jesparza / peepdf Goto Github PK

 sudo apt-get install libemu2 python-libemu python-lxml libxml2

 sudo apt-get install libv8-3.14.5

 sudo pip install -v pyv8

src/Wrapper.cpp: In static member function ‘static void CPythonObject::SetupObjectTemplate(v8::Handle<v8::ObjectTemplate>)’:

src/Wrapper.cpp:311:84: error: invalid conversion from ‘v8::Handle<v8::Boolean> (*)(v8::Local<v8::String>, const v8::AccessorInfo&)’ to ‘v8::NamedPropertyQuery {aka v8::Handle<v8::Integer> (*)(v8::Local<v8::String>, const v8::AccessorInfo&)}’ [-fpermissive]

   clazz->SetNamedPropertyHandler(NamedGetter, NamedSetter, NamedQuery, NamedDeleter);
                                                                                    ^
In file included from src/Exception.h:6:0,
                 from src/Wrapper.h:8,
                 from src/Wrapper.cpp:1:
/usr/include/v8.h:2414:8: note: initializing argument 3 of ‘void v8::ObjectTemplate::SetNamedPropertyHandler(v8::NamedPropertyGetter, v8::NamedPropertySetter, v8::NamedPropertyQuery, v8::NamedPropertyDeleter, v8::NamedPropertyEnumerator, v8::Handle<v8::Value>)’
   void SetNamedPropertyHandler(NamedPropertyGetter getter,
        ^
src/Wrapper.cpp:312:94: error: invalid conversion from ‘v8::Handle<v8::Boolean> (*)(uint32_t, const v8::AccessorInfo&) {aka v8::Handle<v8::Boolean> (*)(unsigned int, const v8::AccessorInfo&)}’ to ‘v8::IndexedPropertyQuery {aka v8::Handle<v8::Integer> (*)(unsigned int, const v8::AccessorInfo&)}’ [-fpermissive]
   clazz->SetIndexedPropertyHandler(IndexedGetter, IndexedSetter, IndexedQuery, IndexedDeleter);
                                                                                              ^
In file included from src/Exception.h:6:0,
                 from src/Wrapper.h:8,
                 from src/Wrapper.cpp:1:
/usr/include/v8.h:2437:8: note: initializing argument 3 of ‘void v8::ObjectTemplate::SetIndexedPropertyHandler(v8::IndexedPropertyGetter, v8::IndexedPropertySetter, v8::IndexedPropertyQuery, v8::IndexedPropertyDeleter, v8::IndexedPropertyEnumerator, v8::Handle<v8::Value>)’
   void SetIndexedPropertyHandler(IndexedPropertyGetter getter,
        ^
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
----------------------------------------
Cleaning up...
Command /usr/bin/python -c "import setuptools, tokenize;__file__='/tmp/pip-build-8XX3Id/pyv8/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-DQ9h7E-record/install-record.txt --single-version-externally-managed --compile failed with error code 1 in /tmp/pip-build-8XX3Id/pyv8
Traceback (most recent call last):
  File "/usr/bin/pip", line 9, in <module>
    load_entry_point('pip==1.5.6', 'console_scripts', 'pip')()
  File "/usr/lib/python2.7/dist-packages/pip/__init__.py", line 248, in main
    return command.main(cmd_args)
  File "/usr/lib/python2.7/dist-packages/pip/basecommand.py", line 161, in main
    text = '\n'.join(complete_log)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 42: ordinal not in range(128)

 python setup.py build
 sudo python setup.py install

kp@mbp:mrmcd15>  peepdf.py -fli  manuallycoded.pdf
Warning: PyV8 is not installed!!
Warning: pylibemu is not installed!!

