Как снять защиту?

 

TEvg

аксакал

админ. бан
Товарищи! К вам обращаюсь я, друзья мои!
помогите заломать защиту в Excel'e. А то у нас тут пароль забыли, а ячейки защищены паролем.
А я в Excel'e не очень.
 
+
-
edit
 

Alexey

новичок

2TEvg:

Slozhnost' vzloma zavisit ot vesii Excel.
Esli eto men'she 7-oi, to mogy pomoch. Gde-to bula programka
vzloma.
Poprobyite poiskat' v Internete na slova:
"EXcrak_32 Password recovery". Esli ne naidete nichego, to po emaily napishite, I vushlu.
Dlya 7-oi versii i vushe nemnogo slozhnee.


Primer dlya EXCEL_5 versii:
*
Use the function to get encryption key from Excel_95
[b]

BOOL WINAPI GetExcelEncryptionKey(PHDOCSESSION phDocSession,
PUCHAR pBuffer, *Buffer *
UINT32 ulSize, *Buffer size *
PUCHAR pKeyBuf, *Key buffer *
UINT8 *pKeyOffset,
UINT32 *uShift
) Key offset within the buffer
{
auto LPMCDOC phDoc = (LPMCDOC)phDocSession;
auto UINT32 uCount = 0;
auto UINT16 uCount2 = 0;
auto UINT8 uKeyLength = 0x10;
auto UINT8 ulCurrentOffset = 0;
auto UINT32 uKey1 = 0;
auto UINT32 uKey2 = 0;
auto UINT32 uKey3 = 0;
auto UINT32 uKey4 = 0;
auto UINT32 ulSizeDone = 0; //count
auto UINT32 ulWriteAccessStart = 0;
auto UINT16 ulWriteAccessSize = 0;
auto UINT32 ulProjStart = 0;
auto PUCHAR pPassword = pKeyBuf;


[/b] Find the offsets to the WRITEACCESS record and
OBPROJ record. They should be near the beginning
of the Book.
WriteAccess record comes before ObProj record
[b]

Ishem potok 0x005C
do
{
uCount2 = *(UINT16*) (pBuffer + uCount + 2);
uCount = uCount + *(UINT16*) (pBuffer + uCount + 2) + 4;
*pKeyOffset = *pKeyOffset + ((uCount2 &0x000F) + 4) % 0x10;

}
while ((*(UINT16*) (pBuffer + uCount ) != 0x005C) &&
( (uCount + *(UINT16*) (pBuffer + uCount + 2) + 4) <= ulSize));

ulWriteAccessStart = uCount + 4;
ulWriteAccessSize = *(UINT16*) (pBuffer + uCount + 2);
uCount = ulWriteAccessStart;

esli v dannom kyske net takogo potoka, to zagryzit' sledushii kysok
if ( (uCount + ulWriteAccessSize) > ulSize )
{
*uShift = (uCount - 4);
//*uShiftOffset = uCount -4;
return 0;
}


while ((uCount < (ulWriteAccessStart + ulWriteAccessSize - 0x20)) &&
(uKey1 !=0xFFFFFFFF))
{

uKey1 = *(UINT32 *)(pBuffer + uCount);
uKey2 = *(UINT32 *)(pBuffer + uCount+0x4);
uKey3 = *(UINT32 *)(pBuffer + uCount+0x8);
uKey4 = *(UINT32 *)(pBuffer + uCount+0xC);

if ((uKey1 == *(UINT32 *)(pBuffer + uCount+0x10)) &&
(uKey2 == *(UINT32 *)(pBuffer + uCount+0x14)) &&
(uKey3 == *(UINT32 *)(pBuffer + uCount+0x18)) &&
(uKey4 == *(UINT32 *)(pBuffer + uCount+0x1C)))
{


if (GetEncryptionKeyAdd((LPVOID *)phDoc,
pBuffer+uCount,pPassword,
*pKeyOffset))
{
Key found
return 1;
}
*pKeyOffset = (*pKeyOffset + (UINT16)(uCount - ulWriteAccessStart )) % 0x10;
}

uCount ++;
}

*uShift = 0;
return 0;
}

BOOL WINAPI DecryptExcel95Strm(PHDOCSESSION phDocSession,
PUCHAR pBuffer,
UINT32 uBuffSize,
PUCHAR pPasswordKey,
UINT8 *uKeyNumber,
UINT32 *uShift
)
{
auto LPMCDOC phDoc = (LPMCDOC)phDocSession;
auto UINT32 uCount = 0;
auto UINT16 uCount2 = 0;
auto UINT32 uStart = 0;
auto UINT32 uBfSize = uBuffSize;
auto UINT16 uChSize = 0;
auto UINT8 uDecode = 0;
auto UINT8 uEncode = 0;
auto UINT8 uPswKey = *uKeyNumber;

if (!phDoc->hDocStream.uNeedDecrypt)
{/*Esli kluchevoe slovo poka ne naideno*/

do
{
uPswKey = *uKeyNumber;
uCount2 = *(UINT16*) (pBuffer + uCount + 2);
uCount = uCount + *(UINT16*) (pBuffer + uCount + 2) + 4;
*uKeyNumber = *uKeyNumber + ((UINT8)(uCount2 &0x000F) + 4) % 0x10;
}
while ((*(UINT16*) (pBuffer + uCount ) != 0x005C) &&
( (uCount + *(UINT16*) (pBuffer + uCount + 2) + 4) <= uBfSize));

if (*(UINT16*) (pBuffer + uCount ) == 0x005C)
{
phDoc->hDocStream.uNeedDecrypt = 1;
}

