Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Extract hash for offline attack (Office 2007)

To discuss DES MD5 El-Gamal RSA PGP and others....
Locked
bboitano
Member
Posts: 33
Joined: Fri Feb 17, 2006 8:53 am

Extract hash for offline attack (Office 2007)

Post by bboitano »

This might be better off in the newbies section, but I thought I would start it here and if a moderator feels it needs to be moved - no worries.

Since Amazon are offering free trials with their EC2 cloud infrastructure, I was looking to mess around with some CUDA coding to utilise their large GPU clusters (inspired by the SHA1 stuff at http://stacksmashing.net/2010/11/15/cra ... instances/).

To the best of my knowledge, and please feel free to correct me if I am wrong (I usually am!), Office 2007 now implements ECMA-376 standard with SHA-1 hash and AES-128 encryption (50000 hash rounds) (source : http://blog.crackpassword.com/2009/07/o ... re-secure/).

My questions are as follows :

1. Does anyone know how to extract the hash from an Excel 2007 file so that we can attack it in the cloud

2. Has anyone seen any papers relating to using GPU clusters to do this (I can't find any but don't want to re-invent the wheel if I don't need to)

3. Can anyone shed any light on the exact implementation used by Office and where I might find the ECMA-376 standard implementation to start working from

Many thanks in advance

bb
bboitano
Member
Posts: 33
Joined: Fri Feb 17, 2006 8:53 am

Post by bboitano »

As usual, after posting here, a partial solution presented itself.

After digging through the OpenXML documentation and ECMA standards I was able to determine that the data I was looking for are being held in the EncryptionHeader structure.

Sample code to extract the hash and the implementation can actually be found here
http://offcrypto.codeplex.com/
Locked