File: manuallycoded.pdf
MD5: 758869f79d4fe30496db43b3bef8b708
SHA1: 4821d74bf84b6a0b757fd6c152c2e0a6d5fd3fa9
SHA256: 73016c523779e344ad45ee07dadd6812c14bde2015e6ba2e8e2638ef730c870e
Size: 2656 bytes
Version: 1.0
Binary: False
Linearized: False
Encrypted: False
Updates: 0
Objects: 9
Streams: 2
Comments: 0
Errors: 1

Version 0:
    Catalog: 1
    Info: 2
    Objects (9): [1, 2, 3, 4, 5, 7, 8, 9, 10]
    Streams (2): [8, 9]
        Encoded (1): [9]


PPDF> object 9

<< /Length 503
/Filter [ /ASCIIHexDecode /ASCIIHexDecode /FlateDecode /LZWDecode /ASCIIHexDecode ] >>
stream
BT
    /F1 60              Tf
    30  400             Td
    1 0 0               rg
    (Hallo, MRMCD 2015) Tj
ET

endstream

PPDF> filters 9

[ /ASCIIHexDecode /ASCIIHexDecode /FlateDecode /LZWDecode /ASCIIHexDecode ]

PPDF> filters 9 ahx

<< /Length 228
/Filter /ASCIIHexDecode >>
stream
42540a202020202f4631203630202020202020202020202020202054660a20202020333020203430302020202020202020202020202054640a20202020312030203020202020202020202020202020202072670a202020202848616c6c6f2c204d524d434420323031352920546a0a45540a
endstream

PPDF> filters 9 ahx > stream9.ahx

PPDF> quit

Leaving the Peepdf interactive console...Bye! ;)

Hi,

Service code.google.com is closing soon. Do you have plans to migrate to GitHub?

Add the ASCII85Decode filter to peepdf, using the decoder
from pdfminer.

I needed to dump streams directly to file, e.g. extracting fonts from a PDF.

Attached is a patch which duplicates the 'stream' command, but accepts a 
filename to output to rather than the console.

When processing certain files, peepdf crashes with the following error:

UnboundLocalError: local variable 'ret' referenced before assignment

The bug lies in the PDFFilters.py file in the decodeStream() function, line 92:

{{{
    Traceback (most recent call last):
      File "my_script.py", line 45, in <module>
        ret, pdf = PDFCore.PDFParser().parse(filepath, True, True)
      File "/home/travesti/peepdf_0.2/PDFCore.py", line 6727, in parse
        ret = body.updateObjects()
      File "/home/travesti/peepdf_0.2/PDFCore.py", line 4126, in updateObjects
        object.resolveReferences()
      File "/home/travesti/peepdf_0.2/PDFCore.py", line 2470, in resolveReferences
        ret = self.decode()
      File "/home/travesti/peepdf_0.2/PDFCore.py", line 2001, in decode
        ret = decodeStream(self.encodedStream, self.filter.getValue(), self.filterParams)
      File "/home/travesti/peepdf_0.2/PDFFilters.py", line 92, in decodeStream
        return ret
    UnboundLocalError: local variable 'ret' referenced before assignment
}}}

The exception is raised because there isn't a previous declaration of the "ret" 
variable in the decodeStream() function. If none of the conditions are true 
then the "ret" variable never gets a value, the function ret is reached and 
Python raises the UnboundLocalError exception.

I patched the function just adding the following line at the begenning of the 
decodeStream() function:

{{{
    ret = (-1, "")
}}}

But it keeps raising errors in other modules :(

peepdf will raise exception when opening the sample.pdf in attachment because 
it does not handle key P in standard encryption dictionary properly. The 
rc4.patch in attachment can fix this problem.

What steps will reproduce the problem?

1. ./peepdf -i
2. create pdf
3. embed file
4. filters 4 lzw
5. save test.pdf
6. exit
7. ./peepdf -i test.pdf
8. peepdf shows decode error in object 4


What is the expected output? What do you see instead?

Peepdf shall encode/decode LZW filter successfully.


What version of the product are you using? On what operating system?

The peepdf version is r45
The python version is 2.7.2+
The operating system is ubuntu 11.10 x86_64


Please provide any additional information below.

