Decrypting a password protected LibreOffice Calc .ods file (forgotten password)

password encryption libreoffice

Sometime ago I created an .ods file with Libreoffice Calc which I password protected. I have now forgotten the password and as a result I am unable to access the file. Is there any way of bypassing or recovering the password, e.g. as root using the terminal?


Solution 1:

Opening the .ods file as root will still not allow you to retrieve the file contents because those are encrypted which is beyond the power of a root user.

MiJyn suggested the use of password crackers for OpenOffice.org. These programs often use brute-force or dictionary-based attacks. I would not use such a closed-source programs from random, untrusted sources as suggested. Virus scanners do not find everything, so you still cannot trust the executable because ClamAV detects nothing.

Since LibreOffice is open source, I'd start with looking up what kind of encryption it uses. Ubuntu 12.04 ships with LibreOffice 3.5. According to http://wiki.documentfoundation.org/ReleaseNotes/3.5#Different_Encryption_Algorithm, it uses a 256-bits AES cipher.

This mailing list post also makes clear that the password is derived using PBKDF2 which means that brute-forcing will be much slower with a sufficient high iteration count.

Since .ods files are just Zip files, I tried to encrypt the file and extracted the contents. As expected, the contents of the document are encrypted and indistinguishable from random bytes. Of course there exist some unencrypted metadata, one of them being META-INF/manifest.xml. My example encrypted spreadsheet contained the following interested parts:

<manifest:encryption-data manifest:checksum-type="urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k" manifest:checksum="48KzqP1PL7Wu/YTtHzlN0buJeUmigGT247dZ6Wrj10s=">
<manifest:algorithm manifest:algorithm-name="http://www.w3.org/2001/04/xmlenc#aes256-cbc" manifest:initialisation-vector="82mrg52Yifh1iIye5W0xuw=="/>
<manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:key-size="32" manifest:iteration-count="1024" manifest:salt="hUZrwD1BWkODYVklZiScqA=="/>
<manifest:start-key-generation manifest:start-key-generation-name="http://www.w3.org/2000/09/xmldsig#sha256" manifest:key-size="32"/>

From that we can learn that LibreOffice uses a SHA256 hashing algorithm for checking data integrity, AES256 in CBC mode. The 32-byte password is derived from your password using PBKDF2 with 1024 iterations.

A paper on decrypting ODF files is available here, these contain nice information to craft your own brute-forcer but are probably not suitable for the average user.

As with most encryption products, password recovery is near impossible. I suggest:

  • If the file just contains bookkeeping for a week, just start over and do not waste time on decrypting the file.
  • Try to recall the password if you want to decrypt the file.
  • If you are going to use a brute-force program, do not use a random program found on the internet. Try to find an open-source program. If you only find closed-source programs, download it from a reliable source and ensure that it has good reviews (from several sources), put it through https://www.virustotal.com and check again that the program you are trying is legit.

Solution 2:

Answer was based on the conversation I had with the OP in the comments

There is no way of bypassing the password because if it was possible, it would completely defeat the purpose of having a password-protected document (the only people who would not want to use the password by-passer is the ones who have the password). The only option is to actually use a password cracker. This method is legal if, and only if you are the owner of the document, or the person who sent you the document gave you permission to crack the password. But, of course, these days no one cares about being on the right side of the law :P

So if you are still interested in doing so, here is another drawback of this technique (yay!): It takes a very long time because it has to find every single possible password combination. Just some very basic math here, if it takes 1 millisecond to try a password, and the password is ASCII encoded, 5 characters long, then it would take 56 weeks to find it. If you have a very fast computer (maybe even a supercomputer), it would take around 5-10 microseconds per password, so it would take 1.5-3 days to calculate it. If you use a graphics card instead of your CPU, it will be able to calculate passwords much faster, as GPUs usually have around 300-2000 cores.

Another problem, specific to OpenOffice passwords, is that OpenOffice has very good encryption methods, making it much longer and harder to find passwords. This means that only a brute-force attack (the slowest attack) will work!

Now that you have a short introduction to password cracking, some quick googling lead me to this site: http://www.filebuzz.com/fileinfo/37067/OpenOffice_Writer_Password_Recovery.html. Haven't tried it yet, but it should work if you have WINE installed. I did a small virus check with ClamAV and it seems ok.

EDIT: Seems like that one only supports Writer passwords. Here is the same program, apparently engineered for Calc passwords. Notice that I have not tried that one either, but I have virus checed that one with ClamAV too: http://www.sharewareconnection.com/download-openoffice-calc-password-recovery-from-sharecon.html

EDIT 2: Lekensteyn posted a way better way of doing this than using an untrusted .exe file. I highly recommend using his way instead!

EDIT 3: Based on the method Lekensteyn posted, I wrote a little tool that implemented it, located here: https://github.com/MiJyn/ooo-pass-recover/downloads. It is, of course, open-source (just click on "code" from the download link). All it is is just an interface to ODFJlib by Ringlord (same person that made the document Lekensteyn posted). Notice that this tool is written in Java, and is rather slow (243 keys/sec on my computer). I will try to optimize it for multiple cores though.

Example of usage:

java -jar ./ooopassrecover.jar file.ods

Solution 3:

I found a very simple way to unlock a sheet (open office 1.0) but should be similar on other versions.

  • Change extention .ods to .zip
  • unzip the file in a folder.
  • Find the document.xml or content.xml file it contains.

  • Edit this xml file to find something like this:

    table:name="*****" table:style-name="ta1" table:protected="true" table:protection-key="wUuUTMMJGNiaa2+yng4cFP6WeFg="

delete the two elements:

 table:protected="true" table:protection-key="wUuUTMMJGNiaa2+yng4cFP6WeFg="

copy the modified document.xml in the originel zip file give back the .ods extention to that file That's done: your sheet is no longer protected!

Related

Dell Inspiron 1525, Upgraded to 12.04 and have lost Wireless Internet Connection [duplicate]
Why am I getting this error while using gedit?
Update information is outdated
script to open terminal, run command and keep terminal open
gedit "cannot open display" , on remote computer , using ssh - Ubuntu 12.04 [duplicate]
exec: 2508: /tmp/install.dir.30906/Linux/resource/jre/bin/java: not found
Why does my Network shows different speed in a Terminal and in the Browser?
can't build gst-rtsp-server
Install applications on LiveCD/USB
How do I install the 'python-uno' package?
How to stop Gnome from overriding XKB layout
Is there a way to convert .xif files (created with Xerox Pagis app on old win 32 OS) to pdf?