Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 May 2019 21:30:29 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: zip2john fails to hash my zip file

Hi,

This is in addition to magnum's answer (which is correct and
JtR-centric, as is most appropriate for this list, but I feel I can add
beyond-JtR material as well).

On Mon, May 20, 2019 at 03:58:50PM +0000, Dudy Dudy wrote:
> My ultimate goal to is be able to recover the password of the archive.

Or maybe the content of the archive?  For PKZIP files with tough
passwords, it might be more practical to mount a known plaintext attack,
for which there's this recent tool (a remake of the older pkcrack):

https://github.com/kimci86/bkcrack

(I "contributed" some bug reports and feature requests to the author,
which are now implemented - including the ability to have the tool
truncate a compressed file used for known plaintext in case only the
file's beginning is expected to match.)

There are also these new developments:

"Improved Forensic Recovery of PKZIP Stream Cipher Passwords"
http://www.insticc.org/node/TechnicalProgram/icissp/presentationDetails/73605

"These kernels add support for cracking the 96bit pkzip stream cipher to
retrieve the used password after successfully running a KPA on a zip
archive."
https://github.com/hashcat/hashcat/pull/2032

Of course, you need to get your zip archive to get properly parsed and
be supported by the tools anyhow.  You also need to be able to recreate
very similar archives with the same compression method and settings in
order to get suitable known plaintext (it should match your target
encrypted file's _after_ compression - at least the first 11 bytes).

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.