

               GuaPDF (Guaranteed PDF Decryptor)
           PDF files decryptor/restrictions remover

                v. 2.2 - command line version

         (c) Copyright PSW-soft 2000-05 by P. Semjanov


THIS PROGRAM  IS DISTRIBUTED  "AS IS".  USE IT AT YOUR OWN  RISK.
GuaPDF comes with ABSOLUTELY  NO WARRANTY. The AUTHOR  also  DOES
NOT GUARANTEE releasing any future VERSIONS of the program.

This  program has two versions:

  1) FREEWARE  (with some  limitations) that  can be  distributed
freely under  following conditions:  the program  code should not
be  changed  and  has  to  be  distributed in original form.  Any
commercial  use  of  this  version  is  prohibited.  Support  and
updating of this version also is not guaranteed.

  2) COMMERCIAL (fully-functional) that  can't be distributed  in
any form with out written explicit permission of the author and
the usage of with version is restricted by included license.

Also, there are some commercial version modifications.


1. Objectives and characteristics.

The program GuaPDF can be used:

1) to remove the restrictions applied to the PDF documents  (such
as not allowing printing,  changing, selecting text etc).   These
restrictions are insecure and removing process is instant on any
PDF file (even with 128-bit encryption enabled).

2)  to  decrypt  PDF  documents  encrypted  with password to open
(user  password)  without  knowing the password.  But it  is  not
PASSWORD  recovery  program,  the  decryption  of  any  file   is
guaranteed regardless of password used. This  is not possible  on
the files with new 128-bit encryption.

The program  has been  tested  on PDF files  up  to  version  1.5
(Acrobat 6.0).
ATTENTION: Only standard PDF encryprion is supported, neither 
third-party plug-ins nor e-books.


2. PDF security overview

The standard security  provided by PDF  consists of two  different
methods  and  two  different  passwords.  A  PDF  document may be
protected  by  password  for  opening  ('user'  password) and the
document may  also specify  operations that  should be restricted
even when the document  is decrypted: printing; copying  text and
graphics out of the document; modifying the document; and  adding
or modifying text notes  and AcroForm fields (using  'owner' also
known as "Change security options" password).

Encryption of PDF documents with user password uses a RC4  stream
cipher  which  is   cryptographically  strong.   (Un)fortunately,
PDF files created in Acrobat 3.x, 4.x and with default encryption
in Acrobat 5.x-6.x)  use key  with 40  bits length long. Not long
ago  it was  impossible  for  individuals  to test  all keys, but
nowadays, the power of modern PC is sufficient for that procedure.

To crack ANY PDF user password you need to test 2^40   keys.  (No
matter how   long the password   is, what charset   and  national
symbols uses). It's  implemented in this  program with the  speed
about 1.000.000 keys/s on Pentium 4/1600 and  you will need about
13 days to finish it.  (Surely,  in average  you will need only a
half of  this  time). The faster computer you've got, the earlier
file is decrypted.

To speed  up cracking  simple distributed  computing mechanism is
included in GuaPDF program (*).

(*) - not available in free and restrictions remover versions

All keyspace is divided to 16384 (0-16383) "megakeys"  (they  are
simply   called   "keys"   below)   and   each   of  them  can be
tested in parallel  on separate computer.   One key testing  time
is about 1 minute on Pentium  4/1600). So, if you've got thousand
computers in  your LAN,  you will  find the  right  key in a few
minutes.

Second security method (operations restrictions) is insecure  and
can be cracked instantly.

NOTE:

If you know owner password for encrypted PDF file, this file  can
be also decrypted instantly.


3. Working with the command-line version of the program.

(If you use GUI version, please refer to the help).
   You may run GuaPDF program under Win32 (Windows  95/98/NT/2000
etc) and Linux.


3.1. Running the restrictions remover version.

   This GuaPDF  version can  only remove  restrictions (or  owner
password) on a  PDF file (if  you even can't  open the file,  use
GuaPDF n-clients version). Any Acrobat and PDF version supported,
even with new 128-bit encryption.

Use the following command line to run the program:

   GUAPDF.EXE [options] PDF_file ,
where:

PDF_file is PDF document with restricted operations.

Options are:
   /p password  proceed file protected with given owner password;
   /y           don't ask about starting the decryption.

If you know the owner  password of  the  file, you can instantly
remove restrictions  and user password on  this file (/p option).

Use /y option if you are sure  you made backup  copy of your file
and  don't  need the  confirmation  of starting the  restrictions
removal.

When the  right  key  is found,  the PDF file will  be decrypted
and saved as file with .decrypted.pdf extentions.

3.2. Running the n-clients GuaPDF version.

   This  GuaPDF  version  can   remove  restrictions  (or   owner
password) on a PDF file  or/and decrypt file encrypted with  user
password (see p. 1).

If you are going to use several computers, you should copy GuaPDF
program to the shared directory and run GuaPDF on every  computer
(client) from  this directory.  Also, you  should start SHARE.EXE
under MS DOS before running GuaPDF on the network.

Use the following command line to run the program:

   GUAPDF.EXE [options] PDF_file [start_key [end_key]],
where:

PDF_file  is  PDF  document  with  password  for  opening  and/or
restricted  operations. 

Parameters in [] brackets are optional:
   /pXYZ     use crypto functions #X,Y,Z
   start_key is a key to start from (0-16383), default = 0  (*);
   end_key   is a last key to test  (0-16383), default = 16383 (*).

/pXYZ option may be used if automatic procedure for choosing best
code for your processor does it incorrectly. In this case you may
manually  set up which  crypto  functions  should  be used.  Some
information  about available crypto functions  may be obtained by
/t option.


The following options should be used on FIRST client only:
   /r           restarts cracking after any accident;  (*)
   /1           forces first client mode (*)
   /p password  proceed file protected with given password;
   /y           don't ask about starting the decryption.

(*) - not available in free version

/r  option may  be useful if  an accident has  occurred,  such as
power was off or decryption  failed for some reason. This  option
sets the  number  of clients to zero  and converts all interrupted
keys  (see below) to  "not tested"  ones.  Of course, it  doesn't
change any other keys, already tested keys never be tested again.
Use /r option  only on  ONE (first) client  when all  clients are
not working, next clients should be run without /r option.

/1 option  should  be  used  to  start first  client again  after
interruption. No need  to interrupt other  clients when  starting
first one.

If   you   know at  least one  password (no  matter which one) of
the protected file, you should always use /p option. Then you can
instantly:

1)  remove   restrictions   (and  password)  on  encrypted   file
entering its user password;
2) decrypt file entering its owner password.

Use /y option if you are sure  you made backup  copy of your file
and  don't  need the  confirmation  of starting the  restrictions
removal.

When the  right  key  is found,  the PDF file will  be decrypted
and saved as file with .decrypted.pdf extentions.

To provide  distributed computing  mechanism (*)  the shared file
(with  .key  extension)  is  created  in current directory at the
first run of  the GuaPDF program.   Thus, you will  need to  have
WRITE PERMISSION to  the current (shared)  directory.  (Also  you
need write permission to the temporary directory). Do not  delete
nor modify  this file  if you  are not  sure that  this is  right
thing to do.

Normally, there should be no  interrupted keys in the .key  file,
but  they could    appear if   computer accidentally switches off
or   if  you  interrupt    the program,   running on Windows  NT.
To resolve  the problem  with the interrupted keys please look at
the messages of the LAST client finished. If it says, "ATTENTION:
There  are  some possibly  interrupted  keys", rerun this  client
with /r  option and the  same keyspace. The  program  will retest
all interrupted  keys.

3.3. The examples of GuaPDF using.

Following command lines can be used with any GuaPDF version:

1) To crack  (decrypt or  remove restrictions) the  TEST.PDF file
on one computer use:

   GUAPDF.EXE TEST.PDF

1a) To  remove restrictions on  the TEST.PDF  file without prompt
use:

   GUAPDF.EXE /y TEST.PDF

1b) To  remove  restrictions on the TEST.PDF file encrypted  with
user password 'PASS' use:

   GUAPDF.EXE /p PASS TEST.PDF

1c) To decrypt TEST.PDF file protected with owner password 'OWNER'
use the similar command line:

   GUAPDF.EXE /p OWNER TEST.PDF

1d) To  remove  restrictions on the TEST.PDF file encrypted  with
user password 'PASS' without prompt use:

   GUAPDF.EXE /p PASS /y TEST.PDF

Below are examples for GuaPDF n-clients version only:

