Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 17 Sep 2020 16:20:30 +0100
From: Jasper Jones <jazjones9292@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: cracking encrypted zip file

Apologies Alexander, I missed your email until just now.

Comments/answers in-line below.

Thanks
Jasper

On Wed, 16 Sep 2020 at 20:51, Solar Designer <solar@...nwall.com> wrote:

> On Wed, Sep 16, 2020 at 06:47:10AM +0100, Jasper Jones wrote:
> > I got the following message when I started it:
> > "Warning: detected hash type "ZIP", but the string is also recognised as
> > "ZIP-opencl"
> > Use the "--form=ZIP-opencl" option to force loading these as that type
> > instead"
> >
> > Any issue with that?
>
> No, but you can in fact try this suggestion to possibly use your GPU for
> much speedup, if you do have a suitable GPU and driver installed.
>

No, I'm just using a laptop at the moment and don't have access to a PC
with GPU. At some stage (and if the current run isn't successful), I'll
look into what I need to set something like this up. There's enough
potentially at stake to make it worth spending some money on this.

> Then:

> "Using default input encoding: UTF8
> > Loaded 1 password hash (ZIP, WinZip, [PKDF2-SHA1 128/128 AVX 4x1)"
> >
> > Does that look right? The reference to PKDF2-SHA1 instead of AES concerns
> > me, but I appreciate that could just be my ignorance showing.
>
> You've already figured this out (great!), but we might want to revise
> this algorithm name string to also include AES.
>

Cool.


> As to the error you were getting originally:
>
> > > That said, I'm still getting an error as well: "ver 5.1
> > > wallet.zip/wallet.dat is not encrypted, or stored with non-handled
> > > compression type".
>
> It certainly looks like you have more than one file, or one file more
> than once, in that archive.  It might even be that you have the
> wallet.dat file in there in both encrypted and non-encrypted form.


I'm pretty sure there's just the one file in there. I definitely wouldn't
have encrypted it first and then zipped it. It was just zipped (using 7Zip)
with a password and AES256 encryption selected. There's also just the one
file - wallet.dat - listed when you open the archive.

Alternatively, we have a bug resulting in that spurious message.
>

I'll leave that to you to decide! :)


> > > I don't have zipinfo (I'm on Windows), but I could download a bootable
> > > Linux distribution if that would help.
>
> I guess you can get zipinfo on Windows if you install Cygwin.
>

Do you think it would help at this stage? Perhaps if the current run
doesn't work I can look into that and see whether it gives more info than
I've found so far.


> > > 7zip itself gives some info about the compressed file:
> > >
> > > - attributes: An
> > > - Encrypted: +
> > > - Method: AES-256 Deflate
> > >
> > > (There's some other stuff about file size, dates, etc, but  assume it's
> > > the encryption info that's needed?)
>
> Yes, and also the listing of files.  Does it show just one file?
>

Yes, just wallet.dat, once.

Thanks as always
Jasper

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.