cyrozap / poppler-pdf-key-dumper
A hack for poppler that enables it to dump the hashes of encrypted PDF files, which can then be cracked by hashcat. Inspired by pdf2hashcat.py and pdf2john.py.
๐ฅ Clone
https://github.com/cyrozap/poppler-pdf-key-dumper.git
poppler-pdf-key-dumper
A simple patch and build scripts for poppler that enable it to dump the hashes for encrypted PDF files. The hash line output can then be used directly by hashcat.
Inspired by pdf2hashcat.py and pdf2john.py.
Building
Clone this repository recursively, cd to the poppler source directory, apply
the patch, and build poppler.
git clone --recursive https://github.com/cyrozap/poppler-pdf-key-dumper.git
cd poppler-pdf-key-dumper
cd poppler
patch -p1 << ../poppler-pdf-key-dumper.patch
./autogen.sh
makeUsage
To get the hash line for a file, simply run the pdfinfo utility on the file
and grep the output for "$pdf$". For instance:
./poppler/utils/pdfinfo encrypted.pdf | grep '\$pdf\
The output should look something like this:
$pdf$4*4*128*-1340*1*16*xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx*32*xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx*32*xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
License
This patch is licensed the same as poppler, under the GNU GPL version 3 (or
later).
The output should look something like this:
%%CODEBLOCK2%%
License
This patch is licensed the same as poppler, under the GNU GPL version 3 (or later).