I know that PKZIP encrypted files can be easily broken without resorting to brute-force. That is the case if you have access to a plaintext copy of one of the original files inside of the archive (e.g. https://github.com/keyunluo/pkcrack). This attack is described in detail by this paper.

But in my case, I didn’t have access to a plaintext copy of any of the files in the archive. The file was also quite large. This resulted in a lot of false positives with traditional brute-force software.

I ended up creating a Python script that aims to address the issues that I had with my particular PKZIP encrypted file:

  1. I didn’t have plaintext access to any of the files in the archive.
  2. The zip file itself was fairly large (over 3 GB)

This script avoids getting these false positives by roughly doing the following steps:

  1. Ask the user to provide a filetype of a file inside of the archive.
  2. Ask the user for a password.
  3. Attempt to decrypt only a single file within the zip file with the given password. This is because all files in the archive usually have the same password.
  4. The file we try to decrypt must have a filetype of the user’s provided filetype. The file is opened as a ZipInfo object using ZipFile.open.
  5. If that works, then return the password.

You can take a look at the script here: https://github.com/cwithmichael/breakzip

Example Usage of the Script

breakzip <zipfile_name> <known_file_extension>

Let’s say we had an encrypted zip file named cats.zip with a jpg file in it. In this example the password is fun and our wordlist contains fun.

$ breakzip cats.zip jpg < wordlist
Found it! -> fun

We can also use a password generator like JohnTheRipper to provide passwords.

$ ./JohnTheRipper/run/john --mask=fu?a -stdout | breakzip cats.zip jpg
Press 'q' or Ctrl-C to abort, almost any other key for status
95p 0:00:00:00 100.00% (2020-04-13 17:35) 1520p/s fu|
Found it! -> fun

Important Notes

Supports PKZip/ZipCrypto Encryption only

Only a limited number of file types are supported at the moment: zip, wmv/asf/wma, jpg, png, xml

But it’s pretty easy to extend support for various file types.