If you read this carefully https://hashcat.net/forum/thread-3665.html, you will see that you only need -m 9710 to access the data.
Have a look at the list of steps under the "KDF" section https://hashcat.net/forum/thread-3665-po...l#pid20935.
9710 is used to get the 5 bytes which are the main source of the overall encryption key of the document. Just look at step 6-9. You only have to append 4 bytes zero, MD5 the result and use the 16 bytes as the 128 bit encryption key to decrypt the document.
atom already explained in the post that you do not need to use -m 9720 (and therefore steps 1-5) just to decrypt the data:
Have a look at the list of steps under the "KDF" section https://hashcat.net/forum/thread-3665-po...l#pid20935.
9710 is used to get the 5 bytes which are the main source of the overall encryption key of the document. Just look at step 6-9. You only have to append 4 bytes zero, MD5 the result and use the 16 bytes as the 128 bit encryption key to decrypt the document.
atom already explained in the post that you do not need to use -m 9720 (and therefore steps 1-5) just to decrypt the data:
Quote:you will not need to do that unless you try to find the real password that was used (forensic stuff)