jennyc
April 10th, 2003, 03:40
Hi,
This is my first post on tsehp's cool board.
Recently i have been studying for some computer networking exams
and i came across some encrypted pdf's which i could not open.
Being quite desperate to open them i looked for standard tools
and found none(ElcomSofts pdf decrypter did not work).
I decided to learn something more about pdf encryption and how to break it. I am a newbie to reversing so if this sounds silly my
apologies. Also i have not been succesfull in breaking the encryption because i am a newbie and i need to study for exams.
I am hoping that someone will be intrested after reading this and
help me with the encryption routines.
Adobe-Acroread(pdf viewer) has support for 3rd party plugins to do
the encryption/decryption. Open a pdf file using a HexEditor.
I used Xemacs (much nicer raw pdf view) and go to the end of the file.
You will see a /Encrypt line. This means that the file is Encrypted.
Go a few pages up. You will see a /INFO,/V,/FILTER line.
/Filter Standard implies file was encrypted using standard Adobe Encryption. This uses a 40 bit key which can be brute forced.
To learn more about Adobe's standard pdf encryption and format
about a pdf download PDFReference.pdf from adobe.com.
This is not about Adobe but about FileOpen.
So the /Filter line will be /Filter FOPN_foweb.
it could also be FOPN_fLock this means the file was encrypted using another product of www.fileopen.com called personal-publisher.
/V 1 means doc is protected by version-1.
/SVID Service-ID /DUID Document-ID.
/INFO contains contact-info-of-document-publishers-server.
All this info can be obtained from the Webpublisher2 manual.
/INFO is encoded by some special proprietary algorithm.
When the PDF file is opened the plugin unencodes /INFO
and uses the info to contact the publisher's server to
authenticate etc...but first the plugin checks in
C:\Windows\Application Data\some_configurable_dir
for a .sek LICENSE file.
some_configurable_dir is specified in the pdf's /INFO
structure.
The exact name of the .sek file is built from /INFO data.
It consists of the Publishers-ID.SVID.sek
Publisher-ID is alloted to you by fileopen once you buy the
package which costs 4000$$$ approxi!!.
For the demo the ID is 10006.
The .sek file contains a KEY to decrypt our PDF. It also contains
PDF open/print/how-many-days-left-to-expiry etc etc permissions.
And it is encrypted with the machine-id which is got from System-info/volume-info etc i think. This encryption serves 2 purposes. One we cant modify the license file and give ourselves
permissions after getting a valid KEY.
Two we cant transfer the license to another machine since the
machine-id on the new machine will be calulated and will not match
the old machine-key.
The .sek file is encrypted using RC4/MD5 and some proprietary
algorithm!!.
I took the machine key and md5sum(on linux) and then passed it to rc4 and tried decrypting the .sek file but it didnt work.
I tried with 5 byte md5 key and 5byte md5hash.
So i hope some one can help me understand this part!!.
The pdf contents are encrypted using KEY which is downloaded
from the publisher's server encrypted and stored in the license file. Since i dont have acess on the publishers server without
paying 3000$ i dont have the pdf keys.....
HOWEVER the pdf keys are exactly 5 bytes in LENGTH
Not 4 not 3 exactly 5 bytes.
Which means it is VERY VERY easy to brute force this and
obtain a valid key!. It mostly contains a-z and 0-9.
Once we understand how exactly the pdf encryption is done
we can brute force rc4 directly since the key length is 40bits
and directly extract the rc4 key instead of breaking our head
about the Publishers-key-string or trying to reverse md5.
One more thing..only the pdf string/image objects are encrypted not the whole pdf.
Also this PDFEncrypt.exe program works on Linux/Solaris
and Siul-hackey might very very very easily
figure all the encryption because
THE LINUX BINARY HAS NOT BEEN STRIPPED!!!!!!
this means that gdb works nicely, Functionnames are there
objdump also works and prints all function names
The machine key was found out by running netcat...nc.exe on port 80 and putting a entry in hosts.sam so that plugin contacts my
localhost machine and prints the machineid.
The exact format of what to send to the plugin is given in the
manual for the product...or mail me and ill send it..
Adobe-standard-encryption uses 2 keys a user and a owner key.
I dont think the plugin is using 2 keys just 1.
So some special problems occur. With adobe because it used
2 keys we could verify the validity of the key by comparing
one key against a hashed version of the other...
Howevre here because the pdf is crypted with only 1 key how
do we verify??????
Disabling the license checks within the plugin also seems very
easy once we can brute force and get the KEY.
They have lots of simple test/jne pairs
#########################################################
The plugin name is FileOpen.api. There is another plugin
called FileOpenTest.api not sure about the name since i am typing
all this from memory...that comes with the package.
This was used by the fileopen developers for debugging the client
side
and is filled with string references!!!!.
It should be too easy for someone who knows even a little
to figure out the whole scheme of things.
The log file is called dsomething.txt not sure forgotten
##############################################################
Grrr!!!! if only i knew a bit more

