Altering XML to Unlock Word 2007 Document

Posted on November 26, 2007 4:16 PM

During an information security audit I was working with a file from a regulating entity containing audit procedures.  The file had several  tables with form fields and was protected.

The "form fill" restriction was too limiting as I worked to record audit information in the document.  The longer I worked the more frustrated I became.  It would have been much more useful if I could “unprotect” the file.  I had heard others talking about scripts that could be used to discover the password, but I didn’t have access to any password discovery applications.  

I did remember that Word 2007 was using xml as the source code to format it’s documents.  It made me wonder if there would be anything in the xml code that could be used to unprotect the file.  I made a copy of the file, saved it as xml, and then opened it with WordPad to view the xml code.  I searched until I found something about document protection.  Here is what I found within the documentProtection command.
<w:documentProtection w:edit="forms" w:enforcement="1" w:cryptProviderType="rsaFull" w:cryptAlgorithmClass="hash" w:cryptAlgorithmType="typeAny" w:cryptAlgorithmSid="4" w:cryptSpinCount="50000" w:hash="D+Y7lSKVquz/6NisDVadZtFS31g=" w:salt="J6dnbwcKHV7Gn4bMQjXoUA=="/>
In the w:enforcement field I changed the "1" to "0".  I saved the document.  Then I opened my altered copy in Word and the document was intact, with proper formatting, but now it was unlocked.

Related Posts


Comment by AJ

September 14, 2009 9:08 AM

Works like a charm for word 2007 where everything else failed!

Comment by Zouhair

May 13, 2011 7:21 AM

This is the best way to unlock a protected word document! Thanks for sharing.

Comment by GSD

December 5, 2012 9:22 PM

Thanks!! you are a life-saver!

Comment by EA

January 8, 2013 5:37 AM

You Guru!

Very many thanks.

Comment by EM

February 25, 2013 8:09 AM

Thank you so much! My IT department laughed when I told them I had forgotten a password.They said it was impossible to unlock the file without it. I've just proved them wrong in seconds Smile

Comment by AH

March 27, 2013 10:10 PM

That is the best tip i have found on the internet EVER! you are a God!
Thankyou so much you have saved me days and days and days(:

Comment by Todd S.

February 19, 2014 4:26 PM

You can also rename the extension from docx to zip. Opened up the zip file and deleted the setting.xml file that holds the password to unlock the protected document. Then rename the extension back to doc or docx.

Comment by Manny

September 21, 2014 7:17 AM

I have digged into a number of codes intended to remove forgotten passwords, however I found none that would be capable of removing the file-level password. Is there any of such codes available? Do they at least exist? On the web there are services, e.g. "", that claim they can instantly remove the passwords, plus there's a whole lot of password recovery software, but I'd really appreciate if there were a free solution, probably an add-in? I'm starting to think that if there's no other option I'll end up paying to that service as I desperately need to open that document of mine.

Add Comment

[b][/b] - [i][/i] - [u][/u]- [quote][/quote]