Hey,
Just ran into a new kind of DRM-protected PDF. Instead of opening in Acrobat as usual it sent me to a page to download Adobe Digital Editions Beta. After trying to load the pdf into that (which of course didnt work) I'm thinking this might turn out to be an interesting reversing project. So before I start I just want to know if anyone else has been checking this out?
Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
Adobe Digital Editions DRM
The only experience I have with PDFs is having to reconstruct partially corrupted files, but I have gained quite a bit of knowledge about the file structure in the process.
If the content stream hasn't been encrypted (just "protected" by some lame JavaScript, who would've thought PDFs could have JS!) it's possible to rip it verbatim into another PDF and rebuild the rest of the file around it... and even if it has been encrypted with the standard security methods then it is equally easy.
If the content stream hasn't been encrypted (just "protected" by some lame JavaScript, who would've thought PDFs could have JS!) it's possible to rip it verbatim into another PDF and rebuild the rest of the file around it... and even if it has been encrypted with the standard security methods then it is equally easy.
[ ~Litana L.X. Xahanien~ ]
I've reconstructed encrypted PDFs before when a manufacturer has sent us a password protected PDF, with the password in the same email as the PDF, and with the "print/copy parts" security enabled so we had to screengrab everything rather than just copy and paste.
As you can imagine, that got boring real quick, and since we could read the pdf on screen anyway, we eventually created another PDF with no such restrictions and no password
I would assume that DRM'd PDFs would be similar - not that bad to hack if you can already read them and just want to make non-DRM'd versions. Could be a complete bitch (or almost impossible?) if you can't already read them however.
As you can imagine, that got boring real quick, and since we could read the pdf on screen anyway, we eventually created another PDF with no such restrictions and no password
I would assume that DRM'd PDFs would be similar - not that bad to hack if you can already read them and just want to make non-DRM'd versions. Could be a complete bitch (or almost impossible?) if you can't already read them however.
I can't say I've ever heard of Adobe Digital Editions DRM until now. In the past, I have seen PDFs which have passwords that are tied to a specific machine and are only active for a specified amount of time depending on the license which in itself is DRM at it's best/worst, delete as appropriate.
I remember once trying to dump an pasword protected PDF from memory to use in it unencrypted form. I couldn't find the file in Acrobat memory space or anywhere else for that matter.
Has anyone else had success in this approach?
I remember once trying to dump an pasword protected PDF from memory to use in it unencrypted form. I couldn't find the file in Acrobat memory space or anywhere else for that matter.
Has anyone else had success in this approach?
The PDF file format is fully documented by Adobe -- http://www.adobe.com/devnet/pdf/pdf_reference.html
-
iPixel
.etd file
If you open the ebx.etd file that loads the book, you'll see that it gives you a bunch of information on the file (order number, authentication server, and the URL of the actual PDF file).
You can't open the PDF directly, but when you're authenticated, the server sends the following page (url: http://207.54.136.76/fulfill/ebx.etd?ac ... 1F5C3-50):
That's the info for http://acs.contentreserve.com/ACSStore1 ... esumes.pdf, anyone have an idea as to how to open the PDF with this info?
Code: Select all
<?xml version="1.0" encoding="UTF-8" ?>
<ebx-transfer-data>
<x-ebx-version>0.7</x-ebx-version>
<minversion>
<glassbook>152</glassbook>
</minversion>
<entries>
<entry>
<voucherurl>http://207.54.136.76/fulfill/ebx.etd</voucherurl>
<orderid>412150971403023</orderid>
