You are currently viewing the Excel VBA section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
I should preface this reply by saying that I am not a big fan of helping people crack Excel as it is generally illegal. I will however outline how password protection works in Excel so that others here understand just how secure their password protected data is.
There are three flavours of password protection in Excel and each one requires a different approach to circumvent.
Sheet / Workbook protection: The protection here is laughably insecure with Excel converting your supplied password into one of 192,512 different binary combinations. All you need to do is write a bit of code that loops through all binary combinations of password and sooner or later you'll get lucky and open it. You can write a procedure in VBA to open this protection in about 2 minutes at the worst.
VBA code protection: The encryption of the password is altogether of a stronger flavour here. There's no easy try all the possible combinations method available. However, by inspecting the binary code of the file it is possible to infer the password (in older versions of Excel) or remove the password (in all current versions of Excel). This is no simple process but is sufficiently widely know that there are programs you may buy out there that will give a 100% password removal within seconds. Beware since this is the case it should always be assumed that a sufficiently determined hacker will get into your VBA code.
File Open Protection: This is the strongest and best password protection. I am pretty sure that the encryption here is as strong as the US government will allow civilian companies to sell outside the US as stronger encryption is considered to be a military weapon. There is no backdoor cracking method available for this so the only way to open it is to correctly guess the password or to try every possible encoded option. A lot of times people will select "weak" password, such as a name, date or word. In this instance the quickest way in is a so-called dictionary attack, where all likely weak passwords are iterated through by a program (hence dictionary). This would always be the first port of call for attempting to open a protected Excel file. Be warned that if you use such weak passwords then pretty much anyone can again buy software to crack your files open in a relatively short time period (couple of hours at most). If the dictionary attack fails then the next port of call is to try every possible combination. This is much the same principle as the method by which you crack sheet protection however there are many, many more combinations to try. Practically this can only be achieved by setting a supercomputer to the task for several days. However, once again, there are companies out there that will, for a fee, set aside their supercomputers to help you out. They may well ask you security questions to verify that you're not acting illegally.
Well anyway that's about all I know on the matter. The long and the short of it is that if you're determined to get into all but the most simple of protection you can do it so long as you pay someone.