Monday 24 March 2014

Excel removing password from: VBA Project, Workbook, Sheet.

Updated to ver 1.2 (corrected issue with finding 'VBA Project.bin' file when Windows option "hide extensions for known file types" switched on.
--------------------------------------

Excel uses several others types of protection, the most common: WorkSheet and WorkBook protection, also not real one but more for foolproof. Regarding this topic there are much more info than about VBA Project unlocking, yet I decided to combine all those feature within one simple tool - 'Excel Unlocker.xlsm'.

Features:
  • Unlock VBA Project
  • Remove WorkBook Protection
  • Remove WorkSheets Protection
Unlock VBA Project. Uses the same algorithm described on previous post.

Remove WorkSheets Protection.
Macros just extracts all Sheets into tmp folder, then removes parameter "sheetProtection" from sheet xml files, and put them back into archive. (Remember, starting from version 2007 Excel stores its file in ZIP compressed archive with a directory structure of XML text documents, meaning that if you change extension from xlsx to zip you'll get a zip archive).

Remove WorkBook Protection. 
The program tries to find acceptable password, taking into account the fact that Excel uses algorithm which convert any password into 16-bit HASH and store it within the file (first bit always the same, so 2^15=32768 possible values, it's quite easy to try them all). Why that tactic? Certainly, there is an option to remove WorkBook protection parameter in workbook.xml file (inside zip archive), but 2007 version uses AES-128 encryption for files which have WorkBook protection option (meaning that even if you do not use your own password (leave it blank) when switch on WorkBook protection option Excel uses 'VelvetSweatshop' password for encrypting your file). So, you can't access inside excel file structure that easy, but checking 32768 values takes from few second to several minutes (on old PCs).

Yet in Excel 2013 Microsoft used another trick - changed tactic of calculation password HASH from 50 000 rounds of AES-128 to 100 000 rounds of AES-512, that significantly increased calculation time (from a 5-15 sec to 6 hours on AMD 4-cores 3,2 Ghz). Originally this tool was developed for 2007 Excel, and not took into account changes in 2013 version.

Please consider, that for some files method to unlock VBA Project may not work (because method build on 'known trick' rather than understanding technology behind).