Didier Stevens

Tuesday 9 June 2009

Quickpost: Make Your Own Corrupted PDFs For Free

Filed under: Entertainment,Nonsense,PDF,Quickpost — Didier Stevens @ 14:37

In response to Bruce Schneier’s latest post, let me explain how you can corrupt your own PDF documents for free. Open your PDF document with a binary editor, search for references to the root object (/Root), and overwrite the reference (36 in my example) with a non-existing reference, like 00.

20090609-181712

Of course, be careful and make backups first.

Tested on several PDF readers:

20090609-181538

20090609-181556

20090609-181919

18 Comments »

  1. Quiz: which not-executable file format be opened as non admin can leads to BSOD?

    Comment by unary — Tuesday 9 June 2009 @ 17:39

  2. Hi,
    This is all nice, but PDFs aren’t really things that people use everyday to create something. Is there a way to make a corrupted Word file?

    wow, i sound like a grownup…. sorry, if this was sorta brief.

    peace

    Comment by Max — Wednesday 10 June 2009 @ 3:52

  3. For Office 2007, that is simple. The fileformat is a ZIP file containing XML files. XML files are trivial to corrupt, just unbalance the tags.

    Comment by Didier Stevens — Wednesday 10 June 2009 @ 8:00

  4. [...] Stevens reagiert und empfiehlt:Make Your Own Corrupted PDFs For Free. Alles was Sie tun müssen: Die PDF-Datei mit einem Hex-Editor öffnenund das root-Object (/Root) [...]

    Pingback by ψ² = Ps(i)² » Blog Archive » Wer hat an der Uhr gedreht… — Wednesday 10 June 2009 @ 9:20

  5. The problem is that any professor/employer with *nix awareness may very well spot the subterfuge using the ‘strings’ command line tool on corrupted MSWord or PDF. Just because the binary header/containing elements of these files is munged doesn’t mean the ASCII text is irretrievable.

    Comment by Ben — Wednesday 10 June 2009 @ 15:46

  6. Of course, if you’ve the skills you can uncover any subterfuge.

    Comment by Didier Stevens — Wednesday 10 June 2009 @ 20:24

  7. @unary As nobody has answered yet: http://kb2.adobe.com/cps/324/324073.html

    Comment by Didier Stevens — Thursday 11 June 2009 @ 21:07

  8. you should have mentioned that there could be more than one instance of /Root and give a hint how to find the recent one ;-)

    Comment by Roman Toda — Friday 12 June 2009 @ 21:22

  9. Wouldn’t it be easier to simply change the file extension of some non-PDF file such as a .exe file to .pdf?

    Comment by George329 — Monday 15 June 2009 @ 17:56

  10. Yes, there is so much to tell about this, but then again, this is just for entertainment ;-)

    Comment by Didier Stevens — Saturday 27 June 2009 @ 21:35

  11. Of course, but why do it the easy way? ;-)

    Comment by Didier Stevens — Saturday 27 June 2009 @ 22:01

  12. by using “tail” etc *nix commands, one can also replace any X bytes with random bytes.

    Comment by vr000m — Monday 29 June 2009 @ 19:10

  13. Interesting. Would you mind sharing an example of your shell-fu?

    Comment by Didier Stevens — Monday 29 June 2009 @ 19:26

  14. Auto corrupting your PDF files…

    A few weeks ago I cam across a blog post which showed you how to corrupt your own pdf files. That post was in response to the interweb ate my homework post from Bruce Schneier.

    Anyhows, Didier’s method is fairly simple. So lets automate it.

    He …

    Trackback by Gl.ib.ly — Tuesday 30 June 2009 @ 16:37

  15. [...] Hiding Files in PDF Documents Filed under: My Software, PDF — Didier Stevens @ 6:28 My corrupted PDF quip inspired me to program another steganography trick: embed a file in a PDF document and corrupt the [...]

    Pingback by Embedding and Hiding Files in PDF Documents « Didier Stevens — Wednesday 1 July 2009 @ 6:28

  16. [...] corrupted PDF quip inspired me to program another steganography trick: embed a file in a PDF document and corrupt the [...]

    Pingback by Embedding and Hiding Files in PDF Documents - Opsec — Wednesday 1 July 2009 @ 17:22

  17. [...] extraordinaire Didier Stevens recently posted this entry all about hiding data in PDF files. My corrupted PDF quip inspired me to program another steganography trick: embed a file in a PDF document and corrupt the [...]

    Pingback by Abusing PDFs « Security For All — Wednesday 8 July 2009 @ 21:03

  18. Hey i found this article fucking awesome and useful!

    lots of thanks! you saved my ass today hahahahah

    Comment by A-lazy-spanish-guy — Friday 30 April 2010 @ 16:41


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 234 other followers

%d bloggers like this: