← Back to all posts

PDFUnlock Blog

How GPU Password Cracking Works (In Plain English)

A non-technical explanation of how GPU-based password cracking works: hashcat, dictionary attacks, brute force, rule-based mutations, and the ten-phase recovery system.

· by PDFUnlock team · 7 min read

When you upload a locked PDF to a password recovery service, what actually happens on the other end? No machine learning, no magic, no secret backdoors — just math, big dictionaries, and very fast hardware. Here’s how it works.

Step zero: extracting the hash

Before any cracking begins, the service extracts the encryption hash from your PDF. This is a small piece of data — typically a few hundred bytes — that was generated from your original password when the file was encrypted.

Think of it like a fingerprint. The hash doesn’t contain the password itself, but if you guess a password and compute its hash, you can compare the result to the hash in the file. If they match, you’ve found the password.

This extraction step is instant and doesn’t require GPU power. At PDFUnlock, we use a tool called pdf2john that runs in pure JavaScript — it takes less than 100 milliseconds.

Important: only the hash is extracted. We never read the content of your PDF. Even if we wanted to, we couldn’t — the content is encrypted.

Why GPUs, not CPUs?

A modern CPU has 8–16 cores, each optimized for complex, sequential tasks. A modern GPU has thousands of simpler cores, optimized for doing the same small operation on many data points simultaneously.

Password cracking is a massively parallel problem. You need to take a candidate password, hash it, and compare the result to the target — then repeat for the next candidate. Each test is independent. There’s no need for the cores to talk to each other.

This is exactly what GPUs are built for. A single NVIDIA RTX 4090 can test roughly:

  • 25 billion MD5 hashes per second
  • 300 million PDF RC4-128 hashes per second
  • 3 million PDF AES-256 hashes per second

A CPU doing the same work might manage 1/100th of those numbers. That 100x speed advantage is the entire reason GPU cracking displaced CPU cracking over the past decade.

The tool: hashcat

Almost every serious password recovery service uses hashcat, an open-source tool that has been under active development since 2009. It supports over 350 hash types, including every PDF encryption variant.

Hashcat is not proprietary. It’s not a secret weapon. It’s the standard tool, freely available on GitHub. The difference between services is not the software — it’s the hardware it runs on, the dictionaries used, and the rule sets applied.

Attack types

Dictionary attack

The simplest approach: take a list of known passwords and try each one. The most famous dictionary is rockyou.txt — 14.3 million passwords leaked from the RockYou breach in 2009. Despite being 17 years old, these passwords remain devastatingly effective because people keep choosing the same patterns.

A dictionary attack on a PDF runs in seconds to minutes, depending on the encryption type.

Rule-based attack

People rarely type password as their password anymore. They type P@ssw0rd! or Password2026. Rule-based attacks take each word in a dictionary and apply common transformations:

  • Capitalize the first letter
  • Replace a with @, e with 3, i with 1, o with 0
  • Append digits: 1, 123, 2026
  • Append symbols: !, ?, #
  • Reverse the word
  • Duplicate it

A single dictionary of 14 million words with a large rule set can generate billions of candidates. The best64.rule set (64 rules) and OneRuleToRuleThemAll.rule (~50,000 rules) are the most commonly used.

Brute-force (mask) attack

When dictionary and rule attacks fail, the last resort is to try every possible combination. Hashcat’s mask attack lets you define a pattern:

  • ?a?a?a?a?a?a = every printable ASCII character, 6 positions
  • ?d?d?d?d?d?d = every digit combination, 6 positions
  • ?u?l?l?l?l?d?d = uppercase + 4 lowercase + 2 digits

With --increment, hashcat starts at 1 character and works up. For printable ASCII (95 characters), the search space grows exponentially:

LengthCombinationsTime (AES-256, RTX 4090)
481 million< 1 minute
57.7 billion~40 minutes
6735 billion~2.5 days
769.8 trillion~270 days
86.6 quadrillion~70 years

This is why passwords beyond 8 random characters are effectively uncrackable with current hardware. And why we’re honest about AES-256 success rates.

PDFUnlock’s ten-phase system

We run attacks in order of speed, stopping as soon as the password is found:

  1. Phase 1 — Top 1,000 passwords (~1 second). A curated list of the most common passwords worldwide. About a third of real-world jobs end here.
  2. Phase 2 — rockyou.txt (seconds to minutes). The full 14.3 million password dictionary.
  3. Phase 3 — rockyou + best64.rule (minutes to an hour). Each rockyou entry with 64 common mutations.
  4. Phase 4 — Combinator (minutes to hours). Word+word combinations like john+2024 or love+forever.
  5. Phase 5 — Hybrid dict+mask (minutes to hours). Dictionary words with appended digits, e.g. password1234 or monkey+4 digits.
  6. Phase 6 — Keyboard walks (minutes). Common keyboard patterns like qwerty, azerty, 1qaz2wsx and similar sequences.
  7. Phase 7 — rockyou + OneRuleToRuleThemAll (hours). Each entry with ~52,000 mutations. The most productive phase for “clever” passwords.
  8. Phase 8 — Markov brute force (hours to days). Statistically-optimized brute force on 1–8 characters using Markov chains, testing the most likely character sequences first.

You can follow the progress in real time on your dashboard. Each phase transition is reported live via Firestore.

What we can’t crack

Let’s be direct about the limits:

  • Truly random passwords longer than 8 characters on AES-256: the math is against us. 9 characters of random printable ASCII on AES-256 would take years on a single GPU.
  • Passwords from a password manager (like t9^Jq2p@ZrW4): these are not in any dictionary and too long for brute-force.
  • Passphrases of 4+ random words (like correct horse battery staple): the word-combination space is too large.

We estimate our overall success rate at about 50% for RC4-128/AES-128 and 20% for AES-256. We show you this estimate before you start, and we only charge if we find the password.

No backdoors, no magic

There is no secret backdoor in AES or RC4. There is no way to bypass the encryption without the password. Every “PDF unlocker” that claims otherwise is either lying or talking about owner passwords (which are a different thing entirely and don’t involve encryption).

What we do is well-understood, decades-old cryptanalysis. The only variable is time and compute power. If the password is in our dictionaries or short enough to brute-force, we’ll find it. If it’s not, nobody can — and we’ll tell you that honestly.

Ready to try? Upload your PDF and see the result of the free quick test in seconds.

Ready when you are

Unlock your PDF in the next 60 seconds

Free for owner passwords. Pay-on-success for user passwords. No account. No card. Just the file and a result.

Drop your PDF now See pricing first