Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Decompress FlateDecode Objects in PDF
#!/usr/bin/env python3
# This script is designed to do one thing and one thing only. It will find each
# of the FlateDecode streams in a PDF document using a regular expression,
# unzip them, and print out the unzipped data. You can do the same in any
# programming language you choose.
#
# This is NOT a generic PDF decoder, if you need a generic PDF decoder, please
# take a look at pdf-parser by Didier Stevens, which is included in Kali linux.
# https://tools.kali.org/forensics/pdf-parser.
#
# Any requests to decode a PDF will be ignored.
import re
import zlib
pdf = open("some_doc.pdf", "rb").read()
stream = re.compile(rb'.*?FlateDecode.*?stream(.*?)endstream', re.S)
for s in stream.findall(pdf):
s = s.strip(b'\r\n')
try:
print(zlib.decompress(s))
print("")
except:
pass
@techkuz

This comment has been minimized.

Copy link

@techkuz techkuz commented Aug 19, 2017

It actually worked. Cool, man. Thanks!

@bmwiedemann

This comment has been minimized.

Copy link

@bmwiedemann bmwiedemann commented Aug 22, 2018

only the first line is wrong. works with #!/usr/bin/python

@Mitmischer

This comment has been minimized.

Copy link

@Mitmischer Mitmischer commented Dec 1, 2018

You must add b before the strings to make it work with current python. Other than that, works like a charm!

@Jonaphant

This comment has been minimized.

Copy link

@Jonaphant Jonaphant commented Jan 11, 2019

Where exactly does the "b" need to be added?

@jsawruk

This comment has been minimized.

Copy link

@jsawruk jsawruk commented Jan 15, 2019

@Jonaphant: In the regular expression definition:

stream = re.compile(rb'.*?FlateDecode.*?stream(.*?)endstream', re.S)
@karan-ta

This comment has been minimized.

Copy link

@karan-ta karan-ta commented Feb 23, 2019

on one of my pdf file - I get this error
zlib.error: Error -5 while decompressing data: incomplete or truncated stream

only 3 out of 4 pages are compressed ...

@johnebgood

This comment has been minimized.

Copy link

@johnebgood johnebgood commented Mar 5, 2019

I also needed to add a 'b' to the newline removal: s = s.strip(b'\r\n')

@vipercommand

This comment has been minimized.

Copy link

@vipercommand vipercommand commented Jul 23, 2019

can someone decrypt this ?

