Extract a crackable hash from a password-protected PDF with pdf2john, ready for John the Ripper or hashcat. For authorized password recovery only.
pdf2john reads an encrypted PDF and produces a hash describing its security handler so the password can be recovered offline. PDF encryption has evolved from 40-bit RC4 through 128-bit RC4/AES to 256-bit AES (PDF 2.0), and the hash records which revision applies. It extracts the encryption dictionary parameters; it does not remove the password or decrypt the file. Use it only on PDFs you are authorized to access.
Input:
statement.pdf (encrypted)
Output:
statement.pdf:$pdf$5*6*256*-1028*1*16*<id>*...
Does pdf2john work on both owner and user passwords?
The extracted hash lets a cracker recover the user (open) password. Owner-only restrictions can often be removed without cracking, since the file is decryptable with an empty user password.
Which PDF encryption versions are supported?
RC4 (40/128-bit) and AES (128-bit and 256-bit / AESV3), covering Acrobat revisions 2 through 6.
Which hashcat mode matches?
Depends on the revision: modes 10400-10700 cover the common PDF variants.
This tool extracts password hashes from encrypted PDF documents for security analysis and password recovery.
Supported Tools: