|
|
|
Recovering password
Forgetting a ZIP password can be very annoying, particularly when one is trying to restore an old backup or a file shared through the internet or any other public network that was password-protected. But, thankfully, there are some tools available which can break in the protected ZIPs using the ever-popular brute force or dictionary attacks. Today we will study a few of such tools, and see how password cracking actually works.
The first tool is PicoZip Recovery Tool. With this, not only popular zip programs like WinZip, PKZip and other standard compliant utilities’ protected zip are supported, but self extracting EXE archives can also be deciphered. The interface is quite straightforward. First select an encrypted zip file, next select one of the methods available. The dictionary option uses the built-in 634,699-word-English dictionary. And since its purpose is a specialised one, it should ideally include several verb forms, abbreviations, slang, common foreign words, phrases and popular proper nouns.
Applying default dictionary in Pico is pretty fast — 25 seconds on a P4 3.2GHz. But if the password is not recovered, there is no choice but brute-forcing. Here is a word of advice: if you are cracking your own file, try to recall the length and set Min and Max accordingly to reduce the number of combinations. Or, if some initial characters are there in your mind, put them in Staring Password field.
Another similar tool is Zip Password Finder. Both the tools are free and provide ability to resume an attack through Pause/ Start and saving a progress file.
Now let us take a look at a couple of more advanced tools and see what the techniques they employ.
Advanced ZIP Password Recovery provides some advanced features, which is why it comes with a price. One good option is that of custom mask. For example, if you know a few characters correctly, specifying those — no matter which position they are in — lowers the number of possible combinations.
Apart from masking, another well-researched method called plain-text attack is also available. If an archive has got number of files, chances are high that all are encrypted with same password. If one of these files is present in unencrypted form, and can be zipped with same archiving utility, the program attempts to mount known plain-text attack.
Dictionary attack is also comprehensively enhanced with option of converting each word to all possible case combinations. But again, it will be just too much in number. To reduce this exceptionally high multiplying factor, Smart Mutations option can be applied which performs only basic alterations, like reversing, alternate characters in caps, vowel’s case and toggling.
This built-in dictionary is different from common English language wordlists in a sense that it is intended specifically for password breaking, with words like proper nouns, short combination words and a number with years and time. The tool also attempts key recovery in cases that allow access to the file without password.
Then there is a WinZip optimisation option in case one is sure that the archive was zipped with this once popular zip tool. Other options include auto-save to resume breaking, priority setting, optimisation modes for PII, PIII, Celeron, AMD, P4 and non-MMX CPUs, logging and command prompt support. With a P4 claimed benchmark of 15 million passwords per second, the tools certainly looks impressive.
Visual Zip Password Recovery is another pro level tool offering distributed multi-computer attack. For a gigantic brute force activity, user can install the tool on a number of PCs and on each, specify the total number and serial number of every computer used. These computers need not be connected over a network. And although, similar configuration can be done manually using other tools, having an automated option is certainly a big timer-saver.
For breaking almost known passwords, “False-Type” attack can be launched. In this mode, a password character is not only permuted with case, but adjacent keys are also tried out. If there is some more information available on password, a very detailed “Template” attack can also be unleashed. In short, it allows dictionary words to appear at places of user’s choice, thus combining brute-force with dictionary attack on basis of extensive configuration parameters. And for novice users, an Automatic mode is provided that attempts combination of a variety of attack modes before restoring to brute-force.
Writer’s e-mail: nizar.ali@gmail.com
|
|
|
|
