PDF Password Recovery: How to Recover or Remove a Lost PDF Password

1. Understanding PDF Encryption: Two Password Types That Work Differently
2. PDF Encryption Versions and Hashcat Modes: What You're Actually Up Against
3. How to Extract a PDF Hash Manually with pdf2john
4. Uploading Your PDF to OnlineHashCrack: The Automated Recovery Workflow
5. Practical Recovery Scenarios: Tax Returns, Contracts, and Forensic Cases
6. Improving Recovery Success: Wordlists, Rules, and Password Patterns
7. Further Reading and Resources
8. Frequently Asked Questions

Before attempting any recovery, you must understand that a PDF can carry two fundamentally different kinds of passwords, and confusing them leads to wasted effort. They are not interchangeable, and their recovery paths are entirely separate.

The user password, also called the open password, prevents the document from being opened at all. When you double-click the file and Acrobat immediately asks for a password before displaying any content, you are facing a user password. This is the cryptographically hard problem: the password is used as a key derivation input, and the entire document body is encrypted. To recover it, you must attack the hash derived from that password — there is no shortcut. Tools like hashcat target this hash directly using wordlists, rules, or brute-force attacks.

The owner password, also called the permissions password, does not encrypt the document content. Instead, it restricts what an authorized reader can do — printing, copying text, filling forms, extracting pages. The document itself opens freely (or with only the user password). On older PDF specifications (PDF 1.x with RC4 encryption), the owner password protection was architecturally weak: the document content was never truly locked by it. Many tools can remove these restrictions without ever knowing the owner password, simply by rewriting the permission flags in the PDF structure.

Critical distinction: OHC's hash-cracking pipeline targets the user password. Owner-password removal on older formats is a separate, often trivial operation. Never assume that removing a permissions restriction is the same as recovering an open password — they are categorically different problems.

• User password blocked? → Hash extraction + hashcat attack required
• Owner password only? → Permissions removal possible on PDF 1.x without cracking
• Both set? → Must crack user password first; owner password is secondary

The difficulty of recovering a PDF user password scales dramatically with the encryption algorithm used. Adobe has updated the PDF encryption specification multiple times over decades, and the version embedded in your file determines exactly how hard cracking will be. Hashcat exposes this through four dedicated PDF modes.

Documents created with Acrobat 3 and earlier, or saved under PDF 1.1–1.3 compatibility, use 40-bit RC4. At approximately 10 billion hashes per second on an RTX 5090, a complete keyspace search over short passwords is computationally trivial. If you have a document from the late 1990s or early 2000s, it almost certainly falls here.

PDF 1.4 through 1.6 (Acrobat 5–7 era) upgraded to 128-bit RC4. At ~500 million hashes per second, exhaustive brute-force of long passwords is impractical, but dictionary attacks with large wordlists and rule sets succeed quickly against common passwords.

Adobe Acrobat X (version 10, released 2010) changed the default encryption to AES-256, which maps to hashcat mode 10700. At roughly 100,000 hashes per second — five orders of magnitude slower than mode 10400 — only passwords found in wordlists or short brute-force ranges are realistically recoverable. If the password was a random 12-character string, recovery is not feasible with current hardware. Strong wordlists, rules, and leaked password databases are your best tools here.

You can verify hashcat's measured speeds on OHC's published RTX 5090 benchmark page: OHC RTX 5090 Hashcat Benchmark.

If you prefer to work locally before uploading, or need to verify what encryption version your document uses, pdf2john is the standard tool for extracting the crackable hash from a PDF file. It is part of the John the Ripper suite and also ships with hashcat-adjacent toolsets.

On a system with John the Ripper installed (Linux/macOS/WSL), the script is typically found at /usr/share/john/pdf2john.pl or accessible via pdf2john directly. Run it as follows:

• pdf2john.pl locked_document.pdf — outputs the raw hash string
• pdf2john.pl locked_document.pdf > document.hash — saves it to a file
• On Python-based versions: python3 pdf2john.py locked_document.pdf

The output looks like: locked_document.pdf:$pdf$2*3*128*-4*1*16*.... The fields embedded in this hash string tell you everything you need to know:

• The number following $pdf$ indicates the revision
• The third field indicates the key length (40 or 128 bits for RC4; 256 for AES)
• This data lets you select the correct hashcat mode before launching any attack

Once you have your hash, match it to the right mode:

• 40-bit RC4 → hashcat -m 10400 document.hash wordlist.txt
• 128-bit RC4 (PDF 1.4–1.6) → hashcat -m 10500 document.hash wordlist.txt
• 128-bit RC4 (PDF 1.7 L3) → hashcat -m 10600 document.hash wordlist.txt
• AES-256 (PDF 1.7 L8) → hashcat -m 10700 document.hash wordlist.txt

Adding rules dramatically improves coverage: hashcat -m 10500 document.hash wordlist.txt -r rules/best64.rule. For users who want to skip this entirely, OHC performs pdf2john extraction server-side automatically — you upload the raw .pdf file and the platform handles everything from hash extraction to mode selection.

OnlineHashCrack is purpose-built for exactly this scenario: you have a locked PDF, you need the password recovered, and you want GPU-accelerated processing without configuring a local hashcat environment. The workflow is designed to remove every technical barrier between you and your document.

Navigate to /index.php and upload your .pdf file. You do not need to extract a hash manually. OHC accepts the raw PDF file and runs pdf2john server-side to extract the hash. This eliminates a common failure point — an incorrectly extracted or truncated hash — that can cause false negatives in local cracking sessions.

Once the file is processed, OHC identifies the PDF version and encryption level embedded in the document metadata. The platform determines whether your file falls under mode 10400, 10500, 10600, or 10700 automatically. This is critical because running mode 10500 against a mode 10700 hash will produce zero results regardless of how good your wordlist is.

Based on the detected encryption level, OHC applies an appropriate attack strategy:

• For mode 10400 (RC4 40-bit): high-speed exhaustive and dictionary attacks — coverage is broad
• For mode 10500/10600 (RC4 128-bit): curated wordlists with rule-based mutations and common password patterns
• For mode 10700 (AES-256): focused dictionary attack using large compiled wordlists including known leaked credential databases — brute-force is not feasible at this speed, so wordlist quality is everything

Recovery time depends on encryption strength and password complexity. A mode 10400 document with a common password recovers in seconds. A mode 10700 document with a strong random password may not be recoverable — OHC will report the result honestly rather than run indefinitely. You will be notified by email when the job completes, whether successful or not.

Compliance note: OHC requires that you are the legal owner of the document or have explicit written authorization to recover its password. Password recovery is offered exclusively for authorized, legitimate use cases.

PDF password recovery serves a broad range of legitimate use cases. Understanding which scenario matches your situation helps set accurate expectations before you submit.

Tax preparation software and accountant portals frequently password-protect PDF exports. A common pattern is to set the password as a Social Security number, date of birth, or a simple numeric PIN — all of which fall within dictionary and rule-based attacks. If your document was generated by TurboTax, H&R Block, or a similar platform, the encryption is typically AES-256 (mode 10700) since these are modern applications. However, the password space is often limited to personally meaningful numbers, giving dictionary attacks a realistic success rate.

Law firms and digital signature platforms sometimes lock PDF deliverables with a password communicated separately. When that password is lost or the communication is unavailable, the document becomes inaccessible. Contract PDFs from the 2000s frequently use older Acrobat versions with RC4 encryption (modes 10400–10500), making recovery highly feasible. Newer e-signing platforms targeting PDF 1.7 AES-256 are harder — but many use weak default passwords or sequential patterns recoverable via rules.

Document management systems and multifunction printers that scan-to-email often apply owner passwords rather than user passwords. In this case, the document opens freely but printing or copying is restricted. For older PDF versions, this owner restriction can be cleared without hash cracking. For newer versions with AES-256, the permissions password is protected by the same strong encryption as the user password.

Forensic analysts encounter password-protected PDFs as artifacts in investigations — evidence documents, exfiltrated data archives, or password-protected reports. In authorized forensic engagements, recovering access to such documents is a standard workflow step. OHC's GPU infrastructure — built on modern NVIDIA hardware — provides the throughput needed to process multiple documents efficiently within a forensic timeline.

• Always document the chain of custody and authorization before submitting forensic artifacts to any external platform
• For mode 10700 documents with unknown passwords, set realistic expectations: wordlist coverage is the primary variable
• Consider submitting the hash (extracted via pdf2john) rather than the raw PDF if document confidentiality is a concern — OHC accepts both

The single largest factor in PDF password recovery success — especially for AES-256 protected documents — is the quality of the wordlist and the rules applied to it. Understanding how to maximize coverage with a limited hash-per-second budget is essential practice for any security professional.

Generic wordlists like rockyou.txt (~14 million entries) are a solid baseline but insufficient for professional recovery. More effective options include:

• Compiled breach databases: Aggregated from multiple data breaches, these contain hundreds of millions of real-world passwords actually chosen by users
• Language-specific wordlists: If you know the document owner's locale, a French, German, or Spanish wordlist dramatically narrows the search space
• Domain-specific lists: For corporate documents, wordlists built from company names, product names, and internal terminology outperform generic lists

Hashcat rules transform base words into password variants, covering patterns like capitalizing the first letter (c rule), appending numbers ($1 $2 $3), substituting characters(sa@ se3), or reversing the word. For PDF recovery, the most impactful rules target common password construction habits:

• best64.rule: a widely used balanced ruleset covering the most common mutations
• OneRuleToRuleThemAll: a larger community-compiled ruleset for deeper coverage
• Date appending rules: extremely effective against document passwords set by individuals (e.g., Contract2019, Tax_2022)

If you remember partial details about the password — length, whether it contained a year, or that it started with a capital letter — mask attacks are significantly more efficient than pure brute-force. Example:

• hashcat -m 10700 doc.hash -a 3 ?u?l?l?l?d?d?d?d — attacks passwords like Docs2023
• hashcat -m 10700 doc.hash -a 3 ?d?d?d?d?d?d — six-digit numeric PIN

OHC's platform incorporates curated wordlists and optimized rule sets compiled from real-world recovery experience, giving you access to broader coverage than a default local installation would provide out of the box.

• NIST SP 800-132: Recommendation for Password-Based Key Derivation - NIST
• Hashcat Wiki: Attack Modes and Options - hashcat.net
• PDF 32000-1:2008 — PDF 1.7 Specification - Adobe / ISO
• Cryptographic Storage Cheat Sheet - OWASP
• PDF Hash Extractor

OnlineHashCrack accepts raw .pdf files directly — pdf2john extraction runs server-side, the encryption version is detected automatically, and the appropriate hashcat mode (10400 through 10700) is selected without any manual configuration from you.