@paranoidninja created a PPT file in Microsoft Windows PowerPoint 2016 for his presentation on Botnet Development at Defcon 9111. And decided to upload the file on our website by applying restriction on the file so that readers can only view the slideshow but not modify the content.
We followed a similar way from Microsoft’s website.
Let’s restrict the content modification!
This is how we applied the restriction:
- Go to File>> Save As >> More Options
- Go to General Options
Now, there are two options:
- Password to open
- Password to modify
As we want our readers to open the file but not modify the content, so we selected second option. (Password to modify) and saved the file.
- Now if you open the file, it asks for the password. If you want to modify, enter password. Or open in “Read Only” mode. When you click on “Enable Editing”, it again asks for the password.
Here comes the funny part. Let’s remove the Restriction:
Change the file extension from .pptx to .zip and open the archive, go to ppt directory.
Open the file presentation.xml
Now remove this piece of code starting from <p:modifyVerifier crytProviderType………….”/>
<p:modifyVerifier cryptProviderType="rsaAES" cryptAlgorithmClass="hash" cryptAlgorithmType="typeAny" cryptAlgorithmSid="14" spinCount="100000" saltData="LCOcjydcRrLY5fiAoeJIwA==" hashData="DPzPMyL5DVmxYVjJmPg/TiZ7gf/jjKkPrmExEabxF/UftgNxx+sF6u3SHGO59jQDth5fStyEF2+R5n3HCbUnGg=="/>
Save the file. And rename the .zip back to .pptx
Now, open the .PPTX file and you can edit it.
You can find the PPT file (with modification restriction 😉 ) inside the dossier section.
In this section, we will share our random findings and funniest security implementations. Post you opinions below in the comments area.