How to Break a Password to Open Word XP-2007-2016. Four Case Studies
“I forgot the password to one of my Word files. It must be Word 2010 or 2013 - it's a docx file. Any chance to decrypt it without searching the password, as described in your article about unlocking Word files?”
Indeed, there are at least three ways to unlock Word 97-2003 files without a password.
Starting with Microsoft Office 2007 a 128-bit encryption key began to be used instead of a short key (actually it began with Office XP even, but back then it was not popular due to incompatibility of formats). And a 256-bit key came along with Word 2013.
That's when the bubble burst. And it became impossible to find a key of this length within a conceivable period of time (read below to see why).
It won't work to unlock Word 2007-2016 files without password. You'll have to search the password. And to find the right one you need to use a brute force attack.
But that's not all the bad (or good?) news we have. As the key became longer, encryption algorithms were deliberately slowed down. With every new version of Microsoft Office, password recovery speed drops by about 50%.
That is why if you have lost a password, it will make a difference which version of Word the file belongs to – Word 2010 or 2013 file. The speed of password search (no matter on CPU or graphics cards) will differ almost twofold.
Therefore, to choose a REALLY HELPFUL PROGRAM to recover passwords with, you should consider criteria:
- Highest possible speed of search
- NVIDIA/AMD video cards support – GPU acceleration boosts the search
- Range customization option – extended mask and customizable mutation of dictionaries allows to cut on unnecessary checks and reduce search time
High speed, GPU acceleration on AMD/NVIDIA graphics cards and advanced range customization options – you will find all that in Accent OFFICE Password Recovery. It's actually quite easy to recover passwords with this program.
The four case studies below will prove that.
- Case 1. We know that the password is a modified word
- Case 2. We know the password structure
- Case 3. We know the characters of the password
- Case 4. We know nothing about the password.
- Chances of success
How to break Word password if you know it is a word
Suppose you lost a password to a Word document. What you know is that the password is a word, some letters of which have been replaced with special characters, and there is a digit at the end.
Let's go and recover it!
1. Start AccentOPR and open Rules editor. That's where you set mutation rules for the dictionary, used in the password search, that is rules of symbol replacement, adding numbers, etc.:
2. Create your own rules and save them in a separate file. You can customize mutation of characters (in this case: S→$, s→$, Z→2, z→2 – .sS$.ss$.sZ2.sz2) and simultaneous use of two dictionaries (the second dictionary containing digits – $w$x):
3. Close the «Rules Editor» and start password search. Open your password-protected file:
4. See information about the file protection and go on to select a password attack:
Remember: if a Word document is encrypted with a short 40-bit key, you can decrypt it without the password at AccessBack.com.
5. Choose «Dictionary based» and click next:
6. Choose the rules file that you have created earlier at the second step (1), then select the main dictionary (2) and a dictionary with numbers (3). Start the search by clicking «Finish»:
7. AccentOPR will process passwords from the dictionary, modifying them according to the pre-set rules and successively testing each word. Once the password has found, the program will display it as a link. Click on the password to copy it to clipboard: you will only need to paste it in the password field:
AccentOPR allows simultaneous use of up to four dictionaries and enables basic mutations without creating custom rules. Customized rules enable a user to implement more accurate mutations and eliminate unnecessary checks. This way Accent OFFICE Password Recovery saves your time while cracking Word/Excel/PowerPoint passwords.
How to break Word password if you know its structure
Suppose you lost a password to a Word document. We know the password is a random set of characters; it starts with a capital letter followed by lowercase consonants and ends with a digit.
To recover that kind of password we are going to use extended mask.
1. Start AccentOPR, open your password-protected file, see information about the type of protection, proceed to the attack selection step, choose «Brute force with extended mask»:
2. Define your character set (in this case – consonants in the set ?0) – (1), set up the mask (?c*0?d, where ?c is a capitalized letter in the first position, ?d – a digit in the final position, and *0 denotes letters in between from the set ?0) – (2), then define the minimum and maximum length of generated passwords (3):
3. Start the search. The program will start generating passwords without running unnecessary checks as specified in the mask:
See more examples of using extended masks here.
How to break a Word password with some characters known
Suppose you lost a password to a Word document. All you know is a that your password includes a random sequence of characters from a limited range, that is: there are no ambiguous characters (Il1O0) and there may only be a part of special characters (/ * -).
Now let's crack it!
1. Start AccentOPR, open your password-protected file, see information about the type of protection, proceed to the attack selection step, choose «Brute force attack»:
2. Check all the checkboxes and last of all «User defined», edit the list of characters as you require (1), set the password length (2):
The program will display the number of combinations and estimated time needed to check the specified range at the nominal processing rate.
3. Run password breaking process and wait for the result.
How to break a Word password if you do not know anything about it
Suppose you lost a password to a Word document. You know nothing about the password, neither its structure nor possible composition. Nothing at all.
Yet even in that case you can try to recover it with AccentOPR.
1. Start AccentOPR, open your password-protected file, see information about the type of protection, proceed to the attack selection step:
2.1. Choose «Use attack scenario» and select one of the pre-set scenarios, and then start the search:
When you don't know anything about the password, it is a good idea to start searching based on a ready-made scenario.
2.2. Select «Dictionary based» and run the attack based on all available online dictionaries with the most widely used passwords (see example here):
2.3. Select «Brute force» and run an exhaustive search. This is an option with the least chance to success. If you include all printed characters into the range and limit the length of generated passwords, then the search might be literally endless.
That is how much it takes to break through strong protection.
Chances of success
There is no way you can decrypt Word 2007-2016 without searching the password. You could only crack it with a brute force attack. When it comes to somebody else's password with an unknown structure, your chances are poor. However, if it is your own password, the chances are quite high.
If you have a powerful tool that enables to customize the range, runs at high speed and accelerates on AMD/NVIDIA graphics cards, then cracking passwords to open a Word file within a reasonable time becomes quite a feasible task.
Go ahead and try it!