diff options
Diffstat (limited to 'website')
26 files changed, 401 insertions, 0 deletions
diff --git a/website/css/styles.css b/website/css/styles.css new file mode 100644 index 0000000..adc9728 --- /dev/null +++ b/website/css/styles.css @@ -0,0 +1,63 @@ +html { + background-color: black; + font-family: Consolas,monaco,monospace; + color: #92D050; +} +body { + background-color: black; + font-family: Consolas,monaco,monospace; + color: #92D050; +} +td { + background-color: black; + font-family: Consolas,monaco,monospace; + color: #92D050; +} +th { + background-color: black; + font-family: Consolas,monaco,monospace; + color: #92D050; +} +h1 { + color: white; +} +a:link { + color: #47B8C7; +} +a:visited { + color: #47B8C7; +} +a:active { + color: #47B8C7; +} +table { + border-collapse: collapse; +} +table, th, td { + border: 1px solid white; +} +th { + background-color: #92D050; + color: black; +} +th { + padding-left: 0.5em; + padding-right: 0.5em; + padding-top: 0.5em; + padding-bottom: 0.5em; +} +td { + padding-left: 0.5em; + padding-right: 0.5em; + padding-bottom: 0.5em; + padding-top: 0.5em; + text-align: left; +} + +.font_reduce { + font-size: 75%; +} + +.warning { + color: #ffb833; +} diff --git a/website/css/styles2.css b/website/css/styles2.css new file mode 100644 index 0000000..56ef7e5 --- /dev/null +++ b/website/css/styles2.css @@ -0,0 +1,61 @@ +html { + background-color: black; + font-family: Consolas,monaco,monospace; + color: #92D050; +} +body { + background-color: black; + font-family: Consolas,monaco,monospace; + color: #92D050; +} +td { + background-color: black; + font-family: Consolas,monaco,monospace; + color: #92D050; +} +th { + background-color: black; + font-family: Consolas,monaco,monospace; + color: #92D050; +} +a:link { + color: #47B8C7; +} +a:visited { + color: #47B8C7; +} +a:active { + color: #47B8C7; +} +table { + border-collapse: collapse; +} +table, th, td { + border: 1px solid white; +} +th { + background-color: #92D050; + color: black; +} +th { + padding-left: 0.5em; + padding-right: 0.5em; + padding-top: 0.5em; + padding-bottom: 0.5em; +} +td { + padding-left: 0.5em; + padding-right: 0.5em; + padding-bottom: 0.5em; + padding-top: 0.5em; + text-align: left; +} +th a:link { + color: black; +} +th a:visited { + color: black; +} +th a:active { + color: black; +} diff --git a/website/favicon.ico b/website/favicon.ico Binary files differnew file mode 100644 index 0000000..0ea93ea --- /dev/null +++ b/website/favicon.ico diff --git a/website/gen_pocs.sh b/website/gen_pocs.sh new file mode 100755 index 0000000..a62e112 --- /dev/null +++ b/website/gen_pocs.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +find -type f -name 'polyglot.pdf' -delete + +mkdir -p ./samples/pdfzip/poc1/ +../truepolyglot pdfzip --pdffile ./samples/pdfzip/poc1/doc.pdf --zipfile ./samples/pdfzip/poc1/archive.zip ./samples/pdfzip/poc1/polyglot.pdf + +mkdir -p ./samples/pdfzip/poc2/ +../truepolyglot pdfzip --pdffile ./samples/pdfzip/poc2/orwell_1984.pdf --zipfile ./samples/pdfzip/poc2/file-FILE5_32.zip ./samples/pdfzip/poc2/polyglot.pdf + +mkdir -p ./samples/pdfzip/poc3/ +../truepolyglot pdfzip --pdffile ./samples/pdfzip/poc3/x86asm.pdf --zipfile ./samples/pdfzip/poc3/fasmw17304.zip ./samples/pdfzip/poc3/polyglot.pdf + +mkdir -p ./samples/zippdf/poc4/ +../truepolyglot zippdf --pdffile ./samples/zippdf/poc4/doc.pdf --zipfile ./samples/zippdf/poc4/archive.zip ./samples/zippdf/poc4/polyglot.pdf + +mkdir -p ./samples/szippdf/poc5/ +../truepolyglot szippdf --pdffile ./samples/szippdf/poc5/electronics.pdf --zipfile ./samples/szippdf/poc5/hello_world.jar ./samples/szippdf/poc5/polyglot.pdf + +mkdir -p ./samples/pdfzip/poc6/ +../truepolyglot pdfzip --pdffile ./samples/pdfzip/poc6/hexinator.pdf --zipfile ./samples/pdfzip/poc6/eicar.zip ./samples/pdfzip/poc6/polyglot.pdf diff --git a/website/index.html b/website/index.html new file mode 100644 index 0000000..c19a2ab --- /dev/null +++ b/website/index.html @@ -0,0 +1,249 @@ +<!doctype html> + +<html lang="fr"> +<head> + <meta charset="utf-8"> + + <title>TruePolyglot</title> + <meta name="description" content="TruePolyglot project website"> + <meta name="author" content="hackade"> + <link rel="stylesheet" href="css/styles.css"> + <link rel="shortcut icon" href="/favicon.ico"> + + +</head> + +<body> + <h1>TruePolyglot</h1> +Truepolyglot is polyglot file generator project. +This means that the generated file is composed of several file formats. The same file can be opened as a ZIP file and as a PDF file for example. +The idea of this project comes from work of <a href="https://github.com/corkami">Ange Albertini</a>, <a href="https://www.alchemistowl.org/pocorgtfo/pocorgtfo07.pdf">International Journal of Proof-of-Concept or Get The Fuck Out</a> and <a href="https://www.troopers.de/wp-content/uploads/2011/04/TR11_Wolf_OMG_PDF.pdf">Julia Wolf</a> that explain how we can build a polyglot file.<br> +Polyglot file can be fastidious to build, even more if you want to respect correctly file format. That's why I decided to build a tool to generate them.<br> +My main motivation was the technical challenge. +<br> + + <h2>Features and changelog</h2> + <div class="font_reduce"> + <table> + <tr> + <th>Description</th> + <th>Version</th> + </tr> + <tr> + <td>Build a polyglot file valid as PDF and ZIP format and that can be opened with 7Zip and Windows Explorer</td> + <td>POC</td> + </tr> + <tr> + <td>Add a stream object in PDF part</td> + <td>POC</td> + </tr> + <tr> + <td>Polyglot file checked without warning with <a href="https://poppler.freedesktop.org/">pdftocairo</a></td> + <td> >= 1.0</td> + </tr> + <tr> + <td>Polyglot file checked without warning with <a href="https://github.com/ANSSI-FR/caradoc">caradoc</a></td> + <td> >= 1.0</td> + </tr> + <tr> + <td>Rebuild PDF Xref Table</td> + <td>>= 1.0</td> + </tr> + <tr> + <td>Stream object with correct length header value</td> + <td>>= 1.0</td> + </tr> + <tr> + <td>Format "zippdf", file without offset after Zip data</td> + <td>>= 1.1</td> + </tr> + <tr> + <td>Polyglot file keep original PDF version</td> + <td>>= 1.1.1</td> + </tr> + <tr> + <td>Add "szippdf" format without offset before and after Zip data</td> + <td>>= 1.2</td> + </tr> + <tr> + <td>Fix /Length stream object value and PDF offset for szippdf