bwern@jax.jaxnet.com (Ben Wern) writes: I was wondering if anyone out there has played with or 'broken' Microsloths encryption, especially in it's Excel from?
Accessdata of Orem Utah (1-800-658-5199) sells cracks for many of them. So does John Kuslich (602-863-9274); I think his prices are lower. I don't personally known or endorse either of 'em. I append a message with some code for doing 4.0 -- I haven't tried it, and don't know if it works for 5.0. It's in Basic, but I didn't perpetrate it. Jim Gillogly Mersday, 24 Solmath S.R. 1995, 01:05 ___________________________________________________________________________ Newsgroups: alt.security Path: rand.org!usc!news.service.uci.edu!ihnp4.ucsd.edu!agate!howland.reston.ans.net!cs.utexas.edu!convex!news.duke.edu!solaris.cc.vt.edu!swiss.ans.net!newsgate.watson.ibm.com!hawnews.watson.ibm.com!news From: agriffiths@vnet.ibm.com (Alan Griffiths) Subject: Re: Excel pass crack Sender: news@hawnews.watson.ibm.com (NNTP News Poster) Message-Id: <CwH0Jo.15sv@hawnews.watson.ibm.com> Approved: myself Date: Wed, 21 Sep 1994 08:21:24 GMT Lines: 103 Reply-To: agriffiths@vnet.ibm.com (Alan Griffiths) Disclaimer: This posting represents the poster's views, not necessarily those of IBM. References: <Rw+xX1t.cinepott@delphi.com> Nntp-Posting-Host: nhbrp75.caanerc.uk.ibm.com Organization: LORAL CAA NERC Project X-Newsreader: IBM NewsReader/2 v1.01 In <Rw+xX1t.cinepott@delphi.com>, Bob <cinepott@delphi.com> writes:
Someone was looking for a crack to excel's passwords, apparently they forgot their password ? Well I found these helpful tidbits posted previously.
|>Encryption of Ms Excel files |> From: Fabio Ottolina <fabio@tdc.dircon.co.uk> |> Date: 29 Jan 1994 12:51:18 GMT (1 screen) |> |> I have saved an Excel 4.0 for Windows file with password-protection, and |>I can't remember the password (how remarkably stupid! :-)). |>Is there any way to crack the password-protection of Excel files?
You may find the following program of help. I am sorry it's in QBasic but that's the only free language I have at present. The program removes document protection from Excel worksheets. I haven't tested it extensively so there are no guarantees or warranties. Always keep a backup copy of your files etc... The protection scheme does two things: 1. When you protect your document, Excel hashes your password to a 16 bit value, stores it somewhere and sets a few flags to say that the document is protected. 2. When Excel saves a protected document it encrypts the content of each block using 16 different alphabetic substitutions. This allows Excel to read and display protected documents before knowing their password. The program below unscrambles a protected document, removes an extra 8 byte block at the beginning, and resets the flags and passwords to zero. I don't know if it can cope with all combinations of protection available in Excel. It works fine on the simple protect document option. Similarly, charts etc. will probably get munged since I don't think the titles etc get scrambled. Hope this stuff is of use to someone. Alan. PS. Ironically enough, I found Excel of great value in recovering the set of magic numbers used in the program. It allowed me to very quickly generate and evaluate possible decryption formulae! -------------------cut here------------------------------ DECLARE FUNCTION decrypt$ (c$, adr&, blen%) DEFINT A-Z DIM SHARED magic(15) FOR i = 0 TO 15 READ magic(i) NEXT DATA 196, 115, 164, 32, 60, 91, 212, 23, 240, 31, 40, 19, 240, 75, 180, 3 COLOR 14, 1 CLS INPUT "Enter input Cyphertext filename: ", cf$ INPUT "Enter output Plaintext filename: ", pf$ OPEN pf$ FOR BINARY ACCESS WRITE AS #1 OPEN cf$ FOR BINARY ACCESS READ AS #2 chdr$ = INPUT$(18, #2) phdr$ = LEFT$(chdr$, 10) PUT #1, , phdr$ fp& = 10 cbh$ = INPUT$(4, #2) WHILE NOT EOF(2) PUT #1, , cbh$ blen = ASC(MID$(cbh$, 3, 1)) + 256 * ASC(MID$(cbh$, 4, 1)) btyp = ASC(MID$(cbh$, 1, 1)) + 256 * ASC(MID$(cbh$, 2, 1)) fp& = fp& + 4 IF blen > 0 THEN cblk$ = INPUT$(blen, #2) x$ = decrypt$(cblk$, fp& - 4, blen) IF blen = 2 THEN SELECT CASE btyp CASE 18, 19, 99 x$ = STRING$(2, 0) END SELECT END IF PUT #1, , x$ END IF fp& = fp& + blen cbh$ = INPUT$(4, #2) WEND CLOSE #1 CLOSE #2 END FUNCTION decrypt$ (c$, adr&, blen) offset = (adr& + blen) AND 15 d$ = STRING$(blen, 0) FOR i = 1 TO blen c = ASC(MID$(c$, i, 1)) crot = ((c * 8) MOD 256) OR (c \ 32) ctst = magic(offset) clss = (2 * (crot AND ctst)) AND 255 d = (256 + crot + ctst - clss) AND 255 MID$(d$, i, 1) = CHR$(d) offset = (offset + 1) AND 15 NEXT decrypt$ = d$ END FUNCTION -------------------cut here------------------------------ Alan Griffiths CAA NERC Project agriffiths@vnet.ibm.com Tel: +44-705-561325 Fax: +44-705-214094 All opinions expressed are my own and do not represent IBM in any way ___________________________________________________________________________