SlideShare a Scribd company logo

defcon

Download as PPT, PDF
G
guestfbf1e1
BusinessTechnology
1 of 20
http://www. elcomsoft .com Presentation on on DEF CON Nine, July 13 th - 15 th , 2001 Alexis Park in Las Vegas, Nevada USA eBooks security - theory and practice
eBooks security - theory and practice 1. Foreword 2. PDF encryption 3. Standard security handler 4. Rot13 handler 5. FileOpen handler 6. SoftLock handler 7. Adobe Web Buy handler (PDF Merchant) 8. Acrobat eBook Reader EBX handler (formerly GlassBook) http://www. elcomsoft .com 9. Arbitrary handler (obtaining encryption key from PDF viewer) 10. Security flaw in Acrobat plug-ins certification
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],http://www. elcomsoft .com Electronic Publishing
Electronic Publishing/Reading Solutions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Related Internet resources: http://www. ebookcompilers .com/ http://www. elcomsoft .com ,[object Object],[object Object],[object Object]
eBook Pro compiler Short description (taken from www. ebookpro .com ) "eBook Pro", the only software in the universe that makes your information virtually 100% burglarproof! It comes with a lifetime, money-back guarantee "At Last, You Can Sell Information Online (And Make Thousands Of Sales Per Day) - Without The Danger Of Having Your Information Stolen And Resold By Others» http://www. elcomsoft .com Related Internet resources: http://www. ebookpro .com/ Actual features All HTML pages and supplementary files are compressed with deflate algorithm from ZLIB Compressed data are encrypted by XOR-ing each byte with every byte of the string “encrypted”, which is the same as XOR with constant byte
PDF file structure http://www. elcomsoft .com Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html Basic data types Example Boolean true Numeric 3.1415926 Object reference 23 0 R Name /ProcSet String (Contents) * Stream {binary data} * * - data could be encrypted <PDF file> ::= <header> <body> <cross-reference table> <trailer> <body> ::= <object> {<object>} <object> :: <objectID> (<data> | <stream dictionary> <stream>) Complex data types Example Array [23 0 R /XYZ null] Dictionary <</Name1 (Val1) /Name2 /Val2>>
PDF file encryption PDF Document <Encrypted Content> <<Encryption Dictionary>> Contains security handler name and supplementary information necessary to obtain encryption key http://www. elcomsoft .com Security handler Takes information from Encryption Dictionary , calculates document encryption key and passes it to PDF Viewer PDF Viewer Takes document encryption key , decrypts PDF document and display it on the screen Screen Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html
Object encryption key calculation Document encryption key http://www. elcomsoft .com Object ID + Generation MD5 HASH algorithm Object encryption key Document encryption key Scrambled Object ID + Generation MD5 HASH algorithm Object encryption key ‘ sAlT’ string Algorithm ver.1,2 Algorithm ver.3 Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html
Standard security handler ,[object Object],[object Object],[object Object],[object Object],http://www. elcomsoft .com Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html ,[object Object],[object Object],[object Object],[object Object],New User password restriction, introduced in Acrobat 5: ,[object Object],[object Object],[object Object],[object Object],Possible restrictions, when opened with User password:
Standard security handler http://www. elcomsoft .com Related Internet resources: http://www. elcomsoft .com/ apdfpr .html Time necessary for complete key enumeration (40 bits key) on PIII-450 Passwords per second on 450MHz Pentium III 15 hr 30 hr 60 hr 120 hr 240 hr 4 20 hr 40 hr 80 hr 160 hr 320 hr 3 30 hr 60 hr 120 hr 240 hr 480 hr 2 60 hr 120 hr 240 hr 480 hr 960 hr 1 512 GB 384 GB 256 GB 128 GB 0 GB PCs total HDD 1,610 102  MD5 + 40  RC4 3,250 51  MD5 + 20  RC4 Standard security handler 3 100,000 2  MD5 + 2  RC4 190,000 1  MD5 + 1  RC4 Standard security handler 2 Owner User Handler type P assword type
Rot13 security handler ,[object Object],[object Object],[object Object],[object Object],http://www. elcomsoft .com Related Internet resources: http://www. nprg .com/ ,[object Object],[object Object],[object Object],[object Object]
FileOpen security handler ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],http://www. elcomsoft .com Related Internet resources: http://www. fileopen .com / ,[object Object],[object Object],[object Object]
SoftLock security handler ,[object Object],[object Object],[object Object],[object Object],[object Object],http://www. elcomsoft .com Related Internet resources: http://www. softlock .com/ ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Adobe WebBuy (PDF Merchant) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],http://www. elcomsoft .com Related Internet resources: http:// pdfmerchant .adobe.com/
Adobe’s Acrobat eBookReader (formerly GlassBook) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],http://www. elcomsoft .com Related Internet resources: http://www. ebxwg .org/ http://www.adobe.com/products/ contentserver /main.html ,[object Object],[object Object],[object Object],[object Object],[object Object]
Adobe’s Acrobat eBookReader (formerly GlassBook) http://www. elcomsoft .com Related Internet resources: http://www.adobe.com/products/ contentserver /main.html Interim key calculation from hardware IDs CPU ID+ Volume ID SHA1 mor.dat file son.dat file Voucher RC5 Decrypt RSA Decrypt Private RSA key Document key Interim key Interim key RC5 Decrypt Fixed key Interim key Interim key calculation from hidden copy Document key calculation
Object encryption key calculation Document encryption key http://www. elcomsoft .com Object ID + Generation MD5 HASH algorithm Object encryption key Document encryption key Scrambled Object ID + Generation MD5 HASH algorithm Object encryption key ‘ sAlT’ string Algorithm ver.1,2 Algorithm ver.3 Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html
Obtaining encryption key from PDF viewer http://www. elcomsoft .com ,[object Object],[object Object],[object Object],Anti reverse-engineering measures in PDF viewers How to find code of MD5 functions No PACE InterLok PACE InterLok eBook Reader No In DocBox plug-in No Acrobat 5 No No No Acrobat 4 Code integrity checking Debugger detection Code encryption Application name
Security flaw Acrobat plug-ins certification mechanism http://www. elcomsoft .com ,[object Object],[object Object],[object Object],[object Object],[object Object],How to certify plug-in Why to certify plug-in ,[object Object],How certificate validity is checked ,[object Object],How to bypass plug-ins certificate checking
http://www. elcomsoft .com Presentation on on DEF CON Nine, July 13 th - 15 th , 2001 Alexis Park in Las Vegas, Nevada USA eBooks security - theory and practice

Recommended

Maggiolini etica it
Maggiolini etica itMaggiolini etica it
Maggiolini etica it
Andrea Rossetti
 
FLL 2007 Trondheim - Program
FLL 2007 Trondheim - ProgramFLL 2007 Trondheim - Program
FLL 2007 Trondheim - Program
Eirik Refsdal
 
Amy
AmyAmy
Amy
guest7fb8dd
 
Prezentacja Kios
Prezentacja KiosPrezentacja Kios
Prezentacja Kios
beowulf
 
Halloween
HalloweenHalloween
Halloween
englishp
 
Project overview
Project overviewProject overview
Project overview
jexxon
 
Callidus Software Product Installation And Performance Tuning
Callidus Software Product Installation And Performance TuningCallidus Software Product Installation And Performance Tuning
Callidus Software Product Installation And Performance Tuning
Callidus Software
 
20160921 think fast answer quick
20160921 think fast answer quick20160921 think fast answer quick
20160921 think fast answer quick
Haishuo's Learning Studio
 

Recommended

Maggiolini etica it
Maggiolini etica itMaggiolini etica it
Maggiolini etica it
Andrea Rossetti
 
FLL 2007 Trondheim - Program
FLL 2007 Trondheim - ProgramFLL 2007 Trondheim - Program
FLL 2007 Trondheim - Program
Eirik Refsdal
 
Amy
AmyAmy
Amy
guest7fb8dd
 
Prezentacja Kios
Prezentacja KiosPrezentacja Kios
Prezentacja Kios
beowulf
 
Halloween
HalloweenHalloween
Halloween
englishp
 
Project overview
Project overviewProject overview
Project overview
jexxon
 
Callidus Software Product Installation And Performance Tuning
Callidus Software Product Installation And Performance TuningCallidus Software Product Installation And Performance Tuning
Callidus Software Product Installation And Performance Tuning
Callidus Software
 
20160921 think fast answer quick
20160921 think fast answer quick20160921 think fast answer quick
20160921 think fast answer quick
Haishuo's Learning Studio
 
Video und Web 2.0
Video und Web 2.0Video und Web 2.0
Video und Web 2.0
Bertram Gugel
 
Internet
InternetInternet
Internet
guest78c671
 
How to rank a website on the cheap
How to rank a website on the cheapHow to rank a website on the cheap
How to rank a website on the cheap
Jeff Dez
 
