contact

games
videos
music
our sites Top 10 Protected PDF Hacks
articles
Top 10 PDF cracks
python How to convert to PDF
javascript DRM restriction removal
How to hack "protected" PDF
c, c++
page styles Top 10 ways to unlock secure, protected PDF files, such as college eBooks, for
easy offline viewing on mobile devices. Convert images to PDF, and more.

What are PDF Files?

According to Wikipedia, the
Portable Document Format
(PDF) format is a subset of the
PostScript format that
concentrates on layouts and
graphics, including
compression, encryption, and
embedded fonts. This makes
sense having read somewhere
that there is usually no problem
with renaming .pdf files to .ps
and treating them as PostScript
for programs and scripts that
operate on those types of files.
Furthermore, one could surmise that renaming .ps files to .pdf is probably a bad
idea because .ps files may contain additional capabilities not found in the PDF
specifications. Adobe graciously allows royalty-free hacking of their patented PDF
format by lowly software developers like us.

Why Cracking is Necessary

If somebody creates a PDF and then forgets the password, they need some way to
recover the lost password.

Some school or company eBooks can not be opened or viewed without an active
Internet connection to unlock content. This presents a problem for students and
professionals who travel, or are otherwise not always online.

Once unlocked, some PDFs can be viewed offline, but only from within Adobe
Reader, and only if they reside in the same folder in which they were decrypted.
This presents problems for readers who don't like Adobe, and those who use
removable drives or habitually organize their folders.

The remote host required by the protected PDF plugin will not be there forever.
Hence, remotely-locked and protected PDF files will eventually quit working. They
are like books that must be returned to the library. If they were purchased they
should be converted into a plain, unencrypted format ASAP!

Once opened, most remotely-locked and protected PDFs allow printing. A clever
person might try printing to a PostScript file, but the resulting PostScript file is still
protected against ps2pdf converting it back to PDF.
ps2pdf output.ps
This PostScript file was created from an encrypted PDF file.
Redistilling encrypted PDF is not permitted.

Why Cracking is Not Necessary

This information is provided for personal, professional, and educational use only!
The companies involved have released newer software, so we can read these
documents on our devices without resorting to hacks. Illegally distributing
Copyrighted material is illegal in most parts of the world. Depending on the locale,
there could be additional penalties for cracking PDF passwords, or removing digital
rights management (DRM) restrictions in connection with distribtion. We assert our
basic human rights, including the right to customize material that we created,
bargained for, or purchased. We expect to be able to modify our digital assets for
our own uses, such as for offline presentation on other devices. We also expect to
be able to gift, donate, loan, and even re-sell our dog-eared eBooks to friends as
one would anything else, such as "books." That said, even asserting ones own
digital rights these days could lead one into trouble. Many companies and schools
have policies against using their computers for resource-intensive tasks such as
cracking passwords. If there are any questions seek professional legal counsel.

Why Use Free and Open Source Tools?

Most PDF unlocker programs found on the Internet today are proprietary. That is
they are programs for which no source code can be viewed. It is not good practice
to go around downloading and running proprietary software. These programs could
contain anything. Just because they pass a virus scan, or cost a lot, does not mean
they are safe. New viruses, bugs, and backdoors are made all the time. At least
with open source there are many eyes presumably reviewing the code. The mere
presence of source code does not guarantee absolute safety. Therefore, the best
security practice is to review and compile the code for oneself, or rely on a trusted
software distribution center, or distro, to review and compile the code and provide
signed binaries for download.

PDF Encryption
Our research indicates that there are at
least three broad, general types of
protections for PDF files.

User password - Password

required to decrypt and open
PDF file
Owner password - Security
signatures prevent copying, etc...
3rd party JS - Content unlocked
via the Internet.

PDF unlocker programs found on the Internet today only deal with user password
and owner passwords. None of these programs deal with PDF files that encrypt the
content using 3rd party plug-ins (but we can remove the plugins using free and
open source tools, provided that we can use the password first to unlock and permit
the plugin to download the secret content).

PDF files with 3rd party plug-ins have a login page on page 1, where the viewer
enters their username and password. The remaining pages appear blank until they
are unlocked.

