john
john copied to clipboard
openwall
Adding support for PDF owner password
I added code to crack the PDF owner password. https://github.com/DidierStevens/john/blob/bleeding-jumbo/src/pdfo_fmt_plug.c
If you are interested in a pull request, please let me know.
Didier
If you are interested in a pull request, please let me know.
Yes, please. Thank you!
What tool produces those $pdfo$ "hashes", though? Should this be added to our pdf2john.pl? Will you add it?
Also, we'll need your copyright and license statement in there, but then the original pdf_fmt_plug.c is problematic in this respect - maybe @kholia can help fix both.
Indeed, I can adapt pdf2john.pl to create $pdfo$ hash.
And I did notice in one of the text files that there are issues with license of original pdf_fmt_pluc.c. Help would be welcome regarding copyright & license statement :-) Personally, I don't need copyright for the code that I wrote. But if that is important for the project, I'll just add it.
Perhaps for now you can write this in the comment:
* The changes relative to pdf_fmt_plug.c are
* Copyright (c) 2022 Didier Stevens
* Redistribution and use in source and binary forms, with or without
* modification, are permitted.
This will at least not make things worse, letting us fix things for both files later. And this trivial license is GNU GPL-compatible, so we'll be able to say the file as a whole is under GNU GPL (some version[s]) if we have to.
Thanks for your help! I made the change and did commit in my repository. I'll do pdf2john.pl in the coming days.
Maybe you'd want to checkout Hashcat's 25400 https://github.com/hashcat/hashcat/pull/2877
$pdfo is a nice idea but will break interopability
Thanks, @thatux. I agree we should ideally use the same encoding you introduced in hashcat - which is simply adding the user password as a final field, right? (Same $pdf$ tag, no length field.)
@DidierStevens Can you please implement this? One way would be to do everything in pdf_fmt_plug.c. The other would be to have these two formats' valid distinguish their respective inputs by presence/absence of the extra field.
Is the amount of processing (and thus speed) similar when cracking user vs. owner passwords? If not, that's a reason to at least expose this difference as a "tunable cost" or to use separate format structs (in one or two source files).
@thatux can you confirm what @solardiz is summarizing about the format?
@solardiz yes, I should be able to do this in the existing pdf plugin.
Hi @DidierStevens and @solardiz
Yes, what @solardiz said is correct, there is one more field that represents the user password, if it's present in the hash, then it is used. It is not used otherwise.
The speeds for the user and ower hashes are roughly the same
------------------------------------------------------------------
* Hash-Mode 10500 (PDF 1.4 - 1.6 (Acrobat 5 - 8)) [Iterations: 70]
------------------------------------------------------------------
Speed.#1.........: 56662.8 kH/s (29.35ms) @ Accel:1024 Loops:70 Thr:32 Vec:1
----------------------------------------------------------------------------------------
* Hash-Mode 25400 (PDF 1.4 - 1.6 (Acrobat 5 - 8) - user and owner pass) [Iterations: 70]
----------------------------------------------------------------------------------------
Speed.#1.........: 52987.6 kH/s (32.66ms) @ Accel:1024 Loops:70 Thr:32 Vec:1
You can check (and use) the test files and test hashes I've created for the pdf attacks: https://github.com/hashcat/hashcat/blob/master/tools/pdf_tests/_README.txt
This'd be the hash for the owner password with the user password as part of the hash https://github.com/hashcat/hashcat/blob/master/tools/pdf_tests/user-owner_userpw-in-hash.hash
And this the cracking result: https://github.com/hashcat/hashcat/blob/master/tools/pdf_tests/user-owner_userpw-in-hash.in
@DidierStevens If I remember correctly you can decrypt the user password if you recover the owner password, not sure whether you implemented that?