[CBMPET2001]

I think they're referring to the 'signed checksum' field on the document, and this line from the article

> Interestingly, the certificate page was identical in both documents, including the checksums, despite the content being different.

I think they took this to mean that the signed copy and the copy with the fraudulent addendum both hashed to the same checksum, but I'm not sure that's what was meant; based on the article it's not obvious to me that OP was able to check the signed checksum, though I can't imagine they didn't try. It's the 'original checksum' field that matched the base.pdf clean document without signature or addendum.

[mjg59]

No, the modified copy included the same certificate page simply because it was a modified copy of the PDF with the certificate page. There's no actual way I've determined to verify the signed checksum field.

[CBMPET2001]

Ah, so the 'signed checksum' field isn't actually the checksum of the signed document? How odd . . . but yeah, now that I think about it, they couldn't know the hash of a document before they generate it, but they would need to in order to include it in the document, hence an impossible cycle; they must have overlooked that . . .

[mjg59]

Right, it's the hash of the document before they add the certificate page, but unfortunately there's no easy way to extract that to calculate it