN
      caradoc
  3. 4
      tests/pdfcat
  4. 63
      website/css/styles.css
  5. 61
      website/css/styles2.css
  6. BIN
      website/favicon.ico
  7. 21
      website/gen_pocs.sh
  8. 251
      website/index.html
  9. 2
      website/robots.txt
  10. BIN
      website/samples/pdfzip/poc1/archive.zip
  11. BIN
      website/samples/pdfzip/poc1/doc.pdf
  12. BIN
      website/samples/pdfzip/poc1/polyglot.pdf
  13. BIN
      website/samples/pdfzip/poc2/file-FILE5_32.zip
  14. BIN
      website/samples/pdfzip/poc2/orwell_1984.pdf
  15. BIN
      website/samples/pdfzip/poc2/polyglot.pdf
  16. BIN
      website/samples/pdfzip/poc3/fasmw17304.zip
  17. BIN
      website/samples/pdfzip/poc3/polyglot.pdf
  18. BIN
      website/samples/pdfzip/poc3/x86asm.pdf
  19. BIN
      website/samples/pdfzip/poc6/eicar.zip
  20. BIN
      website/samples/pdfzip/poc6/hexinator.pdf
  21. BIN
      website/samples/pdfzip/poc6/polyglot.pdf
  22. BIN
      website/samples/szippdf/poc5/electronics.pdf
  23. BIN
      website/samples/szippdf/poc5/hello_world.jar
  24. BIN
      website/samples/szippdf/poc5/polyglot.pdf
  25. BIN
      website/samples/zippdf/poc4/archive.zip
  26. BIN
      website/samples/zippdf/poc4/doc.pdf
  27. BIN
      website/samples/zippdf/poc4/polyglot.pdf
  28. 3
      website/start_server.sh
  29. 2
      website/update.sh

