The Shattered attack finds a different file/message B that has the same SHA-1 hash as a file/message A, but only if some section of the data in A has a characteristic that won't happen by chance. For most file formats/data semantic, that still allows attack by adversaries that can't alter the meaning/appearance/effect of A, but can slightly influence the binary content of A.
I have a source data A and a hash H(A) of this A. Is it possible by google's shattered docs to create a new data B that outputs this H(A)?
The answer depends on the data A, which itself depends on how A was obtained or produced, which the question does not state or allow to guess.
- Yes, without computational effort, if A starts with one of two particular 320-byte values that the Shattered attack gave. We can just replace one with the other to form B with the same SHA-1 hash. This can (among other things) be used to effortlessly make two different valid PDF files with slightly different byte content and entirely different visual appearance.
- No, if A is less than about 125 bytes, when sticking to the method in the Shattered paper, even with their computational effort. But we must lower that limit to about 19 bytes if we change the method and accept an increase of the computational effort by a modest factor (about 250 thousands) to about $2^{81}$ SHA-1 hashes.
- Yes, with the computational effort of Shattered, if an adversary can choose the first 128 bytes of A. That's still the Shattered attack, but it requires sizable work. We can lower that limit to 64 bytes is we accept the increase in computational effort of the previous point.
- Yes, as an extension of 3, if the adversary knows the first $n$ bytes of A and can choose the next $128+(-n\bmod 64)$ bytes. And we must lower that to $64+(-n\bmod 64)$ bytes with the increased computational effort. This can be further extended to the adversary choosing about 20 bytes worth of information in any the first $64\,f$ bytes of A with knowledge of that section of A, and a further increase in work by a factor no larger than $f$.
- Yes, as a consequence of 4, if A is prepared in a way under control of an adversary, e.g. if A is a PDF document, PNG image, CD/DVD "ISO" image, perhaps executable file prepared using tools crafted by an adversary. For digital certificates, see this question.
- No, if A passes the test provided by the Shattered authors and we stick to their attack method. But their test can't guard against other attacks of comparable cost, and no test can guard against attacks with modestly increased cost.
- No, if there is at least say 64 bits of entropy in the first 64 bytes of A that are unknown to an adversary at a time when the adversary can influence A, for any feasible computational effort. That includes random A, and digital certificates issued by certification authorities taking the simple precaution of using randomized serial numbers at start of the certificate.
I want to make sure that the format of the file is not limited to PDF.
The Shattered attack and extension are not limited to PDF, see 3/4/5. It can be carried (with some work) with any file format without some internal redundancy check; that is, most. Further, prefixes analogs to 1 (which is specialized for inexpensive forgery of PDF) can be devised for many formats including JPEG, PNG, GIF, MP4, JPEG2000, Portable Excutable format, and many more, with sizable but feasible work to be done only once. The prefixes of 1 even work with some existing file formats, e.g. audio and video for players that skip over what they do not recognize (since the question does not ask that the different A and B behave differently; that would be hard to achieve with the prefixes of 1 for something not PDF, and a standard player not crafted for the purpose).
If in doubt: better safe than sorry, assume that yes the attack is possible, and use an unbroken and significantly wider hash than SHA-1
the (principle) of the paper is to complement two message blocks
Not exactly. It's complemented some few bits in two consecutive message blocks (64 byte each), which content is chosen (with sizable but feasible work) as a function of the hash state before processing these two message block. Therefore the content of these two messages blocks in A is not arbitrary, it must match these painfully computed 128 bytes. Such match won't happen by accident (e.g. for random A), it requires some control on A, and knowledge of the state of the hash before hashing these two blocks. Such knowledge can be obtained by knowing the part of message A before these two blocks of A one must choose to make the attack work.
An attack that works for arbitrary A would be a (second) preimage attack. Such attack is not known for SHA-1.