PDF documents

PDF workbench

A PDF that lands in your inbox, that you download or that a client hands you is not a sheet of paper: it is a format with a programming language inside. Opening it with Acrobat or Preview means running it — its JavaScript fires, open actions are followed, and the document can reach the outside and tell whoever crafted it that it was opened, when and from which IP address. Probatio's PDF module instead opens it in its own window and in a multi-layer sandbox: the document is interpreted, not executed; the window has no network; the raw bytes are parsed in a subprocess isolated from the rest of the system, with memory and time limits and — on macOS — an operating-system profile denying it network and any write outside its work folder. It is a safe reader for anyone who has to open a suspicious attachment — analyst, professional, cautious user — and at the same time a forensic workbench to examine it (provenance, active code, hidden text, signature) and work on it (pages, redaction, annotations, stamp) without ever touching the original.

Security · Defence in depth

Three layers between the PDF
and your machine

A PDF is not a sheet of paper: it is a format with a programming language inside. Opening a document you don't trust is, quite literally, running code from a potentially hostile source. Probatio does not just «turn JavaScript off»: it separates what the document asks to do from what the system lets it do, at three independent levels — if the first falls, the other two remain.

  • The document is not executed — Rendering engine with eval disabled, scripting off, no active annotation layer: JavaScript, /OpenAction, /Launch and links do not fire. Active code is extracted and shown.
  • The window cannot get out — A restrictive Content Security Policy limits connections to the app itself: no «phone home», nobody learns that you opened the file.
  • Parsing lives outside the application — The file's bytes are read by a separate helper (probatio-pdf-helper) with a memory cap, a CPU cap and a timeout. A malformed PDF brings down the helper, not Probatio, and does not take the working session with it.
  • On macOS, the OS itself enforces confinement — The helper runs under a sandbox-exec profile that denies network, denies writes outside the work folder and denies spawning other processes. Tested: an attempted write to /etc is refused by the kernel, not by an in-app check.
  • The file's bytes never leave the sandbox — The helper only produces derived results (metadata, decoded images, cleaned copies). Delivery to a path you choose is performed by the trusted main process: the sandbox never writes where you decide.
  • The original is never touched — Each window works on a session copy. Undo and redo are full document snapshots, not inverse operations: an «undo» that sometimes does not undo is worse than no undo at all.

How far it goes, and where it stops. OS-enforced confinement is active on macOS (a sandbox-exec profile) and on Windows (a restricted-token Job object): no network, no writes outside the work folder, no child process. On both, the helper also runs as a separate process with resource limits, so a malformed file brings down the helper and not the app. And no sandbox makes a file harmless: basic sanitizing removes JavaScript, automatic actions and attachments, but an exploit nested in a malformed stream or in a font would survive. To go after that very vector Probatio offers a deep clean: it rebuilds the document, discards embedded font programs (remapping fonts to a standard one) and neutralizes dangerous-codec images — JBIG2 and JPX, the class of the FORCEDENTRY attack. Both sanitizing and deep cleaning are always your choice, declared, at save time — and when the PDF is evidence to be filed, keep in mind that cleaning it alters it: the cleaned copy is no longer the original.

What it does

What the PDF workbench module does

Sandbox reading

The document's JavaScript, open actions (OpenAction), external commands (Launch) and links are not executed, and the window has no network access: active code is extracted and shown, not run.

Parsing isolated from the system

The PDF bytes are read in a separate subprocess, with a memory cap (1.5 GiB), a CPU cap (30 s) and a timeout: a malformed or malicious file can bring down the helper, not the app. On macOS an operating-system profile denies it network, writes outside its work folder and spawning other processes.

Provenance inspection

The program that generated the PDF, creation and modification dates, source file (xmpMM:DerivedFrom), inferred operating system from the producer string — labelled as an inference, because no PDF records its own OS — and the full XMP packet.

Extracted active code

Every object in the document is walked looking for action dictionaries: JavaScript, Launch, URI, SubmitForm. The code is read in full in the Inspection column. Looking only in the «well-known places» would always miss one.

Hidden text and poisoning

White-on-white text, in invisible render mode or in a microscopic size: invisible on the page, but read by whoever extracts the text — automated review, indexing and AI models. Probatio lists it page by page and takes you to it with a click.

View & search

Zoom, in-text search with match highlighting, page thumbnails, single- or two-page view and a split view (vertical or horizontal) to compare two distant pages of the same document.

Pages, undo and redo

Delete, rotate, reorder and insert pages from another PDF, by dragging it to the chosen spot among the thumbnails: imported pages arrive complete, with the attributes inherited from the source document. You always work on a session copy, with undo and redo on full document snapshots.

