One byte cracking Word document read-only Password

In the past few days, due to the use of the word document read-only encryption for jobs, I suddenly wanted to see that this encryption is not safe, and then I started.

Find two identical Word documents, read-only encryption, and open them with UltraEdit (a hexadecimal editing software). Observe the structure carefully. It is found that the a00H address is the Word header information, and the address a00H is the Word file content, and the Encrypted and unencrypted file content is the same, it indicates that the read-only encryption of Word does not encrypt the file content. There is only one tag somewhere in the Word document to tell the Word application that the document is read-only encrypted, while the encrypted password is in another place.

Find the address marked with 20 CH. You only need to change the corresponding content 5E to 52 (see the figure). Then you can open this word document and the annoying password change box will not pop up.

500) this. width = 500 "align = baseline border = 0>

Don't trust your own eyes. The Word read-only encryption method is so fragile! Of course, the read-only password of a Word document is stored in the content between H and a00H through simple transformations. If you are interested, you can find its algorithm, later, you can easily get the read-only password ^_^ (in fact, a software called passware can implement this function very early ).

Note that my Word version is 2003, but it should be the same for other versions.