lateDecode >>
stream
xœí[K��·�¾Ï¯èC�–cwX|30 èiÀ@�Šdäàø ¬$KðîÖ��þ}¾¯Èž&{fG+geû 5ä�a5‹ÅâWOöþº“É࿯ù+{™s.ÓÙÅî×6.Sps���‡Q3y;�iÏšé;üûygæRL,ÙZ}L¿&ã¬ãœÙI0ø‰œ#³1Åå"õÉöÕ›úµ2=ÁL�á/p²eÎ1•�õÁóq ¤ÙZW0Õ‚d�¾s‹ݿv—º‡aª$�?®l—�7�ïAŠe��ç˜L))‚æä#�ɃçdñTöi œ�™™c�³Pdœ#�ÚÆœ��¾ÌÑض
¤ ÁC}9€ó\¸bI–ÌÄÏÁAµ.F2ËIð˜å�|‰��7•9:¬W�Øš8�qxÄH?�N�Œ…¢dÛSJ�ÒÈ4êFŠ
•óTâ,9�ãM¡J õZÀôlWüœ%cF¢�sJš�˜b��±´ªªè� SÁg2Jâ‡ñ³].³Ç^M±y ä<‹ F �.à�DÊØ�ÆÞ,Ÿ�d¡&Ý A�N~�g¡Œ”§4�¥€¨ ú��L>N ºã.±›dg��Kè‡Ïv�S¥¡ #DKŽ�a��ꨟ�ôæ�¡ÈÃT½q˜š�qN�êŠ�3Ï.‘€S†­9â*y�Ÿ¤2ú<ù‚�öTœë‡Ïv>ÍFˆ–�†çý�c ÷€­z���±ÑcÑ�³ÍØ��T”
LY?�¨ØTöÕL��ÂV�.ÁL�”�Ô��ÿl�s0–Œ�}ƒ
3¸ñ›��œ Ù¥a8��ÄMŠœ=�ræò1óyQÝEÁ0Õ¯V¡Ã�Ê�–bR“ÛâHSTYñtT&“u³å‰–Ì]æBÕÚ ¶hyúÆ…n��/Ð>�jc7.4i¢�ð…îm“�†f=å��#”YÝ�ì�ºi
LH
0�˜Nç�EÄ1Ý_ö´¬¨�Û�Ç0;}¸Ôq_÷hZyaƒoÐ@äÑ�GмÀtTÛ°ÍæÛ �¨&X*ÄðH%è�” ¾Ê’q–„Ù �_� Bæñ$Ø�,9©§�“�|�q�Ý0œgCñ’sÊfO d,Ä��Ñ{�=L;�§Ö�žeª'!ºh?ŒÓŒ ?øÀo��g ¿T¤ù +¢üX €´4�‡½x7ÓèaÆ”'Î&ƒà��0 ¾mØãÈx4�®+˜ÙÐÏF_È49�ˆMã8N$À�ºC Å •ˆD�wÜrÄjpˆ�œ$I�oF«–�2m ú €�lªxx» pëTž“�›,}?¸â �/�wß�Ã�ÑW.Òv”�“RÜ‘+ ÃÃ�<œAŒðŽÍIÑìO�œpŠÜ��˜�Ç�šÂ�pDŸ� M�\có� ŸmSx?~¶K…ᬮÑS²›�íÂ�¬Ø)£@‰8#øâÀ�d¼‚ ��²��Ž Sçî(�(>Ñ}BZŒs�ìº�)wí�ý}ˆ3Ö�ã�Afv43j°§�X“,3x^®®€æÕ aó„S°”‰xBøó–§ê�*ÙP± y-î‚�v†�¬o�–ðð#�±ZOŒ.ÄŽsàã¤�Êeµ"ƒ�;Fëž »s„¹ÏI½NOB( ÁóÐH %Á�Ô§®"ã‹5Ô#"�]DJKèÇüB�Žé–§F�#dÕ¥=ÈZJ$ƼŸ®L•Î�O=ß=üý�8a�Ê$�9”uÍ:…NE‘&\j …5£â¢Àg¸b°cr®É›�P•óö$ » [�ÒIÂ×@Üù|šÔ�"Z)éÈ^*é�Ö2Q‚¼×ˆóUk�yt%ßá'ÏU‘�£O&ðöc˜å„ž3÷�HA4 ¥;¦ã�j‘� �Tvp_-Ý>A��Ú�2ã…�é�‰é É3”Ãrྲྀ áé´R8��Q•»Š¢ÀÉüÌðÙHÌL‚Ø“¤
C�L¸ øÅ“¤¦§\Bcxp<•ôG�ç³y
6ÏÏæù§5O؈°Øg¼G�Êt–õÎÅHa
Ý
2�ü‘醷‰{1±�“ȃ��HK0{�;
�^ J@9Ü“�…aÏ�'èP2.m‡�P§µµýìs+å´ÓM¬‰µ°) 5锩„–ýõü‘G‚ÌB­lDÊÂ�¢æL=%¡´\r) Â·23¥Zýëº("™<#�b2œPND�Ë@9�)ð�™E�ñ[ »*:ÇN)²’çŽì*� Š„ ŸuY³Íý8VwìÉ´ÎR?�XL©ömx¬Ò2Ê�$û9¶’›eo&Ì-SqPÜ’r��¡j S‚�õš?ûa�”�Ù)XÜF¦ÈD×S…ã.0nX”Ãͨ÷LRë}”2�nš��èÉhgEeŠ2{¡¸.±þ�ÜEq4ÑÈZ›í‰�7�”RÈKY„�&ªµ;�l¥��Ì%5x£Õ?Î�%Œež+¡�„jpÚžÑ�ÁG�ÆÏv�­&ÂÍäq†ÔÏ¡zÊ�[уâP� ¢?®­2Ô‰e.l1„¤K¤”jËÈÃ�”Ñ�„¶ � �ã9nDòlDaCi$°‚ñ˜��T�p<�Ç�oEŸžEmõ šf�©U¢0½D8
õÚ�
À¬ýŠ°! ñŠ:œ
pí-�T”º¨�¤öˆœŸi��-õÃXز£H‰òð¼YkÍž{7ÜI�6��Ÿƒ¶�"Ä„ŸÔ’��FñãD[?Ú³J4xÔôt€€91­}‹@�åD�Rv9�í!íW€†bÍ�Xð'bK8(ŒŠFc�ò�æ#Zg¥EÎaœÍDÂW+Æž�îp�ÑÔó‡c6j·ê‹ �ˆêìǵ[f™;¹
Æ�Wp@�›gÚ6‚
³¢4tëð�ý88å
L�Âu˜�§ë™(Ác 5˶Öû㸩�
£ž¡§�[«ºí\ÕÈ]›�Rȉþ�¥x�Âça�z�4é–œ��em£(�í©¹~�ÚŽ±õ¼�N:BªÑ[}²�[÷PX„khá�p:–Nϧ¶Ë\c+v†}Ò�p\„]¦Ž�0ˆ;;'¡öØÃbëºy\ž�£­çh�&�©ô£Ž��íºµÓlã�~—¨€ïáfÔÐ�^Ç^Y©ðR­WíôÃP[·ô€ m�m–c/

� ±§W¸)Köë0ãym¹Ùè{BÓ¦>îè÷kÔ臑x�vˆ´�Ø�ÒÚC�4ûHÄ&^lãØ�Ü�ý´�ÆU;k�¦ŸQj� 8G—W÷ªN‚��t�)Ñ¥2F4÷±P€ˆØZlç#…
Û¬�“nK›Ä.
K«Ÿ“Z{ŒÂªct ƒ›�ô£íÐ:þÝh'OsÔ� �rЦ?äÔ¦�å Ü¿^´8�Œ��Ž]Vö¶ñ”YzIJ©þ�i�çSËŒ$�7‰
³�FQ�¶œf3�›C�´êiâx�ˆ˜‘É|B@ë×�Æá–ƒöØ}�±+%®u�c¯£L9�ÞÙOf��Xõy<ƒq‰Äg Lž·S¬7prpåÚ¦¶Y÷­þ¨V"@�o$5UD®Àöoª—Lôž
Z6gaYlÿf¯Ù^QëC|ĸ+í²�ã�¼­�TÆþ¥®¢]2�Ã1qFZrszúĵ�6žKjM^xÕh!Ú¿�È�ôø°+/@cËr -�ž¡ÞI²™IŠj�íRæ�´�Þ_U� á‰ì��„œn�+ÀŽx®�rt�,€43BXhh$¼,®�Kï×]�ã�!ï�è ™}ñZ@“?ïÙؤ…öª§�4�æ¶Ý˜6Ä=O ¸Ø�Gxl"•��o�rË3£ƒgÃ�;䙼�c36Ô&6tË;¹ÚçdýÏvñy7^í…™š�Ç3ÛË�Çóȳ±��™\¥��2$KÔdà†Ü0®õ‚¡_÷Û��ø£
�Ý +ôã�DàÔQè�èØ£0×�Å�Ø��͆‚�Ù�×�Mx�ÞQf^¨Á…0�7¥Y:Æ£Ó�J€“"Á�ãpÞÈué�P���ThŽÝlÞLºv;êy%�’�šÂ
˜�yô)R#lÅ/ºÂ GÏ��ý�©�ËŠ�–�Ã�© IÓF
á-0@““�7"Z^z†M¯±€^ ™-�‰ˆoËŸíF’ƒ¶aW)¤v=¿l’Q’ñÃ�-Ž�ó ïì@ 3<…ÚÍ�çô�h‰y¹'¡mSͺ'0 #¼��%ºÍ�©w�0QÆ�”™õ�l .�ó�Ÿm»¥�§ }?�j3ÌóÊ)2‹$IkcÄè¾;@´¶�xU?�×���Mj�¾ÊœêÅÈ�Q©7§™wŠ��86t�pŽT™-R�·~�y›&ðÀqµ‰•âê��à���A�Œºsçšêz‘4 ´ v¶ËЉi­-ö�õŽ[_DÈš”Ù1¡�Æ�‰zŠ35[GB2a��^Í�¹ç¥Õu•–¨Ázˆ¢�Å,JÚÅꅾʡ/NhÔ�¸˜½r}�%Љò Ù¯âÙ�ÔÌnM!«Àü¯#��f �Ã� �…Sí6°lÑ»%W û�\:Áή’xé{=Ô÷ˆî<Þýí��tfzü|xC‰×ƒ¦^—>¾˜~ü��ïóLêo½ÍVuÖßZÓ‘ÎbÖ~ûÓôøûž[)‡Ü4Pò<¨:�~•›>Gî�ê˜Þ Ê�«_±²n)ov$È©…Í�'{!ô�ƒÛ̸Ú?i‚ÜÝ,�Úg t§=‡gä�Ÿ=Ø.û‘�KÝoKq�±.'�*+…Œo{ã÷&†Þ_¶ñåYÉ�&•¦"øC�œ«o/�øÉ&�»6‹Ê¸�Ýͽ¶ÓÒvæWš¹_ÙÞ�¬}Òå�4K;‰¾{/m�$Ôi~P{†ýŠ6À¬Ö4Z� Õ D_üãÕåÛ�çï§7oŸ¼}vñìòí-]ŽY�¢ÖÏ•ß�L„aË[|1êɃ¾ •ª’¿x´ð™žâÃß�70ÚOç=�*§¢÷§�ó§ïŸ\¾{òú=(_MÌ¥o­Û§�z%Àíbg©6ˆ��¾Å�=•�T;Ë~��Ù�d†K»�WI�¿xrùËôþÕ»éù«×Ó»7//�ž�ýòþ?ÏÖ=)ÆË–“£¾mMq–S׶Ê� �奖�Ç焆„fâêË�p�|¹Ù�¿—ú]?ß®óì�úo™£F�*�ãœKä-F¯ oó•×bÜ©Ž)"mGã³w�‚Ó!ø�Ícj8ªŠî  £óî5ß²¸‡»[#iã÷:_�Ûö�ÿÖ�ÚuT±WßâfR{¶³{UÏòL[ËÞ�e²�F¾�¯ž¯6’›\ËØ^Ö;ãÑÖ7IêsôM½«TçR62ÛN'‹ÃÙ¬¡|e}F×{°>»ßËí>ê|Ûì€�÷º3p˜¤önrf‡îÈqî½x:­ºåÈ«¸{?¸ò�w‡ Ê�™¯�V&�kÔ0½~6=�Âëh§>ñ �AÎa®�òî�ÇÜ¡‰£R�žÿB�Ãt÷ÕÅŻ˗gOÞ¾|uùfz4ÿ�eûüz>Ÿo­1qd&ô€Ì8#�‰-ßoŽØŠ°·Â��Ëû£3b�›†´Ø"ž�ÂfÀ2ªÙÙõ(œë¬FÖ£R¤÷‘²ñf$uÚf�霻?Î�|khuX�¹›]á,Öw›„¯q]á�÷˜ßêÅGmüçêõô!�“·3’Y˾£3¤Jmï�[�EcƒÚòZêÄz›ÐÝ‚“E}��õ6/š��Hµ¼fÎ��J9g7 2­•í7^_wß�ߌþÿŤ/zÏ9"•þn÷ãO��
Ê�÷œ·\�©œë(¯mU ýp®�†Åôë©u�‡
˺RŸ°l3_¾ä½¼(¨öu�ÉÄ­£ÚTÖWªÍ²R¬•òö«
Ò
|Œæ�øTÕuÃWènxâzÊÛ2­‹
É`4(¹ä3vŽcç‡7Ïž�ÅŽc Éî³Þ 7½+�%�Ûhðñ>ë]“W‹ú�…-ÿˆaûü—ÇÕ�ø�{ø¬î¯µå�8Ì�(�ªïŸW9;Ï»5ˆðYƒÂJV/Øù� [�Þ¾xõn©d»x]ß Ê)�AìqÈ�½��UýéÔz²�„ú4h[ͦ}‚áÌØ�Ò–Æñ¤£†ÉÃÝ|ÒˆxÒM»Í�ü�Y�’<ù�?_M?\¾|ûìé¤í„7GÏf‰z¿ë ÍþcÏèx�¸„ž?�ðtH¾õ—�mƒ™9ëˆr|;͵ÿi¶“ê�ºñ½¼#›i%»YJçÜþÝkEу+ûn‹�þCÜÂaÐîþˆkkN�™x�q…Wó®Š�ÚãØ�ð8�+�s�ö†\Á~±�˜é‘��6Ók1�LèÈ�×3¡k-ÕÁûÈBÿ?¼?|j=ô¶Çw�zñwƒÞÁJ׃^69e÷±Ð‹Ÿ
z×b|3лÖRŸ�z�>µß ½|“Ћ§ w°Ò§„^þTл�ã›�Þµ–úÔÐûð©ýfèñÏ'o {bNaïp©k‡\›ÊÇ‚o]í¦Ñw=Î7�¿ë­õqø[®³¯�¿kœÜ‡ hÌp_úp÷?�cÅõ
endstream
endobj
11 0 obj
[
10 0 R
]
endobj
6 0 obj
<<
/Resources 3 0 R
/Type /Page
/MediaBox [0 0 595.275 841.889]
/CropBox [0 0 595.275 841.889]
/BleedBox [0 0 595.275 841.889]
/TrimBox [0 0 595.275 841.889]
/Parent 1 0 R
/Annots 11 0 R
/Contents 12 0 R

