Ange Albertini, profile picture
Uploaded byAnge Albertini
PDF, PPTX511 views

PDF: myths vs facts

Ange Albertini discusses the complexities and challenges of PDF as a document format during a digital preservation event. The talk highlights the inefficacies and lack of standardization in PDF, illustrating how it can be manipulated and may not be universally compatible across readers. Despite its widespread use, Albertini expresses concern about its future preservation due to inherent design flaws and the ongoing dependency on Adobe products.

Embed presentation

Download as PDF, PPTX
PDF: Myths vs Facts a Digital Preservation Coalition online event Preserving Documents Forever: When is a PDF not a PDF? Ange Albertini Oxford University, 15th July 2015
Ange Albertini reverse engineering & visual documentation @angealbertini ange@corkami.com http://www.corkami.com
Disclaimer: this is my first digipres event I come here with a very different perspective: I might sound pessimistic (or provocative/killjoy)… Give me hope, give me peace on earth ;) I might be entirely wrong - please let me know!
I used to think: “PDF is perfect” Complex documents, yet uniform rendering on any system (no wonder it’s omnipresent) ⇒ I believed the myth...
Professionally, I analyse PDFs Malware, security (It originally happened by “accident”, but I’ve been doing it since then…)
I created fact sheets about PDF
I gave presentations about PDF
Personally, I play with PDF proactive, and fun
Yes, I write PDFs by hand... [...and I open them in hex editors]
%PDF-1. 1 0 obj << /Kids [<< /Parent 1 0 R /Resources <<>> /Contents 2 0 R >>] >> 2 0 obj <<>> stream BT /F1 110 Tf 10 400 Td (Hello World!) Tj ET endstream endobj trailer << /Root << /Pages 1 0 R >> >> ...like this one
truncated signature missing parent /Type /Kids should be indirect missing /Font missing kid /Type missing /Count missing endobj missing /Length missing xref /Root should be indirect, missing /Size, missing root /Type missing startxref, %%EOF %PDF-1. 1 0 obj << /Kids [<< /Parent 1 0 R /Resources <<>> /Contents 2 0 R >>] >> 2 0 obj <<>> stream BT /F1 110 Tf 10 400 Td (Hello World!) Tj ET endstream endobj trailer << /Root << /Pages 1 0 R >> >> It’s not standard... INVALID?
...but it works exactly as planned! (without any reported error) ACCEPTED!
Binary art PDF + creativity = … ?
the slides for my talk at 44Con are distributed as a file that is simultaneously a PDF and a PE (a PDF viewer) so that the slides can view themselves (oh, and it’s also HTML + Java)... PDF slides PDF viewer
...and it’s also schizophrenic (PDF documents appear different with different readers)
(Also available in PDF/A flavour)
NES Music
Super NES Megadrive
What you see is not always what you print - when you use Layers [Optional Content Groups]! Fun fact: you can’t change the printing output with Adobe Reader ;)
JPEG + ZIP + PDF Chimera (3 headers but only 1 image data)
PDFLaTeX quine (the document is its own source)
JPEG-encoded JavaScript (deprecated) script == picture
PoC||GTFO International Journal of Proof-of-Concept or Get The F*** Out the “new” 2600 / Phrack... Distributed as PDF ⇒ each issue is a PoC
MBR (bootable) + PDF + ZIP
raw audio + JPG + AES(PNG) + PDF + ZIP
