I have tried 3 methods but none of them seem to work for Excel 2010 .xlsx file 1) Sub PasswordBreaker() Dim i As Integer, j As Integer, k As Integer Dim l As Integer, m As Integer, n As Integer Dim i1 As Integer, i2 As Integer, i3 As Integer Dim i4 As Integer, i5 As Integer, i6 As Integer On Error Resume Next For i = 65 To 66: For j = 65 To 66: For k = 65 To 66 For l = 65 To 66: For m = 65 To 66: For i1 = 65 To 66 For i2 = 65 To 66: For i3 = 65 To 66: For i4 = 65 To 66 For i5 = 65 To 66: For i6 = 65 To 66: For n = 32 To 126 ActiveSheet.Unprotect Chr(i) & Chr(j) & Chr(k) & _ Chr(l) & Chr(m) & Chr(i1) & Chr(i2) & Chr(i3) & _ Chr(i4) & Chr(i5) & Chr(i6) & Chr(n) If ActiveSheet.ProtectContents = False Then MsgBox “One usable password is ” & Chr(i) & Chr(j) & _ Chr(k) & Chr(l) & Chr(m) & Chr(i1) & Chr(i2) & _ Chr(i3) & Chr(i4) & Chr(i5) & Chr(i6) & Chr(n) Exit Sub End If Next: Next: Next: Next: Next: Next Next: Next: Next: Next: Next: Next End Sub 2) a Hex editor, the DPB text value does not exist anymore it seems. 3) Numerous demo password reset tools seem unreliable. Any recommendations? Thanks.
The U Wisconsin code you used above from http:// uknowit.uwgb.edu/page.php?id=28850 is cribbed from the older http://www.mcgimpsey.com/excel/removepwords.html Plagiarism! Perhaps try running the mcgimpsey code and if that fails consider in what way the assumptions are not true for XL2010?
I even ran that Allinternalpasswords macro from mcgimsey. Einar Huse's straxx program which was mentioned does not work. I suspect that Microsoft ran some backward compatible update many years ago since a hex editor won't do it but I don't have any files that are old enough. Even recently made xls files don't have the DPB value.
There are a lot of online programs to open protected documents. I would not feel comfortable downloading a program from a hacker.
If its your password you know the characteristics; so why not brute force it? e.g. "I know it was alphanumeric and less than 25 characters" narrows the search space therefore time considerably. Even if Excel doesn't allow a high guess rate thankfully this task lends well to parallelization.
These two statements may be orthogonal, or are you saying "I would not feel comfortable running code written by a hacker, but I would feel comfortable sending a hacker my data files?" If you want to be really comfortable, run the suspect code in an isolated virtual machine which is then reset to a known good configuration after the suspect code displays the plaintext password. I'd suggest QubesOS which is compatible with Windows and provides this functionality out of the box. Your betting that any exploit can't escape to hypervisor level. Still safer than trusting anything in "the cloud". And these days, is there much distinction between "viewing a website" and "executing untrusted code"? Especially if you're visiting "hacker sites"...
I had to look up the word "orthogonal." I did not say anything about sending the file. I'm concerned with downloading executables that I don't trust.