bkcrack icon indicating copy to clipboard operation
bkcrack copied to clipboard

Published 20 hours ago verified publisher icon kimci86

The best way to deal with this zip archive

Open mohegazy1 opened this issue 11 months ago • 8 comments

Hello I am very new to codes and scripts I want to know what is the best way to use the tool to handle this archive

qqq qqww qwqwq

note , I have tried a lot, but I fail every time

mohegazy1 avatar Mar 20 '24 21:03 mohegazy1

echo -n "<!DOCTYPE html>" > p1.txt
echo -n "<!DOCTYPE HTML>" > p2.txt

bkcrack -L filename.zip
Get one html's numeric index

bkcrack -C filename.zip --cipher-index Index_of_any_html_File -p p1.txt
bkcrack -C filename.zip --cipher-index Index_of_any_html_File -p p2.txt

xmexg avatar Mar 21 '24 06:03 xmexg

Hi, I see two approaches to crack this archive with bkcrack. You can see some files inside your archive are compressed (method ZipCrypto Deflate) and some other files are stored (method ZipCrypto Store).

The first approach would be to guess a part of the content of a stored file and use it as known plaintext for the attack. The stored files you can target are txt files so it is not obvious what they could be made of but maybe the filenames give more information about what could be inside. Maybe you know or remember something about those files.

The second approach would be to target one of the compressed files. This requires you can find a plain copy of one of those files somewhere else in a backup or online for example. Once you have such a file, you would put it in a unencrypted compressed zip archive to get compressed data usable for the attack. You need the compressed data to match what was put in the encrypted archive just before encryption, so compression parameters must be the same. This might require some guesses and several tries with different tools and parameters to get the right compression. @xmexg What you suggest would not work because it uses uncompressed html text but the html files in the archive are compressed.

To summarize, running a known-plaintext attack with bkcrack requires some knowledge of the archive content, either by making guesses or using a plain entire file available somewhere else. In case you do not have such information, then a known-plaintext attack might be impossible. You could try alternative approches to crack the archive with password cracking tools such as hashcat or john the ripper.

kimci86 avatar Mar 21 '24 07:03 kimci86

thank you for your reply In the screenshot, I placed blue marks on the files in which I had data

1212121

mohegazy1 avatar Mar 21 '24 13:03 mohegazy1

For the second .txt file(CRC: CC2E3C2F) you tagged:

For windows: echo | set /p dummyName="The contents of the file, as you know, should ideally exceed 12 characters, with correct punctuation and spaces if present.">p.txt
For linux: echo -n "The contents of the file, as you know, should ideally exceed 12 characters, with correct punctuation and spaces if present." > p.txt
(You'd better not use text editor, because it is possible to automatically add a \n or \r\n at the end)

bkcrack -L filename.zip
Get the numeric index for this .txt

bkcrack -C filename.zip --cipher-index Index_of_this_txt_file -p p.txt

If you get the key, you can use bkcrack -k your_key -b "?b" to get the password.
(In some terminals, ?b requires quotation marks)

xmexg avatar Mar 21 '24 14:03 xmexg

@mohegazy1 Does that answer your question? Did it work?

kimci86 avatar Mar 24 '24 21:03 kimci86

Unfortunately no, I tried both methods but no results

mohegazy1 avatar Mar 25 '24 15:03 mohegazy1

Do you want help about it? If so, what did you try exactly and what was the outcome?

kimci86 avatar Mar 26 '24 10:03 kimci86

@mohegazy1 Are you still looking for help about this? If so, please provide information about what you tried and how it went. Otherwise, I will close this issue.

kimci86 avatar Apr 23 '24 20:04 kimci86