What's the expected performance across PDF versions / types? (Edit: maybe have a table added to the README?)

For comparison, GPU performance under hashcat on a single GTX 1080, across supported PDF versions, is as follows:

$ for hashtype in 10400 10420 10500 25400 10600 10700; do \
    hashcat -b -w 4 -O -m $hashtype --quiet; done

-------------------------------------------------
* Hash-Mode 10400 (PDF 1.1 - 1.3 (Acrobat 2 - 4))
-------------------------------------------------

Speed.#1.........:   414.1 MH/s (403.66ms) @ Accel:1024 Loops:256 Thr:32 Vec:1

--------------------------------------------------------------
* Hash-Mode 10420 (PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2)
--------------------------------------------------------------

Speed.#1.........:  6510.0 MH/s (102.36ms) @ Accel:1024 Loops:1024 Thr:32 Vec:1

------------------------------------------------------------------
* Hash-Mode 10500 (PDF 1.4 - 1.6 (Acrobat 5 - 8)) [Iterations: 70]
------------------------------------------------------------------

Speed.#1.........: 14044.6 kH/s (30.67ms) @ Accel:1024 Loops:70 Thr:32 Vec:1

----------------------------------------------------------------------------------------
* Hash-Mode 25400 (PDF 1.4 - 1.6 (Acrobat 5 - 8) - user and owner pass) [Iterations: 70]
----------------------------------------------------------------------------------------

Speed.#1.........: 14294.5 kH/s (30.56ms) @ Accel:1024 Loops:70 Thr:32 Vec:1

-----------------------------------------------
* Hash-Mode 10600 (PDF 1.7 Level 3 (Acrobat 9))
-----------------------------------------------

Speed.#1.........:  3128.5 MH/s (423.99ms) @ Accel:128 Loops:512 Thr:1024 Vec:1

----------------------------------------------------------------------
* Hash-Mode 10700 (PDF 1.7 Level 8 (Acrobat 10 - 11)) [Iterations: 64]
----------------------------------------------------------------------

Speed.#1.........:    34875 H/s (586.47ms) @ Accel:32 Loops:8 Thr:256 Vec:1

I tried with a simple password and a wordlist this is the result:

I cloned and run cargo build and got the following:

     Updating crates.io index
error: failed to select a version for the requirement `clap = "^4.3.21"`
candidate versions found which didn't match: 3.2.25, 3.2.24, 3.2.23, ...
location searched: crates.io index
required by package `pdfrip v2.0.0 (/home/lawsa/source/pdfrip)`

need musk attack where we can define position of digit numeric special charater uppercase and lower case

I can't crack the pdf i created. and password is 123456.
it can only crack acrobat 6 and 7 versions. not X versions.

Hi,

It would bу cool to have this options to choose and combine them:

all caps (A-Z)
all small (a-z)
all digits (0-9)
all special symbols (!@...)

Thanks in advance

Let's say I know the password is in DDMMYYYY format but I don't know the year.
So how do I parse the command for the year range 1900 to 2000 so that pdfrip checks all dates between 1900 & 2000 in DDMMYYYY format?

I think this would be useful in reference to #17 and #18 as well as to improve maintainability.

PDFRip is basically a big monolithic crate right now, which is fine for smaller software but It will probably not age well as the number of features (and therefore probably the number of dependencies we have) increase, potentially causing issues regarding different versions of crate dependencies being incompatible.

Additionally splitting it into multiple crates allows us to enforce a stricter dependency chain between our different parts.

E.g. We can ensure Clap (argument parsing) is only accessible from our main crate, guaranteeing engine.rs is unable to somehow depend on it.

I propose to split PDFRip into the following crates with the following responsibilities:

• Main binary - Essentially becoming a presentation layer responsible for interactions with the user. i.e. Argument parsing and/or Api related things as well as selecting a logging frontend and, if possible with the proposed dependencies, the progressbar.
• Engine crate, responsible for the business logic of cracking passwords. It should depend on our Producer and Cracker crates.
• Producer crate. Defines the "Producer" trait and contains the different cracking methods, i.e. "custom-query", "default-query" and such.
• Cracker crate, implements the PDFCracker struct. Allowing us to decouple the rest of the crate from depending on the PDF crate we're currently using for our decryption logic.

We can probably do all this inside this one repository by utilizing Cargo's workspace feature

The proposed structure can be represented in the following way:

The image was generated using https://structurizr.com/dsl with the code from the attached file.
structurizr.txt

PDFRip currently performs it's tasks with traditional threads causing certain logic to become more cumbersome compared to how I think it could be implemented in an async environment.
This is supported by how engine.rs has seen bugs such as #14 suggesting it's a tad too complicated.

I propose reimplementing PDFRip to be async instead by utilizing the Tokio ecosystem.

The benefits are:

• We have access to Tokio's async runtime, potentially improving performance.
• We have access to tokio-util's CancellationTokens and TaskTrackers as well as Tokio's Select! macro and ctrl-c signal handling.
  • This Could be useful when implementing #17.
• We can remove our dependency on Crossbeam and utilize the channels in Tokio.

