All geek questions in one place

Detection of password protected PPT and XLS documents

I found this answer https://stackoverflow.com/a/3609474/2128 which gave a good way to detect password protection for .doc and .xls files.

//Flagged with password
if (bytes.Skip(0x20c).Take(1).ToArray()[0] == 0x2f) return true; //XLS 2003
if (bytes.Skip(0x214).Take(1).ToArray()[0] == 0x2f) return true; //XLS 2005
if (bytes.Skip(0x20B).Take(1).ToArray()[0] == 0x13) return true; //DOC 2005

However, it does not cover all XLS files, and I am also looking for a way to detect PPT files in the same way. In any case, do you know what bytes to look for for these file types?

+4
source share
1 answer

I saved the PowerPoint presentation as .ppt and .pptx with and without the password required to open them, opened them in 7-Zip and came to the preliminary conclusion that

  • .pptx files without a password always use the standard .zip file format.
  • .ppt files CompoundDocuments
  • .pptx CompoundDocuments
  • CompoundDocuments * Encrypt *

, NuGet OpenMcdf. #, CompoundDocuments.

using OpenMcdf;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;

namespace _22916194
{
    //http://stackoverflow.com/questions/22916194/detecing-password-protected-ppt-and-xls-documents
    class Program
    {
        static void Main(string[] args)
        {
            foreach (var file in args.Where(File.Exists))
            {
                switch (Path.GetExtension(file))
                {
                    case ".ppt":
                    case ".pptx":
                        Console.WriteLine($"* {file} " +  (HasPassword(file) ? "is " : "isn't ") + "passworded");
                        Console.WriteLine();
                        break;

                    default:
                        Console.WriteLine($" * Unknown file type: {file}");
                        break;
                }
            }

            Console.ReadLine();

        }

        private static bool HasPassword(string file)
        {
            try
            {
                using (var compoundFile = new CompoundFile(file))
                {
                    var entryNames = new List<string>();
                    compoundFile.RootStorage.VisitEntries(e => entryNames.Add(e.Name), false);

                    //As far as I can see, only passworded files contain an entry with a name containing Encrypt
                    foreach (var entryName in entryNames)
                    {
                        if (entryName.Contains("Encrypt"))
                            return true;
                    }
                    compoundFile.Close();

                }
            }
            catch (CFFileFormatException) {
                //This is probably a .zip file (=unprotected .pptx)
                return false;
            }
            return false;
        }
    }
}

Office. , , CompoundDocument, , * Encrypt * ( .doc , , ).

0

Source: https://habr.com/ru/post/1535390/

More articles:


All Articles