|
Message-ID: <034947b0312f4f299022b766f65222cf@grupawp.pl> Date: Sat, 30 Jan 2021 14:33:56 +0100 From: czezz <czezz@...pl> To: john-users@...ts.openwall.com <john-users@...ts.openwall.com> Subject: PDF hash LibreOffice vs Ghostscript Hi all, Here is my findings for encrypted PDFs created via LibreOffice and Ghostscript. Hash obtained from encrypted PDF created via LibreOffice decrypts with no problems. Hash obtained from encrypted PDF created via Ghostscript cannot be decrypted. Both PDF files have the same passwd: "z" (without quotas). $ ./john John the Ripper 1.9.0-jumbo-1+bleeding-d29f456 2021-01-20 21:21:31 +0100 OMP [linux-gnu 64-bit x86_64 AVX AC] Here is step-by-step to reproduce the issue: 1. Obtain hash from each PDF: $ ./pdf2john.pl /test/test_libre.pdf > libre $ ./pdf2john.pl /test/test_gs.pdf > gs 2. List hashes $ cat libre /test/test_libre.pdf:$pdf$2*3* $ cat gs /test/test_gs.pdf:$pdf$1*2*40* 3. LibreOffice PDF attempt: $ ./john --mask='?a' --min-length=1 --max-length=1 libre Using default input encoding: UTF-8 Loaded 1 password hash (PDF [MD5 SHA2 RC4/AES 32/64]) Cost 1 (revision) is 3 for all loaded hashes Warning: OpenMP is disabled; a non-OpenMP build may be faster Press 'q' or Ctrl-C to abort, almost any other key for status z               (/test/test_libre.pdf)    1g 0:00:00:00 DONE (2021-01-30 13:04) 20.00g/s 720.0p/s 720.0c/s 720.0C/s w..x Use the "--show --format=PDF" options to display all of the cracked passwords reliably Session completed. 4.Ghostscript PDF attempt: $ ./john --mask='?a' --min-length=1 --max-length=1 gs Using default input encoding: UTF-8 No password hashes loaded (see FAQ) Either Ghostscript does something additionally to encrypted PDF / prevents to obtain correct hash OR (unlikely) there is some bug in pdf2john.pl pdf2john.pl/JtR . Did anyone bumped in to similar problem? Cheers, czezz
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.