The current problems that I think need to be resolved are

• We will probably need to make the Producer traits Async, which is supported in rust since 1.75. This is to allow cancelling production of passwords when implementing #17 .
• We must lock our minimum rust version to 1.75 if we use async traits.

Here's another instance of a password not found by default-query. Created a PDF with a password of
bored
On MacOS 13.6.4, saved via Preview. The file is attached in case it helps. Thanks!
pdfritet.pdf

At first, I tried with the command
pdfrip.exe -f x.pdf range 000000 999999
and it failed. Then I tried
pdfrip.exe -f x.pdf default-query --max-length 6 --min-length 6
and it finds the password 001631.

Found this while working on tests for #23 .

thread 'main' panicked at crates/producer/src/custom_query.rs:54:70:
called `Result::unwrap()` on an `Err` value: ParseIntError { kind: Empty }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

The prompt I used was
cargo run -- -f examples/ALICE_BANK_STATEMENT.pdf custom-query "I'M BATMAN"

Removing the single-tick (') still caused the same error.

Runnning
cargo run -- -f examples/ALICE_BANK_STATEMENT.pdf custom-query "I'M BATMAN{1337}"
produces

thread 'main' panicked at crates/producer/src/custom_query.rs:56:33:
called `Option::unwrap()` on a `None` value
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

I suggest either resolving this or ensure we report a cleaner error message.

Hi,

Password of '1234' and 'q123' and was not found by default query.

Thanks

As a user,
I'd like to be able to stop a cracking job and restart it later,
So I can not lose progress.

Some colors works, others doesn't, here a screenshot of it:

I've tested both with powershell and cmd on Windows 10 Pro 21H1.

User name hidden due of privacy reasons.

Developing #13 revealed there is a race condition in the engine where the engine exits before receiving a correct password from a producer, despite it eventually sending one.

Running
env LOG_LEVEL=info cargo run --release -- --filename examples/datetime-15012000.pdf date 1900 2000
does not successfully crack the PDF, while
env LOG_LEVEL=info cargo run --release -- --filename examples/datetime-15012000.pdf date 1900 2001
succeeds despite this generator sending passwords inclusively. I suspect there is a bug somewhere else that will need to be investigated

Adding debug logging to the DateProducer next() function shows the correct password is being sent but not recognized.

2023-12-03T21:34:13.151Z DEBUG pdfrip::core::production::dates > Sending 15012000 from DateProducer

This means there is a race condition somewhere. Likely in engine.rs.

I imagine the bruteforcer should be simplified since it is currently complex, clunky, inefficent and annoying.

Hi - I have a PDF secured with the password '123B'. Using the query:
pdfrip -f file.pdf -n 12 default-query --max-length 4 --min-length 4

I'd expect the tool to find the password no problem - but it doesn't. If I reverse the password to B123, it finds it. I assumed the default query would run all permutations of a-zA-Z0-9 but it seems not?

Thanks!

It would be cool be to be able to specify the date format.

This small patch changes it to dd.mm.yyyy but of course it needs to be made configurable

diff --git a/crates/producer/src/dates.rs b/crates/producer/src/dates.rs
index ed11325..2ce0ec7 100644
--- a/crates/producer/src/dates.rs
+++ b/crates/producer/src/dates.rs
@@ -25,7 +25,7 @@ fn pregenerate_dates() -> Vec<String> {
                 month.to_string()
             };
 
-            results.push(format!("{}{}", date, month))
+            results.push(format!("{}.{}", date, month))
         }
     }
 
@@ -63,7 +63,7 @@ impl Producer for DateProducer {
 
             let next = self.inner.next().unwrap();
 
-            let password = format!("{:04}{:04}", next, self.current).into_bytes();
+            let password = format!("{:04}.{:04}", next, self.current).into_bytes();
             debug!(
                 "Sending {} from DateProducer",
                 String::from_utf8_lossy(&password)

Hello, it seems the custom query is only allowing a string value to be fixed. Like if i want to search a query like...
-q {0-990}1234 then the program searches 0-9901234 and not the hundred possibilities. Can you please take a look. Thanks

It looks like the modes of operatior are:

• Provide a dictionary of all the passwords I want checked
• Provide a number range to use as passwords to check (either using range or custom-query STRING{start-end})
• Provide a year from which to create eight-digit numbers as passwords to check

Other operational modes are not listed. I would like to check all possible passwords with characters from a provided character set. I tried

for i in {a..z} {A..Z} {0..9}; do
    echo "$i" >> dictionary;
done;
./pdfrip -n 15 --filename ~/my.pdf wordlist dictionary;

but that only checked the 62 passwords provided in my word list. I'm guessing custom-query may be able to do what I want, but I don't see any documentation on it.

It would be nice if the default experience was just like pdfcrack, but utilizing multiple cores. At least documentation explaining how to do such a thing would be greatly appreciated.