Login/Register
Excel VBA Password via Hex Editor
Asked Answered
Solved vbaexcelhex-editors
N

4

39

I have used the "Hex Editor to modify DPB to DPx" many times in the past to bypass VBA project security on my old Excel VBA projects (.xls), so I definitely know how to do it and know that I can do it.

However I have just tried to do it yesterday and found that it no longer seems to work. I tried using both Excel 2011 (Mac) and Excel 2003 (Windows) and in both cases, I got the same behaviour;

Opening the VBA editor gave a message saying that the project is corrupted and that the project will be removed. The VBA editor then opens and, sure enough, all VBA is stripped out from modules and worksheets.

I have tried this method: Is there a way to crack the password on an Excel VBA Project? (ie. creating a spreadsheet with a known password and then copying across the relevant fields)

But find that the length of the "GC" key created on my 'dummy' spreadsheet is shorter than the "GC" key on the spreadsheet that I am wishing to access (the "target"). I had read elsewhere that in cases where the "target" keys were longer, you could pad the "dummy" keys to the same length but there is nothing i can find to say what to do in the reverse case.

So - my questions (s);

  • Is anyone aware if a patch has been applied that makes the "hex editor" approach invalid?
  • Can anyone help with what to do when the dummy keys are longer than the target keys?
  • Can anyone else provide any updated onsite into this issue?

EDIT Having now solved this (to some degree) i thought i'd add a summary here.

I HAVE NOT been able to get this to work on Mac Excel 2011. Something about changing the file from filname.xlsm to fielname.zip and back again results in a corrupted excel file which Excel 2011 refuses to recognise.

I DID manage to get this to work on an old windows machine (XP/Excel 2007) by modifying the .xlsm file name to .zip, editing the DPB= AND GC= values in the vbaproject.bin file with a hex editor then saving this in the .zip file before renaming the .zip back to xlsm. I used the "test" example given by Ricko at the bottom and it worked with ONE CAVEAT - i had to 'pad' out my GC value to make it that same length as the original one in my file.

ORIGINAL:       GC="0F0DA36FAF938494849484"
NEW:  (TEST)    GC="BAB816BBF4BCF4BCF4"  (from Ricko below)
NEW:  (TEST)    GC="BAB816BBF4BCF4BCF40000"  (what i used and what worked)
Nondisjunction answered 26/3, 2014 at 14:18 Comment(4)
Not a StackOverflow question. Maybe suitable for superuser.comTimi
The reason I asked on StackOverflow was because a lot of the useful information on this topic is to be found here in StackOverflow. If the state of affairs has changed with regards to VBA projects in Excel, I thought it would make sense for the question and subsequent answers to be in SO, where so many related question are. If it can't stay here, then I can cope, but I do think there's value to it being asked (and answered here)Nondisjunction
FWIW I get the same issue when trying the DPx method.Argillite
Brow, this work, open and run together file protected. Đức Thanh Nguyễn - Thank youTalithatalk
C
58

I have your answer, as I just had the same problem today:

Someone made a working vba code that changes the vba protection password to "macro", for all excel files, including .xlsm (2007+ versions). You can see how it works by browsing his code.

This is the guy's blog: http://lbeliarl.blogspot.com/2014/03/excel-removing-password-from-vba.html Here's the file that does the work: https://docs.google.com/file/d/0B6sFi5sSqEKbLUIwUTVhY3lWZE0/edit

Pasted from a previous post from his blog:

For Excel 2007/2010 (.xlsm) files do following steps:

  1. Create a new .xlsm file.
  2. In the VBA part, set a simple password (for instance 'macro').
  3. Save the file and exit.
  4. Change file extention to '.zip', open it by any archiver program.
  5. Find the file: 'vbaProject.bin' (in 'xl' folder).
  6. Extract it from archive.
  7. Open the file you just extracted with a hex editor.

  8. Find and copy the value from parameter DPB (value in quotation mark), example: DPB="282A84CBA1CBA1345FCCB154E20721DE77F7D2378D0EAC90427A22021A46E9CE6F17188A". (This value generated for 'macro' password. You can use this DPB value to skip steps 1-8)

  9. Do steps 4-7 for file with unknown password (file you want to unlock).

  10. Change DBP value in this file on value that you have copied in step 8.

    If copied value is shorter than in encrypted file you should populate missing characters with 0 (zero). If value is longer - that is not a problem (paste it as is).

  11. Save the 'vbaProject.bin' file and exit from hex editor.

  12. Replace existing 'vbaProject.bin' file with modified one.
  13. Change extention from '.zip' back to '.xlsm'
  14. Now, open the excel file you need to see the VBA code in. The password for the VBA code will simply be macro (as in the example I'm showing here).
Croft answered 28/3, 2014 at 21:51 Comment(3)
This worked better than that "divine bank transfer", the Reverend Peter Poppoff promised I would receive. Thanks.Norval
I would second the comments from LucasSeveryn and Ricko. As of March 2015 it requires both AND the document listed above on the blog has not been updated to do this (I.e it won't work unless you update it to edit GC as well). ALSO - this DOES NOT work on Excel 2011 (for Mac).Nondisjunction
I have two questions: 1) Does this work with XLSB as well? 2) What do you mean with 0 (zero)? Hex value 30 or Hex value 00 (remember, we're using a hex editor)?Rayburn
A
24

New version, now you also have the GC= try to replace both DPB and GC with those

DPB="DBD9775A4B774B77B4894C77DFE8FE6D2CCEB951E8045C2AB7CA507D8F3AC7E3A7F59012A2" GC="BAB816BBF4BCF4BCF4"

password will be "test"

Aspect answered 13/2, 2015 at 19:2 Comment(3)
Thanks for the tip Ricko - you're absolutely right. IT won't work without GC being copied. I copied exactly as you added here and it worked a charm on Excel 2007.Nondisjunction
Does this still work? I tried to change my GC and DPB, but there are two problems ... 1. Both values in bin file are different size then given, so entering those needs filesize to be changed. 2. DPB value doesn't end with ", but starts with it... it looks like this: Name="VBAProject"..HelpContextID="0"..VersionCompatible32="393222000"..CMG="5250FEAE54B254B251B751B7"..DPB="A4A60800084F254F25B0DB50250596D1EDAC....‚.......„...Maag
If pasted values are shorter than existing values, fill the gap with zeroesSlumberous
I
16
  1. Open xls file with a hex editor.
  2. Search for DPB
  3. Replace DPB to DPx
  4. Save file.
  5. Open file in Excel.
  6. Click "Yes" if you get any message box.
  7. Set new password from VBA Project Properties.
  8. Close and open again file, then type your new password to unprotect.

Check http://blog.getspool.com/396/best-vba-password-recovery-cracker-tool-remove/

Intermix answered 31/1, 2015 at 11:38 Comment(0)
U
6

If you deal with .xlsm file instead of .xls you can use the old method. I was trying to modify vbaProject.bin in .xlsm several times using DBP->DBx method by it didn't work, also changing value of DBP didn't. So I was very suprised that following worked :
1. Save .xlsm as .xls.
2. Use DBP->DBx method on .xls.
3. Unfortunately some erros may occur when using modified .xls file, I had to save .xls as .xlsx and add modules, then save as .xlsm.

Unprintable answered 19/5, 2014 at 19:54 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.