BLOGDIAL : We are the best

Today, I was playing around with the tools in Acrobat 5, and a PDF entitled "a digital video primer" published by Adobe. I found that this file is LOCKED and ENCRYPTED, so that you cannot copy text, cannot extract pictures, cannot add notes or edit the document in any way.

Red rag to a bull.

From previous experience, I knew that you can print a restricted PDF to file and then distill it into a new PDF, preserving the file intact, but stripping all of the security. I tried this attack first, with Distiller 3, Distiller 4 Distiller 5 and the "Distiller", "PDFwrite" that comes with Ghostscript. All of them failed with the error that the file was encrypted, and that distilling an encrypted .ps file from a secure PDF was "not allowed". The Adobe Distillers go throughout the entire process of Distilling the file, including counting the pages as they are processed. It is only at the end that you get the following warning:


%%[ ProductName: Distiller ]%%
This PostScript file was created from an encrypted PDF file.
Redistilling encrypted PDF is not permitted.
%%[ Flushing: rest of job (to end-of-file) will be ignored ]%%
%%[ Warning: PostScript error. No PDF file produced. ] %%

using PDFwrite, the same thing happened when trying to distill a .ps file created by Acrobat 5 printing to file.; everything was processed as if the PDF was going to be written, and then only at the end you get a similarly formatted error log.

I suspect that somewhere there is a cleartext PDF in a /temp directory that could be intercepted...hmmmmm

The next possible attack was opening the PDF file in Illustrator 9; it failed, asking for a password to open the file. Opening in Photoshop 6.1 also failed. Printing the file "to file" with a linotronic 330 printer driver produced a .ps file which refused to distill on all distillers with the same security warning. The .ps file could however be opened and viewed in Ghostscript. Saving the file to EPS in Ghostscript produced an EPS that displayed a single blank page in Illustrator 9 and Photoshop 6.1.

Opening the original file in GSview the front end for Ghostscript, produced an error, since the file was encrypted; there is a patch that needs to be installed so that you can use GSview/Ghostscript to open encrypted PDFs. The patch worked, and the encrypted file opened.

I was then able to export the encrypted file to a PDF.

This stripped all of the security from the PDF, allowing full access to the complete contents of the file, and full editing functionality. The stripped file is identical to the original file in every way, save that the encryption has been defeated. No need to brute force passwords, no need to print and re-capture (capturing inside Acrobat Capture was also a disallowed function btw).

"Trying to secure bits is like trying to make water not wet". This is true, and it is true of the PDF format. Because it is designed for printing there will always be a point in the document stream where you can capture the raw data, and then reconstruct the exact document, minus the security. This is quite different to the "encrypted channel to speakers / monitor" systems that are being designed now, because PDFs need to be printable to paper, which is always a clear text end product, rendering all attempts to "secure" PDFs moot.

Adobe will have to add security into Postscript itself, so that the attacker has to chase the cleartext right down to the laser in the printer. This will make it hard, but not impossible, to intercept cleartext in the printing chain.

Amazingly, Governments have released sensitive documents to the public, with postscript rendered black rectangle elements to obscure the names of ther informers / collaborators /spies. Anyone can strip the security from these files, remove the rectangles and read the information. This has already happened. Whats interesting is that Adobe is still putting these options into Acrobat, as if they will be any good at stoping people from editing / viewing hidden elements in PDFs. Its probably enough to stop the ordinary user, but when sensitive or valuable information normally ends up being replicated, its a sure thing that any sensitive info passed around in PDFs will be open to widespread reading thanks to these simple strip attacks.

Maybe Adobe can call its new version of Postscript "Postcrypt"!