endobj
13 0 obj
4620
endobj
14 0 obj
<<
/Type /FontDescriptor
/FontName /EAAAAA+ArialUnicodeMS
/FontBBox [-1011 -329 2260 1078]
/Flags 33
/CapHeight 715
/Ascent 1078
/Descent -329
/ItalicAngle 0
/StemV 0
/MissingWidth 500
/FontFile2 15 0 R
/CIDSet 16 0 R

endobj
15 0 obj
<<
/Length1 34412
/Length 21 0 R
/Filter /FlateDecode

stream
xœ¼½ \•UÞ�Îyžç>wßW�¹—+‚¢¢ ,Fyqƒ2ËqÅ������AÑÔÔŒÁ¥2SÃ¥)kLm3�S²,3M[lŸ´uš&³fr¦·Í¦äòÿžs/ˆæ¼ï¼ÿÿçýßÇßÙž³þÎo=ç‰�%„�É
"‘Ð�cÓÒç�9ô�!×Ý‡Ò 3�Öú¯��3�é×QiÑÌyes��P¹“�Ó0BÔYes�Ï,�dÃB\w�2P_^Z\rò_l�Úÿ€6™å(°ß¥Ï#ddoä»—Ï­]tnž�mGŽFþã9U3Š‰²¦–�g�òŸÍ-^4Ï�ÖÝNÈõ¼¾¿²xnéSãc¶#�=ÆÈŸWUSÛžIf�R¼‰¿Ÿ7¿tÞ×�Ý6�ù}èþi"ÊAâC¸‹‡]�rR¤¤ýì¥åár^ÂÃ_F�Ÿ|–˜Ø‹íߣ��ù_ÿ´Qøÿü[C
HL{]{kû—d'™FLí“Ûw´�O�³œ®Õä�¹†LnßI^!/�#¤•ì#�"$ˆ y„ÜÛ%}�!¬�ow�½Èo$»Ä»�€½äáHot
�Eï§Ut�Í»l>+ 'ñ”“ëià
ó݃g�YŒÔ�d%YŠçuê#Sñ¬'/°yd‰¤ÅX­ÑÚ�Û��ñ\2�À�� ÕíëQã$h
ÔFnÃì�Põ’Q�È�R�‘Ös�ˆþz’ÇÙ�ì�VIï"SØ
r�=D^g�“_Ø£¤’ÝH¶Gª)s‰�Õ�-öw�Ù@n%wbä-$©ý[r�ùþä%�OBt3ÞîÁ8�Èu"u�$M?"÷�=q“�RÒ
�Io�ƒÜ žMxš�AŽû‡ð,'Ë¥�¬PZÎF´ýIJÂþLh×Ê÷�†çÞp�RAjÉ�y.Ñkœš�í?…§Isi
ö"B»»0§s¤�ëßJ¶‘yä.‘;Ù¹Ö«Qº
áL2‡'9È�ú�(ßN��»<ž”ˆ|�ž5ØÕgä�rs—òb² á)ÀÔΔ‡�H�’CF“éd ¹�Ôvéo��An�Æÿx…]ßNöc×÷ƒª��®îÅsåß_ȧä�i&�-] �éU˜[
{”®�6ÆKÃÈ<º‹Œ$‹øüèbò�u“Tòn—16®‹ÛÿÒþ�ö<±ãy�”TIŽ�ºþîÃì7’{ÄZª°{éXõ•~Óñ���jÆÓ“ö�fÒ¥�ÒF<;•�d:M ŸJGe�Ö<•¿ÃÚ:R„~@ß”š¥Gè[ôCú��HÒ@7ƒØóìeö�öê�¬ázv�»³’ÌÓ4kšéÝÊ" ç±™x¿€ÜLnAO;å)ä�6…¬¢^²—N�Ϊ3%·’‘Ò<zPúD>ÉÊh„cÒI.0T�Z໶ãß”}ª¼@FÈqäk²Pz �x�{º�fŠÙWŠz Àåvòð•Ê¢ñ�¤ž$Ï€�N’º+”-$ÃÉ�TG³:ã“ ÇAx.Ý�ñü_ýn‡t™@n$“¯X6���ùÍ#3@W]Wöä�ËF ;7���ñxàäò:|Í¿Å�¹bÙ•Ú^©l»Ô"¯“×I- Š^ä�©�5Œ�þîÄÓL�’�É–'È�þc¼Ü‚§Š�b7Gb%Ó0ÞmÀÇu(¹ôWt…Ù^Â�%h;‹Œ¦¥ íJÂ¥6×h� wÉŸ�;m!Id5u‘Õ„’FúgÒ„:CÔ�ò9ôê§$�å·R=ž�Pw�¤u�ZN�G>�>Z€�º�3¼•4’Ud"öä�@_ÐÔõÄJ�@o»ÀEWaÄSä���ô�
