I don’t know how handy today’s article is going to be in reality but it’s sort of possible to crack a PDF password. Once you read the article, you’ll see why I said “sort of possible”. The odds of success will vary greatly.
Everybody knows what a PDF file is. It’s a Portable Document Format. This is actually a standard (ISO 32000). You don’t need Adobe products to create, edit, or read PDF-formatted documents. Odds are good that your distro comes with tools for manipulating PDF documents.
It’s possible to password-protect a PDF document. You can have an owner’s password (allowing editing) or you can have a user’s password (allowing you to read the document). This may be something you’ve encountered in the past.
Well, like all things password-protected, it’s possible to crack the password.
What do I mean by crack? I mean it will reveal the password to you in plain text. This will allow you to access the document in one form or another, depending on which password you crack.
This is gonna take some time…
Also, I’ll assume you’re using something based on Debian because I’ve not tested this with other distros. I’ve only tested this on my systems.
The tool we’ll be using is a ‘brute-force’ password cracker. That means it starts from the letter a and works its way up, adding new letters after the rest of the letters have been tried. So, you’ll see aa, ab, ac, ad, and progression along those lines. You can immediately see why this is going to take a while.
The tool we’ll be using is helpfully called ‘pdfcrack’.
This pdfcrack is a terminal-based PDF password-cracking tool. You can use brute force or lists of words such as common passwords. You can also specify the character list, though the default is to just use the regular alphabet in both uppercase and lowercase formats.
The pdfcrack application is helpfully described as such:
pdfcrack – Password recovery tool for PDF-files
I’ll assume that you’re only trying to recover passwords on documents you should legally have access to. I assume that you won’t use this to access content that does not belong to you. That seems like a safe assumption!
As you can see, this is the correct tool if you want to crack a PDF password.
As mentioned above, you’ll crack passwords in the terminal. That requires an open terminal, so we might as well install pdfcrack in the terminal. Just press CTRL + ALT + T and that will usually open up a terminal for you.
With your terminal now open, install pdfcrack:
sudo apt install pdfcrack
With that installed, check the man page:
man pdfcrack
Download:
Now, crack it…
pdfcrack -f /path/to/unlock-me.pdf
As it’s a download, it’s probably in your ~/Downloads directory, but mine is stored in my ~/Documents directory because it’s a document. So, my example:
pdfcrack -f ~/Documents/unlock-me.pdf
That uses a very simple password that should be cracked in a few seconds. On my older and slower computer, I was able to do more than 20,000 words per second. This short password should crack almost instantly.
Leave a comment telling me what the password is!
By default, pdfcrack will crack the user password. You can specify which password you wish to crack. Though the syntax is a little wonky. In this case, the syntax is as follows:
pdfcrack -f filename.pdf <options>
Which translates into the following…
For the owner:
pdfcrack -f filename.pdf -o
For the user:
pdfcrack -f filename.pdf -u
If you want to pause this, you can!
To pause a running pdfcrack instance just press CTRL + C. This will save the progress as savedstate.sav. The program will automatically resume when you run the command again. Pretty neat!
There’s a lot you can do with this command. Let’s say you recall the password was between 8 and 12 characters and want to just search in that area.
pdfcrack -f filename.pdf -n 8 -m 12
You can also specify the character set. If you want to use uppercase, lowercase, and numbers you can do that. You just add them to the command with the -c flag, making sure to put them in quotes. That’d look like this:
pdfcrack -f filename.pdf -c 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890'
You can specify a wordlist like so:
pdfcrack -f filename.pdf -w wordlist.txt
The format for that file appears to require one word per line and there are collections of common passwords you can download to help you crack a PDF password.
As you can imagine, and as you were warned near the start, this process can take a while. Assuming you have the right characters loaded and enough time, it’s certain to work eventually.
Go ahead and crack my example file above. That one won’t take you very long, even on a slow computer. It won’t be instantaneous, but it’ll be pretty quick.
If you want, you can also run a benchmark to see how fast your computer is. The command to do that is quite simply this:
pdfcrack -b
I ran this on the slowest computer I use. I didn’t run it on anything faster because I don’t care that much. I’m sure you’ll do better on your computers, though you can share the results as a way to compare your rig with others.
Anyhow, my output was this:
kgiii@kgiii:~/Documents$ pdfcrack -b Benchmark: Average Speed (calls / second): SHA256 (fast): 3309920.8 SHA256 (slow): 1727111.3 MD5: 3973834.3 MD5_50 (fast): 153127.8 MD5_50 (slow): 163666.6 RC4 (40, static): 1334279.6 RC4 (40, no check): 1339898.4 RC4 (128, no check): 1305946.2 Benchmark: Average Speed (passwords / second): PDF (40, user): 943049.0 PDF (40, owner): 520400.4 PDF (40, owner, fast): 1139653.1 PDF (128, user): 44928.0 PDF (128, owner): 21999.9 PDF (128, owner, fast): 45202.4
Be sure to check out the man page. It’s a simple application but there are many options available for pdfcrack and you might as well learn about them now. You never know when you’ll find an old PDF document with a forgotten password. It can (and does) happen!
Also, be sure to check the pdfcrack project page.
So, you might wonder why I’d include an article like this. After all, isn’t cracking passwords a potential legal mess? Isn’t it immoral to crack passwords? Is it even legal to crack passwords?
The answer is simple enough. It’s a tool you can use to recover your lost passwords. You can use this tool to access things that you shouldn’t be accessing, just like you can use a screwdriver to poke things you shouldn’t be poking. I’m just giving information.
I am also not a lawyer. I permit you to crack the password of the included file. For other files, don’t do anything illegal in your jurisdiction. If it’s a crime, don’t do it. I’m decidedly not your lawyer. If you think this requires asking a lawyer, go ahead and do so.
That and it’s not a great secret. If you’re relying on a password to protect PDF files from anyone serious, you’re probably doing your security wrong. It’s well known that this is possible and that the tools are easily installed. PDF passwords aren’t very good for security, though you can make complicated passwords.
The distro you’re using may very well have pdfcrack available, even if it isn’t one of the Debian-based distros. Just search and you can find it. With some work, you can even mostly install it with PIP. Just click the link above to the project page for more information about that.
As always…
Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.
Today we'll cover one way to enable or disable your network interface in the Linux…
Today's exercise is a nice and simple exercise where we check your NIC speed in…
Have you ever wanted to easily monitor your wireless connection? Well, now you can learn…
I think I've covered this before with the ls command but this time we'll count…
Today we'll be learning about a basic Linux command that's known as 'uname' and it…
If you've used hardinfo in the past, it may interest you to know that hardinfo…