Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Apr 2021 14:39:08 +0200
From: magnum <>
Subject: Re: Extracting the hash from MS word

On 2021-04-28 01:31, Ian B wrote:
> On 27/04/2021 23:05 magnum penned these words:
>> On 2021-04-27 03:14, Ian B wrote:
>>> I am going through an old directory and binning/checking some old
>>> documents ~2005/6 there's a few encrypted word documents for which I
>>> have forgotten the password. I successfully recovered the hash and hence
>>> the password from a few with the script. However, for two
>>> of them this fails with the following issue
>>> em1.doc : invalid keySize
>>> Traceback (most recent call last):
>>>     File "./", line 3148, in <module>
>>>       ret = process_file(sys.argv[i].decode("utf8"))
>>>     File "./", line 3109, in process_file
>>>       passinfo = find_rc4_passinfo_doc(filename, workbookStream)
>>>     File "./", line 2553, in find_rc4_passinfo_doc
>>>       if typ == 3:
>>> UnboundLocalError: local variable 'typ' referenced before assignment

>> If latest code give you an error, we have a bug somewhere. If you're
>> willing to share one of those files with us (or just me, in private
>> email) we can have a look at it.
> Yep it is the latest, to be sure I just grabbed the one form your link, 
> identical issue. I'll email you the document, I doubt after 15 years or 
> so it is of interest just trying to check before I scrap :D I spent way 
> too much time but now I am intrigued to know what it is and why it is 
> proving tough.

This is now on GitHub.

Ian, best would be if you could apply the patch I posted and re-build, 
then possibly crack at least one of your documents using whatever 
knowledge you might have about possible passwords. If we just get a 
notice you succeed with that, we can commit some permanent code for this.

Failing that, we'd probably need to install some old Windows and old 
(pre 2003) Word (or Office) in a virtual machine, fiddle with the 
registry to disable 40-bit RC4 and/or enable 56-bit and try to create a 
sample document with a known password.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.