Thursday, 28 June 2012

Microsoft Excel 2003 encryption scanner

(Edit 6/4/2013 - You will want the latest version at https://github.com/GavinSmith0123/crackxls2003 or https://github.com/GavinSmith0123/crackxls2003/tags rather than what is below.)

Microsoft Excel 2003 spreadsheets which are encrypted are encrypted with 40 bits of encryption.

No free program exists to scan keys to decrypt such files. I have taken a step towards such a program existing with the following file:

http://pastebin.de/27599

This is mostly complete, but requires to be linked against the low-level function involved in the MD5 algorithm, operating on a single 64-byte block. The "md5-fast.S" file linked to from here works. There is surely the same function in the implementation of the OpenSSL MD5 functions, but it is not provided as a publicly callable function.

Compile with something like "cc -O5 -fomit-frame-pointer -march=native -mtune=native crackxls2003.c -o xls_crack -lssl md5-fast.S".

I haven't put much work into the interface. It should be invoked with something like './xls_crack "7c dc fa a2 cd d2 2c 6a c8 f0 9f 3b 8b 72 ee f8" "d0 b0 64 e3 92 b2 6e 12 d0 5c 4a fe bc 66 35 8f" 1d da 30 05 8f'. The first argument is the "verifer" field, the second is the "verifierHash" field. The remainder of the arguments tell you where to start checking the key space. (The example I've given has the correct encryption key (which came from the password "monkey") which you can use to check the program is working.) These two fields can be obtained using a program like "poledump" in conjunction with the file format reference.

It processes keys at the rate of about a month per key space on my computer. On an x86 machine, it may be possible to make it go faster using SSE instructions. I have heard you can make it go very fast using GPU memory, but I cannot test this as my computer has none.

Once the encryption key is obtained, the demonstration version of "guaexcel" can be used to decrypt the file.
Obvious improvements would be to extend it to a complete program at both ends, extracting the necessary data from the encrypted file and decrypting the file after the correct key is obtained.

Let me know if you successfully used this code.

Links:

Crack password - RC4 40 bit decryption of documents - second part
Excel RC4 Encryption Algorithm
MS Office 40-bit key searching on GPU

10 comments:

  1. Hi Gavin:
    I tried compiling the program, but it wouldn't compile for me saying that the _RC4 and the related references are undefined. I have linked the libraries fine. Could you please share the binaries also?

    ReplyDelete
    Replies
    1. What is it saying is undefined? The RC4 symbols should be in the OpenSSL library. Can you be more specific about what commands you are using to compile it and what error messages you are getting? I could provide a Linux ELF binary but that might not work for you either depending on what versions of libraries you have installed or other factors.

      Delete
    2. I had the same problem when I was trying to compile the program in cygwin. After some time Googling around, I fixed the problem by specifying libraries "-lssl -lcrypto" instead of "-lssl".

      Delete
  2. This comment has been removed by the author.

    ReplyDelete
  3. Wow you guys are just too smart.. :) Been reading blogs by WORAWIT (SLEEPYA) and you and it's hard to try and wrap my head around all this. I've just got basic programming experience in python and it just blows my mind how you guys figure this stuff out and can write up code like you do. I too was checking out some decrypting excel tools and was curious of how the instant options works so well and fast. I have been checking out various programs that claim to decrypt or recover the password. So far all have either failed to recover the password or are still trying. The ones that offer to decrypt and show you a sample have all worked. One of these programs is called "Passware Password Recovery Kit". Its recovery part still hasn't found a password yet. It's currently at 14.5 Billion passwords checked and has 3.5 days left in its current attack. I was wondering if you ever finished a complied version of your project or maybe have it in more of a way I could figure out how to use it and make sense of what to do, maybe a guide or tutorial etc. A breakdown of the complete process would be nice so I could understand how it all works and what to look for etc. I've noticed the blogs seem to cover some of these parts but seem to speak mostly Greek to me. :) Since I do have a full picture of everything.

    ReplyDelete
    Replies
    1. They claim to find a password instantly but I actually doubt whether they'll do it that fast.

      To compile this program, you will need a C compiler and the OpenSSL libraries. Maybe you should try compiling a simple program ("hello world") to check that you have everything set up properly.

      The process is essentially:
      * Extract "verifier" and "verifierHash" fields from file
      * Run through key space to find correct key
      * Use key to decrypt document

      The program I've posted only does the second step.

      Delete
    2. If you check my blog, you'll see I've added an entry on the first step in more detail.

      Delete
  4. while compiling am getting error messages like some .h files missing
    where i get the fils...?

    ReplyDelete
    Replies
    1. You will have to post the messages you are getting. Perhaps you don't have the OpenSSL libraries installed?

      Delete
  5. Hi Gavin. Code works and I successfully decrypted an excel file. Missing password for more than 6 years and was able to retrieve the key in 6 days. Awesome tool!

    ReplyDelete