07-09-2006, 03:04 PM | #1 |
eink fanatic
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
|
Can somebody make a tool to inject Information into a PDF?
Hi!
Strange question: does anyome know a tool or can somebody make a tool that injects info into a PDF file? The idea is this: You make a PDF, make it simple, reflowable but otherwise standard so it can be used with as many PDF viewers as possible. You put a password on it for edit protection so that nobody can extract text or change the contents. You then add a page that contains the "Owner Information". Let's say Name and Address. Would it be possible to automate a process like that? What I'm thinking is this: Wouldn't a "DRM" model like this disencourage casual piracy (who wants to put their name and address up on a p2p network???) while still making files compatible and easy to keep and to use? Thanks. give me your idea on the process and the whole scheme...it'll probably never get it's chance, but I'd just like to know. |
07-09-2006, 03:17 PM | #2 |
Connoisseur
Posts: 98
Karma: 31
Join Date: Mar 2006
Location: Spain
Device: Iliad/Ipaq 6340
|
There is no problem in making a PDF such as this, however the edit protection can be removed easily. Once you make it harder to remove the protection you risk losing viewer compatibility. Even casual users can download tools with easy to follow UI's that remove the current Adobe protection, and can thereby remove the offending owner information.
Thinking of it a little more I realized that you can of course make it a pain to remove this user info, by placing the info multiple times in the file, in somewhat random formats that make it harder for tools to automatically remove the information. Last edited by Pitchfork; 07-09-2006 at 03:20 PM. |
Advert | |
|
07-09-2006, 03:57 PM | #3 |
eink fanatic
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
|
The point is not to make this protection unbreakable. It's just a "token" protection to prevent just anybody from putting the files on p2p.
Every protection can and will be broken. I hope publishers and authors will learn some day... |
07-09-2006, 04:16 PM | #4 |
eink fanatic
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
|
I just made a sample file containing a sample of the "user information" at the end of the document.
If you like, grab it @ www.awde-sign.de/mobileread/sample.pdf It's a public domain Gutenberg.org book, so it should be no problem if I put it up for download. I took the normal .txt file and converted it to PDF, added the info and the protection. Try it and tell me: 1) does it work on your device? 2) could you remove the "owner information" and how easy was it? Thanks. |
07-10-2006, 04:26 AM | #5 | ||
Addict
Posts: 222
Karma: 110
Join Date: Jun 2006
Location: Malmo, Sweden
Device: iLiad, Sony PRS-505, Kindle Paperwhite & Oasis
|
Quote:
Quote:
If tracing was the only purpose, it would perhaps be enough to add one or more custom document properties, or perhaps an embedded file, with the identity, though I'm not 100% certain yet if it can be done so that it cannot be removed without passing the encryption barrier. (It is possible to remove some things from an encrypted document: it just means that Reader will warn that the document has been changed. That's clearly not useful for this information -- removal must be very difficult.) However, for best protection 1.5 or later should be used, as it includes encrypted object streams, along with the longer-than-40-bit keys from 1.4 -- but that lessens the portability of the document. The tradeoff need to be considered carefully. |
||
Advert | |
|
07-10-2006, 06:23 AM | #6 |
eink fanatic
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
|
That is exaclty the problem.
Putting this information at the beginning of the file (and maybe the end too) would be easy if you do it by hand. But putting this info into every file by hand is pretty ridiculous. One way would be to use a tool to inject the info into a .doc or .txt/.rft file, then make the PDF with the editing protection. Has anyone tried to extract the info from my sample file yet? My program couldn't do it, but I only tried once. I couldn't extract contents either. So far it worked well. I haven't tried it on my PPC yet and have yet to receive my Iliad and try it there... |
07-10-2006, 07:29 AM | #7 |
Connoisseur
Posts: 98
Karma: 31
Join Date: Mar 2006
Location: Spain
Device: Iliad/Ipaq 6340
|
I tried removing the protection using off the shelf products. they remove the protection, but also remove the entire contents of the doc
Injecting the user info could be done at download time. I have made quite a few web sites that do this and have the PDF creation components on my server, however I have notlooked into copy protection usung this system as it never has been a requirement. For more info on the component I am using look at http://www.asppdf.com/ |
07-10-2006, 08:36 AM | #8 |
Pac-Man caught my iLiad.
