Hack into a protected Excel 2007 Sheet

When Microsoft introduced Excel 2007, they introduced new file types – we all know them by now: xlsx, xlsm, xltx, etc. These file types are often referred to as Open XML. That’s because the new file types are essentially packages that contain XML files. If you take an xlsx file and change the extension to zip, you’ll be able to see all the xml documents that make up your Excel file.

The new Open XML file types come with lots of benefits. One of the major benefits is that you can change the content and properties of an Excel 2007 file simply by manipulating the XML documents that make it up.

Well, while playing with the Open XML files, I discovered that you can remove spreadsheet protection simply by applying a simple edit to the xml within the Excel file.


Say I have a workbook where Sheet1 is password protected. So I think to myself, “the nerve of some people – trying to keep me out of their spreadsheet”.

I decide that I want to unprotect this sheet, but I don’t know the password. Because this is Excel 2007, I’ll hack into the xml and remove the spreadsheet protection.

Step 1: Make a backup of your file in case you really monkey it up.

Step 2: Change the file extension to zip.

Step 3: Extract the contents of the zip file.

Step 4: Go to the extracted files and navigate to the xml for the target sheet (found in the ‘xl\worksheets’ directory)

Step 5: Open the target sheet’s xml document using an XML editor (I use a free editor called XML Marker)

Step 6: Find the ‘sheetProtection’ tag and remove the entire line.

Step 7: Save the edited xml document and replace the old xml document found in the original zip file.

Step 8: Change the extension back to xlsx.

Step 9: Enjoy your unprotected sheet.

That’s right folks; simply removing the sheetProtection element from the xml part negates all protections placed on that sheet. Amazing, right?

A couple of notes:

  1. Any password you see in the XML file is not the real password, nor will it work if you try to use it. It’s worthless.
  2. See this link to hack into a protected workbook.
  3. Do I have to even mention that this doesn’t apply to any xls files?
  4. Of course, you could do this all programmatically, but this strikes me as a one-off kind of thing. So coding something up is just not worth it to me.

168 thoughts on “Hack into a protected Excel 2007 Sheet

  1. Jen


    This is awesome! I got it to work right away. However, once I got into the spreadsheet, I found that some of the equations I’m trying to understand are calculated by VBA MODULES, which are also locked! There is a file within the .zip called “VBAproject.bin”, which I imagine will have a similar line of code related to protection. Do you know how to unlock the VBA project? Thanks!


  2. Brent


    Open the document in Excel and save it as .xlsx, not .xls. Once you’ve done this, you can rename the extension to .zip and continue on with the rest of the instructions.

  3. Dany

    Dear Sir,

    I tried your method but I’m stuck at step3, I can’t extract the file.
    I tried using 7zip, it worked but I couldn’t find the xml files, the extracted file are with no extension and different names of the one u mentioned!

    Please advice.

    Waiting your feedback.

    Best Regards,

  4. masood

    thanks alot sir,you’ve saved my a.. .
    please be noted that in some cases we must changed the zip format to .xlsm and then save as .xlsx cause it can’t be opened if we save it as .xlsx .
    thanks again or your advise

  5. Walking

    This is very interesting although I want to do something similar but not quite.
    I would like to find the original password of an exel file that has been protected to prevent others making changes to it. U know? The ‘protect workbook’ option. That pasword i want, not only get inside the file but find the real original password..
    Can u help me with that?
    Kind regards, Günther

  6. Flying

    The original password ist not stored within the EXCEL file. Therefore you can not easily “look for it”. You can however use some of the available “Crackers”.

  7. Richard

    Hi, thanks for this tip. Has allowed me to recover the data from a file that is allegedly corrupt and won’t be opened by MS Office, Libre Office, Quick Office etc.


  8. Divyang Kayastha


    This is really a good work, but i am unable to delete those password lines from extracted zip folder.

    Can you help me out?

    Thanking You.

  9. Juan

    Dude, you rock with this, it worked perfectly. Before reading this post I read other and they send me to different links to download vba, freeware, etc, but, your method was the one, worked from the first shot. Thanks!

  10. Haider

    Hi. Iam in lots of trouble i protected my xlsx file with a password a few days ago. i was used to hibernate the computer but on week end i shut it down and after that i am unable to open file as i cannot remember the password. please help

  11. Jayesh

    Great Man…It worked very smoothly with me…I tried lots of other ways & just about to give up…but at last found this blog…thanks to you…thanks for sharing…!!!!

  12. David

    Note that if you extract it with something like 7Zip (which I recommend because you have fgreater control than Windows “Extract All…”) extract it to the current folder. Then when you re-zip the file, only select the extracted folders and files to rezip.

    I made the mistake of extracting to “Extract to [filename]\” and when I re-compressed it, the extra tree depth made Excel think the file was corrupted!

    It’s important that the recompressed zip tree NOT be foldername\xl, foldername\docProps, etc.; it should be xl, docProps, etc. at the top level.

    Wasted an hour discovering this!

  13. Vinay

    i followed these steps,
    1. .xlsx to .zip
    2. extract to a folder with 7zip
    3. but i got

    [6]DataSpaces (Folder)
    EncryptedPackage (File)
    EncryptionInfo (File)

    Unable to find this folder (Go to the xlworksheet sub-folder that you just extracted)

    please Help me

Leave a Reply

Your email address will not be published. Required fields are marked *