Integrate decrypt from msoffcrypto-tools #403
Conversation
Some kind of write protection is an encryption with a fixed password. Try decrypting such files.
oletools will happily install without these, so this is mainly informative.
Code is almost functionally identical. Only difference is that iteration of xglob is saved in a tuple to determine beforehand whether there is only one single file or several. This allows choosing the output if handling a single file with unspecified output mode and thus greatly simplifies handling of vba_parser
I had assumed that even in an encrypted file the "PowerPoint Document" stream has to exist. But it does not (file could be embedded in other file)
ppt is not (yet) support by msoffcrypto
These are encrypted with the standard password hard-coded into excel to implement a form of write protection
These 4 files contain dde-links to calc.exe and are encrypted with excel's standard password.
Output "DDE Links:" makes another "DDE-Link " prefix unnecessary and parsing of output harder.
(making pylint happier, part 1)
making pylint happy, part 2
making pylint happier, part 3
making pylint happier, part 4
making pylint happier, part 5 (final for now)
| @@ -316,6 +317,10 @@ def main(): | |||
| "easygui", | |||
| 'colorclass', | |||
| ], | |||
| extras_require = { | |||
There was a problem hiding this comment.
Christian, is there a specific reason to put it as an optional dependency? I think it would be simpler to make it mandatory, to avoid several checks, specific exceptions, etc. What do you think?
There was a problem hiding this comment.
msoffcrypto-tools depends on cryptography and others, so it would introduce a rather long tail of other dependencies. But if you do not mind we can make it a hard dependency. That would simplify the code a bit and leave fewer scenarios for testing.
|
@christian-intra2net, I get a PermissionError when I run olevba on the DDE test files, such as dde-test-encrypt-standardpassword.xls, whereas it works fine on the files with macros. |
|
@christian-intra2net, there seems to be another small bug when running msodde on other encrypted test files such as encrypted.docm without the -p option: |
|
Oh crap, I missed the last three mentions here. Sorry. Replying now to each |
Interesting. Probably some problem with the temp file creation. What system are you testing on? |
I will check this out next week |
Integrate decryption of files using library msoffrypto-tools by nolze. Related to issue #329
Main achievements:
Create a wrapper crypto.py around all calls to msoffcrypto, so can make it an optional dependency. If msoffcrypto is not installed, calls will just raise an exception (roughly same behavior as befor this PR).
Integrated decryption into olevba.py and msodde.py . Create lengthy description in crypto.py how to integrate with other scripts.
Create a few unittests with samples for excel which as a built-in default password used to achieve some kind of "write-protection".
Side-effect:
Changed the default behaviour of olevba, msodde and record_base with respect to encryption. It used to be: "check for encryption; if you find any, then raise an exception". Now it is "try to work on this file as if it were not encrypted. If that fails try decrypting (and if that fails raise error)". This means that lots of helper-code and data-analysis-code runs on more "garbage" data (=undecrypted input) and will less easily raise errors for that.