Results 1 to 2 of 2

Thread: Extract hash for offline attack (Office 2007)

  1. #1

    Extract hash for offline attack (Office 2007)

    This might be better off in the newbies section, but I thought I would start it here and if a moderator feels it needs to be moved - no worries.

    Since Amazon are offering free trials with their EC2 cloud infrastructure, I was looking to mess around with some CUDA coding to utilise their large GPU clusters (inspired by the SHA1 stuff at http://stacksmashing.net/2010/11/15/cracking-in-the-cloud-amazons-new-ec2-gpu-instances/).

    To the best of my knowledge, and please feel free to correct me if I am wrong (I usually am!), Office 2007 now implements ECMA-376 standard with SHA-1 hash and AES-128 encryption (50000 hash rounds) (source : http://blog.crackpassword.com/2009/07/office-2010-two-times-more-secure/).

    My questions are as follows :

    1. Does anyone know how to extract the hash from an Excel 2007 file so that we can attack it in the cloud

    2. Has anyone seen any papers relating to using GPU clusters to do this (I can't find any but don't want to re-invent the wheel if I don't need to)

    3. Can anyone shed any light on the exact implementation used by Office and where I might find the ECMA-376 standard implementation to start working from

    Many thanks in advance

    bb
    Last edited by bboitano; February 3rd, 2011 at 09:58. Reason: clarifcation

  2. #2
    As usual, after posting here, a partial solution presented itself.

    After digging through the OpenXML documentation and ECMA standards I was able to determine that the data I was looking for are being held in the EncryptionHeader structure.

    Sample code to extract the hash and the implementation can actually be found here
    http://offcrypto.codeplex.com/

Similar Threads

  1. Replies: 1
    Last Post: January 10th, 2014, 18:05
  2. File wasm-offline-08-10-2007.zip
    By trietptm in forum Off Topic
    Replies: 7
    Last Post: December 16th, 2012, 13:06
  3. Extract Sequence of assembly codes during runtime ???
    By mansourweb in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: February 18th, 2011, 16:43
  4. anyone know what type of hash this is?
    By twisted in forum RCE Cryptographics
    Replies: 2
    Last Post: November 26th, 2010, 04:57
  5. IDA plugin: Extract (UnRot13) and analyze
    By ZaiRoN in forum Blogs Forum
    Replies: 2
    Last Post: October 27th, 2007, 08:20

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •