When Microsoft introduced Excel 2007, they introduced new file types – we all know them by now: xlsx, xlsm, xltx, etc. These file types are often referred to as Open XML. That’s because the new file types are essentially packages that contain XML files. If you take an xlsx file and change the extension to zip, you’ll be able to see all the xml documents that make up your Excel file.
The new Open XML file types come with lots of benefits. One of the major benefits is that you can change the content and properties of an Excel 2007 file simply by manipulating the XML documents that make it up.
Well, while playing with the Open XML files, I discovered that you can remove spreadsheet protection simply by applying a simple edit to the xml within the Excel file.
Say I have a workbook where Sheet1 is password protected. So I think to myself, “the nerve of some people – trying to keep me out of their spreadsheet”.
I decide that I want to unprotect this sheet, but I don’t know the password. Because this is Excel 2007, I’ll hack into the xml and remove the spreadsheet protection.
Step 1: Make a backup of your file in case you really monkey it up.
Step 2: Change the file extension to zip.
Step 3: Extract the contents of the zip file.
Step 4: Go to the extracted files and navigate to the xml for the target sheet (found in the ‘xl\worksheets’ directory)
Step 5: Open the target sheet’s xml document using an XML editor (I use a free editor called XML Marker)
Step 6: Find the ‘sheetProtection’ tag and remove the entire line.
Step 7: Save the edited xml document and replace the old xml document found in the original zip file.
Step 8: Change the extension back to xlsx.
Step 9: Enjoy your unprotected sheet.
That’s right folks; simply removing the sheetProtection element from the xml part negates all protections placed on that sheet. Amazing, right?
A couple of notes:
- Any password you see in the XML file is not the real password, nor will it work if you try to use it. It’s worthless.
- See this link to hack into a protected workbook.
- Do I have to even mention that this doesn’t apply to any xls files?
- Of course, you could do this all programmatically, but this strikes me as a one-off kind of thing. So coding something up is just not worth it to me.