Author Topic: new tool - PDF Stream Dumper  (Read 4662 times)

0 Members and 1 Guest are viewing this topic.

September 17, 2010, 12:07:34 pm
Read 4662 times

d2

  • Newbie

  • Offline
  • *

  • 2
new open source pdf analyzer

http://sandsprite.com/blogs/index.php?uid=7&pid=57

- supports filters: FlateDecode, RunLengthDecode, ASCIIHEXDecode, ASCII85Decode, LZWDecode
- supports filter chaining (ie multiple filters applied to same stream)
- supports unescaping encoded pdf headers
- view all pdf objects
- view deflated streams
- view stream details such as file offsets, header, etc
- save raw and deflated data
- search streams for strings
- perform various types of manual escapes on selected data portions.
- scan for functions which contain pdf exploits (dumb scan)
- format javascript using js beautifier (see credits at end)
- view streams as hex dumps
- zlib compress/decompress arbitrary files
- replace/update pdf streams with your own data
- basic javascript interface so you can execute parts of embedded scripts
- integrated UI for sclog shellcode analysis tool from idefense. (seperate install)
- js ui also has access to a toolbox class to do a bunch of things (dump to file etc)
- decrypt encrypted pdf files (uses external app based on iTextSharp)
- basic ability to rename obsfuscated javascript functions, arguments, and variables
- can hide: header only streams, duplicate streams (by crc), selected streams

December 13, 2010, 04:48:41 pm
Reply #1

d2

  • Newbie

  • Offline
  • *

  • 2

Finally got around ot making some training videos for it

Feature Overview   (17mb / 40min)
http://sandsprite.com/CodeStuff/PdfStreamDumper_trainer.wmv

Analysis of a complex sample using page Data
part 1 getPageNthWord   (4mb / 10min)
http://sandsprite.com/CodeStuff/pageData_demo.wmv

part 2 URL Decoder & this.info object   (3mb / 8min)
http://sandsprite.com/CodeStuff/pageData_decodeURL.wmv

Analysis of a complex sample using getAnnots   (4mb / 10min)
http://sandsprite.com/CodeStuff/getAnnots_demo.wmv

Demo of the new Sample Database Search Plugin (4.5mb / 11min)
http://sandsprite.com/CodeStuff/database_search_plugin.wmv

Video for plugin developers and script writers (7mb / 17min)
http://sandsprite.com/CodeStuff/PDFStreamDumper_automation.wmv

shows some new js_ui features on an arguments.callee encrypted script (6mb / 14min)
http://sandsprite.com/CodeStuff/Encrypted_Script.wmv