TrueCrypt + PDF + ZIP
Flash + bootable ISO + PDF + ZIP
$ unzip -l pocorgtfo06.pdf Archive: pocorgtfo06.pdf warning [pocorgtfo06.pdf]: 10672929 extra bytes at... (attempting to process anyway) Length Date Time Name --------- ---------- ----- ---- 4095 11/24/2014 23:44 64k.txt 818941 08/18/2014 23:28 acsac13_zaddach.pdf 4564 10/05/2014 00:06 burn.txt 342232 11/24/2014 23:44 davinci.tgz.dvs 3785 11/24/2014 23:44 davinci.txt 5111 09/28/2014 21:05 declare.txt 0 08/23/2014 19:21 ecb2/ TAR + PDF + ZIP $ tar -tvf pocorgtfo06.pdf -rw-r--r-- Manul/Laphroaig 0 2014-10-06 21:33 %PDF-1.5 -rw-r--r-- Manul/Laphroaig 525849 2014-10-06 21:33 1.png -rw-r--r-- Manul/Laphroaig 273658 2014-10-06 21:33 2.bmp
$ unzip -l pocorgtfo07.pdf Archive: pocorgtfo07.pdf ******* PWNED ******** dumping credentials... ********************** Length EAs ACLs Date Time Name -------- --- ---- ---- ---- ---- 6325 0 0 02/02/15 20:56 500miles.txt 0 0 0 19/03/15 15:51 abusing_file_formats/ 370375 0 0 06/03/15 21:51 abusing_file_formats/3in1.png 512 0 0 06/03/15 21:51 abusing_file_formats/abstract.tar BPG + HTML (incl. a BPG viewer in JS) + PDF + ZIP
$ unzip -l pocorgtfo08.pdf Archive: pocorgtfo08.pdf Length EAs ACLs Date Time Name -------- --- ---- ---- ---- ---- 988446 0 0 08/06/15 22:46 ECCpolyglots.pdf 440648 0 0 09/06/15 20:36 airtel-injection.tar.bz2 522633 0 0 09/06/15 19:18 airtel.png 1546 0 0 08/06/15 22:46 alexander.txt 118696 0 0 08/06/15 22:46 browsersec.zip 31337 0 0 08/06/15 22:46 exploit2.txt 38109 0 0 08/06/15 22:46 geer.langsec.21v15.txt 303926 0 0 08/06/15 22:46 ifthisgoeson.txt 160225 0 0 08/06/15 22:46 jt65.pdf 3149 0 0 08/06/15 22:46 leehseinloong.cpp 2244652 0 0 08/06/15 22:46 madelinek.wav Shell script + PDF + ZIP $ echo "terrible raccoons achieve their escapades" | ./pocorgtfo08.pdf -d 4321 good neighbors secure their communications
… and others Bootable quine in assembly, 2 switchable PDFs via ROT13, hash collisions, GameBoy + Sega Master System...
You get the idea... The worst case for preservation? I explore corner cases, before attackers do it
How is it possible? ● signature offset not enforced ● stream object (containing anything) ● comments can contain binary data ● appended data ● objects tolerated between XREF and startxref and a few specific abuses (some are fixed now)
What is PDF ? I asked online...
...and I wasn’t disappointed :) Postscript Derived Failure Practically Destructive File Paper Dimensions Fixed Polyglot (Definition|Deployment|Delivery) Framework Posterity Depends on Forensics Please Don't Fail / Again Proven Dysfunctional Format POC||GTFO Demonstration Format Penile Dysfunction Format Postscript Didn't Fit Pants-Down Format Pathetic & Dangerous Format Posthoc Depression Format Proprietary Document Fee Public Domain Farce Penetrate Dodgy Firewall Pretty Demented Format Payload Deployment File Perpetually Disagreeable Format Potential Disaster Forever Perversely Designed Format PDF is a Disaster for the Future Preservation Dooming Format Preserving Document Forever
More seriously... (from my personal point of view)
A miracle? Fonts are embedded in the document Rendering is following complex rules (overly-complex, from a security standpoint)
