Wednesday, May 21, 2014

Disarming suspicious PDF files on Apple Mac

You can't be too careful these days when browsing the Internet. I tend to read a lot of documents in PDF, often emailed to me as attachments or downloaded directly from the net. Even if the document comes from a trusted source, I tend to run in through Didier Stevens's pdfid tool with -d for disarm argument. script is written in Python and disables the automatic actions and scripts in PDF. You can read a brief explanation about how it works here.

Most of the time I am online on my beloved MacBook Air. Running the script in command line in the middle of something can be disruptive.  To deal with this, I used Platypus tool (freeware) to quickly create an app, that simply sits on my desktop. When I get a PDF file, I just drag and drop it into this app, which I called PDFdisarm. The app is nothing but script GUI wrapper. A few seconds later it spits out a new version of the PDF file to the same location as the original. It adds ".disarmed.pdf" to the new PDF version. If you on Mac, you can simply download this app from here or make one for yourself.  MD5 [ = 028f76abce5b6ea6f0425b34ebab9dd2]

Here are the instructions.

First, you need to download Platypus and the latest script. Open Platypus, then name your app, choose one of the default icons or use your own. Select Script Type as Python. Select Script Path and navigate to your saved script. Click Args button and add "-d" as Argument for Script.  Output can be Droplet or you can choose Progress Bar if you like. Secure bundled script is really optional.

Click to enlarge

Make sure to add '-d' argument for the script, not for Python interpreter!

Click to enlarge

Use Accept dropped items option to make sure you can drop files into your new app. You can specify the type of files to accept by entering pdf and removing default * symbol.

Click to enlarge

Click Apply and Create. If you followed these instructions, you should now have a useful app at your disposal. Don't forget to visit Didier Stevens's blog and say thanks for his great work.

No comments: