-
-
[旧帖] [求助]pdf文档加密算法,求高手指教 0.00雪花
-
发表于: 2011-5-17 09:57
-
最近研究pdf文档加密机制,参阅pdf reference 1.4 中的加密算法,其中给出了pdf加密字典对象中O值的算法(见下文),根据该算法我写了相应的生成程序,代码如下:
#include <string.h>
#include <stdio.h>
#include "RC4.h"
#include "MD5.h"
#define KEY_lEN 5
int main(int argc, char* argv[])
{
char strkey[]="\x28\xBF\x4E\x5E\x4E\x75\x8A\x41\x64\x00\x4E\x56\xFF\xFA\x01\x08\x2E\x2E\x00\xB6\xD0\x68\x3E\x80\x2F\x0C\xA9\xFE\x64\x53\x69\x7A";
char passwd[]="123456";
unsigned char buf[64];
int k=strlen(passwd);
memcpy(buf,passwd,k);
if(k<32)
memcpy(buf+k,strkey,32-k);
char *p2;
p2=MD5String((char *)buf,32);
unsigned char key[64];
memcpy(key,p2,KEY_lEN);
struct rc4_state s;
rc4_setup( &s, key, KEY_lEN );
rc4_crypt( &s, buf, 32 );
return 0;
}
我在acrobat中对一个pdf文件进行了口令加密,密码是123456,加密后文件的o值如下:
跟我用上面的代码计算出来的不一样。
恳请各位大牛指点,问题出在什么地方?
是不是我理解算法错了?郁闷了好几天了!在此先谢谢各位了!
代码和加密的pdf文档.rar
附pdf reference中生成O值的算法:
算法3.3:
1. 补充或截取权限口令字符串为32个字节。如果输入的口令大于32个字节,那么只保留前32个字节,如果少于32个字节,那么就按下面的字符串补上所缺少的字节数:
<0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
0x2e, 0x2e, 0x00, 0xb6, 0xd0, 0x68, 0x3e, 0x80,
0x2f, 0x0c, 0xa9, 0xfe, 0x64, 0x53, 0x69, 0x7a>
如果没有权限(主)口令,那么就用用户口令替代。
2. 初始化MD5函数并将步骤1产生的结果输入MD5函数。
3. (版本3或更高)连续做50次:此后输出作为输入新的MD5哈希函数中。
4. 利用这个HASH数列的前面n位创建RC4密钥,对于版本2来说,n始终为5, 但对于版本3或更高版本来说,取决于加密字典中Length的值,为length/8。
5. 按照算法3.2中的第一步由用户口令得到32字节字符串。
6. 将第5步中产生的32位字节字符串用第4步中产生的密钥用RC4算法加密。
7. (版本3或更高)做19次:用前一次的输出作为下一次的输入进行编码;密钥是由第1步产生的原始密钥的单个字节和循环数和进行XOR(异或)运算得到的。
英文原文:
Algorithm 3.3 Computing the encryption dictionary’s O (owner password) value
1. Pad or truncate the owner password string as described in step 1 of Algorithm 3.2.
If there is no owner password, use the user password instead. (See implementation
note 17 in Appendix H.)
2. Initialize the MD5 hash function and pass the result of step 1 as input to this function.
3. (Revision 3 only) Do the following 50 times: Take the output from the previous
MD5 hash and pass it as input into a new MD5 hash.
4. Create an RC4 encryption key using the first n bytes of the output from the final
MD5 hash, where n is always 5 for revision 2 but for revision 3 depends on the
value of the encryption dictionary’s Length entry.
5. Pad or truncate the user password string as described in step 1 of Algorithm 3.2.
6. Encrypt the result of step 5, using an RC4 encryption function with the encryption
key obtained in step 4.
7. (Revision 3 only) Do the following 19 times: Take the output from the previous invocation
of the RC4 function and pass it as input to a new invocation of the function;
use an encryption key generated by taking each byte of the encryption key
obtained in step 4 and performing an XOR (exclusive or) operation between that
byte and the single-byte value of the iteration counter (from 1 to 19).
8. Store the output from the final invocation of the RC4 function as the value of the
O entry in the encryption dictionary.
Algorithm 3.2 Computing an encryption key
1. Pad or truncate the password string to exactly 32 bytes. If the password string is
more than 32 bytes long, use only its first 32 bytes; if it is less than 32 bytes long,
pad it by appending the required number of additional bytes from the beginning
of the following padding string:
< 28 BF 4E 5E 4E 75 8A 41 64 00 4E 56 FF FA 01 08
2E 2E 00 B6 D0 68 3E 80 2F 0C A9 FE 64 53 69 7A >
That is, if the password string is n bytes long, append the first 32 − n bytes of the
padding string to the end of the password string. If the password string is empty
(zero-length), meaning there is no user password, substitute the entire padding
string in its place.
2. Initialize the MD5 hash function and pass the result of step 1 as input to this function.
3. Pass the value of the encryption dictionary’s O entry to the MD5 hash function.
(Algorithm 3.3 shows how the O value is computed.)
4. Treat the value of the P entry as an unsigned 4-byte integer and pass these bytes to
the MD5 hash function, low-order byte first.
5. Pass the first element of the file’s file identifier array (the value of the ID entry in
the document’s trailer dictionary; see Table 3.12 on page 68) to the MD5 hash
function and finish the hash.
6. (Revision 3 only) Do the following 50 times: Take the output from the previous
MD5 hash and pass it as input into a new MD5 hash.
