SlideShare a Scribd company logo

defcon

Download as PPT, PDF
G
guestfbf1e1
BusinessTechnology
1 of 20
http://www. elcomsoft .com Presentation on on DEF CON Nine, July 13 th - 15 th , 2001 Alexis Park in Las Vegas, Nevada USA eBooks security - theory and practice
eBooks security - theory and practice 1. Foreword 2. PDF encryption 3. Standard security handler 4. Rot13 handler 5. FileOpen handler 6. SoftLock handler 7. Adobe Web Buy handler (PDF Merchant) 8. Acrobat eBook Reader EBX handler (formerly GlassBook) http://www. elcomsoft .com 9. Arbitrary handler (obtaining encryption key from PDF viewer) 10. Security flaw in Acrobat plug-ins certification
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],http://www. elcomsoft .com Electronic Publishing
Electronic Publishing/Reading Solutions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Related Internet resources: http://www. ebookcompilers .com/ http://www. elcomsoft .com ,[object Object],[object Object],[object Object]
eBook Pro compiler Short description (taken from www. ebookpro .com ) "eBook Pro", the only software in the universe that makes your information virtually 100% burglarproof! It comes with a lifetime, money-back guarantee "At Last, You Can Sell Information Online (And Make Thousands Of Sales Per Day) - Without The Danger Of Having Your Information Stolen And Resold By Others» http://www. elcomsoft .com Related Internet resources: http://www. ebookpro .com/ Actual features All HTML pages and supplementary files are compressed with deflate algorithm from ZLIB Compressed data are encrypted by XOR-ing each byte with every byte of the string “encrypted”, which is the same as XOR with constant byte
PDF file structure http://www. elcomsoft .com Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html Basic data types Example Boolean true Numeric 3.1415926 Object reference 23 0 R Name /ProcSet String (Contents) * Stream {binary data} * * - data could be encrypted <PDF file> ::= <header> <body> <cross-reference table> <trailer> <body> ::= <object> {<object>} <object> :: <objectID> (<data> | <stream dictionary> <stream>) Complex data types Example Array [23 0 R /XYZ null] Dictionary <</Name1 (Val1) /Name2 /Val2>>
PDF file encryption PDF Document <Encrypted Content> <<Encryption Dictionary>> Contains security handler name and supplementary information necessary to obtain encryption key http://www. elcomsoft .com Security handler Takes information from Encryption Dictionary , calculates document encryption key and passes it to PDF Viewer PDF Viewer Takes document encryption key , decrypts PDF document and display it on the screen Screen Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html
Object encryption key calculation Document encryption key http://www. elcomsoft .com Object ID + Generation MD5 HASH algorithm Object encryption key Document encryption key Scrambled Object ID + Generation MD5 HASH algorithm Object encryption key ‘ sAlT’ string Algorithm ver.1,2 Algorithm ver.3 Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html
Standard security handler ,[object Object],[object Object],[object Object],[object Object],http://www. elcomsoft .com Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html ,[object Object],[object Object],[object Object],[object Object],New User password restriction, introduced in Acrobat 5: ,[object Object],[object Object],[object Object],[object Object],Possible restrictions, when opened with User password:
