You may have encountered this situation. After downloading a zip file from the network, you finally find that it is password-protected. Or you can use your own password to encrypt a very important ZIP file. However, after a while, you forgot your password and cannot open it. At this time, the encrypted file may need to be cracked.
With the performance improvement of random computers, many people may think that it is very easy to find the password for a zip file. Generally, there are three methods to crack ZIP files: brute-force cracking, Dictionary attacks, and plaintext attacks.
Before introducing these three methods, I would like to introduce you to several tools:
Http://www.chat.ru /~ M53group
Pkcrack: http://www.unix-ag.uni-kl.de /~ Conrad/krypto/pkcrack.html
For details about how to use it, refer to their documents. Of course, you can also choose other tools through the search engine. I believe you can find many other tools. Okay. Now let's start with the question.
Step 1-understand the target file
As the saying goes, "Know Yourself And know yourself" cannot be defeated. Before cracking, a comprehensive understanding of encrypted files can help us obtain a lot of useful information. For example, use the WinRAR (Windows) or 'unzip-l' (Linux) command to obtain the directory structure of the compressed package and the file information it contains. You should always remind yourself that,Is it possible to know some information about an encrypted file?. Upload File (setup. exc ). It is important to discover anything you may find. If you do not get any part of the encrypted file, you are sorry that you will not be able to use Plaintext as the most effective cracking tool.
Let's compare the three methods of cracking:
1. brute force cracking. This is the most time-consuming method of cracking. What else do you expect? As its name implies, brute-force cracking is a constant process of trying all possible passwords. If the password is short, you may find the correct password in a short time. However, if it is long, for example, using a 64-character string as the password, you may find that you still cannot find the answer after 10 retries.
2. dictionary attack. Compared with the mentally retarded child, the dictionary attack is probably the IQ of a three-year-old. It uses a dictionary file and tries every password in the file one by one. Nowadays, many people share their dictionary files on the Internet, which makes dictionary attacks much more efficient than brute-force cracking. Especially when the target file is protected with a weak password, Dictionary attacks are more efficient. However, Dictionary attacks do not cover all possible passwords. Therefore, Dictionary attacks are useless for ZIP files with strong password protection.
Well, now let's take a look at the most interesting method:
3. plaintext attack. This is the most intelligent attack method so far, but only pkcrack can. You can try it yourself. But first, you need the following prerequisites:
-An encrypted compressed file (of course, why do you read this note without it)
-Understand the zip version of the compressed file (such as the encryption platform and zip version number). You can learn about the zip version through file attributes. For Linux, run the unzip-V command to view the details of a zip package, including the encryption algorithm .)
-Know the continuous content of a file in the compressed package (at least 12 bytes)
If you have discovered the internal content of the encrypted file on a website, you can start to crack it. First, pack the text file into a zip package, such as package readme.txt into readme.zip. After packaging, make sure that the compression algorithms are the same. A simple method is to use WinRAR to open a file and check whether the size of the compressed file is the same. If they are the same, the compression algorithm is correct. If different, try another compression algorithm.
Now you have two files:
1. Encrypted target file crypt.zip
2. The zippackage plain.zip generated by readme.txt
Assume that the structure of the two files is as follows:
| -- Folder1
> -- File1.txt
| -- Folder2
> -- Readme.txt
| -- Readme.txt
Then, call pkcrack on the console:
Pkcrack-C "folder1/readme.txt"-P readme.txt-C crypt.zip-P plain.zip
The meanings of several parameters are as follows:
-C: target file to be cracked (including path)
-C: name of the plaintext file in the cracked file (the path does not include the system path, starting from the ZIP file layer)
-P: Compressed plaintext File
-P: the name of the plaintext file in the compressed plaintext file (the location of readme.txtin plain.zip is also included)
The following is a decryption process:
F: \ Temp> pkcrack-C crypt-P plain -ccrypt.zip-P plain.zip
Files Read. starting stage 1 on Thu may 1311: 11: 35 1999
Generating 1st generation of possiblekey2_889 values... done.
Found 4194304 possible key2-values.
Now we're re trying to reduce these...
Done. Left with 6963 possible values. bestoffset is 24.
Stage 1 completed. starting stage 2 on thumay 13 11:18:37 1999
Key0 = 68d3ae85, key1 = 423d2b7c, key2 = 127b028e
Probabilistic test succeeded for 870 bytes.
Stage2 completed. Starting password searchon Thu May 13 12:10:36 1999
Or as a string: 'xxxxxxxx' (withoutenclosing single quotes)
Finished on Thu May 13 12:10:37 1999
Note that pkcrack cannot run normally under Vista and win7. Therefore, ensure that the operating system is XP or Linux.
Pkcrackanother important feature is "-D", followed by a file name, such as decrypt.zip, indicating the output of the decrypted ZIP file. Although this option is not used in this example, we strongly recommend that you use this option. If this option is not used, the decryption time is very long, and using this option, it usually takes several minutes. You can refer to its readme document to see why it doesn't need to be slowed down. It is probably related to a program called findkey. I will not explain it here.
How can we avoid password cracking?
For plaintext attacks, the simplest and most effective method is to perform two zip encryption, so that the information of plaintext files will not be exposed to the crack's eyes. Dictionary attacks prevent weak passwords and generate passwords by adding numbers and characters. For brute-force cracking, a password with more than 7 characters can be used as a zombie.