ooxml_decrypt 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 84f71ccf2d737f1b14169099dfaae2d12bbc2ab527a97c44b84670d682b598be
+  data.tar.gz: 5ed8efac3dffe9e9b2863443c5cf8a2fdb0a58c27f3e1f0156eeab9305bb3f42
+SHA512:
+  metadata.gz: 30fe6f7b9acbbaf6237cc34dd4d54730c88a695834f08196a8bcc0f15217c018a5efee7cf596efe2071dc0cd06957dc9262b32e0560e0fe1151800648aeb34d5
+  data.tar.gz: a9a54b23a57528592bd41cdcdee322787cf0d45b0a4fbcf46fd8986cc9adda371f3688d8fbc8b52715fb662af695c02d28b806b9efc3c1b357fe960b5d138ff1

data/.gitignore

@@ -0,0 +1,35 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalisation:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+Gemfile.lock
+.ruby-version
+.ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc

data/Gemfile

@@ -0,0 +1,4 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in ooxml_decrypt.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,202 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+

data/README.md

@@ -0,0 +1,25 @@
+# ooxml_decrypt [![Build Status](https://travis-ci.org/woodbusy/ooxml_decrypt.svg?branch=master)](https://travis-ci.org/woodbusy/ooxml_decrypt)
+
+A Ruby library and script for decrypting password-protected Microsoft Office XML files (.docx, .xlsx, etc.), which use the OOXML format. There are many tools available for working with OOXML files without Office, but a password-protected document typically requires an Office installation to decrypt. This pure-Ruby, standalone library and script can decrypt Office files without an Office installation.
+
+At present, this only supports documents encrypted (i.e. password-protected) by Office 2010 or later. Office 2007 also uses XML, but the encryption settings are a bit different.
+
+
+## Contributing
+
+Pull requests welcome! Once you've forked and cloned the project, you can `bundle install` to take care of the dependencies; after that, you're ready to code.
+
+You can also create issues for any bugs or feature requests, but they may take longer to get done, of course.
+
+
+## TODO
+
+- Support for Office 2007 documents
+- Do verification (i.e. detect when password is incorrect)
+
+
+## References
+
+- Microsoft [MS-OFFCRYPTO](https://msdn.microsoft.com/en-us/library/office/cc313071)
+- http://www.lyquidity.com/devblog/?p=35
+- http://www.lyquidity.com/devblog/?p=85

data/bin/decrypt_ooxml.rb

@@ -0,0 +1,69 @@
+$LOAD_PATH.unshift(File.expand_path(File.dirname(__FILE__) + "/../lib"))
+
+require "ooxml_decrypt"
+require "optparse"
+
+def program_name
+  File.basename(File.expand_path(__FILE__))
+end
+
+def parse_args(args=ARGV)
+  options = {}
+
+  @optparser = OptionParser.new(args) do |opts|
+    opts.banner = "Usage: #{program_name} [options]"
+
+    opts.on("-e", "--source <path>", "Path to encrypted file") do |filename|
+      options[:enc_filename] = filename
+    end
+
+    opts.on("-d", "--destination <path>", "Path to write decrypted file (if omitted, will append '.decrypted' to source filename") do |filename|
+      options[:dec_filename] = filename
+    end
+
+    opts.on("-p", "--password <password>", "Password to decrypt file (if omitted, will prompt)") do |password|
+      options[:password] = password
+    end
+  end
+
+  begin @optparser.parse! args
+  rescue OptionParser::InvalidOption => e
+    puts e
+    puts optparser
+    exit(1)
+  end
+
+  return options
+end
+
+def puts_usage
+  puts @optparser
+end
+
+
+
+
+options = parse_args()
+unless options[:enc_filename]
+  warn "Source (encrypted) filename is required"
+  puts_usage
+  exit(1)
+end
+
+unless options[:password]
+  require "io/console"
+  print "Password: "
+  options[:password] = STDIN.noecho(&:gets).chomp
+end
+
+unless options[:dec_filename]
+  options[:dec_filename] = options[:enc_filename] + ".decrypted"
+end
+
+# Ensure password is a binary representation of a UTF-16LE string
+# e.g. 'password' should be represented as "p\0\a\s\0[...]"
+password = options[:password].encode("utf-16le")
+                             .bytes.pack("c*")
+                             .encode("binary")
+
+OoxmlDecrypt::EncryptedFile.decrypt_to_file( options[:enc_filename], password, options[:dec_filename] )

