Vulnerability Development mailing list archives
Re: PDF modifications?
From: "Bogdan Tomchuk" <bogdan.tomchuk () polytechnique fr>
Date: Fri, 17 May 2002 22:50:43 +0200
Globally answer is Yes, you always could codify and copy any document you could see. In case of PDF, the task could be complicated by the method and the origin of the data used to create this document. Generally, PDF file is kind of compressed Postscript file, and so inside it could be compressed bitmap file, text in outline form, or just test with format and font information. - Bitmap data could be recognized by classical OCR software like OmniPage/FineReader - In case of text in data-vector form, test normally should be first go thought RIP (ghost for example) then proceeded as in case of bitmap data - Text could be extracted from file or captured by directly by hacking text output handler Some complication like password protection was excelently explaind by Vladimir Katalov: ----- Original Message ----- From: "Vladimir Katalov" <vkatalov () elcomsoft com> To: <vuln-dev () securityfocus com> Sent: Friday, May 17, 2002 12:01 PM Subject: Re: PDF modifications?
In-Reply-To:
<98A3855A9087D411952F00508B61BD40046F02CA () zajnbnt006 dtt co za>
If the PDF requires a password to open, I'm not sure youcan do anythingabout cracking it, other than brute forcing the password(haven't looked forany tools for this)You can. For Acrobat 4.x files (PDF 1.3 specification), encryption key (RC4) is 40 bits only -- so it's possible to try all 40-bit keys instead of all passwords. With the good low-level optimization, trying one key takes only about 1,000 CPU circles (on P6), so complete recovery would take only a few days. On dual-CPU system with Athlon MP 1800+, our software does that is maximum 4 days, regardless password length and complexity! Acrobat 5.x, however, can use 128-bit RC4 encryption, so it is not possible to try all the keys.If the PDF is openable and viewable, but is "protected",so that you can'tselect or print or annotate, that is easily bypassed withalmost anynon-Adobe PDF viewer, such as xpdf, which simply electsnot to honour thatsetting in the PDF. The data is all there, because you canview it, it issimply a case of the software choosing to not let youselect it. No exactly. Even if the document is openable, but you cannot copy or print -- it is really encrypted using with the same algorithm (RC4). However, decryption key can be calculated from the document (PDF Info Dictionary records). /Vladimir http://pdf.elcomsoft.com
----- Original Message ----- From: "bad bob" <sfmc68 () bellatlantic net> To: "vuln-dev" <vuln-dev () securityfocus com> Sent: Thursday, May 16, 2002 3:13 AM Subject: PDF modifications?
Aside from screen scrubbers or frame grabbers, are there any tools or techniques that can be used to make copies of, and thus modify PDF docs? thanks bob
Current thread:
- Re: PDF modifications?, (continued)
- Re: PDF modifications? Peter Kristolaitis (May 15)
- Re: PDF modifications? Blue Boar (May 15)
- RE: PDF modifications? Elan Hasson (May 16)
- Re: PDF modifications? Kurt Seifried (May 15)
- Re: PDF modifications? Sumit Dhar (May 16)
- Re: PDF modifications? Mika Boström (May 16)
- Re: PDF modifications? Matthew Leeds (May 16)
- RE: PDF modifications? Elan Hasson (May 16)
- Re: PDF modifications? Sumit Dhar (May 16)
- Re: PDF modifications? Marukka (May 15)
- RE: PDF modifications? security (May 16)
- Re: PDF modifications? Bogdan Tomchuk (May 17)
- RE: PDF modifications? Tziortzis,George (May 16)
- RE: PDF modifications? Javier Otero (May 16)
- RE: PDF modifications? Dawes, Rogan (ZA - Johannesburg) (May 17)
- Re: PDF modifications? Valdis . Kletnieks (May 17)
- RE: PDF modifications? João Sobral (May 17)
- RE: PDF modifications? Matthew Leeds (May 17)
- Re: PDF modifications? Valdis . Kletnieks (May 17)