Friday, September 26, 2008

Excel Password Crack

Have you ever been handed an Excel spreadsheet and needed to modify it, only to find it had Workbook Protection enabled that requires a password?  

To unprotect the workbook, you would go into:
Tools->Protection->Unprotect Workbook.

Of course, the person who gave you the file doesn't know the password or they would have given it to you when they gave you the file.

Well a quick search will find there are several hacking utilities out there to break the password in Excel workbooks.  Some of these are free and some cost up to $30.  Some run locally and some require you send the file to them (not usually a good idea if your file contains confidential information.)  

So I decided I'd try a free utility.  The first one I grabbed was kind of large and including a full installer.  I was concerned it could install spyware or other unwanted software and I wasn't anxious to run an installer for something that really should just be a simple little app, so I kept looking.  Then I found something better.  A single file that was an Excel Add-In.  Using an Add-In isn't as dangerous as running an installer (perhaps an Add-In could be malicious, but I've never heard of a rootkit being created via an Add-In) and it was provided on a web site that had other useful information.  So since this wasn't the publisher's only application it seemed to me they would be more concerned about their reputation then a website devoted only to a password cracker tool and therefore would not tend to include anything malicious in their code.

Anyway, I added the Add-In, opened the sheet, and in a few minutes (it's a brute force password attack) I had a working password!  Fantastic.

If you need this, I highly recommend the tool provided by Erlandsen Data Consulting called Find Lost Passwords.

This is a Windows only solution.  This Add-In will not work in Office 2008 for the Mac because it relies on VBA which is not supported in Office 2008.  This also will not work in Office 2004 although I'm not sure of the reason.  It's possible it references compiled Windows only code.

One thing to note, the password you get will work 100%.  However, it will probably not be the original password.  The way Excel hashes passwords, there are actually a lot of letter combinations that result in the same password "hash" so in other words if you protected a file with the password "ILoveChocolate" there are actually a lot of other letter combinations that will still open that Excel spreadsheet for you.  This application simply gives you the first letter combination that has the same hash as "ILoveChocolate."  So if you test it on a spreadsheet that you actually knew the password on, don't be surprised if the password doesn't come out to be a the one you expected.  But it unlocks the spreadsheet just fine because inside Excel's security procedures, the passwords look the same.