Milieu-problematiek
Milieu-problematiekMilieu-problematiek
Milieu-problematiek
guest355cfe
 
Pink Ribbon Girls Newsletter
Pink Ribbon Girls NewsletterPink Ribbon Girls Newsletter
Pink Ribbon Girls Newsletter
cmcmahon
 
Bren!!!! She
Bren!!!! SheBren!!!! She
Bren!!!! She
Gabriela Cifuentes Gonzalez
 
製造業のサービス化について サービス・マーケティング最終回発表
製造業のサービス化について サービス・マーケティング最終回発表製造業のサービス化について サービス・マーケティング最終回発表
製造業のサービス化について サービス・マーケティング最終回発表
Hikaru GOTO
 
Que Maravilloso Es El Mundo
Que Maravilloso Es El MundoQue Maravilloso Es El Mundo
Que Maravilloso Es El Mundo
guilletupreceptor
 
Google Earth Business Uses
Google Earth Business UsesGoogle Earth Business Uses
Google Earth Business Uses
securetech13
 
She
SheShe
She
Gabriela Cifuentes Gonzalez
 
Fornitures
FornituresFornitures
Fornitures
marblocs
 
Designing Narrative Content Workshop
Designing Narrative Content WorkshopDesigning Narrative Content Workshop
Designing Narrative Content Workshop
Martha Rotter
 
Making Lemonade out of Lemons: Squeezing utility from a proof-of-work experiment
Making Lemonade out of Lemons: Squeezing utility from a proof-of-work experimentMaking Lemonade out of Lemons: Squeezing utility from a proof-of-work experiment
Making Lemonade out of Lemons: Squeezing utility from a proof-of-work experiment
Tim Swanson
 
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital ForensicsGiuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
Andrea Rossetti
 
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
Andrea Rossetti
 
Milano Smart City
Milano Smart CityMilano Smart City
Milano Smart City
jexxon
 
Sketch1 Update
Sketch1 UpdateSketch1 Update
Sketch1 Update
jin.fan
 
Raised Peatbogs
Raised PeatbogsRaised Peatbogs
Raised Peatbogs
Alan Doherty
 
The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...
The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...
The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...
Jeremy Fuksa
 
İ N S A N B E Y Nİ
İ N S A N B E Y Nİİ N S A N B E Y Nİ
İ N S A N B E Y Nİ
kirbiyik
 
xrefer-lightowlers
xrefer-lightowlersxrefer-lightowlers
xrefer-lightowlers
guestfbf1e1
 
unusualevent
unusualeventunusualevent
unusualevent
guestfbf1e1
 

More Related Content

Viewers also liked

How to rank a website on the cheap
How to rank a website on the cheapHow to rank a website on the cheap
How to rank a website on the cheap
Jeff Dez
 
Milieu-problematiek
Milieu-problematiekMilieu-problematiek
Milieu-problematiek
guest355cfe
 
Pink Ribbon Girls Newsletter
Pink Ribbon Girls NewsletterPink Ribbon Girls Newsletter
Pink Ribbon Girls Newsletter
cmcmahon
 
Fornitures
FornituresFornitures
Fornitures
marblocs
 
Designing Narrative Content Workshop
Designing Narrative Content WorkshopDesigning Narrative Content Workshop
Designing Narrative Content Workshop
Martha Rotter
 
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital ForensicsGiuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
Andrea Rossetti
 
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
Andrea Rossetti
 
Milano Smart City
Milano Smart CityMilano Smart City
Milano Smart City
jexxon
 
Sketch1 Update
Sketch1 UpdateSketch1 Update
Sketch1 Update
jin.fan
 
İ N S A N B E Y Nİ
İ N S A N B E Y Nİİ N S A N B E Y Nİ
İ N S A N B E Y Nİ
kirbiyik
 

Viewers also liked (20)

Video und Web 2.0
Video und Web 2.0Video und Web 2.0
Video und Web 2.0
 
Internet
InternetInternet
Internet
 
How to rank a website on the cheap
How to rank a website on the cheapHow to rank a website on the cheap
How to rank a website on the cheap
 
Milieu-problematiek
Milieu-problematiekMilieu-problematiek
Milieu-problematiek
 
Pink Ribbon Girls Newsletter
Pink Ribbon Girls NewsletterPink Ribbon Girls Newsletter
Pink Ribbon Girls Newsletter
 
