School project cracking PDF with AES 128

Viewing 3 reply threads
  • Author
    Posts
    • #8585
      verde
      Participant

      Hey!

      I am attending a course in IT Security and the course is at stage three where we are supposed to do forensic work on a variety of files and I am stuck at one of these files and was wondering if anyone have any insight and are willing to help me find any clues.

      The file is a PDF file encrypted with AES 128 with both User and Owner password set, the only thing I know about the password is that it is 10 characters, but it is unknown what character set it is.

      I have uploaded the PDF file here: 4.pdf

      The PDF file probably contains just a string “answer code:” and then a 5 digit number, my mission is to find the 5 digit number.

      This is what I have done so far:

      I have tried a variety of commercial tools and they all fall back on brute-force or dictionary attacks. I have tried a huge amount of dictionaries with all combinations of upper/lower case.

      I have tried to brute force it with 0000000000 – 9999999999.

      I have tried to use information about my teacher, phone number, birthdate, e-mail address, room number, etc.

      I have extracted some hashes with ‘pdfcrack’:

      PDF version 1.6
      Security Handler: Standard
      V: 4
      R: 4
      P: -3392
      Length: 128
      Encrypted Metadata: True
      FileID: 43e42b69af29cd24a26705c287f2a592
      U: e58c2950a3d9a5086dfdd9a75c62a7f900000000000000000000000000000000
      O: 7420feb94c0d82daba231908e7fccbc4b43ccf3f3828b96494769b4d91b4fc91

      I have googled for all hashes that I have found.

      I have gone through all course material and put all strings exactly 10 characters long in a dictionary file.

      This is some of the data that resides inside the file if I run it with ‘strings’:

      %PDF-1.6
      14 0 obj <>
      endobj

      xref
      14 10
      0000000016 00000 n
      0000000866 00000 n
      0000001082 00000 n
      0000001440 00000 n
      0000001645 00000 n
      0000001874 00000 n
      0000002243 00000 n
      0000002503 00000 n
      0000000701 00000 n
      0000000516 00000 n
      trailer
      <<0B03B3C0C662E64D872C655C9F84F6C4>]>>
      startxref
      %%EOF

      23 0 obj<>stream
      !'2d
      endstream
      endobj
      22 0 obj<>/Size 14/Type/XRef>>stream
      bbbd`b``
      endstream
      endobj
      15 0 obj<>>>/Filter/Standard/O(t
      ?8(
      )/P -3392/R 4/U(
      )/V 4/StrF/StdCF/StmF/StdCF>>
      endobj
      16 0 obj</Metadata 5 0 R/PieceInfo< LH\
      )>>>>/Pages 4 0 R/PageLayout/OneColumn/StructTreeRoot 7 0 R/Type/Catalog/Lang(
      ,]Rm
      q)/LastModified(a
      H6xX
      )/PageLabels 2 0 R>>
      endobj
      17 0 obj</ProcSet[/PDF/Text]/ExtGState<>>>/Type/Page>>
      endobj
      18 0 obj<>stream
      >j.{R
      ,6n]
      Zcae3
      endstream
      endobj
      19 0 obj<>
      endobj
      20 0 obj< 5=$v
      )/CapHeight 656/XHeight -546/Type/FontDescriptor/ItalicAngle 0>>
      endobj
      21 0 obj<>
      endobj
      1 0 obj<>stream
      =C+PX6
      hFI5
      endstream
      endobj
      2 0 obj<>
      endobj
      3 0 obj<>
      endobj
      4 0 obj<>
      endobj
      5 0 obj<>stream
    • #53535
      dynamik
      Participant

      You’re just doing upper and lower characters for your dictionary permutations? Check out the John the Ripper and use the wordlist rules. Rockyou and Uniqpass are some pretty good wordlists. Also check out the KoreLogic rules for John that perform even more permutations.

      I wouldn’t rule out strings under ten characters since, for example, a six-character string could be appended with a year to get to ten characters. That said, you’re probably not going to get anything of use from an encrypted PDF by running strings against it. That’s just formatting information. You could probably just cat the PDF instead of using strings too.

    • #53536
      Anarky
      Participant

      I’ve never seen the uniquepass wordlist, but Georgia Tech’s hacker club just released a pretty big wordlist. https://greyhat.gatech.edu/ click ‘Meeting Archive’ at the top and one of the last few meeting was on password cracking and includes a 200meg wordlist. Like dynamik said, John does a good job with mangle rules, hashcat hash some descent ones(toxic rue) as well if you have good GPU power.

    • #53537
      verde
      Participant

      Thank you both for replying! I appreciate it very much.

      I have tried running the following wordlists against the file:
      rockyou (with jtr –rules, APDFPR with all upper/lower)
      crackstations 15GB (with jtr –rules, APDFPR with all upper/lower)
      hashkiller (with jtr –rules, APDFPR with all upper/lower)
      English (with jtr –rules, APDFPR with all upper/lower)
      Swedish (with jtr –rules, APDFPR with all upper/lower)
      Languages Summary (APDFPR with smart mutations)

      I will try the Georgia Tech’s wordlist and the free version of Uniqpass, unfortunately I cannot buy the whole massive one, at least not at the moment, it kinda sucks financially being a student. 😉

      I was thinking about doing some sort of rainbow table attack on it but I have no idea how the PDF password hashes work with salts and iterations. I wrote a small C-program to try and figure out how the User password hash is generated, but without any luck.

      When I ask my teacher about it he is (obviously) rather cryptic about it but he always mentions something about the hashes in every reply, I don’t really see the difference between attacking the hash with JtR and “focusing on the hashes” as he says. Is there any known vulnerability in PDF documents created with Adobe Professional Reader and AES 128 in 2006? I have been searching CERT-CC without any success. He said to me that I should also study how the professional version of PDF Reader “lets me edit PDF files”, whatever that means.

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?