7 replies to this topic

[danett18]

Yo guys,

I have a PDF and when I try open it ask for a password, I tryed to crack it with several pdf crackers that I found in the internet (even the ones from Elcom software, PDFcracker, ...) and all without sucess.

A image of how password is asked can be showed below:

hxxp://www.sendspace.com/file/n4uzbj

Someone can help me in crack/unprotect it?

Thank you

Cheers

[x@ros2000]

hxxp://pdfcrack.sourceforge.net

Command-line based bruteforcer.Builds under Cygwin with no major problems,and works like a charm.
I had uploaded here in GSO a binary of an early version...check here:
hxxp://www.governmentsecurity.org/forum/index.php?showtopic=21514

I also had posted some binaries in the pdfcrack's forum itself...
hxxp://sourceforge.net/forum/forum.php?thread_id=1531079&forum_id=575586
And from what I see,there's more people posting cygwin-based binaries there ;-)

Then,read this nifty paper for an intro to PDF cryptography implementations:
hxxp://www.cs.cmu.edu/~dst/Adobe/Gallery/ds-defcon2/ds-defcon.html

Well,that's all...just make sure you read the aformentioned paper,
in order to be able to understand how to use pdfcrack...

[danett18]

Yo x@ros2000,

Thank you for reply.

I taked a look at the presentation, very intersting... however is possible based in the .pdf generate discover what tool were used to generate it?

I belive my .pdf have a REALLY strong password, so I already tryed against it some brute force (all combinations <7 chars) and some combinations >7 with a-z and 0-9 for 7 days and nothing until now...

Is there any more reliable way?

My identification of the version of pdf is:

PDF version 1.6
Security Handler: Standard
V: 2
R: 3
P: -3904
Length: 128
Encrypted Metadata: True
FileID: 228aa6693b146290a3c8a3e0565cc9dc
U: 8aaec6a80de8e51164465e2bf749c40200000000000000000000000000000000
O: 0d5ecdbed50cad7e662d6826e39c2474ea47dceb731262e474dfb906e8c7f0f0

Also, based on document appear that key search find is more reliable... do you know any tool that can do it (preferable in cluster - with support to share nodes) ?

Also, the key is a MD5, not? So the use of Rainbow Tables can't help in discover the key?

Thank you,

Cheers

hxxp://pdfcrack.sourceforge.net

Command-line based bruteforcer.Builds under Cygwin with no major problems,and works like a charm.
I had uploaded here in GSO a binary of an early version...check here:
hxxp://www.governmentsecurity.org/forum/index.php?showtopic=21514

I also had posted some binaries versions in the pdfcrack's forum itself...
hxxp://sourceforge.net/forum/forum.php?thread_id=1531079&forum_id=575586
And from what I see,there's more people posting cygwin-based binaries there ;-)

Then,read this nifty paper for an intro to PDF cryptography implementations:
hxxp://www.cs.cmu.edu/~dst/Adobe/Gallery/ds-defcon2/ds-defcon.html

Well,that's all...just make sure you read the aformentioned paper,
in order to be able to understand how to use pdfcrack...

[x@ros2000]

...however is possible based in the .pdf generate discover what tool were used to generate it?

So the use of Rainbow Tables can't help in discover the key?

Nope...rainbow tables are irrelevant to pdf-cracking....

Regarding detecting the tool that generated it...
Usually,most developers store their product's name into the .pdf 's metadata:
in Adobe Reader,you just go to File-Properties-Description-'PDF Producer" section.
But since it's encrypted...obviously you can't ;-)
Maybe you could use pdfinfo from the xpdf package to extract this info?
hxxp://www.foolabs.com/xpdf/download.html
Also,you could give a try with this one,it's a gui-based .pdf metadata viewer/editor,
(although I really doubt this would work without providing a password first):
hxxp://www.becyhome.de/becypdfmetaedit/description_eng.htm
As a last resort,just fire-up a "strings" utility...

In any case,discovering the tool that built this .pdf,
would certainly help in understanding what is that we have to deal with,
but I can't see a way(a "direct" way,at least),
in which it would assist on speeding-up the bruteforcing process...

As for PDF version 1.6...
this means the file in question can't be opened/displayed correctly in older pdf viewers...
you'll need at least Adobe Reader 7 to use it.
As for Length 128...this is obviously the number of the RC4 encryption bits....

Conclusion(in short):
Use all alphanumeric strings in pdfcrack(or Elcomsoft),and be patient...

[danett18]

Hi,

Thank you for all information.

Really a key search brute force for 128bits will not be so fast, but should be cool too.

I belive this pdfcracks need to enhance, at last add key search bruteforce and and applications that support cluster...

Regards,

Cheers

[the0ne]

Hi m8

First of all: Is this your file you forgot password?
Second once: Can you upload this file to an other location I will try something and maybe have luck...


greetz

[Dabby Parker]

Try one the best free PDF Password Cracker Online tool to unprotected PDF protected files, that are imposed with owner password security. To decrypt PDF file and to open protected PDF files SysTools for PDF Unlocker helps you with 100% effective result and enables users to copy/edit/print/extract data from PDF documents.

[StevenK]

hey friends
A software tool named as SysInfoTools PDF Protect and Unprotect v2.0 can help you to unprotect the PDF protected files.as it helped me. It is really very genuine product. I used it couple of times and quite satisfied with it.
http://www.sysinfoto...nprotected.html
Visit the above link for more information.
Have a try