The test.pdf can not decode by other PDF tools like origami-pdf.

ret = body.updateObjects()

object.resolveReferences()

ret = PDFParser.readObject(objectsSection[offset:])

ret, pdf = pdfParser.parse(fileName, options.isForceMode, options.isLooseMode, options.isManualAnalysis)

ret = body.updateObjects()

object.resolveReferences()

ret = PDFParser.readObject(objectsSection[offset:])

What steps will reproduce the problem?
1. Have a PDF with /AAPL:Keywords and it will get flagged as /AA based on line 
43 of PDFCore.py .  By adding a space after each of the the items from line 
43-45, i.e. - '/AA ', you will still receive hits for legitimate Additional 
Actions still but you now won't receive false positive hits because something 
else contains _part_ of the data that was looked to match.

What is the expected output? What do you see instead?
Expected to flag only on the correct Event/Action/Element names but instead you 
may receive false hits.

What version of the product are you using? On what operating system?
Version included in REMnux - checked the latest trunk version and it should 
still be the same.

Please provide any additional information below.
pdfxray_lite also has this issue since it uses peepdf on the back end, however, 
since it uses it's own copy of PDFCore.py that owner will be contacted 
separately if this issue is accepted as it'll also need the slight change.

0000023515 00000 n
0000024187 00000 n
0000024261 00000 n
trailer
<<
 /Size 67
 /Root 10 0 R
>>
startxref
24613
%%EOF

1 0 obj 
<<
 /Length 56305 
 /Filter /FlateDecode 
 >> 
 stream
....

diff --git a/PDFCore.py b/PDFCore.py
index 3b2fe00..33cf5a4 100644
--- a/PDFCore.py
+++ b/PDFCore.py
@@ -4315,7 +4315,7 @@ class PDFBody :
                                 self.setObject(compressedId, compressedObject, offset)
                             del(compressedObjectsDict)
         for id in self.referencedJSObjects:
-            if id not in self.containingJS:
+            if (len(self.containingJS) and id not in self.containingJS):
                 object = self.objects[id].getObject()
                 if object == None:
                     errorMessage = 'Object is None'
@@ -6941,6 +6941,9 @@ class PDFParser :
                     self.fileParts.append(fileContent)
                 else:
                     sys.exit(errorMessage)
+        # append anything behind %%EOF
+        if fileContent:
+            self.fileParts.append(fileContent)
         pdfFile.setUpdates(len(self.fileParts) - 1)

         # Getting the body, cross reference table and trailer of each part of the file

Version 0:
        Catalog: 10
        Info: No
        Objects (50): [6, 7, 9, 10, 11, 12, 14, 15, 17, 19, 20, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 61, 62, 63, 64, 65, 66]
                Errors (1): [33]
        Streams (14): [14, 15, 17, 25, 31, 32, 33, 34, 49, 51, 55, 56, 57, 62]
                Encoded (11): [14, 15, 17, 25, 31, 32, 33, 49, 51, 55, 56]
                Decoding errors (1): [33]
        Suspicious elements:
                /AcroForm (1): [10]
                /OpenAction (1): [10]
                /JS (1): [11]
                /JavaScript (1): [11]


Version 1:
        Catalog: No
        Info: No
        Objects (1): [1]
        Streams (1): [1]
                Encoded (1): [1]
        Objects with JS code (1): [1]
PPDF> object 1

<< /Length 56305
/Filter /FlateDecode >>
stream

var dlldata= [0x81ec8b55,0x000498ec,0xf4458900 ....

What steps will reproduce the problem?
1. Don't install PyV8
2. try to run peepdf.py on any pdf w/ js

What is the expected output? What do you see instead?
For the python to load. 

Instead presented with this:

Traceback (most recent call last):
  File "peepdf.py", line 32, in <module>
    from PDFCore import PDFParser, vulnsDict
  File "/Users/tross/Code/satori/peepdf_service/peepdf-svn/PDFCore.py", line 31, in <module>
    from JSAnalysis import *
  File "/Users/tross/Code/satori/peepdf_service/peepdf-svn/JSAnalysis.py", line 36, in <module>
    class Global(PyV8.JSClass):

