How to crack the VBA password on an Excel Project

by gaetano
0 comment

In every company there is someone that creates Excel files with VBA macros and that wants to protect his work. There is no documentation and none knows the password. What we can do? We can crack the password!

On the web we can find a lot of software for free which do that but they have limitations and you have to pay to crack longer passwords, but we can crack a VBA password editing the file using an hex editor. This method can be applied to an Excel 2003 (xls) file, so, if you have an Excel 2007 (xlsm) file you can simply save it in the previous format.
Excel 2003 manage the VBA password simply comparing strings, so one method is simply to swap out the password entry in the file using a hex editor (In the following example I used HxD – Freeware Hex Editor and Disk Editor).

  1. Backup you file making a copy
  2. Create a new simple Excel file
  3. In the VBA part (ALT + F11), set a simple password (for example 123).
    Set Password - Excel VBAVBA Excel - set passwordExcel VBA Password

  4. Save the file and exit
  5. Open the file you just created with the hex editor.
  6. Copy the lines starting with the following keys:
    VBA Password Crack - Hexadecimal Editor

  7. Open the file you want to crack with your hex editor and paste the above copied lines from the dummy file
  8. Save the excel file and exit
  9. Now, open the excel file you need to see the VBA code in. The password for the VBA code will simply be 123.

The described method worked well for me a lot of time, but, if you try to paste the wrong number of bytes into the file, you will lose your VBA project when you try to open the file with Excel. Unfortunately there are instances (I haven’t figured out the cause yet) where the total length of the “CMG=……..GC=….” entry in the file is different from one excel file to the next. In some cases, this entry will be 137 bytes, and in others it will be 143 bytes. The 137 byte length is the odd one, and if this happens when you create your file with the ‘123’ password, just create another file, and it should jump to the 143 byte length.


You may also like

Leave a Comment