šýšMÄ©±+Ó‰U~@Þ(ÁÚhÿµý¿ÚÿÞö�KrþèØ[NéK�—; ¡v&û ËMt�}”<ÿ›z‹.©÷7:�³ÚƒþZ¯4›ÿ—¿ÌöW±ò›Úw‘°r- b�²0ò.RB‡ƒ¯v´ý‰¤Óõ�{�{ñ†ð�À�!±˜Ýlh "¦“ˆü¢ô f·CÌôcz�¬%f¢�Á’Qú�òí�2K¹Šn ïk�Ò2´»�$Òû$�8ГóÀo!�*›�þžÔ±'ˆÂ¼´�ô±‚¬#�‘v�7��ýó��%ÕH·I�¹8mÐÁS�á�0‹1ä�øý�r€Œ‘ÚÐßN°I¹Ÿ×jÿ�¬„�ìûÍ(å�ÇRªEw°~l�¤öóä:VÀ��"ƱBÐÁ�œ¶À��E4�jŽŽ´ xY�Iº�Úà��Æ�5Ò2ù�ÌšP�dí�Œô�ªÖ�ûÂè?ò›�L¬�Úh�IF<�ra0ÚWA?|�'b©Œå­/ý)�£ãÞ‹�_�©² P�Ô�È·ÞÒ~—Щ4�ÝEÚ;)-:îƒôaæ!5t�y��¾�{I424�ïÏ nì�Ës<fæD�÷a6³ä·°ŸüWD���íg�z��½+ü�Qz5xy!�N�¢½ésÀe<ù�’Ai�Òþ+zÝ�}éƺ·ae�@9#±�¥è»�ÉFéí¿%7ÙJz‰¹��o×�’ß�µïDz
ô Oz…x±¶?J¹ì�¬í+4��7eѵm—>�®; �Z‰5܆Ö5´Uzœ�WãÈ‹ôÉ+Ú�ÿËŸæ$×®Zne�ÄÞ¦`]ó¨�ÖÊ�²�^%�L¸Å¹��bP�÷úà~�æ´�X��5Æ°8ò�öh�0¸�x»‹ì�ÏŒâÕÔ�¢û;�kŸ 9¼�-׊ô!ÖKyŽã€ì¦�Ȩ(�¤tÖ-:F6úÞD5°
nǬj �ï‘~Ä(ãÈ
�û5��smÁÕW
ÊÉÎÊ�8 #½�¿´¾}z§öê™’Ü#©{01àOè����ãózÜ.§Ãn³ZÌ&£A¯Óª�E–�%½©·É;´pø¬&ßÐiM#‚ÂV�Óˆ�¾�•ÖDì±� ÍŸ‘6©O´V“’ÚD�#›œ£�Ÿ"¡ìIMšÔË«ÜÐ$%Y¿� ñ¨Xÿð&9 ÿ‚×�—4¥Œ) �­ïÇv¾Ÿ„6M1C���Ø&–„�×â�þ]Wì/i²ŽFy 6Rrm��]È¡µýól�’ìÀ$„c
›ºud'MºÒ$Ÿ�F�wN3�Un k­O�ð
�ÖDœO‘�Ÿ7��¯ôm6ôInSJ
¦aEJôEÒš¨ó»&êh¢®Q˜ð¥�ðfŸe_��ÃKf�‡—T Ÿ%Ó.bôÛ�>�þµþµc
m�HŠ)�l:ñ»Â§ ú¡Á¡¥z��Q@žÒ�Pbà�èbÞStÄ5T$؈პbDk�òì|ºÃ9Ìj
­›†Dp�°†7Ž‹oZÛ�ßÑõ�A³Ž”#’ŠL¢I3´I�LÂ_Ñ�n"ëüOõ>¼öŽV+™>-ÕX�,)ž\Ø$�£ÂSDJ�^>®)näè›P„¡ ÓÊý|³‡‰€o��x¹�-ò¼î4„Áa|Ë/)/)/�Ɖ„N��Ã;ÝІÀáØ&;âáM¶Ô¦|TË¿å‹Xiípo…Ÿg×®mð7íÀt»¼
ð�$àÅÔ×��b4t6|Ö�¾%i�Û&hñÚ�±9¡uÅþ¦�ÓgE(¯øŽ�ê�¬µ6�ø)€ÝÁþ ¥h�EeÉ´Y|ʳŠù2‡Ïò¯]W
–z‡X�¨Õ?|Ö0�¼!hŸŒGë›
‡—�‡_���GBJº¼m ÐäKå
×®�ΧX\‚ÙG¦Œ��çÏ9"6•b>C›BãDDƉ=Àˆ¡âa“¢EÑ
7ñfüÍ´a“&�"ûŽªMjRƒÒ7è_Ë{T“šœ©ÖÀQ¼;ܧ÷È1…ÇŊÕ7±¡…

