Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Adobe Digital Editions DRM

To discuss DES MD5 El-Gamal RSA PGP and others....
Locked
SHaG
Posts: 32
Joined: Tue Feb 03, 2004 1:29 pm

Adobe Digital Editions DRM

Post by SHaG »

Hey,
Just ran into a new kind of DRM-protected PDF. Instead of opening in Acrobat as usual it sent me to a page to download Adobe Digital Editions Beta. After trying to load the pdf into that (which of course didnt work) I'm thinking this might turn out to be an interesting reversing project. So before I start I just want to know if anyone else has been checking this out?
LLXX
Senior Member
Posts: 981
Joined: Wed Aug 17, 2005 8:37 pm

Post by LLXX »

The only experience I have with PDFs is having to reconstruct partially corrupted files, but I have gained quite a bit of knowledge about the file structure in the process.

If the content stream hasn't been encrypted (just "protected" by some lame JavaScript, who would've thought PDFs could have JS!) it's possible to rip it verbatim into another PDF and rebuild the rest of the file around it... and even if it has been encrypted with the standard security methods then it is equally easy.
[ ~Litana L.X. Xahanien~ ]
User avatar
squidge
Posts: 631
Joined: Tue Sep 03, 2002 10:10 pm

Post by squidge »

I've reconstructed encrypted PDFs before when a manufacturer has sent us a password protected PDF, with the password in the same email as the PDF, and with the "print/copy parts" security enabled so we had to screengrab everything rather than just copy and paste.

As you can imagine, that got boring real quick, and since we could read the pdf on screen anyway, we eventually created another PDF with no such restrictions and no password :devil:

I would assume that DRM'd PDFs would be similar - not that bad to hack if you can already read them and just want to make non-DRM'd versions. Could be a complete bitch (or almost impossible?) if you can't already read them however.
LLXX
Senior Member
Posts: 981
Joined: Wed Aug 17, 2005 8:37 pm

Post by LLXX »

+F has some interesting info here:

http://www.searchlores.org/pdffing.htm
[ ~Litana L.X. Xahanien~ ]
5aLIVE
Senior Member
Posts: 215
Joined: Tue Dec 16, 2003 7:35 am

Post by 5aLIVE »

I can't say I've ever heard of Adobe Digital Editions DRM until now. In the past, I have seen PDFs which have passwords that are tied to a specific machine and are only active for a specified amount of time depending on the license which in itself is DRM at it's best/worst, delete as appropriate.

I remember once trying to dump an pasword protected PDF from memory to use in it unencrypted form. I couldn't find the file in Acrobat memory space or anywhere else for that matter.

Has anyone else had success in this approach?
User avatar
disavowed
Posts: 1290
Joined: Mon Apr 01, 2002 3:00 pm

Post by disavowed »

The PDF file format is fully documented by Adobe -- http://www.adobe.com/devnet/pdf/pdf_reference.html
iPixel

.etd file

Post by iPixel »

If you open the ebx.etd file that loads the book, you'll see that it gives you a bunch of information on the file (order number, authentication server, and the URL of the actual PDF file).

Code: Select all

<?xml version="1.0" encoding="UTF-8" ?>
<ebx-transfer-data>
<x-ebx-version>0.7</x-ebx-version>
<minversion>
 <glassbook>152</glassbook>
</minversion>
<entries>
 <entry>
  <voucherurl>http://207.54.136.76/fulfill/ebx.etd</voucherurl>
  <orderid>412150971403023</orderid>
  <bookid>ContentReserveID:329D695B-399A-47C9-A12F-7E75C731F5C3-50</bookid>
  <title>101 Best Tech Resumes</title>
  <nonce>vGhgs0kwFeGc04qIIqH3PMmFS17IsjaQmi2nJ8OIQTyXmdwJEJkpOR3eZxV8</nonce>
  <type>ContentReserveID</type>
  <identifier>329D695B-399A-47C9-A12F-7E75C731F5C3-50</identifier>
  <bookfileurl>http://acs.contentreserve.com/ACSStore1/18/101BestTechResumes.pdf</bookfileurl>
 </entry>
 <etd-entry>
  <fulfillurl>
   <baseurl>http://207.54.136.76/fulfill/ebx.etd</baseurl>
   <param>action=lend</param>
   <param>orderid=412150971403023</param>
   <param>bookid=ContentReserveID:329D695B-399A-47C9-A12F-7E75C731F5C3-50</param>
  </fulfillurl>
 </etd-entry>
</entries>
</ebx-transfer-data>
You can't open the PDF directly, but when you're authenticated, the server sends the following page (url: http://207.54.136.76/fulfill/ebx.etd?ac ... 1F5C3-50):

