Hack into a protected Excel 2007 or 2010 Workbook

I’m back from the Power Analyst Bootcamp in Washington DC – and of course, it was a success. 37 of the finest analysts attended the 2-day event, where we shared our passion for Excel, deli meats, and spicy tricks and tips. In the end, everyone left with a bag full of new techniques that will make them better analysts.


While I was gone, there seems to have been a flurry of activity and questions in reference to hacking into a protected workbook. A couple of years ago, I posted a slick technique you can use to hack into a protected 2007 worksheet. Apparently, hacking in a protected workbook is also a highly desired talent. So today, I’ll walk through the steps to hack into a protected workbook.


Excel 2007 and 2010 files are essentially zipped packages that contain XML files. This means that if you take an xlsx file and change the extension to zip, you’ll be able to see all the xml documents that make up your Excel file. Not only that – you can change the content and properties of an Excel 2007 file simply by manipulating the XML documents that make it up.


That’s right. You can remove workbook protection simply by applying a simple edit to the xml within the Excel file.


When you encounter a protected workbook, it’s typically locked down so that you can’t change the structure of the workbook. This means you can’t unhide sheets, delete tabs, add sheets, or change the workbook structure in any way.


So let’s start hacking.


Step 1: Make a backup of your file in case things take a turn for the worse.

Step 2: Change the file extension to zip.


Step 3: Extract the contents of the zip file.

Step 4: Go to the extracted files and navigate to the xml for the target sheet (found in the ‘xl\worksheets’ directory)


Step 5: Open the target sheet’s xml document using an XML editor (I use a free editor called XML Marker)

Step 6: Find the ‘workbookProtection’ tag and remove the entire line.


Step 7: Save the edited xml document and replace the old xml document found in the original zip file.

Step 8: Change the extension back to xlsx.


At this point, your workbook is unprotected!



A couple of notes:

1. Any password you see in the XML file is not the real password, nor will it work if you try to use it. It’s worthless.

2. It seems as though this will only work on workbooks that have been protected for structure only. If the workbook has been protected for structure and ‘Windows’, something prevents you from even opening the Open XML package.

3. You obviously cannot do this for Excel 2003 or any kind of xls files.

4. See this link to hack into a protected worksheet.

112 thoughts on “Hack into a protected Excel 2007 or 2010 Workbook

  1. Chris

    This is brilliant. Thank you. I am amazed that the security for excel is such crap — I have worked for organizations where financial data is kept in spreadsheets with locked data, and that was considered part of the internal controls mechanism (that the spreadsheet was locked). I am talking about fortune 500 international company too.

  2. Kiran

    Boss, You are ultimate…….. boss….
    send us if you have any good things like this….
    to help us educate ourselves.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>