I know that PKZIP encrypted files can be easily broken without resorting to brute-force. That is the case if you have access to a plaintext copy of one of the original files inside of the archive (e.g. https://github.com/keyunluo/pkcrack). This attack is described in detail by this paper.
But in my case, I didn’t have access to a plaintext copy of any of the files in the archive. The file was also quite large. This resulted in a lot of false positives with traditional brute-force software.
I ended up creating a Python script that aims to address the issues that I had with my particular PKZIP encrypted file:
- I didn’t have plaintext access to any of the files in the archive.
- The zip file itself was fairly large (over 3 GB)
This script avoids getting these false positives by roughly doing the following steps:
- Ask the user to provide a filetype of a file inside of the archive.
- Ask the user for a password.
- Attempt to decrypt only a single file within the zip file with the given password. This is because all files in the archive usually have the same password.
- The file we try to decrypt must have a filetype of the user’s provided filetype. The file is opened as a ZipInfo object using ZipFile.open.
- If that works, then return the password.
You can take a look at the script here: https://github.com/cwithmichael/breakzip
Example Usage of the Script
breakzip <zipfile_name> <known_file_extension>
Let’s say we had an encrypted zip file named
cats.zip with a jpg file in it.
In this example the password is
fun and our wordlist contains
$ breakzip cats.zip jpg < wordlist Found it! -> fun
We can also use a password generator like JohnTheRipper to provide passwords.
$ ./JohnTheRipper/run/john --mask=fu?a -stdout | breakzip cats.zip jpg Press 'q' or Ctrl-C to abort, almost any other key for status 95p 0:00:00:00 100.00% (2020-04-13 17:35) 1520p/s fu| Found it! -> fun
Supports PKZip/ZipCrypto Encryption only
Only a limited number of file types are supported at the moment: zip, wmv/asf/wma, jpg, png, xml
But it’s pretty easy to extend support for various file types.