NameError: name 'PyV8' is not defined

What version of the product are you using? On what operating system?
any


Please provide any additional information below.
placing the global class in the try block will fix it... probably a better fix.
try:
    import PyV8
    JS_MODULE = True 
    class Global(PyV8.JSClass):
        evalCode = ''

        def evalOverride(self, expression):
            self.evalCode += '\n\n// New evaluated code\n' + expression
            return
except:
    JS_MODULE = False

 peepdf.py -C "tree,offsets,filters 9" my.pdf
 peepdf.py --commands "tree,offsets,filters 9" my.pdf

tree
offsets
filters 9

       0 Header
      74
        Object  1 (89)
     162                           ### 163   
     166
        Object  2 (236)
     401                           ### 402   
     405
        Object  3 (127)
     531                           ### 532   
     534
        Object  4 (208)
     741                           ### 742   
     745
        Object  5 (42)
     786                           ### 787   
     807
        Object  7 (92)
     898                           ### 899   
     902
        Object  8 (410)
    1311                           ### 1312   
    1315
        Object  9 (726)
    2040                           ### 2041   
    2044
        Object  10 (209)
    2252                           ### 2253   
    2317
        Xref Section (240)
    2556                           ### 2557
    2558
        Trailer (92)
    2649                           ### 2549, correct!   
    2650 EOF

Traceback (most recent call last):
  File "/home/sdeiss/Developer/bin/virtualenv/peekaboo/local/lib/python2.7/site-packages/peepdf/main.py", line 409, in main
    ret, pdf = pdfParser.parse(fileName, options.isForceMode, options.isLooseMode, options.isManualAnalysis)
  File "/home/sdeiss/Developer/bin/virtualenv/peekaboo/local/lib/python2.7/site-packages/peepdf/PDFCore.py", line 7098, in parse
    ret = body.updateObjects()
  File "/home/sdeiss/Developer/bin/virtualenv/peekaboo/local/lib/python2.7/site-packages/peepdf/PDFCore.py", line 4288, in updateObjects
    object.resolveReferences()
  File "/home/sdeiss/Developer/bin/virtualenv/peekaboo/local/lib/python2.7/site-packages/peepdf/PDFCore.py", line 3253, in resolveReferences
    ret = PDFParser.readObject(objectsSection[offset:])
TypeError: slice indices must be integers or None or have an __index__ method

Traceback (most recent call last):
  File "/home/sdeiss/Developer/bin/virtualenv/peekaboo/local/lib/python2.7/site-packages/peepdf/main.py", line 409, in main
    ret, pdf = pdfParser.parse(fileName, options.isForceMode, options.isLooseMode, options.isManualAnalysis)
  File "/home/sdeiss/Developer/bin/virtualenv/peekaboo/local/lib/python2.7/site-packages/peepdf/PDFCore.py", line 7098, in parse
    ret = body.updateObjects()
  File "/home/sdeiss/Developer/bin/virtualenv/peekaboo/local/lib/python2.7/site-packages/peepdf/PDFCore.py", line 4288, in updateObjects
    object.resolveReferences()
  File "/home/sdeiss/Developer/bin/virtualenv/peekaboo/local/lib/python2.7/site-packages/peepdf/PDFCore.py", line 3253, in resolveReferences
    ret = PDFParser.readObject(objectsSection[offset:])
TypeError: unbound method readObject() must be called with PDFParser instance as first argument (got str instance instead)

What steps will reproduce the problem?

1. Run "./peepdf.py -i"
2. Run "create pdf" in peepdf console
3. Run "save 'test.pdf'" in peepdf console


What is the expected output? What do you see instead?

The following content is the cross-reference table and trailer of test.pdf. The 
size of cross-reference table is 4, however, there are 5 entries in table. 
There is a useless entry in cross-reference table which does not point to an 
object.

xref
0 4
0000000000 65535 f 
0000000009 00000 n 
0000000059 00000 n 
0000000118 00000 n 
0000000119 00000 n 
trailer
<< /Size 4
/Root 1 0 R >>
startxref
210
%%EOF


What version of the product are you using? On what operating system?

The version of peepdf is r42. The operating system is ubuntu-11.10 x86_64.


Please provide any additional information below.

### Check current Git log:

 kp@mbp:git.peepdf.trunk > git log | head -n 12 
 commit c550c6d1e8b4cb507018deb73392a0487d5d96b4
 Author: Jose Miguel Esparza <[email protected]>
 Date:   Fri Jul 31 01:27:46 2015 +0200

     Added /Flash as element to monitor

 commit 79d0534981a98a9c553cc68f2b13a62f5afd5c5a
 Author: Jose Miguel Esparza <[email protected]>
 Date:   Mon Jul 27 23:42:55 2015 +0200

     Added some PEP8 magic and modified the limit output to 500 lines instead of 1000

### Create an empty, dummy PDF with Ghostscript:

 kp@mbp:git.peepdf.trunk > gs -q -o empty-dummy.pdf -sDEVICE=pdfwrite -c showpage

### Check the newly created PDF with `pdfinfo`:

 kp@mbp:git.peepdf.trunk > pdfinfo empty-dummy.pdf 
 Producer:       GPL Ghostscript GIT PRERELEASE 9.18
 CreationDate:   Fri Jul 31 11:42:22 2015
 ModDate:        Fri Jul 31 11:42:22 2015
 Tagged:         no
 UserProperties: no
 Suspects:       no
 Form:           none
 JavaScript:     no
 Pages:          1
 Encrypted:      no
 Page size:      612 x 792 pts (letter)
 Page rot:       0
 File size:      2383 bytes
 Optimized:      no
 PDF version:    1.5

### Run peepdf.py:

 kp@mbp:git.peepdf.trunk > ./peepdf.py -fil empty-dummy.pdf 
 Warning: PyV8 is not installed!!
 Warning: pylibemu is not installed!!

 File: empty-dummy.pdf
 MD5: fc9ef463e4de46cdb87805be0f0edc7b
 SHA1: ddaa418db6e95360273b13506d592d54dc49a311
 SHA256: c36758aa347e1e526addf50b8a795abe6c5cbd79d8d6c30cf86aebea67250ebd
 Size: 2383 bytes
 Version: 1.5
 Binary: True
 Linearized: False
 Encrypted: False
 Updates: 0
 Objects: 9
 Streams: 2
 Comments: 0
 Errors: 0

 Version 0:
    Catalog: 1
    Info: 2
    Objects (9): [1, 2, 3, 4, 5, 6, 7, 8, 9]
    Streams (2): [9, 5]
        Encoded (1): [5]

 *** Error: Exception not handled!!

 Please, don't forget to report the errors found:

    - Sending the file "$(pwd)/errors.txt" to the author  (mailto:[email protected])
    - And/Or creating an issue on the project webpage (https://github.com/jesparza/peepdf/issues)

*** Error: Exception not handled using the interactive console!! Please, report it to the author!! 

Traceback (most recent call last):
  File "C:\user\pdf\peepdf2\peepdf.py", line 727, in <module>
    console.cmdloop()
  File "C:\Python27\lib\cmd.py", line 142, in cmdloop
    stop = self.onecmd(line)
  File "C:\Python27\lib\cmd.py", line 221, in onecmd
    return func(arg)
  File "C:\user\pdf\peepdf2\PDFConsole.py", line 2858, in do_open
    ret = pdfParser.parse(fileName, forceMode, looseMode)
  File "C:\user\pdf\peepdf2\PDFCore.py", line 7054, in parse
    sys.exit('Error: An error has occurred while parsing an indirect object!!')
SystemExit: Error: An error has occurred while parsing an indirect object!!

python.exe "C:\user\pdf\peepdf2\peepdf.py" -C changelog -f "C:\user\pdf\pdf_test.pdf"

Error: Exception not handled!!

