Re: PDF modifications?

[Vladimir Katalov <vkatalov () elcomsoft com>]

In-Reply-To: <98A3855A9087D411952F00508B61BD40046F02CA () zajnbnt006 dtt co za>

> If the PDF requires a password to open, I'm not sure you 
can do anything
> about cracking it, other than brute forcing the password 
(haven't looked for
> any tools for this)

You can. For Acrobat 4.x files (PDF 1.3 specification), 
encryption key (RC4) is 40 bits only -- so it's possible to 
try all 40-bit keys instead of all passwords. With the good 
low-level optimization, trying one key takes only about 
1,000 CPU circles (on P6), so complete recovery would take 
only a few days. On dual-CPU system with Athlon MP 1800+, 
our software does that is maximum 4 days, regardless 
password length and complexity!

Acrobat 5.x, however, can use 128-bit RC4 encryption, so it 
is not possible to try all the keys.

> If the PDF is openable and viewable, but is "protected", 
so that you can't
> select or print or annotate, that is easily bypassed with 
almost any
> non-Adobe PDF viewer, such as xpdf, which simply elects 
not to honour that
> setting in the PDF. The data is all there, because you can 
view it, it is
> simply a case of the software choosing to not let you 
select it.

No exactly. Even if the document is openable, but you 
cannot copy or print -- it is really encrypted using with 
the same algorithm (RC4). However, decryption key can be 
calculated from the document (PDF Info Dictionary records).

/Vladimir
http://pdf.elcomsoft.com