
There are two versions of the test.sh shell script, one in each directory.

Before running, please examine them closely, then set the executable permission bit.

They only vary by a 640 byte SHA-1 collision block embedded in the middle of each file, which
is carefully positioned just after a BitTorrent piece boundary.  Both files will have the
exact same BitTorrent SHA-1 info hash, and the same piece hashes within, if used to create a
single-file v1.0 torrent with a piece size that is any power of two, up to 256 KB.

When run, one version will display a message saying everything is fine, the other will not.

This technique could be used to establish a torrent containing a piece of software that appears
safe and works correctly, but is later transparently swapped out for the alternate version
containing the other collision block.  The software could detect this via a self-check and then
run an alternate code path.

This demonstration was created by Kevin Hearn (kh@tixati.com) September 29, 2025.


