Skip to content

Releases: mufeedvh/pdfrip

v3.0.0

18 Mar 19:40
@mufeedvh mufeedvh
v3.0.0
db977cf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v3.0.0 Latest
Latest

PDFRip v3.0.0

v3.0.0 is a trust / performance / compatibility release focused on making pdfrip more correct, more measurable, and more useful on real password-cracking workloads.

Highlights

Prepared verifier hot path

  • password attempts no longer rebuild general PDF parsing/storage state on every try
  • the release extracts the security envelope once, prepares a direct verifier once, and reuses it across attempts
  • verified against deterministic qpdf fixtures for Standard Security Handler revisions R2 through R6

Better compatibility coverage

The fixture and verifier matrix now covers:

  • R2 / R3 / R4 RC4
  • R4 AES-128
  • R5 / R6 AES-256
  • Unicode R5 / R6 passwords
  • blank user passwords
  • object streams and xref streams
  • linearized PDFs
  • EncryptMetadata=false

Exact progress and resume

  • progress is now based on verified attempts, not merely queued work
  • historical “100%, ETA 0s, but still running” behavior is fixed
  • checkpoint / resume is now a first-class workflow with exact verified-prefix recovery

New and improved search workflows

  • new mask mode for bounded structured passwords such as ?u{4}?d{4}
  • new contains-word mode for “known substring + brute-force the rest” workflows
  • date --format now supports custom shapes such as DD.MM.YYYY
  • custom-query now supports literal-only queries and fixes the {0-99} --add-preceding-zeros bug
  • numeric ranges are inclusive and sized exactly
  • default-query now enumerates printable ASCII correctly, including space, and can explicitly test a blank password with --min-length 0 --max-length 0

Better UX and reporting

  • success output distinguishes user vs owner passwords when the revision allows it
  • blank passwords render explicitly as ""
  • structured JSON output is available with --json
  • malformed inputs and missing wordlists now return normal user-facing errors instead of panic-style failures
  • README/help text now matches measured reality and current workflows

New opt-in fast mode

  • --user-password-only skips owner-password acceptance checks when you only care about the document-opening password path
  • this can materially reduce end-to-end time on R5/R6 workloads, but it will intentionally miss owner-only passwords

Measured improvements

Representative local measurements on the Apple M3 Pro development machine showed:

  • synthetic R5 prepared verifier: 15.5x lower latency than the legacy path
  • large bundled R3 example: 4.5x lower latency than the legacy path
  • 10,000-candidate mask exhaustion: 3.4x faster at 4 workers than 1 worker
  • --user-password-only speedups on user-password-heavy wordlist runs:
    • R5 fixture: 1.31x faster
    • R6 fixture: 2.77x faster
    • R6 Unicode fixture: 2.25x faster

R6 remains substantially more KDF-bound than earlier revisions, so the release notes and README intentionally avoid over-claiming “hashcat-class” throughput.

Build and release hardening

  • exact dependency pinning for sensitive direct crates
  • tracked Cargo.lock with --locked CI/release flows
  • CI coverage on Linux / macOS / Windows for stable + nightly
  • cargo install --path . smoke testing
  • benchmark-harness build coverage
  • PDF fixtures marked binary-safe across platforms so Windows checkouts do not corrupt xref offsets

Backlog closed by this release

This release closes or supersedes a large chunk of the active backlog, including build-breaks, default-query regressions, custom-query bugs, progress overshoot bugs, resumable-job support, date-format support, contains-word search, and AES-256 compatibility coverage.

Merged via PR #77.

Assets 5
Loading

v2.0.1

09 Jan 13:30
@mufeedvh mufeedvh
v2.0.1
b10bd06

Choose a tag to compare

View all tags
v2.0.1

Release v2.0.1

Changes:

  • Fix default query builder. (#19)

Full Changelog: v2.0.0...v2.0.1

Loading

v2.0.0

04 Jan 22:27
@mufeedvh mufeedvh
v2.0.0
b7b1a74

Choose a tag to compare

View all tags
v2.0.0

v2.0.0 Release! 🎉

What's Changed

  • Overhauled project by @Pommaq in #4
  • Fixed a typo in README.md by @zasekle in #5
  • Fix termination issue with wordlist argument. by @zasekle in #6
  • Wordlist line is not valid UTF-8 handling. by @zasekle in #8
  • Re #10 Create new search type that uses letters and words by @limitedAtonement in #11
  • Ensure we can bruteforce spans of dates instead of one year at a time. by @Pommaq in #13
  • Reimplement src/core/engine.rs to fix race conditions by @Pommaq in #15

New Contributors

Full Changelog: v1.0.0...v2.0.0

Contributors

limitedAtonement, zasekle, and Pommaq
Loading

v1.0.0

11 Feb 14:49
@mufeedvh mufeedvh
v1.0.0
463f0de
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.0

v1.0.0 Release.

Loading