The general idea of the project is to manage to make one little change and after that the document not seen as modifyed when you go to file/properties/description. I try exporting it in word or powerpoint and after i cnvert i as pdf..Then is not seen as modified but the creator and application is deifferent. THis pdf is made with oracle aplication IT tool and if you use word this is going to change,,,,if you copy the pdf whole bcause everything is the same is being modifiyed...I 'm willing to pay 300 euros if you can get the job done. Thnak you very much for your time! 🙂
You’re trying to fake the metadata? Its theoretically possible, but Adobe’s APIs and scripts will always set the update correctly.
What small change are you planning on making? are you trying to change the creator and application? if so, why?
Changing the "Application" and "PDF Producer" entries in the document properties is trivial, just open Acrobat's console and change the variables:
this.info.Producer = "Something better than Word"
this.info.Creator = "Definitely not Acrobat 1.0"
You can read and "write" the last-modified date via this.info.ModDate but it's pointless to do so, it is always overwritten with the system timestamp on save. The operating system provides that value, so of course if your system clock is wrong...
And you can embed this script in an Action for Acrobat Pro if you don't want to copy-paste in the Console several times a day.
C'mon Dave! You can't be serious.
This user is not asking a naive question here.
I would like for Dov Isaac or any person from Adobe who holds a similar position like Dov to come and read this thread because they would agree 100%.
There is no such thing as a little change in what you're asking.
As mentioned, You're asking how to extract metadata out of a PDF file programmatically, which by itself there's nothing wrong with that. However, what you're really asking has already been addressed as reverse engineering many times by security analysts since 2009.
Dave's answer to your inquiry is DEFINITELY NOT the correct answer on whatever it is that you're trying to achieve.
As I mentioned earlier, this is reverse engineering. You try to come here to asking for something like it is simple when in fact in order to do that requires enough knowledge in trying to fool the operating system's shell environment.
It also would involve a PDF file to be able to interact with the reversed engineered shell extension COM objects in order for Windows Explorer to read and display the fake information out of your PDF when you right click on it and then select Properties from a context menu.
This is also categorized under metasploits, in which, just like you're trying to figure out how to produce a PDF that gives out a fake human Author and a fake program producer, it leads to exploitable bugs that in return lead to other exploitable bugs in the wild.
Such is the case of PDF heap sprays, and/or embedding encrypted PDFs with malicious code inside of a clean PDF to pass undetected by anti-virus software.
Really? So you're probably trying obfuscate a PDF that was generated from an SQL report.
Back in 2012 the Australian Government, Department of Defence approved for public release the "Threat Modelling Adobe PDF" document (DSTO-TR-2730) by Ron Brandis and Luke Steller - Command, Control, Communications and Intelligence Division.
What you're inquiring about is defined in that document as a technique to exploit more Obfuscation Techniques in PDF documents. So consider this THE CORRECT ANSWER!
Save it. You just make sure that your organization is compliant with software licensing. You're gonna need more than 300 euros to pay fines if your organization fails an audit. https://adobeaudits.com/
Last, I already answered to you in another thread my personal opinion about this: https://community.adobe.com/t5/acrobat/scripters-programmers-for-pdf/m-p/11105447?page=1#M254475
Seems like all of a sudden I was the one who posted in a duplicated post.
If an author wants to ensure a PDF file is not "invisibly" altered after creation then they have to digitally sign it. That is the reason AATL members can rake in millions of dollars a year for hardware tokens. If someone is creating a document in one application, and for whatever reason needs to edit the output file, then it is entirely their business what the metadata says - and in this case they are not even trying to change it, they are trying to NOT change it!
Thank you Dave!
I''ll take that as a very kind compliment coming from a well-respected Adobe MVP alpha-male who seems to be suffering from Narcissistic personality disorder.
But who am I to judge your online personality like that, right? Maybe I'm projecting myself too hard, besides I'm no shrink.
But I can say this: it takes one to know one! And who knows... maybe we might've even cross paths in a past life!
Anyway, your very kind compliment just showed me how far ahead in the game I am.
Again, did you just said that???? specially the part that says "no self-respecting anti-virus or firewall software would even bother to look at it."
See the slide below. Maybe handing to you my narcissistic mirror can help pull out the veil in front of you and actually aid you to see the same reflection that I'm looking into:
Ranting ? Another nice compliment!
But if you think that was a rant is because a few weeks ago Thom Parker called me out in another thread and said that what I posted was very innapropriate.
I said that maybe what he was trying to do is possible with a metasploit.
I ask the user if he ever followed a blog (that I follow) from a Microroft MVP who is also a well known PDF security analyst who has developed software tools that allows a user to analyze a PDF and be able to embed an executable file with a sepcific code inside of a PDF.
I didn't even posted the URL, I just mentioned that person's name and the title of the article in that blog where the tools and methods are explained in detail.
Thom said that that is exaclty what we're trying to avoid (referring to the Adobe's developer community as a whole).
He added, that I was encouraging users to develop malicious code and things like this is what gets you banned from the forums.
So even though my contribution in that thread was not aimed at encouraging users to develop malicious code, I reported myself to the moderators and ask to delete that thread. It was deleted immediately.
I assume my post earlier didn't came out right. But look at the slide that I posted above again, please do.
The fact that you actually asked if I think that adding a fake author turns everything into a virus really shows another great compliment. Thank you Dave!
Since now you brought to the forum's attention about XMP (NOT ME!) you should defiinitely look in how XMP IDs and XMP Pivots are used in malware campaigns precisely because of low anti-virus detection rates.
If belittling my input in cybersecurity awareness was your intention, I have to say that you have a lot of work to do in that area. You're not as good as I am when it comes to hurrting other people's feelings with online sarcasm yet.
Look in https://labs.inquest.net and see for yourself (not because I'm saying it) but really read as hard as I have and see for yourself the "garbage" techniques that are used nowadays to discover malware campaigns with reversed malware analysis using XMP.
But overall, perhaps we should take a tour back in computer history and look at how the guy who discovered the Y2K Bug was neglected by the Pentagon back in the 70"s as he was trying to raise security and privacy awareness about that other (and still overlooked) issue.
Your last reply still doesn't answer the user's "legitimate" question.
If you prefer I can post here all the "garbage" links that I spent months in researching which contain the necessary methods and tools for the user to be able to right-click on a faked PDF and have the Windows shell environment fooled in order to display faked file properties.
It is actually the same security analyst that Thom Parker called me out for when I mentioned about it.
That security analyst has already exploited that PDF bug and this question has been answered outside of the Adobe forums.
Maybe I should've said that in my first thread and all this, now a very pointless conversation, wouldn't even take place to begin with.