Brute force an old locked NUMBERS file using Mac Studio GPU Power?

My wife has several old Numbers documents that she unfortunately password protected back in 2016 and now can’t remember what password she would have used back then.

I’ve seen this software that can crack Numbers passwords using the latest Nvidia GPUs but unfortunately and strangely it only runs on Windows:

I’ve emailed the company and it can also run on a virtual Microsoft Azure server, but I really don’t want to get into that if I don’t have to.

Since I have a new Mac Studio with so many GPUs, it would be really great to be able to put these GPUs to work by solving this password riddle, but when I was searching I was surprised to learn there are little to no resources like this to take advantage of the supposedly awesome processing power of this computer.

Does anyone have any ideas on how I can crack this old Numbers document password, preferably using the idle GPU time on my new Mac Studio?

Thank you.

Idea. If your wife using the same machine as used to encrypt in 2016, is the password in the KeyChain by any chance?

Elcomsoft is great software. I’ve used their entire suite of tools with much success. Alas, as you learned, it is Windows-only.

One distinction to consider, password RECOVERY can take a very long time and will give you the original password in plaintext. This is useful if you think the same password was used on multiple files and you want to open them all.

A brute-force CRACK of the file is usually faster. It won’t give you the actual password, but will remove/break the lock on the file.

Unfortunately it is not in the keychain

1 Like

Whether it is recovery or crack doesn’t make a lot of difference to me, although it would be helpful to have the original password since I think she has several Numbers files she needs into.

But regardless, if a crack is faster, that’s fine. Do you know any software to crack a Numbers file? I can’t beleive there isn’t anything that can run on a Mac to make some good use of all these insane number of GPU cores. What a waste of good computing power!

I’m not sure, where @KirkS is differencing between “Recovery” and “BruteForce”, but normally a recovery of an password is only via a brute force attack possible, if there is no bug in this software, that releases a kind of a backdoor.
It was, e.g. possible for a long time to open a locked Excel-Sheet with Numbers, to circumnavigate the password. But, as far as I know, this bug was already removed a couple of years ago, and I don’t think that it worked the other way around.

Normally, people are using similar passwords, also over time.
So I would write down possible passwords into a list, and also write all possible variations into this list.
Thereafter I would simply try all passwords from that list.
This will take some time, but might be the best chance, to get back into those files.
Also, for future applications, I would always use the “Hint/Reminder” Field, that Apple provides since a long time, if you set up a new password, and save the password always to a Password-Manager.

I would HIGHLY recommend to NOT load and use ANY software from the internet, to run a brute force attack on my own system.
A lot of those applications contain malware, you will install involuntary onto your system, and open it on this way to the developer of those apps!!

1 Like

So I take it absolutely no developer has written an app that takes advantage of the M1 Max/Ultra GPUs for this kind of task. Amazing. Sounds like I should probably hire someone to do it and then sell the app myself.

I see a few on Github using Python.

Can you link to some?

This might end up in a large „Sandbox“… :thinking: :wink:

No. Easy for your to find via your favourite search engine or on Github. Sorry. I searched with the obvious terms “ python password cracker brute force” and took it no further.

No it’s not. I’ve been searching for awhile now and just searched Github for “password cracker mac” and several other variations and pretty much either nothing comes up or its just junk listings for junk software. We need something MODERN that uses the M1 GPUs, not some half-baked script that’s not even optimized for the hardware

And searching for the program name “numbers” is futile because it’s such a generic word that it doesn’t return the results needed.

There is a good reason, that Apps like that does not exist as a consumer product.
There is, in general, a reason, why somebody places a password onto his/her data, and if it would be easy, to remove it, there would be no need to use a password anyway.


There’s nothing stopping anyone from using Elcomsoft free version and getting the first X characters of a forgotten pass. The only reason I haven’t done it yet is because I don’t have access to a Windows computer at all, let alone with with a modern Nvidia GPU. However, after this experience and seeing what Elcomsoft charges for their license packs, I am now highly motivated to develop one of my own.

