Hack into a protected Excel 2007 or 2010 Workbook

I’m back from the Power Analyst Bootcamp in Washington DC – and of course, it was a success. 37 of the finest analysts attended the 2-day event, where we shared our passion for Excel, deli meats, and spicy tricks and tips. In the end, everyone left with a bag full of new techniques that will make them better analysts.

.

While I was gone, there seems to have been a flurry of activity and questions in reference to hacking into a protected workbook. A couple of years ago, I posted a slick technique you can use to hack into a protected 2007 worksheet. Apparently, hacking in a protected workbook is also a highly desired talent. So today, I’ll walk through the steps to hack into a protected workbook.

.

Excel 2007 and 2010 files are essentially zipped packages that contain XML files. This means that if you take an xlsx file and change the extension to zip, you’ll be able to see all the xml documents that make up your Excel file. Not only that – you can change the content and properties of an Excel 2007 file simply by manipulating the XML documents that make it up.

.

That’s right. You can remove workbook protection simply by applying a simple edit to the xml within the Excel file.

.

When you encounter a protected workbook, it’s typically locked down so that you can’t change the structure of the workbook. This means you can’t unhide sheets, delete tabs, add sheets, or change the workbook structure in any way.

.

So let’s start hacking.

.

Step 1: Make a backup of your file in case things take a turn for the worse.

Step 2: Change the file extension to zip.

.

Step 3: Extract the contents of the zip file.

Step 4: Go to the extracted files and navigate to the xml for the target sheet (found in the ‘xl\worksheets’ directory)

.

Step 5: Open the target sheet’s xml document using an XML editor (I use a free editor called XML Marker)

Step 6: Find the ‘workbookProtection’ tag and remove the entire line.

.

Step 7: Save the edited xml document and replace the old xml document found in the original zip file.

Step 8: Change the extension back to xlsx.

.

At this point, your workbook is unprotected!

.

.

A couple of notes:

1. Any password you see in the XML file is not the real password, nor will it work if you try to use it. It’s worthless.

2. It seems as though this will only work on workbooks that have been protected for structure only. If the workbook has been protected for structure and ‘Windows’, something prevents you from even opening the Open XML package.

3. You obviously cannot do this for Excel 2003 or any kind of xls files.

4. See this link to hack into a protected worksheet.

166 thoughts on “Hack into a protected Excel 2007 or 2010 Workbook

  1. Gary Lee

    Hi Jimmy, 2007-2013 excel files are protected for Open with a more secure algorythym. because of this, the password to open can be impossible to break in a reasonable time unless it is a standard word from a word dictionary in which case with a 500,000 dictionary and looking at word mutations, ie capital first, alternate capitals, number substitution, you would be looking at a few weeks. If it were say up to 5 letters and numbers as a combination then then it could still be cracked in under an hour but it’s all dependant on length.
    I’m happy to give it a shot for you though.
    If it’s just a sheet password ie to unlock the cells then that’s easy to remove.
    gary.lee at sarxos dot com

  2. Dez Bryant Jersey

    I am commenting to let you be aware of of the magnificent discovery my friend’s child went through viewing your web
    site. She picked up numerous issues, including how it is like to have an excellent giving mood to make
    others with ease learn certain very confusing subject areas.
    You truly exceeded my desires. Many thanks for churning out those interesting, dependable, educational and
    even cool tips on your topic to Ethel.

  3. anonymous

    I have a file that wont allow to save as zip, I get an error message and it doesnt have the Show Ink filter in the review tab AND it doesnt have the general settings when saving as and clicking tools.

    PLease helpppppppp!!!!!!

  4. Rochelle

    Hi,

    Can you please help me with my excel file, I created a password a couple of months ago and after a day I got an emergency CS and now that I’m back for work I totally missed the password I made. I tried having the file extension to zip but can’t unzip it anyway it states that the archive is either unknown or damage.

  5. Mex

    Rochelle.

    Rename your file back to .xlsx or .xlsm (if a macro enabled). Hopefully it should open normally now (but still have the password protection).
    Download 7-Zip (free) from http://www.7-zip.org
    The error may be happening as you have no software to open zip files.
    Now no need to rename your file after 7-zip installed.
    Right click and go to 7-Zip > Open Archive > zip
    Hopefully that will open the file manager and you can continue with the instructions (missing the rename back step… 🙂 Hopefully that helps

  6. Mex

    Also… It may be worth creating a copy of your file before you begin, this will lower the chance of losing the file altogether 🙂

  7. peyton

    after changing the extension from .xlsx to .zip, extracted the contents using 7zip but could not find any xl folder.
    Please help

  8. raj

    i have excel workbook with password.i changed its extension from xlsx to zip and try to extract in win zip then error(the archieve is either in unknown format or damaged) also could not open with 7-zip

Leave a Reply

Your email address will not be published. Required fields are marked *