Pretty Damn Fancy – Java PDF Cracker
I had to open a PDF, so I spent the morning working on a basic PDF password cracker written in Java. I haven’t encapsulated it in a command line tool yet (and I’m not sure I ever will), but it came out pretty neat.
It started out simple enough:
1 2 3 4 5 6 7 8 9 10 11 12 | boolean attempt(String password) throws IOException { try { //attempt to open the reader stream PdfReader reader = new PdfReader(this.filename, password.getBytes()); reader.close(); return true; } catch (BadPasswordException e) { return false; } } |
After I had the password, I couldn’t resist the urge to implement:
1 2 3 4 5 6 | boolean attempt(String password); String crackViaWordlistFiles(Collection wordlistFiles); String crackViaWordlistFile(String wordlistFile); String crackViaWordlist(Collection words); String crackViaBruteForce(String alphabet, int length); String crackViaBruteForce(String alphabet, int lower_length, int upper_length); |
The coolest of which, was the code for generating the brute force permutations of @length
Hopefully someone finds a use for this, and if not, finds a use for my brute force algorithm. Thanks!
Update: This project has been moved to github, expanded, and unit tested. http://github.com/seejohnrun/Pretty-Damn-Fancy
Kenny 11:17 pm on March 7, 2010 Permalink
Would a dictionary/brute-force based password cracker benefit from using a PdfReader library which didn’t use exceptions to signal a bad password? For something that will go through so many iterations, it seems that throwing an exception would cause hideous amounts of overhead.
john 7:02 am on March 8, 2010 Permalink
Well, exceptions (especially ones that occur commonly like this inside of a loop) are generally a terrible idea because, like you mentioned, they generate objects and overhead. This was somewhat hacked together to solve a day’s problem, but more importantly, the lowagie PDF library obviously doesn’t have a method called .attemptToOpenWithPassword(filename, password) – so I’d end up doing a lot more work to just run a series of words against a PDF file. As there’s really no more efficient way to write the above without exceptions, we’d definitely need a different library (which we’d most likely have to write).
That being said, with a large enough alphabet in the brute force methods, we both know the runtime requirements. The wordlist attack is pretty quick and ran through my largest wordlist (over 11 million words) in under 10 minutes.