Hack into a protected Excel 2007 Sheet

September 18th, 2009 by datapig Leave a reply »

When Microsoft introduced Excel 2007, they introduced new file types - we all know them by now: xlsx, xlsm, xltx, etc. These file types are often referred to as Open XML. That's because the new file types are essentially packages that contain XML files. If you take an xlsx file and change the extension to zip, you'll be able to see all the xml documents that make up your Excel file.

The new Open XML file types come with lots of benefits. One of the major benefits is that you can change the content and properties of an Excel 2007 file simply by manipulating the XML documents that make it up.

Well, while playing with the Open XML files, I discovered that you can remove spreadsheet protection simply by applying a simple edit to the xml within the Excel file.

 

Say I have a workbook where Sheet1 is password protected. So I think to myself, "the nerve of some people - trying to keep me out of their spreadsheet".

I decide that I want to unprotect this sheet, but I don't know the password. Because this is Excel 2007, I'll hack into the xml and remove the spreadsheet protection.

Step 1: Make a backup of your file in case you really monkey it up.

Step 2: Change the file extension to zip.

Step 3: Extract the contents of the zip file.

Step 4: Go to the extracted files and navigate to the xml for the target sheet (found in the 'xl\worksheets' directory)

Step 5: Open the target sheet's xml document using an XML editor (I use a free editor called XML Marker)

Step 6: Find the 'sheetProtection' tag and remove the entire line.

Step 7: Save the edited xml document and replace the old xml document found in the original zip file.

Step 8: Change the extension back to xlsx.

Step 9: Enjoy your unprotected sheet.

That's right folks; simply removing the sheetProtection element from the xml part negates all protections placed on that sheet. Amazing, right?

A couple of notes:

  1. Any password you see in the XML file is not the real password, nor will it work if you try to use it. It's worthless.
  2. See this link to hack into a protected workbook.
  3. Do I have to even mention that this doesn't apply to any xls files?
  4. Of course, you could do this all programmatically, but this strikes me as a one-off kind of thing. So coding something up is just not worth it to me.
Advertisement

162 comments

  1. Jen says:

    Hi,

    This is awesome! I got it to work right away. However, once I got into the spreadsheet, I found that some of the equations I’m trying to understand are calculated by VBA MODULES, which are also locked! There is a file within the .zip called “VBAproject.bin”, which I imagine will have a similar line of code related to protection. Do you know how to unlock the VBA project? Thanks!

    -Jen

  2. Jayr Gallego says:

    I can’t see the XML files.. It is only [6]DataSpaces, Encryption and etc. :(

  3. Brent says:

    Jayr,

    Open the document in Excel and save it as .xlsx, not .xls. Once you’ve done this, you can rename the extension to .zip and continue on with the rest of the instructions.

  4. dinesh says:

    it’z not working for me, geting error like this,

    winRAR:Diagnostic messages

    i cant extract

  5. Dany says:

    Dear Sir,

    I tried your method but I’m stuck at step3, I can’t extract the file.
    I tried using 7zip, it worked but I couldn’t find the xml files, the extracted file are with no extension and different names of the one u mentioned!

    Please advice.

    Waiting your feedback.

    Best Regards,
    Dany

  6. masood says:

    hi
    thanks alot sir,you’ve saved my a.. .
    please be noted that in some cases we must changed the zip format to .xlsm and then save as .xlsx cause it can’t be opened if we save it as .xlsx .
    thanks again or your advise
    masood

  7. Walking says:

    Hi,
    This is very interesting although I want to do something similar but not quite.
    I would like to find the original password of an exel file that has been protected to prevent others making changes to it. U know? The ‘protect workbook’ option. That pasword i want, not only get inside the file but find the real original password..
    Can u help me with that?
    Kind regards, Günther

  8. Flying says:

    The original password ist not stored within the EXCEL file. Therefore you can not easily “look for it”. You can however use some of the available “Crackers”.

Leave a Reply

Powered by sweet Captcha