Results 1 to 11 of 11
  1. #1
    3 Star Lounger
    Join Date
    Feb 2003
    Posts
    363
    Thanks
    0
    Thanked 0 Times in 0 Posts

    code security (2000)

    I'm still playing with improving code security.
    The password cracking programs I have seem to
    require opening the excel wbk then attacking it.
    To get around this I have created an addin with
    a password to open it. Most of what I have read
    indicates that this type of protection is difficult
    to break.
    The first question I'm asked is: "Well, how can
    I use your Addin if I can't open it.?
    I'm using compiled Visual Basic as a Front End
    Loader to open the Addin with the correct password
    then it quietly excuses itself leaving the Addin to
    do it's thing.
    The front loader also disables such things as
    Alt+F11
    Tools>Customize menus
    SaveAs
    etc

    I've attached a Workbook (MyTestAddin.xls) that has a simple Hello World
    sub in it. ----I tried to upload it as an xla file but was blocked,
    but I think the xls will act the same. ----
    I'm curious if anybody can crack this open.
    Keep in mind you won't be able to actually *use* it
    to test the sub if you can't first open it. So, the question
    is: Can it be Opened?

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: code security (2000)

    Note: it is not necessary to use Enter to break lines manually, only to end a paragraph. The browser will automatically wrap lines according to the size of the window.

  3. #3
    3 Star Lounger
    Join Date
    Feb 2003
    Posts
    363
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: code security (2000)

    Hans,
    Thanks for the pointer. I think I got in the habit when including code as part of a message, When I would preview such post there would be a warning to truncate the lines - limiting their widths to about 60% of the page width. To avoid going back and shortening each line I started doing a line-break as a matter of course. I'll try to modify this.
    Thanks

  4. #4
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: code security (2000)

    The reason for the warning you mention is that text between <!t>[pre] and <!t>[/pre] tags is *not* wrapped automatically. All other text is wrapped automatically.

  5. #5
    3 Star Lounger
    Join Date
    Feb 2003
    Posts
    363
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: code security (2000)

    I think this clarifies it better for me: if I understand it, I only need to truncate the code lines but not the msg lines, ie when the code is wrapped with [pre]

  6. #6
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: code security (2000)

    Yes, that is correct.

  7. #7
    3 Star Lounger
    Join Date
    Feb 2003
    Posts
    363
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: code security (2000)

    Thanks.
    Any ideas on accessing the code in a password-protected workbook? That is, protecting the wbk from being OPENED with a password.

  8. #8
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: code security (2000)

    I don't have any password cracking tools, so I can't help you here.

  9. #9
    WS Lounge VIP rory's Avatar
    Join Date
    Dec 2000
    Location
    Burwash, East Sussex, United Kingdom
    Posts
    6,280
    Thanks
    3
    Thanked 191 Times in 177 Posts

    Re: code security (2000)

    Paul,
    The short answer is yes - there are online services which effectively give you paid-for access to grid computing to do things like this. As the protection method in XL2000 was not as secure as later versions, I believe they will guarantee to crack it. Note also, that the spreadsheet can be decrypted rather than having to crack a password (I don't offhand know if this includes the code) and there are only about 65k key combinations for the decryption routine to go through.
    Having said all that, I have left it running on my PC at home to see if it is crackable using a typical password recovery program within a reasonable period.
    Regards,
    Rory

    Microsoft MVP - Excel

  10. #10
    3 Star Lounger
    Join Date
    Feb 2003
    Posts
    363
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: code security (2000)

    Rory
    Thanks for the update. A search of the internet provided me with the following site: http://www.lostpassword.com/excel.htm which has a free demo version that will find a File-Open password using a few different algorithms - without the need to first open the file. I downloaded and tested it. The Brute-force method worked quickly if the password only contained 2 characters (eg "R5"). The 2-character limit was the max allowed for the Demo. However, the user is allowed to set many parameters in the program such as whether to include: upper case, lower case, numerals, special characters, number of characters etc. The interesting feature was a cmd button that would return the amount of estimated time to run the algorithm per your selections. By making the password contain a mix of all the above with 15-20 characters, the estimated time to find the password went to 30-40 DAYS!
    I think that would deter most day-hackers. The license fee would be a lot easier.

  11. #11
    WS Lounge VIP rory's Avatar
    Join Date
    Dec 2000
    Location
    Burwash, East Sussex, United Kingdom
    Posts
    6,280
    Thanks
    3
    Thanked 191 Times in 177 Posts

    Re: code security (2000)

    Paul,
    You are probably right about the average would-be hacker! Elcomsoft offer a password breaking program which, on 97/2000 files, guarantees to decrypt the file in no more than ten days on a P4 machine, but since it costs
    Regards,
    Rory

    Microsoft MVP - Excel

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •