Additional Information (added by CrackZ 2nd February 2001).
This essay deals with the most interesting way of zip password cracking : The PlainText attack.
As many zip password crackers have appeared on the shareware market, and also our computers are getting faster, many people think it is easy to find a zip password. Here's a short list of zip password crackers :
AZPR : http://www.elcomsoft.com
UZPC : http://www.chat.ru/~m53group
PKCrack : Local Download
Search for more with your favourite search engine, I know many others exist around the web.
Examine your target, i.e. take your protected archive and see what's inside (use something like WinZip). A MAJOR question is "is it possible for you to know a part of one of the encrypted files ?" - for example - an easy text file (readme.txt) or a common dll (VBXXX.dll, MFCXX.dll), perhaps a common .exe (SETUP.EXE), look for anything you can, it's very important. If you just have nothing to go on or you see a protected zip inside your target zip, then, too bad, you won't be able to use the plaintext attack.
Let's examine the three different methods :
i) Brute-forcing - it takes a long time, but what do you expect?, take any common zip brute-forcer, read the doc. (maybe use a RamDrive) and prepare to wait. This method is brutal (hence the name I suppose) the program just tries every password possible, some have range specifiers. How long might it take?, well - I asked UZPC to bruteforce a 64 chars-long string (not common), composed of every possible char. Its telling me that I have to wait about 3695848896 years, (forget the days and hours :) ), so, basically in that amount of years you can find any password with a standard PC!, that's just great!. There is nothing else to be said about the brute-force method.
ii) Dictionary Attack - This method is a little "smarter". It takes a common dictionary file of words and tries them as passwords (this is based on the fact that people often choose real words as passwords). It's smarter, but you can't have a dictionary containing all possible words, especially if the author is foreign. Most dictionarys are english-only and writing a word backwards or a slight variation (say a translation table) would fool it.
Lets deal with the most interesting method:
iii) The PlainText Attack - this attack is *by far* the smartest one. Only PKCrack will do it, afaik. You won't believe in PKCrack until you find a password, you need :
- A password protected archive (how surprising).
- The same zip version as the one used for the protected file (check the version numbers in the archive file).
- You have to know as many CONSECUTIVE bytes as possible from one of the files (you need at least 12 bytes).
- You still need luck!.
If you know the contents of the encrypted file, start your first attack on the smallest file. Zip this file (let's call it plain) into an archive without any password obviously and using the same zip version as your target.
For example : "pkzip plain.zip plain"
Copy the encrypted file to crypt.zip (it will make a backup
Delete all the other files in crypt.zip (of course, keep the one corresponding to plain.txt).
Now, you should have :
1. Archive crypt.zip, containing the archive with a password
(let's say crypt.
2. Archive plain.zip, containing one file (plain), if you're not an airhead, launching PKCrack will show you the command line info.
pkcrack -c crypt -p plain -C crypt.zip -P plain.zip and wait!.
How long will it take ? (well how long is always the most important question, indeed :) ), several people reported to me that most passwords are found within 15 minutes, but I've never been that lucky.
Here is a (modified) "screenshot" of a real successful pkcrack session :
F:\Temp>pkcrack -c crypt -p plain -C crypt.zip -P plain.zip Files read. Starting stage 1 on Thu May 13 11:11:35 1999 Generating 1st generation of possible key2_889 values...done. Found 4194304 possible key2-values. Now we're trying to reduce these... Done. Left with 6963 possible Values. bestOffset is 24. Stage 1 completed. Starting stage 2 on Thu May 13 11:18:37 1999 key0=68d3ae85, key1=423d2b7c, key2=425b028e Probabilistic test succeeded for 870 bytes. Stage2 completed. Starting password search on Thu May 13 12:10:36 1999 Key: XX XX XX XX... Or as a string: 'xxxxxxxx' (without enclosing single quotes) Finished on Thu May 13 12:10:37 1999
How to (easily) avoid quick password cracking?, to avoid plaintext attack : the quickest way is to password protect a zip file inside another zip, quick and easy. To avoid the dictionary attack : either choose a personal word, like "ouargbloufyoupilalere" or grab a simple cryptor (say a simple keygen), and encrypt the archive with the result. To avoid brute-forcers don't use passwords less than 7 chars.
The CRC of the file is stored in the header. When you type in the password, the program initializes the stream cipher. It then decrypts the first twelve bytes of the encrypted file. The last byte should match the high byte of the CRC of the file that was stored in the header. One out of 256 passwords are going to pass this test on any given file, so the rudimentary zip attack programs require you to have around four files archived in the zip file. This way, there's only a 1/(256^4) or one in four billion chance of a false positive.
Sometimes they say that with WinZip you can get by with fewer files or run faster. This is because there are two check bytes in WinZip files. The bytes are compared against the high word of the file CRC, thus squaring the effectiveness of each file. The good pwd crackers use knowledge of the compression method to filter bad passwords. They reconstruct the Huffman trees and some other tables and check that everything is valid. This allows them to use a single file.
All of these methods rely on guessing the password and then checking against known plaintext. With a really long password, even if it's only alpha characters, it just takes too long. The *really* good WinZip cracker (the one I wrote, see http://www.accessdata.com) eliminates 2^58 possible keys at a time, enabling one to brute-force the 96-bit keyspace (three DWORDS) in about two hours, no matter what the size of the password. It does require five files in the archive. I've submitted a paper for publication, and should find out next month if it has been accepted. Once the details public, I'll post a link to the paper on this site.