data/lib/ooxml_decrypt.rb

@@ -0,0 +1,3 @@
+require "ooxml_decrypt/key_data"
+require "ooxml_decrypt/encrypted_key"
+require "ooxml_decrypt/encrypted_file"

data/lib/ooxml_decrypt/encrypted_file.rb

@@ -0,0 +1,88 @@
+require "ole/storage"
+require "nokogiri"
+
+module OoxmlDecrypt
+  class EncryptedFile
+    # @param [String] filename Path to the encrypted OOXML file
+    def initialize(filename)
+      @ole = Ole::Storage.open(filename)
+      unless @ole.dir.entries(".").include?("EncryptionInfo") and
+          @ole.dir.entries(".").include?("EncryptedPackage")
+        raise "File does not appear to be an encrypted Office document"
+      end
+    end
+
+    # The EncryptionInfo section of the file, as an XML doc
+    # @return [Nokogiri::XML::Document]
+    def encryption_info
+      if @ei_xml.nil?
+        ei_text = @ole.file.read("EncryptionInfo")
+        v_major, v_minor, flags = ei_text[0,8].unpack("vvV")
+        unless v_major == 4 && v_minor == 4
+          raise "Unsupported encryption version"
+        end
+        unless flags == 0x40
+          raise "Unsupported encryption algorithm"
+        end
+
+        @ei_xml = Nokogiri::XML( ei_text[8..-1] )
+      end
+
+      return @ei_xml
+    end
+    private :encryption_info
+
+    def key_data
+      if @key_data.nil?
+        @key_data = KeyData.from_xml(encryption_info)
+      end
+
+      return @key_data
+    end
+    private :key_data
+
+    def encrypted_key
+      if @encrypted_key.nil?
+        @encrypted_key =  EncryptedKey.from_xml(encryption_info)
+      end
+
+      return @encrypted_key
+    end
+    private :encrypted_key
+
+    def encrypted_package
+     @ole.file.read("EncryptedPackage")
+    end
+    private :encrypted_package
+
+    # Decrypts this encrypted file using the given password
+    # @param [String] password Password as a UTF-16-formatted binary string
+    #   (e.g. the password 'password' should be passed as "p\0a\0s\0s\0w\0r\0d\0")
+    # @return [String] The decrypted file
+    def decrypt(password)
+      decryption_key = encrypted_key.key(password)
+      return key_data.decrypt_encrypted_package_stream( encrypted_package, decryption_key )
+    end
+
+    # Decrypts the given file using the given password
+    # @param [String] filename Path to the encrypted OOXML file
+    # @param [String] password Password as a UTF-16-formatted binary string
+    #   (e.g. the password 'password' should be passed as "p\0a\0s\0s\0w\0r\0d\0")
+    def self.decrypt(filename, password)
+      encrypted_file = EncryptedFile.new(filename)
+      return encrypted_file.decrypt(password)
+    end
+
+    # Decrypts the given file using the given password and writes the result to
+    # a second file
+    # @param [String] enc_filename Path to the encrypted OOXML file
+    # @param [String] password Password as a UTF-16-formatted binary string
+    #   (e.g. the password 'password' should be passed as "p\0a\0s\0s\0w\0r\0d\0")
+    # @param [String] dec_filename Path to the decrypted output file. If a file
+    #   exists at this path, it will be overwritten.
+    def self.decrypt_to_file(enc_filename, password, dec_filename)
+      plaintext = decrypt(enc_filename, password)
+      File.open(dec_filename, "wb") {|file| file.write(plaintext)}
+    end
+  end
+end

