JoseGodinez
commented
5 years ago [ { "file_name": "test_files/asciihexdecode.pdf", "file_signature_MD5": "e35ecfd2cfe1978a08e6c458c89a3b6e", "file_size": 3391, "scan_results": [ { "author": "Glenn Edwards (@hiddenillusion)", "detected offsets": [ "0x0:$magic" ], "file_signature_MD5": "e35ecfd2cfe1978a08e6c458c89a3b6e", "file_size": 3391, "hit_count": "1", "non_archive_file_name": "test_files/asciihexdecode.pdf", "scan_type": "Yara Scan (PDF - Raw data)", "version": "0.1", "weight": "1", "yara_matches_found": true, "yara_rule_id": "invalid_trailer_structure" }, { "file_signature_MD5": "3e25960a79dbc69b674cd4ec67a72c62", "file_size": 11, "non_archive_file_name": "test_files/asciihexdecode.pdf", "scan_type": "Yara Scan (PDF - Extracted text)", "yara_matches_found": false } ], "yara_matches_found": true, "yara_ruleset_file_name": "test_rulesets/lorem_pdf.yara" } ]
Add support for ASCIIDecode encoding support in PDF parser. Example file for texting here: asciihexdecode.pdf
That need to be tested with the raw option as encoding in the PdfToText (const uint8_t* pdf_pointer, size_t pdf_size, pdfparser::TextEncoding encoding)