?
Solved

StarOffice Password protected file Help!

Posted on 2009-07-07
2
Medium Priority
?
391 Views
Last Modified: 2012-05-07
I have a close family friend who's husband has just passed away, Ive been helping her gain access to her husbands laptop ect, he was the accountant for the family business, He used Star office version 8, the problem we have is many of his files are password protected.

I have 2 questions

1) How many attempts can the wife have to try and guess the password before she's locked out of the file?
2) Is there any way to hack/bypass these passwords? (3rd party software, a company ect ect)

I would really appreciate your help as the family's bank manager is visiting on Wednesday to go over the health of the business and many of these important financial files are locked.

Thanks in advance

Darren
0
Comment
Question by:D_Mclean
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 24793443
Ok, from the top.

you can try guessing as many times as you like - there is no magic lockout; but there is also no halfway result, either a guess is correct, or it doesn't work (so if you try I_love_cookies but the password was I_Love_Cookies you won't get in)

there is a commercial crack tool, but it isn't instantaneous - in fact, it can take days or weeks to run.
http://www.intelore.com/openoffice-password-recovery.php

There is also a free tool here:
http://sourceforge.net/projects/ooomacros/files/

which is purely a dictionary tool - you have to give it a list of possible passwords, but it is much faster than trying each one in turn by hand.

staroffice files are very secure indeed. At the base, they are zipfiles - so you can open them using any zip file tool (http://www.7-zip.org/ being my usual choice)

inside, you will find a manifest (xml file in a subdir called META-INF) which you can edit with notepad. this gives details of what is stored where inside the zipfile, and if it is encrypted, what the checksum of the password is.

here is a typical entry:

 <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="content.xml" manifest:size="2939">
  <manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="vsANgJ9HW/9Z0tfHwvzX1HOROGs=">
   <manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="yOxT+y66yJg="/>
   <manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="qdlQxndpRh0cANpXCVhjXw=="/>

note this specifies that the encryption is blowfish (only supported algo), and the hash is SHA1 (only supported hash). Blowfish is uncrackable. no, really, there isn't a hope of breaking it unless you can guess the password.

the hash is the clue - it will let you test if you got a guess right or wrong, without having to try each password in turn in the package. This is how the crackers work - they try every possible password (either from a list you supply, or by starting at aaaaa and working their way towards z) and test the answer against the hash. if the hash says they got it right, they can then try decrypting the actual document.

however, this is called a brute force attack - trying many passwords until you find one that works - and it can take a fairly long time to do, even on a modern computer.
0
 

Author Comment

by:D_Mclean
ID: 24793828
Thats excellent info Dave exactly what I need, ive certainly got enough to be going on with that lot.

Thanks very much

Darren
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month10 days, left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question