Hack into a protected Excel 2007 or 2010 Workbook

September 26th, 2011 by datapig Leave a reply »

I’m back from the Power Analyst Bootcamp in Washington DC – and of course, it was a success. 37 of the finest analysts attended the 2-day event, where we shared our passion for Excel, deli meats, and spicy tricks and tips. In the end, everyone left with a bag full of new techniques that will make them better analysts.

.

While I was gone, there seems to have been a flurry of activity and questions in reference to hacking into a protected workbook. A couple of years ago, I posted a slick technique you can use to hack into a protected 2007 worksheet. Apparently, hacking in a protected workbook is also a highly desired talent. So today, I’ll walk through the steps to hack into a protected workbook.

.

Excel 2007 and 2010 files are essentially zipped packages that contain XML files. This means that if you take an xlsx file and change the extension to zip, you’ll be able to see all the xml documents that make up your Excel file. Not only that – you can change the content and properties of an Excel 2007 file simply by manipulating the XML documents that make it up.

.

That’s right. You can remove workbook protection simply by applying a simple edit to the xml within the Excel file.

.

When you encounter a protected workbook, it’s typically locked down so that you can’t change the structure of the workbook. This means you can’t unhide sheets, delete tabs, add sheets, or change the workbook structure in any way.

.

So let’s start hacking.

.

Step 1: Make a backup of your file in case things take a turn for the worse.

Step 2: Change the file extension to zip.

.

Step 3: Extract the contents of the zip file.

Step 4: Go to the extracted files and navigate to the xml for the target sheet (found in the ‘xl\worksheets’ directory)

.

Step 5: Open the target sheet’s xml document using an XML editor (I use a free editor called XML Marker)

Step 6: Find the ‘workbookProtection’ tag and remove the entire line.

.

Step 7: Save the edited xml document and replace the old xml document found in the original zip file.

Step 8: Change the extension back to xlsx.

.

At this point, your workbook is unprotected!

.

.

A couple of notes:

1. Any password you see in the XML file is not the real password, nor will it work if you try to use it. It’s worthless.

2. It seems as though this will only work on workbooks that have been protected for structure only. If the workbook has been protected for structure and ‘Windows’, something prevents you from even opening the Open XML package.

3. You obviously cannot do this for Excel 2003 or any kind of xls files.

4. See this link to hack into a protected worksheet.

Advertisement

71 comments

  1. Venus says:

    Same problem as Saul and Damodar, using 7ZIP.

    I have used your method before, and it works like a charm, but I think this file has some serious encryption going on.

    I’m entering my financial data but it has to be on their “form”. (And all because they don’t want me clicking on cells outside the work area, sheesh!)

  2. shanfmid says:

    Hi, I tried to download the xml file, when I run need the administrator password. Is there any way to solve this problem please? With thanks,

  3. killer says:

    im unable proceed from step 3 im stuck at step 4… pls help me out

  4. bestcushyone says:

    I have a 2010 protected workbook that I cannot open to change the extension. Is there any help for me? I have tried all of the freeware I have found.

    Thanks

  5. Jeff says:

    Extracting the .zip file doesn’t work. Even with 7zip I get 3 files (no directories): [5]DocumentSummaryInformation, [5]SummaryInformation, and Workbook. I attempt to open Workbook with the XML software but I only get a mass amount of errors and warnings with very little readable code which didn’t contain anything described as to what you’re meant to look for

  6. clark vera says:

    This works on xlsm files as well. It can be done by using 7zip to directly extract the xlsm file into another folder, which produces the worksheets. Then go to each work search and edit, removeing the Element. Then re-open with 7zip and copy the modified contents from the worksheets folder into the worksheets folder of the 7zip open file. BINGO.

  7. Omar says:

    This method doesnt work for 2007 protected workbook. If the excel file is password protected as a whole (meaning as soon as I try to open the file it prompts password), any other methods you are aware of that I can remove it or crack it?? Stupid me forgot the password :( Thanks in advance for any help you can provide.

  8. Zingo says:

    If i keep password to Open file, after converting to zip it gets corrupt (unable to extract), any help

  9. smithjeary says:

    Through Microsoft excel file unlocker software you can unlock Excel file password. I have also used this software when I forgotten Excel workbook password then this software helped me to recover my original Excel file.

    http://www.msexcelpasswordrecovery.com

  10. plzz help me i forget my excel password

  11. Stef says:

    Nice, thanks!

  12. Avvy says:

    I tried this method, and it does not work. changing the file ext to zip rar or 7zip gives the same result. This is not a valid zip file.

    So I am stuck with a major financial document that needs to be cracked as I forgot the password of the entire document.

    Argh pulling hair from my head.

  13. Joe G says:

    Seems they have caught up with this now in Excel 2010 – I cannot save the file with zip extension – it automatically reverts to .zip.xlsm so the file extension is always xlsm whatever you try.
    Unless I am doing something wrong?

  14. Punzola says:

    Worked like a charm! I had to look for and change/delete the line in the work sheet 1 . xml

  15. Gary says:

    Joe G — instead of *saving* the file as .zip from Excel, *rename* it in Windows Explorer from .xlsx to .zip.

  16. robert says:

    I believe I’ve used this method before but it doesn’t seem to work anymore at least with excel 2013. After renaming to .zip, when I open it in 7zip I only see DataSpaces folder, and two files EncryptionInfo and EnycrptedPackage

  17. Craig says:

    Thanks, that worked!!! (Using Excel 2010)

  18. Alberto says:

    Awesome! It works even with sheet protection*: I tried on a Excel 2013 xslx file with 13 locked sheets and it worked PERFECTLY! Thank you very much!

    *you have to dig into the folder structure and find the sheet.xml files

  19. hansolo says:

    When I open the workbook.xml file in XML Marker there is no “workbookProtection” line. I’ve successfully gone into each worksheet and deleted this line, but not seeing it at the workbook level. Help? I’m working with a .xlsm file in which someone wants to hide their back-end VBA efforts if that makes any difference.

Leave a Reply