So theese are the highlights that i could figure out. Please remeber i am very very new to all this!.
If anyone is intrested in helping me break this encryption
please contact me.
This is my first post on tsehp's cool board.
Recently i have been studying for some computer networking exams
and i came across some encrypted pdf's which i could not open.
Being quite desperate to open them i looked for standard tools
and found none(ElcomSofts pdf decrypter did not work).
I decided to learn something more about pdf encryption and how to break it. I am a newbie to reversing so if this sounds silly my
apologies. Also i have not been succesfull in breaking the encryption because i am a newbie and i need to study for exams.
I am hoping that someone will be intrested after reading this and
help me with the encryption routines.
Adobe-Acroread(pdf viewer) has support for 3rd party plugins to do
the encryption/decryption. Open a pdf file using a HexEditor.
I used Xemacs (much nicer raw pdf view) and go to the end of the file.
You will see a /Encrypt line. This means that the file is Encrypted.
Go a few pages up. You will see a /INFO,/V,/FILTER line.
/Filter Standard implies file was encrypted using standard Adobe Encryption. This uses a 40 bit key which can be brute forced.
To learn more about Adobe's standard pdf encryption and format
about a pdf download PDFReference.pdf from adobe.com.
This is not about Adobe but about FileOpen.
So the /Filter line will be /Filter FOPN_foweb.
it could also be FOPN_fLock this means the file was encrypted using another product of www.fileopen.com called personal-publisher.
/V 1 means doc is protected by version-1.
/SVID Service-ID /DUID Document-ID.
/INFO contains contact-info-of-document-publishers-server.
All this info can be obtained from the Webpublisher2 manual.
/INFO is encoded by some special proprietary algorithm.
When the PDF file is opened the plugin unencodes /INFO
and uses the info to contact the publisher's server to
authenticate etc...but first the plugin checks in
C:\Windows\Application Data\some_configurable_dir
for a .sek LICENSE file.
some_configurable_dir is specified in the pdf's /INFO
structure.
The exact name of the .sek file is built from /INFO data.
It consists of the Publishers-ID.SVID.sek
Publisher-ID is alloted to you by fileopen once you buy the
package which costs 4000$$$ approxi!!.
For the demo the ID is 10006.
The .sek file contains a KEY to decrypt our PDF. It also contains
PDF open/print/how-many-days-left-to-expiry etc etc permissions.
And it is encrypted with the machine-id which is got from System-info/volume-info etc i think. This encryption serves 2 purposes. One we cant modify the license file and give ourselves
permissions after getting a valid KEY.
Two we cant transfer the license to another machine since the
machine-id on the new machine will be calulated and will not match
the old machine-key.
The .sek file is encrypted using RC4/MD5 and some proprietary
algorithm!!.
I took the machine key and md5sum(on linux) and then passed it to rc4 and tried decrypting the .sek file but it didnt work.
I tried with 5 byte md5 key and 5byte md5hash.
So i hope some one can help me understand this part!!.
The pdf contents are encrypted using KEY which is downloaded
from the publisher's server encrypted and stored in the license file. Since i dont have acess on the publishers server without
paying 3000$ i dont have the pdf keys.....
HOWEVER the pdf keys are exactly 5 bytes in LENGTH
Not 4 not 3 exactly 5 bytes.
Which means it is VERY VERY easy to brute force this and
obtain a valid key!. It mostly contains a-z and 0-9.
Once we understand how exactly the pdf encryption is done
we can brute force rc4 directly since the key length is 40bits
and directly extract the rc4 key instead of breaking our head
about the Publishers-key-string or trying to reverse md5.
One more thing..only the pdf string/image objects are encrypted not the whole pdf.
Also this PDFEncrypt.exe program works on Linux/Solaris
and Siul-hackey might very very very easily
figure all the encryption because
THE LINUX BINARY HAS NOT BEEN STRIPPED!!!!!!
this means that gdb works nicely, Functionnames are there
objdump also works and prints all function names
The machine key was found out by running netcat...nc.exe on port 80 and putting a entry in hosts.sam so that plugin contacts my
localhost machine and prints the machineid.
The exact format of what to send to the plugin is given in the
manual for the product...or mail me and ill send it..
Adobe-standard-encryption uses 2 keys a user and a owner key.
I dont think the plugin is using 2 keys just 1.
So some special problems occur. With adobe because it used
2 keys we could verify the validity of the key by comparing
one key against a hashed version of the other...
Howevre here because the pdf is crypted with only 1 key how
do we verify??????
Disabling the license checks within the plugin also seems very
easy once we can brute force and get the KEY.
They have lots of simple test/jne pairs
#########################################################
The plugin name is FileOpen.api. There is another plugin
called FileOpenTest.api not sure about the name since i am typing
all this from memory...that comes with the package.
This was used by the fileopen developers for debugging the client
side

It should be too easy for someone who knows even a little
to figure out the whole scheme of things.
The log file is called dsomething.txt not sure forgotten
##############################################################
Grrr!!!! if only i knew a bit more


So theese are the highlights that i could figure out. Please remeber i am very very new to all this!.
If anyone is intrested in helping me break this encryption
please contact me.