UJP - 技術情報1

Life is fun and easy!
不正IP報告数

Okan Sensor
Home Information Service Tech(Free) Tech(Member) Blog FAQ
 
メイン
ログイン

ユーザー名:


パスワード:





パスワード再発行手続き  |無料会員入会手続へ...
ブログ カテゴリ一覧
PDFcrack

PDFcrack

0.改訂履歴

  • 2007.12.14 新規作成

1.はじめに

 このドキュメントでは, PDFcrackツールをコンパイルし,暗号化したPDFの暗号を解読するまでの手順を説明する. 解析するパスワードは,アスキーで4文字,6文字,8文字,10文字としている.

 なお,使用しているOSは,MacOS X 10.4.11で,MacPro(DualCore Xeon 2.66MHz)で稼働している.

2.インストール

  • 以下の公式サイトからモジュールを入手する.
  • ダウンロードしたモジュールを展開して,中身を確認する. 
macbook3:/Users/shinnai/Documents/Downloads root# ls -la pdfcrack-0.9.tar.gz 
-rw-r--r--   1 shinnai  shinnai  28463 Oct 24 04:36 pdfcrack-0.9.tar.gz
macbook3:/Users/shinnai/Documents/Downloads root# tar xfz pdfcrack-0.9.tar.gz 
macbook3:/Users/shinnai/Documents/Downloads root# cd pdfcrack-0.9
macbook3:/Users/shinnai/Documents/Downloads/pdfcrack-0.9 root# ls -la
total 304
drwxr-xr-x   23 500      500        782 Oct 27  2006 .
drwxr-xr-x   42 shinnai  shinnai   1428 Dec 14 16:30 ..
-rw-r--r--    1 500      500      17991 Oct 27  2006 COPYING
-rw-r--r--    1 500      500        481 Oct 27  2006 Makefile
-rw-r--r--    1 500      500       1912 Oct 27  2006 README
-rw-r--r--    1 500      500       1093 Oct 27  2006 TODO
-rw-r--r--    1 500      500       8093 Oct 27  2006 benchmark.c
-rw-r--r--    1 500      500        869 Oct 27  2006 benchmark.h
-rw-r--r--    1 500      500       2435 Oct 24 02:23 changelog
-rw-r--r--    1 500      500       2071 Oct 27  2006 common.c
-rw-r--r--    1 500      500       1755 Oct 27  2006 common.h
-rw-r--r--    1 500      500       8810 Mar 12  2007 main.c
-rw-r--r--    1 500      500      11460 Oct 27  2006 md5.c
-rw-r--r--    1 500      500        952 Oct 24 02:38 md5.h
-rw-r--r--    1 500      500       5861 Oct 24 02:39 passwords.c
-rw-r--r--    1 500      500       1197 Oct 27  2006 passwords.h
-rw-r--r--    1 500      500      17950 Oct 24 02:42 pdfcrack.c
-rw-r--r--    1 500      500       1487 Oct 27  2006 pdfcrack.h
-rw-r--r--    1 500      500      11008 Oct 27  2006 pdfparser.c
-rw-r--r--    1 500      500       1238 Oct 27  2006 pdfparser.h
-rw-r--r--    1 500      500       2073 Oct 27  2006 pdfreader.c
-rw-r--r--    1 500      500       5951 Oct 24 02:48 rc4.c
-rw-r--r--    1 500      500       1102 Oct 27  2006 rc4.h
macbook3:/Users/shinnai/Documents/Downloads/pdfcrack-0.9 root#
  • configureではなくmakeだけ用意されているので,makeする. 
macbook3:/Users/shinnai/Documents/Downloads/pdfcrack-0.9 root# make
gcc -Wall -Wshadow -Wwrite-strings -Wsign-compare -Wfloat-equal -Wconversion -
Wmissing-noreturn -Wbad-function-cast -Wmissing-prototypes -Winline -Wredundant-
decls -O3 -c -o main.o main.c
main.c: In function 'main':
main.c:305: warning: passing argument 3 of 'initPDFCrack' with different width 
due to prototype
main.c:305: warning: passing argument 10 of 'initPDFCrack' with different width 
due to prototype
gcc -Wall -Wshadow -Wwrite-strings -Wsign-compare -Wfloat-equal -Wconversion -
Wmissing-noreturn -Wbad-function-cast -Wmissing-prototypes -Winline -Wredundant-
decls -O3 -c -o rc4.o rc4.c
gcc -Wall -Wshadow -Wwrite-strings -Wsign-compare -Wfloat-equal -Wconversion -
Wmissing-noreturn -Wbad-function-cast -Wmissing-prototypes -Winline -Wredundant-
decls -O3 -c -o md5.o md5.c
gcc -Wall -Wshadow -Wwrite-strings -Wsign-compare -Wfloat-equal -Wconversion -
Wmissing-noreturn -Wbad-function-cast -Wmissing-prototypes -Winline -Wredundant-
decls -O3 -c -o pdfcrack.o pdfcrack.c
pdfcrack.c: In function 'do_permutate':
pdfcrack.c:175: warning: passing argument 1 of 'isolat1ToUpper' with different 
width due to prototype
pdfcrack.c: In function 'initPDFCrack':
pdfcrack.c:518: warning: passing argument 2 of 'initEncKeyWorkSpace' with 
different width due to prototype
pdfcrack.c: In function 'loadState':
pdfcrack.c:618: warning: format '%zu' expects type 'size_t *', but argument 3 
has type 'int *'
gcc -Wall -Wshadow -Wwrite-strings -Wsign-compare -Wfloat-equal -Wconversion -
Wmissing-noreturn -Wbad-function-cast -Wmissing-prototypes -Winline -Wredundant-
decls -O3 -c -o pdfparser.o pdfparser.c
gcc -Wall -Wshadow -Wwrite-strings -Wsign-compare -Wfloat-equal -Wconversion -
Wmissing-noreturn -Wbad-function-cast -Wmissing-prototypes -Winline -Wredundant-
decls -O3 -c -o passwords.o passwords.c
gcc -Wall -Wshadow -Wwrite-strings -Wsign-compare -Wfloat-equal -Wconversion -
Wmissing-noreturn -Wbad-function-cast -Wmissing-prototypes -Winline -Wredundant-
decls -O3 -c -o common.o common.c
gcc -Wall -Wshadow -Wwrite-strings -Wsign-compare -Wfloat-equal -Wconversion -
Wmissing-noreturn -Wbad-function-cast -Wmissing-prototypes -Winline -Wredundant-
decls -O3 -c -o benchmark.o benchmark.c
benchmark.c: In function 'pdf_128b_bench':
benchmark.c:204: warning: passing argument 3 of 'initPDFCrack' with different 
width due to prototype
benchmark.c:204: warning: passing argument 10 of 'initPDFCrack' with different 
width due to prototype
benchmark.c:211: warning: passing argument 3 of 'initPDFCrack' with different 
width due to prototype
benchmark.c:211: warning: passing argument 10 of 'initPDFCrack' with different 
width due to prototype
benchmark.c:219: warning: passing argument 3 of 'initPDFCrack' with different 
width due to prototype
benchmark.c:219: warning: passing argument 10 of 'initPDFCrack' with different 
width due to prototype
benchmark.c: In function 'pdf_40b_bench':
benchmark.c:251: warning: passing argument 3 of 'initPDFCrack' with different 
width due to prototype
benchmark.c:251: warning: passing argument 10 of 'initPDFCrack' with different 
width due to prototype
benchmark.c:259: warning: passing argument 3 of 'initPDFCrack' with different 
width due to prototype
benchmark.c:259: warning: passing argument 10 of 'initPDFCrack' with different 
width due to prototype
benchmark.c:266: warning: passing argument 3 of 'initPDFCrack' with different 
width due to prototype
benchmark.c:266: warning: passing argument 10 of 'initPDFCrack' with different 
width due to prototype
gcc -Wall -Wshadow -Wwrite-strings -Wsign-compare -Wfloat-equal -Wconversion -
Wmissing-noreturn -Wbad-function-cast -Wmissing-prototypes -Winline -Wredundant-
decls -O3 -o pdfcrack main.o rc4.o md5.o pdfcrack.o pdfparser.o passwords.o 
common.o benchmark.o
strip pdfcrack
macbook3:/Users/shinnai/Documents/Downloads/pdfcrack-0.9 root#
  • 特に問題なくコンパイル終了.
  • 作成されたアプリケーションを確認する. 
macbook3:/Users/shinnai/Documents/Downloads/pdfcrack-0.9 root# ls -la pdfcrack
-rwxr-xr-x   1 root  500  46816 Dec 14 16:32 pdfcrack
macbook3:/Users/shinnai/Documents/Downloads/pdfcrack-0.9 root#
  • 非常に小さなアプリケーションである.

