Please help with mask for 128 bit pdf key
#1
Hello,

I have a pdf file with the following hash: 
$pdf$2*3*128*-4*1*16*<hash removed by philsmd>

So i can determine that -m = 10500. But a question 1 is about the key.

Do i understand right that if the key has 128 bit, I need to use the mask for 16 bytes: ?b..?b[16]?

And question 2: i saw examples about cracking pdfs, some of them are using mask ?a..a? and some ?b...?. If we are looking not a password but key (which is in bytes) atacking bytes (?b) seems right and (?a) - not?
#2
it's not allowed to post hashes.

The encryption used by the PDF algorithm uses a 128 bit key.

This key is derived by a key-derivation-function and will be generated from your password as an input.
This means, that -m 10500 as most other algorithms (excepts some special hash types, see collider modes) expect the password as an input.

Therefore, you try password candidates. You can't easily break a 128 bit random key directly, but if it is derived from an (easy) password, it might be feasible/easy to open the PDF document.
#3
Thank you, but how can i determine collider mode, there is no info about this (or i can't find)?

I found only this in wiki:
10400 | PDF 1.1 - 1.3 (Acrobat 2 - 4) | Documents
10410 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1 | Documents
10420 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2 | Documents
10500 | PDF 1.4 - 1.6 (Acrobat 5 - 8) | Documents
10600 | PDF 1.7 Level 3 (Acrobat 9) | Documents
10700 | PDF 1.7 Level 8 (Acrobat 10 - 11) | Documents

Are there no collider modes for 1.4 - 1.6? Does this mean that i can't use ?b.. mask and should use only ?a..?
#4
You can't use a collider mode for pdf versions that can't be attack with that method (it's only possible for old pdf versions).

Mask attack is in general not a good strategy to recover a password for slow hashes. I would suggest that you start with dictionary attacks with rules, instead of brute-force or mask attacks.
#5
Philsmd, thank you. Done in 4 mins, 2 secs. : )