Thursday 14 December 2017

Excel VBA Password via Hex Editor

itemprop="text">

I have used the "Hex Editor to modify
DPB to DPx" many times in the past to bypass VBA project security on my old Excel VBA
projects (.xls), so I definitely know how to do it and know that I can do
it.



However I have just tried to do it yesterday
and found that it no longer seems to work. I tried using both Excel 2011 (Mac) and Excel
2003 (Windows) and in both cases, I got the same
behaviour;



Opening the VBA editor gave a message
saying that the project is corrupted and that the project will be removed. The VBA
editor then opens and, sure enough, all VBA is stripped out from modules and
worksheets.




I have tried this
method:
href="https://stackoverflow.com/questions/1026483/is-there-a-way-to-crack-the-password-on-an-excel-vba-project/1038783#1038783">Is
there a way to crack the password on an Excel VBA Project? (ie. creating a
spreadsheet with a known password and then copying across the relevant
fields)



But find that the length of the "GC" key
created on my 'dummy' spreadsheet is shorter than the "GC" key on the spreadsheet that I
am wishing to access (the "target"). I had read elsewhere that in cases where the
"target" keys were longer, you could pad the "dummy" keys to the same length but there
is nothing i can find to say what to do in the reverse
case.



So - my questions
(s);




  • Is anyone aware if a
    patch has been applied that makes the "hex editor" approach
    invalid?


  • Can anyone help with what to do when
    the dummy keys are longer than the target keys?

  • Can
    anyone else provide any updated onsite into this
    issue?



EDIT
Having
now solved this (to some degree) i thought i'd add a summary
here.



I HAVE NOT
been able to get this to work on Mac Excel 2011. Something about changing the file from
filname.xlsm to fielname.zip and back again results in a corrupted excel file which
Excel 2011 refuses to recognise.



I DID manage to
get this to work on an old windows machine (XP/Excel 2007) by modifying the .xlsm file
name to .zip, editing the DPB= AND GC= values in the vbaproject.bin file with a hex
editor then saving this in the .zip file before renaming the .zip back to xlsm. I used
the "test" example given by Ricko at the bottom and it worked with ONE CAVEAT - i had to
'pad' out my GC value to make it that same length as the original one in my
file.




ORIGINAL:
            GC="0F0DA36FAF938494849484"
NEW: (TEST) GC="BAB816BBF4BCF4BCF4" (from Ricko
            below)
NEW: (TEST) GC="BAB816BBF4BCF4BCF40000" (what i used and what
            worked)

class="post-text" itemprop="text">
class="normal">Answer



I have
your answer, as I just had the same problem
today:



Someone made a working vba code that
changes the vba protection password to "macro", for all excel files, including .xlsm
(2007+ versions). You can see how it works by browsing his
code.




This is the guy's blog: href="http://lbeliarl.blogspot.com/2014/03/excel-removing-password-from-vba.html">http://lbeliarl.blogspot.com/2014/03/excel-removing-password-from-vba.html
Here's
the file that does the work: href="https://docs.google.com/file/d/0B6sFi5sSqEKbLUIwUTVhY3lWZE0/edit">https://docs.google.com/file/d/0B6sFi5sSqEKbLUIwUTVhY3lWZE0/edit



Pasted
from a previous post from his blog:



For Excel
2007/2010 (.xlsm) files do following
steps:




  1. Create a new .xlsm
    file.

  2. In the VBA part, set a simple password (for
    instance 'macro').


  3. Save the file and
    exit.

  4. Change file extention to '.zip', open it by any
    archiver program.

  5. Find the file: 'vbaProject.bin' (in
    'xl' folder).

  6. Extract it from
    archive.

  7. Open the file you just extracted with a hex
    editor.

  8. Find and copy the value from parameter
    DPB (value in quotation mark), example:

    DPB="282A84CBA1CBA1345FCCB154E20721DE77F7D2378D0EAC90427A22021A46E9CE6F17188A". (This
    value generated for 'macro' password. You can use this DPB value to skip steps
    1-8)


  9. Do steps 4-7 for file with
    unknown password (file you want to
    unlock).


  10. Change DBP value in this file
    on value that you have copied in step
    8.







    If copied value is shorter than in encrypted file
    you should populate missing characters with 0 (zero). If value is longer - that is not a
    problem (paste it as is).





  11. Save
    the 'vbaProject.bin' file and exit from hex
    editor.


  12. Replace existing 'vbaProject.bin' file
    with modified one.

  13. Change extention from '.zip' back to
    '.xlsm'

  14. Now, open the excel file you need to see the VBA
    code in. The password for the VBA code
    will simply be macro (as in the example
    I'm showing here).




-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...