Real redaction

Redaction removes the glyphs from the file, it does not put a black rectangle over them: the redacted text is no longer extractable by copy-and-paste nor by pdftotext. Images and annotations inside the area go too; the document is re-serialised, so the previous revision does not survive inside the file.

Annotations

Highlights in five colours, notes (sticky) and arrows. They are real PDF annotations, each with its own appearance stream: Acrobat reads them, Preview reads them, and they can be removed without touching the content.

Stamp & image library

Apply an image (e.g. a signature PNG with transparency) and resize it with locked proportions. Embedded images sit in a library with thumbnails and a lightbox, zoomable 1:1 at their true resolution: JPEGs are saved bit-identical to the embedded stream, so the extracted image's hash matches.

PAdES signature verified on the original

A badge flags whether the PDF is signed; on the first edit it warns that the signature will be invalidated. The detail (validity, integrity, signer, eIDAS/QSCD, chain, timestamps, OCSP) is checked on the original file, not on the work copy: verifying the copy would tell a lie about the document you received.

YARA and informed saving

On opening, a YARA scan warns about code known to be suspicious — and if the rules cannot be downloaded it says so: «I could not look» is not «clean». When saving a document with active code, you choose between a sanitized copy and the original file as it is.

Step by step

How it works

  1. Drag a PDF onto the module — or use “Open with Probatio” from the OS context menu. It opens in its own window.
  2. The sandbox interprets it without executing its JavaScript and without network, while byte parsing happens in an isolated subprocess. Active code is shown, not executed.
  3. Inspect provenance, active code, hidden text, embedded images and the signature; check the YARA matches in the Inspection column.
  4. Work on the pages, redact, stamp and annotate: always on a copy, with undo and redo.
  5. Save as: the original is never touched. For a suspicious PDF choose the sanitized copy, knowing that sanitizing does not guarantee harmlessness and that the cleaned copy is no longer the original.
FAQ

Frequently asked questions

Why is opening a suspicious PDF with Acrobat or Preview risky?
Because a PDF is not a sheet of paper: it contains a programming language. A normal reader executes the document's JavaScript, follows its open actions (OpenAction) and can reach the outside — telling whoever crafted the file that it was opened, when and from which IP address.
What does it mean that Probatio opens the PDF «in a sandbox»?
It means three independent layers. First: the rendering engine has eval and scripting disabled, so JavaScript, OpenAction, Launch and links do not fire. Second: a restrictive Content Security Policy prevents the window from making any network connection. Third: parsing of the raw bytes happens in a separate subprocess, with a memory cap (1.5 GiB), a CPU cap (30 s) and a timeout, and on macOS under an operating-system profile denying it network, writes outside its work folder and spawning other processes.
Does the sandbox work on Windows too?
Yes. OS-enforced confinement (no network, no writes outside the work folder) is active both on macOS, with a sandbox-exec profile, and on Windows, with a restricted-token Job object. On both, parsing also runs in a separate subprocess with resource limits, so a malformed PDF brings down the helper and not the application. macOS and Windows are the supported desktop platforms.
Does the sandbox make a malicious PDF harmless?
No, and no honest tool promises that. The sandbox limits what the document can do to your machine; basic sanitizing removes JavaScript, automatic actions and attachments. For the most insidious vector — an exploit nested in a malformed stream or in a font — there is a deep clean that rebuilds the document, discards embedded font programs and neutralizes dangerous-codec images (JBIG2/JPX). Even so there are no absolute guarantees: this is why the choice to clean always stays with you, declared, at save time; and when the PDF is evidence to be filed, keep in mind that cleaning it alters it and the copy is no longer the original.
What is hidden text in a PDF?
It is text present in the file but invisible on the page: white on white, in invisible render mode or in a microscopic size. You do not see it while reading, but anyone extracting the text does — automated review, indexing and AI models — and it is the classic route for prompt injection or poisoning. Probatio lists it page by page and takes you to it with a click.
Does redaction really remove the text from the PDF?
Yes. Probatio removes the glyphs from the content stream and replaces them with an equivalent advance, so the remaining text does not shift; it also removes images and annotations contained in the area, and only at the end draws the black rectangle. The document is re-serialised, not incrementally updated, because an incremental update would keep the previous revision with the original text. The limits (glyphs with uncertain metrics, images intersecting the area without being contained in it) are declared and counted, not hidden.
Does editing a signed PDF invalidate its signature?
Yes, and Probatio tells you beforehand: a badge flags that the document is signed, and the first operation that modifies it raises an explicit warning. Signature verification (validity, integrity, signer, eIDAS/QSCD, chain, timestamps, OCSP) is always performed on the original file and not on the work copy, which may already have been modified.
Is the original modified while I work?
Never. Each window duplicates the document into a session folder and every operation acts on that copy; the original stays untouched on disk until you choose where to save the result. Undo and redo work on full document snapshots, so an undo always truly undoes.