View Full Version : Extract hash for offline attack (Office 2007)

February 3rd, 2011, 09:56
This might be better off in the newbies section, but I thought I would start it here and if a moderator feels it needs to be moved - no worries.

Since Amazon are offering free trials with their EC2 cloud infrastructure, I was looking to mess around with some CUDA coding to utilise their large GPU clusters (inspired by the SHA1 stuff at http://stacksmashing.net/2010/11/15/cracking-in-the-cloud-amazons-new-ec2-gpu-instances/).

To the best of my knowledge, and please feel free to correct me if I am wrong (I usually am!), Office 2007 now implements ECMA-376 standard with SHA-1 hash and AES-128 encryption (50000 hash rounds) (source : http://blog.crackpassword.com/2009/07/office-2010-two-times-more-secure/).

My questions are as follows :

1. Does anyone know how to extract the hash from an Excel 2007 file so that we can attack it in the cloud

2. Has anyone seen any papers relating to using GPU clusters to do this (I can't find any but don't want to re-invent the wheel if I don't need to)

3. Can anyone shed any light on the exact implementation used by Office and where I might find the ECMA-376 standard implementation to start working from

Many thanks in advance


February 3rd, 2011, 10:56
As usual, after posting here, a partial solution presented itself.

After digging through the OpenXML documentation and ECMA standards I was able to determine that the data I was looking for are being held in the EncryptionHeader structure.

Sample code to extract the hash and the implementation can actually be found here