ELCOMSOFT.COM » Advanced PDF Password Recovery


Command line


Top  Previous  Next

You can run APDFPR with command-line parameters. You can use command-line switches for either batch processing (to remove restrictions from PDF files, when 'user' password is empty or known, or to perform attacks on ''user' or 'owner' passwords (for single file).


Batch processing


For batch processing, the command line looks like the following:


apdfpr.exe -batch src_path [dest_path] [options]


Please note that -batch parameter is mandatory here; without it, the command line will be parsed the different way (for user/owner password recovery, see below).



Path for source file(s); wildcards are allowed.


The location of the folder to put decrypted files to (must already exist). If not specified, source path is used.


Create backup copies of files being decrypted. Ignored if dest_path is not equal to src_path.


If the program encounters the file which is locked from opening (with "user" password set), it tries to decrypt it using the given password ("xxx").


Quiet mode; ignores the files with "user" password, if one specified in -p option doesn't match, or -p option is not supplied at all.


Maintain the decrypted file date/time same as the original.


Creates a log file ("log_path"; should be a file name).


Close program when all files are processed, main window is not being shown at all; last error is being returned (or just 0 if no errors occurred).


The parameters enclosed in square brackets are optional; the only mandatory parameter is the source path.


If src_file starts with @ character, it is treated as a name of the file that contains a list of PDF documents to be processed (one per line).


If source or destination path contain spaces, it has to be included in double quotes.


The password may contain any special characters, but they have to be represented in hex form with % prefix. For example, the space is represented as 20 in hex, so if the password is "my pass", the appropriate command line option would be:




The % character itself should be replaced with %25.


-w option could be used if you would like to execute APDFPR from your own software, but want the main program window not to appear on the screen (please note that if -p or -q option is not specified, but file with user password will be encountered, the program will still prompt for the password). When all files specified in the command line will be processed, APDFPR terminates with an appropriate error code.


-l option instructs the program to create a log file (describing all the program is doing, error messages etc). If the file already exists, APDFPR appends to it (writes at the information at the end). If the path to the file contains spaces, it should be shielded with double quotes (see examples below). Please note that if you select src_path as *.*, log file could not be created in the same folder where the source file are, because the name of the log file will also match the given mask, and so APDFPR will try to process it as a PDF file. Just use the mask like *.PDF, and/or create the log file in a different folder.




apdfpr.exe -batch doc??.pdf


apdfpr.exe -batch "c:\my documents\manuals\*.pdf" "c:\my documents\decrypted\" –q


apdfpr.exe -batch @list.txt -b -p=LockSmith -w –l="C:\Program Files\apdfpr_log.txt"


User/owner password recovery


Generally, the syntax is:


apdfpr.exe [switches] [pdf-filename]


If you already have the "project" (e.g. saved from past attack), you can use the project name instead of PDF file name:


apdfpr.exe [switches] [afr-filename]


The switches are separated with / or - characters. If the switch is followed by some data (e.g., filename, starting password, etc.) which contains these characters: space, semicolon, slash or dash, it must be enclosed in (single or double) quotes.







attack type (brute-force, mask, dictionary)



password to find (user, owner, any)



don't use MMX instructions        



character set (caps, small, digits, special, space, all)



user-defined charset


start from password




mask symbol



minimum password length



maximum password length



dictionary filename


smart mutations



try all possible upper/lower case combinations



start from line N



autosave every N minutes; 0 means disabled



autosave filename


autosave directory


run at idle priority



run at high priority



don't start the attack, just load/set the parameters


minimize the program after starting the attack


when the attack is completed, write all statistics, including the password (if found) to the given file (default "cmdline_stats.txt"), and close the program





apdfpr.exe /a:b /pass:u /c:cs /min:3 /max:7 /smartexit test.pdf

(brute-force attack; user password; small and capital letters; length from 3 to 7; save and exit when done)


apdfpr.exe /a:b /u:12345abcde test.pdf

(brute-force attack with "12345abcde" character set; length: from 1 to 5)


apdfpr.exe /a:m /pass:a /c:d /m:june???? /sf:june1000 /high test.pdf

(mask attack with ""june????" mask; any password; charset: digits; high priority)


apdfpr.exe /d:english.dic /sm /dontstart test.pdf

(dictionary attack; dictionary: "english.dic"; smart mutations; convert words from ANSI to OEM; don't start)


If the parameter is the afr-file, the program will immediately load all the settings from it (ignoring the other settings supplied in the command line, except /dontstart, /minimize and /smartexit), and run the attack.

Get more information about Advanced PDF Password Recovery
Get full version of Advanced PDF Password Recovery

(c) 2014 ElcomSoft Co.Ltd.