-9

Someone gave me a bit of VBA code which is supposed to get rid of some password protection I put on an Excel document which I now cannot open. I wonder if anyone could confirm that this is what it does and not something unscrupulous (like hack all my passwords!)

The VBA code is;

Sub PasswordBreaker()
Dim i As Integer, i1 As Integer, i2 As Integer, i3 As Integer, _
  i4 As Integer, i5 As Integer, i6 As Integer, i7 As Integer, _
  i8 As Integer, i9 As Integer,  i10 As Integer, i11 As Integer, _
  unusedVar As VbMsgBoxResult, passLine As String

On Error Resume Next

For i = 65  To 66: For i1 = 65 To 66: For i2 = 65 To 66:
For i3 = 65 To 66: For i4 = 65 To 66: For i5 = 65 To 66:
For i6 = 65 To 66: For i7 = 65 To 66: For i8 = 65 To 66:
For i9 = 65 To 66: For i10 = 65 To 66: For i11 = 32 To 126:
passLine = Chr(i) & Chr(i1) & Chr(i2) & Chr(i3) & Chr(i4) & _
           Chr(i5) & Chr(i6) & Chr(i7) & Chr(i8) & Chr(i9) & _
           Chr(i10) & Chr(i11)

ActiveSheet.Unprotect passLine

If ActiveSheet.ProtectContents = False Then
  unusedVar = MsgBox("Password cracked at random string: " & _
                     passLine & vbCrLf & "|xxxxx[;;;;;;;;;>", _
                     vbOKOnly, "VBA Brute")
  Exit Sub
End If
Next: Next: Next: Next: Next: Next:
Next: Next: Next: Next: Next: Next:
End Sub

Thanks

EDIT-

More for anyone else interested than to get the 'too broad' question re-opened, I've spent the last day reading up on VBA code instructions and I think I've got somewhere with what this does.

The first bit just defines what type of variable all the i...i11 are going to be (Integers) and the variable 'passline' is going to be a text string.

The third bit creates the variable 'passline' out of characters somehow made up by using all the variables i...i11 (I suspect Chr and then a number represents a specific keyboard entry).

ActiveSheet.Unprotect passline obviously instructs Excel to unlock the active sheet using the variable 'passline'.

The next bit seems to be checking to see if the sheet has been unprotected and if it has, shows the message box with what seems to be the 'passline' variable, some text, an "OK" button and a title.

Then if the sheet has not been unprotected, all the 'Next' functions somehow make it try again, exiting only when it's done it.

The bits that I'm still unsure about are;

Why 'On Error Resume Next' - Why would it be an Error?

Why is the unusedVar defined as the message box result, surely that can only be a 1/0 type of variable since the message box result is just whether the "OK" button has been pressed? I don't get what this has to do an unused Variable. And how come the unused variable itself equals (=) a message box later on? Why isn't is just IF (the password has been cracked), THEN (show the message box)?

Finally, why 12 Nexts, does it really only take twelve attempts to crack the password (one per character?)?

Obviously these questions will probably remain unanswered now, but as this question comes up as the top result in Google for anyone searching this particular code, and most of the community here seems to be more interested in making snide remarks than actually helping, I thought I'd at least share what I've found out. I appreciate the one answer I did get, but I thought breaking the code down step by step might give others a bit more reassurance than just a summary of what it does.

Of course as this question was 'too broad' I doubt anyone will have been able to make to the end of such a massively protracted explanation.

