How to Embed JavaScript into PDF

1. Introduction

In this article I continue from my last post How to Manually Create a PDF. I explain how to embed JavaScript into a PDF document and how to extract the JavaScript from a document as well. Malicious code is often embedded as JavaScript inside a PDF document and extraction of the JavaScript is a useful method to isolate and reverse engineer the code for security professionals.

2. AlertBox Example

In the last article I explained the format for a PDF and provided a simple example that printed “Hello World!” at the top of the document. It contained only the bare essentials and we will now add on to the example and include JavaScript. Below is the code for the original example created in the last post.

In order to introduce JavaScript to the PDF we need to modify the original example and add three new objects. The first object will be an indirect object that has a reference to the JavaScript object.

As you can see in the figure above, object 6 has the JavaScript tag and points to the object 7. That is all we need to include for the first object. The second object will be another pointer. It will include the “Name” tag and this allows us to name the JavaScript code we will introduce to the PDF document. As you can see we have a reference to the third object which is object number 8. The name I give the JavaScript code I will introduce is “My Code”.

The third object I need to introduce to embed JavaScript is an object with the actual JavaScript code. In my example this is object number 8.

Object 8 has three tags we need to include. The first is the “/JS ” tag which stands for JavaScript and holds the JavaScript code we wish to run. In this example I utilize the app object and use the method alert. This allows me to display an alert box when the PDF is opened. “cMsg” defines the message I wish to display within the textbox and “cTitle” is the title header for the textbox. The second tag is “/S” which describes the action dictionary which leads to my third tag which is “/JavaScript”. In order for my JavaScript to run we must make final adjustments to the PDF document. We must update the xref section of our document to account for the three new objects added.

The x ref tag will now include 9 objects and the size tag will change to 9 as well. The last modification to make is in our catalog object which is our root object 1.

We must include a reference to our JavaScript object which is object 6. We use the “/Name” tag to set the pointer. Now we have a fully functional PDF that will run the JavaScript when the document is opened. Below is a screenshot of the alert box that is produced by the JavaScript in my example.

3. TextBox Example

Let us look at another example that uses JavaScript to introduce a text box into the PDF document. We can use the template from above and make one simple change to the JavaScript section. In order to modify our JavaScript we only need to change object 8.

Here we have the same tags and only modify what is inside the parenthesis. In order to add a text box I use the document object and gain access to it by using “this”. “this” is a pointer to the current document and I am able to create a text box by using the “addField” method. Line 64 shows how I implement this method. “addField” takes four parameters. The first is the name for my textbox and in my example it is simply “My Text Box”. The second parameter is the type of field we wish to add. Since we require a textbox I use “text”, however others such as button are also available. The third parameter is the page of the document. It is an index that begins at zero and since I want the textbox on the first page, the value of the parameter is 0. The last parameter is the position of the text box. Previously on line 63 I initialize the coordinates of the textbox. Position takes a list of four numbers, measuring the box from left-top corner, right-top corner, bottom-left corner, and bottom-right corner. After this change we have a document that produces a textbox from the JavaScript we just created. Below you can see a screenshot of the PDF example. In the upper-left corner is the text box that is displayed in gray.

4. Conclusion

To sum up, we have two examples of how to incorporate JavaScript into a PDF document. I utilized JavaScript to display an alertbox and a textbox. Many more objects and methods can be controlled using JavaScript and the full reference can be found in Acrobat JavaScript Scripting Reference [1]. In the next article I will continue to show how to extract JavaScript from a PDF and how to decode a PDF which is normally encoded with filters such as "flatDecode".

References

[1] "Document Management - Portable Document Format", Available at

       http://www.adobe.com/devnet/pdf/pdf_reference.html

[2] "Acrobat JavaScript Scripting", Available at 

       http://partners.adobe.com/public/developer/en/acrobat/sdk/AcroJSGuide.pdf