3rd party plug-ins employ JavaScript (JS) on the password page to send the
password or certificate to a 3rd party server. This requires an active Internet
connection. If the computer is offline, Adobe Reader will respond with a not-so-
friendly "unknown error" and can't open the PDF. Once connected and the unlock
request finally gets through, the 3rd party server verifies the login and either
responds with the actual content, or exchanges a certificate to unlock the file
contents for viewing. From that point on, Adobe's reader may prevent access if the
file has been copied to another device, or even to another location on the same PC.
Additional JS may track the file whenever and wherever it is opened, reporting
potential Copyright violations.

Usually a document that uses 3rd party JS is also restricted using one or more of
the following security signatures as well.

Security Signatures
According to PDF Rights Management, Adobe's questionable implementation of
Digital rights management (DRM) controls and security signatures started with
allowing the creation of documents with any of the following restrictions:

printing
modification
copying
adding / changing comments or form fields

Later PDF restriction possibilities were refined to include restricting assembly,

extraction for accessibility, commenting, filling in form fields, signing, or template
creation. Starting with PDF 1.5 these permissions are managed by usage rights
(UR) signatures (Wikipedia).

Now on to the hacks.

Top Ten Protected PDF Hacks

Hack Number 1
Tools: Web Browser, Bookshelf

Target: All

Students using the popular Bookshelf online ebook viewer web page can print
copies using "print frame" or "save frame" techniques. Bookshelf's print button may
say something like, "printing of this title is restricted to two pages at a time," with
restrictions set by publisher. Simply open the book in Bookshelf's online viewer,
right-click on the frame containing the book or chapter, choose "this frame", and
either "print frame", or "save frame". Voila! All pages are printed or saved. This is
confirmed to work on Firefox and Chrome web browsers, printing, or saving to any
of HTML, PostScript, or PDF formats.
Not using Bookshelf? Find an unencrypted copy of the ebook viewable or
downloadable online. With so many file sharing sites, ebook readers, and search
engines out there, one can find earlier versions, or unencrypted copies of just about
anything free or cheap. Dig through Google Books, Amazon, Pastebin, Bearshare,
Pirate Bay, The Dark Web. Gopher. FTP it. Usenet still exists...

Caution: Proprietary Viewers. The installable Bookshelf app (not to be confused

with the Bookshelf web page we just used) purports to download ebooks for offline
viewing on Windows, iOS, OSX, Android, and Kindle. This requires purchase and
activation of Bookshelf app on up to two machines. It is doubtful that the resulting
downloads can be copied or shared as they would remain encrypted and controlled
within the Bookshelf downloads folder where they can spy on users and report on
their whereabouts when opened. Bookshelf apps appear to be proprietary and not
recommended.

Hack Number 2
Tools: Adobe Reader, qpdf and Ghostscript's ps2pdf

Target: 3rd party JS, content restrictions.

This method entails first downloading the PDF ebook, and running qpdf on the
download using the --qdf option to normalize and uncompress the data. Once
normalized and uncompressed, the PDF may be unlocked from within Adobe
Reader and printed to file. The resulting PostScript file is unprotected and may be
freely redistilled (converted) back to PDF with Ghostscript's ps2pdf. Presto. No
more "Redistilling encrypted PDF is not permitted" message!
qpdf --qdf input.pdf output.pdf
acroread output.pdf # unlock, print-to-file output.ps
ps2pdf output.ps # output.pdf is now unlocked

Hack Number 3
Tools: Adobe Reader, sed, and Ghostscript's ps2pdf

Target: 3rd party JS, content restrictions.

This method entails using Adobe Reader to unlock the file via the Internet in the
usual way and then print to file. The resulting PostScript file is protected and has to
be hacked with sed before it can be redistilled (converted) back to PDF with
Ghostscript's ps2pdf. The conversion process runs very slowly because of
PostScript errors introduced from the sed hack, but it is good for small chapters
when technique #1 does not work, or when qpdf can not be installed on the system.
acroread output.pdf # unlock, print-to-file output.ps
sed "/mark currentfile eexec/,/cleartomark/ d" output.ps | \
ps2pdf - output.pdf

