Forensic Blogs

An aggregator for digital forensics blogs

June 28, 2022 by Didier Stevens

Update: format-bytes.py Version 0.0.14

This new version of format-bytes.py adds a feature to search for a range of integers:

#iv5#6080 means: look for an integer (i) equal to 6080 with a variation of 5 (v5), e.g., look for integers between 6075 and 6085.

format-bytes_V0_0_14.zip (http)
MD5: 600969FAC1F397036673574EA0BE0EE1
SHA256: D0EB0709985A4A5FEC1DA4B420CA440FF5268229CFFA1B3CC1EE5FAE92101957

Read the original at: Didier StevensFiled Under: Digital Forensics Tagged With: My Software, Update

June 27, 2022 by Didier Stevens

Update: cut-bytes.py Version 0.0.15

This new version contains a Python 3 fix.

cut-bytes_V0_0_15.zip (http)
MD5: 1906873950C1DC55665072C7F3529D7F
SHA256: 2B9847E49C08021C61B8FA09C9DD400FC41E817F65E1C2BAC64ABBD87D49E238

Read the original at: Didier StevensFiled Under: Digital Forensics Tagged With: My Software, Update

June 26, 2022 by Didier Stevens

Quickpost: Cracking PDF Owner Passwords

I added code to John the Ripper to crack PDF owner passwords (JtR cracks PDF user passwords only).

Source code can be found here.

Compiled Windows (Cygwin) and Linux (Ubuntu) executables can be found here.

This change introduces a new format: $pdfo$.

There is no tool for the moment to create this format. Just use pdf2john.pl to create a $pdf$ hash, and then change it into a $pdfo$ hash. To crack the owner password, one needs to recover the user password first.

This is the illustrated process:

There will be a PR for this change.

Cracking PDF owner passwords is just an academic exercise (writing this code was also just an exercise), as tools like QPDF can decrypt PDFs encrypted with a PDF owner password only without requiring the cleartext PDF owner password as argument.

Quickpost info

Read the original at: Didier StevensFiled Under: Digital Forensics Tagged With: Encryption, PDF

  • 1
  • 2
  • 3
  • …
  • 239
  • Next Page »

About

This site aggregates posts from various digital forensics blogs. Feel free to take a look around, and make sure to visit the original sites.

  • Contact
  • Aggregated Sites

Suggest a Site

Know of a site we should add? Enter it below

Sending

Jump to Category

All content is copyright the respective author(s)