Professional Documents
Culture Documents
1.2/###############################################################################
#########0000775#0000764#0000764#00000000000#10566452423#011154#
5##################################################################################
##################ustar
#njl#############################njl###############################################
###################################################################################
##################################################################################x
lcrack-
1.2/README#########################################################################
#########0000664#0000764#0000764#00000005252#10565654560#012045#
0##################################################################################
##################ustar
#njl#############################njl###############################################
###################################################################################
##################################################################################X
LS XOR password cracker 1.2
Copyright (C) 2003-7 Nick Lamb <njl+xlcrack@filter.tlrmx.org>
This updates the previous version to work better with non-ASCII characters
including correctly guessing the non-ASCII passwords I was able to try.
Please report any bugs, especially bugs where a password was partially
recovered by this tool, or where an XLS crashed the software (a corrupted
XLS should cause an error to be reported and obviously won't find the
password but it shouldn't crash)
This program recovers lost passwords for XLS files, such as those saved
by Excel 95. In order to do this it implements a simple XOR encryption
algorithm common to several Microsoft Office applications.
How to use
----------
Simply apply the tool to any XLS file, and the lost password will be
recovered if possible. e.g.
xlcrack lostpassword.xls
lostpassword.xls: password is 'MyLittleDog'
You can suggest more than one XLS file, but at the moment the password
will be recovered for each file individually. If you have a lot of
files with the same password, maybe a future verison of xlcrack can
use that to get better results.
Foreign characters
------------------
Excel doesn't seem to use Unicode for passwords, at least not in the
versions I was able to test. This program assumes that any non-ASCII
characters are from Windows codepage 1252, used in Western European
versions of Windows. On modern systems (technically, when your locale
charmap is UTF-8) this software can display the password correctly,
on other systems such characters are displayed as an asterisk, '*'.
No password?
------------
XLS files are sometimes encrypted without using a real password, in this
situation the key is generated as though the password VelvetSweatshop had
been used (you can find more information by searching for VelvetSweatshop on
the web, e.g. with Google)
Some 3rd party software will ask for a password when opening this type
of XLS file, or it may declare that the file is "password protected"
although the person who created the spreadsheet did not set a password.
In this case you probably need to upgrade to a version without this
limitation.
###################################################################################
###################################################################################
###################################################################################
###################################################################################
##########xlcrack-
1.2/xlcrack.c######################################################################
#########0000664#0000764#0000764#00000042546#10565654560#012767#
0##################################################################################
##################ustar
#njl#############################njl###############################################
###################################################################################
##################################################################################/
* XLS XOR password cracker
Copyright (C) 2003-7 Nick Lamb <njl+xlcrack@filter.tlrmx.org>
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <string.h>
#include <stdio.h>
#include <gsf/gsf.h>
#include <gsf/gsf-utils.h>
#include <gsf/gsf-input-stdio.h>
#include <gsf/gsf-infile.h>
#include <gsf/gsf-infile-msole.h>
#include <langinfo.h>
{ 0, 0x31, 3, 0xff},
#if 0
{ 0, 0x7d, 1, 0xff}, /* COLINFO */
{ 0, 0x7d, 3, 0xff},
#endif
{ 0, 0x91, 1, 0xff}, /* */
{ 0, 0x1b1, 0, 0xf0}, /* CF */
{ 0, 0x1b1, 1, 0xf0},
{ 0, 0x1be, 0, 0x08}, /* DV */
{ 0, 0x1be, 1, 0xf8},
{ 0, 0x1be, 2, 0x03},
{ 0, 0x1be, 3, 0xff},
{ 0, 0x27e, 3, 0xff}, /* RK */
char *cp1252_to_ascii[256] = {
"*","*","*","*","*","*","*","*","*","*","*","*","*","*","*","*",
"*","*","*","*","*","*","*","*","*","*","*","*","*","*","*","*",
" ","!","\"","#","$","%","&","'","(",")","*","+",",","-",".","/",
"0","1","2","3","4","5","6","7","8","9",":",";","<","=",">","?",
"@","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O",
"P","Q","R","S","T","U","V","W","X","Y","Z","[","\\","]","^","_",
"`","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o",
"p","q","r","s","t","u","v","w","x","y","z","{","|","}","~","*",
"*","*","*","*","*","*","*","*","*","*","*","*","*","*","*","*",
"*","*","*","*","*","*","*","*","*","*","*","*","*","*","*","*",
"*","*","*","*","*","*","*","*","*","*","*","*","*","*","*","*",
"*","*","*","*","*","*","*","*","*","*","*","*","*","*","*","*",
"*","*","*","*","*","*","*","*","*","*","*","*","*","*","*","*",
"*","*","*","*","*","*","*","*","*","*","*","*","*","*","*","*",
"*","*","*","*","*","*","*","*","*","*","*","*","*","*","*","*",
};
char *cp1252_to_utf8[256] = {
"�","�","�","�","�","�","�","�","�","�","�","�","�","�","�","�",
"�","�","�","�","�","�","�","�","�","�","�","�","�","�","�","�",
" ","!","\"","#","$","%","&","'","(",")","*","+",",","-",".","/",
"0","1","2","3","4","5","6","7","8","9",":",";","<","=",">","?",
"@","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O",
"P","Q","R","S","T","U","V","W","X","Y","Z","[","\\","]","^","_",
"`","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o",
"p","q","r","s","t","u","v","w","x","y","z","{","|","}","~","�",
"€","�","‚","ƒ","„","…","†","‡","ˆ","‰","Š","‹","Œ","�","Ž","�",
"�","‘","’","“","”","•","–","—","˜","™","š","›","œ","�","ž","Ÿ",
"�","¡","¢","£","¤","¥","¦","§","¨","©","ª","«","¬","�","®","¯",
"°","±","²","³","´","µ","¶","·","¸","¹","º","»","¼","½","¾","¿",
"À","Á","Â","Ã","Ä","Å","Æ","Ç","È","É","Ê","Ë","Ì","Í","Î","Ï",
"Ð","Ñ","Ò","Ó","Ô","Õ","Ö","×","Ø","Ù","Ú","Û","Ü","Ý","Þ","ß",
"à","á","â","ã","ä","å","æ","ç","è","é","ê","ë","ì","í","î","ï",
"ð","ñ","ò","ó","ô","õ","ö","÷","ø","ù","ú","û","ü","ý","þ","ÿ",
};
char *codeset;
char **cp1252 = cp1252_to_ascii;
#define CRYPTO_TYPE_NONE 0
#define CRYPTO_TYPE_XOR 1
#define CRYPTO_TYPE_RC4 2
#define CRYPTO_TYPE_NEWER 3
static void
reset_everything(void)
{
known_length = 0;
crypto_type = CRYPTO_TYPE_NONE;
file_is_ole = 0;
quit = 0;
int k;
for (k= 0; k < 16; ++k) {
set[k] = 0;
key_seq[k] = 0;
}
}
static guint16
ms_biff_password_key(const unsigned char *password, int length)
{
guint16 key = 0, key_base= 0x8000, key_final= 0xffff;
int index;
return key;
}
static guint16
ms_biff_password_hash(const unsigned char *password, int length)
{
int tmp, index= 0;
guint16 chr, hash= 0;
do {
chr = password[index];
index++;
tmp = (chr << index);
hash ^= (tmp & 0x7fff) | (tmp >> 15);
} while (index < length);
hash = hash ^ length ^ 0xce4b;
return hash;
}
static void
set_and_forget(int offset, int n, guint8 bitmap, const guint8 *buffer)
{
int index = (offset + n) % 16;
guint8 bits = (buffer[n] << 3) | (buffer[n] >> 5);
if (crypto_type == CRYPTO_TYPE_NONE) {
bitmap = (bitmap << 3) | (bitmap >> 5);
}
static void
set_byte(int index, guint8 byte)
{
if ((key_seq[index] & set[index]) != (byte & set[index])) {
printf("WARNING! key detection problem\n");
printf("Please report this to the program author, thanks.\n");
}
set[index] = 0xff;
key_seq[index] = byte;
}
static void
unswizzle(guint8 low, guint8 high)
{
int k;
static void
get_more_bits()
{
guint8 seed[15] = {0xbb, 0xff, 0xff, 0xba, 0xff, 0xff, 0xb9, 0x80,
0x00, 0xbe, 0x0f, 0x00, 0xbf, 0x0f, 0x00 };
switch (key_seq[15]) {
case 0x00:
if (set[13] == 0xff && key_seq[13] == 0xbf)
offset=1;
else if (set[13] == 0xff && key_seq[13] == 0xbe)
offset=4;
else if (set[13] == 0xff && key_seq[13] == 0xb9)
offset=7;
else
offset= 16;
break;
case 0x0f:
if (set[14] == 0xff && key_seq[14] == 0xbe)
offset=5;
else if (set[14] == 0xff && key_seq[14] == 0x00)
offset=2;
else
offset= 16;
break;
case 0x80:
offset= 8; break;
case 0xb9:
offset= 9; break;
case 0xba:
offset= 12; break;
case 0xbb:
offset= 15; break;
case 0xbe:
offset= 6; break;
case 0xbf:
offset= 3; break;
case 0xff:
if (set[14] == 0xff && key_seq[14] == 0xba)
offset=11;
else if (set[14] == 0xff && key_seq[14] == 0xbb)
offset=14;
else if (set[13] == 0xff && key_seq[13] == 0xba)
offset=10;
else if (set[13] == 0xff && key_seq[13] == 0xbb)
offset=13;
else
offset= 16;
break;
default:
printf("WARNING! key suffix problem\n");
offset= 16; break;
}
if (offset == 16) {
offset = known_length ? known_length : 16;
} else if (known_length == 0) {
known_length = offset;
} else if (known_length != offset) {
printf("WARNING! problem determining password length\n");
}
static gboolean
test_pw_seq(guint8 *seq)
{
int k;
return FALSE;
}
static void
print_key_data(guint8 *seq)
{
int k, count= 0;
static void
print_password(guint8 *seg)
{
for (; *seg != 0; seg++) {
printf("%s", cp1252[*seg]);
}
}
static void
set_mask(guint8 *seq, int index, int rotate, int mask)
{
guint8 byte = seq[index];
seq[index] = (byte & mask) + (1 << rotate);
}
static void
unset_mask(guint8 *seq, int index, int rotate, int mask)
{
guint8 byte = seq[index];
seq[index] = (byte & mask);
}
static gboolean
test_many_keys(guint8 *seq)
{
int k, n, max, missing = 0;
return FALSE;
}
static gboolean
pw_from_seq(guint8 *seq)
{
int k, count= 0;
if (count == 128) {
if (test_pw_seq(seq)) return TRUE;
} else if (count >= 112) {
/* up to 16 bits to guess, probably get a good guess */
if (test_many_keys(seq)) return TRUE;
}
return FALSE;
}
type = GSF_LE_GET_GUINT16(buffer);
length = GSF_LE_GET_GUINT16(buffer + 2);
offset = (pos + length + 4) % 16;
if (type == 0x2f) {
if (length == 4) {
crypto_type = CRYPTO_TYPE_XOR;
low = GSF_LE_GET_GUINT8(buffer);
high = GSF_LE_GET_GUINT8(buffer + 1);
key = (high << 8) + low;
hash = GSF_LE_GET_GUINT16(buffer + 2);
} else if (length == 6) {
crypto_type = CRYPTO_TYPE_XOR;
low = GSF_LE_GET_GUINT8(buffer + 2);
high = GSF_LE_GET_GUINT8(buffer + 3);
key = (high << 8) + low;
hash = GSF_LE_GET_GUINT16(buffer + 4);
} else if (length == 0x36 && buffer[4] == 1) {
crypto_type = CRYPTO_TYPE_RC4;
} else {
crypto_type = CRYPTO_TYPE_NEWER;
}
}
reset_everything();
gsf_init();
input = GSF_INPUT(gsf_input_stdio_new(filename, &err));
if (input == NULL) {
fprintf(stderr, "Error opening file \"%s\"\n", filename);
return 2;
}
do {
stream = gsf_infile_child_by_name (file, content[i++]);
} while (stream == NULL && i < G_N_ELEMENTS (content));
if (stream == NULL) {
fprintf(stderr, "Error opening Workbook \"%s\"\n", filename);
return 4;
}
} else {
gsf_input_seek (input, 0, G_SEEK_SET);
stream = input;
}
get_more_bits();
switch (crypto_type) {
case CRYPTO_TYPE_XOR:
if (pw_from_seq(key_seq)) {
if (!strcmp((char *) key_seq, "VelvetSweatshop")) {
printf("%s: has no password, see documentation\n", filename);
} else {
printf("%s: password is '", filename);
print_password(key_seq);
printf("'\n");
}
} else {
printf("%s: password recovery failed, see below for clues\n", filename);
print_key_data(key_seq);
}
break;
case CRYPTO_TYPE_NONE:
printf("%s: is not encrypted\n", filename);
#ifdef DEBUG_BLANKS
print_key_data(key_seq);
#endif
break;
case CRYPTO_TYPE_RC4:
printf("%s: uses strong cryptography\n", filename);
printf("This tool only works on XOR cryptography (e.g. Excel 95)\n");
break;
case CRYPTO_TYPE_NEWER:
printf("%s: uses very strong cryptography\n", filename);
printf("This tool only works on XOR cryptography (e.g. Excel 95)\n");
}
return 0;
}
codeset = nl_langinfo(CODESET);
if (strcasecmp(codeset, "UTF-8")) {
cp1252 = cp1252_to_utf8;
}
int k;
for (k = 1; k < argc; ++k) {
try_file(argv[k]);
}
return 0;
}
###################################################################################
#######################################################################xlcrack-
1.2/COPYING########################################################################
#########0000664#0000764#0000764#00000043110#07771166062#012213#
0##################################################################################
##################ustar
#njl#############################njl###############################################
###################################################################################
##################################################################################
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
#########################xlcrack-
1.2/Makefile#######################################################################
#########0000664#0000764#0000764#00000000301#07771166062#012613#
0##################################################################################
##################ustar
#njl#############################njl###############################################
###################################################################################
##################################################################################C
FLAGS= -g -Wall `pkg-config --cflags libgsf-1`
LDFLAGS= -lm `pkg-config --libs libgsf-1`
OBJS= xlcrack.o
xlcrack: $(OBJS)
$(CC) -o xlcrack $(OBJS) $(LDFLAGS)
clean:
rm -f xlcrack $(OBJS)
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###################################################################################
###########################################################