 About a year ago I produced a video showing how to track the PDF key, the key that protects an encrypted PDF. I showed you how to track this key with a commercial tool. This time I want to show you this with a free tool. It's OCL Ashcat. Now, when you want to run this, make sure that you have a version that supports PDF hashes. Here I use version 133. This one includes PDF support. The PDF that I have here with encryption is my PDF for my examples that I use in my workshop, exercise 20. This PDF is encrypted. You need a password to open it and to be able to read it. OCL Ashcat requires hashes to work, so you need to produce a hash. You can use a tool from John the Ripper. It's called PDF2John. It's a Python program. Make also sure that you have the latest version. Go to GitHub and download PDF2John, the Python program from the latest version of John the Ripper. Then you just provide it with the PDF and here we have the hash. Let's save this to a file like this. We need to remove some information like the file name. OCL Ashcat only expects the hash. You remove these parts here, like this, and then we save. Now we can start the process. The hash for this PDF here is a 40-bit key. This is the mode that we want to use, 10,410. The attack mode is mode 3. We provide the hash and then the mask of the key. So 40 bits, that's 5 bytes, like this. OCL Ashcat is trying to crack the key. We can ask for the status and you can see that this will take 3 days and 8 hours here on this machine. But of course we are not going to wait for that. I'm going to speed this up. I know the password and I know the key of this PDF document. This here is actually the key and we are going to use that key as a character set. Then that will speed up the key space that OCL Ashcat has to search for. Now we go back to our command. I'm going to provide now this custom character set which contains only bytes that make up the key. The first 3 bytes here come from this character set. The first 3 bytes here are the bytes that we know from the key. The last 2 bytes here will be brewed first. Let's run this. Here we have our answer. Here you see the hash that we cracked. And here is the key. Now that is not the password. You cannot open the PDF with that. You could use the Elkomsoft commercial tool. So the free trial version of the PDF cracker from Elkomsoft allows you to decrypt a PDF file if you know the key. So you can just type in this key and then it will remove the encryption from the PDF for you. Now we also show this here with one hash and of course you can put in the file here. You can put more hashes. It's not limited to one hash. So you can then brute force the key of many PDF documents at once.