cracking an old zip password
in [Cryptography]
|
Prev: Steganography Freeware Available Now
Next: A notation convenience for certain non-linear expressions
From: neddie on 31 May 2010 09:16 Hi to all. Hope I've come to the right place. I've got an old zip file(> 10 years old , maybe even 15) that I can't remember the password for. I do have 2 of the files in an unencrypted form , so some sort of planetext attack is what I think I need to do. From what I've read on the net it's a pkzip V2.xx something file. These are the first few bytes. 05 4B 03 14 00 01 00 08 I've managed to find a few old versions of PKzip , but no matter how I try to encrypt(without password) the 2 unencrypted files , I can't get the first few bytes to be the same. I'm using AZPR to do the planetext attack and it's not happy with the encryption of the 2 files. It comes up with "No matching files in selected archive.....etc" The encrypted file that is not password protected looks like this(first few bytes) : 50 4B 03 14 00 00 00 08 Trying various methods of encryption I get the 6'th byte to be 02 , 04, 06 , but I can't get it to be 01 like the origonal. Does anyone have any ideas? Am I even on the right track? Cheers Rob
From: Keith on 1 Jun 2010 06:14 On 31/05/2010 14:16, neddie wrote: > Hi to all. Hope I've come to the right place. > I've got an old zip file(> 10 years old , maybe even 15) that I can't > remember the password for. Try one of these: ftp://ftp.funet.fi/pub/crypt/analysis/pkcrack.zip ftp://ftp.funet.fi/pub/crypt/analysis/zipcrk20.zip ftp://ftp.ox.ac.uk/pub/crypto/cryptanalysis/fzc104.zip HTH.
From: jmorton123 on 2 Jun 2010 02:12 If you might be thinking about a brute force attack using a commercially available product: forget about it if you used a password of more than about 7 characters because it will take nearly forever to run through all the possiblities. I think you can use upper case and lower case letters and digits for sure, maybe even ascii symbols. So at a minimum we're talking about base 62. And a 7 character string in base 58 provides 3.52e+12 combinations. Then it goes up from there. I had the same problem except I password zipped my source code for my freeware at KingKonglomerate.com. I had to rewrite it all and it took me months but it turned out exceptionally well and maybe it was a good thing it happened. So for anyone else out there: if you ever encrypt something you better be absolutely sure you will never lose the password or it will be gone forever. JM On May 31, 6:16 am, neddie <seegoo...(a)yahoo.com> wrote: > Hi to all. Hope I've come to the right place. > I've got an old zip file(> 10 years old , maybe even 15) that I can't > remember the password for. > I do have 2 of the files in an unencrypted form , so some sort of > planetext attack is what I think I > need to do. > From what I've read on the net it's a pkzip V2.xx something file. > These are the first few bytes. > 05 4B 03 14 00 01 00 08 > I've managed to find a few old versions of PKzip , but no matter how I > try to encrypt(without password) > the 2 unencrypted files , I can't get the first few bytes to be the > same. I'm using AZPR to do the > planetext attack and it's not happy with the encryption of the 2 > files. It comes up with "No matching files > in selected archive.....etc" > The encrypted file that is not password protected looks like > this(first few bytes) : 50 4B 03 14 00 00 00 08 > Trying various methods of encryption I get the 6'th byte to be 02 , > 04, 06 , but I can't get it to be 01 like the origonal. > Does anyone have any ideas? > Am I even on the right track? > Cheers > Rob
From: neddie on 2 Jun 2010 07:58
On Jun 2, 8:12 am, jmorton123 <jmorton...(a)rock.com> wrote: > If you might be thinking about a brute force attack using a > commercially available product: > forget about it if you used a password of more than about 7 characters > because it will > take nearly forever to run through all the possiblities. I think you > can use upper case > and lower case letters and digits for sure, maybe even ascii symbols. > > So at a minimum we're talking about base 62. And a 7 character string > in base 58 > provides 3.52e+12 combinations. Then it goes up from there. > > I had the same problem except I password zipped my source code for my > freeware at > KingKonglomerate.com. I had to rewrite it all and it took me months > but it turned out > exceptionally well and maybe it was a good thing it happened. > > So for anyone else out there: if you ever encrypt something you > better be absolutely sure > you will never lose the password or it will be gone forever. > > JM > > On May 31, 6:16 am, neddie <seegoo...(a)yahoo.com> wrote: > > > Hi to all. Hope I've come to the right place. > > I've got an old zip file(> 10 years old , maybe even 15) that I can't > > remember the password for. > > I do have 2 of the files in an unencrypted form , so some sort of > > planetext attack is what I think I > > need to do. > > From what I've read on the net it's a pkzip V2.xx something file. > > These are the first few bytes. > > 05 4B 03 14 00 01 00 08 > > I've managed to find a few old versions of PKzip , but no matter how I > > try to encrypt(without password) > > the 2 unencrypted files , I can't get the first few bytes to be the > > same. I'm using AZPR to do the > > planetext attack and it's not happy with the encryption of the 2 > > files. It comes up with "No matching files > > in selected archive.....etc" > > The encrypted file that is not password protected looks like > > this(first few bytes) : 50 4B 03 14 00 00 00 08 > > Trying various methods of encryption I get the 6'th byte to be 02 , > > 04, 06 , but I can't get it to be 01 like the origonal. > > Does anyone have any ideas? > > Am I even on the right track? > > Cheers > > Rob I managed to get it in the end. I just had to find the correct version of pkzip to encrypt the 2 files for a plain text atack.I never make my password easy so I knew a bruteforce attack was out of the question. I was correct as it happens , the password was 18 charaterss with small letters and numbers.Even at 20000000 passwords/sec it's more than 16e +12 YEARS!! That's not even in the realms of quantum computing!!! |