Traceback (most recent call last):
  File "C:\user\pdf\peepdf2\peepdf.py", line 494, in <module>
    ret, pdf = pdfParser.parse(fileName, options.isForceMode, options.isLooseMode, options.isManualAnalysis)
  File "C:\user\pdf\peepdf2\PDFCore.py", line 7061, in parse
    ret = body.updateObjects()
  File "C:\user\pdf\peepdf2\PDFCore.py", line 4283, in updateObjects
    object.resolveReferences()
  File "C:\user\pdf\peepdf2\PDFCore.py", line 3243, in resolveReferences
    ret = PDFParser.readObject(objectsSection[offset:])
TypeError: slice indices must be integers or None or have an __index__ method

What steps will reproduce the problem?
1. Get this specially forged PDF:
https://www.virustotal.com/en-gb/file/be9c0025b99f0f8c55f448ba619ba303fc65eba862
cac65a00ea83d480e5efec/analysis/
2. run peepdf -fi filename
3. run js_analysis object 6

What is the expected output? What do you see instead?

Run the JS code the PyV8 .

Because there are XFA tags opening and closing, js emulation fails:

*** Error analysing Javascript: SyntaxError: Unexpected token < (  @ 1 : 0 )  
-> <? xml version = "1.0"


What version of the product are you using? On what operating system?


Version: peepdf 0.2 r203
Ubuntu 12.10

Please provide any additional information below.

this is the error.log

Traceback (most recent call last):
  File "./peepdf.py", line 541, in <module>
    console.cmdloop()
  File "/usr/lib/python2.7/cmd.py", line 142, in cmdloop
    stop = self.onecmd(line)
  File "/usr/lib/python2.7/cmd.py", line 219, in onecmd
    return func(arg)
  File "/usr/local/peepdf/PDFConsole.py", line 2721, in do_open
    ret = pdfParser.parse(fileName, forceMode, looseMode)
  File "/usr/local/peepdf/PDFCore.py", line 6838, in parse
    sys.exit('Error: An error has occurred while parsing an indirect object!!')
SystemExit: Error: An error has occurred while parsing an indirect object!!
Traceback (most recent call last):
  File "./peepdf.py", line 541, in <module>
    console.cmdloop()
  File "/usr/lib/python2.7/cmd.py", line 142, in cmdloop
    stop = self.onecmd(line)
  File "/usr/lib/python2.7/cmd.py", line 219, in onecmd
    return func(arg)
  File "/usr/local/peepdf/PDFConsole.py", line 2721, in do_open
    ret = pdfParser.parse(fileName, forceMode, looseMode)
  File "/usr/local/peepdf/PDFCore.py", line 6838, in parse
    sys.exit('Error: An error has occurred while parsing an indirect object!!')
SystemExit: Error: An error has occurred while parsing an indirect object!!


do you need other info?

thanks a lot

When using PDFs containing PNG images with prediction > 10, the current 
implementation only decodes part of the image (1/3 of each row of the image).

Luckily, I already found the problem and I will attach a patch with a possible 
solution :)

What steps will reproduce the problem?
1.https://www.virustotal.com/en/file/784d1ebd1faccec27f98970cc266859eaf5676da1c4
51e3304fb55435d8c8473/analysis/
2. run peepdf.py -f vtfile


What is the expected output? What do you see instead?

#Expected:

Warning: PyV8 is not installed!!
Warning: pylibemu is not installed!!
Decryption error: Bad format for /O!!
Decryption error: Bad format for /U!!
Decryption error: Default user password not working here!!

File: tp_22340_utf8_88292d7181514fda5390292d73da28d4
MD5: 88292d7181514fda5390292d73da28d4
SHA1: fbc3856fd689e1ac0f8fb56bbd7d0a2b8332a928
Size: 807079 bytes
Version: 1.4
Binary: True
Linearized: False
Encrypted: True (RC4 40 bits)
Updates: 0
Objects: 7
Streams: 1
Comments: 0
Errors: 5

Version 0:
    Catalog: 1
    Info: No
    Objects (7): [1, 2, 3, 4, 5, 8, 9]
        Errors (1): [5]
    Streams (1): [5]
        Encoded (1): [5]
        Decoding errors (1): [5]
    Suspicious elements:
        /AcroForm: [1]
        /OpenAction: [1]
        /JS: [1]
        /JavaScript: [1]

#Instead see:

