Eltima Recover PDF Password
Company: Eltima Software
Product: Recover PDF Password
Price: From $39.95
Shortly after my SWF Protector 2 review, Eltima Software contacted me and asked me if I’d be interested in reviewing their Recover PDF Password software in exchange for a license. I required the services of such a tool just a couple of months back and at the time I used a 50-use trial from another vendor, so I knew that this was something that could come in handy.
I installed the application without any problems, though as it uses the same registration format as SWF Protector 2 it’s probably susceptible to the same issue if you happen to not put in the correct serial.
When the interface opened up, I was surprised to find that this tool is actually a brute-force password cracker rather than a password removal tool like the one I used a couple of months ago. Why would you need to spend time guessing a password if it can simply be removed? How curious!
The answer as I discovered after a little research (I don’t tend to use PDFs much in my line of work) is that PDFs have different layers of protection. There’s a “user password” and an “owner password”, and the “user password” protects against the opening of a file, printing and even copying and pasting of text and graphics, whereas the “owner password” protects against making changes to the document.
The PDF I unlocked two months ago only had protection against copying text – I was able to open and view the file without any problems, so obviously that aspect of the “user password” had not been used and as such the file was not encrypted. Because the file wasn’t encrypted, the tool had been able to simply change a couple of bytes to disable the requirement for a password and had unlocked the printing ability for me pretty much instantly. However, had the file been protected against opening – and therefore been encrypted (128-bit AES encryption by default) then this tool would not have worked and the only way round this is by brute-force – which is where Recover PDF Password comes in.
I created a PDF and set the “user password” as “t3st”. I opened it in Recover PDF Password and as I knew the password was made up of lower-case letters and numbers, I selected numerals and lower-case letters from the options. Of course, if I really needed to use this tool the chances are I’d have no idea what the password was and as such would have to tick every box on there (including upper-case, special symbols and spaces), which would dramatically increase the time taken to crack the password as the number of potential combinations sky-rockets. The default length of the password to crack was 1-8 so I left it at that.
On an Intel Core 2 Duo laptop clocked at 2.2ghz, the password was cracked in just over a minute. A popup window informed me that the password had been cracked and it also told me what it was. It then asked me if I wanted to save a new version of the file that had the password removed.
I decided to test again but with every combination ticked to see what difference it made to the time, and as expected it was significantly higher at 58 minutes.
It’s important to note that the fact that it takes so long to crack a password this way is not down to any shortcomings with the software – there are just so many combinations of passwords that it naturally takes time to check them all. Even a password of 4 characters in length has over 78 million possible combinations when using all of these different characters (as a comparison, when using just lower case letters and numbers there were only 1.7 million possible combinations), so that the password was cracked in just 58 minutes is actually pretty impressive as it gives us a rate of around 22,500 password tries every second (maximum, though the real value will most likely be less as it’s unlikely that it had to try every single combination before arriving at the actual password).
There are more advanced options as well, such as being able to specify patterns within your password such as “pass??rd” where only the question marks are tested, but again this would only be useful if you already had a good idea of what the password was but I’m suspecting that in most cases you won’t.
I personally use much longer passwords than my test 4-character example when I’m trying to protect something though, and in the event that I’d have to brute-force my way into one of my own files I’m guessing it would take several days if not weeks. Again, that isn’t a problem with the software – it’s a problem with the method used, but when a file is encrypted with 128-bit AES encryption this method is really your only option.
After your file has been cracked it’s added to a history tab so that you can keep track of your passwords without having to have them cracked again, assuming of course that you don’t simply save the cracked version instead.
So, to round up if you have a PDF that you can open but it has limitations like not being able to print or copy/paste the text, your best way forward is to use a simple password removal tool as there’s no point trying to work out a combination on a lock if you can just break it off. On the other hand, if your PDF won’t even open without a password then a brute-force crack is your only option and in this case you need Recover PDF Password from Eltima Software.
Marks out of 10? Well, the software does exactly what it’s supposed to do and does it well. Brute-force cracks are always time-intensive due to their nature so it would be totally unfair to mark a piece of software down for not being instantaneous (though from experience this is what a lot of people expect from their software no matter how complex its task, simply because they don’t really understand what’s going on behind the scenes). Perhaps on a geek level it would be nice to know exactly how many combinations the tool had attempted before your password had been cracked, and there are a couple of instances where the software would have benefited from proper translation (when you save the cracked file the message says, “The file is written down successfully”), but for a tool that works through 22,500 password combinations every second in an effort to reunite you with your work, these are very minor gripes.
9/10
Recent Comments