officecrypto-tool - npm Package Compare versions

Comparing version 0.0.6 to 0.0.7

package.json

 {
   "name": "officecrypto-tool",
-  "version": "0.0.6",
+  "version": "0.0.7",
   "description": "officeCrypto is a library for node.js that can be used to decrypt and encrypt excel files.",
@@ -5,0 +5,0 @@ "keywords": [

README.md

@@ -80,10 +80,12 @@ # officecrypto-tool
   * [x] MS-XLS (Excel 97, 98, 2000) (experimental)
+* [x] XOR Obfuscation
+  * [x] MS-XLS
+  * [] MS-DOC
 * [ ] ECMA-376 (Extensible Encryption)
-* [ ] XOR Obfuscation
 
 ### Other
 
-* [ ] Word 95 Encryption (Word 95 and prior)
-* [ ] Excel 95 Encryption (Excel 95 and prior)
-* [ ] PowerPoint 95 Encryption (PowerPoint 95 and prior)
+* [ ] Word 95 Encryption And Decryption (Word 95 and prior)
+* [ ] Excel 95 Encryption And Decryption (Excel 95 and prior)
+* [ ] PowerPoint 95 Encryption And Decryption (PowerPoint 95 and prior)
 
@@ -90,0 +92,0 @@ PRs are welcome!

src/util/xls97.js

@@ -7,2 +7,3 @@ /* eslint-disable valid-jsdoc */
 const documentRC4CryptoAPI = require('../crypto/rc4_cryptoapi');
+const documentXOR = require('../crypto/xor_obfuscation');
 
@@ -468,4 +469,13 @@ const recordNameNum = {
   const wEncryptionType = blob.read_shift(2);
+
+  const data = {};
+
   if (wEncryptionType === 0x0000) { // XOR obfuscation
-    throw new Error('The XOR obfuscation algorithm is not supported at this time');
+    const key = blob.read_shift(2);
+    const verificationBytes = blob.read_shift(2);
+    // console.log('key-->', key, verificationBytes);
+    const invalid = documentXOR.verifyPassword(password, verificationBytes);
+    if (!invalid) throw new Error('The password is incorrect');
+    const output = rc4Decrypt(currCfb, blob, password, data);
+    return output;
   }
@@ -478,3 +488,3 @@ if (wEncryptionType !== 0x0001) { // 0x0001 rc4
   const vMinor = blob.read_shift(2);
-  const data = {};
+
   if (vMajor === 0x0001 && vMinor === 0x0001) { // RC4
@@ -540,3 +550,4 @@ const info = parseHeaderRC4(blob);
       const restSize = size - 4;
-      plainBuf.push(...header, ...lbPlyPos, ...Array(restSize).fill(-1));
+      // plainBuf.push(...header, ...lbPlyPos, ...Array(restSize).fill(-1));
+      plainBuf.push(...header, ...lbPlyPos, ...Array(restSize).fill(-2));
       encryptedBuf.push(Buffer.concat([Buffer.alloc(4), Buffer.alloc(4), record.slice(4)]));
@@ -556,4 +567,6 @@ } else {
     dec = documentRC4.decrypt(password, salt, encryptedBuf, blocksize);
+  } else if (type === 'rc4_crypto_api') {
+    dec = documentRC4CryptoAPI.decrypt(password, salt, keySize, encryptedBuf, blocksize);
   } else {
-    dec = documentRC4CryptoAPI.decrypt(password, salt, keySize, encryptedBuf, blocksize);
+    dec = documentXOR.decrypt(password, encryptedBuf, plainBuf);
   }
@@ -563,3 +576,3 @@
     const c = plainBuf[i];
-    if (c !== -1) {
+    if (c !== -1 && c !== -2) {
       dec.writeUInt8(c, i);
@@ -566,0 +579,0 @@ }

tests/rc4_crypto_api/decrypt.test.js

@@ -45,2 +45,12 @@
   });
+
+  it('decrypt rc4_crypto_api xls, the password is incorrect', async () => {
+    const test = function test() {
+      return async function() {
+        const input = await fs.readFile(`${filePath}/rc4_cryptoapi_pass_test.xls`);
+        const output = await officeCrypto.decrypt(input, {password: 'xxxxx'});
+      };
+    };
+    await expect(test()).rejects.toThrowError(new Error( `The password is incorrect` ));
+  });
 });

tests/rc4/decrypt.test.js

@@ -24,2 +24,12 @@
   });
+
+  it('decrypt rc4 xls, the password is incorrect', async () => {
+    const test = function test() {
+      return async function() {
+        const input = await fs.readFile(`${filePath}/rc4_pass_test.xls`);
+        const output = await officeCrypto.decrypt(input, {password: 'xxxxx'});
+      };
+    };
+    await expect(test()).rejects.toThrowError(new Error( `The password is incorrect` ));
+  });
 });

No alert changes

Improved metrics

Total package byte prevSize

605816

increased by16.95%

Number of package files

54

increased by12.5%

Lines of code

2620

increased by9.85%

Number of lines in readme file

126

increased by1.61%

Worsened metrics

Number of low supply chain risk alerts

10

increased by25%

No dependency changes