7. Set the encryption key to the first n bytes of the output from the final MD5 hash,
where n is always 5 for revision 2 but for revision 3 depends on the value of the encryption
dictionary’s Length entry.
#include <string.h>
#include <stdio.h>
#include "RC4.h"
#include "MD5.h"
#define KEY_lEN 5
int main(int argc, char* argv[])
{
char strkey[]="\x28\xBF\x4E\x5E\x4E\x75\x8A\x41\x64\x00\x4E\x56\xFF\xFA\x01\x08\x2E\x2E\x00\xB6\xD0\x68\x3E\x80\x2F\x0C\xA9\xFE\x64\x53\x69\x7A";
char passwd[]="123456";
unsigned char buf[64];
int k=strlen(passwd);
memcpy(buf,passwd,k);
if(k<32)
memcpy(buf+k,strkey,32-k);
char *p2;
p2=MD5String((char *)buf,32);
unsigned char key[64];
memcpy(key,p2,KEY_lEN);
struct rc4_state s;
rc4_setup( &s, key, KEY_lEN );
rc4_crypt( &s, buf, 32 );
return 0;
}
我在acrobat中对一个pdf文件进行了口令加密,密码是123456,加密后文件的o值如下:
跟我用上面的代码计算出来的不一样。
恳请各位大牛指点,问题出在什么地方?
是不是我理解算法错了?郁闷了好几天了!在此先谢谢各位了!代码和加密的pdf文档.rar
附pdf reference中生成O值的算法:
算法3.3:
1. 补充或截取权限口令字符串为32个字节。如果输入的口令大于32个字节,那么只保留前32个字节,如果少于32个字节,那么就按下面的字符串补上所缺少的字节数:
<0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
0x2e, 0x2e, 0x00, 0xb6, 0xd0, 0x68, 0x3e, 0x80,
0x2f, 0x0c, 0xa9, 0xfe, 0x64, 0x53, 0x69, 0x7a>
如果没有权限(主)口令,那么就用用户口令替代。
2. 初始化MD5函数并将步骤1产生的结果输入MD5函数。
3. (版本3或更高)连续做50次:此后输出作为输入新的MD5哈希函数中。
4. 利用这个HASH数列的前面n位创建RC4密钥,对于版本2来说,n始终为5, 但对于版本3或更高版本来说,取决于加密字典中Length的值,为length/8。
5. 按照算法3.2中的第一步由用户口令得到32字节字符串。
6. 将第5步中产生的32位字节字符串用第4步中产生的密钥用RC4算法加密。
7. (版本3或更高)做19次:用前一次的输出作为下一次的输入进行编码;密钥是由第1步产生的原始密钥的单个字节和循环数和进行XOR(异或)运算得到的。
英文原文:
Algorithm 3.3 Computing the encryption dictionary’s O (owner password) value
1. Pad or truncate the owner password string as described in step 1 of Algorithm 3.2.
If there is no owner password, use the user password instead. (See implementation
note 17 in Appendix H.)
2. Initialize the MD5 hash function and pass the result of step 1 as input to this function.
3. (Revision 3 only) Do the following 50 times: Take the output from the previous
MD5 hash and pass it as input into a new MD5 hash.
4. Create an RC4 encryption key using the first n bytes of the output from the final
MD5 hash, where n is always 5 for revision 2 but for revision 3 depends on the
value of the encryption dictionary’s Length entry.
5. Pad or truncate the user password string as described in step 1 of Algorithm 3.2.
6. Encrypt the result of step 5, using an RC4 encryption function with the encryption
key obtained in step 4.
7. (Revision 3 only) Do the following 19 times: Take the output from the previous invocation
of the RC4 function and pass it as input to a new invocation of the function;
use an encryption key generated by taking each byte of the encryption key
obtained in step 4 and performing an XOR (exclusive or) operation between that
byte and the single-byte value of the iteration counter (from 1 to 19).
8. Store the output from the final invocation of the RC4 function as the value of the
O entry in the encryption dictionary.
Algorithm 3.2 Computing an encryption key
1. Pad or truncate the password string to exactly 32 bytes. If the password string is
more than 32 bytes long, use only its first 32 bytes; if it is less than 32 bytes long,
pad it by appending the required number of additional bytes from the beginning
of the following padding string:
< 28 BF 4E 5E 4E 75 8A 41 64 00 4E 56 FF FA 01 08
2E 2E 00 B6 D0 68 3E 80 2F 0C A9 FE 64 53 69 7A >
That is, if the password string is n bytes long, append the first 32 − n bytes of the
padding string to the end of the password string. If the password string is empty
(zero-length), meaning there is no user password, substitute the entire padding
string in its place.
2. Initialize the MD5 hash function and pass the result of step 1 as input to this function.
3. Pass the value of the encryption dictionary’s O entry to the MD5 hash function.
(Algorithm 3.3 shows how the O value is computed.)
4. Treat the value of the P entry as an unsigned 4-byte integer and pass these bytes to
the MD5 hash function, low-order byte first.
5. Pass the first element of the file’s file identifier array (the value of the ID entry in
the document’s trailer dictionary; see Table 3.12 on page 68) to the MD5 hash
function and finish the hash.
6. (Revision 3 only) Do the following 50 times: Take the output from the previous
MD5 hash and pass it as input into a new MD5 hash.
7. Set the encryption key to the first n bytes of the output from the final MD5 hash,
where n is always 5 for revision 2 but for revision 3 depends on the value of the encryption
dictionary’s Length entry.
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