Standard security handler http://www. elcomsoft .com Related Internet resources: http://www. elcomsoft .com/ apdfpr .html Time necessary for complete key enumeration (40 bits key) on PIII-450 Passwords per second on 450MHz Pentium III 15 hr 30 hr 60 hr 120 hr 240 hr 4 20 hr 40 hr 80 hr 160 hr 320 hr 3 30 hr 60 hr 120 hr 240 hr 480 hr 2 60 hr 120 hr 240 hr 480 hr 960 hr 1 512 GB 384 GB 256 GB 128 GB 0 GB PCs total HDD 1,610 102  MD5 + 40  RC4 3,250 51  MD5 + 20  RC4 Standard security handler 3 100,000 2  MD5 + 2  RC4 190,000 1  MD5 + 1  RC4 Standard security handler 2 Owner User Handler type P assword type
Rot13 security handler ,[object Object],[object Object],[object Object],[object Object],http://www. elcomsoft .com Related Internet resources: http://www. nprg .com/ ,[object Object],[object Object],[object Object],[object Object]
FileOpen security handler ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],http://www. elcomsoft .com Related Internet resources: http://www. fileopen .com / ,[object Object],[object Object],[object Object]
SoftLock security handler ,[object Object],[object Object],[object Object],[object Object],[object Object],http://www. elcomsoft .com Related Internet resources: http://www. softlock .com/ ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Adobe WebBuy (PDF Merchant) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],http://www. elcomsoft .com Related Internet resources: http:// pdfmerchant .adobe.com/
Adobe’s Acrobat eBookReader (formerly GlassBook) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],http://www. elcomsoft .com Related Internet resources: http://www. ebxwg .org/ http://www.adobe.com/products/ contentserver /main.html ,[object Object],[object Object],[object Object],[object Object],[object Object]
Adobe’s Acrobat eBookReader (formerly GlassBook) http://www. elcomsoft .com Related Internet resources: http://www.adobe.com/products/ contentserver /main.html Interim key calculation from hardware IDs CPU ID+ Volume ID SHA1 mor.dat file son.dat file Voucher RC5 Decrypt RSA Decrypt Private RSA key Document key Interim key Interim key RC5 Decrypt Fixed key Interim key Interim key calculation from hidden copy Document key calculation
Object encryption key calculation Document encryption key http://www. elcomsoft .com Object ID + Generation MD5 HASH algorithm Object encryption key Document encryption key Scrambled Object ID + Generation MD5 HASH algorithm Object encryption key ‘ sAlT’ string Algorithm ver.1,2 Algorithm ver.3 Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html
Obtaining encryption key from PDF viewer http://www. elcomsoft .com ,[object Object],[object Object],[object Object],Anti reverse-engineering measures in PDF viewers How to find code of MD5 functions No PACE InterLok PACE InterLok eBook Reader No In DocBox plug-in No Acrobat 5 No No No Acrobat 4 Code integrity checking Debugger detection Code encryption Application name
Security flaw Acrobat plug-ins certification mechanism http://www. elcomsoft .com ,[object Object],[object Object],[object Object],[object Object],[object Object],How to certify plug-in Why to certify plug-in ,[object Object],How certificate validity is checked ,[object Object],How to bypass plug-ins certificate checking
http://www. elcomsoft .com Presentation on on DEF CON Nine, July 13 th - 15 th , 2001 Alexis Park in Las Vegas, Nevada USA eBooks security - theory and practice

