HDD GURU FORUMS
http://forum.hddguru.com/

Zip Password Recovery
http://forum.hddguru.com/viewtopic.php?f=7&t=36925
Page 1 of 1

Author:  D_R [ June 8th, 2018, 6:34 ]
Post subject:  Zip Password Recovery

Hey Guys,

I have a problem. I need to recover a password for a zip file. But because the file is a pkzip2 file, I can't run it with hashcat. I also tried different other commercial tools like the Archive Recovery by Elcomsoft and by TheGrideon - both tools claimed to have a GPU support, but it didn't work on my Radeon HD6970 Card or on my NVIDIA 1080 Card with GPU Support.

Do you have any other Ideas? If not, from a benchmark I figured out, that it's going to take about a year to crack the password (9 chars, Uppercase, numbers and Symbols). So I'm going to buy 300 EC2 instances to do this job with John the ripper.

Author:  michael chiklis [ June 8th, 2018, 18:19 ]
Post subject:  Re: Zip Password Recovery

The key has strong AES-256 encryption algorithm, this is the reason why it is slow to brute force it, not due to slow CPU or GPU.
If you'll use a graphic card with faster GPU, you might increase the speed a little but not in a realistic way to be able to crack it.

Is this zip file yours or of someone else?
If is of someone else then the AES-256 key is definitely doing what's supposed to do.

If the zip archive is yours, then you should be able al least to remember some parts of the password, or the argument of it.

Author:  D_R [ June 11th, 2018, 6:08 ]
Post subject:  Re: Zip Password Recovery

michael chiklis wrote:
The key has strong AES-256 encryption algorithm, this is the reason why it is slow to brute force it, not due to slow CPU or GPU.

The Key is missing, that's why I need to brute force the password. And it's slow, because I have to brute force it, not because it's the AES-256 algorithm. It would take the same time to brute force the password for Twofish encrypted files as well. And to be clear, I'm not brute forcing the key, but the password.

And if the CPU is slow, it's going to take more time than if the CPU is fast. And if I have 300 CPUs, I'm going to crack the password in one day.

If you'll use a graphic card with faster GPU, you might increase the speed a little but not in a realistic way to be able to crack it.

Author:  data-medics [ June 11th, 2018, 10:42 ]
Post subject:  Re: Zip Password Recovery

I've got an old license for Passware Password Recovery Kit Forensic I can use. If you want to send me a copy of the ZIP I can see how long my 16 core Threadripper will take to brute force it.

Author:  D_R [ June 11th, 2018, 11:11 ]
Post subject:  Re: Zip Password Recovery

data-medics wrote:
I've got an old license for Passware Password Recovery Kit Forensic I can use. If you want to send me a copy of the ZIP I can see how long my 16 core Threadripper will take to brute force it.


Thank you for your offer. But this won't be enough.
Attachment:
File comment: CPU Comparison
Screenshot 2018-06-11 17.00.08.png
Screenshot 2018-06-11 17.00.08.png [ 64.32 KiB | Viewed 28699 times ]


My i3 CPU would crack the password with a single thread in one year. Your CPU has a similar single thread performance, but you have 16 cores. So you are going to take about 23 Days. I need the Data before the 15.6.

That's why I started 400 Cloud Instances instances to crack the password.

Spildit wrote:
If you do have a very long password with random characters, numbers and symbols you aren't going to crack "that" in one day for sure, no matter how many CPUs you do have working on the "problem" at the same time ...


I know, that the password has 9 Chars, is alphanumeric with some special characters. I benchmarked the rate and it said that I'm going to need a year to crack it on a singe core. Why do you think, that I can't crack a long password in one day? I pretty sure, that google or facebook or amazon can crack long passwords with their infinite computing power.

Author:  data-medics [ June 11th, 2018, 13:39 ]
Post subject:  Re: Zip Password Recovery

My processor is 16 physical cores, but 32 logical with hyperthreading (provided the algorithm doesn't require more cache memory than it has for each thread).

