Description: I have edited a .xls file (initialy created with Excel) with LibreOffice 5.3 (Installed on my computer a few days ago. This .xls file has been protected with a password). I have edited/opened the file once and closed it after a few modifications. Now it is mpossible to open it a second time as the pop-up window indicates in French "Password is incorrect. Impossible to open the file". For sure, I have not changed the password when saved the previous time. I am in big trouble because I cannot open/edit anymore my .xls file. What is the solution to open it again? Thanks in advance for your help. Steps to Reproduce: 1.Open an Excel spreadsheet 2.Gets window = ''This document contains macros. Macro execution is desactivated. ... sommes fonctionalities not available'' 3.After the file is updated, I have saved it in Excel 97-2003 format (not in .odf Actual Results: "Password is incorrect. Impossible to open the file" Expected Results: How can I open the file wich is important for me? Reproducible: Always User Profile Reset: No Additional Info: It points out that some functionnalities won't be available but nothing about the password which makes the access impossible for ever for current users such I. Is someone going to help me? I am not used to communicate through this type of web site. Thanks in advance for your help. User-Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
Does it ask the password upon file open? Or is only a sheet protected? In any case, you have to use a password cracking tool, but we just need to find out which one. In the future, never replace a file in the way you did, but save it under another name.
Created attachment 138221 [details] Snapshot of the requested password to open file
Comment on attachment 138221 [details] Snapshot of the requested password to open file Hello, Thanks very much for your help. Question : Does it ask the password upon file open? Answer : Yes, it asks the password upon file open. Please see attached file Yes, next time I know I should save the file under another name. I thought it was possible to open, edit, save .xls or .xlsx with any software (Office or LibreOffice). For information, initial Excel password was a rather simple password built with 4 numbers (1 through 9). Now I have no idea how many digits and which type of caracters are in the new password assigned by CALC. I have already had the file scanned by the tool : Advanced Office 97 Password Recovery. Although I set this tool o scan all types of caracteres from 1 up to 5 digits, it failed to find out the password. I look forward to hearing from you. Francis HERBERT
What about the original .xls file, you don't have it anymore? Anyway, we would require the original file + original password to confirm the bug.
Created attachment 138254 [details] Similar file - No issue
Created attachment 138255 [details] File with bug - Password not found
Please find 2 files attached : - The first one (CA2016 OK.xls) with password (6061)which is correct - The second one (CA2017 with bug.xls)wich is corrupted (Same initial password 6061) Both files are similar, one for year 2016 and one for year 2017 With the first one and after having done a copy (as recommended by you), I can reproduce the bug. Steps : I open the file with CALC, type the password, may do any change in the file, save the file. Then when I try to open it again with either CALC or EXCEL, I get the error "Password is incorrect. Impossible to open the file" I have no correct copy of the second one. It is impossible to open it with either software. I get the same error message.
Thanks for the sample, Francis! Reproduced using 6.0beta1 & 5.3.0.3 / Windows 7. Assuming the bug isn't OS dependent, unless claimed otherwise. Also, it only occurs if you save the file, not when you do Save As. The import of encryption was added with the commit referenced below. Caolán, could you please check what is going wrong here? https://cgit.freedesktop.org/libreoffice/core/commit/?id=1473ce030314027c01c98f513407ed0897328585 author Caolán McNamara <caolanm@redhat.com> 2016-10-20 16:07:11 +0100 committer Caolán McNamara <caolanm@redhat.com> 2016-10-21 11:16:11 +0100 implement CryptoAPI RC4+SHA1 encryption scheme for xls import
Created attachment 138257 [details] Sample XLS created in Excel (password: 1234) Apparently it's easy to reproduce, here's a minimal sample created in Excel 2013, password is 1234, simply open, save and try to reopen.
You are right, it works great when saving the file with "Save as". I am able to open it again. What about the file which is corrupted (CA2017)? I really would like to open it again. Do you have a way to recover it? Thanks very much to you guys. I really appreciate your help. Francis
(In reply to francis-marylene from comment #10) > What about the file which is corrupted (CA2017)? I really would like to open > it again. Do you have a way to recover it? YOu may try search for "decrypt XLS RC4". If you don't have commercial pass recovery tool, there are some free.
We can't be sure the problem is just that the code uses a different password for saving, it might produce bogus output.
Created attachment 138338 [details] File with bug - recovered (In reply to francis-marylene from comment #10) > What about the file which is corrupted (CA2017)? I really would like to open > it again. Do you have a way to recover it? I have good news for you, the file is recoverable, I'm attaching it, it's unencrypted now. When the user simply saves the file, it saves as an unencrypted file, but sets encryption mode for it, thus it fails decryption. I could open the bad file by setting a breakpoint at the following line, and skipping to the end of the function: rStrm.SetDecrypter( xDecr ); https://opengrok.libreoffice.org/xref/core/sc/source/filter/excel/xicontent.cxx#1247 Then the file could be saved, and is saved unencrypted. The bug only affects files having this newer encryption (>= MS Office 2013), when they are saved (via save as, since that works), the scheme reverts to the older one, opening and saving those files keeps the format and encryption.
This also means the file actually becomes corrupted, it's not just a changed password.
Thanks very much Aron and other guys in providing me so much information and the way I should save. Thanks a ot for having recovered the corrupted file. You are really a great community. Best Regards Francis
seeing as msword/excel has two ways to encrypt we should probably generate the keydata for *both* ways when we decrypt before we throw away the password so when we do save (as the old way) we have the correct format data on hand
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=2372003d94d3c58d90f6af524e916a2aa761cee2 Resolves: tdf#114221 generate both std97 and cryptoapi keys from password.. It will be available in 6.1.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
That should do it. Backport to 6-0 in gerrit
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-6-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=b5914ba44f2fff9f282b6a5cbe21cbebf19e45b2&h=libreoffice-6-0 Resolves: tdf#114221 generate both std97 and cryptoapi keys from password.. It will be available in 6.0.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-5-4": http://cgit.freedesktop.org/libreoffice/core/commit/?id=82e74f704ce4fe3ffe7ab74c14fe83d2d44dd088&h=libreoffice-5-4 Resolves: tdf#114221 generate both std97 and cryptoapi keys from password.. It will be available in 5.4.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
*** Bug 108781 has been marked as a duplicate of this bug. ***