An open format? ISO $pec$ = 200$ These specs only cover the main part :( They are unclear - no formal guarantee :( http://www.iso.org/iso/catalogue_detail.htm?csnumber=51502
A strict format ? No reader completely enforces the specs ⇒ recovery mode (sometimes ‘explicit’) signature, stream length, XREF…
Many possible malformations handled specifically by each reader (high level)... standard structure (each object should be distinct) non-standard but tolerated structure (inlined objects)
Many possible abuses signature endobj /Count text operators /Font font use xref /Resources trailer Adobe Reader MuPDF PDF.js PDFium Poppler … different readers have different tolerances ... follows the specs corruption tolerated absence tolerated
...so a PDF specifically crafted for one reader, may fail with all other readers.
A uniform format? Many free readers, but… ● Many (useful) features only available in Adobe Reader: forms, signature, layers… (it’s Adobe’s business model) ● Other readers just aim to support “standard” PDFs
A beautiful mess! (an artist's interpretation)
A consistent format? Adobe Reader is closing security issues. This is good, but... ⇒ Some features are not supported anymore ⇒ Potential lack of backward compatibility
It’s a complex patchwork! JPGs are stored entirely as-is, but PNG have to be converted to raw Forms as XML PostScript Transfer function Web (Flash, JavaScript...) 3D objects
A coherent format? - text + line comments, yet binary - unusual whitespace, binary also in comments - different escaping - read forward+no separator and object reference - hex as nibbles and odd-numbered - bottom up but also possibly top down (who wins?) - corrupted ZLIB still tolerated - image compression for non-images
What if... ...Adobe would stop supporting PDF ? We’re just left with the ‘specs’ ?
After all... ...Flash is being killed for security reasons, after becoming progressively redundant. PDF could be converted to something else.
PDF & preservation ● JPG + OCR’ed text = simple ...so simple that we wouldn’t need PDF ? other PDFs = complex (Adobe-dependent) Is PDF/A the solution? more $pec$ http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=38920
“Backward compatibility” ...is a beautiful utopia! And it leads to saying “we've always done it this way" even after several generations :(
“Backward compatibility” ...can be incompatible with security fixes JPEG-encoded JavaScript PDF polyglots
Brace yourself... PDF 2.0 is coming! It’s not improving stability and preservability Will Adobe adhere to it ? Since it’s distinct now… *https://www.youtube.com/watch?v=wGmcTf-uMrE
Conclusion “a complex puzzle because the original picture is messy”
Conclusion ● PDF is very useful - omnipresent for a reason ● it’s still involved in computer security ○ recent complete takeover of Windows 8.1 by @j00ru ● it’s quite a monster ○ I’m merely scratching the surface ○ its specs were messy from the beginning ● it’s far from perfect ○ “if only Adobe Reader was open” *https://www.youtube.com/watch?v=FVBSvjYQgq8
ACK Paul Wheatley @doegox @pdfkunfoo @newsoft @internot @insertscript @avlidienbrunn @foxgrrl @chrisjohnriley @travisgoodspeed and everybody for the PDF suggestions :)
PDFs: myths vs facts corkami.com @angealbertini Hail to the king, baby!

More Related Content

PDF
Funky file formats - 31c3
byAnge Albertini
 
PDF
Caring for file formats
byAnge Albertini
 
PDF
Trusting files (and their formats)
byAnge Albertini
 
PDF
An overview of potential leaks via PDF
byAnge Albertini
 
PDF
Advanced Pdf Tricks
byAnge Albertini
 
PDF
PDF secrets - hiding & revealing secrets in PDF documents
byAnge Albertini
 
PDF
Pdf secrets v2
byAnge Albertini
 
PDF
Let's write a PDF file
byAnge Albertini
 
Funky file formats - 31c3
byAnge Albertini
 
Caring for file formats
byAnge Albertini
 
Trusting files (and their formats)
byAnge Albertini
 
An overview of potential leaks via PDF
byAnge Albertini
 
Advanced Pdf Tricks
byAnge Albertini
 
PDF secrets - hiding & revealing secrets in PDF documents
byAnge Albertini
 
Pdf secrets v2
byAnge Albertini
 
Let's write a PDF file
byAnge Albertini
 

What's hot

PPTX
Using unicode with php
byElizabeth Smith
 
PDF
NLP Project Full Circle
byVsevolod Dyomkin
 
PDF
Lisp in a Startup: the Good, the Bad, and the Ugly
byVsevolod Dyomkin
 
PDF
Code quality. Patch quality
bymalcolmt
 
PDF
HackIM 2012 CTF Walkthrough
byHimanshu Kumar Das
 
PDF
Multilingual sites in plone
byRamon Navarro
 
PDF
The Go features I can't live without, 2nd round
byRodolfo Carvalho
 
PPT
Why I Love Python
bydidip
 
PPTX
GDG Helwan Introduction to python
byMohamed Hegazy
 
PDF
The Go features I can't live without
byRodolfo Carvalho
 
PDF
A Tour of Go - Workshop
byRodolfo Carvalho
 
PDF
SWIG : An Easy to Use Tool for Integrating Scripting Languages with C and C++
byDavid Beazley (Dabeaz LLC)
 
PDF
What is Python? (Silicon Valley CodeCamp 2014)
bywesley chun
 
PDF
Start dart
byHiroshi Mimori
 
PDF
Learning Python from Data
byMosky Liu
 
PDF
Intro to Python Workshop San Diego, CA (January 19, 2013)
byKendall
 
PDF
Dart
byAndrea Chiodoni
 
PPT
Packer Genetics: The selfish code
byjduart
 
PDF
ShaREing Is Caring
bysporst
 
ODP
Introduction to programming with python
byPorimol Chandro
 
Using unicode with php
byElizabeth Smith
 
NLP Project Full Circle
byVsevolod Dyomkin
 
Lisp in a Startup: the Good, the Bad, and the Ugly
byVsevolod Dyomkin
 
Code quality. Patch quality
bymalcolmt
 
HackIM 2012 CTF Walkthrough
byHimanshu Kumar Das
 
Multilingual sites in plone
byRamon Navarro
 
The Go features I can't live without, 2nd round
byRodolfo Carvalho
 
Why I Love Python
bydidip
 
GDG Helwan Introduction to python
byMohamed Hegazy
 
The Go features I can't live without
byRodolfo Carvalho
 
A Tour of Go - Workshop
byRodolfo Carvalho
 
SWIG : An Easy to Use Tool for Integrating Scripting Languages with C and C++
byDavid Beazley (Dabeaz LLC)
 
What is Python? (Silicon Valley CodeCamp 2014)
bywesley chun
 
Start dart
byHiroshi Mimori
 
Learning Python from Data
byMosky Liu
 
Intro to Python Workshop San Diego, CA (January 19, 2013)
byKendall
 
Dart
byAndrea Chiodoni
 
Packer Genetics: The selfish code
byjduart
 
ShaREing Is Caring
bysporst
 
Introduction to programming with python
byPorimol Chandro
 

Similar to PDF: myths vs facts

PDF
Embedded Files: Risks, Challenges and Options
byTim Allison
 
PDF
Messing with binary formats
byAnge Albertini
 
PDF
File Polyglottery; or This Proof of Concept is Also a Picture of Cats
byEvan Sultanik
 
PDF
PDF - Secrets - 140519092839-phpapp01
bydumbfuckery
 
PPT
Pdf Presentation Final
byamheling
 
PPT
PDF/A: A Preservation Format
byGeof Huth
 
PPT
PDF/A: A Preservation Format
byMARAC Bethlehem PC
 
PDF
The challenges of file formats
byAnge Albertini
 
PPT
PDF
byRaveesh Ravi
 
PDF
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
byRootedCON
 
PPTX
Demystifying pd fs
byBetsy Fanning
 
PDF
October 2006 Impact of PDF/A on Content Management by Christy Hubbard
byJohn Wang
 
PPTX
REMnux Tutorial-3: Investigation of Malicious PDF & Doc documents
byRhydham Joshi
 