2.検証マシンのスペックの確認.

  • まず,今回の検証マシンのスペックを確認する. 
    gacky:~/Documents shinnai$ cat macPro.txt 
Results 206.00
        System Info
                Xbench Version          1.3
                System Version          10.4.11 (8S2167)
                Physical RAM            9216 MB
                Model           MacPro1,1
                Drive Type              WDC WD5000AAKS-41TMA0
        CPU Test        138.48
                GCD Loop        314.59  16.58 Mops/sec
                Floating Point Basic    152.33  3.62 Gflop/sec
                vecLib FFT      111.19  3.67 Gflop/sec
                Floating Point Library  98.53   17.16 Mops/sec
        Thread Test     528.40
                Computation     489.03  9.91 Mops/sec, 4 threads
                Lock Contention 574.66  24.72 Mlocks/sec, 4 threads
        Memory Test     139.81
                System  138.19
                        Allocate        135.79  498.68 Kalloc/sec
                        Fill    145.17  7058.34 MB/sec
                        Copy    134.11  2769.92 MB/sec
                Stream  141.48
                        Copy    139.89  2889.39 MB/sec
                        Scale   138.88  2869.19 MB/sec
                        Add     145.17  3092.38 MB/sec
                        Triad   142.14  3040.68 MB/sec
        Quartz Graphics Test    187.34
                Line    150.03  9.99 Klines/sec [50% alpha]
                Rectangle       195.27  58.30 Krects/sec [50% alpha]
                Circle  186.77  15.22 Kcircles/sec [50% alpha]
                Bezier  174.29  4.40 Kbeziers/sec [50% alpha]
                Text    262.40  16.41 Kchars/sec
        OpenGL Graphics Test    195.07
                Spinning Squares        195.07  247.45 frames/sec
        User Interface Test     417.44
                Elements        417.44  1.92 Krefresh/sec
gacky:~/Documents shinnai$
  • Xbenchで206.00というスコアを付けている.