format</td> + <td>>= 1.2.1</td> + </tr> + <tr> + <td>PDF object numbers reorder after insertion</td> + <td>>= 1.3</td> + </tr> + </table> + </div> + + <h2>Polyglot file compatibility</h2> + <div class="font_reduce"> + <table> + <tr> + <th>Software</th> + <th>Formats</th> + <th>status</th> + </tr> + <tr> + <td>Acrobat Reader</td> + <td>pdfzip, zippdf</td> + <td>OK</td> + </tr> + <tr> + <td>Acrobat Reader</td> + <td>szippdf</td> + <td><span class="warning">KO</span></td> + </tr> + <tr> + <td>Sumatra PDF</td> + <td>pdfzip, zippdf, szippdf</td> + <td>OK</td> + </tr> + <tr> + <td>Edge</td> + <td>pdfzip, zippdf, szippdf</td> + <td>OK</td> + </tr> + <tr> + <td>Firefox</td> + <td>pdfzip, zippdf, szippdf</td> + <td>OK</td> + </tr> + <tr> + <td>7zip</td> + <td>pdfzip, zippdf</td> + <td><span class="warning">OK with warning</span></td> + </tr> + <tr> + <td>7zip</td> + <td>szippdf</td> + <td>OK</td> + </tr> + <tr> + <td>Explorer Windows</td> + <td>pdfzip, zippdf, szippdf</td> + <td>OK</td> + </tr> + <tr> + <td>Info-ZIP (unzip)</td> + <td>pdfzip, zippdf, szippdf</td> + <td>OK</td> + </tr> + <tr> + <td>Evince</td> + <td>pdfzip, zippdf, szippdf</td> + <td>OK</td> + </tr> + <tr> + <td>pdftocairo -pdf</td> + <td>pdfzip, zippdf, szippdf</td> + <td>OK</td> + </tr> + <tr> + <td>caradoc stats</td> + <td>pdfzip</td> + <td>OK</td> + </tr> + <tr> + <td>java</td> + <td>szippdf</td> + <td>OK</td> + </tr> + + </table> + </div> + + + <h2>Examples</h2> + <ul> + <li><a href="/samples/">Polyglot files repository</a></li> + </ul> + <div class="font_reduce"> + <table> + <tr> + <th>PDF input file</th> + <th>Zip input file</th> + <th>Format</th> + <th>Polyglot</th> + <th>Comment</th> + </tr> + <tr> + <td><a href="/samples/pdfzip/poc1/doc.pdf">doc.pdf</a></td> + <td><a href="/samples/pdfzip/poc1/archive.zip">archive.zip</a></td> + <td>pdfzip</td> + <td><a href="/samples/pdfzip/poc1/polyglot.pdf">polyglot.pdf</a></td> + <td>PDF/ZIP polyglot - 122 Ko</td> + </tr> + <tr> + <td><a href="/samples/pdfzip/poc2/orwell_1984.pdf">orwell_1984.pdf</a></td> + <td><a href="/samples/pdfzip/poc2/file-FILE5_32.zip">file-FILE5_32.zip</a></td> + <td>pdfzip</td> + <td><a href="/samples/pdfzip/poc2/polyglot.pdf">polyglot.pdf</a></td> + <td>PDF/ZIP polyglot - 1.3 Mo</td> + </tr> + <tr> + <td><a href="/samples/pdfzip/poc3/x86asm.pdf">x86asm.pdf</a></td> + <td><a href="/samples/pdfzip/poc3/fasmw17304.zip">fasmw17304.zip</a></td> + <td>pdfzip</td> + <td><a href="/samples/pdfzip/poc3/polyglot.pdf">polyglot.pdf</a></td> + <td>PDF/ZIP polyglot - 1.8 Mo</td> + </tr> + <tr> + <td><a href="/samples/zippdf/poc4/doc.pdf">doc.pdf</a></td> + <td><a href="/samples/zippdf/poc4/archive.zip">archive.zip</a></td> + <td>zippdf</td> + <td><a href="/samples/zippdf/poc4/polyglot.pdf">polyglot.pdf</a></td> + <td>PDF/ZIP polyglot - 112 Ko</td> + </tr> + <tr> + <td><a href="/samples/szippdf/poc5/electronics.pdf">electronics.pdf</a></td> + <td><a href="/samples/szippdf/poc5/hello_world.jar">hello_world.jar</a></td> + <td>szippdf</td> + <td><a href="/samples/szippdf/poc5/polyglot.pdf">polyglot.pdf</a></td> + <td>PDF/JAR polyglot - 778 Ko</td> + </tr> + <tr> + <td><a