PDF
IRJET- Smart Way of File Conversion using Python
byIRJET Journal
 
PDF
Schizophrenic files v2
byAnge Albertini
 
PPT
Presentation1
byf6aim
 
PPTX
PDF/a for Dutch Law firms
byDean Sappey
 
PPTX
Analysis of malicious pdf
byRaghunath G
 
PPTX
Analysis of malicious pdf
byAbdul Adil
 
PPTX
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
byClubHack
 
Embedded Files: Risks, Challenges and Options
byTim Allison
 
Messing with binary formats
byAnge Albertini
 
File Polyglottery; or This Proof of Concept is Also a Picture of Cats
byEvan Sultanik
 
PDF - Secrets - 140519092839-phpapp01
bydumbfuckery
 
Pdf Presentation Final
byamheling
 
PDF/A: A Preservation Format
byGeof Huth
 
PDF/A: A Preservation Format
byMARAC Bethlehem PC
 
The challenges of file formats
byAnge Albertini
 
PDF
byRaveesh Ravi
 
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
byRootedCON
 
Demystifying pd fs
byBetsy Fanning
 
October 2006 Impact of PDF/A on Content Management by Christy Hubbard
byJohn Wang
 
REMnux Tutorial-3: Investigation of Malicious PDF & Doc documents
byRhydham Joshi
 
IRJET- Smart Way of File Conversion using Python
byIRJET Journal
 
Schizophrenic files v2
byAnge Albertini
 
Presentation1
byf6aim
 
PDF/a for Dutch Law firms
byDean Sappey
 
Analysis of malicious pdf
byRaghunath G
 
Analysis of malicious pdf
byAbdul Adil
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
byClubHack
 

More from Ange Albertini

PDF
Overview of file type identifiers (HackLu)
byAnge Albertini
 
PDF
A question of time - Troopers 2024 Keynote
byAnge Albertini
 
PDF
Technical challenges with file formats
byAnge Albertini
 
PDF
Relations between archive formats
byAnge Albertini
 
PDF
Abusing archive file formats
byAnge Albertini
 
PDF
TimeCryption
byAnge Albertini
 
PDF
You are *not* an idiot
byAnge Albertini
 
PDF
Improving file formats
byAnge Albertini
 
PDF
KILL MD5
byAnge Albertini
 
PDF
No more dumb hex!
byAnge Albertini
 
PDF
Beyond your studies
byAnge Albertini
 
PDF
An introduction to inkscape
byAnge Albertini
 
PDF
Exploiting hash collisions
byAnge Albertini
 
PDF
Infosec & failures
byAnge Albertini
 
PDF
Connecting communities
byAnge Albertini
 
PDF
TASBot - the perfectionist
byAnge Albertini
 
PDF
Hacks in video games
byAnge Albertini
 
PDF
Preserving arcade games - 31c3
byAnge Albertini
 
PDF
Preserving arcade games
byAnge Albertini
 
PDF
Let's talk about...
byAnge Albertini
 
Overview of file type identifiers (HackLu)
byAnge Albertini
 
A question of time - Troopers 2024 Keynote
byAnge Albertini
 
Technical challenges with file formats
byAnge Albertini
 
Relations between archive formats
byAnge Albertini
 
Abusing archive file formats
byAnge Albertini
 
TimeCryption
byAnge Albertini
 
You are *not* an idiot
byAnge Albertini
 
Improving file formats
byAnge Albertini
 
KILL MD5
byAnge Albertini
 
No more dumb hex!
byAnge Albertini
 
Beyond your studies
byAnge Albertini
 
An introduction to inkscape
byAnge Albertini
 
Exploiting hash collisions
byAnge Albertini
 
Infosec & failures
byAnge Albertini
 
Connecting communities
byAnge Albertini
 
TASBot - the perfectionist
byAnge Albertini
 
Hacks in video games
byAnge Albertini
 
Preserving arcade games - 31c3
byAnge Albertini
 
Preserving arcade games
byAnge Albertini
 
Let's talk about...
byAnge Albertini
 

Recently uploaded

PPTX
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
PDF
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
PDF
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
PDF
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
PPTX
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
PPTX
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
PPT
connectives-linking words in English.ppt
byAmrMohammed82
 