92
README.md

@ -1,3 +1,91 @@
# TruePolyglot
Truepolyglot is polyglot file generator project. This means that the
generated file is composed of several file formats. The same file can be
opened as a ZIP file and as a PDF file for example. The idea of this
project comes from work of [Ange Albertini](https://github.com/corkami),
[International Journal of Proof-of-Concept or Get The Fuck
Out](https://www.alchemistowl.org/pocorgtfo/pocorgtfo07.pdf) and [Julia
Wolf](https://www.troopers.de/wp-content/uploads/2011/04/TR11_Wolf_OMG_PDF.pdf)
that explain how we can build a polyglot file.\
Polyglot file can be fastidious to build, even more if you want to
respect correctly file format. That's why I decided to build a tool to
generate them.\
My main motivation was the technical challenge.
See webiste at https://truepolyglot.hackade.org
## Features and versions ##
Description Version
--------------------------------------------------------------------------------------------------------- -------------
Build a polyglot file valid as PDF and ZIP format and that can be opened with 7Zip and Windows Explorer POC
Add a stream object in PDF part POC
Polyglot file checked without warning with [pdftocairo](https://poppler.freedesktop.org/) >= 1.0
Polyglot file checked without warning with [caradoc](https://github.com/ANSSI-FR/caradoc) >= 1.0
Rebuild PDF Xref Table >= 1.0
Stream object with correct length header value >= 1.0
Format "zippdf", file without offset after Zip data >= 1.1
Polyglot file keep original PDF version >= 1.1.1
Add "szippdf" format without offset before and after Zip data >= 1.2
Fix /Length stream object value and PDF offset for szippdf format >= 1.2.1
PDF object numbers reorder after insertion >= 1.3
## Polyglot file compatibility ##
Software Formats status
------------------ ------------------------- -----------------------------
Acrobat Reader pdfzip, zippdf OK
Acrobat Reader szippdf __KO__
Sumatra PDF pdfzip, zippdf, szippdf OK
Edge pdfzip, zippdf, szippdf OK
Firefox pdfzip, zippdf, szippdf OK
7zip pdfzip, zippdf __OK with warning__
7zip szippdf OK
Explorer Windows pdfzip, zippdf, szippdf OK
Info-ZIP (unzip) pdfzip, zippdf, szippdf OK
Evince pdfzip, zippdf, szippdf OK
pdftocairo -pdf pdfzip, zippdf, szippdf OK
caradoc stats pdfzip OK
java szippdf OK
## Examples ##
PDF input file Zip input file Format Polyglot Comment
---------------------------------------------------------- ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------- ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------
[doc.pdf](/samples/pdfzip/poc1/doc.pdf) [archive.zip](/samples/pdfzip/poc1/archive.zip) pdfzip [polyglot.pdf](/samples/pdfzip/poc1/polyglot.pdf) PDF/ZIP polyglot - 122 Ko
[orwell\_1984.pdf](/samples/pdfzip/poc2/orwell_1984.pdf) [file-FILE5\_32.zip](/samples/pdfzip/poc2/file-FILE5_32.zip) pdfzip [polyglot.pdf](/samples/pdfzip/poc2/polyglot.pdf) PDF/ZIP polyglot - 1.3 Mo
[x86asm.pdf](/samples/pdfzip/poc3/x86asm.pdf) [fasmw17304.zip](/samples/pdfzip/poc3/fasmw17304.zip) pdfzip [polyglot.pdf](/samples/pdfzip/poc3/polyglot.pdf) PDF/ZIP polyglot - 1.8 Mo
[doc.pdf](/samples/zippdf/poc4/doc.pdf) [archive.zip](/samples/zippdf/poc4/archive.zip) zippdf [polyglot.pdf](/samples/zippdf/poc4/polyglot.pdf) PDF/ZIP polyglot - 112 Ko
[electronics.pdf](/samples/szippdf/poc5/electronics.pdf) [hello\_world.jar](/samples/szippdf/poc5/hello_world.jar) szippdf [polyglot.pdf](/samples/szippdf/poc5/polyglot.pdf) PDF/JAR polyglot - 778 Ko
[hexinator.pdf](/samples/pdfzip/poc6/hexinator.pdf) [eicar.zip](/samples/pdfzip/poc6/eicar.zip) ([scan virustotal.com](https://www.virustotal.com/#/file/2174e17e6b03bb398666c128e6ab0a27d4ad6f7d7922127fe828e07aa94ab79d/detection)) pdfzip [polyglot.pdf](/samples/pdfzip/poc6/polyglot.pdf) ([scan virustotal.com](https://www.virustotal.com/#/file/f6fef31e3b03164bb3bdf35af0521f9fc0c518a9e0f1aa9f8b60ac936201591a/detection)) PDF/ZIP polyglot with Eicar test in Zip - 2.9 Mo
## Usage ##
usage: truepolyglot format [options] output-file
Generate a polyglot file.
Formats availables:
* pdfzip: Generate a file valid as PDF and ZIP. The format is closest to PDF.
* zippdf: Generate a file valid as ZIP and PDF. The format is closest to ZIP.
* szippdf: Generate a file valid as ZIP and PDF. The format is strictly a ZIP. Archive is modified.
positional arguments:
{pdfzip,zippdf,szippdf}
Output polyglot format
output_file Output polyglot file path
optional arguments:
-h, --help show this help message and exit
--pdffile PDFFILE PDF input file
--zipfile ZIPFILE ZIP input file
--verbose {none,error,info,debug}
Verbosity level (default: info)
TruePolyglot v1.3
## Code ##
git clone https://git.hackade.org/truepolyglot.git/
Download [truepolyglot-1.3.tar.gz](https://git.hackade.org/truepolyglot.git/snapshot/truepolyglot-1.3.tar.gz)
## Contact ##
[truepolyglot@hackade.org](mailtp:truepolyglot@hackade.org)