Bren!!!! She
Bren!!!! SheBren!!!! She
Bren!!!! She
 
製造業のサービス化について サービス・マーケティング最終回発表
製造業のサービス化について サービス・マーケティング最終回発表製造業のサービス化について サービス・マーケティング最終回発表
製造業のサービス化について サービス・マーケティング最終回発表
 
Que Maravilloso Es El Mundo
Que Maravilloso Es El MundoQue Maravilloso Es El Mundo
Que Maravilloso Es El Mundo
 
Google Earth Business Uses
Google Earth Business UsesGoogle Earth Business Uses
Google Earth Business Uses
 
She
SheShe
She
 
Fornitures
FornituresFornitures
Fornitures
 
Designing Narrative Content Workshop
Designing Narrative Content WorkshopDesigning Narrative Content Workshop
Designing Narrative Content Workshop
 
Making Lemonade out of Lemons: Squeezing utility from a proof-of-work experiment
Making Lemonade out of Lemons: Squeezing utility from a proof-of-work experimentMaking Lemonade out of Lemons: Squeezing utility from a proof-of-work experiment
Making Lemonade out of Lemons: Squeezing utility from a proof-of-work experiment
 
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital ForensicsGiuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
 
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
 
Milano Smart City
Milano Smart CityMilano Smart City
Milano Smart City
 
Sketch1 Update
Sketch1 UpdateSketch1 Update
Sketch1 Update
 
Raised Peatbogs
Raised PeatbogsRaised Peatbogs
Raised Peatbogs
 
The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...
The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...
The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...
 
İ N S A N B E Y Nİ
İ N S A N B E Y Nİİ N S A N B E Y Nİ
İ N S A N B E Y Nİ
 

More from guestfbf1e1

xrefer-lightowlers
xrefer-lightowlersxrefer-lightowlers
xrefer-lightowlers
guestfbf1e1
 
training_tuftspma
training_tuftspmatraining_tuftspma
training_tuftspma
guestfbf1e1
 
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERTSess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
guestfbf1e1
 
20070612150756-0
20070612150756-020070612150756-0
20070612150756-0
guestfbf1e1
 
GeneticAlgorithm
GeneticAlgorithmGeneticAlgorithm
GeneticAlgorithm
guestfbf1e1
 
dorsdl2006-arrow
dorsdl2006-arrowdorsdl2006-arrow
dorsdl2006-arrow
guestfbf1e1
 
Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006
guestfbf1e1
 
kevin_mcmahon_power_point_slides
kevin_mcmahon_power_point_slideskevin_mcmahon_power_point_slides
kevin_mcmahon_power_point_slides
guestfbf1e1
 
xreferplus-dereksturdy
xreferplus-dereksturdyxreferplus-dereksturdy
xreferplus-dereksturdy
guestfbf1e1
 
LearningProgressionstoELit_Anderson
LearningProgressionstoELit_AndersonLearningProgressionstoELit_Anderson
LearningProgressionstoELit_Anderson
guestfbf1e1
 

More from guestfbf1e1 (14)

xrefer-lightowlers
xrefer-lightowlersxrefer-lightowlers
xrefer-lightowlers
 
unusualevent
unusualeventunusualevent
unusualevent
 
training_tuftspma
training_tuftspmatraining_tuftspma
training_tuftspma
 
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERTSess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
 
20070612150756-0
20070612150756-020070612150756-0
20070612150756-0
 
DesmedtXSB
DesmedtXSBDesmedtXSB
DesmedtXSB
 
GeneticAlgorithm
GeneticAlgorithmGeneticAlgorithm
GeneticAlgorithm
 
dorsdl2006-arrow
dorsdl2006-arrowdorsdl2006-arrow
dorsdl2006-arrow
 
Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006
 
kevin_mcmahon_power_point_slides
kevin_mcmahon_power_point_slideskevin_mcmahon_power_point_slides
kevin_mcmahon_power_point_slides
 
WLCG-Discu
WLCG-DiscuWLCG-Discu
WLCG-Discu
 
xreferplus-dereksturdy
xreferplus-dereksturdyxreferplus-dereksturdy
xreferplus-dereksturdy
 
dougz
dougzdougz
dougz
 
LearningProgressionstoELit_Anderson
LearningProgressionstoELit_AndersonLearningProgressionstoELit_Anderson
LearningProgressionstoELit_Anderson
 

Recently uploaded

Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
allensay1
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Damini Dixit
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
dlhescort
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
lizamodels9
 
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
lizamodels9
 

Recently uploaded (20)

Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
 

defcon

  • 1. http://www. elcomsoft .com Presentation on on DEF CON Nine, July 13 th - 15 th , 2001 Alexis Park in Las Vegas, Nevada USA eBooks security - theory and practice
  • 2. eBooks security - theory and practice 1. Foreword 2. PDF encryption 3. Standard security handler 4. Rot13 handler 5. FileOpen handler 6. SoftLock handler 7. Adobe Web Buy handler (PDF Merchant) 8. Acrobat eBook Reader EBX handler (formerly GlassBook) http://www. elcomsoft .com 9. Arbitrary handler (obtaining encryption key from PDF viewer) 10. Security flaw in Acrobat plug-ins certification
  • 3.
  • 4.
  • 5. eBook Pro compiler Short description (taken from www. ebookpro .com ) &quot;eBook Pro&quot;, the only software in the universe that makes your information virtually 100% burglarproof! It comes with a lifetime, money-back guarantee &quot;At Last, You Can Sell Information Online (And Make Thousands Of Sales Per Day) - Without The Danger Of Having Your Information Stolen And Resold By Others» http://www. elcomsoft .com Related Internet resources: http://www. ebookpro .com/ Actual features All HTML pages and supplementary files are compressed with deflate algorithm from ZLIB Compressed data are encrypted by XOR-ing each byte with every byte of the string “encrypted”, which is the same as XOR with constant byte
  • 6. PDF file structure http://www. elcomsoft .com Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html Basic data types Example Boolean true Numeric 3.1415926 Object reference 23 0 R Name /ProcSet String (Contents) * Stream {binary data} * * - data could be encrypted <PDF file> ::= <header> <body> <cross-reference table> <trailer> <body> ::= <object> {<object>} <object> :: <objectID> (<data> | <stream dictionary> <stream>) Complex data types Example Array [23 0 R /XYZ null] Dictionary <</Name1 (Val1) /Name2 /Val2>>
  • 7. PDF file encryption PDF Document <Encrypted Content> <<Encryption Dictionary>> Contains security handler name and supplementary information necessary to obtain encryption key http://www. elcomsoft .com Security handler Takes information from Encryption Dictionary , calculates document encryption key and passes it to PDF Viewer PDF Viewer Takes document encryption key , decrypts PDF document and display it on the screen Screen Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html
  • 8. Object encryption key calculation Document encryption key http://www. elcomsoft .com Object ID + Generation MD5 HASH algorithm Object encryption key Document encryption key Scrambled Object ID + Generation MD5 HASH algorithm Object encryption key ‘ sAlT’ string Algorithm ver.1,2 Algorithm ver.3 Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html
  • 9.
  • 10. Standard security handler http://www. elcomsoft .com Related Internet resources: http://www. elcomsoft .com/ apdfpr .html Time necessary for complete key enumeration (40 bits key) on PIII-450 Passwords per second on 450MHz Pentium III 15 hr 30 hr 60 hr 120 hr 240 hr 4 20 hr 40 hr 80 hr 160 hr 320 hr 3 30 hr 60 hr 120 hr 240 hr 480 hr 2 60 hr 120 hr 240 hr 480 hr 960 hr 1 512 GB 384 GB 256 GB 128 GB 0 GB PCs total HDD 1,610 102  MD5 + 40  RC4 3,250 51  MD5 + 20  RC4 Standard security handler 3 100,000 2  MD5 + 2  RC4 190,000 1  MD5 + 1  RC4 Standard security handler 2 Owner User Handler type P assword type
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. Adobe’s Acrobat eBookReader (formerly GlassBook) http://www. elcomsoft .com Related Internet resources: http://www.adobe.com/products/ contentserver /main.html Interim key calculation from hardware IDs CPU ID+ Volume ID SHA1 mor.dat file son.dat file Voucher RC5 Decrypt RSA Decrypt Private RSA key Document key Interim key Interim key RC5 Decrypt Fixed key Interim key Interim key calculation from hidden copy Document key calculation
  • 17. Object encryption key calculation Document encryption key http://www. elcomsoft .com Object ID + Generation MD5 HASH algorithm Object encryption key Document encryption key Scrambled Object ID + Generation MD5 HASH algorithm Object encryption key ‘ sAlT’ string Algorithm ver.1,2 Algorithm ver.3 Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html
  • 18.
  • 19.
  • 20. http://www. elcomsoft .com Presentation on on DEF CON Nine, July 13 th - 15 th , 2001 Alexis Park in Las Vegas, Nevada USA eBooks security - theory and practice