<bookid>ContentReserveID:329D695B-399A-47C9-A12F-7E75C731F5C3-50</bookid>
<title>101 Best Tech Resumes</title>
<nonce>vGhgs0kwFeGc04qIIqH3PMmFS17IsjaQmi2nJ8OIQTyXmdwJEJkpOR3eZxV8</nonce>
<type>ContentReserveID</type>
<identifier>329D695B-399A-47C9-A12F-7E75C731F5C3-50</identifier>
<bookfileurl>http://acs.contentreserve.com/ACSStore1/18/101BestTechResumes.pdf</bookfileurl>
</entry>
<etd-entry>
<fulfillurl>
<baseurl>http://207.54.136.76/fulfill/ebx.etd</baseurl>
<param>action=lend</param>
<param>orderid=412150971403023</param>
<param>bookid=ContentReserveID:329D695B-399A-47C9-A12F-7E75C731F5C3-50</param>
</fulfillurl>
</etd-entry>
</entries>
</ebx-transfer-data>
Code: Select all
HTTP/1.1 200 OK
Date: Sun, 17 Jun 2007 17:14:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
x-EBX-Version: 0.7
x-EBX-Authenticationinfo: voucher="PEVCWC1Wb3VjaGVyIHZlcnNpb249IjAuOSI+CjxJRCB0eXBlPSJDb250ZW50UmVzZXJ2ZUlEIj5Db250ZW50UmVzZXJ2ZUlEOjMyOUQ2OTVCLTM5OUEtNDdDOS1BMTJGLTdFNzVDNzMxRjVDMy01MDwvSUQ+CjxDb250ZW50S2V5IEVuY3J5cHRlZFdpdGg9IlJTQTEwMjQiIHR5cGU9IlJDNCI+SWJaZ2dSQm5tN3NSb3d0UmtaTEVTZVhwWHRvVlY2K0VlUER0a1dTYy9rOW9yN0k3d1ZNSzd6QlhZbUJVQTBhQzBYQnNRYkZrOTVtTmQvVFJWMktFeGVYQnptcEN3M1hiNFNuczhuTTB1RGZPNUUzUG5JTC81a2Qwb0Y2Q1hJMGdFTjFIbW5qaUpEem90WUk5WHZMd2kxMElJQ2FTS1pRZ2NGZ2hNK0xBUDNNPTwvQ29udGVudEtleT4KPENvcHlDb3VudD4xPC9Db3B5Q291bnQ+CjxSaWdodHMgdmVyc2lvbj0iMC45IiB0eXBlPSJFQlgiPgo8VG90PjExODIxMDA0NjA8L1RvdD4KPENvcHlUb0NsaXAgRmlyc3Q9IjAiIEludGVydmFsPSIwIiBNYXg9IjAiPjA8L0NvcHlUb0NsaXA+CjxQcmludCBGaXJzdD0iMCIgSW50ZXJ2YWw9Ii0xIiBNYXg9Ii0xIj4wPC9QcmludD4KPExlbmQgSG9wcz0iLTEiIElEPSJqQ0pkZXFzRXBWTitnMjR2SzB6Rk9HVENwWDg0IiBSZXR1cm5VUkw9Imh0dHA6Ly8yMDcuNTQuMTM2Ljc2L2Z1bGZpbGwvZWJ4LmV0ZCIgU3RhdGU9IkJvcnJvd2VkIiBXaGVuPSIxMTgyMTAwNDYwIj4x"
x-EBX-Authinfo2: voucher="ODEzOTYyPC9MZW5kPgo8VXNlIEV4cGlyZVR5cGU9IlVubGltaXRlZCI+MDwvVXNlPgo8TW9kaWZ5UmlnaHRzIEZpcnN0PSIwIiBJbnRlcnZhbD0iMCIgTWF4PSIwIj4wPC9Nb2RpZnlSaWdodHM+CjxSZWFkQWxvdWQgRmlyc3Q9IjAiIEludGVydmFsPSItMSIgTWF4PSItMSI+MDwvUmVhZEFsb3VkPgo8RGV2aWNlQ291bnQ+LTE8L0RldmljZUNvdW50Pgo8L1JpZ2h0cz4KPE1BQyB0eXBlPSJTSEExIj5HQ3loTk5VcDZRWURmcTAvZjRSL1d6aDhyUGM9PC9NQUM+CjwvRUJYLVZvdWNoZXI+
Content-Length: 0
Content-Type: text/html
Cache-control: privateI am missing an EBX_HANDLER (de/en)cryption filter.
The only two other pieces of important information I can gather are:
- /V 3 : (PDF 1.4) An unpublished algorithm allowing encryption key lengths ranging from 40 to 128 bits. (This algorithm is unpublished as an export requirement of the U.S. Department of Commerce.)
- /Length 128 : 128-bit key.
Those "keys" that you've managed to post look a whole lot longer than 128 bits. I feel RSA is somehow involved in this.
Either Google is squelching results or noone has published any public information about this. Looks like it's time to get out the debugger...
I might as well post this relevant link: http://www.gnu.org/philosophy/right-to-read.html
The only two other pieces of important information I can gather are:
- /V 3 : (PDF 1.4) An unpublished algorithm allowing encryption key lengths ranging from 40 to 128 bits. (This algorithm is unpublished as an export requirement of the U.S. Department of Commerce.)
- /Length 128 : 128-bit key.
Those "keys" that you've managed to post look a whole lot longer than 128 bits. I feel RSA is somehow involved in this.
Either Google is squelching results or noone has published any public information about this. Looks like it's time to get out the debugger...
I might as well post this relevant link: http://www.gnu.org/philosophy/right-to-read.html
[ ~Litana L.X. Xahanien~ ]
-
iPixel
File Headers
The one thing I notice that is different about this file is that the headers are different than that of a regular PDF. It has much more. It looks to be in plain text, but almost all of it is a stream object, and that may be encrypted.
I'll run it through a debugger when I get a chance, and see if I can figure out this encryption... =/
I'll run it through a debugger when I get a chance, and see if I can figure out this encryption... =/
