In this blog post, we'll explore a PowerShell script designed to determine the password protection status of an Excel file by examining its file signature.
Signatures
The script checks file to search for the ZIP file signature (0x504b0304) and a common signature for password-protected files (0xd0cf11e0).
Source code
param (
[string]$ExcelFile
)
Function CheckExcelIsProtected ($FILE)
{
$SIG_NON_PROTECTED = [Byte[]] (0x50,0x4b,0x03,0x04)
$SIG_PROTECTED = [Byte[]] (0xd0,0xcf,0x11,0xe0)
$BYTES = get-content $FILE -encoding byte -total 4
if (($SIG_PROTECTED[0] -eq $BYTES[0]) -and ($SIG_PROTECTED[1] -eq $BYTES[1]) -and ($SIG_PROTECTED[2] -eq $BYTES[2]) -and ($SIG_PROTECTED[3] -eq $BYTES[3]))
{
return $True
}
if (($SIG_NON_PROTECTED[0] -eq $BYTES[0]) -and ($SIG_NON_PROTECTED[1] -eq $BYTES[1]) -and ($SIG_NON_PROTECTED[2] -eq $BYTES[2]) -and ($SIG_NON_PROTECTED[3] -eq $BYTES[3]))
{
return $False
}
return $Null
}
if (-not $ExcelFile) {
Write-Host "Please provide the path to the Excel file using -ExcelFilePath parameter."
Exit
}
$RESULT = CheckExcelIsProtected ($ExcelFile)
if ($RESULT -eq $True) {
Write-Host "The excel file is likely to be protected"
Exit
}
If ($RESULT -eq $False)
{
Write-Host "The excel file seems NOT to be protected"
Exit
}
Write-Host "Could not determine password protection status"Sample executions
Sample executions with each of the possible results:
PS D:\Temp> .\Check-ExcelPasswordProtection.ps1 -ExcelFile NOTprotected.xlsx
The excel file seems NOT to be protected
PS D:\Temp> .\Check-ExcelPasswordProtection.ps1 -ExcelFile protected.xlsx
The excel file is likely to be protected
PS D:\Temp> .\Check-ExcelPasswordProtection.ps1 -ExcelFile textfile.txt
Could not determine password protection statusConclusion
This PowerShell script provides a simple and effective way to check whether an Excel file is password-protected by examining its file signature.
Keep in mind that file signature checks have limitations, and additional validation may be necessary based on specific file characteristics.
