Skip to main content

Hack XLXS

When Microsoft introduced Excel 2007, they introduced new file types – we all know them by now: xlsx, xlsm, xltx, etc. These file types are often referred to as Open XML. That’s because the new file types are essentially packages that contain XML files. If you take an xlsx file and change the extension to zip, you’ll be able to see all the xml documents that make up your Excel file.
The new Open XML file types come with lots of benefits. One of the major benefits is that you can change the content and properties of an Excel 2007 file simply by manipulating the XML documents that make it up.
Well, while playing with the Open XML files, I discovered that you can remove spreadsheet protection simply by applying a simple edit to the xml within the Excel file.

Say I have a workbook where Sheet1 is password protected. So I think to myself, “the nerve of some people – trying to keep me out of their spreadsheet”.
I decide that I want to unprotect this sheet, but I don’t know the password. Because this is Excel 2007, I’ll hack into the xml and remove the spreadsheet protection.

Step 1: Make a backup of your file in case you really monkey it up.
Step 2: Change the file extension to zip.

Step 3: Extract the contents of the zip file.
Step 4: Go to the extracted files and navigate to the xml for the target sheet (found in the ‘xl\worksheets’ directory)

Step 5: Open the target sheet’s xml document using an XML editor (I use a free editor called XML Marker)
Step 6: Find the ‘sheetProtection’ tag and remove the entire line.

Step 7: Save the edited xml document and replace the old xml document found in the original zip file.
Step 8: Change the extension back to xlsx.

Step 9: Enjoy your unprotected sheet.
That’s right folks; simply removing the sheetProtection element from the xml part negates all protections placed on that sheet. Amazing, right?
A couple of notes:
  1. Any password you see in the XML file is not the real password, nor will it work if you try to use it. It’s worthless.
  2. See this link to hack into a protected workbook.
  3. Do I have to even mention that this doesn’t apply to any xls files?
  4. Of course, you could do this all programmatically, but this strikes me as a one-off kind of thing. So coding something up is just not worth it to me.

Comments

Post a Comment

Popular posts from this blog

FPDF dengan CodeIgniter

Cetak Surat Keputusan Controller: <?php //File in controller named surat_keputusan.php defined('BASEPATH') OR exit('No direct script access allowed'); class Cetak_surat_keputusan extends CI_Controller { public function __construct()     {         parent::__construct();         $this->load->helper('url');         $this->load->database();                $this->db->select();         $this->db->from('surat.config_sk');                $query = $this->db->get();                 return $query->result();             } public function index() {      ...
1 comment
Read more

Preview PDF di Modal Bootstrap dengan Ajax

//preview pdf in line function preview_surat_keputusan(no) { $('#form')[0].reset(); $('.form-group').removeClass('has-error'); $('.help-block').empty(); $.ajax({ url : "<?php echo site_url('surat_keputusan/ajax_preview/')?>/" + no, type: "GET", dataType: "JSON",     success: function(data)     {     //paramater yang akan ditampilkan di modal         $('[name="no"]').val(data.no);         $('[name="ns"]').val(data.ns);         $('[name="thts"]').val(data.thts);         $('[name="pdf"]').val("http://localhost/dosdm/document/sm/pdf/"+data.thts+"-SK-"+data.ns+".pdf");         var link_base =  "http://localhost/dosdm/document/sm/pdf/"+data.thts+"-SK-"+data.ns+".pdf" ;             $('#pdf_view').attr('src', link_base);      ...
Post a Comment
Read more

Hack File .xlsb

For first you must create a backup copy of your Workbook!!! Then you have to rename the XLSB file with ZIP extension. Test.XLSB => Test.ZIP             Opening your ZIP file using a compression software (e.g. WinRar) I can see the content of the file, structured in folders Inside the folder xl you can find a binary file named vbaProject.bin. Extract it on your desktop and edit it using a text editor. In my case I used Notepad++. Using the Find function of your editor, you must search the text DPB And replace the DPB string with DPx Then save the vbaProject.bin and replace this file inside the .ZIP File, renaming then .ZIP file in XLSB. Reopening the XLSB file using Excel, you will get an error message: you have to answer Yes to this error message. Then  Save , Close and Reopen your XLSB file. Now, if you go to VBA Editor (ALT + F11), you ca...
Post a Comment
Read more