View Single Post
Old 08-24-2009, 08:49 PM   #466
joblack
Wizard
joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.
 
Posts: 1,752
Karma: 4382688
Join Date: Jul 2006
Location: Somewhere on earth
Device: Onyx Boox Tab X C
Quote:
Originally Posted by JohnTheRipper View Post
This is the encrypted key:

<encryptedKey>PDN/JFFoDC6XKdI1SOeOA3uLtgbaRmvGPf9gSwQOVOMvq3YQS/yDnTnx+oQoXR9lZF+V/pbGZ
g6UktG8iGSKG/6HrgyHIfnDo+6G4jqeX/0EEUunPS6O+h3SP56cvThtyaxVv0ayXhserM9cFY89KTTxcK0U bso0H4cqirlWR1c=</encryptedKey>

taken from the base64-decoded rights of the uncompressed ADEPT_LICENSE's xml. Then it applies an rsa decrypt, but it seems not to be correct. The ebx_V and ebx_type seems to be get ok (3 and 6). Actually, ineptpdf v2 decrypts but streams seems to be corrupted (i.e. not correctly decrypted) so I can see pages like in ADE.

Sure ILC has made a extremely good job, but part of the script is based on PDFParser from pdfminer..

I have no time now to reverse-engineer what ADE does when opens a DRM, it uses CRYPT32.DLL and CryptUnprotectData...

----------------

PDFMiner v20090824.
dumppdf said:

raise PDFEncryptionError('Unknown filter: param=%r' % param)
pdfminer.pdfparser.PDFEncryptionError: Unknown filter: param={'EBX_SELLER_URL': '', ...
... , 'Filter': /EBX_HANDLER, 'Length': 128, 'EBX_PUBLISHER_URL': '', 'V': 3}
RSA isn't used to decrypt the whole pdf it's only to decrypt the symmetric key (the former would be too slow). I know it comes from pdf miner but pdf miner has no dump method and almost no cryptological methods.
joblack is offline   Reply With Quote