BIN
caradoc

4
pdfcat → tests/pdfcat

@ -23,6 +23,10 @@ EXAMPLES
# see https://github.com/mstamy2/PyPDF2/LICENSE
from __future__ import print_function
import sys
sys.path.append("../")
import argparse
from PdfFileTransformer.PyPDF2.pagerange import PAGE_RANGE_HELP

63
website/css/styles.css

@ -1,63 +0,0 @@
html {
background-color: black;
font-family: Consolas,monaco,monospace;
color: #92D050;
}
body {
background-color: black;
font-family: Consolas,monaco,monospace;
color: #92D050;
}
td {
background-color: black;
font-family: Consolas,monaco,monospace;
color: #92D050;
}
th {
background-color: black;
font-family: Consolas,monaco,monospace;
color: #92D050;
}
h1 {
color: white;
}
a:link {
color: #47B8C7;
}
a:visited {
color: #47B8C7;
}
a:active {
color: #47B8C7;
}
table {
border-collapse: collapse;
}
table, th, td {
border: 1px solid white;
}
th {
background-color: #92D050;
color: black;
}
th {
padding-left: 0.5em;
padding-right: 0.5em;
padding-top: 0.5em;
padding-bottom: 0.5em;
}
td {
padding-left: 0.5em;
padding-right: 0.5em;
padding-bottom: 0.5em;
padding-top: 0.5em;
text-align: left;
}
.font_reduce {
font-size: 75%;
}
.warning {
color: #ffb833;
}

61
website/css/styles2.css

@ -1,61 +0,0 @@
html {
background-color: black;
font-family: Consolas,monaco,monospace;
color: #92D050;
}
body {
background-color: black;
font-family: Consolas,monaco,monospace;
color: #92D050;
}
td {
background-color: black;
font-family: Consolas,monaco,monospace;
color: #92D050;
}
th {
background-color: black;
font-family: Consolas,monaco,monospace;
color: #92D050;
}
a:link {
color: #47B8C7;
}
a:visited {
color: #47B8C7;
}
a:active {
color: #47B8C7;
}
table {
border-collapse: collapse;
}
table, th, td {
border: 1px solid white;
}
th {
background-color: #92D050;
color: black;
}
th {
padding-left: 0.5em;
padding-right: 0.5em;
padding-top: 0.5em;
padding-bottom: 0.5em;
}
td {
padding-left: 0.5em;
padding-right: 0.5em;
padding-bottom: 0.5em;
padding-top: 0.5em;
text-align: left;
}
th a:link {
color: black;
}
th a:visited {
color: black;
}
th a:active {
color: black;
}

BIN
website/favicon.ico

21
website/gen_pocs.sh

@ -1,21 +0,0 @@
#!/bin/bash
find -type f -name 'polyglot.pdf' -delete
mkdir -p ./samples/pdfzip/poc1/
../truepolyglot pdfzip --pdffile ./samples/pdfzip/poc1/doc.pdf --zipfile ./samples/pdfzip/poc1/archive.zip ./samples/pdfzip/poc1/polyglot.pdf
mkdir -p ./samples/pdfzip/poc2/
../truepolyglot pdfzip --pdffile ./samples/pdfzip/poc2/orwell_1984.pdf --zipfile ./samples/pdfzip/poc2/file-FILE5_32.zip ./samples/pdfzip/poc2/polyglot.pdf
mkdir -p ./samples/pdfzip/poc3/
../truepolyglot pdfzip --pdffile ./samples/pdfzip/poc3/x86asm.pdf --zipfile ./samples/pdfzip/poc3/fasmw17304.zip ./samples/pdfzip/poc3/polyglot.pdf
mkdir -p ./samples/zippdf/poc4/
../truepolyglot zippdf --pdffile ./samples/zippdf/poc4/doc.pdf --zipfile ./samples/zippdf/poc4/archive.zip ./samples/zippdf/poc4/polyglot.pdf
mkdir -p ./samples/szippdf/poc5/
../truepolyglot szippdf --pdffile ./samples/szippdf/poc5/electronics.pdf --zipfile ./samples/szippdf/poc5/hello_world.jar ./samples/szippdf/poc5/polyglot.pdf
mkdir -p ./samples/pdfzip/poc6/
../truepolyglot pdfzip --pdffile ./samples/pdfzip/poc6/hexinator.pdf --zipfile ./samples/pdfzip/poc6/eicar.zip ./samples/pdfzip/poc6/polyglot.pdf

