What can go wrong in the BitTorrent protocol once SHA1 collisions become reality?

A few days after the disclosure of SHAttered, it begins to pop up some ‘practical’ use of SHA1 collisions:

The BitErrant attack is a fun little exploit that shows what can go wrong in the BitTorrent protocol when SHA1 collisions become reality.

SHA1 collisions resulting in chunks of the downloaded file become replaceable with a chunk that is completely different, corrupting the downloaded file OR triggering backdoor functionalities.

An attacker can alter the execution path of the executable by serving altered chunks when the victim is downloading the executable using the BitTorrent protocol.

An attacker can create an executable file which when executed looks harmless, but will change its execution path based on what data is inside the SHATTER region. Of course when checked with AntiVirus software the file will look okay as the malicious code is hidden in an encrypted blob, and will never get executed. Right?

Well, not quite. If the attacker has two chunk sized blob of data with matching SHA1 hash -looking at you SHAttered- and taking some constraints into account, generating two executables with different data but yielding the same .torrent file is possible!


Is this something serious?

NO. at least not right now. I might reevaluate this statement when this gets used in the wild.

How can I protect myself?

Always cross-check the MD4 MD5 SHA1 SHA256 hash of the downloaded file. Good luck finding torrent sites that publish such hashes :)

There is an option when generating torrent files to include the MD5 hash of the full datafile in the generated torrent file. Most of the time it’s not used, not even sure if all torrent clients respect it.

More technical information on official website: