Fix PDF decryption for 256-bit AES with V=5

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b1e581684e00d49821632be2b3b213782d4fac35..3bb9848d41494bfb00e22aa9ead7ff34f6a1160d 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -100,3 +100,4 @@ This is v10.0.9, a release candidate for v10.1.0. I don't expect there to be maj
 ## Fixes on master (not yet released):
 
 - Fix a bug where decrypting a 40-bit RC4 pdf with R=2 didn't work.
+- Fix a bug where decrypting a 256-bit AES pdf with V=5 didn't work.

diff --git a/DeDRM_plugin/ineptpdf.py b/DeDRM_plugin/ineptpdf.py
index e227ddcf5917cd6ec83c2e05008e624a70aefb65..7802d87cffef2347700a3c0701e3ec2e4e709c90 100755 (executable)
--- a/DeDRM_plugin/ineptpdf.py
+++ b/DeDRM_plugin/ineptpdf.py
@@ -1366,8 +1366,7 @@ class PDFDocument(object):
 
     def process_with_aes(self, key, encrypt, data, repetitions = 1, iv = None):
         if iv is None:
-            keylen = len(key)
-            iv = bytes([0x00]*keylen)
+            iv = bytes(bytearray(16))
 
         aes = AES.new(key, AES.MODE_CBC, iv)
 
@@ -1395,10 +1394,18 @@ class PDFDocument(object):
                     raise Exception("K1 < 32 ...")
                 #def process_with_aes(self, key: bytes, encrypt: bool, data: bytes, repetitions: int = 1, iv: bytes = None):
                 E = self.process_with_aes(K[:16], True, K1, 64, K[16:32])
-                K = (hashlib.sha256, hashlib.sha384, hashlib.sha512)[sum(E) % 3](E).digest()
+                E = bytearray(E)
+
+                E_mod_3 = 0
+                for i in range(16):
+                    E_mod_3 += E[i]
+
+                E_mod_3 %= 3
+
+                K = (hashlib.sha256, hashlib.sha384, hashlib.sha512)[E_mod_3](E).digest()
 
                 if round_number >= 64:
-                    ch = int.from_bytes(E[-1:], "big", signed=False)
+                    ch = E[-1:][0]  # get last byte
                     if ch <= round_number - 32:
                         done = True