Recommended

Maggiolini etica it
Maggiolini etica itMaggiolini etica it
Maggiolini etica itAndrea Rossetti
 
FLL 2007 Trondheim - Program
FLL 2007 Trondheim - ProgramFLL 2007 Trondheim - Program
FLL 2007 Trondheim - ProgramEirik Refsdal
 
Amy
AmyAmy
Amyguest7fb8dd
 
Prezentacja Kios
Prezentacja KiosPrezentacja Kios
Prezentacja Kiosbeowulf
 
Halloween
HalloweenHalloween
Halloweenenglishp
 
Project overview
Project overviewProject overview
Project overviewjexxon
 
Callidus Software Product Installation And Performance Tuning
Callidus Software Product Installation And Performance TuningCallidus Software Product Installation And Performance Tuning
Callidus Software Product Installation And Performance TuningCallidus Software
 
20160921 think fast answer quick
20160921 think fast answer quick20160921 think fast answer quick
20160921 think fast answer quickHaishuo's Learning Studio
 

Recommended

Maggiolini etica it
Maggiolini etica itMaggiolini etica it
Maggiolini etica itAndrea Rossetti
 
FLL 2007 Trondheim - Program
FLL 2007 Trondheim - ProgramFLL 2007 Trondheim - Program
FLL 2007 Trondheim - ProgramEirik Refsdal
 
Amy
AmyAmy
Amyguest7fb8dd
 
Prezentacja Kios
Prezentacja KiosPrezentacja Kios
Prezentacja Kiosbeowulf
 
Halloween
HalloweenHalloween
Halloweenenglishp
 
Project overview
Project overviewProject overview
Project overviewjexxon
 
Callidus Software Product Installation And Performance Tuning
Callidus Software Product Installation And Performance TuningCallidus Software Product Installation And Performance Tuning
Callidus Software Product Installation And Performance TuningCallidus Software
 
20160921 think fast answer quick
20160921 think fast answer quick20160921 think fast answer quick
20160921 think fast answer quickHaishuo's Learning Studio
 
Video und Web 2.0
Video und Web 2.0Video und Web 2.0
Video und Web 2.0Bertram Gugel
 
Internet
InternetInternet
Internetguest78c671
 
How to rank a website on the cheap
How to rank a website on the cheapHow to rank a website on the cheap
How to rank a website on the cheapJeff Dez
 
Milieu-problematiek
Milieu-problematiekMilieu-problematiek
Milieu-problematiekguest355cfe
 
Pink Ribbon Girls Newsletter
Pink Ribbon Girls NewsletterPink Ribbon Girls Newsletter
Pink Ribbon Girls Newslettercmcmahon
 
Bren!!!! She
Bren!!!! SheBren!!!! She
Bren!!!! SheGabriela Cifuentes Gonzalez
 
製造業のサービス化について サービス・マーケティング最終回発表
製造業のサービス化について サービス・マーケティング最終回発表製造業のサービス化について サービス・マーケティング最終回発表
製造業のサービス化について サービス・マーケティング最終回発表Hikaru GOTO
 
Que Maravilloso Es El Mundo
Que Maravilloso Es El MundoQue Maravilloso Es El Mundo
Que Maravilloso Es El Mundoguilletupreceptor
 
Google Earth Business Uses
Google Earth Business UsesGoogle Earth Business Uses
Google Earth Business Usessecuretech13
 
She
SheShe
SheGabriela Cifuentes Gonzalez
 
Fornitures
FornituresFornitures
Fornituresmarblocs
 
Designing Narrative Content Workshop
Designing Narrative Content WorkshopDesigning Narrative Content Workshop
Designing Narrative Content WorkshopMartha Rotter
 
Making Lemonade out of Lemons: Squeezing utility from a proof-of-work experiment
Making Lemonade out of Lemons: Squeezing utility from a proof-of-work experimentMaking Lemonade out of Lemons: Squeezing utility from a proof-of-work experiment
Making Lemonade out of Lemons: Squeezing utility from a proof-of-work experimentTim Swanson
 
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital ForensicsGiuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital ForensicsAndrea Rossetti
 
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05Andrea Rossetti
 
Milano Smart City
Milano Smart CityMilano Smart City
Milano Smart Cityjexxon
 
Sketch1 Update
Sketch1 UpdateSketch1 Update
Sketch1 Updatejin.fan
 
Raised Peatbogs
Raised PeatbogsRaised Peatbogs
Raised PeatbogsAlan Doherty
 
The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...
The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...
The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...Jeremy Fuksa
 
İ N S A N B E Y Nİ
İ N S A N B E Y Nİİ N S A N B E Y Nİ
İ N S A N B E Y Nİkirbiyik
 
xrefer-lightowlers
xrefer-lightowlersxrefer-lightowlers
xrefer-lightowlersguestfbf1e1
 
unusualevent
unusualeventunusualevent
unusualeventguestfbf1e1
 

More Related Content

Viewers also liked

How to rank a website on the cheap
How to rank a website on the cheapHow to rank a website on the cheap
How to rank a website on the cheapJeff Dez
 