href="/samples/pdfzip/poc6/hexinator.pdf">hexinator.pdf</a></td> + <td><a href="/samples/pdfzip/poc6/eicar.zip">eicar.zip</a> (<a href="https://www.virustotal.com/#/file/2174e17e6b03bb398666c128e6ab0a27d4ad6f7d7922127fe828e07aa94ab79d/detection">scan virustotal.com</a>)</td> + <td>pdfzip</td> + <td><a href="/samples/pdfzip/poc6/polyglot.pdf">polyglot.pdf</a> (<a href="https://www.virustotal.com/#/file/883d08efc14e0cacc9a260d84fdef285b383cc9a9125366dfb0bf676ddeb0f98/detection">scan virustotal.com</a>)</td> + <td>PDF/ZIP polyglot with Eicar test in Zip - 2.9 Mo</td> + </tr> + </table> + </div> + + <h2>Manual</h2> +<pre> +usage: truepolyglot format [options] output-file + +Generate a polyglot file. + +Formats availables: +* pdfzip: Generate a file valid as PDF and ZIP. The format is closest to PDF. +* zippdf: Generate a file valid as ZIP and PDF. The format is closest to ZIP. +* szippdf: Generate a file valid as ZIP and PDF. The format is strictly a ZIP. Archive is modified. + +positional arguments: + {pdfzip,zippdf,szippdf} + Output polyglot format + output_file Output polyglot file path + +optional arguments: + -h, --help show this help message and exit + --pdffile PDFFILE PDF input file + --zipfile ZIPFILE ZIP input file + --verbose {none,error,info,debug} + Verbosity level (default: debug) + +TruePolyglot v1.3 +</pre> + + <h2>Code</h2> + +<a href="https://git.hackade.org/truepolyglot.git/">Project Git repository</a> + + <h2>Contact</h2> +On <a href="https://webchat.freenode.net/">IRC Freenode</a> my nickname is hackade or by mail at <a href="mailtp:truepolyglot@hackade.org">truepolyglot@hackade.org</a>. + +</body> +</html> diff --git a/website/robots.txt b/website/robots.txt new file mode 100644 index 0000000..77470cb --- /dev/null +++ b/website/robots.txt @@ -0,0 +1,2 @@ +User-agent: * +Disallow: /
\ No newline at end of file diff --git a/website/samples/pdfzip/poc1/archive.zip b/website/samples/pdfzip/poc1/archive.zip Binary files differnew file mode 100644 index 0000000..c1eaa24 --- /dev/null +++ b/website/samples/pdfzip/poc1/archive.zip diff --git a/website/samples/pdfzip/poc1/doc.pdf b/website/samples/pdfzip/poc1/doc.pdf Binary files differnew file mode 100644 index 0000000..b31c420 --- /dev/null +++ b/website/samples/pdfzip/poc1/doc.pdf diff --git a/website/samples/pdfzip/poc1/polyglot.pdf b/website/samples/pdfzip/poc1/polyglot.pdf Binary files differnew file mode 100644 index 0000000..5943e1c --- /dev/null +++ b/website/samples/pdfzip/poc1/polyglot.pdf diff --git a/website/samples/pdfzip/poc2/file-FILE5_32.zip b/website/samples/pdfzip/poc2/file-FILE5_32.zip Binary files differnew file mode 100644 index 0000000..8a4b897 --- /dev/null +++ b/website/samples/pdfzip/poc2/file-FILE5_32.zip diff --git a/website/samples/pdfzip/poc2/orwell_1984.pdf b/website/samples/pdfzip/poc2/orwell_1984.pdf Binary files differnew file mode 100644 index 0000000..687d12a --- /dev/null +++ b/website/samples/pdfzip/poc2/orwell_1984.pdf diff --git a/website/samples/pdfzip/poc2/polyglot.pdf b/website/samples/pdfzip/poc2/polyglot.pdf Binary files differnew file mode 100644 index 0000000..497a427 --- /dev/null +++ b/website/samples/pdfzip/poc2/polyglot.pdf diff --git a/website/samples/pdfzip/poc3/fasmw17304.zip b/website/samples/pdfzip/poc3/fasmw17304.zip Binary files differnew file mode 100644 index 0000000..8e96137 --- /dev/null +++ b/website/samples/pdfzip/poc3/fasmw17304.zip diff --git a/website/samples/pdfzip/poc3/polyglot.pdf b/website/samples/pdfzip/poc3/polyglot.pdf Binary files differnew file mode 100644 index 0000000..a82491b --- /dev/null +++ b/website/samples/pdfzip/poc3/polyglot.pdf diff --git a/website/samples/pdfzip/poc3/x86asm.pdf b/website/samples/pdfzip/poc3/x86asm.pdf Binary files differnew file mode 100644 index 0000000..b7b9f4a --- /dev/null +++ b/website/samples/pdfzip/poc3/x86asm.pdf diff --git a/website/samples/pdfzip/poc6/eicar.zip b/website/samples/pdfzip/poc6/eicar.zip Binary files differnew file mode 100644 index 0000000..02850ca --- /dev/null +++ b/website/samples/pdfzip/poc6/eicar.zip diff --git a/website/samples/pdfzip/poc6/hexinator.pdf b/website/samples/pdfzip/poc6/hexinator.pdf Binary files differnew file mode 100644 index 0000000..0f87b0f --- /dev/null +++ b/website/samples/pdfzip/poc6/hexinator.pdf diff --git a/website/samples/pdfzip/poc6/polyglot.pdf b/website/samples/pdfzip/poc6/polyglot.pdf Binary files differnew file mode 100644 index 0000000..7957207 --- /dev/null +++ b/website/samples/pdfzip/poc6/polyglot.pdf diff --git a/website/samples/szippdf/poc5/electronics.pdf b/website/samples/szippdf/poc5/electronics.pdf Binary files differnew file mode 100644 index 0000000..6582363 --- /dev/null +++ b/website/samples/szippdf/poc5/electronics.pdf diff --git a/website/samples/szippdf/poc5/hello_world.jar b/website/samples/szippdf/poc5/hello_world.jar Binary files differnew file mode 100644 index 0000000..b875e1c --- /dev/null +++ b/website/samples/szippdf/poc5/hello_world.jar diff --git a/website/samples/szippdf/poc5/polyglot.pdf b/website/samples/szippdf/poc5/polyglot.pdf Binary files differnew file mode 100644 index 0000000..7733caf --- /dev/null +++ b/website/samples/szippdf/poc5/polyglot.pdf diff --git a/website/samples/zippdf/poc4/archive.zip b/website/samples/zippdf/poc4/archive.zip Binary files differnew file mode 100644 index 0000000..c1eaa24 --- /dev/null +++ b/website/samples/zippdf/poc4/archive.zip diff --git a/website/samples/zippdf/poc4/doc.pdf b/website/samples/zippdf/poc4/doc.pdf Binary files differnew file mode 100644 index 0000000..b31c420 --- /dev/null +++ b/website/samples/zippdf/poc4/doc.pdf diff --git a/website/samples/zippdf/poc4/polyglot.pdf b/website/samples/zippdf/poc4/polyglot.pdf Binary files differnew file mode 100644 index 0000000..0993dd4 --- /dev/null +++ b/website/samples/zippdf/poc4/polyglot.pdf diff --git a/website/start_server.sh b/website/start_server.sh new file mode 100755 index 0000000..0060e39 --- /dev/null +++ b/website/start_server.sh @@ -0,0 +1,3 @@ +#!/bin/bash +echo "http://127.0.0.1:8000" +python -m SimpleHTTPServer 8000 diff --git a/website/update.sh b/website/update.sh new file mode 100755 index 0000000..ed7f515 --- /dev/null +++ b/website/update.sh @@ -0,0 +1,2 @@ +#!/bin/bash +rsync -av --progress ./ -e ssh dragon:/var/www/html/truepolyglot/ |