2) To crack  encrypted TEST.PDF file  on several computers on the
LAN,  copy the  GuaPDF program  and TEST.PDF  file to  the shared
directory and use this simple command line:

   GUAPDF.EXE TEST.PDF

The first started client is special, and will actually do the decryption.
 Any client  can be  interrupted  by pressing  Ctrl-C once and
continued by  running with  the same  options (no  need to change
the keyspace range  - it will  be picked up  automatically). When
interrupting first client, to continue it use special /1  option,
like:

   GUAWORD /1 TEST.DOC

3) To  crack  TEST.PDF on two  divided  LANs or  on  two  divided
computers (e.g. at home and at work), use:

   GUAPDF.EXE TEST.PDF 0 8191   - on first LAN
   GUAPDF.EXE TEST.PDF 8192     - on second LAN

   Use the similar command lines on several LANs.

4)  If  some  accident  has  occurrs  (such  as power was off or
decryption  failed  for some reason),  you may continue  from the
last untested key by running on FIRST client:

   GUAPDF /r TEST.PDF

Any  other clients should not be running at this time, start them
in normal way.


4. Mini-FAQ.

1) How to interrupt and continue searching?

The  program  can   be  interrupted  by  pressing Ctrl-Break once
and continued by running with the same options (no need to change
the keyspace range - it will be picked up automatically).

(*) Continuing is  impossible in  freeware version, it will start
from key 0.

   ATTENTION: on pressing  Ctrl-Break Windows  NT will cause  the
"Application   error" window  and   interrupted key   will appear
in the  .key file (see above). 

2) What do the values in .key file mean?

First 16 bytes are  special. The byte   with n  offset  means the
state of (n-16)  key and  may  be one of   3 values: 0  - key  is
not tested yet, 1 - key was  tested and is not  right, 2 - key is
testing now (or may be interrupted key).

So, if the  test of a given  keyspace is completed, and there are
still some values (in this keyspace) which are  not  equal  to 1,
then there must be a bug in  the program. Those keys,  which have
not been tested, can  be  tested by simply running the program on
this keyspace again with /r option.

3)  I've  got Pentium III/1000  computer, but key testing time is
extremely large.

Make   sure   that   other   CPU   hungry   programs   (including
3D-screensavers) are not running simultaneously.

3a) One key testing time is 2 times longer under Windows NT  than
under MS-DOS or Windows 95.

Give 100% CPU time to the program. The easiest way to do it is to click
on  blank space on  the taskbar and  next  click on  the  program
window.

4) How can I test if your program is working?

To test restrictions removal, run GuaPDF on RESTRICT.PDF file  in
the archive. To test password cracking and decryption, run GuaPDF
on  ENCRYPT.PDF file in  the  archive and  wait until it finishes
testing key  0. (The  user password for last  file is 'gird', the
owner password for both files is 'owner').

4a) I  try to  put  'gird' password  on  my  .pdf file,  and your
program can't decrypt it within 0 key attempt.

Sure, ENCRYPT.PDF is an  especially constructed example, and  you
have  no  chances  to  make  such  (fast  breakable)  file  using
standard PDF creating software. See q. 13.

4b) I try  to  make  another restricted  file  example  but  demo
version says file is too large...

Demo version can correctly decrypt only few streams and doesn't
decrypt strings (look at PDF specification if you don't know what 
does it mean). All the rest streams remain unencrypted. It means
only few (or zero pages) will be visible in the decrypted document.
It may also produce some error messages. Don't worry, the full
version will correctly decrypt your document.

5) The full keyspace has been tested, no key found.

Check for interrupted keys in .key file (see  q.2) or just simply
run program again with /r option.  If it is still fails, your PDF
file is seriously corrupted or it's a bug.

6) Your program  found a key, successfully  decrypted  a file and
I still can not open it...

First, don't despair.  The found key is correct and your file can
be decrypted. Just contact me, and I'll fix this bug, and you won't
need to test the keys again.

7)  What  are  the  differences  between  freeware and commercial
version?

a) Demo version is limited to decrypt only few streams - it means,
only small files can be processed correctly
b) Distributed mechanism
c) Starting and ending key arguments, /r option
d) Support

8) Can you explain the difference between commercial versions?

Restrictions  remover  version  is  designed  to  unset operation
restrictions only.  Other versions  can also do that, and  can be
used  for  decrypting  documents  with  user  password.  They
differ only in available clients number. If you are not sure what
version to buy, run  demo version on  your file and look
what it says.

