.

School project cracking PDF with AES 128

<<

verde

User avatar

Newbie
Newbie

Posts: 2

Joined: Tue Sep 17, 2013 3:59 pm

Post Tue Sep 17, 2013 4:10 pm

School project cracking PDF with AES 128

Hey!

I am attending a course in IT Security and the course is at stage three where we are supposed to do forensic work on a variety of files and I am stuck at one of these files and was wondering if anyone have any insight and are willing to help me find any clues.

The file is a PDF file encrypted with AES 128 with both User and Owner password set, the only thing I know about the password is that it is 10 characters, but it is unknown what character set it is.

I have uploaded the PDF file here: [url="http://rapidshare.com/share/DF48E418828537E108D3A0425313F4E2"]4.pdf[/url]

The PDF file probably contains just a string "answer code:" and then a 5 digit number, my mission is to find the 5 digit number.

This is what I have done so far:

I have tried a variety of commercial tools and they all fall back on brute-force or dictionary attacks. I have tried a huge amount of dictionaries with all combinations of upper/lower case.

I have tried to brute force it with 0000000000 - 9999999999.

I have tried to use information about my teacher, phone number, birthdate, e-mail address, room number, etc.

I have extracted some hashes with 'pdfcrack':

  Code:
PDF version 1.6
Security Handler: Standard
V: 4
R: 4
P: -3392
Length: 128
Encrypted Metadata: True
FileID: 43e42b69af29cd24a26705c287f2a592
U: e58c2950a3d9a5086dfdd9a75c62a7f900000000000000000000000000000000
O: 7420feb94c0d82daba231908e7fccbc4b43ccf3f3828b96494769b4d91b4fc91


I have googled for all hashes that I have found.

I have gone through all course material and put all strings exactly 10 characters long in a dictionary file.

This is some of the data that resides inside the file if I run it with 'strings':

  Code:
%PDF-1.6
14 0 obj <</Linearized 1/L 8371/O 17/E 2579/N 1/T 8029/H [ 516 185]>>
endobj

xref
14 10
0000000016 00000 n
0000000866 00000 n
0000001082 00000 n
0000001440 00000 n
0000001645 00000 n
0000001874 00000 n
0000002243 00000 n
0000002503 00000 n
0000000701 00000 n
0000000516 00000 n
trailer
<</Size 24/Prev 8018/XRefStm 701/Root 16 0 R/Encrypt 15 0 R/Info 6 0 R/ID[<43E42B69AF29CD24A26705C287F2A592><0B03B3C0C662E64D872C655C9F84F6C4>]>>
startxref
%%EOF

23 0 obj<</Length 96/C 85/Filter/FlateDecode/I 107/L 69/S 38>>stream
!'2d
endstream
endobj
22 0 obj<</Length 20/Filter/FlateDecode/W[1 1 1]/Index[7 7]/DecodeParms<</Columns 3/Predictor 12>>/Size 14/Type/XRef>>stream
bbbd`b``
endstream
endobj
15 0 obj<</Length 128/CF<</StdCF<</Length 16/AuthEvent/DocOpen/CFM/AESV2>>>>/Filter/Standard/O(t
?8\(
)/P -3392/R 4/U(
)/V 4/StrF/StdCF/StmF/StdCF>>
endobj
16 0 obj<</MarkInfo<</LetterspaceFlags 0/Marked true>>/Metadata 5 0 R/PieceInfo<</MarkedPDF<</LastModified(
LH\\
)>>>>/Pages 4 0 R/PageLayout/OneColumn/StructTreeRoot 7 0 R/Type/Catalog/Lang(
,]Rm
q)/LastModified(a
H6xX
)/PageLabels 2 0 R>>
endobj
17 0 obj<</CropBox[0 0 612 792]/Parent 4 0 R/StructParents 0/Contents 18 0 R/Rotate 0/MediaBox[0 0 612 792]/Resources<</Font<</TT0 19 0 R>>/ProcSet[/PDF/Text]/ExtGState<</GS0 21 0 R>>>>/Type/Page>>
endobj
18 0 obj<</Length 160/Filter/FlateDecode>>stream
>j.{R
,6n]
Zcae3
endstream
endobj
19 0 obj<</Subtype/TrueType/FontDescriptor 20 0 R/LastChar 119/Widths[250 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 500 500 0 500 500 0 500 0 500 500 278 0 0 0 0 0 0 0 0 0 0 0 0 0 722 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 444 0 444 500 444 0 0 0 0 0 0 0 0 500 500 0 0 333 389 0 0 0 722]/BaseFont/TimesNewRomanPSMT/FirstChar 32/Encoding/WinAnsiEncoding/Type/Font>>
endobj
20 0 obj<</StemV 82/FontName/TimesNewRomanPSMT/FontStretch/Normal/FontWeight 400/Flags 34/Descent -216/FontBBox[-568 -307 2000 1007]/Ascent 891/FontFamily(
5=$v
)/CapHeight 656/XHeight -546/Type/FontDescriptor/ItalicAngle 0>>
endobj
21 0 obj<</OPM 1/OP false/op false/Type/ExtGState/SA false/SM 0.02>>
endobj
1 0 obj<</First 43/Length 384/Filter/FlateDecode/N 7/Type/ObjStm>>stream
=C+PX6
hFI5
endstream
endobj
2 0 obj<</Nums[0 3 0 R]>>
endobj
3 0 obj<</S/D>>
endobj
4 0 obj<</Count 1/Type/Pages/Kids[17 0 R]>>
endobj
5 0 obj<</Subtype/XML/Length 4336/Type/Metadata>>stream
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Sep 17, 2013 5:48 pm