Posts: 807
Karma: 3595
Join Date: Apr 2006
Location: Germany; next to Baltic Sea
Device: Boox Max Lumi, iRex iLiad (RIP)
|
If you don't set a "user password" [needed for opening the pdf file] your security is very LOW. Software can decrypt it in milliseconds. After doing it your reader will have full controll of your document.
What you want to do is very easy with Adobe Acrobat - that is why it's so expensive. It's called "batching" or so [in my German version "Stapelverarbeitung"]. You can write scripts [adding pages, changing document information etc.,] & let it run on complete folder of files. I don't know if other software like from foxit offers such features. |
07-10-2006, 09:34 AM | #9 |
eink fanatic
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
|
I have set a user password, but only for editing and or extracting/printing the file. The idea is, that the file should be easy to use and the protection should be unobtrusive but the information in the file should not be removable.
The master password could be generated randomly or something because nobody would have to have access to the editing features, not even the "seller" of the files. The really difficult part for this procedure is, that you'd have to have a system like the one Pitchfork describes that uses the information the Purchaser provides when ordering and injects it into the PDF the user then downloads. |
07-10-2006, 09:44 AM | #10 | ||
Addict
Posts: 222
Karma: 110
Join Date: Jun 2006
Location: Malmo, Sweden
Device: iLiad, Sony PRS-505, Kindle Paperwhite & Oasis
|
Quote:
Quote:
Reader can clearly decrypt the information on it's own, and display it. When I try to do something that's not in the rights field (P), it's Reader, not the PDF file that implements the protection. So I simply get my own reader (say, xpdf -- haven't checked if it does 1.5 decryption, though), remove the test for 'is this forbidden by DRM', if there is one, recompile it, run, open the file, save the file without encryption or compression, fire up a text editor, and remove the lines you've added manually. (There used to be a PostScript file around that could be used in GhostView that did much the same thing ... pdf_sec.ps. Don't know if it can be made to work for AES encryption) Once the PDF reader (or equivalent) decides to ignore the DRM specification in the file, you can do almost anything. However ... once you require the user to enter a password before the document can be read, you get better protection. Then the password guessing and cryptanalysis starts in earnest. I'm not entirely sure, but it may be possible simply to delete the page the added text is on -- much rougher, but equally effective. There's no security without passwords or equivalents: there's just obfuscation. |
||
07-10-2006, 09:59 AM | #11 |
eink fanatic
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
|
i'm not so sure there.
I wanted to make the file unencrypted but add the protection for editing. So far the usual suspects like PDF-to-txt and others have failed. Unfortuately my PPC couldn't read the file either because of the encryption. Bad that... Making a password prtection for the file to open is out of the question for me. It requires a device that has input and that is not always the case. Also, users would have to use the password to open the file every time, making it far more attractive to simply strip the pasword from the file thus making it "unprotected" again. I'll have to try Xpdf or something and also try to make the file more compatible. |
07-10-2006, 10:13 AM | #12 | |
Addict
Posts: 222
Karma: 110
Join Date: Jun 2006
Location: Malmo, Sweden
Device: iLiad, Sony PRS-505, Kindle Paperwhite & Oasis
|
Quote:
|
|
07-10-2006, 10:23 AM | #13 |
eink fanatic
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
|
OK...I now made another file
www.awde-sign.de/mobileread/sample_low.pdf This one works on my PPC and I can still not extract the content easily. I'm sure there are programs that can do this, but it's not too easy. I'll do further testing. |
07-10-2006, 12:48 PM | #14 |
Connoisseur
Posts: 98
Karma: 31
Join Date: Mar 2006
Location: Spain
Device: Iliad/Ipaq 6340
|
@CommanderROR
The last file was a snap to crack. Took 30 sec. to remove User info and gain access to all PDF features. Thought it best to attach proof Last edited by Pitchfork; 07-10-2006 at 12:51 PM. |
07-10-2006, 01:33 PM | #15 |
eink fanatic
Posts: 2,022
Karma: 4924
Join Date: Mar 2006
Location: Germany
Device: STAReBOOK, iRex Iliad, Sony 505, Kindle 2
|
Thanks for that info!
so that means that we're stuck with either bad compatibility or bad protection...damn... |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
eBook PDF - free tool for creating PDF eBooks from text files | KACartlidge | 6 | 01-04-2012 09:41 AM |