Hack Number 4
Tools: pdfcrack

Target: password-protected PDF

Bonus: Free and Open Source

Drawback: Not for 3rd party JS

If somebody creates a PDF and then loses the password, they can recover the
password with the pdfcrack command line password recovery tool. The tool
leverages a brute force attack against the PDF password until it opens. The attack
proceeds offline and nothing is exchaned via the Internet. Owner passwords can be
found with the -o switch. Password cracking of longer passwords can take days or
weeks to crack, so we limit the password length to 9 characters. This hack can not
and does not work over the Internet with content locked by a 3rd party JS plugin.
How could it? It would have to hack into the 3rd party server to do that!
pdfcrack -n 9 input.pdf

Hack Number 5
Tools: Google Drive

Target: password-protected PDF

Drawbacks: 2Mb file size, Not for 3rd party JS

Upload the owner password protected PDF to Google Drive. Google will convert the
PDF for viewing online. Google Drive limits uploads to 2Mb.

Hack Number 6
Tools: Foxit Reader, CutePDF

Target: 3rd party JS, content restrictions

Drawbacks: Proprietary software. Relies on bugs.

Download Foxit Reader and CutePDF Writer. Unlocked PDF files can currently be
printed to PDF from within Foxit Reader by selecting the CutePDF device from the
list of available printers. This hole may become patched in later versions.

Hack Number 7
Tools: Adobe Reader, Microsoft XPS Viewer, CutePDF

Target: 3rd party JS, content restrictions

Drawbacks: Proprietary software. Relies on bugs.

Install Microsoft XPS Document Writer. Open the protected PDF in Adobe Reader
reader. Print the file choosing the Microsoft XPS Document Writer from the list of
available printers. Use XPS Viewer to open the resulting XPS file. Now print to PDF
using CutePDF. This hole may become patched in later versions.

Hack Number 8
Tools: Ghostscript, GSView

Target: content restrictions

Install Ghostscript and GSView. Change the extension of the PDF file to .ps and
open with GSView. If .ps file can be opened and viewed, it can be saved as a PDF
file. Resulting PDF is free of restrictions, including restrictions on printing.
Hack Number 9
Tools: Web browser

Target: password-protected PDF

Visit the PDF Unlocker web site. Select the PDF file to unlock and let it upload to
the server. Click the Download button to obtain the unlocked PDF file.

Hack Number 10
Tools: Web browser

Target: password-protected PDF

Drawbacks: Proprietary software. Not for 3rd party JS

Various "unlocker" programs exist on the Internet. Search for PDF password
recovery. Proprietary software alert. Caveat emptor (buyer beware). These
programs do not really unlock 3rd party JS plugins. Some demos available online
even spend a minute conducting a fake test that pretends to open the file. They say
the PDF can be unlocked, but then, after purchase, these programs unlock file
passwords only. They do not actually work against 3rd party JS server passwords.
How could they? They would have to hack the server to do that. While server
hacking is certainly possible, it is beyond the scope of this howto.

Summary
Many of these techniques involve opening a PDF file from within Adobe Reader,
allowing JavaScript to unlock it, and then printing it to file. There are many ways to
print to PostScript or PDF, and literally hundreds of ways to break the restrictions on
the resulting files. Earlier methods that no longer work include using Ghostscript to
convert the PDF (or PostScript) file to earlier versions of PostScript, and then back
to PDF. Those earlier PostScript drivers have been deprecated, but older versions
of Ghostscript still provide them.

Convert to PDF When All Else Fails

Tools: Web browser

Target: content restrictions

Some PDFs won't allow printing or saving, and some of them are timed access. If it
can be viewed, it can be screen captured. Simply open it up, preferably on a large
desktop that can be tilted to where it shows the whole page, and take a screenshot
of each page. It might be a good idea to empty out the screenshots folder first!
Hopefully this will create a series of numbered images there. Then use something
like imagemagick to convert the series of numbered images into a PDF file. The
result might be great, or not so pretty depending on the desktop resolution, page
dimensions, and other factors. The document can not be text searched because it is
composed out of images, but there are programs that can optically recognize the
text, and create a searchable index for PDF files. Hope this helps!

Links
Adobe Reader
Foxit Reader
CutePDF
pdfcrack command line password recovery tool
How to Unlock a Secure PDF File
PDF Rights Management
Portable Document Format

Copyright © 2020 Henry Kroll III, thenerdshow.com This web page is licensed under a
Creative Commons Attribution-ShareAlike 3.0 Unported License.