Monday, April 22, 2013
Update to Jsunpack PDF parsing
Hey guys, I just added a patch from David Dorsey of Visiblerisk, Inc. (Thanks David, you are a boss!).
Below is a sample PDF you can test with just to see how awesome it is:
David described a lot of the improvements and the analysis he performed at the following blog posts entitled "Analyzing Malicious PDFs or: How I Learned to Stop Worrying and Love Adobe Reader"
Part 1: http://visiblerisk.com/blog/2013/4/8/analyzing-malicious-pdfs-or-how-i-learned-to-stop-worrying-a.html
Part 2: http://visiblerisk.com/blog/2013/4/15/analyzing-malicious-pdfs-or-how-i-learned-to-stop-worrying-a.html
In brief, this update improves pdf.py's XFA parsing, PDF encryption tags, and generally the update will help you to decode some malicious PDFs where jsunpackn.py had trouble decoding them before.
Thanks to David and please if you see any bugs related to this update please report them at https://code.google.com/p/jsunpack-n/issues/list and I'll fix them.