PDF
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
PPTX
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
PDF
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
PDF
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
PDF
TopMate ES11 3-Wheel Electric Scooter: Comfortable, Stable Mobility for Every...
byTopmate
 
PDF
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
PDF
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
PPT
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
PDF
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
PDF
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
PPTX
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
PPTX
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
PPTX
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
connectives-linking words in English.ppt
byAmrMohammed82
 
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
TopMate ES11 3-Wheel Electric Scooter: Comfortable, Stable Mobility for Every...
byTopmate
 
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 

PDF: myths vs facts

  • 1.
    PDF: Myths vs Facts aDigital Preservation Coalition online event Preserving Documents Forever: When is a PDF not a PDF? Ange Albertini Oxford University, 15th July 2015
  • 2.
    Ange Albertini reverse engineering& visual documentation @angealbertini ange@corkami.com http://www.corkami.com
  • 3.
    Disclaimer: this is myfirst digipres event I come here with a very different perspective: I might sound pessimistic (or provocative/killjoy)… Give me hope, give me peace on earth ;) I might be entirely wrong - please let me know!
  • 4.
    I used tothink: “PDF is perfect” Complex documents, yet uniform rendering on any system (no wonder it’s omnipresent) ⇒ I believed the myth...
  • 5.
    Professionally, I analyse PDFs Malware,security (It originally happened by “accident”, but I’ve been doing it since then…)
  • 6.
    I created factsheets about PDF
  • 7.
  • 8.
    Personally, I play withPDF proactive, and fun
  • 9.
    Yes, I writePDFs by hand... [...and I open them in hex editors]
  • 10.
    %PDF-1. 1 0 obj <</Kids [<< /Parent 1 0 R /Resources <<>> /Contents 2 0 R >>] >> 2 0 obj <<>> stream BT /F1 110 Tf 10 400 Td (Hello World!) Tj ET endstream endobj trailer << /Root << /Pages 1 0 R >> >> ...like this one
  • 11.
    truncated signature missing parent/Type /Kids should be indirect missing /Font missing kid /Type missing /Count missing endobj missing /Length missing xref /Root should be indirect, missing /Size, missing root /Type missing startxref, %%EOF %PDF-1. 1 0 obj << /Kids [<< /Parent 1 0 R /Resources <<>> /Contents 2 0 R >>] >> 2 0 obj <<>> stream BT /F1 110 Tf 10 400 Td (Hello World!) Tj ET endstream endobj trailer << /Root << /Pages 1 0 R >> >> It’s not standard... INVALID?
  • 12.
    ...but it works exactlyas planned! (without any reported error) ACCEPTED!
  • 13.
    Binary art PDF +creativity = … ?
  • 14.
    the slides formy talk at 44Con are distributed as a file that is simultaneously a PDF and a PE (a PDF viewer) so that the slides can view themselves (oh, and it’s also HTML + Java)... PDF slides PDF viewer
  • 15.
    ...and it’s alsoschizophrenic (PDF documents appear different with different readers)
  • 16.
    (Also available inPDF/A flavour)
  • 17.
  • 18.
  • 19.
    What you seeis not always what you print - when you use Layers [Optional Content Groups]! Fun fact: you can’t change the printing output with Adobe Reader ;)
  • 20.