Re: School project cracking PDF with AES 128

You're just doing upper and lower characters for your dictionary permutations? Check out the John the Ripper and use the wordlist rules. Rockyou and Uniqpass are some pretty good wordlists. Also check out the KoreLogic rules for John that perform even more permutations.

I wouldn't rule out strings under ten characters since, for example, a six-character string could be appended with a year to get to ten characters. That said, you're probably not going to get anything of use from an encrypted PDF by running strings against it. That's just formatting information. You could probably just cat the PDF instead of using strings too.
The day you stop learning is the day you start becoming obsolete.
<<

Anarky

User avatar

Newbie
Newbie

Posts: 7

Joined: Sat Aug 10, 2013 10:23 pm

Post Tue Sep 17, 2013 11:30 pm

Re: School project cracking PDF with AES 128

I've never seen the uniquepass wordlist, but Georgia Tech's hacker club just released a pretty big wordlist. https://greyhat.gatech.edu/ click 'Meeting Archive' at the top and one of the last few meeting was on password cracking and includes a 200meg wordlist. Like dynamik said, John does a good job with mangle rules, hashcat hash some descent ones(toxic rue) as well if you have good GPU power.
<<

verde

User avatar

Newbie
Newbie

Posts: 2

Joined: Tue Sep 17, 2013 3:59 pm

Post Wed Sep 18, 2013 10:25 am

Re: School project cracking PDF with AES 128

Thank you both for replying! I appreciate it very much.

I have tried running the following wordlists against the file:
rockyou (with jtr --rules, APDFPR with all upper/lower)
crackstations 15GB (with jtr --rules, APDFPR with all upper/lower)
hashkiller (with jtr --rules, APDFPR with all upper/lower)
English (with jtr --rules, APDFPR with all upper/lower)
Swedish (with jtr --rules, APDFPR with all upper/lower)
Languages Summary (APDFPR with smart mutations)

I will try the Georgia Tech's wordlist and the free version of Uniqpass, unfortunately I cannot buy the whole massive one, at least not at the moment, it kinda sucks financially being a student. ;)

I was thinking about doing some sort of rainbow table attack on it but I have no idea how the PDF password hashes work with salts and iterations. I wrote a small C-program to try and figure out how the User password hash is generated, but without any luck.

When I ask my teacher about it he is (obviously) rather cryptic about it but he always mentions something about the hashes in every reply, I don't really see the difference between attacking the hash with JtR and "focusing on the hashes" as he says. Is there any known vulnerability in PDF documents created with Adobe Professional Reader and AES 128 in 2006? I have been searching CERT-CC without any success. He said to me that I should also study how the professional version of PDF Reader "lets me edit PDF files", whatever that means.

Return to Forensics

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software