PDF password recovery · Pay only if found

Forgot your PDF password? We'll find it.

Drop your PDF here

or click to browse

Max 50 MB · Files deleted after 24 hours
No card required
Files deleted after 24 h
Hosted in Europe

About PDFUnlock

A recovery service built on transparency — not on false promises.

Most online PDF unlockers hide what they actually do. They wrap a hashcat binary behind a paywall, tell you the password « will be found », and charge you whether the attempt succeeds or not. We went a different direction. Every job runs through the exact same multi-phase pipeline you can read about on this page. We publish our honest success rates per encryption type. And we only charge if the password actually opens your file.

The underlying technology is boring on purpose. hashcat on a dedicated GPU, rockyou plus a couple of rule files, and a honest 24-hour timeout. No machine learning, no proprietary sauce, no claims of « quantum cracking ». What makes the difference is not the cracker — it's the UX built around it : multilingual, pay-on-success, GDPR-compliant, and a real company on the invoice.

If your password is genuinely random and twelve characters long, no one can recover it — and we'll tell you so before you start. If it's your grandfather's birthday with a capital letter and an exclamation mark, we'll likely crack it in under a minute. The honest truth is the only thing that scales.

The attack pipeline

This is what happens after you upload.

Every paid recovery runs through multiple attack phases. Localized dictionaries, hybrid patterns, keyboard walks, mutation rules, and Markov brute force. No shortcuts — just proven cryptanalysis.

hashcat --status job_2f8a3e.log
Stage 1

Quick dictionary

The 1 000 most common passwords, hashed directly against your file. About a third of real-world jobs are solved here, before we charge a cent.

Under 5 seconds · Always free

Stage 2

Rockyou

The 14.3 M rockyou dictionary. This is the canonical password list every serious attacker uses. Most non-random passwords live here.

Under 2 minutes

Stage 3

Rockyou + best64

The best64 rule set applied to rockyou — common substitutions, digit suffixes, case flips. Catches « P@ssw0rd2024 » style variants.

5–15 minutes

Stage 4

Smart combinations

Hybrid attacks (password1234, 2024admin), localized dictionaries in 16 languages (motdepasse, contraseña, Passwort, senha, пароль, şifre…), and keyboard walks (qwerty, azerty, 1qaz2wsx). Multiple algorithms targeting human password patterns.

30 min – 3 hours

Stage 5

Deep analysis

52K mutation rules applied to 14 million passwords, then Markov-optimized brute force testing the most likely character sequences first — not blind alphabetical order. The last resort.

Up to 24 h max

hashcat -m 10500 -a 0 hash.txt rockyou.txt -r best64.rule

Dictionary stats : 14 344 391 passwords

Guess.Base : File (rockyou.txt), Left Side

Speed.#1 : 121.3 MH/s (52.61ms) @ Accel:64 Loops:1024 Thr:1024 Vec:1

Recovered : 1/1 (100.00%) Digests

Status : Cracked

Honest success rates

Competitors promise. We publish.

The following rates are measured across all paid jobs run in the last 12 months. We don't round up. We don't cherry-pick. Our AES-256 rate is the one we're least proud of — but also the one that tells you we're not selling a fantasy.

  • RC4-40

    Acrobat 2-4

    100 percent success rate

  • RC4-128

    Acrobat 5-8

    50 percent success rate

  • AES-128

    Acrobat 9

    50 percent success rate

  • AES-256

    Acrobat 10+

    20 percent success rate

  • Hosted in Europe (GDPR)
  • Files deleted after 24 hours
  • We never read your content
  • You only pay if we succeed

Frequently asked questions

Answers before you ask.

The questions we get most often in the support inbox — grouped here so you don't have to ask them yourself.

How does PDFUnlock work?

You upload a PDF. We detect the encryption type, extract the password hash (never the file's content), then run a series of attacks: top-1000 dictionary, rockyou, rule-based variations, and GPU brute-force. If we find the password we charge you once via Stripe and reveal it. If we don't, you owe nothing.

Is this legal?

Yes — provided you own the PDF or have explicit authorization to access it. By using PDFUnlock you certify that the file is yours or that you have the right to recover the password. We are not liable for misuse.

What is the success rate?

It depends on the encryption type. RC4-40 is essentially 100 % (we crack it in seconds). RC4-128 / AES-128 sit around 50 %. AES-256 (Acrobat 10+) is the hardest — around 20 %. We are honest about expectations: very strong random passwords cannot be recovered.

What happens to my file?

Your PDF is stored in europe-west1 and automatically deleted 24 hours after upload. We extract only the encryption hash to feed to the cracker — we never read or process the file's actual content. Passwords are removed from our database 7 days after recovery.

Is payment safe?

Yes. All payments go through Stripe, which handles your card data. We never see or store your card number. Stripe takes care of currency conversion automatically — we only charge in EUR.

What if the password doesn't work?

Contact our support immediately. We will verify the password against your file. If it really doesn't open the PDF, we issue a full refund as a goodwill gesture. There is no contractual right of withdrawal because the digital service is delivered immediately, but we always make things right when something goes wrong.

Which languages are supported?

The site, dashboard, and emails are available in 11 languages. The cracker itself works on any password regardless of language — we use rockyou and rule-based variations that cover Latin scripts well.

Ready when you are

Unlock your PDF in the next 60 seconds

Free for owner passwords. Pay-on-success for user passwords. No account. No card. Just the file and a result.

Drop your PDF now See pricing first