Milieu-problematiek
Milieu-problematiekMilieu-problematiek
Milieu-problematiekguest355cfe
 
Pink Ribbon Girls Newsletter
Pink Ribbon Girls NewsletterPink Ribbon Girls Newsletter
Pink Ribbon Girls Newslettercmcmahon
 
製造業のサービス化について サービス・マーケティング最終回発表
製造業のサービス化について サービス・マーケティング最終回発表製造業のサービス化について サービス・マーケティング最終回発表
製造業のサービス化について サービス・マーケティング最終回発表Hikaru GOTO
 
Google Earth Business Uses
Google Earth Business UsesGoogle Earth Business Uses
Google Earth Business Usessecuretech13
 
Fornitures
FornituresFornitures
Fornituresmarblocs
 
Designing Narrative Content Workshop
Designing Narrative Content WorkshopDesigning Narrative Content Workshop
Designing Narrative Content WorkshopMartha Rotter
 
Making Lemonade out of Lemons: Squeezing utility from a proof-of-work experiment
Making Lemonade out of Lemons: Squeezing utility from a proof-of-work experimentMaking Lemonade out of Lemons: Squeezing utility from a proof-of-work experiment
Making Lemonade out of Lemons: Squeezing utility from a proof-of-work experimentTim Swanson
 
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital ForensicsGiuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital ForensicsAndrea Rossetti
 
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05Andrea Rossetti
 
Milano Smart City
Milano Smart CityMilano Smart City
Milano Smart Cityjexxon
 
Sketch1 Update
Sketch1 UpdateSketch1 Update
Sketch1 Updatejin.fan
 
The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...
The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...
The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...Jeremy Fuksa
 
İ N S A N B E Y Nİ
İ N S A N B E Y Nİİ N S A N B E Y Nİ
İ N S A N B E Y Nİkirbiyik
 

Viewers also liked (20)

Video und Web 2.0
Video und Web 2.0Video und Web 2.0
Video und Web 2.0
 
Internet
InternetInternet
Internet
 
How to rank a website on the cheap
How to rank a website on the cheapHow to rank a website on the cheap
How to rank a website on the cheap
 
Milieu-problematiek
Milieu-problematiekMilieu-problematiek
Milieu-problematiek
 
Pink Ribbon Girls Newsletter
Pink Ribbon Girls NewsletterPink Ribbon Girls Newsletter
Pink Ribbon Girls Newsletter
 
Bren!!!! She
Bren!!!! SheBren!!!! She
Bren!!!! She
 
製造業のサービス化について サービス・マーケティング最終回発表
製造業のサービス化について サービス・マーケティング最終回発表製造業のサービス化について サービス・マーケティング最終回発表
製造業のサービス化について サービス・マーケティング最終回発表
 
Que Maravilloso Es El Mundo
Que Maravilloso Es El MundoQue Maravilloso Es El Mundo
Que Maravilloso Es El Mundo
 
Google Earth Business Uses
Google Earth Business UsesGoogle Earth Business Uses
Google Earth Business Uses
 
She
SheShe
She
 
Fornitures
FornituresFornitures
Fornitures
 
Designing Narrative Content Workshop
Designing Narrative Content WorkshopDesigning Narrative Content Workshop
Designing Narrative Content Workshop
 
Making Lemonade out of Lemons: Squeezing utility from a proof-of-work experiment
Making Lemonade out of Lemons: Squeezing utility from a proof-of-work experimentMaking Lemonade out of Lemons: Squeezing utility from a proof-of-work experiment
Making Lemonade out of Lemons: Squeezing utility from a proof-of-work experiment
 
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital ForensicsGiuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
Giuseppe Vaciago, Cybercrime, Digital Investigation e Digital Forensics
 
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
Giuseppe vaciago, Digital forensics e garanzie dell’indagato 2011 04 05
 
Milano Smart City
Milano Smart CityMilano Smart City
Milano Smart City
 
Sketch1 Update
Sketch1 UpdateSketch1 Update
Sketch1 Update
 
Raised Peatbogs
Raised PeatbogsRaised Peatbogs
Raised Peatbogs
 
The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...
The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...
The Responsive Grid & You: Extending Your WordPress Site Across Multiple Dev...
 
