warkolm
r҉ustic cy͠be̸rpu̵nk🤠🤖Same person got Linux working inside a PDF document
An entire kernel and OS running in a PDF. What a time to be alive
Bob Tregilus@cypnk Well that's a big fat WTF‽ I followed the link to the demo, but it requires a Chromium browser. I'm not even going to ask how, since I'm not a dev, but I can certainly wonder why? Why would you want to run a Linux kernel inside a PDF?
@elaterite We do things because we can. Why is an afterthought
@cypnk Indeed.
A Flock of Beagleswe find things that make us go.
@burnitdown Indeed!
clewOne of the big reasons why is that if you can run an operating system somewhere, you can run a lot --a *lot*-- of kinds of malware. Running Doom, an OS, etc demonstrates the risk without being immediately threatening.
(I am making some mildly informed assumptions here. If I am being Wrong on the Internet maybe someone will improve this description.)
Neville Park@cypnk i see your "doom/linux running in PDF" and raise you "Pokémon running in a font" https://www.coderelay.io/fontemon.html
@cypnk since the previous post is Doing Numbers, folks may also enjoy this 2021 zero-click iMessage exploit by notorious Israeli spyware-for-despotic-nation-states firm NSO Group, which involved sending a .gif file that was actually a PDF that used the now-uncommon JBIG2 black-and-white image compression format which, surprisingly, is Turing-complete.
As this Project Zero blog post explains,
JBIG2 doesn't have scripting capabilities, but when combined with a vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory. So why not just use that to build your own computer architecture and script that!? That's exactly what this exploit does. Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations. It's not as fast as Javascript, but it's fundamentally computationally equivalent.
@nev Amazing. I had totally forgotten about this. And if this is the caliber of exploit available at the time, I wonder what other amazing feats are possible now
Don Faulkner@cypnk can this Linux in a PDF also run a PDF viewer?
@dfaulkner OH! Oh my god! 
xinit ☕
Pseudo NymAnd we thought Conways Game of Life implementing and/or/not gates was cool, because you could, in theory, build up a computer to to run Life.
Now we've got PDF Inception, where, like the movie, we realize that time runs slower the more VMs you run inside each other.
cyAnd we thought Conways Game of Life implementing and/or/not gates was cool, because you could, in theory, build up a computer to to run Life.
In theory?
CC: @xinit@mastodon.coffee @dfaulkner@mastodon.social @cypnk@masto.hackers.town
In theory?
CC: @xinit@mastodon.coffee @dfaulkner@mastodon.social @cypnk@masto.hackers.town
🇺🇦 haxadecimal@cypnk
Back when Adobe first developed PDF, they had some smart employees that recognized the value of non-executable documents and non-Turing-complete file formats. (They already had Postscript for use when programmability was actually desired.) Either those employees were too smart to remain at Adobe, or their idiot management fired them.
Back when Adobe first developed PDF, they had some smart employees that recognized the value of non-executable documents and non-Turing-complete file formats. (They already had Postscript for use when programmability was actually desired.) Either those employees were too smart to remain at Adobe, or their idiot management fired them.
Three plus or minus fiveI don't get it at all. The whole point of PDFs over ghostscript was to ensure that a document looked the same no matter what screen or printer was being used, and that it was a static format suitable for archiving final product.
Playing DOOM on one is like getting your house foundation to dance.
Marsh Ray@ThreeSigma @brouhaha @cypnk Paper forms were converted to pdf format and put onto the web.
People wanted to be able to fill out these forms on their computer rather than printing them out, faxing them, and having them re-typed on the other side.
HTML could validate fields before allowing ‘submit’, so pdf needed that too.
People wanted to be able to fill out these forms on their computer rather than printing them out, faxing them, and having them re-typed on the other side.
HTML could validate fields before allowing ‘submit’, so pdf needed that too.
⚯ Michel de Cryptadamus ⚯@marshray @ThreeSigma @brouhaha @cypnk
> "Playing DOOM on one is like getting your house foundation to dance."
true, but it's also a very effective demo of why PDFs have been off and on the most popular phishing / malware vector for the last few years, which is why i created The Pdfalyzer a few years ago: https://github.com/michelcrypt4d4mus/pdfalyzer
It's proven to be a wildly more popular tool than I ever imagined.
@marshray @ThreeSigma @brouhaha @cypnk i also just stumbled on pdftris, which is apparently tetris embedded in a PDF.
¡Abbie!@antijingoist VMWare in a PDF, running Linux, opening a PDF, running Doom
Frost, glow wolf 🐺
@cypnk "only works in Chromium-based browsers"
I wonder if this is "Chrome made a new shitty API and now people are relying on it" came to their PDF reader, or if Acrobat would also work and this is "Firefox doesn't want to implement some weird forgotten corner of the PDF spec that makes this work but could also be a security risk".
Weltzeitgeist@cypnk lol. I just saw the Linux PDF Post and I wanted to ask the question which is answered by the OP. Crazy.