251
website/index.html

@ -1,251 +0,0 @@
<!doctype html>
<html lang="fr">
<head>
<meta charset="utf-8">
<title>TruePolyglot</title>
<meta name="description" content="TruePolyglot project website">
<meta name="author" content="hackade">
<link rel="stylesheet" href="css/styles.css">
<link rel="shortcut icon" href="/favicon.ico">
</head>
<body>
<h1>TruePolyglot</h1>
Truepolyglot is polyglot file generator project.
This means that the generated file is composed of several file formats. The same file can be opened as a ZIP file and as a PDF file for example.
The idea of this project comes from work of <a href="https://github.com/corkami">Ange Albertini</a>, <a href="https://www.alchemistowl.org/pocorgtfo/pocorgtfo07.pdf">International Journal of Proof-of-Concept or Get The Fuck Out</a> and <a href="https://www.troopers.de/wp-content/uploads/2011/04/TR11_Wolf_OMG_PDF.pdf">Julia Wolf</a> that explain how we can build a polyglot file.<br>
Polyglot file can be fastidious to build, even more if you want to respect correctly file format. That's why I decided to build a tool to generate them.<br>
My main motivation was the technical challenge.
<br>
<h2>Features and changelog</h2>
<div class="font_reduce">
<table>
<tr>
<th>Description</th>
<th>Version</th>
</tr>
<tr>
<td>Build a polyglot file valid as PDF and ZIP format and that can be opened with 7Zip and Windows Explorer</td>
<td>POC</td>
</tr>
<tr>
<td>Add a stream object in PDF part</td>
<td>POC</td>
</tr>
<tr>
<td>Polyglot file checked without warning with <a href="https://poppler.freedesktop.org/">pdftocairo</a></td>
<td> &gt;= 1.0</td>
</tr>
<tr>
<td>Polyglot file checked without warning with <a href="https://github.com/ANSSI-FR/caradoc">caradoc</a></td>
<td> &gt;= 1.0</td>
</tr>
<tr>
<td>Rebuild PDF Xref Table</td>
<td>&gt;= 1.0</td>
</tr>
<tr>
<td>Stream object with correct length header value</td>
<td>&gt;= 1.0</td>
</tr>
<tr>
<td>Format "zippdf", file without offset after Zip data</td>
<td>&gt;= 1.1</td>
</tr>
<tr>
<td>Polyglot file keep original PDF version</td>
<td>&gt;= 1.1.1</td>
</tr>
<tr>
<td>Add "szippdf" format without offset before and after Zip data</td>
<td>&gt;= 1.2</td>
</tr>
<tr>
<td>Fix /Length stream object value and PDF offset for szippdf format</td>
<td>&gt;= 1.2.1</td>
</tr>
<tr>
<td>PDF object numbers reorder after insertion</td>
<td>&gt;= 1.3</td>
</tr>
</table>
</div>
<h2>Polyglot file compatibility</h2>
<div class="font_reduce">
<table>
<tr>
<th>Software</th>
<th>Formats</th>
<th>status</th>
</tr>
<tr>
<td>Acrobat Reader</td>
<td>pdfzip, zippdf</td>
<td>OK</td>
</tr>
<tr>
<td>Acrobat Reader</td>
<td>szippdf</td>
<td><span class="warning">KO</span></td>
</tr>
<tr>
<td>Sumatra PDF</td>
<td>pdfzip, zippdf, szippdf</td>
<td>OK</td>
</tr>
<tr>
<td>Edge</td>
<td>pdfzip, zippdf, szippdf</td>
<td>OK</td>
</tr>
<tr>
<td>Firefox</td>
<td>pdfzip, zippdf, szippdf</td>
<td>OK</td>
</tr>
<tr>
<td>7zip</td>
<td>pdfzip, zippdf</td>
<td><span class="warning">OK with warning</span></td>
</tr>
<tr>
<td>7zip</td>
<td>szippdf</td>
<td>OK</td>
</tr>
<tr>
<td>Explorer Windows</td>
<td>pdfzip, zippdf, szippdf</td>
<td>OK</td>
</tr>
<tr>
<td>Info-ZIP (unzip)</td>
<td>pdfzip, zippdf, szippdf</td>
<td>OK</td>
</tr>
<tr>
<td>Evince</td>
<td>pdfzip, zippdf, szippdf</td>
<td>OK</td>
</tr>
<tr>
<td>pdftocairo -pdf</td>
<td>pdfzip, zippdf, szippdf</td>
<td>OK</td>
</tr>
<tr>
<td>caradoc stats</td>
<td>pdfzip</td>
<td>OK</td>
</tr>
<tr>
<td>java</td>
<td>szippdf</td>
<td>OK</td>
</tr>
</table>
</div>
<h2>Examples</h2>
<ul>
<li><a href="/samples/">Polyglot files repository</a></li>
</ul>
<div class="font_reduce">
<table>
<tr>
<th>PDF input file</th>
<th>Zip input file</th>
<th>Format</th>
<th>Polyglot</th>
<th>Comment</th>
</tr>
<tr>
<td><a href="/samples/pdfzip/poc1/doc.pdf">doc.pdf</a></td>
<td><a href="/samples/pdfzip/poc1/archive.zip">archive.zip</a></td>
<td>pdfzip</td>
<td><a href="/samples/pdfzip/poc1/polyglot.pdf">polyglot.pdf</a></td>
<td>PDF/ZIP polyglot - 122 Ko</td>
</tr>
<tr>
<td><a href="/samples/pdfzip/poc2/orwell_1984.pdf">orwell_1984.pdf</a></td>
<td><a href="/samples/pdfzip/poc2/file-FILE5_32.zip">file-FILE5_32.zip</a></td>
<td>pdfzip</td>
<td><a href="/samples/pdfzip/poc2/polyglot.pdf">polyglot.pdf</a></td>
<td>PDF/ZIP polyglot - 1.3 Mo</td>
</tr>
<tr>
<td><a href="/samples/pdfzip/poc3/x86asm.pdf">x86asm.pdf</a></td>
<td><a href="/samples/pdfzip/poc3/fasmw17304.zip">fasmw17304.zip</a></td>
<td>pdfzip</td>
<td><a href="/samples/pdfzip/poc3/polyglot.pdf">polyglot.pdf</a></td>
<td>PDF/ZIP polyglot - 1.8 Mo</td>
</tr>
<tr>
<td><a href="/samples/zippdf/poc4/doc.pdf">doc.pdf</a></td>
<td><a href="/samples/zippdf/poc4/archive.zip">archive.zip</a></td>
<td>zippdf</td>
<td><a href="/samples/zippdf/poc4/polyglot.pdf">polyglot.pdf</a></td>
<td>PDF/ZIP polyglot - 112 Ko</td>
</tr>
<tr>
<td><a href="/samples/szippdf/poc5/electronics.pdf">electronics.pdf</a></td>
<td><a href="/samples/szippdf/poc5/hello_world.jar">hello_world.jar</a></td>
<td>szippdf</td>
<td><a href="/samples/szippdf/poc5/polyglot.pdf">polyglot.pdf</a></td>
<td>PDF/JAR polyglot - 778 Ko</td>
</tr>
<tr>
<td><a href="/samples/pdfzip/poc6/hexinator.pdf">hexinator.pdf</a></td>
<td><a href="/samples/pdfzip/poc6/eicar.zip">eicar.zip</a>&nbsp;(<a href="https://www.virustotal.com/#/file/2174e17e6b03bb398666c128e6ab0a27d4ad6f7d7922127fe828e07aa94ab79d/detection">scan virustotal.com</a>)</td>
<td>pdfzip</td>
<td><a href="/samples/pdfzip/poc6/polyglot.pdf">polyglot.pdf</a>&nbsp;(<a href="https://www.virustotal.com/#/file/f6fef31e3b03164bb3bdf35af0521f9fc0c518a9e0f1aa9f8b60ac936201591a/detection">scan virustotal.com</a>)</td>
<td>PDF/ZIP polyglot with Eicar test in Zip - 2.9 Mo</td>
</tr>
</table>
</div>
<h2>Manual</h2>
<pre>
usage: truepolyglot format [options] output-file
Generate a polyglot file.
Formats availables:
* pdfzip: Generate a file valid as PDF and ZIP. The format is closest to PDF.
* zippdf: Generate a file valid as ZIP and PDF. The format is closest to ZIP.
* szippdf: Generate a file valid as ZIP and PDF. The format is strictly a ZIP. Archive is modified.
positional arguments:
{pdfzip,zippdf,szippdf}
Output polyglot format
output_file Output polyglot file path
optional arguments:
-h, --help show this help message and exit
--pdffile PDFFILE PDF input file
--zipfile ZIPFILE ZIP input file
--verbose {none,error,info,debug}
Verbosity level (default: info)
TruePolyglot v1.3
</pre>
<h2>Code</h2>
<pre>
git clone <a href="https://git.hackade.org/truepolyglot.git/">https://git.hackade.org/truepolyglot.git/</a>
</pre>
<h2>Contact</h2>
On <a href="https://webchat.freenode.net/">IRC Freenode</a> my nickname is hackade or by mail at <a href="mailtp:truepolyglot@hackade.org">truepolyglot@hackade.org</a>.
</body>
</html>

2
website/robots.txt

@ -1,2 +0,0 @@
User-agent: *
Disallow: /

BIN
website/samples/pdfzip/poc1/archive.zip

BIN
website/samples/pdfzip/poc1/doc.pdf

BIN
website/samples/pdfzip/poc1/polyglot.pdf

BIN
website/samples/pdfzip/poc2/file-FILE5_32.zip

BIN
website/samples/pdfzip/poc2/orwell_1984.pdf

BIN
website/samples/pdfzip/poc2/polyglot.pdf

BIN
website/samples/pdfzip/poc3/fasmw17304.zip

BIN
website/samples/pdfzip/poc3/polyglot.pdf

BIN
website/samples/pdfzip/poc3/x86asm.pdf

BIN
website/samples/pdfzip/poc6/eicar.zip

BIN
website/samples/pdfzip/poc6/hexinator.pdf

BIN
website/samples/pdfzip/poc6/polyglot.pdf

BIN
website/samples/szippdf/poc5/electronics.pdf

BIN
website/samples/szippdf/poc5/hello_world.jar

BIN
website/samples/szippdf/poc5/polyglot.pdf

BIN
website/samples/zippdf/poc4/archive.zip

BIN
website/samples/zippdf/poc4/doc.pdf

BIN
website/samples/zippdf/poc4/polyglot.pdf

3
website/start_server.sh

@ -1,3 +0,0 @@
#!/bin/bash
echo "http://127.0.0.1:8000"
python -m SimpleHTTPServer 8000

2
website/update.sh

@ -1,2 +0,0 @@
#!/bin/bash
rsync -av --progress ./ -e ssh dragon:/var/www/html/truepolyglot/
Loading…
Cancel
Save