bkcrack icon indicating copy to clipboard operation
bkcrack copied to clipboard
verified publisher icon kimci86

Exhaustive password search

Open geofjamg opened this issue 4 years ago • 3 comments

Hi,

I tried to recover a password from a key using the "-r 15 ?a" option, so I was expecting to only have a password with letters and numbers but the found password looks like to have strange characters:

as bytes: ****  b5 ab 10 d2  ******
as text: *****  ���   ****

Any idea what could be the problem? Thanks!

geofjamg avatar May 26 '21 12:05 geofjamg

Hello,

The recovery algorithm is roughly to bruteforce the first n-6 bytes of the password (with n being the password length) and then reconstruct the last 6 bytes if possible. The charset is used to bruteforce the first (n-6) bytes. The ending bytes can have values out of the charset. Making no assumption on the end has no impact on the computation cost, so I thought this would not be a problem. However, there can be collisions (i.e. several passwords for the same internal keys). Maybe this happened here. Another possibility is that the original password contains unicode characters encoded in UTF-8 or some other encoding that your terminal or font does not support.

Could you confirm that the first n-6 bytes are alphanumeric characters? Otherwise, it would be a bug. Do you think the password could contain unicode characters?

kimci86 avatar May 26 '21 20:05 kimci86

I confirm that first n-6 bytes are alphanumeric characters.

The recovered password does not work (but the found key work, I tested to extract a file with bkcrack command). I think this is because the password cannot be encoded in UTF-8 and so on when the unzip try to recompute the key, the key is wrong.

password bytes -> string utf-8 -> password bytes does not give original bytes, so I don't think this is a problem of unicode characters in the password.

Is there a way to get all other possibly passwords for this key to check if there is another one that can be converted to UTF-8?

geofjamg avatar May 26 '21 20:05 geofjamg

I tested to extract a file with bkcrack command

bkcrack does not test data integrity when deciphering or changing the password. To check that the internal keys are correct, you can:

  • change the password: bkcrack -C <your_archive.zip> -k <the internal keys> -U new.zip newpassword
  • then, run unzip -t new.zip or 7z t new.zip typing newpassword when prompted.

Is there a way to get all other possibly passwords for this key to check if there is another one that can be converted to UTF-8?

It is not implemented at the moment. I will hack something soon ~~(hopefully this week-end)~~.

kimci86 avatar May 26 '21 21:05 kimci86

For the record, improvements to the password search algorithm are now available in version 1.6.0.

  • Checking a found password uses only characters from the expected character set.
  • Ability to run an exhaustive password search.
  • Ability to pause and resume password search.

kimci86 avatar Jan 02 '24 12:01 kimci86