Excel Encryption

        Hello Everyone.

        Below is some information I have gathered on Excel
encryption. Please let me know if it helps, and
what is still needed. 

        Workbook Encryption

   Excel 97 and later
   The 1Table structure contains three 16 byte
numbers. The first is a
   random salt. The second is an MD5 hashed nonce
encrypted using RC4
   with a key (K). This encrypted hash is stored as a
second 16 byte
   number in 1Table. The nonce is encrypted using key
(K) and MD5 hashed
   then stored as a third 16 byte number in 1Table.
   The key (K) is calculated in the following way:
   The password (expressed in Unicode) is MD5 hashed.
The first five
   bytes of the password hash are put into an array
with the 1st 16 byte
   number (the salt) stored in the 1Table structure.
The salt is
   repeatedly concatenated with the password and then
padded according to
   the MD5 algorithm. The MD5 hash is taken. The first
five bytes of this
   hash are saved and then padded and MD5 hashed
again. The first five
   bytes of this hash along with a counter byte become
the RC4 key for
   encrypting/decrypting the document. The counter
periodically re-keys
   the RC4 engine by incrementing the counter byte
modulo 8.
   This key is first MD5 hashed before RC4 key
scheduling. This hash is
   the key (K).
   There is a better way to recover the document. This
is to recover the
   byte value which is the document key, add the
counter byte and decrypt
   the document.
   Excel 8 encrypts (scramble) the documents by taking
a password,
   converting it to Unicode (a type of character using
two bytes to
   encode each printable character) and hashing it
with a modified MD5
   Hash to produce an encryption key for an RC4
encryption engine. The
   MD5 hash uses non-standard padding and the RC4
encryptor uses a 128
   bit key but there is only about 40 bits of entropy
in this key (that
   means that the difficulty of determining this key
by exhaustive search
   is only as hard as determining a 40 bit key).
   There is also an additional 8 bit value appended to
the key but this
   value is also easy to determine.
   The MD5 hash is a standard "mixing algorithm". You
put a field of text
   into the hasher and a 128 bit unique signature of
the input text comes
   out. Theory suggests that no two reasonably sized
input texts would
   ever hash to the same 128 bit value.
   In Excel version 8, the password hash is combined
with 128 bits of
   randomized data (sort of a salty hash). This data
is again hashed with
   a modified MD5 hash several times (as if once was
not enough) to
   produce a 128 bit key for the RC4 encryption
engine. When version 8
   saves an encrypted file, it also encrypts and saves
a 128 bit nonce
   and the hash of the nonce. This procedure allows
password verification
   before decrypting a document.
   When an Excel *sheet* is being protected with a
password, a 16-bit
   (two byte) long hash is generated. To verify a
password, it is
   compared to the hash. Obviously, if the input data
volume is great,
   numerous passwords will match the same hash. This
can be easily
   Protect a sheet (Tools-Protection-Protect Sheet)
   with the password "test" (no quotes)
   Unprotect it with the password "zzyw" (again no
   Book protection is somewhat more sophisticated. The
hash generation
   algorithm is the same as with sheet protection,
however, the whole
   document is being encrypted. This protection seem
to be relatively
   stable at first sight, but a more detailed analysis
revealed that it
   is not the password that is entered (or its hash)
which is used to
   encrypt the document, but rather a fixed key stored
in the MS Excel
   program code.
   This key is generated from the password
"VelvetSweatshop". What a nice
   joke by Microsoft! Try to protect a MS Excel
workbook with this
   password. The most surprising thing is that no
password is required to
   open the document.

   Worksheet  Encryption

    Here is the algorithm to create the hash value:   
           - take the ASCII values of all characters  
           - shift left the first character 1 bit, the
second 2 bits and so on                               
             (use only the lower 15 bits and rotate
all higher bits, the highest bit of the
             16-bit value is always 0 [signed short])
             - XOR all these values                   
             - XOR the count of characters            
             - XOR the constant 0xCE4B                

Example: The password is abcdefghij (10 characters)   
               a -> 0x61 << 1 == 0x00C2               
               b -> 0x62 << 2 == 0x0188               
               c -> 0x63 << 3 == 0x0318               
               d -> 0x64 << 4 == 0x0640               
               e -> 0x65 << 5 == 0x0CA0               
               f -> 0x66 << 6 == 0x1980               
               g -> 0x67 << 7 == 0x3380               
               h -> 0x68 << 8 == 0x6800               
               i -> 0x69 << 9 == 0x5201 (unrotated:
               j -> 0x6A << 10 == 0x2803 (unrotated:

count: 0x000A                                         
constant: 0xCE4B                                      

result: 0xFEF1                                        
This value occurs in the PASSWORD record.             

Charles Wyble
God Bless
jackshck yahoo com

Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]