    JPEG + ZIP+ PDF Chimera (3 headers but only 1 image data)
  • 21.
    PDFLaTeX quine (thedocument is its own source)
  • 22.
  • 23.
    PoC||GTFO International Journal ofProof-of-Concept or Get The F*** Out the “new” 2600 / Phrack... Distributed as PDF ⇒ each issue is a PoC
  • 24.
  • 25.
    raw audio + JPG+ AES(PNG) + PDF + ZIP
  • 26.
  • 27.
    Flash + bootableISO + PDF + ZIP
  • 28.
    $ unzip -lpocorgtfo06.pdf Archive: pocorgtfo06.pdf warning [pocorgtfo06.pdf]: 10672929 extra bytes at... (attempting to process anyway) Length Date Time Name --------- ---------- ----- ---- 4095 11/24/2014 23:44 64k.txt 818941 08/18/2014 23:28 acsac13_zaddach.pdf 4564 10/05/2014 00:06 burn.txt 342232 11/24/2014 23:44 davinci.tgz.dvs 3785 11/24/2014 23:44 davinci.txt 5111 09/28/2014 21:05 declare.txt 0 08/23/2014 19:21 ecb2/ TAR + PDF + ZIP $ tar -tvf pocorgtfo06.pdf -rw-r--r-- Manul/Laphroaig 0 2014-10-06 21:33 %PDF-1.5 -rw-r--r-- Manul/Laphroaig 525849 2014-10-06 21:33 1.png -rw-r--r-- Manul/Laphroaig 273658 2014-10-06 21:33 2.bmp
  • 29.
    $ unzip -lpocorgtfo07.pdf Archive: pocorgtfo07.pdf ******* PWNED ******** dumping credentials... ********************** Length EAs ACLs Date Time Name -------- --- ---- ---- ---- ---- 6325 0 0 02/02/15 20:56 500miles.txt 0 0 0 19/03/15 15:51 abusing_file_formats/ 370375 0 0 06/03/15 21:51 abusing_file_formats/3in1.png 512 0 0 06/03/15 21:51 abusing_file_formats/abstract.tar BPG + HTML (incl. a BPG viewer in JS) + PDF + ZIP
  • 30.
    $ unzip -lpocorgtfo08.pdf Archive: pocorgtfo08.pdf Length EAs ACLs Date Time Name -------- --- ---- ---- ---- ---- 988446 0 0 08/06/15 22:46 ECCpolyglots.pdf 440648 0 0 09/06/15 20:36 airtel-injection.tar.bz2 522633 0 0 09/06/15 19:18 airtel.png 1546 0 0 08/06/15 22:46 alexander.txt 118696 0 0 08/06/15 22:46 browsersec.zip 31337 0 0 08/06/15 22:46 exploit2.txt 38109 0 0 08/06/15 22:46 geer.langsec.21v15.txt 303926 0 0 08/06/15 22:46 ifthisgoeson.txt 160225 0 0 08/06/15 22:46 jt65.pdf 3149 0 0 08/06/15 22:46 leehseinloong.cpp 2244652 0 0 08/06/15 22:46 madelinek.wav Shell script + PDF + ZIP $ echo "terrible raccoons achieve their escapades" | ./pocorgtfo08.pdf -d 4321 good neighbors secure their communications
  • 31.
    … and others Bootablequine in assembly, 2 switchable PDFs via ROT13, hash collisions, GameBoy + Sega Master System...
  • 32.
    You get theidea... The worst case for preservation? I explore corner cases, before attackers do it
  • 33.
    How is itpossible? ● signature offset not enforced ● stream object (containing anything) ● comments can contain binary data ● appended data ● objects tolerated between XREF and startxref and a few specific abuses (some are fixed now)
  • 34.
    What is PDF? I asked online...
  • 35.
    ...and I wasn’tdisappointed :) Postscript Derived Failure Practically Destructive File Paper Dimensions Fixed Polyglot (Definition|Deployment|Delivery) Framework Posterity Depends on Forensics Please Don't Fail / Again Proven Dysfunctional Format POC||GTFO Demonstration Format Penile Dysfunction Format Postscript Didn't Fit Pants-Down Format Pathetic & Dangerous Format Posthoc Depression Format Proprietary Document Fee Public Domain Farce Penetrate Dodgy Firewall Pretty Demented Format Payload Deployment File Perpetually Disagreeable Format Potential Disaster Forever Perversely Designed Format PDF is a Disaster for the Future Preservation Dooming Format Preserving Document Forever
  • 36.
    More seriously... (from mypersonal point of view)
  • 37.
    A miracle? Fonts areembedded in the document Rendering is following complex rules (overly-complex, from a security standpoint)
  • 38.
    An open format? ISO$pec$ = 200$ These specs only cover the main part :( They are unclear - no formal guarantee :( http://www.iso.org/iso/catalogue_detail.htm?csnumber=51502
  • 39.
    A strict format? No reader completely enforces the specs ⇒ recovery mode (sometimes ‘explicit’) signature, stream length, XREF…
  • 40.
    Many possible malformationshandled specifically by each reader (high level)... standard structure (each object should be distinct) non-standard but tolerated structure (inlined objects)
  • 41.
    Many possible abuses signatureendobj /Count text operators /Font font use xref /Resources trailer Adobe Reader MuPDF PDF.js PDFium Poppler … different readers have different tolerances ... follows the specs corruption tolerated absence tolerated
  • 42.
    ...so a PDFspecifically crafted for one reader, may fail with all other readers.
  • 43.
    A uniform format? Manyfree readers, but… ● Many (useful) features only available in Adobe Reader: forms, signature, layers… (it’s Adobe’s business model) ● Other readers just aim to support “standard” PDFs
  • 44.
    A beautiful mess! (anartist's interpretation)
  • 45.
    A consistent format? AdobeReader is closing security issues. This is good, but... ⇒ Some features are not supported anymore ⇒ Potential lack of backward compatibility
  • 46.
    It’s a complexpatchwork! JPGs are stored entirely as-is, but PNG have to be converted to raw Forms as XML PostScript Transfer function Web (Flash, JavaScript...) 3D objects
  • 47.
    A coherent format? -text + line comments, yet binary - unusual whitespace, binary also in comments - different escaping - read forward+no separator and object reference - hex as nibbles and odd-numbered - bottom up but also possibly top down (who wins?) - corrupted ZLIB still tolerated - image compression for non-images
  • 48.
    What if... ...Adobe wouldstop supporting PDF ? We’re just left with the ‘specs’ ?
  • 49.
    After all... ...Flash isbeing killed for security reasons, after becoming progressively redundant. PDF could be converted to something else.
  • 50.
    PDF & preservation ●JPG + OCR’ed text = simple ...so simple that we wouldn’t need PDF ? other PDFs = complex (Adobe-dependent) Is PDF/A the solution? more $pec$ http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=38920
  • 51.
    “Backward compatibility” ...is abeautiful utopia! And it leads to saying “we've always done it this way" even after several generations :(
  • 52.
    “Backward compatibility” ...can beincompatible with security fixes JPEG-encoded JavaScript PDF polyglots
  • 53.
    Brace yourself... PDF 2.0is coming! It’s not improving stability and preservability Will Adobe adhere to it ? Since it’s distinct now… *https://www.youtube.com/watch?v=wGmcTf-uMrE
  • 54.
    Conclusion “a complex puzzlebecause the original picture is messy”
  • 55.
    Conclusion ● PDF isvery useful - omnipresent for a reason ● it’s still involved in computer security ○ recent complete takeover of Windows 8.1 by @j00ru ● it’s quite a monster ○ I’m merely scratching the surface ○ its specs were messy from the beginning ● it’s far from perfect ○ “if only Adobe Reader was open” *https://www.youtube.com/watch?v=FVBSvjYQgq8
  • 56.
    ACK Paul Wheatley @doegox @pdfkunfoo@newsoft @internot @insertscript @avlidienbrunn @foxgrrl @chrisjohnriley @travisgoodspeed and everybody for the PDF suggestions :)
  • 57.