Re: PDF modifications?

["Bogdan Tomchuk" <bogdan.tomchuk () polytechnique fr>]

Globally answer is Yes, you always could codify and copy any document you
could see.

In case of PDF, the task could be complicated by the method and the origin
of the data used to create this document. Generally, PDF file is kind of
compressed Postscript file, and so inside it could be compressed bitmap
file, text in outline form, or just test with format and font information.



- Bitmap data could be recognized by classical OCR software like
OmniPage/FineReader



- In case of text in data-vector form, test normally should be first go
thought RIP (ghost for example) then proceeded as in case of  bitmap data



- Text  could be extracted from file or captured by directly by hacking text
output handler



Some complication like password protection was excelently explaind by
Vladimir Katalov:



----- Original Message -----
From: "Vladimir Katalov" <vkatalov () elcomsoft com>
To: <vuln-dev () securityfocus com>
Sent: Friday, May 17, 2002 12:01 PM
Subject: Re: PDF modifications?


> In-Reply-To:
<98A3855A9087D411952F00508B61BD40046F02CA () zajnbnt006 dtt co za>
> > If the PDF requires a password to open, I'm not sure you
> can do anything
> > about cracking it, other than brute forcing the password
> (haven't looked for
> > any tools for this)
>
> You can. For Acrobat 4.x files (PDF 1.3 specification),
> encryption key (RC4) is 40 bits only -- so it's possible to
> try all 40-bit keys instead of all passwords. With the good
> low-level optimization, trying one key takes only about
> 1,000 CPU circles (on P6), so complete recovery would take
> only a few days. On dual-CPU system with Athlon MP 1800+,
> our software does that is maximum 4 days, regardless
> password length and complexity!
>
> Acrobat 5.x, however, can use 128-bit RC4 encryption, so it
> is not possible to try all the keys.
>
> > If the PDF is openable and viewable, but is "protected",
> so that you can't
> > select or print or annotate, that is easily bypassed with
> almost any
> > non-Adobe PDF viewer, such as xpdf, which simply elects
> not to honour that
> > setting in the PDF. The data is all there, because you can
> view it, it is
> > simply a case of the software choosing to not let you
> select it.
>
> No exactly. Even if the document is openable, but you
> cannot copy or print -- it is really encrypted using with
> the same algorithm (RC4). However, decryption key can be
> calculated from the document (PDF Info Dictionary records).
>
> /Vladimir
> http://pdf.elcomsoft.com



----- Original Message -----
From: "bad bob" <sfmc68 () bellatlantic net>
To: "vuln-dev" <vuln-dev () securityfocus com>
Sent: Thursday, May 16, 2002 3:13 AM
Subject: PDF modifications?


> Aside from screen scrubbers or frame grabbers, are there any tools
> or techniques that can be used to make copies of, and thus modify
> PDF docs?
>
> thanks
> bob