scripters/programmers for PDF

New Here ,
May 04, 2020

Copy link to clipboard

Copied

The general idea of the project is to manage to make one little change and after that the document not seen as modifyed when you go to file/properties/description. I try exporting it in word or powerpoint and after i cnvert i as pdf..Then is not seen as modified but the creator and application is deifferent. THis pdf is made with oracle aplication IT tool and if you use word this is going to change,,,,if you copy the pdf whole bcause everything is the same is being modifiyed...I 'm willing to pay 300 euros if you can get the job done. Thnak you very much for your time! 🙂

Most Valuable Participant
Correct answer by Dave Merchant | Most Valuable Participant

Changing the "Application" and "PDF Producer" entries in the document properties is trivial, just open Acrobat's console and change the variables:

 

this.info.Producer = "Something better than Word"

this.info.Creator = "Definitely not Acrobat 1.0"

 

You can read and "write" the last-modified date via this.info.ModDate but it's pointless to do so, it is always overwritten with the system timestamp on save. The operating system provides that value, so of course if your system clock is wrong...

TOPICS
Acrobat SDK and JavaScript, How to

Views

1.1K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

scripters/programmers for PDF

New Here ,
May 04, 2020

Copy link to clipboard

Copied

The general idea of the project is to manage to make one little change and after that the document not seen as modifyed when you go to file/properties/description. I try exporting it in word or powerpoint and after i cnvert i as pdf..Then is not seen as modified but the creator and application is deifferent. THis pdf is made with oracle aplication IT tool and if you use word this is going to change,,,,if you copy the pdf whole bcause everything is the same is being modifiyed...I 'm willing to pay 300 euros if you can get the job done. Thnak you very much for your time! 🙂

Most Valuable Participant
Correct answer by Dave Merchant | Most Valuable Participant

Changing the "Application" and "PDF Producer" entries in the document properties is trivial, just open Acrobat's console and change the variables:

 

this.info.Producer = "Something better than Word"

this.info.Creator = "Definitely not Acrobat 1.0"

 

You can read and "write" the last-modified date via this.info.ModDate but it's pointless to do so, it is always overwritten with the system timestamp on save. The operating system provides that value, so of course if your system clock is wrong...

TOPICS
Acrobat SDK and JavaScript, How to

Views

1.1K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
May 04, 2020 0
Most Valuable Participant ,
May 05, 2020

Copy link to clipboard

Copied

You’re trying to fake the metadata? Its theoretically possible, but Adobe’s APIs and scripts will always set the update correctly. 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 05, 2020 1
Adobe Community Professional ,
May 05, 2020

Copy link to clipboard

Copied

Hi,

What small change are you planning on making? are you trying to change the creator and application? if so, why?

 

Regards

 

Malcolm

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 05, 2020 1
Most Valuable Participant ,
May 05, 2020

Copy link to clipboard

Copied

Changing the "Application" and "PDF Producer" entries in the document properties is trivial, just open Acrobat's console and change the variables:

 

this.info.Producer = "Something better than Word"

this.info.Creator = "Definitely not Acrobat 1.0"

 

You can read and "write" the last-modified date via this.info.ModDate but it's pointless to do so, it is always overwritten with the system timestamp on save. The operating system provides that value, so of course if your system clock is wrong...

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 05, 2020 2
Adobe Community Professional ,
May 05, 2020

Copy link to clipboard

Copied

And you can embed this script in an Action for Acrobat Pro if you don't want to copy-paste in the Console several times a day.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 05, 2020 1
Adobe Community Professional ,
May 06, 2020

Copy link to clipboard

Copied

C'mon Dave!  You can't be serious. 

 

This user is not asking a naive question here. 

 

I would like for Dov Isaac or any person from Adobe who holds a similar position like Dov to come and read this thread because they would agree 100%.

 

  • The general idea of the project is to manage to make one little change and after that the document not seen as modifyed when you go to file/properties/description. 


 There is no such thing as a little change in what you're asking.

 

As mentioned, You're asking how to extract metadata out of a PDF file programmatically, which by itself there's nothing wrong with that. However, what you're really asking has already been addressed as reverse engineering many times by security analysts since 2009.

 

Dave's answer to your inquiry is DEFINITELY NOT the correct answer on whatever it is that you're trying to achieve.

 

  • I try exporting it in word or powerpoint and after i cnvert i as pdf..Then is not seen as modified but the creator and application is deifferent. 

 

As I mentioned earlier, this is reverse engineering. You try to come here to asking for something like it is simple when in fact in order to do that requires enough knowledge in trying to fool the operating system's shell environment.

 

It also would involve a PDF file to be able to interact with the reversed engineered shell extension COM objects in order for Windows Explorer to read and display the fake information out of your PDF when you right click on it and then select Properties from a context menu.

 

This is also categorized under metasploits, in which, just like you're trying to figure out how to produce a PDF that gives out a fake human Author and a fake program producer, it leads to exploitable bugs that in return lead to other exploitable bugs in the wild.

 

Such is the case of PDF heap sprays, and/or embedding encrypted PDFs with malicious code inside of a clean PDF to pass undetected by anti-virus software.

 

And just like JR_Boulay mentioned in another thread the other day, to be able to add mass amounts of lines of garbage to document level javascripts so that they're not easily parsed, copied, nor analyzed.

 

  • THis pdf is made with oracle aplication IT tool and if you use word this is going to change,,,,if you copy the pdf whole bcause everything is the same is being modifiyed...

 

Really? So you're probably trying obfuscate a PDF that was generated from an SQL report.

 

Back in 2012 the Australian Government, Department of Defence approved for public release the "Threat Modelling Adobe PDF" document (DSTO-TR-2730) by Ron Brandis and Luke Steller - Command, Control, Communications and Intelligence Division.

 

What you're inquiring about is defined in that document as a technique to exploit more Obfuscation Techniques in PDF documents. So consider this THE CORRECT ANSWER!

 

  • I 'm willing to pay 300 euros if you can get the job done. Thnak you very much for your time! 
     

     

Save it. You just make sure that your organization is compliant with software licensing. You're gonna need more than 300 euros to pay fines if your organization fails an audit.  https://adobeaudits.com/ 

 

Last, I already answered to you in another thread my personal opinion about this: https://community.adobe.com/t5/acrobat/scripters-programmers-for-pdf/m-p/11105447?page=1#M254475

 

Seems like all of a sudden I was the one who posted in a duplicated post.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 06, 2020 1
Most Valuable Participant ,
May 10, 2020

Copy link to clipboard

Copied

You're talking garbage. The XMP metadata packet for a PDF file has never been, and never will be, anything sacrosanct. It's "faked" billions of times every day, by software that lies about its name or version, or simply because the computer clock is wrong. Incorrect XMP has ZERO, repeat ZERO security risk, it cannot ever include executable code and no self-respecting anti-virus or firewall software would even bother to look at it. I have no idea why you're ranting on about javascript and government reports, it's utterly irrelevant to the question, which was perfectly legitimate. Or maybe you think that merely adding a fake author name turns everything into a virus? In which case show a birth certificate for "ls_rbls".

 

If an author wants to ensure a PDF file is not "invisibly" altered after creation then they have to digitally sign it. That is the reason AATL members can rake in millions of dollars a year for hardware tokens. If someone is creating a document in one application, and for whatever reason needs to edit the output file, then it is entirely their business what the metadata says - and in this case they are not even trying to change it, they are trying to NOT change it!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 10, 2020 0
Adobe Community Professional ,
May 10, 2020

Copy link to clipboard

Copied

  • You're talking garbage.

 

Thank you Dave!

 

I''ll take that as a very kind compliment coming from a well-respected Adobe MVP alpha-male who seems to be suffering from Narcissistic personality disorder.

 

But who am I to judge your online personality like that, right? Maybe I'm projecting myself too hard, besides I'm no shrink.

 

But I can say this: it takes one to know one! And who knows... maybe we might've even cross paths in a past life!

 

Anyway, your very kind compliment just showed me how far ahead in the game I am.

 

  • Incorrect XMP has ZERO, repeat ZERO security risk, it cannot ever include executable code and no self-respecting anti-virus or firewall software would even bother to look at it.

 

Again, did you just said that???? specially the part that says "no self-respecting anti-virus or firewall software would even bother to look at it."

 

See the slide below. Maybe handing to you my narcissistic mirror can help pull out the veil in front of you and actually aid you to see the same reflection that I'm looking into:

 

dave.png

 

  • I have no idea why you're ranting on about javascript and government reports, it's utterly irrelevant to the question, which was perfectly legitimate.

 

Ranting ? Another nice compliment!

 

But if you think that was a rant is because a few weeks ago Thom Parker called me out in another thread and said that what I posted was very innapropriate.

 

Another user was having difficulties executing a bacth script with BVScript and figuring out how to execute it with Adobe JavaScript inside of a PDF.

 

I said that maybe what he was trying to do is possible with a metasploit.

 

I ask the user if he ever followed a blog (that I follow) from a Microroft MVP who is also a well known PDF security analyst who has developed software tools that allows a user to analyze a PDF and be able to embed an executable file with a sepcific code inside of a PDF.

 

I didn't even posted the URL, I just mentioned that person's name and the title of the article in that blog where the tools and methods are explained in detail.

 

Thom said that that is exaclty what we're trying to avoid (referring to the Adobe's developer community as a whole).

 

He added, that I was encouraging users to develop malicious code and things like this is what gets you banned from the forums.

 

So even though my contribution in that thread was not aimed at encouraging users to develop malicious code, I reported myself to the moderators and ask to delete that thread. It was deleted immediately.

 

  • Or maybe you think that merely adding a fake author name turns everything into a virus? In which case show a birth certificate for "ls_rbls".

 

I assume my post earlier didn't came out right. But look at the slide that I posted above again, please do.

 

The fact that you actually asked if I think that adding a fake author turns everything into a virus really shows another great compliment. Thank you Dave!

 

Since now you brought to the forum's attention about XMP (NOT ME!) you should defiinitely look in how XMP IDs and XMP Pivots are used in malware campaigns precisely because of low anti-virus detection rates.

 

If belittling my input in cybersecurity awareness was your intention, I have to say that you have a lot of work to do in that area. You're not as good as I am when it comes to hurrting other people's feelings with online sarcasm yet.

 

Look in https://labs.inquest.net   and see for yourself (not because I'm saying it) but really read as hard as I have and see for yourself the "garbage" techniques that are used nowadays to discover malware campaigns with reversed malware analysis using XMP.

 

But overall, perhaps we should take a tour back in computer history and look at how the guy who discovered the Y2K Bug was neglected by the Pentagon back in the 70"s as he was trying to raise security and privacy awareness about that other (and still overlooked) issue.

 

Your last reply still doesn't answer the user's "legitimate" question.

 

If you prefer I can post here all the "garbage" links that I spent months in researching which contain the necessary methods and tools for the user to be able to right-click on a faked PDF and have the Windows shell environment fooled in order to display faked file properties.

 

It is actually the same security analyst that Thom Parker called me out for when I mentioned about it.

That security analyst has already exploited that PDF bug and this question has been answered outside of the Adobe forums.

 

Maybe I should've said that in my first thread and all this, now a very pointless conversation, wouldn't even take place to begin with.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 10, 2020 0