Thursday, November 4, 2010

More PDF Decryption Enhancements for PDF Examiner

Got rid of a unsigned int issue when calculating the permissions value for some types of encrypted PDFs, if you had any issues with decrypting malware PDFs, try resubmitting to the PDF Examiner. Second update was to handle owner password string literals in octal.

Apparently to get an 4 byte hex of a PHP int you can't just go dechex($permissions), you'll need to go dechex( pow(2, 32)- pow(2, 32)+$permissions) to get the larger unsigned int range. Fun workarounds, but it's at least closer to C than Python ;).

No comments:

Post a Comment