9) Is it possible to speed up/port your program to the another
architecture?

The GuaPDF engine is portable, so, for example, the UNIX version
can be compiled (Linux version is already available). The optimized
kernel crypto functions also can be easily added. So, if you are
interested in, please contact.

10) Program  displays  "no  more  clients  (N)  allowed  in  this
keyspace", although less than N clients are running.

You incorrectly interrupted some clients.  Stop others and use
/r option.

11a) Freeware version  found the  key,  but couldn't  (correctly)
decrypt the  file. Is  there the  way for  not searching  for key
again?

11b) Freeware version tested some  (a lot of) keys when  I decide
to buy commercial version. Is there the way for not testing  them
again?

Sure, just  run  commercial  version  with  appropriate start_key
parameter.

12)  I'm  sure all  of my  files  are  encrypted  with  the  same
password, and   I successfully  decrypted   one of  them.   Can I
decrypt  others without running GuaPDF on all files?

Files with the same password  DON'T have the same key, because it
depends on  file ID etc. and  there  is no  way to  decrypt other
files if you even know the key of one of them. I think,  however,
that it is  possible to  write  PASSWORD recovering utility  from
given key and .pdf file.

13) Your  program  produces  a  lot  of  warnings: "String  XXXXX
truncated in line XXX". What do they mean?

When decrypting, some strings  need to be truncated. For majority
of PDF documents,  these truncations  don't affect  the resulting
file in any way.  If your  document  is  affected,  mail me.  I'm
working on new  GuaPDF engine now, allowing  to get  rid such a
warning.

14) GuaPDF  prints "XXXXXXXXXXXX.pdf: No such  file or  directory
(ENOENT)", although the file exists.

Don't use long file names on Windows NT (rename the file).

15)  Will  the  signature  on  signed  PDF  file  be  valid after
decryption/removing restriction?

Of course not, because the file will be changed,

16)  How  can  I  remove  restrictions  from  several file in one
directory?

Use FOR command, like:
	for %i in (*.pdf) do guapdf /y %i

or, in .BAT file:
	for %%i in (*.pdf) do guapdf /y %%i

17) How can I run GuaPDF in the low priority?

RTFM. Under Windows NT/2000 use
	start /low guapdf <parameters>

18) My file is  confidential and I don't want to leave it in the
shared directory. What to do?

You can  remove your  file after the key test begins  and copy it
back when the  prompt  for  decryption  will appear.

19) The  key has  been found  on one  of the  clients while first
client was stopped. How to decrypt file in this situation?

Just start first client with /1 option.

20) How to run GuaPDF on the dual (dual-core) processor computer?

Just start two copies of the program with the same options.

21) Should I start two GuaPDF copies on my HyperThreading processor?

Curiously enough, but on some modern Pentium 4 Prescott it may help,
on other (older) P4 it has no sence. You can try to experiment yourself.

22) Could you explain more about first client mode?

"First client" only means that the decryption will be perfomed on
this client and doesn't have any other peculiarities. It makes no
harm if several "first clients" are running or none of them are
running



5. Ordering and contact information.

Program support URLs are
    http://www.password-crackers.com/crack/guapdf.html

Here  you  find  the  link  to  ordering  page.  There are  
commercial versions:

   restrictions remover only  - $29;
     1(2) clients version     - $42.95;
     5 clients (max) version  - $59;

These versions  are licensed  to non-profit,  individual use.  To
use GuaPDF for business, you should buy business license for

    unlimited version         - $450.

You can also contact the author:
    e-mail: pavel@semjanov.com

A lot of great password crackers are at
    http://www.password-crackers.com

Although I have already mentioned that  I will not accept any  claims,
I shall be grateful to hear about obvious errors, such as:

- the program hangs  at brute force;
- the program does not find the key of a given file although  all
keys were tested.

I appreciate any constructive ideas for improving this program.

5. Special thanks.

  To Eric Young for his great SSLeay library.
  To Derek B. Noonburg for his not less great xpdf library.
  To Phil Frisbie, Jr. for CPU identification function.
  To Olga Potapova for correcting this doc.
  To guys from comp.text.pdf.

Good luck!

Pavel Semjanov, St.-Petersburg.

