Zip Encryption File cracking

Source: Internet
Author: User
Tags crypt password protection strong password


You may have encountered this situation. After downloading a zip file from the network, you finally find that it is password-protected. Or you can use your own password to encrypt a very important ZIP file. However, after a while, you forgot your password and cannot open it. At this time, the encrypted file may need to be cracked.


With the performance improvement of random computers, many people may think that it is very easy to find the password for a zip file. Generally, there are three methods to crack ZIP files: brute-force cracking, Dictionary attacks, and plaintext attacks.


Before introducing these three methods, I would like to introduce you to several tools:


Http:// /~ M53group

Pkcrack: /~ Conrad/krypto/pkcrack.html


For details about how to use it, refer to their documents. Of course, you can also choose other tools through the search engine. I believe you can find many other tools. Okay. Now let's start with the question.


Step 1-understand the target file

As the saying goes, "Know Yourself And know yourself" cannot be defeated. Before cracking, a comprehensive understanding of encrypted files can help us obtain a lot of useful information. For example, use the WinRAR (Windows) or 'unzip-l' (Linux) command to obtain the directory structure of the compressed package and the file information it contains. You should always remind yourself that,Is it possible to know some information about an encrypted file?. Upload File (setup. exc ). It is important to discover anything you may find. If you do not get any part of the encrypted file, you are sorry that you will not be able to use Plaintext as the most effective cracking tool.


Let's compare the three methods of cracking:

1. brute force cracking. This is the most time-consuming method of cracking. What else do you expect? As its name implies, brute-force cracking is a constant process of trying all possible passwords. If the password is short, you may find the correct password in a short time. However, if it is long, for example, using a 64-character string as the password, you may find that you still cannot find the answer after 10 retries.

2. dictionary attack. Compared with the mentally retarded child, the dictionary attack is probably the IQ of a three-year-old. It uses a dictionary file and tries every password in the file one by one. Nowadays, many people share their dictionary files on the Internet, which makes dictionary attacks much more efficient than brute-force cracking. Especially when the target file is protected with a weak password, Dictionary attacks are more efficient. However, Dictionary attacks do not cover all possible passwords. Therefore, Dictionary attacks are useless for ZIP files with strong password protection.


Well, now let's take a look at the most interesting method:

3. plaintext attack. This is the most intelligent attack method so far, but only pkcrack can. You can try it yourself. But first, you need the following prerequisites:

-An encrypted compressed file (of course, why do you read this note without it)

-Understand the zip version of the compressed file (such as the encryption platform and zip version number). You can learn about the zip version through file attributes. For Linux, run the unzip-V command to view the details of a zip package, including the encryption algorithm .)

-Know the continuous content of a file in the compressed package (at least 12 bytes)



Step 2-cracking

If you have discovered the internal content of the encrypted file on a website, you can start to crack it. First, pack the text file into a zip package, such as package readme.txt into After packaging, make sure that the compression algorithms are the same. A simple method is to use WinRAR to open a file and check whether the size of the compressed file is the same. If they are the same, the compression algorithm is correct. If different, try another compression algorithm.


Now you have two files:

1. Encrypted target file

2. The zippackage generated by readme.txt


Assume that the structure of the two files is as follows:

| -- Folder1

> -- File1.txt

| -- Folder2

> -- Readme.txt

| -- Readme.txt


Then, call pkcrack on the console:

Pkcrack-C "folder1/readme.txt"-P readme.txt-C


The meanings of several parameters are as follows:

-C: target file to be cracked (including path)

-C: name of the plaintext file in the cracked file (the path does not include the system path, starting from the ZIP file layer)

-P: Compressed plaintext File

-P: the name of the plaintext file in the compressed plaintext file (the location of readme.txtin is also included)


The following is a decryption process:


F: \ Temp> pkcrack-C crypt-P plain

Files Read. starting stage 1 on Thu may 1311: 11: 35 1999

Generating 1st generation of possiblekey2_889 values... done.

Found 4194304 possible key2-values.

Now we're re trying to reduce these...

Done. Left with 6963 possible values. bestoffset is 24.

Stage 1 completed. starting stage 2 on thumay 13 11:18:37 1999

Key0 = 68d3ae85, key1 = 423d2b7c, key2 = 127b028e

Probabilistic test succeeded for 870 bytes.

Stage2 completed. Starting password searchon Thu May 13 12:10:36 1999

Key: xx...

Or as a string: 'xxxxxxxx' (withoutenclosing single quotes)

Finished on Thu May 13 12:10:37 1999


Note that pkcrack cannot run normally under Vista and win7. Therefore, ensure that the operating system is XP or Linux.

Pkcrackanother important feature is "-D", followed by a file name, such as, indicating the output of the decrypted ZIP file. Although this option is not used in this example, we strongly recommend that you use this option. If this option is not used, the decryption time is very long, and using this option, it usually takes several minutes. You can refer to its readme document to see why it doesn't need to be slowed down. It is probably related to a program called findkey. I will not explain it here.


How can we avoid password cracking?

For plaintext attacks, the simplest and most effective method is to perform two zip encryption, so that the information of plaintext files will not be exposed to the crack's eyes. Dictionary attacks prevent weak passwords and generate passwords by adding numbers and characters. For brute-force cracking, a password with more than 7 characters can be used as a zombie.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.