}
uCount = uCount + 4;
uStart = uCount;
uChSize = *(UINT16*) (pBuffer + uCount - 2) ;

do
{

if ( (uCount + uChSize) > uBfSize )
{
*uShift = uBfSize - (uCount - 4);
return 0;
}


while (((uCount - uStart) < uChSize) && (uCount < uBfSize))
{
uPswKey = (*uKeyNumber + (UINT8)(uCount - uStart)) % 0x10;

uEncode = pPasswordKey[uPswKey];
uDecode = *(UINT8*) (pBuffer + uCount );

*(UINT8*) (pBuffer + uCount ) = Cipher(uEncode,uDecode,0);

uCount ++;
}

uChSize = *(UINT16*) (pBuffer + uCount + 2) ;
*uKeyNumber = *uKeyNumber + ((UINT8)(uChSize & 0x000F) + 4) % 0x10;
uCount = uCount + 4;
uStart = uCount;

}
while ((uCount + 4) < uBfSize);



return 1;
}


BOOL WINAPI DecryptExcel95Book(FILE * fp,
PHDOCSESSION phDocSession)
{
auto LPMCDOC phDoc = (LPMCDOC)phDocSession;
auto UINT8 uFlag = 0;
auto UINT32 uCount = 0;
auto UINT8 uKeyOffset = 0;
auto UINT16 uSize = BUFFER_SIZE;
auto UINT16 uBufOffset = 0;
auto UINT16 uPrevRec = 0;
auto UINT32 uBufferSize = 0;
auto UINT32 uOffset = phDoc->hDirStream.uWORKBOOK95Offset;
auto UINT32 uFullSize = phDoc->hDirStream.uWORKBOOK95Size;
auto UINT32 uShift = 0;
auto UINT32 uShiftOffset = 0;
auto PUCHAR pBuffer = NULL;
auto PUCHAR pPasswordKey = phDoc->hDocStream.pMainPassword;
auto PUCHAR pRecHeader = NULL;

if (phDoc->hDocStream.uPasswordStatus == NO_PASSWORD)
{
return FALSE;
}

pBuffer = McPermMemAlloc(uSize+0x40);

while ((uCount < uFullSize) && (!uFlag))
{

uOffset = ReadStream(fp,(LPVOID *)phDoc,pBuffer,uSize,
uOffset,uShift,uShiftOffset,uFullSize);
uCount = uCount + uSize + uShift;
uShift = 0;

if (uOffset == 0xFFFFFFFF)
{
phDoc->hDocStream.uPasswordStatus = PASSWORD_FAIL;
return FALSE;
}

uFlag = GetExcelEncryptionKey((LPVOID *)phDoc,pBuffer,uSize,
pPasswordKey, &uKeyOffset,&uShift);
uShiftOffset = uSize - uShift;

if ((uFullSize - uCount) < BUFFER_SIZE)
{
uSize = (UINT16) ((uFullSize - uCount) / phDoc->uMiniSectorSize +1)[/b]
phDoc->uMiniSectorSize;
}

}

if (!uFlag)
{
phDoc->hDocStream.uPasswordStatus = PASSWORD_FAIL;
return FALSE;
}

chtenie dannux iz potoka dlya razshifrovki
uSize = BUFFER_SIZE;
uOffset = phDoc->hDirStream.uWORKBOOK95Offset;
uShift = 0;
uKeyOffset = 0;
uCount = 0;

while (uCount < uFullSize)
{
uOffset = ReadStream(fp,(LPVOID *)phDoc,pBuffer,uSize,
uOffset,uShift,uShiftOffset,uFullSize);
uCount = uCount + uSize; + uShift;
uShift = 0;


if (uOffset == 0xFFFFFFFF)
{
phDoc->hDocStream.uPasswordStatus = PASSWORD_FAIL;
return FALSE;
}

DecryptExcel95Strm((LPVOID *)phDoc,pBuffer,uSize,
pPasswordKey,&uKeyOffset,&uShift);

uShiftOffset = uSize - uShift;

if ((uFullSize - uCount) < BUFFER_SIZE)
{
uSize = (UINT16) ((uFullSize - uCount) / phDoc->uPrimarySectorSize +1) *
phDoc->uPrimarySectorSize;
}

}

McPermMemFree(pBuffer);
return TRUE ;
}


Eto tol'ko vuzhimka. Esli nyzhna sama proga, po emaily.
 

в начало страницы | новое
 
Поиск
Настройки
Твиттер сайта
Статистика
Рейтинг@Mail.ru