Bypassing primitive PDF DRM

When I downloaded a PDF off my university online library, I quickly noticed that it comes with some form of DRM. The file is a direct download, and not through Adobe Digital Editions (a common platform for sharing copyrighted contents). I wanted to see how it works and what it takes to break the protection.

Warning!

Before we get started, let me point out that the DRM is there for a purpose and removing it may not be legal. This exercise is done for educational purposes and is not intended to be replicated. I do not use the ‘unlocked’ PDF myself.

Intuition

What seems interesting about this protection is, there doesn’t seem to be any form of encryption involved. While Adobe Acrobat opens the unexpired document fine, other readers pulled up the expired screen on a freshly downloaded copy. This seems to show that the PDF comes with the ‘expired wall’ on every single page by default, but it also contains some sort of script that removes the ‘wall’ if it determines you have not gone past the best before date.

Javascript

Knowing that PDF in general supports Javascript, I turned it off in Adobe Acrobat and hey presto, I can no longer view the document! It’s time to dive into the code!

The following code is found in the PDF document:

Analysis

Wonderful! The code is not obfuscated, and it is quite clear that the following code is responsible for the giant monolithic ‘expired wall.’

If the code determined that the PDF is past the expiry date (‘5,’ my guess would be days), a BoxField  is shown (and presumably blocks the whole page).

Let’s see what this HasExpired  function is doing.

So it’s confirmed: 5 refers to the number of days since the Modified Date of the PDF. If the document has been downloaded more than 5 days ago, HasExpired  simply returns true .

Breaking the protection

To get around the restriction, I could simply let HasExpired  to always return true , or modify the CheckDoc  function to skip the checking. I decided to go one step further and clean up the backend: to remove the whole JS entirely.

The remaining issue is the ‘wall’ itself. Without the code to hide the expired message, you’ll get it every single time. After a little digging, I managed to find out what I’ve been affectionally calling the ‘wall’ is actually a form field. Multiples, in fact. As expected, there’s a field on every single page!

Removing all the forms is quite straight forward. Adobe Acrobat comes with ‘Protect’ tool which offers to wipe all fields for you at one click.

And there we go! Simply save the document and the protection is entirely removed.

Conclusion

While it is much less annoying to distribute your contents without going through a platform such as Adobe Digital Editions, it is less secure too. It is quite interesting how the protection is implemented, and I hope you too find it intellectually satisfying as this post comes to an end.

If you have any similar experiences, I’d love to hear it in the comment section below. Until then!

Leave a Reply

Your email address will not be published. Required fields are marked *