Sometimes you just need the password

Libre (Open) Office Password Recovery

Open Document Format

Libre Office (Open Office) uses the Open Document Format (ODF) for saving files. Password protection can be added to these documents using the built in encryption option. Recovering ODF passwords is not a simple matter as the encryption algorithm used for Open Office documents is quite strong.

Recovery of the password can be attempted by retrieving the hash from the document and matching the hash against calculated hashes of known strings. This is a similar methodology to the more basic hashing used in other hashes such as MD5 & SHA1. Microsoft Office Document have a similar option to encrypt the document; password recovery is then a similar process (Word doc / Excel xls).

The same encryption is used for different types of Open Office document including Writer (odt), Calc (ods), Impress (odp) and Draw (odg). However, there may be a slight variation in the encryption process depending on the version of Libreoffice.

Using a known list of passwords we can calculate hashes and attempt to recovery the password. Try our Libre Office password recovery tool here, to attempt to crack the password of an encrypted document.

Benchmark Libre (Open) Office Password Cracking with Hashcat (RTX 3090)

Using CudaHashcat Password Tool or John the Ripper to crack the Open (or Libre) Office document password is the best bet. These tools can use high speed graphics processing chips to crack the hashes faster than your even the fastest of CPUs. Even using cutting edge GPUs these passwords are difficult to recover as the algorithm is one of the strongest used in when compared to other standard document or file encryption algorithms.

In this chart it is clear to see the version of Microsoft greatly affects the hash rate when attacking passwords generated for these documents.

Password Recovery of Libre Office (openoffice) Documents using John the Ripper

Using John the Ripper to find the password of an Office Document is a relatively straight forward process. It involves first extracting the hash using a script that is actually bundled with John the Ripper (jumbo community edition). Note that the John the Ripper version should be the Jumbo version to have the included scripts for extracting password hashes.

      test@ubuntu:~$ test-pass.odt 

To use the hash for the test-pass.odt we need to redirect it to a file so that john can read the hash from the file. See the steps below to extract the hash to a file and then run john against that file using the default cracking method.

        test@ubuntu:~$ test-pass.odt > test-pass.hash
        test@ubuntu:~$ john test-pass.hash 
        Using default input encoding: UTF-8
        Loaded 1 password hash (ODF, OpenDocument Star/Libre/OpenOffice [PBKDF2-SHA1 256/256 AVX2 8x BF/AES])
        Cost 1 (iteration count) is 100000 for all loaded hashes
        Cost 2 (crypto [0=Blowfish 1=AES]) is 1 for all loaded hashes
        Will run 4 OpenMP threads
        Proceeding with single, rules:Single
        Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status
        0g 0:00:01:26 86.57% 1/3 (ETA: 22:28:10) 0g/s 260.0p/s 260.0c/s 260.0C/s Tpass2009..Ttest-pass.odt2010
        Almost done: Processing the remaining buffered candidate passwords, if any.
        0g 0:00:01:42 DONE 1/3 (2022-03-01 22:28) 0g/s 259.6p/s 259.6c/s 259.6C/s Odtpass1901..Opass1900
        Proceeding with wordlist:john/run/password.lst
        Enabling duplicate candidate password suppressor
        0g 0:00:03:52 0.00% 2/3 (ETA: 2023-05-21 11:57) 0g/s 261.6p/s 261.6c/s 261.6C/s 03011987..starstruck
        0g 0:00:04:15 0.00% 2/3 (ETA: 2023-04-21 17:41) 0g/s 261.7p/s 261.7c/s 261.7C/s southampton..northwest
        Password12345    (test-pass.odt)     
        1g 0:00:07:18 DONE 2/3 (2022-03-01 22:33) 0.002279g/s 261.6p/s 261.6c/s 261.6C/s 031990..100805
        Use the "--show --format=ODF" options to display all of the cracked passwords reliably
        Session completed. 

We can see here that john discovered the password with the default password.lst used by JtR. Note that the password attempt rate was around 260 passwords per second. When we did a similar test on the old Microsoft Office Document we were hitting 330000 passwords per second.