Jump to content
Nytro

msoffcrypto-tool

Recommended Posts

msoffcrypto-tool

PyPI version Build Status Coverage Status Documentation Status

 

msoffcrypto-tool (formerly ms-offcrypto-tool) is a Python tool and library for decrypting encrypted MS Office files with password, intermediate key, or private key which generated its escrow key.

 

Early PoC version: https://github.com/nolze/ms-offcrypto-tool/tree/v0.1.0

Install

pip install msoffcrypto-tool

Examples

As CLI tool (with password)

msoffcrypto-tool -p Passw0rd encrypted.docx decrypted.docx

Test if the file is encrypted or not (exit code 0 or 1 is returned):

msoffcrypto-tool --test -v document.doc

As library

Password and more key types are supported with library functions.

import msoffcrypto

file = msoffcrypto.OfficeFile(open("encrypted.docx", "rb"))

# Use password
file.load_key(password="Passw0rd")

# Use private key
# file.load_key(private_key=open("priv.pem", "rb"))
# Use intermediate key (secretKey)
# file.load_key(secret_key=binascii.unhexlify("AE8C36E68B4BB9EA46E5544A5FDB6693875B2FDE1507CBC65C8BCF99E25C2562"))

file.decrypt(open("decrypted.docx", "wb"))

Supported encryption methods

MS-OFFCRYPTO specs

  • ECMA-376 (Agile Encryption/Standard Encryption)
    • MS-DOCX (OOXML) (Word 2007-2016)
    • MS-XLSX (OOXML) (Excel 2007-2016)
    • MS-PPTX (OOXML) (PowerPoint 2007-2016)
  • Office Binary Document RC4 CryptoAPI
    • MS-DOC (Word 2002, 2003, 2004)
    • MS-XLS (Excel 2002, 2003, 2004) (experimental)
    • MS-PPT (PowerPoint 2002, 2003, 2004)
  • Office Binary Document RC4
    • MS-DOC (Word 97, 98, 2000)
    • MS-XLS (Excel 97, 98, 2000) (experimental)
    • MS-PPT (PowerPoint 97, 98, 2000)
  • ECMA-376 (Extensible Encryption)
  • XOR Obfuscation

Other

  • Word 95 Encryption (Word 95 and prior)
  • Excel 95 Encryption (Excel 95 and prior)
  • PowerPoint 95 Encryption (PowerPoint 95 and prior)

PRs welcome!

Todo

  • Add tests
  • Support decryption with passwords
  • Support older encryption schemes
  • Add function-level tests
  • Add API documents
  • Publish to PyPI
  • Add decryption tests for various file formats
  • Merge to more comprehensive projects handling MS Office files (such as oletools?) if possible
  • Support decrypting encrypted macros
  • Support decrypting encrypted Excel worksheets
  • Support decrypting editing protection
  • Support encryption

 

Sursa: https://github.com/nolze/msoffcrypto-tool

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...