Cracking encrypted PDF files

Source: Internet
Author: User
Tags decrypt

PDF encryption and decryption (3)-Crack encrypted PDF files

1. General password verification I think many people will always think about what they will do before learning a technology or other things. For example, the decryption of PDF files, I will think that the file content is encrypted, you must have a key to decrypt the file. This must be related to the required password. So what is the relationship between them? Of course there are many possibilities. A long time ago, some systems used plain text to save user passwords and passwords in the background, so that users can directly compare the user name and password when logging on to the system, of course, these usernames and passwords are all in the hands of administrators. When we focus more on system security, we use the hash function to generate hash sequences and store them in the database, which makes it safer, because the hash function is one-way, if there is no entered password, it is only a brute-force cracking method. If your password settings are relatively simple, it is easy to crack. Therefore, some websites with high security requirements do not require you to set the password too easily. How does one verify the password when decrypting a PDF file? Is the hash sequence generated by our password stored in the PDF file, and then generated into a hash sequence by the password you entered when opening, the two are compared, the password you entered will generate a key with other content in the PDF file, and then decrypt the key? This is just our idea. Is it true that the PDF file is decrypted? Figure 1 The hypothetical PDF decryption below is where we look for the answer to the question. 2. Password verification for PDF files In the previous articles, we also learned that PDF has two sets of passwords: one is the owner password, and the other is the user password, because the owner password is used to control permissions, in this article, we call it a permission password, which is used to open a file and a password. If both the open password and the permission password are set for a file, you only need to enter any password when opening the PDF file to open the encrypted PDF file. When we enter the password, the software that processes the PDF will first determine whether the permission password is used. If yes, all operation permissions will be open, the user can use the PDF file without any restrictions. If it is not a permission password, the user will judge whether the entered password is an open password. If the verification is successful, the PDF file will be decrypted, you can see the file content, but other operations on the file are restricted. Algorithm 3.6 and algorithm 3.7 describe the verification of user passwords and permission passwords respectively. If you have not read the previous article, you can take a look at it if you are interested. 2.1 algorithm 3.6 verify User Password1. Use the password provided by the user to execute the algorithm 3.4 (R2) or the algorithm 3.5 (R3 or higher ). 2. If the output in step 1 is the same as the U value in the encrypted dictionary in the PDF file (R2), or the first 16 bits are the same (R3 or higher ), because Version 3 or higher makes up the last 16 digits. The entered user password is correct and the file content can be decrypted according to algorithm 3.1. 2.2 algorithm 3.7 master password verification1. According to steps 1 to 4 of algorithm 3.3, a key is calculated from the provided password string. 2. (version 2 only) use the key obtained in step 1 to decrypt the o entry value in the encryption dictionary. (Version 3 or higher) for 20 times: Use the previous output as the next input for decryption; the key is obtained by the XOR (exclusive or) operation on the number of individual bytes and the number of cycles of the original key generated in step 1 (the number of cycles ranges from 19 to 0 ). The following is the pseudo code for this process: Test [32] = 32-Bit String Value of entry O in the encryption dictionary object; temkey = test [32]; keylength = length/8; for (I = 19; I> = 0; -- I) {for (j = 0; j <keylength; ++ J) {tmpkey [J] = filekey [J] ^ I;} rc4initkey (tmpkey, keylength, fstate); FX = FY = 0; For (j = 0; j <32; ++ J) {test [J] = rc4decryptbyte (fstate, & FX, & fy, test [J]) ;}} the result of step 2 is assumed to be a user password, which is verified by algorithm 6. If the password is correct, the provided password is the owner password ). 3 possible cracking methods I think many people are most interested in cracking encrypted PDF files. I will also discuss whether password-encrypted PDF files can be cracked? Which methods can be used to crack password-encrypted PDF files? The answer to the first question is obvious. There is no encryption method that is absolutely secure and cannot be cracked. What we often say is that it takes a long time to crack, it's long before it makes no sense for your cracked content. Next let's take a look at some common methods to crack encrypted PDF files. 3.1 conventional brute-force crackingThis is an effective method for any system or encrypted file that requires password verification or decryption. The simplest method is to calculate the hash sequence for comparison. This method is very effective when the password or password is set very easily. The password and permission are verified based on algorithm 3.6 and algorithm 3.7. 3.2 password tableThe password table is mainly improved based on brute-force cracking. It is mainly intended for some people to use some easily remembered content, such as phone numbers, such as birthdays, when setting passwords, for example, email. Therefore, if you create some common password tables or rules, the matching speed may be faster. The password and permission password must be verified based on algorithm 3.6 and algorithm 3.7. 3.3 decrypt part of the contentFor passwords that are generated randomly by machines and are complex and long (up to 32 bytes), the above two methods are unlikely to be used for cracking. Or the cost of cracking is huge. According to the current computer, it may take tens of thousands of years. If you know part of the file, you can guess the file key. For example, if you know that the file title is "ABC", you can use the encryption key you guessed to encrypt the plaintext title "ABC, then compare whether the ciphertext in the ciphertext and the PDF file are consistent. If the ciphertext is consistent, this is the key, so that the file can be decrypted without passing through the regular authentication permission password and open password. Figure 2 shows part of plaintext cracking. In this case, if the key length is short, it is easy to crack the file. 3.4 improvement of PDF Encryption AlgorithmThe encryption algorithm for PDF content starts from ipv1.6 and supports the AES encryption algorithm. The block size is 16 bytes in the CBC mode. This algorithm is characterized by generating a random string as the initial encryption vector, the encryption of the following content is related to the initial time vector. Therefore, even if you know part of the file content, you cannot use method 3 to crack the PDF file key.

3.5 decrypt a PDF file with only a permission Password The content of the PDF file with only the permission password set is encrypted, but the encrypted key can be calculated through the encryption dictionary at this time, therefore, you do not need to enter any password for decryption. For more information about the password generation process, see the previous article. 4. SummaryThis article describes in detail the process of verifying the PDF password, and also briefly introduces possible methods to crack the encrypted PDF file. Of course, the purpose of discussing the method is not to want you to build a software, use your software to crack encrypted PDF files. Only hope that you can understand the decryption process of the entire PDF file. At the same time, through the introduction of the PDF file decryption process, you can also master some general procedures and methods of encryption of other formats. Of course, if you have made a software program that can remove the open password, you may be able to help friends like "Haoran visible" and forget their own password to open the PDF file. In the next article, I would like to discuss the public key encryption (certificate encryption) and signature in the PDF file. If you are interested, you can continue to pay attention to it.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.