How to crack Print-disabled PDF?
hjseo
How to crack print lock???
Vladimir Katalov
hjseo wrote in message <90mv3k$n9$1...@news.elim.net>...
>I have document that I can't print it.
>How to crack print lock???
We have such program (Advanced PDF Password Recovery):
http://www.elcomsoft.com/apdfpr.html
Decryption is instant; all restrictions (to print, copy, annotate, edit)
are being removed.
--
Sincerely yours,
Vladimir
Vladimir Katalov
Managing Director
Elcom Ltd.
Member of Association of Shareware Professionals (ASP)
Member of Russian Cryptology Association
mailto:vkat...@elcomsoft.com
http://www.elcomsoft.com/adc.html (Advanced Disk Catalog)
http://www.elcomsoft.com/ems.html (Email Management Software)
http://www.elcomsoft.com/prs.html (Password Recovery Software)
gyvate
> hjseo wrote in message <90mv3k$n9$1...@news.elim.net>...
> >I have document that I can't print it.
> >How to crack print lock???
>
> We have such program (Advanced PDF Password Recovery):
>
> http://www.elcomsoft.com/apdfpr.html
>
> Decryption is instant; all restrictions (to print, copy, annotate, edit)
> are being removed.
>
Can someone comment on this so-called "recovery" in legal terms?..
Sarunas
gyvate
> > >> Decryption is instant; all restrictions (to print, copy, annotate, edit)
> > >> are being removed.
> > >>
> > >
> > >Can someone comment on this so-called "recovery" in legal terms?..
> >
> > Adobe PDF format is open. So anybody can write such a tool, even
> > without very advanced programming skills. Moreover, I think you're
> > aware of GhostScript tool, which works just fine with such "protected"
> > documents, and it is distributed with complete source code.
>
> The question was not about the technical difficulty, but the legality.
Exactly.
To my understanding the only legal way to get access to the restricted part in
PDF is to ask the author/owner of the file for the password. But maybe I'm wrong.
What strikes, however, is the openness with which this password-cracking software
is advertised.
Sarunas
Bryan Guignard
Seems to me the only way to determine this is by evaluating the intent of the
author.
If I have a PDF that I password protected, but somehow lost the password, do I
not have the right to crack my own encryption key, my own file, my own
copyright?
Personally I'm pleased that such cracking software is openly advertised,
otherwise I would have never known about it.
Cracking software is just software. It does nothing wrong. It's people who use
it maliciously that are doing something wrong.
Bryan
Vladimir Katalov
paul womack wrote in message <3A30BEF9...@engage.com>...
>Vladimir Katalov wrote:
>>
>> gyvate wrote in message <3A2F9EB5...@vtex.lt>...
>> >> >I have document that I can't print it.
>> >> >How to crack print lock???
>> >>
>> >>
>> >> http://www.elcomsoft.com/apdfpr.html
>> >>
edit)
>> >> are being removed.
>> >>
>> >
>> >Can someone comment on this so-called "recovery" in legal terms?..
>>
>> Adobe PDF format is open. So anybody can write such a tool, even
>> without very advanced programming skills. Moreover, I think you're
>> aware of GhostScript tool, which works just fine with such "protected"
>> documents, and it is distributed with complete source code.
>
>The question was not about the technical difficulty, but the legality.
Please read my previous letter again. There is a GhostScript tool
(OpenSource?) which reads (and converts to .ps) the restricted files. Is
it legal? After all, can the source code be illegal? I think you all know
the
DeCSS story, when the sources ho break that "protection" have been
published on T-shirts ;)
Vladimir Katalov
Bryan Guignard wrote in message <3A30ECF4...@sympatico.ca>...
>In what way should cracking an encrypted PDF be illegal?
>
>Seems to me the only way to determine this is by evaluating the intent of
the
>author.
>
>If I have a PDF that I password protected, but somehow lost the password,
do I
>not have the right to crack my own encryption key, my own file, my own
>copyright?
>
>Personally I'm pleased that such cracking software is openly advertised,
>otherwise I would have never known about it.
>
>Cracking software is just software. It does nothing wrong. It's people who
use
>it maliciously that are doing something wrong.