3.パスワード解読の実行

  • 解析を実行するには,pdfcrackコマンドの後ろに対象ファイル名を指定すれば良い.
  • 4文字のパスワードをつけたPDFを分析してみる. 
gacky:~/Documents shinnai$ ./pdfcrack protect4.pdf
PDF version 1.3
Security Handler: Standard
V: 1
R: 2
P: -4
Length: 40
Encrypted Metadata: True
FileID: 3bc70c8bc9eb0706e601f57ed8b4a454
U: 88b29ad6f366e2d672b6e1911288b14fdd7843174ccac76ca21141f6c3f41467
O: 551755f795bdee747370c194da4b8d07309255f7f284c0583da91c2fe6da4774
found user-password: 'qwer'
gacky:~/Documents shinnai$
  • 時間を計ってみる. 
gacky:~/Documents shinnai$ date;time ./pdfcrack protect4.pdf;date
Sat Dec 15 18:16:49 JST 2007
PDF version 1.3
Security Handler: Standard
V: 1
R: 2
P: -4
Length: 40
Encrypted Metadata: True
FileID: 3bc70c8bc9eb0706e601f57ed8b4a454
U: 88b29ad6f366e2d672b6e1911288b14fdd7843174ccac76ca21141f6c3f41467
O: 551755f795bdee747370c194da4b8d07309255f7f284c0583da91c2fe6da4774
found user-password: 'qwer'

real    0m6.305s
user    0m6.285s
sys     0m0.004s
Sat Dec 15 18:16:56 JST 2007
gacky:~/Documents shinnai$
  • 7秒で完了.4文字だと一瞬でパスワードが解読できた.
  • 次に,6文字のパスワードとしてみる. 
gacky:~/Documents shinnai$ date;time ./pdfcrack protect.pdf;date  
Sat Dec 15 18:20:17 JST 2007
PDF version 1.3
Security Handler: Standard
V: 1
R: 2
P: -4
Length: 40
Encrypted Metadata: True
FileID: 49f8975fd8abf140fc92e45716c23a05
U: c930ee1d414aa747625103ac6d964677ecaeebb4d8e12d5c28e383abe551f55e
O: 0f98f1d06ff6e406a3cedabee48d955b29c83793e6cc1f58f586d4ef34a16383
Average Speed: 686556.4 w/s. Current Word: 'ZeL4'
Average Speed: 660080.8 w/s. Current Word: 'iA9Xa'
Average Speed: 682369.9 w/s. Current Word: 'DTpTb'

〜略〜


Average Speed: 681141.8 w/s. Current Word: '22fu7g'
Average Speed: 681062.9 w/s. Current Word: 'Lypp8g'
Average Speed: 680912.7 w/s. Current Word: '1hyk9g'
Average Speed: 680773.7 w/s. Current Word: 'riGfah'
Average Speed: 680735.1 w/s. Current Word: 'p6Nabh'
Average Speed: 680881.3 w/s. Current Word: 'yFW5bh'
Average Speed: 681041.2 w/s. Current Word: 'f450ch'
Average Speed: 681051.4 w/s. Current Word: 'fwfWdh'
Average Speed: 681094.9 w/s. Current Word: 'hcpReh'
Average Speed: 681076.4 w/s. Current Word: 'lMyMfh'
found user-password: 'asdfgh'
Sat Dec 15 21:21:47 JST 2007
gacky:~/Documents shinnai$
  • 約3時間でパスワード解読ができた. 

							
				

			

			

				

					
						

							
				

			

			

				

					
						

							
				

			

			

				

					
						

							
				

			

			

				

					
						

							
				

			

			

				

					
						

							
				

			

			

				

					
						

							
				

			

			

				

					
						

							
				

			

			

				

					
						

							
				

			

			

				

					
						

							
				

			

			

				

					
						

							
				

			

			

				

					
						

							
				

			

			

				

					
						

							
				

			

			

				

					
						

							
				

			

			

				

					
						

							
				

			

		

		

			

		

		
    
			
  • 		

		

	


            

         

         

             

                
			

			      
			      			      
			

                

	   

	 		
                  

        
                  
広告スペース










































                
         

         		
   

           

				



        


          









Google