@Kungergely

This comment has been minimized.

Copy link

@Kungergely Kungergely commented Feb 10, 2020

can someone decrypt this ?

lateDecode >>
stream

Perhaps you should try the GIST above instead of posting such a completely useless comment/request.

@grafikmutfagi

This comment has been minimized.

Copy link

@grafikmutfagi grafikmutfagi commented Apr 7, 2020

Everything is ok but I could not understand how to use it, can you suggest any resources I can learn? Thx..

@averagesecurityguy

This comment has been minimized.

Copy link
Owner Author

@averagesecurityguy averagesecurityguy commented Apr 7, 2020

It’s a python script. Change the name of the pdf file in the script the run the script with python3.

@grafikmutfagi

This comment has been minimized.

Copy link

@grafikmutfagi grafikmutfagi commented Apr 7, 2020

I do but, it stays like this ..

RESTART: C:\Users\GM\Desktop\pdfdecode\pdf_flatedecode.py ==========

@averagesecurityguy

This comment has been minimized.

Copy link
Owner Author

@averagesecurityguy averagesecurityguy commented Apr 7, 2020

You can learn more about pdf streams here. https://blog.didierstevens.com/2008/05/19/pdf-stream-objects/

@grafikmutfagi

This comment has been minimized.

Copy link

@grafikmutfagi grafikmutfagi commented Apr 7, 2020

stephen@averagesecurityguy.info I sent an e-mail to this address. I am waiting for your help. Thx..

@Kungergely

This comment has been minimized.

Copy link

@Kungergely Kungergely commented Apr 7, 2020

stephen@averagesecurityguy.info I sent an e-mail to this address. I am waiting for your help. Thx..

This script is not for doing some sort of a "conversion", but a forensics tool to be used mostly to look inside said streams. Even though you obviously weren't able to articulate what you want, this script is most probably not the solution you're looking for anyway.

@Kungergely

This comment has been minimized.

Copy link

@Kungergely Kungergely commented Apr 7, 2020

Oh BTW @averagesecurityguy I think that the '\r\n' should be preceded by a b, like this: s = s.strip(b'\r\n')

@grafikmutfagi

This comment has been minimized.

Copy link

@grafikmutfagi grafikmutfagi commented Apr 7, 2020

Hi.. i have a pdf that i have and i want to solve it with flatedecode. for example;

%PDF-1.4
%Çì�¢
5 0 obj
<</Length 6 0 R/Filter /FlateDecode>>
stream..........

@Kungergely

This comment has been minimized.

Copy link

@Kungergely Kungergely commented Apr 7, 2020

Hi.. i have a pdf that i have and i want to solve it with flatedecode. for example;

You should run the script above on the PDF you want to have decoded.

@grafikmutfagi

This comment has been minimized.

Copy link

@grafikmutfagi grafikmutfagi commented Apr 7, 2020

Could I copy and run the pdf content under this code file? where and how do i get the output file?

@Kungergely

This comment has been minimized.

Copy link

@Kungergely Kungergely commented Apr 7, 2020

No, you have to load the PDF using the script. The output will be printed to stdout (i.e. the terminal window), so you have to redirect it to a file.

@grafikmutfagi

This comment has been minimized.

Copy link

@grafikmutfagi grafikmutfagi commented Apr 7, 2020

Do you have an email address where I can send you the file, at least let's check if it works?
Because, I put the code and pdf file in the same directory, then changed the name of pdf to some_doc.pdf. Python Shell writes restart on the screen, the cursor flashes. But I can not get any results.