Thank you -- that's exactly our point (and btw, I'd not call it "cracking
software"
-- that's a decryption software). An instrument itself cannot be illegal --
only
usage can. For example, SoftIce (a software debugger from NuMega) could be
used to crack shareware programs, but also helps to find bugs in our own
software. Hey, you can use the hummer to break somebody's head! But to
put the nails into the wall, too ;)
Our (password recovery) software already helped a lot of people. Not only to
save the time and money (because they don't need to re-create their files
from
scratch), but also to understand how serious security problems are.
gyvate
> In what way should cracking an encrypted PDF be illegal?
Well, that's why I posted my question in the first place.
But then, the very subject of this thread may give a clue clear enough. To my mind,
"cracking a print-disabled PDF" only theoretically includes the "forgotten-password"
case.
Sarunas
Bryan Guignard
an employee for some reason, and that employee left behind some password
protected PDFs, but not the passwords...after all, the employees are supposed to
keep the passwords secret are they not? (-:
Such PDFs are still the legal property of that company and they have the right
to open those files by any means available.
I've spoken about this with several PDF experts from around the world and they
all overwhelmingly agree that a PDF decryption tool is a good and desirable
thing. Those who disagree usually don't have a proper understanding of what
encryption is. Encryption is only a two level security system, regardless of how
many bits are used by the key. A two level security system can only be a "strong
deterrent" at best. It does not in any way constitute an iron clad, fool proof
security system. A complete, iron clad security systems requires four levels.
PDF is very well suited to providing these four levels required for complete
security. I use it that way very successfully, and it's impossible to crack,
even if all the computers on the planet are unleashed on it, because the extra
two levels of security are not based on anything a computer can compute.
Bryan
colder
cracks a restriced PDF, scoops the information into their own product
for resale, misuse according to any user agreement, etc.
Clearly, many seek to take copyrighted content and re-use it for their
own illegal purposes - lets just be open about that.
I have a PDF based product on the market. It contains open public domain
information as well as unique content - not readily indentified by the
reader. Should a "similar" product come out, I could examine the content
and determine if my PDF was the source - and off to court we go!
I don't like the idea that it is becoming so _openly_ easy to crack PDF,
but that's the way it goes sometimes.
I would not be angry with Vladimir, I have had to deal with left behind
password protected items. Didn't know about his software until now.
Marc Wieber
The password security in PDF is based on the PDF interpreter/viewer and not
on encryption.
So it is no problem for ghostscript to open or print a password protected
pdf.
See the Adobe Technical Notes for details.
http://partners.adobe.com/asn/developer/technotes.html#acrobat-pdf
I'm not shure about encrypted parts of a PDF; but what i understand is that
the used encryption is rather good.
One real case was a password protected list of food suitable for people who
are not able to digest milk sugar - a friend of me tried to get the list
(she wanted to pay the small fee), but the non-profit organisation did not
react to several letters and mails and so we copied the pdf and printed it
with ghostscript. Don't ask for details - it's all there on the ghostscript
home page.
Marc Wieber
Christian Koch
> The password security in PDF is based on the PDF interpreter/viewer and
> not on encryption.
You have to distinguish between the owner and the user password. Only the
user password encrypts the document. Elcomsoft's tool can remove the owner
password instantly.
> So it is no problem for ghostscript to open or print a password protected
> pdf.
http://www.ozemail.com.au/~geoffk/pdfencrypt/
> I'm not shure about encrypted parts of a PDF; but what i understand is
> that the used encryption is rather good.
Actually the encryption is rather bad! In section "5.18 Encryption" of the
PDF-Specification 1.3 there is mentioned that "The key is restricted in
length to five bytes (40 bits) to satisfy current U.S. cryptographic export
requirements." There is a good story about this export grade security from
1997: http://news.cnet.com/news/0-1007-200-316184.html . Today it is
possible to use a recent desktop computer and crack the password within a
month! The tool to use for this exhaustive key search search is GuaPDF:
http://www.password-crackers.com/crack/guapdf.html .
Christian.
Marc Wieber
Christian Koch wrote:
>
> "Marc Wieber" <mw...@hdm-stuttgart.de> wrote:
> > The password security in PDF is based on the PDF interpreter/viewer and
> > not on encryption.
>
> You have to distinguish between the owner and the user password. Only the
> user password encrypts the document. Elcomsoft's tool can remove the owner
> password instantly.
>
> > So it is no problem for ghostscript to open or print a password protected
> > pdf.
>
> http://www.ozemail.com.au/~geoffk/pdfencrypt/
>
> > I'm not shure about encrypted parts of a PDF; but what i understand is
> > that the used encryption is rather good.
>
> Actually the encryption is rather bad! In section "5.18 Encryption" of the
> PDF-Specification 1.3 there is mentioned that "The key is restricted in
> length to five bytes (40 bits) to satisfy current U.S. cryptographic export
> requirements."
Bad implementation.
> There is a good story about this export grade security from
> 1997: http://news.cnet.com/news/0-1007-200-316184.html . Today it is
> possible to use a recent desktop computer and crack the password within a
> month! The tool to use for this exhaustive key search search is GuaPDF:
> http://www.password-crackers.com/crack/guapdf.html .
>
> Christian.
One more link to start from: http://www.ecn.purdue.edu/~laird/PDF/
Bryan Guignard
only in the viewer.
I just created a series of test PDF files that used several possible
combinations of security settings that can be set in Acrobat 4.05.
Test 1) Open password only.
Test 2) Disable Printing checked, but no open password, and no security password
set.
Test 3) Open password with security features checked but not password protected.
Test 4) Security features checked and password protected, but no open password
set.
Test 5) All security passwords and options set.
I then opened all these PDFs in a text editor, and they were ALL encrypted at
the file level.
This begs for clarification. How can PDF encryption be so easily bypassed by
ghostscript or any other utility?
What exactly is meant by, "The password security in PDF is based on the PDF
interpreter/viewer and not on encryption."?
My tests do not seem to agree with this statement. Or am I missing something?
Even when there are only settings used to disable toolbar buttons (no passwords
used) the PDF is still encrypted.
Admittedly, it is foolhardy to disable printing without setting a password to
prevent someone from overriding your setting, but my point is that any PDF
security settings regardless of how foolish they are, are based on encryption.
Bryan
Christian Koch
> I'm a bit confused about the statement that password security in PDF is
> based only in the viewer.
>
> PDF interpreter/viewer and not on encryption."?
From the PDF-Specification 1.3:
"Note Despite the specification of document permissions in a PDF file, PDF
cannot enforce the restrictions specified. It is up to the implementors of
PDF viewers to respect the intent of the document creator by limiting access
to an encrypted PDF file according to the permissions and passwords
contained in the file."
Bryan Guignard
without the context.
In this case the context says that at least one password must be provided to
decrypt a PDF. As page 66 of the latest PDF Ref Manual (Addison-Wesley version)
states:
"3.5.2 Standard Security Handler
PDF’s standard security handler allows two passwords to be specified for a
document:
an owner password and a user password. Correctly supplying either password
allows a user to open the document, decrypt it, and display it on the screen."
The note referred to: "Despite the specification of document permissions in a
PDF file, PDF
cannot enforce the restrictions specified. It is up to the implementors of
PDF viewers to respect the intent of the document creator by limiting access
to an encrypted PDF file according to the permissions and passwords
contained in the file." only applies AFTER the PDF has been successfully
decrypted by using either the user password or the owner password (if a password
has been set).
In essence, a poorly implemented viewer could:
1) Allow a PDF document to be decrypted with the user password.
2) Then fail to enforce the owner password and restrictions on what is now a
decrypted PDF. Which of course is only a software issue once the PDF has been
decrypted.
So the following statement is incorrect: "You have to distinguish between the
owner and the user password. Only the user password encrypts the document."
My tests show that either the user or owner password will encrypt a PDF.
Actually a PDF will be encrypted even without a password, as in the case where
owner permissions are set without the use of passwords to secure them. The PDF
Ref Manual confirms my test results on page 67:
"A document is encrypted if an owner password, user password, or any access
restriction was specified when the document was created. However, the user is
prompted for a password on opening the document only if the document has a user
password"
I still fail to see the purpose of encrypting a PDF without securing the key
with a password...but that's for another thread.
And this statement is also incorrect:
"We have such program (Advanced PDF Password Recovery):
http://www.elcomsoft.com/apdfpr.html
Decryption is instant; all restrictions (to print, copy, annotate, edit)
are being removed."
Decryption is not even needed to bypass these owner settings once the document
has been successfully opened!! Once an encrypted PDF document has been
successfully opened, the owner restrictions are no longer dependent on
encryption. They become a software issue.
Therefore any application that bypasses these settings is completely legal
according to copyright laws since no encryption is broken, but may be in
violation of the PDF specification, and the "intentions" of the document owner.
I haven't reviewed all the Adobe documentation on this subject yet, but it seems
to me that Adobe should make it very clear to PDF and Acrobat users that their
user security settings can easily be bypassed by non compliant applications and
utilities once a document is opened.
So Christian is quite correct. The Standard PDF security system is rather poor,
not only on the encryption side of things but especially on the software side,
where owner security options are enforced. It's most unfortunate that the makers
of ghostscript chose to so blatantly ignore the PDF spec and Adobe's strong
recommendations, not to mention the wishes of PDF document owners.
This in my view is a far bigger problem than a genuine decryption utility.
Ghostscript has far more potential of trampling owner rights than a decrypting
tool.
Well, it's been an enlightening exercise for me.
Bryan
Marc Wieber
Bryan Guignard schrieb:
Thanks for your Test and checking of the Reference.
But i would not call it "trampling owner rights", if a file is not properly secured.
You should search for a good encryption with a long key (see the link to fravia on
kyler's site) and protect your work with it.
If Adobe doesn't change the security in PDF, electronik books will be a great risk
to publishers.
Marc Wieber
Sorry, my newsserver forces me to the following.
Bryan Guignard
> Thanks for your Test and checking of the Reference.
>
> But i would not call it "trampling owner rights", if a file is not properly secured.
>
> You should search for a good encryption with a long key (see the link to fravia on
> kyler's site) and protect your work with it.
> If Adobe doesn't change the security in PDF, electronik books will be a great risk
> to publishers.
>
> Marc Wieber
I agree about electronic books, but the maker of GhostScript still isn't
following the PDF spec! Adobe makes it clear that PDF security is based on
encryption AND software, and the PDF spec clearly explains how a third party
viewer is to implement PDF security. GhostScript clearly violates the spec, and
in turn violates ownership rights.
Page 65 of the latest PDF spec explains this: "The encryption dictionary’s
Filter entry identifies the file’s security handler, a software module that
implements various aspects of the encryption process and controls access to the
contents of the encrypted document. PDF specifies a standard
security handler that all viewer applications are expected to support, but
applications
may optionally substitute alternate security handlers of their own."
Third party developers have the option of using their own security handlers, but
only if it conforms to the spec, which very clearly states that "the file’s
security handler, a software module that implements various aspects of the
encryption process and controls access to the contents of the encrypted
document".
So as you can see, the PDF spec says that a security handler (which GhostScript
has) must handle encryption AND access to the contents.
Access to the contents includes all the owner restrictions, including printing
restrictions, which according to earlier posts on this thread, GhostScript does
not honor! So I stand by my statement that GhostScript does indeed trample owner
rights.
Actually, GhostScript is one of the most blatant security breaches I've seen in
a long time, and I deal with security a lot.
Bryan
Christian Koch
> So as you can see, the PDF spec says that a security handler (which
> GhostScript has) must handle encryption AND access to the contents.
Ghostscript does this through an decryption module coded in PostScript. You
have to download it separately from Australia because of export
restrictions.
> Access to the contents includes all the owner restrictions, including
> printing restrictions, which according to earlier posts on this thread,
> GhostScript does not honor! So I stand by my statement that GhostScript
> does indeed trample owner rights.
The module which I mentioned above does not violate the PDF spec, it honors
the restrictions set in the encryption dictionary. You have to modify the
module as described here: http://www.ecn.purdue.edu/~laird/PDF/gs_change
The standard security is not even better than MS Word's. It knocks out only
the normal user, but not a criminal.
Christian.
Christian Koch
> My tests show that either the user or owner password will encrypt a PDF.
> Actually a PDF will be encrypted even without a password, as in the case
> where owner permissions are set without the use of passwords to secure
> them. The PDF
If there are restrictions on the document it will be encrypted.
> Decryption is not even needed to bypass these owner settings once the
> document has been successfully opened!! Once an encrypted PDF document
> has been successfully opened, the owner restrictions are no longer
> dependent on encryption. They become a software issue.
You have to decrypt the document to view it. On page 69 of the PDF Reference
1.3 there the algorithm for calculating the encryption key. Because the data
in the PDF document is encrypted with a symmetrical cipher the decryption
key is equal to the encryption key. The encryption dictionary is not
encrypted. If you look at Alogrithm 3.2 you can see that
K_d = f(UP, O, P, FI)
where
K_d ... decryption Key
UP ... User passsword, maybe empty
O ... value O in the encryption dictionary
P ... value P in the encryption dictionary
FI ... File identifier
Because all values for f (maybe UP not) are given you can compute the
decrpytion key, decrypt the document and remove the permissions.
Christian.
Keith
news:3A347F45...@hdm-stuttgart.de...
>
> But i would not call it "trampling owner rights", if a file is not
properly secured.
Interesting concept that. So if somebody picks the lock on your home
and steals all the contents they have NOT trampled on your rights
because you should've had locks fitted that couldn't be picked.
I can appreciate your desire to justify piracy, but why not simply
blame it on having been born into a poor family, been physically or
sexually abused as a child, inherited some genetic disorder which
prohibits proper social behaviour or any of the many thousand other
excuses available. After all they tend to have a much higher "ahh
what a shame" reaction from gullible people than laying the blame on
the legal owner of the property concerned.
Were I a religious person the saying, "Do unto others as you would
have them do unto you!" would spring to mind, however not being such
an individual I shan't quote that. <Oops! Sorry about that!>
I make no claim to be an angel myself, but if a sign says "Private
property, please keep out" I normally have the courtesy to observe the
owners request. Locking a file even with the most simple device is
the same as putting up just such a sign.
The alternative to common decency is for everybody to be forced into
paying ridiculously high prices for security in every single aspect of
their lives.
{Soapbox mode OFF}
Keith.
--
...Global widget error default password
*****************************************************
Receipt of mail from this address does not endow the
recipient with any right to use it for junk-mailing
purposes. Such mail will be subject to a storage and
administration fee of 10 UK pounds per day.
The sending of junk-mail to this address implies your
acceptance of these terms and conditions.
****************************************************
No Spam please I'm British
radapaw
drew
"colder" <us...@foobar.invalid> wrote in message
news:user-76212D.1...@news.mosquitonet.com...
Doc. Bill
APDFPR 1.11
Every time I try to load a file it says
"File is not encrypted"
Why is that?
JK
Vladimir Katalov
Doc. Bill wrote in message <3a5c31b8...@news.inet.tele.dk>...
Sorry, but I'm not sure I understand what are you going to do, actually.
Do you need to edit PDF file? If so, you need Adobe Acrobat first.
APDFPR is suitable only to removing restrictions (from editing, copying
etc) from PDF files, and decrupting files protected with owner or user
password (in last case, you have to know the password, however).
Doc. Bill
<kit...@elcomsoft.com> wrote:
>
>Doc. Bill wrote in message <3a5c31b8...@news.inet.tele.dk>...
>>I would like to write some text in a pdf file, I have installede the
>>APDFPR 1.11
>>
>>Every time I try to load a file it says
>>
>>"File is not encrypted"
>>
>>Why is that?
>
>Sorry, but I'm not sure I understand what are you going to do, actually.
>Do you need to edit PDF file?
Yes I have recieved a form I would like to fill out on the computer
instead of printing it out and filling it out with a pencil. But maybe
it's not enought with the Acrobat Reader?
Vladimir Katalov
Doc. Bill wrote in message <3a5debff...@news.inet.tele.dk>...
>Yes I have recieved a form I would like to fill out on the computer
>instead of printing it out and filling it out with a pencil. But maybe
>it's not enought with the Acrobat Reader?
The PDF file *may* have editable fields. You will not be able to save
the completed form, but can at least print it (after entering your data).
However, there is a chance that your particular form is for printing
only, and completing with a pen afterwards. If so, you can add the
fields yourself using Adobe Acrobat (not reader) only.
negocio...@netcabo.pt
I saw your google groups post...I need the APDFPR software cracked, can
you help me?
Thx
Web
negocio...@netcabo.pt
I need the APDFPR cracked..can you help me? I saw your google groups
post, thats why I contact you.
Thx
Web
prita...@gmail.com
Can't print it as the author disabled the printing.. Please help
dwanes...@gmail.com
> I have document that I can't print it.
> How to crack print lock???
