Skip to content

Instantly share code, notes, and snippets.

@averagesecurityguy
Last active October 2, 2024 19:10
Show Gist options
  • Save averagesecurityguy/ba8d9ed3c59c1deffbd1390dafa5a3c2 to your computer and use it in GitHub Desktop.
Save averagesecurityguy/ba8d9ed3c59c1deffbd1390dafa5a3c2 to your computer and use it in GitHub Desktop.
Decompress FlateDecode Objects in PDF
#!/usr/bin/env python3
# This script is designed to do one thing and one thing only. It will find each
# of the FlateDecode streams in a PDF document using a regular expression,
# unzip them, and print out the unzipped data. You can do the same in any
# programming language you choose.
#
# This is NOT a generic PDF decoder, if you need a generic PDF decoder, please
# take a look at pdf-parser by Didier Stevens, which is included in Kali linux.
# https://tools.kali.org/forensics/pdf-parser.
#
# Any requests to decode a PDF will be ignored.
import re
import zlib
pdf = open("some_doc.pdf", "rb").read()
stream = re.compile(rb'.*?FlateDecode.*?stream(.*?)endstream', re.S)
for s in stream.findall(pdf):
s = s.strip(b'\r\n')
try:
print(zlib.decompress(s))
print("")
except:
pass
@vipercommand
Copy link

vipercommand commented Apr 20, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment