'Best method' to Recover Password of XLSX File
Q: I need to recover xlsx file password. What are the 'best method' or 'best program' out there?
A: An xlsx file means that it is a Microsoft Excel 2007-2019 document. Currently, the only option for files of this format would be a brute-force attack without any guarantees of successful result. The more complex and longer the password is, the more time it will take to find it.
But the good news about xlsx files is that for this file format GPU acceleration on AMD/NVIDIA graphics cards is a feasible option. If a password cracking program supports video cards, the search will run much faster (possibly even several times faster).
It is also a good idea to "clear" the range of possible passwords of any obviously unfit combinations. If you know the password structure, its length, order of characters that make up the relevant character set, or possible word entries, you should definitely make the best use of this knowledge.
Try Accent OFFICE Password Recovery by Passcovery.
The program accelerates on NVIDIA/AMD graphics cards and offers range customization options:
- use the extended mask option to define character sets individually for each position in the password
- mutate and blend dictionaries to cover passwords made up of sets with (modified) words
|Accent OFFICE Password Recovery
for Microsoft Office and OpenOffice/LibreOffice
Three burning questions about password attacks
Brute force attack aka brute force search or exhaustive search is a password recovery method that consists in sequential iteration of options until you discover the one correct combination.
As a rule, the method allows setting up a few simple preconditions for password generation, i.e. character sets, the minimum and maximum password length. Then passwords are generated according to these criteria and each password is then tested until the correct one is found.
The longer the password and the charset, the more combinations you will need to test and the longer the brute force search will take.
Dictionary attack is a kind of brute force search, only in it does not generate passwords but reads from pre-compiled files, the so-called dictionaries.
There is an enormous number of various dictionaries:
- dictionaries of popular passwords
- themed dictionaries
- dictionaries in different languages
The program that performs a dictionary attack simply reads the wordlist line by line from the dictionary and tests each word in search of the correct password.
See examples of dictionaries here.
Here is a program to recover passwords of most popular file formats that supports multilingual Unicode dictionaries.
There are several password attacks to tackle popular versions of Excel format:
- brute force attack (exhaustive search) with enumerating all possible options (for Microsoft Office 2007 files and higher editions it is possible to use GPU acceleration on NVIDIA/AMD video cards)
- mask attack that only brute-forces the unknown part of the password
- extended mask attack that performs a brute force search with variable character sets
- dictionary attack that brute-forces using words from the given wordlists (dictionaries)
- dictionary attack with merging and mutations that enables merging and mutation of dictionaries
- attack on encryption key that brute-force searches an encryption key, not the password (only applicable to files saved in Microsoft Office 97-2003 compatibility mode)
Please note, as this is important: password for the latest versions of Excel (Word/PowerPoint) can only be recovered by the brute force attack. The search time will depend on the complexity of the password and the format version.
For older versions of Excel 2-95, the password is cracked instantly, no matter the length and complexity of the password.
One such program that features all these attacks, enables GPU acceleration, encryption key search, and supports all versions of Microsoft Office files is AccentOPR