I made sample php native extension to decrypt ms-office 2007 document.

Source code is here

What php-ole can is to ..

1 . Read ole object stream as php-stream
2 . Compute secret key from EncryptionInfo Stream and password ( you specified )
EncryptionInfo Stream

So php-ole can’t decrypt oox document exactly.
But you can decrypt document to use php mcrypt extension and computed secret key.
Please refer to php sample code if you want to more details.

Requirement

1 . Unix or linux style os
2 . libgsf , libgsf-devel ( 3rd library )
3. PHP 5.3 or more
4. mcrypt php extension ( to decrypt AES document in sample php code)

Prepared to build
#yum install libgsf libgsf-devel

I just wrote to use pkg-config for libgsf in config.m4.

How to build

1. download zip (src files ) from github

2. build from src

#cd php-ole
#phpize
#./configure --enable-ole
#make; make install;
How to run the sample PHP code in archives
$cd php-ole
$php -f php/ole.php php/test/password_abc.docx

or ( if you don’t want to install so file )

$cd php-ole
$php -d extension=.libs/ole.so -f php/ole.php php/test/password_abc.docx

You can show the document password ‘abc’ in sample code( php/ole.php).
So when you use your own document file,
Please change the password.

expected console output

------ Class OleInfile method list --------
array(6) {
  [0]=>
  string(11) "__construct"
  [1]=>
  string(4) "open"
  [2]=>
  string(11) "numChildren"
  [3]=>
  string(9) "statIndex"
  [4]=>
  string(15) "getStreamByName"
  [5]=>
  string(17) "getEncryptionInfo"
}
=== document entries === 
array(2) {
  ["name"]=>
  string(11) "DataSpaces"
  ["size"]=>
  int(0)
}
array(2) {
  ["name"]=>
  string(14) "EncryptionInfo"
  ["size"]=>
  int(224)
}
array(2) {
  ["name"]=>
  string(16) "EncryptedPackage"
  ["size"]=>
  int(10328)
}
------ Class OleEncryptionInfo method list --------
array(4) {
  [0]=>
  string(14) "verifyPassword"
  [1]=>
  string(12) "getSecretKey"
  [2]=>
  string(11) "getVerifier"
  [3]=>
  string(15) "getVerifierHash"
}
====== OK ==== 

Related Posts

  • No Related Post

5 Responses to “php: decrypt (remove password ) ms-office 2007 document (oox)”

  • Thanh Clarke より:

    Caution, MCRYPT_RIJNDAEL_256 is not equivalent to AES_256. The way to make RIJNDAEL be decrypted from AES with openssl is to use MCRYPT_RIJNDAEL_128 and padd the string to encrypt before encrypting with the follwing function: <?php function pkcs5_pad ($text, $blocksize) { $pad = $blocksize – (strlen($text) % $blocksize); return $text . str_repeat(chr($pad), $pad); } ?> On the decryption, the choosing of AES_256 or AES_128, etc. is based on the keysize used in the crypting. In my case it was a 128bit key so I used AES_128.

  • Inez R. Ellison より:

    This might be useful: <?php include $_SERVER[‘DOCUMENT_ROOT’].”/lib/sample.lib.php”; ?> So you can move script anywhere in web-project tree without changes.

  • Michel Powers より:

    So php-ole can’t decrypt oox document exactly. But you can decrypt document to use php mcrypt extension and computed secret key. Please refer to php sample code if you want to more details.

  • Fidel Vaughn より:

    I forgot to add the sample usage for encrypting and decrypting cookies: Set encrypted cookie: <?php $time = time() 60*60*24*30*12; //store cookie for one year setcookie(‘cookie_name’, encryptCookie(‘cookie_value’),$time,’/’); ?> Get encrypted cookie value: <?php $cookie_value = decryptCookie($_COOKIE[‘cookie_name’]); ?> hope it helps.

Leave a Reply

Spam protection by WP Captcha-Free

RSS
Add to Google
2013年2月
« 11月    
 12
3456789
10111213141516
17181920212223
2425262728