@Kungergely

This comment has been minimized.

Copy link

@Kungergely Kungergely commented Apr 7, 2020

The script needs Python 3 to run. I can't help you with troubleshooting your own Python installation, sorry.

@grafikmutfagi

This comment has been minimized.

Copy link

@grafikmutfagi grafikmutfagi commented Apr 7, 2020

I have Python 3.8.2.. Thx for help..

@grafikmutfagi

This comment has been minimized.

Copy link

@grafikmutfagi grafikmutfagi commented Apr 7, 2020

the last question is, can you tell the version it works? Which version are you using?

@Kungergely

This comment has been minimized.

Copy link

@Kungergely Kungergely commented Apr 8, 2020

I'm running it on Python 3.8.2 too and also on Windows.

@averagesecurityguy

This comment has been minimized.

Copy link
Owner Author

@averagesecurityguy averagesecurityguy commented Apr 8, 2020

@ grafikmutfagi I'm not sure why the script is not working in your environment. On my Mac or Linux machine, I would do the following:

  1. Edit the script to use the filename of my PDF.
  2. Add my PDF to the same directory as the script.
  3. Run the script with Python 3. python3 pdf_flatedecode.py

The script will find each of the FlateDecode streams in the PDF document using a regular expression, unzip them, and print out the unzipped data. You can do the same in the programming language of your choice.

Generally, it is ok to reach out to me by email and ask questions but I'm not going to open the PDF doc you sent and analyze it for you. If this script does not do what you want, there are other, more polished tools that you can use. Some of which come with detailed instructions on their usage. One example is this tool by Didier Stevens, which is included in Kali linux, https://tools.kali.org/forensics/pdf-parser.

@grafikmutfagi

This comment has been minimized.

Copy link

@grafikmutfagi grafikmutfagi commented Apr 8, 2020

Thx..

@duarte025

This comment has been minimized.

Copy link

@duarte025 duarte025 commented Apr 11, 2020

can someone please help me decode something I cannot figure it out for the life of me!!!!

@Kungergely

This comment has been minimized.

Copy link

@Kungergely Kungergely commented Apr 11, 2020

@duarte025 I'm sorry but if you're not able to comprehend the code above then this tool is most probably not what you're looking for. This isn't for "decoding" PDF documents.

@celsowm

This comment has been minimized.

Copy link

@celsowm celsowm commented May 19, 2020

Hi Guys, I have a similar problem with this pdf: https://pdfhost.io/v/54HTT2PTw_inicial_anterior.pdf
I tried pdftotext, ghostscript and imagemagick, no one was able to convert this pdf to nothing
I even offered a bounty on stackoverflow: https://stackoverflow.com/questions/61839856/how-extract-text-from-this-pdf-a-using-python

@Mortadha92

This comment has been minimized.

Copy link

@Mortadha92 Mortadha92 commented Jun 7, 2020

thank you for this script , it works good , but can you help me to understand this output type and how can i decode it :
b'\x00\x01\x00\x00\x00\t\x00\x80\x00\x03\x00\x10cvt \xef\x1f\x94\xcc\x00\x00\x00\x9c\

@averagesecurityguy

This comment has been minimized.

Copy link
Owner Author

@averagesecurityguy averagesecurityguy commented Jun 9, 2020

@Kungergely

This comment has been minimized.

Copy link

@Kungergely Kungergely commented Jun 9, 2020

@Mortadha92 if you expect any of us to "magically" deduce the contents of the data, then you're out of luck I'm afraid. What you posted there is binary data that's merely been transformed into another form (represented by Python-compatible hex numbers). It doesn't say anything about its contents though.

@Mortadha92

This comment has been minimized.

Copy link

@Mortadha92 Mortadha92 commented Jun 9, 2020

@Kungergely yes i know and i convert it and i have a Embedded CMAP tables like this : (but i can't go far )

/CIDInit /ProcSet findresource begin 12 dict begin begincmap /CIDSystemInfo
<< /Registry (TTX+0) /Ordering (T42UV) /Supplement 0 >> def
/CMapName /TTX+0 def /CMapType 2 def
1 begincodespacerange
<0000>
endcodespacerange
58 beginbfrange
<0003><0003><0020>
<000a><000a><0027>
<000b><000b><0028>
<000c><000c><0029>
<000f><000f><002c>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.