PDF "permissions" password? vs PDF file open password

[illsk1lls]

File open passwords obviously work fine. For PDFs with permission passwords, John will recognize the PDF as encrypted, and declare it has found a password, but the password field is blank. I don't see any information about permission passwords for PDF's on the forum. I may have missed it. But I was curious, if this was worthy of a feature request if it's not already present.

[magnumripper]

I'm not 100% sure but I guess this is a dupe of would have been fixed in #5165 but I think we never got a PR

[magnumripper]

Also, I think hashcat has this as 25400 so we can study the algo for implementing it. EDIT yes it's mentioned in #5165 as well.

[illsk1lls]

After checking the referenced issue I see there is still a little work to be done as it has to be merged into the existing $pdf$ hash format. And pdf2john.py still needs an update. Thanks for the bump.

[magnumripper]

In some cases the current pdf2john will output some hash that we then "crack" as empty password - although the real password is not empty and is an owner or permissions password. In those cases (or at least some of them) hashcat can crack the real password if you supply the correct cracking mode (25400) and not any of the others.

I'm not sure this is the complete picture though.