OfficerBreaker – pptx/docx/xlsx password remover
github.comThis password specifically refers to "Password to Modify" and Excel 2019 / 365 clearly warn in the reenter password popup:
> Caution: Password to modify is not a security feature. ... Malicious users can edit the file and remove the password.
This type of "protection" is also present in the VBA blobs (where you can change a few bytes and work around the VBA protection)
Saving a file with a password to open actually employs encryption. The exact setting can be tuned with registry settings, but is typically AES-128-CBC.
Saving a file as "read-only" encrypts the file with the standard password "VelvetSweatshop"
Huh? I wonder where that default password came from
A Seattle Times article from 1989:
> Inside Microsoft – A ‘Velvet Sweatshop’ or a High-Tech Heaven?
https://www.seattletimes.com/business/archive-inside-microso...
In other words, not much different from PDF's permissions feature.
Does PDF has a default password?
More like a default key, I suppose.28 BF 4E 5E 4E 75 8A 41 64 00 4E 56 FF FA 01 08 2E 2E 00 B6 D0 68 3E 80 2F 0C A9 FE 64 53 69 7A
Note: this is only for write protection passwords. Files that require a password to read are actually encrypted. I think any password that would prevent editing but allow reading would necessitate a fairly complex digital signature management scheme for data provenance (which might be useful in some settings).
I feel like a hash of the contents + some secret bytes could be a convincing signature that only the owners of the secret bytes could author.
Alternatively, hash the contents and signed using asymmetric keys. This would allow for non private key owners to validate the integrity
> I feel like a hash of the contents + some secret bytes could be a convincing signature that only the owners of the secret bytes could author.
How would you validate the signature?
Parent is describing a keyed HMAC scheme. JWTs sometimes use them, but key management is a massive PITA.
Some «security» features dont need to be secure. This is obviously one of those as the data is readable by all, but only modifiable by «those in the know», but if someone does anyway who cares.
I’ve done hardcoded frontend identity whitelists for authorization. Some times it’s fine to let hackers access stuff, but not the vanilla mass-market browsers. Feature flags etc
Actually, I think this one is better if it isn't perfectly secure. I make spreadsheets with passwords just so people won't go in there and accidentally delete something or make other silly mistakes. I'm not trying to hide anything or keep it safe from the outside worldor anything. Every once in a while I forget one of the passwords or set it up with a typo or something, and I have to crack it. I'm sure there's loads of people doing something similar. For me, the weak security on this particular password is a feature.
Based on the information in the README, wouldn't that be possible to accomplish in a simple bash script?
There's VBA macros that do it from within the document.
It would. Unzip, grep, zip.
Reading through it quickly, it looks like this is for files that are available to read, but write-protected? Not read-protected documents like a password protected Excel workbook?
A modern read-protected Office document is AES encrypted, so you cannot read those at all. But the read-only one, much like PDF do-not-print/do-not-copy protections, is just relying on the viewer to honor the protection marker.
Yes I think you can just save the readonly doc to a new writeable doc anyway.
If that is true, what is the point of this password remover?
Sometimes document provenance matters and you don't want a copy.
Hmm. I don't really get that. If document provenance matters, don't you want to keep it read only?
Or append-only (think Git)
Nice. In older versions of xlsx they used a weird hash function with tiny hash space that could be brute-forced in <1s. There were some VBA code snippets circulating and in my old team where we had to deal with a lot of such files we all had a script as a shortcut in the Excel toolbar.
I knew about the xml trick, but I could never get it to work consistently. This looks useful, thanks for sharing.
I know this may be slightly off topic as this specifically deals with the modify, not the access password. But Office for Mac still limits access passwords to 15 characters, my understanding is that this is a significant weakness for documents saved from Office for Mac. Does anybody have any insights into how big of an attack vector this actually is?
Hopefully no one treated these passwords as an actual security feature.
I have some bad news for you. I know of at least 2 occasions.
haha I wrote something like this in python once.
Me too : I wrote a few lines of Python for my personal use, to remove docx write protection, and a few other useful stuffs e.g. changing author names, shrinking the size of the document by converting .png/.emf to .jpg, etc. The function for removing the write protection is very short :)
=> I wrote it for my personal use and for a few friends, and it is unfinished and not very well written, but if it can be useful to others, my little tool is here https://github.com/karteum/Doctoolxmldata = ZipFile(docxfile).open("word/settings.xml").read().decode() xmldata = re.sub("<w:documentProtection .\*/>", "", xmldata)