PDF: The Aerial trick
(How to crack any pdf security setting)

by JimBob

(31 October 1997)

Courtesy of Reverser's page of reverse engineering

Well, short and directly to the point, I added some info about Aerial code at the end

 I visited your site last night and saw the info on 
cracking Acrobat and PDFs. I've been interested in this file format 
for awhile now since it is such a versitile format.  I would like to 
suggest another aspect of PDF cracking, extracting embedded fonts.

I have discovered that as long as you can open a pdf, text extraction 
is no problem, no matter what the security settings are. I extracted 
ghiric7.pdf text without a hitch.  The secret is a free plugin for 
exchange from Ambia (www.ambia.com).  It allows extracting the text 
to RTF format, and will do so even if selecting, printing, modifying 
etc are all pw protected, it doesnt matter, it still extracts it.  It 
is supposed to extract the pictures too, but I've found that it's 
just not that good at it.

You must first run Exchange and laod a PDF, then activate the aerial 
toolbar.  Close the file and the toolbar stays active.  Now even if 
you load say gharic7.pdf, which makes the Acrobat toolbar disappear, 
the Ambia plugin stays active, select Extract to RTF and the text is 
yours. Oh yea the plugin is called Aerial.

Can't wait to see how this project comes out!

Some of you may like to know that inside Aerial there are some
cmp dword ptr (eax+6CH), 1Eh

And that 1Eh (0x1E) corresponds to Decimal 30, like 30 days... and yes, there is also another protection scheme there, as stupid as this one.
(c) JimBob 1997. All rights reserved
You are deep inside reverser's page of reverse engineering, choose your way out:

redBack to the PDF-Project
homepage links red anonymity +ORC students' essays Academy database
tools cocktails antismut CGI-scripts search_forms mail_Reverser
Is reverse engineering illegal?