Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Formats > PDF

Notices

Reply
 
Thread Tools Search this Thread
Old 07-09-2006, 03:04 PM   #1
CommanderROR
eink fanatic
CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.
 
CommanderROR's Avatar
 
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
Can somebody make a tool to inject Information into a PDF?

Hi!

Strange question:

does anyome know a tool or can somebody make a tool that injects info into a PDF file?
The idea is this:
You make a PDF, make it simple, reflowable but otherwise standard so it can be used with as many PDF viewers as possible. You put a password on it for edit protection so that nobody can extract text or change the contents.

You then add a page that contains the "Owner Information". Let's say Name and Address.

Would it be possible to automate a process like that?

What I'm thinking is this:
Wouldn't a "DRM" model like this disencourage casual piracy (who wants to put their name and address up on a p2p network???) while still making files compatible and easy to keep and to use?

Thanks.

give me your idea on the process and the whole scheme...it'll probably never get it's chance, but I'd just like to know.
CommanderROR is offline   Reply With Quote
Old 07-09-2006, 03:17 PM   #2
Pitchfork
Connoisseur
Pitchfork began at the beginning.
 
Posts: 98
Karma: 31
Join Date: Mar 2006
Location: Spain
Device: Iliad/Ipaq 6340
There is no problem in making a PDF such as this, however the edit protection can be removed easily. Once you make it harder to remove the protection you risk losing viewer compatibility. Even casual users can download tools with easy to follow UI's that remove the current Adobe protection, and can thereby remove the offending owner information.

Thinking of it a little more I realized that you can of course make it a pain to remove this user info, by placing the info multiple times in the file, in somewhat random formats that make it harder for tools to automatically remove the information.

Last edited by Pitchfork; 07-09-2006 at 03:20 PM.
Pitchfork is offline   Reply With Quote
Advert
Old 07-09-2006, 03:57 PM   #3
CommanderROR
eink fanatic
CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.
 
CommanderROR's Avatar
 
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
The point is not to make this protection unbreakable. It's just a "token" protection to prevent just anybody from putting the files on p2p.

Every protection can and will be broken.

I hope publishers and authors will learn some day...
CommanderROR is offline   Reply With Quote
Old 07-09-2006, 04:16 PM   #4
CommanderROR
eink fanatic
CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.
 
CommanderROR's Avatar
 
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
I just made a sample file containing a sample of the "user information" at the end of the document.

If you like, grab it @ www.awde-sign.de/mobileread/sample.pdf

It's a public domain Gutenberg.org book, so it should be no problem if I put it up for download. I took the normal .txt file and converted it to PDF, added the info and the protection.

Try it and tell me:

1) does it work on your device?
2) could you remove the "owner information" and how easy was it?

Thanks.
CommanderROR is offline   Reply With Quote
Old 07-10-2006, 04:26 AM   #5
ath
Addict
ath doesn't litterath doesn't litter
 
Posts: 222
Karma: 110
Join Date: Jun 2006
Location: Malmo, Sweden
Device: iLiad, Sony PRS-505, Kindle Paperwhite & Oasis
Quote:
Originally Posted by CommanderROR
You make a PDF, make it simple, reflowable but otherwise standard so it can be used with as many PDF viewers as possible. You put a password on it for edit protection so that nobody can extract text or change the contents.

You then add a page that contains the "Owner Information". Let's say Name and Address.

Would it be possible to automate a process like that?
Possible, but impractical. It seems useless to first add DRM, then remove it in order to add a page, and then add it back in again: you need to keep track of the first password. If it's just a dummy password, it will be less safe, but if it's a good password, further password management is required. Simpler to keep the unprotected document, do the 'add extra page, and finish off with encryption', as that means you don't have to keep the original password around: instead you can use a truly random password for the encryption, which you don't keep any record of. Possibly less safe, but simpler.

Quote:
Wouldn't a "DRM" model like this disencourage casual piracy (who wants to put their name and address up on a p2p network???) while still making files compatible and easy to keep and to use?
Depends. If you add that page in the wrong place, it may not be seen, and so have minimal impact. You really want the PDF file to open on that page, and that means altering the document configuration. A better approach would be, I think, to design the cover page so that it incorporates the owner's name, or, perhaps, the page header or footer to do so. That means that the document has to be designed, however, so that this information can be added in some document specific way -- probably as a special object with known contents that is replaced.

If tracing was the only purpose, it would perhaps be enough to add one or more custom document properties, or perhaps an embedded file, with the identity, though I'm not 100% certain yet if it can be done so that it cannot be removed without passing the encryption barrier. (It is possible to remove some things from an encrypted document: it just means that Reader will warn that the document has been changed. That's clearly not useful for this information -- removal must be very difficult.)

However, for best protection 1.5 or later should be used, as it includes encrypted object streams, along with the longer-than-40-bit keys from 1.4 -- but that lessens the portability of the document. The tradeoff need to be considered carefully.
ath is offline   Reply With Quote
Advert
Old 07-10-2006, 06:23 AM   #6
CommanderROR
eink fanatic
CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.
 
CommanderROR's Avatar
 
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
That is exaclty the problem.

Putting this information at the beginning of the file (and maybe the end too) would be easy if you do it by hand.
But putting this info into every file by hand is pretty ridiculous.

One way would be to use a tool to inject the info into a .doc or .txt/.rft file, then make the PDF with the editing protection.

Has anyone tried to extract the info from my sample file yet? My program couldn't do it, but I only tried once. I couldn't extract contents either. So far it worked well. I haven't tried it on my PPC yet and have yet to receive my Iliad and try it there...
CommanderROR is offline   Reply With Quote
Old 07-10-2006, 07:29 AM   #7
Pitchfork
Connoisseur
Pitchfork began at the beginning.
 
Posts: 98
Karma: 31
Join Date: Mar 2006
Location: Spain
Device: Iliad/Ipaq 6340
I tried removing the protection using off the shelf products. they remove the protection, but also remove the entire contents of the doc

Injecting the user info could be done at download time. I have made quite a few web sites that do this and have the PDF creation components on my server, however I have notlooked into copy protection usung this system as it never has been a requirement. For more info on the component I am using look at http://www.asppdf.com/
Pitchfork is offline   Reply With Quote
Old 07-10-2006, 08:36 AM   #8
yokos
Pac-Man caught my iLiad.
yokos can teach chickens to fly.yokos can teach chickens to fly.yokos can teach chickens to fly.yokos can teach chickens to fly.yokos can teach chickens to fly.yokos can teach chickens to fly.yokos can teach chickens to fly.yokos can teach chickens to fly.yokos can teach chickens to fly.yokos can teach chickens to fly.yokos can teach chickens to fly.
 
yokos's Avatar
 
Posts: 807
Karma: 3595
Join Date: Apr 2006
Location: Germany; next to Baltic Sea
Device: Boox Max Lumi, iRex iLiad (RIP)
If you don't set a "user password" [needed for opening the pdf file] your security is very LOW. Software can decrypt it in milliseconds. After doing it your reader will have full controll of your document.

What you want to do is very easy with Adobe Acrobat - that is why it's so expensive. It's called "batching" or so [in my German version "Stapelverarbeitung"].
You can write scripts [adding pages, changing document information etc.,] & let it run on complete folder of files.

I don't know if other software like from foxit offers such features.
yokos is offline   Reply With Quote
Old 07-10-2006, 09:34 AM   #9
CommanderROR
eink fanatic
CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.
 
CommanderROR's Avatar
 
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
I have set a user password, but only for editing and or extracting/printing the file. The idea is, that the file should be easy to use and the protection should be unobtrusive but the information in the file should not be removable.
The master password could be generated randomly or something because nobody would have to have access to the editing features, not even the "seller" of the files.

The really difficult part for this procedure is, that you'd have to have a system like the one Pitchfork describes that uses the information the Purchaser provides when ordering and injects it into the PDF the user then downloads.
CommanderROR is offline   Reply With Quote
Old 07-10-2006, 09:44 AM   #10
ath
Addict
ath doesn't litterath doesn't litter
 
Posts: 222
Karma: 110
Join Date: Jun 2006
Location: Malmo, Sweden
Device: iLiad, Sony PRS-505, Kindle Paperwhite & Oasis
Quote:
Originally Posted by CommanderROR
1) does it work on your device?
No. It needs Reader 7.0 to be read, and Reader for Pocket PC 2.0 is not up to that level. If you want portability, you better use 40-bit encryption.

Quote:
2) could you remove the "owner information" and how easy was it?
Didn't even try. However ... as the document reads perfectly without password (once I fire up Reader 7.0), I doubt that it would be a serious problem.

Reader can clearly decrypt the information on it's own, and display it. When I try to do something that's not in the rights field (P), it's Reader, not the PDF file that implements the protection.

So I simply get my own reader (say, xpdf -- haven't checked if it does 1.5 decryption, though), remove the test for 'is this forbidden by DRM', if there is one, recompile it, run, open the file, save the file without encryption or compression, fire up a text editor, and remove the lines you've added manually. (There used to be a PostScript file around that could be used in GhostView that did much the same thing ... pdf_sec.ps. Don't know if it can be made to work for AES encryption) Once the PDF reader (or equivalent) decides to ignore the DRM specification in the file, you can do almost anything.

However ... once you require the user to enter a password before the document can be read, you get better protection. Then the password guessing and cryptanalysis starts in earnest.

I'm not entirely sure, but it may be possible simply to delete the
page the added text is on -- much rougher, but equally effective.

There's no security without passwords or equivalents: there's just obfuscation.
ath is offline   Reply With Quote
Old 07-10-2006, 09:59 AM   #11
CommanderROR
eink fanatic
CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.
 
CommanderROR's Avatar
 
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
i'm not so sure there.
I wanted to make the file unencrypted but add the protection for editing.
So far the usual suspects like PDF-to-txt and others have failed. Unfortuately my PPC couldn't read the file either because of the encryption.
Bad that...

Making a password prtection for the file to open is out of the question for me. It requires a device that has input and that is not always the case. Also, users would have to use the password to open the file every time, making it far more attractive to simply strip the pasword from the file thus making it "unprotected" again.

I'll have to try Xpdf or something and also try to make the file more compatible.
CommanderROR is offline   Reply With Quote
Old 07-10-2006, 10:13 AM   #12
ath
Addict
ath doesn't litterath doesn't litter
 
Posts: 222
Karma: 110
Join Date: Jun 2006
Location: Malmo, Sweden
Device: iLiad, Sony PRS-505, Kindle Paperwhite & Oasis
Quote:
Originally Posted by CommanderROR
So far the usual suspects like PDF-to-txt and others have failed.
Look for the name 'Kyler Laird', possibly together with 'PDF' on the net and in comp.text.pdf ... he did this kind of stuff routinely some five years back or so, though it was with 40-bit encryption -- as far as I remember it was using a modified version of xpdf.
ath is offline   Reply With Quote
Old 07-10-2006, 10:23 AM   #13
CommanderROR
eink fanatic
CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.
 
CommanderROR's Avatar
 
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
OK...I now made another file

www.awde-sign.de/mobileread/sample_low.pdf

This one works on my PPC and I can still not extract the content easily. I'm sure there are programs that can do this, but it's not too easy.
I'll do further testing.
CommanderROR is offline   Reply With Quote
Old 07-10-2006, 12:48 PM   #14
Pitchfork
Connoisseur
Pitchfork began at the beginning.
 
Posts: 98
Karma: 31
Join Date: Mar 2006
Location: Spain
Device: Iliad/Ipaq 6340
@CommanderROR

The last file was a snap to crack. Took 30 sec. to remove User info and gain access to all PDF features.

Thought it best to attach proof
Attached Files
File Type: pdf Sample_low2.pdf (494.5 KB, 827 views)

Last edited by Pitchfork; 07-10-2006 at 12:51 PM.
Pitchfork is offline   Reply With Quote
Old 07-10-2006, 01:33 PM   #15
CommanderROR
eink fanatic
CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.CommanderROR is fluent in JavaScript as well as Klingon.
 
CommanderROR's Avatar
 
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
Thanks for that info!

so that means that we're stuck with either bad compatibility or bad protection...damn...
CommanderROR is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
eBook PDF - free tool for creating PDF eBooks from text files KACartlidge PDF 6 01-04-2012 09:41 AM


All times are GMT -4. The time now is 02:51 AM.


MobileRead.com is a privately owned, operated and funded community.