data/lib/ooxml_decrypt/encrypted_key.rb

@@ -0,0 +1,53 @@
+require "ooxml_decrypt/key_info_base"
+
+module OoxmlDecrypt
+  class EncryptedKey < KeyInfoBase
+    # Integrity-verification constants (not currently used)
+    ENCRYPTED_VERIFIER_HASH_INPUT_BLOCK_KEY = "FEA7D2763B4B9E79".unhexify
+    ENCRYPTED_VERIFIER_HASH_VALUE_BLOCK_KEY = "D7AA0F6D3061344E".unhexify
+    # Static key used in decrypting the key-encryption key
+    ENCRYPTED_KEY_VALUE_BLOCK_KEY = "146E0BE7ABACD0D6".unhexify
+
+    def initialize(opts)
+      @spin_count = opts.delete(:spin_count)
+      @encrypted_key = opts.delete(:encrypted_key)
+      super(opts)
+    end
+
+    # Extracts key-encryption-key data parameters from the given XML document
+    # and populates a new EncryptedKey object.
+    # @param [Nokogiri::XML::Document] xml_doc The EncryptionInfo section of
+    #   the encrypted OOXML document
+    def self.from_xml(xml_doc)
+      ke_node = xml_doc.at_css("keyEncryptor")
+      raise "Expected only one child for keyEncryptor" unless ke_node.children.count == 1
+
+      ek_node = ke_node.child
+      opts = KeyInfoBase.opts_from_xml_node(ek_node)
+      opts[:spin_count] = ek_node["spinCount"].to_i
+      opts[:encrypted_key] = ek_node["encryptedKeyValue"].base64_decode
+
+      return self.new(opts)
+    end
+
+    def key_encryption_key( password )
+      temp = hash( @salt + password )
+      @spin_count.times do |itr|
+        temp = hash( [itr].pack("V") + temp )
+      end
+
+      temp = hash(temp + ENCRYPTED_KEY_VALUE_BLOCK_KEY)
+      temp.pad_or_trim!( @key_bits/8 )
+    end
+    private :key_encryption_key
+
+    # Decrypts the key-encryption key using the given password
+    # @param [String] password Password as a UTF-16-formatted binary string
+    #   (e.g. the password 'password' should be passed as "p\0a\0s\0s\0w\0r\0d\0")
+    # @return [String] The key-encryption key
+    def key(password)
+      decrypt(@encrypted_key, key_encryption_key(password))
+    end
+  end
+end
+

data/lib/ooxml_decrypt/key_data.rb

@@ -0,0 +1,46 @@
+require "ooxml_decrypt/key_info_base"
+
+module OoxmlDecrypt
+  class KeyData < KeyInfoBase
+    # Integrity-verification constants (not currently used)
+    ENCRYPTED_DATA_INTEGRITY_SALT_BLOCK_KEY = "5FB2AD010CB9E1F6".unhexify
+    ENCRYPTED_DATA_INTEGRITY_HMAC_VALUE_BLOCK_KEY = "A0677F02B22C8433".unhexify
+
+    # Extracts key data parameters from the given XML document and populates a
+    # new KeyData object.
+    # @param [Nokogiri::XML::Document] xml_doc The EncryptionInfo section of
+    #   the encrypted document
+    def self.from_xml(xml_doc)
+      kd_node = xml_doc.at_css("keyData")
+      opts = KeyInfoBase.opts_from_xml_node(kd_node)
+
+      return self.new(opts)
+    end
+
+    # Decrypts the given encrypted package using the given key.
+    # @param [String] encrypted_package The EncryptedPackage section of the
+    #   encrypted document
+    # @param [String] key Decryption key
+    def decrypt_encrypted_package_stream(encrypted_package, key)
+      # Get the length of the real data in the cleartext (which may be shorter
+      # than the full decrypted ciphertext)
+      final_length = encrypted_package[0,8].unpack("Q<").first
+      # The rest of the encrypted package is the ciphertext
+      ciphertext = encrypted_package[8..-1]
+
+      chunk_size = 4096
+      ciphertext_chunks = (0..(ciphertext.length-1)/chunk_size).map{|i| ciphertext[i*chunk_size, chunk_size]}
+
+      plaintext = ""
+      ciphertext_chunks.each_with_index do |ciphertext_chunk, index|
+        iv = hash(@salt + [index].pack("V"))
+        iv.pad_or_trim!(@block_size)
+
+        plaintext += decrypt(ciphertext_chunk, key, iv)
+      end
+
+      return plaintext[0,final_length]
+    end
+  end
+end
+

data/lib/ooxml_decrypt/key_info_base.rb

@@ -0,0 +1,76 @@
+require "openssl"
+require "ooxml_decrypt/string_helpers"
+
+module OoxmlDecrypt
+  class KeyInfoBase
+    def initialize(opts)
+      @block_size = opts.delete(:block_size)
+      @hash_algorithm = opts.delete(:hash_algorithm)
+      @cipher_algorithm = opts.delete(:cipher_algorithm)
+      @key_bits = opts.delete(:key_bits)
+      @cipher_chaining = opts.delete(:cipher_chaining)
+      @salt = opts.delete(:salt)
+
+      raise "Unknown opts: #{opts.keys.join(',')}" if opts.any?
+    end
+
+    # Parses options that KeyInfoBase knows about from an XML node. (Helper
+    # function to be used by initializers in subclasses).
+    # @param [Nokogiri::XML::Node] xml_node
+    def self.opts_from_xml_node(xml_node)
+      opts = {
+        :block_size => xml_node["blockSize"].to_i,
+        :hash_algorithm => xml_node["hashAlgorithm"],
+        :cipher_algorithm => xml_node["cipherAlgorithm"],
+        :key_bits => xml_node["keyBits"].to_i,
+        :cipher_chaining => xml_node["cipherChaining"],
+        :salt => xml_node["saltValue"].base64_decode,
+      }
+    end
+
+    def hash(value)
+      case @hash_algorithm
+      when "SHA1"
+        Digest::SHA1.digest(value)
+      when "SHA512"
+        Digest::SHA512.digest(value)
+      else
+        raise "Unsupported hash algorithm: #{@hash_algorithm}"
+      end
+    end
+    protected :hash
+
+    def cipher(key, iv)
+      cipher_string = ""
+      case @cipher_algorithm
+      when "AES"
+        cipher_string += "aes"
+      else
+        raise "Unsupported cipher algorithm: #{@cipher_algorithm}"
+      end
+
+      cipher_string += "-#{@key_bits}"
+
+      case @cipher_chaining
+      when "ChainingModeCBC"
+        cipher_string += "-cbc"
+      else
+        raise "Unsupported chaining: #{@cipher_chaining}"
+      end
+
+      cipher = OpenSSL::Cipher.new(cipher_string)
+      cipher.key = key
+      cipher.iv = iv
+      cipher.padding = 0
+
+      return cipher
+    end
+    protected :cipher
+
+    def decrypt(ciphertext, key, iv=@salt)
+      cipher = cipher(key, iv)
+      return cipher.update(ciphertext) + cipher.final
+    end
+    protected :decrypt
+  end
+end

data/lib/ooxml_decrypt/string_helpers.rb

@@ -0,0 +1,40 @@
+module StringHelpers
+
+  # Convert a string to ASCII hex string
+  # (Adapted from the Ruby Black Bag [http://github.com/emonti/rbkb/])
+  def hexify()
+    out=Array.new
+    hexchars = [("0".."9").to_a, ("a".."f").to_a].flatten
+
+    self.each_byte do |c|
+      hc = (hexchars[(c >> 4)] + hexchars[(c & 0xf )])
+      out << (hc)
+    end
+    out.join("")
+  end
+
+  # Convert ASCII hex string to raw.
+  # (Adapted from the Ruby Black Bag [http://github.com/emonti/rbkb/])
+  # @param [Regex] d (Optional) 'delimiter' between hex bytes (zero+ spaces by default)
+  def unhexify(d=/\s*/)
+    self.strip.gsub(/([A-Fa-f0-9]{1,2})#{d}?/) { $1.hex.chr }
+  end
+
+  def base64_decode
+    return self.unpack("m").first
+  end
+
+  # Makes the string a given length by trimming excess bytes from the endi, or
+  # padding with the given padding byte.
+  # @param [Integer] final_length
+  # @pad_byte [String] pad_byte (Optional) A single-byte string (default is 0x36)
+  def pad_or_trim!( final_length, pad_byte="\x36" )
+    self.slice!(final_length..-1)
+    self << pad_byte * (final_length - self.length)
+    return self
+  end
+end
+
+class String
+  include StringHelpers
+end

data/ooxml_decrypt.gemspec

@@ -0,0 +1,20 @@
+Gem::Specification.new do |spec|
+  spec.name = 'ooxml_decrypt'
+  spec.version = '0.1.0'
+  spec.authors = %w[woodbusy phish]
+  spec.summary = 'Ruby library and script for decrypting password-protected ' \
+                 'Microsoft Office XML files (.docx, .xlsx, etc.)'
+  spec.homepage = 'https://github.com/woodbusy/ooxml_decrypt'
+  spec.license = 'Apache-2.0'
+
+  spec.files = `git ls-files -z`.split("\x0").reject { |s| s =~ %r{^pkg/} }
+  spec.files -= %w[.travis.yml] # Not needed in the gem
+  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'nokogiri'
+  spec.add_dependency 'ruby-ole'
+
+  spec.add_development_dependency 'rspec', '>= 2.11.0', '< 4.0'
+end

