cracking a pdf
#1
Hello,
Total noob Smile
So I have a pdf - unable to open without a password. I have zero idea of the length , characters or anything about the password. I know the pdf has 128 bit RCA4 encryption. I only have a intel core i3, and no gfx cards.

1) Is it possible to crack the password in reasonable time < 1 month? A brute force program is telling me 1 year+.

2) How do I go about this ? I have generated the hash using pdf2john.py and tried using hashcat but it just keeps telling me hash was not read.

Thanks
#2
(05-13-2016, 10:56 PM)nopofnop Wrote: Hello,
Total noob Smile
So I have a pdf - unable to open without a password. I have zero idea of the length , characters or anything about the password. I know the pdf has 128 bit RCA4 encryption. I only have a intel core i3, and no gfx cards.

1) Is it possible to crack the password in reasonable time < 1 month? A brute force program is telling me 1 year+.

2) How do I go about this ? I have generated the hash using pdf2john.py and tried using hashcat but it just keeps telling me hash was not read.

Thanks

Have you tried the search utility?  and this page?  Cracking password protected PDF documents
#1
11-07-2014, 12:17 PM (This post was last modified: 11-07-2014, 12:35 PM by atom.)

undefined
[b]atom[/b] undefined 
Administrator
undefinedundefinedundefinedundefinedundefinedundefinedundefined

Posts: 3,675
Threads: 190
Joined: Apr 2010

We just started with the work on oclHashcat to support cracking of password protected PDF. 

There is 5-6 different versions but for PDF version 1.1 - 1.3, which uses RC4-40 (and we have a fast rc4 cracking kernel), we can already summarize:
  • Guarantee to crack every password protected PDF of format v1.1 - v1.3 regardless of the password used
  • All existing documents at once as there's no more salt involved after the key is computed
  • In less than 4 hours (single GPU)!!


Here's how the output looks like:

Quote:
root@et:~/oclHashcat-1.32# ./oclHashcat64.bin -w3 -m 10410 hash -a 3 ?b?b?b?b?b
oclHashcat v1.32 starting...

Device #1: Tahiti, 3022MB, 1000Mhz, 32MCU
Device #2: Tahiti, 3022MB, 1000Mhz, 32MCU
Device #3: Tahiti, 3022MB, 1000Mhz, 32MCU

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Applicable Optimizers:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel ./amd/m10410_a3.cl (21164 bytes)
Device #1: Kernel ./amd/markov_le_v1.cl (9208 bytes)
Device #1: Kernel ./amd/bzero.cl (887 bytes)
Device #2: Kernel ./amd/m10410_a3.cl (21164 bytes)
Device #2: Kernel ./amd/markov_le_v1.cl (9208 bytes)
Device #2: Kernel ./amd/bzero.cl (887 bytes)
Device #3: Kernel ./amd/m10410_a3.cl (21164 bytes)
Device #3: Kernel ./amd/markov_le_v1.cl (9208 bytes)
Device #3: Kernel ./amd/bzero.cl (887 bytes)

$pdf$1*2*40*-4*1*16*c015cff8dbf99345ac91c84a45667784*32*1f300cd939dd5cf0920c787f12d16be22205e55a5bec5c9c6d563ab4fd0770d7*32*9a1156c38ab8177598d1608df7d7e340ae639679bd66bc4cda9bc9a4eedeb170:$HEX[db34433720]

Session.Name...: oclHashcat
Status.........: Cracked
Input.Mode.....: Mask (?b?b?b?b?b) [5]
Hash.Target....: $pdf$1*2*40*-4*1*16*c015cff8dbf99345ac91c84a45667784*32*1f300cd939dd5cf0920c787f12d16be22205e55a5bec5c9c6d563ab4fd0770d7*32*9a1156c38ab8177598d1608df7d7e340ae639679bd66bc4cda9bc9a4eedeb170
Hash.Type......: PDF 1.3 (Acrobat 2, 3, 4) + collider-mode #1
Time.Started...: Fri Nov 7 16:05:44 2014 (19 mins, 42 secs)
Speed.GPU.#1...: 85019.7 kH/s
Speed.GPU.#2...: 85010.9 kH/s
Speed.GPU.#3...: 84962.4 kH/s
Speed.GPU.#*...: 255.0 MH/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 301050363904/1099511627776 (27.38%)
Skipped........: 0/301050363904 (0.00%)
Rejected.......: 0/301050363904 (0.00%)
HWMon.GPU.#1...: 99% Util, 38c Temp, 25% Fan
HWMon.GPU.#2...: 99% Util, 39c Temp, 27% Fan
HWMon.GPU.#3...: 99% Util, 38c Temp, 27% Fan

Started: Fri Nov 7 16:05:44 2014
Stopped: Fri Nov 7 16:25:29 2014
#3
Hey, OP back again thank you - I read as much as I could understand. So Now I have oclhashcat running on my windows 10 machine with an old Nvidia Quadro FX580 ( supports cuda ).

I open the CMD window , and from inside the hashcat directory execute
>...64.exe -m 10500 -a 3 name.hash

and everytime I just get back some complaint about "line length exception" no hash found. I have tried using 10500,10410,10400,10600,10700 but it makes no difference.

What do I do ?
#4
Read the basic usage of hashcat.
#5
(05-15-2016, 08:36 PM)Xanadrel Wrote: Read the basic usage of hashcat.

I have tried to read, but I honestly do not understand - I need to use the mode associated to a certain type of hash - I looked up the example page on the wiki - but really I am lost.