Decompress FlateDecode Objects in PDF

pdf_flatedecode.py

#!/usr/bin/env python3
# This script is designed to do one thing and one thing only. It will find each
# of the FlateDecode streams in a PDF document using a regular expression,
# unzip them, and print out the unzipped data. You can do the same in any
# programming language you choose.
#
# This is NOT a generic PDF decoder, if you need a generic PDF decoder, please
# take a look at pdf-parser by Didier Stevens, which is included in Kali linux.
# https://tools.kali.org/forensics/pdf-parser.
#
# Any requests to decode a PDF will be ignored.
import re
import zlib

pdf = open("some_doc.pdf", "rb").read()
stream = re.compile(rb'.*?FlateDecode.*?stream(.*?)endstream', re.S)

for s in stream.findall(pdf):
    s = s.strip(b'\r\n')
    try:
        print(zlib.decompress(s))
        print("")
    except:
        pass

Add import sys and replace "some_doc.pdf" by sys.argv[1] for a generic pdf flat decode command line tool.

#!/usr/bin/env python3
# This script is designed to do one thing and one thing only. It will find each
# of the FlateDecode streams in a PDF document using a regular expression,
# unzip them, and print out the unzipped data. You can do the same in any
# programming language you choose.
#
# This is NOT a generic PDF decoder, if you need a generic PDF decoder, please
# take a look at pdf-parser by Didier Stevens, which is included in Kali linux.
# https://tools.kali.org/forensics/pdf-parser.
#
# Any requests to decode a PDF will be ignored.
import re
import zlib
import sys

pdf = open(sys.argv[1], "rb").read()
stream = re.compile(rb'.*?FlateDecode.*?stream(.*?)endstream', re.S)

for s in stream.findall(pdf):
    s = s.strip(b'\r\n')
    try:
        print(zlib.decompress(s))
        print("")
    except:
        pass

Who are you writing this to?

…

On Thu, Jul 29, 2021 at 11:45 PM mikodham ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ My pdf has structure like this, it comes from ezpdf Korean Text 2 0 obj <</N 357/Length 538/Filter/FlateDecode>> stream 6q|ß”�­üD/�}y+wlØ—C- *¥f}RþñöôÑä�á¨4I–µûóß ��&†lDíé� 57 ûsâ�)dÉêà�5nÀœåÈá.�™æ�#�¹aY5ÅyštþÖ ¨:)³5Ò¤u¼��¢„�¼"�,�F34i�¨húÊ�ˆ)¾��@��ÑŽ3�²ï �”Î�”w�v1|�ç²Ãµ‰†ÈeǾ/«YÖçú\êÝ{¡S¨nÌI?�üíu‡�´Ë�òìJnÔéÔ]õcÇ"�tø�î£�¯�Ÿ™x8´Î\{w‘2bp^(}±¡j�ÀÀîù ¤d#dªÈM&C1äO�"�ÃŒÕÃ;Ž•äf°¶àñ"l…â‡ÎÔãYõUÕ†s+˜xúC�_a��]»àÃÕ:&Âí�°Y1�Š„f’ÈlÚ�Ÿ›Ô��þ)Øß�±�üÍ¥�÷Š²<»ó_a–q\Ä 3+@²û²“Ù–Ÿ�HD�c&ÆP;�Ïvîßüè;À}�]h‹„Ÿø���¢ó&h�ÑgÞ�œn̨[gõ2áGö%�7›�_@À»‚iÉk”î XûTíÐÉ›�0ÑFƒ–J}Û*ŠTÃ**EŠ/°ZMYõàÝ���äuN?±I˜%Bç—«bý™ x±ùß6¬hâ�Î[­CR�ûoo çâ)ævÎZ¦7'€DŠÓáýLŸ†$†o2�mø?+�êàï� �IVL �=��!Á´†…ëìÿ1Ã'lú�ªb� endstream endobj When I tried using your code @averagesecurityguy <https://github.com/averagesecurityguy> , it leaves no file. If I put "print(zlib.decompress(s))" before the try, the following error comes out. line 11, in print(zlib.decompress(s)) zlib.error: Error -3 while decompressing data: incorrect header check Any solution/suggestion? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <https://gist.github.com/ba8d9ed3c59c1deffbd1390dafa5a3c2#gistcomment-3836813>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AMWBNXIBGRVAMS66D5O6BEDT2JDCLANCNFSM4IGDOR5A> .