Lost Pass Word

Isaac_Cajina · November 26, 2014, 6:40am

I need to open some documents and I do not remember my pass word. I need
you help.
Thanks.

elderdanlewis · November 26, 2014, 4:04pm

There is a reason for encrypting a document: to prevent others from seeing it if they do not know the password. LibreOffice does an excellent job of this. Most likely you will not be able to open these documents. The only hope you have is have used a simple password that has a significant value in your life and you go through what these are trying them as passwords. Otherwise, it would take access to a super computer running for a few hours to break the password. (This is expensive.)

Dan

Mailer_Daemon · November 26, 2014, 4:07pm

If they are the passwords for your documents, you may be out of luck. You can try password cracking programs like John the Ripper - there are probably some that will try to crack encrypted documents. Google "LibreOffice password cracker" for some suggestions.

Tom_Davies1 · November 26, 2014, 4:32pm

Hi
It's worth trying to open the documents in some other office suite or
program. If the documents are old enough than you might be able to open
them in Microsoft Office.

I've only done it the other way around though. An MS Office document
opened in LibreOffice just by double-clicking it, and later i found the
document had supposedly been password-protected (but not encrypted).
Regards from
Tom

Cley_Faye · November 26, 2014, 5:13pm

It will only ever work this way, not the other.

For reference, old .doc where simply flagged as "password protected", which
of course got us OpenOffice/LibreOffice simply opening them without warning

On the other hand, open password for .odt (and other open document formats)
always implied some form of encryption. Granted, previous versions might
have used what is now weak encryption, but still it is not something that
can be opened easily without password, especially if the file is
manipulated on a regular basis, as recent versions of LibreOffice might
simply have overwritten the old encryption with something more up to date.

I'm afraid that beside brute-force (using a dedicated program) or an
unencrypted backup there is no much hope.

toki · November 26, 2014, 8:42pm

LibO 3.4.5 and lower can write files whose password protection relies on
Blowfish;
LibO 3.4.4 and lower can read files whose password protection relies on
Blowfish;
LibO 3.4.5 and higher can read files whose password protection relies on
AES-256;
LibO 3.5.0 and higher can write files whose password protection relies
on AES-256;

The Crypto++ library contains routines for encrypting/decrypting
blowfish, AES-256, and other algorithms for ciphers.

In 2001, four or five firms, worldwide, offered commercial OOo password
recovery services.

One of the firms frankly admitted that they used brute force. The setup
fee paid for the computers used for the "attack". The monthly fee
covered the utility bills that the "attack" generated. FWIW, this firm
now appears to be out of business.

Once upon a time, there was an extension that did password recovery. I
don't know how well it works/worked. I couldn't find it, when I searched
the LibreOffice and Apache OpenOffice archives today.

There are a couple of commercially distributed tools that _might_ work.

The time required to brute force a solution can be reduced if:
* The length of the password is known;
* Part of the password is known;
* Which glyphs the password uses are known;

This issue comes up often enough, that I'm surprised I can't find an
open source tool to brute force ODF passwords. It is a straightforward
algorithm.

Guess_password
Throw_at_document
If fails Guess_password
If success read_document

Guess_password is simply repeat until loops.

jonathon

Cley_Faye · November 26, 2014, 9:49pm

If you're motivated, here's a piece of code that attempt a very poor
bruteforce, but have all the pieces needed to make a real brute-force app.
(disclaimer: this is like the monster from frankenstein, I cut & pasted
code from all around the web, as I have zero knowledge about Java bindings
for UNO).
http://pastebin.com/cQJnA8F6

It will try to open a file located at e:\test.odt, and use passwords from
"tota", "totb", "totc"... to "tott" (more or less). Still, it is probably
very easy to change it so that it use proper, parametrized passwords
guess, and have some form of UI. If no one else look into this, I might
give it a go.

(for this stub to work, you need a running instance of libreoffice started
with the command line "$ soffice.exe -accept=socket,host=0,port=2002;urp;")
It is 100% possible to integrate this better, in a way that would
automatically launch an invisible instance of LibreOffice. In fact the
first SDK sample does this, but as I run a 64-bit version of Java, I had to
go this way. YMMV.

Tom_Davies1 · November 27, 2014, 5:01pm

Hi
I really like the way people on this mailing list go that extra mile for
people.

Even if it's a Frankenstein's monster it might well be a good start
Many thanks and regards from
Tom

toki · November 28, 2014, 9:29pm

Found it:
http://sourceforge.net/projects/ooomacros/files/PasswordCracker/Version 1.0/

This is for either OOo 1.1.x, or OOo 2.x.
It won't work for LibreOffice 3.x or LibreOffice 4.x

If one expects to crack the password within a reasonable period of time,
one has to know some basic information about the forgotten password.