Mar*_*ski 12 excel vba excel-vba
我发现这个VBA代码在不知道密码的情况下解锁工作表:
Sub PasswordBreaker()
Dim i As Integer, j As Integer, k As Integer
Dim l As Integer, m As Integer, n As Integer
Dim i1 As Integer, i2 As Integer, i3 As Integer
Dim i4 As Integer, i5 As Integer, i6 As Integer
On Error Resume Next
For i = 65 To 66: For j = 65 To 66: For k = 65 To 66
For l = 65 To 66: For m = 65 To 66: For i1 = 65 To 66
For i2 = 65 To 66: For i3 = 65 To 66: For i4 = 65 To 66
For i5 = 65 To 66: For i6 = 65 To 66: For n = 32 To 126
ActiveSheet.Unprotect Chr(i) & Chr(j) & Chr(k) & _
Chr(l) & Chr(m) & Chr(i1) & Chr(i2) & Chr(i3) & _
Chr(i4) & Chr(i5) & Chr(i6) & Chr(n)
If ActiveSheet.ProtectContents = False Then
MsgBox "One usable password is "& Chr(i) & Chr(j) & _
Chr(k) & Chr(l)& Chr(m) & Chr(i1) & Chr(i2) & _
Chr(i3) & Chr(i4) & Chr(i5) & Chr(i6) & Chr(n)
ActiveWorkbook.Sheets(1).Select
Range("a1").FormulaR1C1 = Chr(i) & Chr(j) & _
Chr(k) & Chr(l)& Chr(m) & Chr(i1) & Chr(i2) & _
Chr(i3) & Chr(i4) & Chr(i5) & Chr(i6) & Chr(n)
Exit Sub
End If
Next: Next: Next: Next: Next: Next
Next: Next: Next: Next: Next: Next
End Sub
我的问题是:它使用什么样的漏洞来工作?
换句话说,为什么生成的A和B字符串可以用作特定工作簿中的工作表的密码?
Bla*_*awk 13
Excel工作表密码保护通过将输入密码转换为哈希并存储它来工作.哈希是一种单向算法,可以对比特进行处理,在此过程中丢失一些信息,但生成原始数据的指纹.由于数据丢失,无法反转哈希以获取原始密码,但将来如果有人输入密码,则可以对其进行哈希处理并与存储的哈希进行比较.这(通常)使得它比仅仅将密码存储为字符串以进行比较更安全.
到目前为止我遇到的最好的描述是如何强制Excel哈希算法工作的是在@mehow链接到的页面上,由Torben Klein发布.他的回答可以概括为:
基于Excel的散列函数的描述,以下代码生成与Excel相同的散列,您可以使用它来测试Klein的函数.
Option Explicit
'mdlExcelHash
Public Function getExcelPasswordHash(Pass As String)
Dim PassBytes() As Byte
PassBytes = StrConv(Pass, vbFromUnicode)
Dim cchPassword As Long
cchPassword = UBound(PassBytes) + 1
Dim wPasswordHash As Long
If cchPassword = 0 Then
getExcelPasswordHash = wPasswordHash
Exit Function
End If
Dim pch As Long
pch = cchPassword - 1
While pch >= 0
wPasswordHash = wPasswordHash Xor PassBytes(pch)
wPasswordHash = RotateLeft_15bit(wPasswordHash, 1)
pch = pch - 1
Wend
wPasswordHash = wPasswordHash Xor cchPassword
wPasswordHash = wPasswordHash Xor &HCE4B&
getExcelPasswordHash = wPasswordHash
End Function
Private Function RotateLeft_15bit(num As Long, Count As Long) As Long
Dim outLong As Long
Dim i As Long
outLong = num
For i = 0 To Count - 1
outLong = ((outLong \ 2 ^ 14) And &H1) Or ((outLong * 2) And &H7FFF) 'Rotates left around 15 bits, kind of a signed rotateleft
Next
RotateLeft_15bit = outLong
End Function
接受的答案不适用于使用 SHA-512 在 Excel > 2016 上保护的工作表,但考虑到 excel 2016 使用开源的 office openxml 规范,这很容易解决。
这种方法也是向后兼容的,所以它是另一种打破旧的专有 md5 表保护而不是破解它的方法。在您尝试之前,只需将一个.xls版本另存为另一个版本.xlsx。
方法
.xlsx/.xlsm文件重命名为.zip.xl\worksheets文件夹并使用正确的工作表名称打开文件。<sheetProtection algorithmName="SHA-512" hashValue="j1woDldvfHE8IVB1F82CN/pmfOdOkpxkkZURiZJSGISjkJRIfM1G7EFwJsEeE1H+sf7s6sLIYSCuHPJG5Tpozw==" saltValue="QX8YeX/qfspqhDemAUEwSw==" spinCount="100000" sheet="1" objects="1" scenarios="1"/>
Send to -> Compressed (zipped) folder。.xlsx/.xlsm扩展名打开文件,该工作表上的保护将消失。