Christian Gudrian@cypnk This email could have been an operating system.
Gulasch Zeiten Soljanka Zeiten@cypnk
“Note: This PDF only works in Chromium-based browsers.”
- so it's not really a standards compatible PDF :(
“Note: This PDF only works in Chromium-based browsers.”
- so it's not really a standards compatible PDF :(
Space Catitude 🚀Very cool.
Also terrifying.
Raises serious questions about using PDF as a document format.
I guess my big question is how many PDF viewers are defaulted to run this kind of code in a PDF? 
One would hope that most have this turned off by default?
🤨
Charlie StrossPDF is descended from Postscript (with extras to make it device-independent).
Postscript is a programming language (in the stack-based Forth-like family) and is Turing-complete.
This was ALWAYS going to happen eventually.
(There is no way to turn off the language functionality in PDF without stopping it from displaying documents at all.)
Malcolm@cstross @TerryHancock @cypnk it's not using any postscript-like native programming features, it's using the Javascript support that PDF requires (apparently to make filling in forms online easier?) - the implementation details are entirely absent from the spec and Google in their wisdom decided to expose the whole engine they ship as part of the browser because why would that be bad? I strongly suspect the people behind that decision are too young to remember ActiveX...
CyberFrog@cstross @TerryHancock @cypnk this is exactly why I avoid PDF documents at ALL costs
yes, ALL costs, even if it breaks shit and annoys people, they're basically shitty little malware vectors and I hate opening or touching them
yes, ALL costs, even if it breaks shit and annoys people, they're basically shitty little malware vectors and I hate opening or touching them
as a large fashion model,@froge makes me wonder if a resource limited PDF/PostScript VM would be a worthwhile project. Put an upper bound on number of instructions (and memory of course), bam. It's one of those languages where you likely won't need 98% of the supported features (JavaScript? In *my* PDF? It's more likely than you think) if you're not doing anything fancy like forms
@dngrs well this is effectively some of the design goals of pdf.js, which is what firefox and I think chromium uses to render PDFs in the browser
from my understanding their idea was "well the browser already runs untrusted JS so maybe loading PDFs in there is more secure" lol
from my understanding their idea was "well the browser already runs untrusted JS so maybe loading PDFs in there is more secure" lol
@froge hmm, not a completely absurd project, but I bet it's C++ all the way down huh
@dngrs yeah of course... and I think it has been compromised before, but it's better than opening it locally and exposing yourself to one of the 10,000 Adobe Acrobat exploits, or using something god-awful like mupdf which just loads crap using an executable stack for some reason (in 2025, lol)
LisPi@TerryHancock @cypnk In theory, interpreted on non-broken hardware (lol) it would be "safe" once isolated properly.
But yes, there's a reason why I much prefer djvu as a format.
But yes, there's a reason why I much prefer djvu as a format.
@TerryHancock @cypnk I see no reason why it would have such access, but I'm sure some implementations screwed up anyway. It shouldn't be particularly hard to restrict such an implementation to only taking input/output through stdin/stdout or a socket and allowlist syscalls.
That ought to be enough for interaction commands and render output.
Problem is, that does all of nothing for mitigating hardware vulns.
That ought to be enough for interaction commands and render output.
Problem is, that does all of nothing for mitigating hardware vulns.
@TerryHancock That's a very good question and it may not be answerable. Thing is, different readers may implement different subsets of the standard, and even that may change between different versions
So every PDF is a mishmash of possibilities
Dave Rahardja@cypnk Holy shit, it’s *fast* too, considering it’s C running in asm.js.
Howard Chu @ Symas@cypnk huh, I was expecting to see tokenized PostScript, not javascript. There seems to be more than one way to achieve this...
@hyc Most definitely more than one way. This too is a bit of a workaround for the implementation limitations in the browser
Christian Kent 𝘊𝘒 :\﹥
shentonfreude@cypnk This is pretty terrifying from a security perspective -- all the office emails that include "safe" PDFs, what damage can they do?
@shentonfreude As uncomfortable as it is, I think this is further evidence that PDF, as widely implemented, effectively *can't* be considered a safe document format. That damage can be pretty severe
PoloniousmonkThat's funny. Well played.
Zillion
jack
Shane Rogers@cypnk that's awesome!
....but can it run Crysis? 🤣
@cypnk man people have some weird hobbies
Steinar BangWell PDF is actually PostScript which is actually Forth, which is a quite capable programming language.
And PostScript is Forth focused on rendering text and images.
Asier 🇪🇸@asier Very slowly. And only if you print a *lot* of pages
Jean Sans Peur
Parigot-Manchot φ@cypnk Why not but I prefer this : https://www.youtube.com/watch?v=V1gcoyo5Ssk
@Foon Got Doom Running On A Pregnancy Tester
Guy runs 'Doom' on a pregnancy test and wait, what?The tradition of running the legendary game Doom on various gadgets and appliances that were not originall...