Code: Select all

HTTP/1.1 200 OK

Date: Sun, 17 Jun 2007 17:14:21 GMT

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

x-EBX-Version: 0.7

x-EBX-Authenticationinfo: voucher="PEVCWC1Wb3VjaGVyIHZlcnNpb249IjAuOSI+CjxJRCB0eXBlPSJDb250ZW50UmVzZXJ2ZUlEIj5Db250ZW50UmVzZXJ2ZUlEOjMyOUQ2OTVCLTM5OUEtNDdDOS1BMTJGLTdFNzVDNzMxRjVDMy01MDwvSUQ+CjxDb250ZW50S2V5IEVuY3J5cHRlZFdpdGg9IlJTQTEwMjQiIHR5cGU9IlJDNCI+SWJaZ2dSQm5tN3NSb3d0UmtaTEVTZVhwWHRvVlY2K0VlUER0a1dTYy9rOW9yN0k3d1ZNSzd6QlhZbUJVQTBhQzBYQnNRYkZrOTVtTmQvVFJWMktFeGVYQnptcEN3M1hiNFNuczhuTTB1RGZPNUUzUG5JTC81a2Qwb0Y2Q1hJMGdFTjFIbW5qaUpEem90WUk5WHZMd2kxMElJQ2FTS1pRZ2NGZ2hNK0xBUDNNPTwvQ29udGVudEtleT4KPENvcHlDb3VudD4xPC9Db3B5Q291bnQ+CjxSaWdodHMgdmVyc2lvbj0iMC45IiB0eXBlPSJFQlgiPgo8VG90PjExODIxMDA0NjA8L1RvdD4KPENvcHlUb0NsaXAgRmlyc3Q9IjAiIEludGVydmFsPSIwIiBNYXg9IjAiPjA8L0NvcHlUb0NsaXA+CjxQcmludCBGaXJzdD0iMCIgSW50ZXJ2YWw9Ii0xIiBNYXg9Ii0xIj4wPC9QcmludD4KPExlbmQgSG9wcz0iLTEiIElEPSJqQ0pkZXFzRXBWTitnMjR2SzB6Rk9HVENwWDg0IiBSZXR1cm5VUkw9Imh0dHA6Ly8yMDcuNTQuMTM2Ljc2L2Z1bGZpbGwvZWJ4LmV0ZCIgU3RhdGU9IkJvcnJvd2VkIiBXaGVuPSIxMTgyMTAwNDYwIj4x"

x-EBX-Authinfo2: voucher="ODEzOTYyPC9MZW5kPgo8VXNlIEV4cGlyZVR5cGU9IlVubGltaXRlZCI+MDwvVXNlPgo8TW9kaWZ5UmlnaHRzIEZpcnN0PSIwIiBJbnRlcnZhbD0iMCIgTWF4PSIwIj4wPC9Nb2RpZnlSaWdodHM+CjxSZWFkQWxvdWQgRmlyc3Q9IjAiIEludGVydmFsPSItMSIgTWF4PSItMSI+MDwvUmVhZEFsb3VkPgo8RGV2aWNlQ291bnQ+LTE8L0RldmljZUNvdW50Pgo8L1JpZ2h0cz4KPE1BQyB0eXBlPSJTSEExIj5HQ3loTk5VcDZRWURmcTAvZjRSL1d6aDhyUGM9PC9NQUM+CjwvRUJYLVZvdWNoZXI+

Content-Length: 0

Content-Type: text/html

Cache-control: private
That's the info for http://acs.contentreserve.com/ACSStore1 ... esumes.pdf, anyone have an idea as to how to open the PDF with this info?
LLXX
Senior Member
Posts: 981
Joined: Wed Aug 17, 2005 8:37 pm

Post by LLXX »

I am missing an EBX_HANDLER (de/en)cryption filter.

The only two other pieces of important information I can gather are:

- /V 3 : (PDF 1.4) An unpublished algorithm allowing encryption key lengths ranging from 40 to 128 bits. (This algorithm is unpublished as an export requirement of the U.S. Department of Commerce.)

- /Length 128 : 128-bit key.

Those "keys" that you've managed to post look a whole lot longer than 128 bits. I feel RSA is somehow involved in this.

Either Google is squelching results or noone has published any public information about this. Looks like it's time to get out the debugger...

I might as well post this relevant link: http://www.gnu.org/philosophy/right-to-read.html
[ ~Litana L.X. Xahanien~ ]
iPixel

File Headers

Post by iPixel »

The one thing I notice that is different about this file is that the headers are different than that of a regular PDF. It has much more. It looks to be in plain text, but almost all of it is a stream object, and that may be encrypted.

I'll run it through a debugger when I get a chance, and see if I can figure out this encryption... =/
LLXX
Senior Member
Posts: 981
Joined: Wed Aug 17, 2005 8:37 pm

Post by LLXX »

iPixel wrote:but almost all of it is a stream object, and that may be encrypted.
It sure is, since the flate decoder couldn't decompress it. This is just a standard PDF file encrypted with a new security handler.

P.S. be careful so you don't become the next Dmitry Sklyarov :D
[ ~Litana L.X. Xahanien~ ]
User avatar
squidge
Posts: 631
Joined: Tue Sep 03, 2002 10:10 pm

Post by squidge »

Wasn't Dmitry Sklyarov eventually released without charge? In which case, it doesn't really matter ;)
jzburn12

Post by jzburn12 »

In either case, has anyone made any headway on getting past this new DRM?
LLXX
Senior Member
Posts: 981
Joined: Wed Aug 17, 2005 8:37 pm

sage

Post by LLXX »

jzburn12 wrote:In either case, has anyone made any headway on getting past this new DRM?
No, the question here is, have YOU made any effort toward that?
[ ~Litana L.X. Xahanien~ ]
joblack
Junior Member
Posts: 27
Joined: Wed Feb 10, 2010 8:12 am

Post by joblack »

It's solved - ineptpdf handles the problem
Locked