First we open the document, click in the enable edit button and then select the option save as {Excel Book 97-2003}. Close the current file and open the new one with and hex editor, i use HxDes.

Search for the "DPB=" string (without quotes), and change for --> DBx=  and save the changes.

After that, open the excel file,click enable content  button and after thet press Alt + F11  and click yes option in the alert window. An error window appears and click yes again, Then select Settings -- VBAproject  properties and a window will open. Click on the protection option and then write in the passsword´s fields the same password and click acept/ok. Follow the steps, open Settings--VBAproject and click in the protection option. Now deselect the proyect block option and erase<span> both password fields, so that they are <span>empty and click acept/ok option.

We can see there are 2 sheets, the form sheet, and the answer sheet, if we try to open last one, we can´t, so we gonna copy its contents into a new one.

In left panel, double click ThisWorkbook  and in the right appears a cursor, copy the following code :

Sub CopyHidden()

Dim wbNuevo As Workbook
Dim wsMuyEscondida As Worksheet
Dim rngCelda As Range
Set wbNuevo = Workbooks.Add
Set wsMuyEscondida = Hoja2
For Each rngCelda In wsMuyEscondida.UsedRange
rngCelda.Copy wbNuevo.Sheets(1).Range(rngCelda.Address)
Next rngCelda
End Sub

and then press F5  to exec the code and wait for a while, only a few seconds, and you get the flag in a new file, the flag is:   EKO{HIDDEN_SHEET_123}

i don´t have the post in the blog yet, but i´m gonna do soon, tomorrow (monday) at the night it will be with pictures to figure out step by step. Thanks for your comments.

LuisAcostaS
</span></span>