http://www.elcomsoft.com

eBooks security—theory and practice

Presentation on on DEF CON Nine, July 13th–15th, 2001

Alexis Park in Las Vegas, Nevada USA

  1. Foreword
  2. PDF encryption
  3. Standard security handler
  4. Rot13 handler
  5. FileOpen handler
  6. SoftLock handler
  7. Adobe Web Buy handler (PDF Merchant)
  8. Acrobat eBook Reader EBX handler (formerly GlassBook)
  9. Arbitrary handler (obtaining encryption key from PDF viewer)
  10. Security flaw in Acrobat plug-ins certification

Electronic Publishing

Advantages:

Disadvantages:

Electronic Publishing/Reading Solutions

Software eBook leaders

Software eBook Compilers/Readers

Dedicated reading devices

Related Internet resources:
http://www.ebookcompilers.com/

eBook Pro compiler

Short description

(taken from www.ebookpro.com)

“eBook Pro”, the only software in the universe that makes your information virtually 100% burglarproof! It comes with a lifetime, money-back guarantee

“At Last, You Can Sell Information Online (And Make Thousands Of Sales Per Day)—Without The Danger Of Having Your Information Stolen And Resold By Others”

Actual features

All HTML pages and supplementary files are compressed with deflate algorithm from ZLIB

Compressed data are encrypted by XOR-ing each byte with every byte of the string “encrypted”, is the same as XOR with constant byte

Related Internet resources:
http://www.ebookpro.com/

PDF file structure

<PDF file> ::= <header> <body> <cross-reference table> <trailer>

<body> ::= <object> {<object>}

<object> :: <objectID> (<data> | <stream dictionary> <stream>)

Basic data types Example
Boolean true
Numeric 3.1415926
Object reference 23 0 R
Name /ProcSet
String (Contents) *
Stream {binary data} *

*—data could be encrypted

Complex data types Example
Array [23 0 R /XYZ null]
Dictionary <</Name1 (Val1) /Name2 /Val2>>

Related Internet resources:
http://www.adobe.com/products/acrobat/adobepdf.html

PDF file encryption

PDF Document

<Encrypted Content>

<<Encryption Dictionary>>

Contains security handler name and supplementary information necessary to obtain encryption key

Security handler

Takes information from Encryption Dictionary, calculates document encryption key and passes it to PDF Viewer

PDF Viewer

Takes document encryption key, decrypts PDF document and display it on the screen

Screen

A graphic form of this diagram is available.

Related Internet resources:
http://www.adobe.com/products/acrobat/adobepdf.html

Object encryption key calculation

Algorithm ver. 1, 2
Document encryption key MD5 HASH algorithm Object encryption key
Object ID + Generation

A graphic form of this diagram is available.

Algorithm ver. 3
Document encryption key MD5 HASH algorithm Object encryption key
Scrambled Object ID + Generation
‘sAlT’ string

A graphic form of this diagram is available.

Related Internet resources:
http://www.adobe.com/products/acrobat/adobepdf.html

Standard security handler

Two passwords are supported:

Knowing either password is sufficient to decrypt the document

Possible restrictions, when opened with User password:

New User password restriction, introduced in Acrobat 5:

Passwords per second on 450MHz Pentium III
Handler type \ Password type User Owner
Standard security handler 2 190,000
1×MD5 + 1×RC4
100,000
2×MD5 + 2×RC4
Standard security handler 3 3,250
51×MD5 + 20×RC4
1,610
102×MD5 + 40×RC4
Time necessary for complete key enumeration (40 bits key) on PIII-450
PCs \ total HDD 0 GB 128 GB 256 GB 384 GB 512 GB
1 960 hr 480 hr 240 hr 120 hr 60 hr
2 480 hr 240 hr 120 hr 60 hr 30 hr
3 320 hr 160 hr 80 hr 40 hr 20 hr
4 240 hr 120 hr 60 hr 30 hr 15 hr

Related Internet resources:
http://www.adobe.com/products/acrobat/adobepdf.html
http://www.elcomsoft.com/apdfpr.html

Rot13 security handler

Short description

Actual features

Related Internet resources:
http://www.nprg.com/

FileOpen security handler

Short description

(taken from www.fileopen.com)

Actual features

Related Internet resources:
http://www.fileopen.com/

SoftLock security handler

Short description

Actual features

Related Internet resources:
http://www.softlock.com/

Adobe WebBuy (PDF Merchant)

Short description

Related Internet resources:
http://pdfmerchant.adobe.com/

Adobe’s Acrobat eBookReader (formerly GlassBook)

Short description

Brief analysis

Interim key calculation from hardware IDs

CPU ID+Volume ID SHA1 Interim key

Interim key calculation from hidden copy

son.dat file
Fixed key RC5 Decrypt Interim key

Document key calculation

son.dat file Voucher
Interim key RC5 Decrypt Private RSA key RSA Decrypt Document key

Related Internet resources:
http://www.ebxwg.org/
http://www.adobe.com/products/contentserver/main.html

Object encryption key calculation

Algorithm ver. 1, 2
Document encryption key MD5 HASH algorithm Object encryption key
Object ID + Generation

A graphic form of this diagram is available.

Algorithm ver. 3
Document encryption key MD5 HASH algorithm Object encryption key
Scrambled Object ID + Generation
‘sAlT’ string

A graphic form of this diagram is available.

Related Internet resources:
http://www.adobe.com/products/acrobat/adobepdf.html

Obtaining encryption key from PDF viewer

Anti reverse-engineering measures in PDF viewers

Application name Code encryption Debugger detection Code integrity checking
Acrobat 4 No No No
Acrobat 5 No In DocBox plug-in No
eBook Reader PACE InterLok PACE InterLok No

How to find code of MD5 functions

Security flaw Acrobat plug-ins certification mechanism

Why to certify plug-in

How to certify plug-in

How certificate validity is checked

How to bypass plug-ins certificate checking