Solved

StarOffice Password protected file Help!

Posted on 2009-07-07
2
379 Views
Last Modified: 2012-05-07
I have a close family friend who's husband has just passed away, Ive been helping her gain access to her husbands laptop ect, he was the accountant for the family business, He used Star office version 8, the problem we have is many of his files are password protected.

I have 2 questions

1) How many attempts can the wife have to try and guess the password before she's locked out of the file?
2) Is there any way to hack/bypass these passwords? (3rd party software, a company ect ect)

I would really appreciate your help as the family's bank manager is visiting on Wednesday to go over the health of the business and many of these important financial files are locked.

Thanks in advance

Darren
0
Comment
Question by:D_Mclean
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 24793443
Ok, from the top.

you can try guessing as many times as you like - there is no magic lockout; but there is also no halfway result, either a guess is correct, or it doesn't work (so if you try I_love_cookies but the password was I_Love_Cookies you won't get in)

there is a commercial crack tool, but it isn't instantaneous - in fact, it can take days or weeks to run.
http://www.intelore.com/openoffice-password-recovery.php

There is also a free tool here:
http://sourceforge.net/projects/ooomacros/files/

which is purely a dictionary tool - you have to give it a list of possible passwords, but it is much faster than trying each one in turn by hand.

staroffice files are very secure indeed. At the base, they are zipfiles - so you can open them using any zip file tool (http://www.7-zip.org/ being my usual choice)

inside, you will find a manifest (xml file in a subdir called META-INF) which you can edit with notepad. this gives details of what is stored where inside the zipfile, and if it is encrypted, what the checksum of the password is.

here is a typical entry:

 <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="content.xml" manifest:size="2939">
  <manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="vsANgJ9HW/9Z0tfHwvzX1HOROGs=">
   <manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="yOxT+y66yJg="/>
   <manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="qdlQxndpRh0cANpXCVhjXw=="/>

note this specifies that the encryption is blowfish (only supported algo), and the hash is SHA1 (only supported hash). Blowfish is uncrackable. no, really, there isn't a hope of breaking it unless you can guess the password.

the hash is the clue - it will let you test if you got a guess right or wrong, without having to try each password in turn in the package. This is how the crackers work - they try every possible password (either from a list you supply, or by starting at aaaaa and working their way towards z) and test the answer against the hash. if the hash says they got it right, they can then try decrypting the actual document.

however, this is called a brute force attack - trying many passwords until you find one that works - and it can take a fairly long time to do, even on a modern computer.
0
 

Author Comment

by:D_Mclean
ID: 24793828
Thats excellent info Dave exactly what I need, ive certainly got enough to be going on with that lot.

Thanks very much

Darren
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now