data/spec/crypto_spec.rb

@@ -0,0 +1,46 @@
+require "spec_helper"
+
+module OoxmlDecrypt
+  describe "When testing decryption" do
+    let(:encrypted_key) do
+      EncryptedKey.new( :spin_count => 100_000,
+                        :block_size => 16,
+                        :key_bits => 128,
+                        :cipher_algorithm => "AES",
+                        :cipher_chaining => "ChainingModeCBC",
+                        :hash_algorithm => "SHA1",
+                        :salt => "oksWUymFqdISO4t7krYTMQ==".base64_decode,
+                        :encrypted_key => "7fHCMYen4j6VmJtYiuoKdA==".base64_decode,
+                      )
+    end
+    let(:key_data) do
+      KeyData.new(  :block_size => 16,
+                    :key_bits => 128,
+                    :cipher_algorithm => "AES",
+                    :cipher_chaining => "ChainingModeCBC",
+                    :hash_algorithm => "SHA1",
+                    :salt => "O/HT8XgDoXnw+k9ts0Esxw==".base64_decode,
+                  )
+    end
+    let(:password) { "p\0a\0s\0s\0w\0o\0r\0d\0" }
+
+#    it "should generate a key-decryption key" do
+#      key_encryption_key = encrypted_key.key_encryption_key(password)
+#      expect( key_encryption_key.hexify ).to eql("1a1f6755f5a4f216023707fa3c986502")
+#    end
+
+    it "should decrypt a symmetric key" do
+      expect( encrypted_key.key(password).hexify ).to eql("c965e405bc4183399e038d3784d26f93")
+    end
+
+    it "should decrypt an entire encrypted package stream" do
+      encrypted_package = File.read("spec/examples/password.encrypted_package", :encoding => 'binary')
+      plaintext = key_data.decrypt_encrypted_package_stream( encrypted_package, encrypted_key.key(password) )
+      expect(plaintext[0,16].hexify).to eql("504b0304140006000800000021009745")
+      expect(plaintext[-16,16].hexify).to eql("0000090009003e020000731b00000000")
+
+      expected_plaintext = File.read("spec/examples/password.xlsx_decrypted", :encoding => "binary")
+      expect(plaintext.hexify).to eql(expected_plaintext.hexify)
+    end
+  end
+end

data/spec/encrypted_file_spec.rb

@@ -0,0 +1,17 @@
+require "spec_helper"
+
+module OoxmlDecrypt
+  describe EncryptedFile do
+    it "should decrypt an encrypted XLSX" do
+      password = "p\0a\0s\0s\0w\0o\0r\0d\0"
+      filename = "spec/examples/password.xlsx"
+      plaintext = EncryptedFile.decrypt(filename, password)
+
+      expect(plaintext[0,16].hexify).to eql("504b0304140006000800000021009745")
+      expect(plaintext[-16,16].hexify).to eql("0000090009003e020000731b00000000")
+
+      expected_plaintext = File.read("spec/examples/password.xlsx_decrypted", :encoding => "binary")
+      expect(plaintext.hexify).to eql(expected_plaintext.hexify)
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+require "ooxml_decrypt"
+require "ooxml_decrypt/string_helpers"

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: ooxml_decrypt
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- woodbusy
+- phish
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-05-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ruby-ole
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.11.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.11.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+description: 
+email: 
+executables:
+- decrypt_ooxml.rb
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- README.md
+- bin/decrypt_ooxml.rb
+- lib/ooxml_decrypt.rb
+- lib/ooxml_decrypt/encrypted_file.rb
+- lib/ooxml_decrypt/encrypted_key.rb
+- lib/ooxml_decrypt/key_data.rb
+- lib/ooxml_decrypt/key_info_base.rb
+- lib/ooxml_decrypt/string_helpers.rb
+- ooxml_decrypt.gemspec
+- spec/crypto_spec.rb
+- spec/encrypted_file_spec.rb
+- spec/examples/1qaz2wsx.xlsx
+- spec/examples/password.encrypted_package
+- spec/examples/password.encryption_info
+- spec/examples/password.xlsx
+- spec/examples/password.xlsx_decrypted
+- spec/spec_helper.rb
+homepage: https://github.com/woodbusy/ooxml_decrypt
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Ruby library and script for decrypting password-protected Microsoft Office
+  XML files (.docx, .xlsx, etc.)
+test_files:
+- spec/crypto_spec.rb
+- spec/encrypted_file_spec.rb
+- spec/examples/1qaz2wsx.xlsx
+- spec/examples/password.encrypted_package
+- spec/examples/password.encryption_info
+- spec/examples/password.xlsx
+- spec/examples/password.xlsx_decrypted
+- spec/spec_helper.rb