İ N S A N B E Y Nİ
İ N S A N B E Y Nİİ N S A N B E Y Nİ
İ N S A N B E Y Nİ
 

More from guestfbf1e1

xrefer-lightowlers
xrefer-lightowlersxrefer-lightowlers
xrefer-lightowlersguestfbf1e1
 
training_tuftspma
training_tuftspmatraining_tuftspma
training_tuftspmaguestfbf1e1
 
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERTSess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERTguestfbf1e1
 
20070612150756-0
20070612150756-020070612150756-0
20070612150756-0guestfbf1e1
 
GeneticAlgorithm
GeneticAlgorithmGeneticAlgorithm
GeneticAlgorithmguestfbf1e1
 
dorsdl2006-arrow
dorsdl2006-arrowdorsdl2006-arrow
dorsdl2006-arrowguestfbf1e1
 
Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006guestfbf1e1
 
kevin_mcmahon_power_point_slides
kevin_mcmahon_power_point_slideskevin_mcmahon_power_point_slides
kevin_mcmahon_power_point_slidesguestfbf1e1
 
xreferplus-dereksturdy
xreferplus-dereksturdyxreferplus-dereksturdy
xreferplus-dereksturdyguestfbf1e1
 
LearningProgressionstoELit_Anderson
LearningProgressionstoELit_AndersonLearningProgressionstoELit_Anderson
LearningProgressionstoELit_Andersonguestfbf1e1
 

More from guestfbf1e1 (14)

xrefer-lightowlers
xrefer-lightowlersxrefer-lightowlers
xrefer-lightowlers
 
unusualevent
unusualeventunusualevent
unusualevent
 
training_tuftspma
training_tuftspmatraining_tuftspma
training_tuftspma
 
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERTSess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
Sess_39_NAMCS&NHAMCS_hands-on_SCHAPPERT
 
20070612150756-0
20070612150756-020070612150756-0
20070612150756-0
 
DesmedtXSB
DesmedtXSBDesmedtXSB
DesmedtXSB
 
GeneticAlgorithm
GeneticAlgorithmGeneticAlgorithm
GeneticAlgorithm
 
dorsdl2006-arrow
dorsdl2006-arrowdorsdl2006-arrow
dorsdl2006-arrow
 
Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006
 
kevin_mcmahon_power_point_slides
kevin_mcmahon_power_point_slideskevin_mcmahon_power_point_slides
kevin_mcmahon_power_point_slides
 
WLCG-Discu
WLCG-DiscuWLCG-Discu
WLCG-Discu
 
xreferplus-dereksturdy
xreferplus-dereksturdyxreferplus-dereksturdy
xreferplus-dereksturdy
 
dougz
dougzdougz
dougz
 
LearningProgressionstoELit_Anderson
LearningProgressionstoELit_AndersonLearningProgressionstoELit_Anderson
LearningProgressionstoELit_Anderson
 

Recently uploaded

8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadAyesha Khan
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 

Recently uploaded (20)

8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 

defcon

  • 1. http://www. elcomsoft .com Presentation on on DEF CON Nine, July 13 th - 15 th , 2001 Alexis Park in Las Vegas, Nevada USA eBooks security - theory and practice
  • 2. eBooks security - theory and practice 1. Foreword 2. PDF encryption 3. Standard security handler 4. Rot13 handler 5. FileOpen handler 6. SoftLock handler 7. Adobe Web Buy handler (PDF Merchant) 8. Acrobat eBook Reader EBX handler (formerly GlassBook) http://www. elcomsoft .com 9. Arbitrary handler (obtaining encryption key from PDF viewer) 10. Security flaw in Acrobat plug-ins certification
  • 3.
  • 4.
  • 5. eBook Pro compiler Short description (taken from www. ebookpro .com ) &quot;eBook Pro&quot;, the only software in the universe that makes your information virtually 100% burglarproof! It comes with a lifetime, money-back guarantee &quot;At Last, You Can Sell Information Online (And Make Thousands Of Sales Per Day) - Without The Danger Of Having Your Information Stolen And Resold By Others» http://www. elcomsoft .com Related Internet resources: http://www. ebookpro .com/ Actual features All HTML pages and supplementary files are compressed with deflate algorithm from ZLIB Compressed data are encrypted by XOR-ing each byte with every byte of the string “encrypted”, which is the same as XOR with constant byte
  • 6. PDF file structure http://www. elcomsoft .com Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html Basic data types Example Boolean true Numeric 3.1415926 Object reference 23 0 R Name /ProcSet String (Contents) * Stream {binary data} * * - data could be encrypted <PDF file> ::= <header> <body> <cross-reference table> <trailer> <body> ::= <object> {<object>} <object> :: <objectID> (<data> | <stream dictionary> <stream>) Complex data types Example Array [23 0 R /XYZ null] Dictionary <</Name1 (Val1) /Name2 /Val2>>
  • 7. PDF file encryption PDF Document <Encrypted Content> <<Encryption Dictionary>> Contains security handler name and supplementary information necessary to obtain encryption key http://www. elcomsoft .com Security handler Takes information from Encryption Dictionary , calculates document encryption key and passes it to PDF Viewer PDF Viewer Takes document encryption key , decrypts PDF document and display it on the screen Screen Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html
  • 8. Object encryption key calculation Document encryption key http://www. elcomsoft .com Object ID + Generation MD5 HASH algorithm Object encryption key Document encryption key Scrambled Object ID + Generation MD5 HASH algorithm Object encryption key ‘ sAlT’ string Algorithm ver.1,2 Algorithm ver.3 Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html
  • 9.
  • 10. Standard security handler http://www. elcomsoft .com Related Internet resources: http://www. elcomsoft .com/ apdfpr .html Time necessary for complete key enumeration (40 bits key) on PIII-450 Passwords per second on 450MHz Pentium III 15 hr 30 hr 60 hr 120 hr 240 hr 4 20 hr 40 hr 80 hr 160 hr 320 hr 3 30 hr 60 hr 120 hr 240 hr 480 hr 2 60 hr 120 hr 240 hr 480 hr 960 hr 1 512 GB 384 GB 256 GB 128 GB 0 GB PCs total HDD 1,610 102  MD5 + 40  RC4 3,250 51  MD5 + 20  RC4 Standard security handler 3 100,000 2  MD5 + 2  RC4 190,000 1  MD5 + 1  RC4 Standard security handler 2 Owner User Handler type P assword type
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. Adobe’s Acrobat eBookReader (formerly GlassBook) http://www. elcomsoft .com Related Internet resources: http://www.adobe.com/products/ contentserver /main.html Interim key calculation from hardware IDs CPU ID+ Volume ID SHA1 mor.dat file son.dat file Voucher RC5 Decrypt RSA Decrypt Private RSA key Document key Interim key Interim key RC5 Decrypt Fixed key Interim key Interim key calculation from hidden copy Document key calculation
  • 17. Object encryption key calculation Document encryption key http://www. elcomsoft .com Object ID + Generation MD5 HASH algorithm Object encryption key Document encryption key Scrambled Object ID + Generation MD5 HASH algorithm Object encryption key ‘ sAlT’ string Algorithm ver.1,2 Algorithm ver.3 Related Internet resources: http://www.adobe.com/products/acrobat/ adobepdf .html
  • 18.
  • 19.
  • 20. http://www. elcomsoft .com Presentation on on DEF CON Nine, July 13 th - 15 th , 2001 Alexis Park in Las Vegas, Nevada USA eBooks security - theory and practice