recentpopularlog in

kme : reversing   7

Update: Version 0.7.0 | Didier Stevens
<code class="language-bash">
./ -n document.pdf
./ -s objstm document.pdf

# decode stream objects ('-f' = filter)
./ -s objstm -f document.pdf

# force '' to parse the output of above (even though it's
# missing a proper PDF header)
./ -s objstm -f document.pdf | ./ -n -f

# which is (I think?) is roughly the same as
./ -a -O document.pdf
pdf  parser  reversing  reverseengineering  forensic  malware  analysis  commandline  python  video  streamobject  solution 
12 weeks ago by kme
Decompress FlateDecode Objects in PDF
Tips on how to get working in Python 3 here:

<code class="language-python">import re
import zlib

pdf = open("some_doc.pdf", "rb").read()
stream = re.compile(r'.*?FlateDecode.*?stream(.*?)endstream', re.S)

for s in stream.findall(pdf):
s = s.strip('\r\n')
python  pdf  reversing  forensics  objectstream  flatedecode  zlib 
12 weeks ago by kme

Copy this bookmark:

to read