Traceback (most recent call last):
  File "peepdf.py", line 352, in <module>
    ret,pdf = pdfParser.parse(fileName, options.isForceMode, options.isLooseMode, options.isManualAnalysis)
  File "/Users/tross/Code/satori/peepdf_service/peepdf-svn/PDFCore.py", line 6822, in parse
    ret = pdfFile.decrypt()
  File "/Users/tross/Code/satori/peepdf_service/peepdf-svn/PDFCore.py", line 5179, in decrypt
    ret = computeUserPass(password, dictO, fileId, perm, keyLength, revision, encryptMetadata)
  File "/Users/tross/Code/satori/peepdf_service/peepdf-svn/PDFCrypto.py", line 164, in computeUserPass
    ret = computeEncryptionKey(userPassString, dictO, dictU, dictOE, dictUE, fileID, pElement, keyLength, revision, encryptMetadata)
  File "/Users/tross/Code/satori/peepdf_service/peepdf-svn/PDFCrypto.py", line 58, in computeEncryptionKey
    md5input = password + dictOwnerPass + struct.pack('<I',abs(int(pElement))) + fileID
TypeError: cannot concatenate 'str' and 'instance' objects

What version of the product are you using? On what operating system?
latest version from svn, any os

Please provide any additional information below.
when forcing and encountering errors and the dict0/dictOwnerPass object doesn't 
resolve to a simple string and therefore hinders further execution.

What steps will reproduce the problem?
1. running metadata in the console on a malformed PDF


What is the expected output? What do you see instead?
The program crashed with:

Traceback (most recent call last):
  File "/home/.../bin/peepdf.py", line 465, in <module>
    console.cmdloop(stats + newLine)
  File "/usr/lib64/python2.6/cmd.py", line 142, in cmdloop
    stop = self.onecmd(line)
  File "/usr/lib64/python2.6/cmd.py", line 219, in onecmd
    return func(arg)
  File "/home/.../src/svn/sec/peepdf-read-only/PDFConsole.py", line 2290, in do_metadata
    type = object.getElementByName('/Type').getValue()
AttributeError: 'list' object has no attribute 'getValue'


What version of the product are you using? On what operating system?
r158 from svn

Please provide any additional information below.

I don't know if the patch is the right long-term solution, but it solved my 
crash.

Maybe every interactive command should be in a try/except block, so the program 
does not crash on the user?

PPDF> set jscode "var a = 8; a = a + 2; print('The content of the variable is '+a);"
PPDF> js_eval variable jscode


*** Error: ReferenceError: print is not defined (  @ 1 : 22 )  -> var a = 8; a = a + 2; print('The content of the variable is '+a);

PPDF> encode help

Usage: encode variable $var_name $filter1 [$filter2 ...]
Usage: encode file $file_name $filter1 [$filter2 ...]
Usage: encode raw $offset $num_bytes $filter1 [$filter2 ...]

Encodes the content of the specified variable, file or raw bytes using the following 
filters or algorithms:
[....]

PPDF> encode help

Usage: encode variable $var_name $filter1 [$filter2 ...]
Usage: encode file $file_name $filter1 [$filter2 ...]
Usage: encode raw $offset $num_bytes $filter1 [$filter2 ...]
Usage: encode stream $object $filter1 [$filter2 ...]

Encodes the content of the specified variable, file, raw bytes or stream from $object 
using the following filters or algorithms:
[....]

PPDF>  encode stream 9 lzw ahx > stream9-lzw-ahx.txt

CVE-2013-3346 pdf samples have obfuscated Javascript code using jjencode 
(http://utf-8.jp/public/jjencode.html). It would be nice to have a jjdecoder in 
peepdf to quickly deobfuscate the code.

Sample jjdecoder written in Javascript can be found here: 
http://csc.cs.utm.my/syed/images/files/jjdecode/jjdecode.html

Some explanation about how a jjdecoder works can be found here: 
http://corkami.googlecode.com/svn-history/r399/trunk/misc/jjencode.txt

We have an automated malware analysis system that runs a variety of scans in 
memory on input files.  We patched PDFCore.py to enable string input of file 
contents, rather than a filename.  It is attached, in case anyone finds it 
useful.