Community
  • 1
  • 1
Isaacson
  • 107
  • 7
  • 3
    Maybe ask the "someone" to explain that, or do not use codes you do not understand... Eitherway I think this is off-topic for Stack Overflow, as there is no underlying programming problem to be solved. – bassfader Apr 26 '18 at 11:03
  • @bassfader The "someone" just got it from the Internet apparently. As for not using codes I don't understand; that would be fine if clients accepted paper documents. We live in a world of advanced computer technology, we don't all understand it, so we have to do the best we can. I would have thought finding some code that claims to do the job, and then asking some experts if it is safe would be an eminently acceptable procedure for solving the problem. Is there some other simpler solution I'm missing? – Isaacson Apr 26 '18 at 11:11
  • 1
    Let me get this straight. You were given some code from someone you know, but you are not sure whether you can trust them? And, you are going to rely on the assessment of people here, that you definitely don't know, to determine whether the code is good or not? – Peter Abolins Apr 26 '18 at 11:14
  • Logically, it has 12 nested loops, to create a _random_ passphrase, where all but the inner loop go from "A" to "B", and the inner loop goes from **space** to `chr(126)`. I fail to see how this does anything useful at all. – Peter Abolins Apr 26 '18 at 11:19
  • 1
    Do people here deliberately try to be snarky? No, I got a bit of code from a friend who found it on the internet, neither of us know what it does. I don't trust the Internet site he got it from. I don't necessarily trust any individual here, either, but I might well trust several people all saying the same thing,and no one saying the opposite (despite ample opportunity), an option I don't have with the site it originated from. – Isaacson Apr 26 '18 at 11:20
  • *"but I might well trust several people all saying the same thing,and no one saying the opposite"* So you generally trust in the majority? I generally won't! Some days ago the majority trusted in the earth being flat! There we see how safely the majority can fail. – Pᴇʜ Apr 26 '18 at 11:37
  • @Pᴇʜ Interesting comment on political philosophy, but this is just a couple of dozen lines of code and I just wanted to know what it does. Oddly, I hadn't prepared a full defense of my socio-political position on the matter. – Isaacson Apr 26 '18 at 11:57
  • @Isaacson I think the conclusion of all this odd comments is: You can never 100% trust code you don't understand yourself. So you might have asked the wrong question, namely *"is it safe"*. Because basically the only one who can really answer/decide this is *you*. So what you should have asked instead is which part/command of the code is it you don't understand. Eg *"What does `Chr(i2)` mean?"* Because this is something we can answer without getting into any philosophical debate about who you can trust. – Pᴇʜ Apr 26 '18 at 12:05
  • @Pᴇʜ But this is not a political manifesto or a speculative scientific theory. It's computer code. It does one thing and only that one thing and it does it entirely consistently and (mostly) predictably. I just don't know what that one thing is, anyone who understands VBA would know what that one thing is. It's nothing to do with opinion. It's like asking what 32x45 is. There's only one right answer, but those who aren't good at maths might have to ask those who are to find out what that answer is. – Isaacson Apr 26 '18 at 12:14
  • Well, the question *"What does it do?"* was answered at least 2 times now (comment and answers). And the question *"is it safe"* can be answered by yourself because you now know what it does (if you trust these answers). The decision if you trust us/whoever or if we lied just to see what happens if you run it still belongs to you. – Pᴇʜ Apr 26 '18 at 13:20
  • @Isaacson take a look at this [question](https://stackoverflow.com/q/12852095/8597922) which discusses exactly the same code as you have posted. – Victor K Apr 26 '18 at 13:26
  • @Pᴇʜ If the question "what does it do?" has been answered (twice) and the question "is it safe?" simply follows from that answer (what could be unsafe about removing a password), then what exactly was so wrong with the question? It was clearly a question that was straightforwardly answerable by one single correct answer. I fail to see how the fact that I then have to decide whether to 'trust' the answer makes this question different from any other. Are there other questions on this site worded in such a way as to make the trustworthiness of the answerer beyond reproach? – Isaacson Apr 26 '18 at 15:20
  • @VictorK Thanks, but I checked that question before posting, it doesn't discuss the exact same code, just one claiming to do the exact same thing. The two codes are actually different in many places and I'm not sure what those differences mean. – Isaacson Apr 26 '18 at 15:37

1 Answers1

1

yes, it's safe. all it does is to brute-force the password used for protecting the sheet/workbook. It both unlocks the sheet and then prints the password out for you (which will be something odd like AAABBAAAABBAA - but it will work).

The code itself does not do any harm to the pc or the user running it.

Bishonen_PL
  • 1,400
  • 4
  • 18
  • 31
  • I concur. I've used it many times – Skaterhaz Apr 26 '18 at 12:44
  • Thanks, I was waiting for any other answers before marking yours but that's not going to happen now. I note this code is a bit different to the others that I've since found claiming to do the same thing (as in the question linked to in comments above). Am I right in assuming that those differences are just two ways of coding the same thing, or are they more significant than that? – Isaacson Apr 26 '18 at 15:41