Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 2 Jun 2011 14:25:27 -0700
From: Dhiru Kholia <>
Subject: Re: adding PDF password cracking support to JtR [early alpha release]


Here is a new version of the patch (also uploaded to wiki) which
applies on top of john-1.7.7-jumbo-5. Thanks magnum for the quick
review and porting to jumbo-5 help.

Usage Instructions:

Apply the patch on top of john-1.7.7-jumbo-5. Run unpdf tool on
password protected pdf files. Run john on unpdf's output.

Please note that sample password protected pdf files can be downloaded
from :

$ ../run/john -test -format=pdf
Benchmarking: pdf [32/64]... DONE
Many salts:	12424 c/s real, 12424 c/s virtual
Only one salt:	19659 c/s real, 19659 c/s virtual

This is for a pdf file protected using userpassword and using RC4
128-bit cipher.
pdfcrack used to achieve around 35K passwords/sec. I will profile
later on to see what is going on.

$ ../run/john pdfdump # pdfdump is included in the patch
Loaded 4 password hashes with 4 different salts (pdf [32/64])
testpassword     (test-5-RC4-128-open-testpassword.pdf)
test             (test-3-RC4-40-open-test.pdf)
testpassword     (test-3-RC4-40-open-testpassword.pdf)
test             (PDF-Example-Password.pdf)

TODO: biggest item is adding support for Adobe 7 and later files which
use 128-bit AES and 256-bit AES ciphers. This will involve some
pdfparser.c hacking. Henning, any tips :-)  ?


Download attachment "john-1.7.7-jumbo-5-pdf-3.diff.gz" of type "application/x-gzip" (16981 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.