So, you got the first 3 characters of the password already?
I would be surprised about that, as the documentation stated, that you will need at least the forensic version, to get a chance on a Numbers File.

No, I said “the only reason I haven’t done that yet is because…”

If you compare the two problems, going along with that:

  1. The Free Version could not handle Numbers Files
  2. You don’t have Windows available

Then Problem #2 would be the one, that could be solved way easier, because you could buy a Windows Version, or ask a friend to help you out.
But you could not get the App to do something, the app is not capable…

I do understand, that you might expect, after reading the website from Elcomsoft, it would be an easy going, to “just” remove the Password.
Just a couple of GPU, and everything is done by the Breakfast…
If there is a known bug at this moment, that might even work.

But, if it would really be that easy, no one would ever need a password on anything!
It is not!
This company promises a lot, it could not fulfill, that is the reason, Police and Secret Services (and so on) had so much trouble to read out Smartphones, protected Computer and so on.
Yes, of course you can run a Brute-Force-Attack against passwords, if there is no protection like a limited number of tries you get on that, or a protection that increases the time, it take to get the prompt again, but even with a Super-Computer this could take weeks or month, to get into it. (“123456” of course within a second…)
An easy example:
My Standard Password contains of 4 letters (Small and Large Caps), and 6 numbers, together with a Special characters.
The 4 letters and 6 numbers alone would need, with 2,15 Billion Keys/sec (fastes available PC at the time of the calculation) around 12,39 years.
(Brute-Force-Attacke und Passwortlänge)

If I only add an additional letter or a number, this would increase to 768years.
And as I use a special character, it would increase further to a couple of thousand years, depending on the special character. If I take for example the german “ß”, a calculator
(How Secure Is My Password? | Password Strength Checker)
shows me 900 000 years for the break in with a brute force attack (while I don’t know, which Computer they had in mind, by calculating this!)

So you can see, that while it is theoretical possible, to break in into an password, by a brute force attack, it is highly dependent on the password, if this will work, and/or you will survive it.

There was/is a project called RC5-72,

they started some 20 years ago, to get into a RC5 password with a 72bit strength (Today 256bit is the Standard). You can join this project with your own computer via BOINC. As of May 2022, the had completed 8,674%, so if the right phrase would be the last, even with the used combined computer power, it would currently take around 240 years, to get to the end of this, and the official challenge (with a price by RSA) was already stopped in 2007.

So, if you want to have a chance to get into those Files, it might be a valid approach, to sit down with your wife, and produce a list like mentioned in my earlier post, to try it then on the Files.

1 Like

Yes I’m aware of that, and in this case we would be starting with a list of passwords that was in her “known 2016 stack” of passwords she might have been using at that time, and then we give that to the software and it could create variations based on those as a starting point and perhaps go faster.

Also, it has been written that the old Numbers file type uses 128 bit to lock it and it seems like there is no limit on the number of tries. But I don’t even think the software tries it in the normal way I human would with a prompt - rather, it just generates passwords from a list and then compares those to the encryption of the file and sees if it is a match, so it can do it much faster than if it were doing a prompt over and over.

Yes, this is called a Brute-Force-Attack. Just trial and error, as always if you don’t have a special vulnerability you can temporarily use.
And yes, there are faster ways, then just try everything, as those programs are using lists of known passwords, dictinaries and “social engineering”, which means you should provide the software with known facts (e.g. from a Facebook account, like DOB, DOB of relatives, First Car, Cat, School, Name of Mother, the kind of breakfast and so on) regarding the one who set the password. Because the developer of apps like that hope, that people often use known things as a base for their password.
But, if you are not lucky, you will not get into the file. You need the right passphrase on one, or the other way around. That is frustrating, if you “just” lost your password, but on the other hand, it is very good to see, that there is a reliable protection of data secured with a valid/strong password.

1 Like