So it might be more like 12 days. I can start it running and see how long it estimates.

Author:  D_R [ June 12th, 2018, 17:45 ]
Post subject:  Re: Zip Password Recovery

After 7 hours with 400 EC2 instances I found the password. Job is done, the customer is happy.

data-medics wrote:
My processor is 16 physical cores, but 32 logical with hyperthreading (provided the algorithm doesn't require more cache memory than it has for each thread).


Thank you for your offer. But even 12 days are .... well.... you bought the machine to work.....
But I don't understand why you said, that you have 32 logical cores that can crack the password twice that fast.

Ok, you have 16 physical cores. In my opinion you have no advantage if you take the full performance of one core of the other logical. Instead the processor has to stop one job, switch to the job on the other core and work on it. If the processor isn't under full load, I can understand that a second logical core can help. But if the physical core is under full load?

Author:  pigboi [ November 6th, 2018, 21:13 ]
Post subject:  Re: Zip Password Recovery

Hi D_R,

noticed you are probably the only person online to figure out how to tackle a zip file (6MB), encrypted/password protected with pkzip2. Not sure you used JtR with the EC2's? Or some other way.

Would you mind going through the steps with me? I've given it a shot tried looking at other options.

Using JtR I seems to give a huge hash (key?) file (turning the orginal 6MB into a 13MB file) to tackle. Is this the key that you had trouble finding? Forcing you consider the only other option, brute force filling in random passwords.

So brute force is the only way out? Which in my language seems like running a slow program scripted to fill in passwords consecutively.

Thanks ahead, would appreciate some guidance.

Regards

Author:  D_R [ November 6th, 2018, 21:22 ]
Post subject:  Re: Zip Password Recovery

Hey,

I just was able to crack the file, because I knew the length of the password and this was a commercial job, so there was no problem to invest Money into several cloud instances. If JtR gives you a 6-13MB Hack file, you are doing something wrong. The hash is just few bytes long.

If you really want to recover the archive and are willing to pay for the Cloud Computing power, I can help you. But I have to remember how I did it. It's now few month ago, and I forgot how I exactly cracked the file.

Author:  pigboi [ November 6th, 2018, 21:57 ]
Post subject:  Re: Zip Password Recovery

Thanks for the offer. I'm a broke student helping out a collective. So what kind of budget are we talking about.

Some further notes: I do realise I'm doing something wrong with the file hash recovery. I used JtR 1.8.0.13 I believe, with little experience. I've attached the file for review. It's a tar file, but on my pc I've converted it to a zip file without any troubles, and assumed this does not effect the password. When finding the hash (JtR) for either file (tar or zip) the result is the same (huge hash). I assumed the conversion of tar to zip was possible because 7-zip opens both files in the same manner (asking for the password).

The Cause:
The goal of this project is to gain access to a lost database which connects chemical path ways. Its a non profit goal, to help normal people gain quicker access to alternative path ways for the production of medicine for private use (so non commercial too). IE: allowing people to avoid insane costs for medical treatment, through self care, and the right to produce for ones own needs with ones own hands, etc.

https://motherboard.vice.com/en_us/arti ... etwitterus

I'm not directly affiliated with the project, but think their cause is worth attention. I suppose we could try and raise some money.

Alternative:
I understand that your skill is valuable, but would you consider teaching me your approach provided I don't pass on your skills or apply them in other ways?
Thanks for your consideration. If you'd like to pm, which may allow for easier communication I'm open to exchanging mob. nrs.

Attachments:
reaxys.tar [6.53 MiB]
Downloaded 913 times

Author:  pigboi [ November 6th, 2018, 22:09 ]
Post subject:  Re: Zip Password Recovery

My next post is up for review. Gives more details on motive, file, issues.

All for now.
And thanks for your time.

Author:  D_R [ November 7th, 2018, 16:40 ]
Post subject:  Re: Zip Password Recovery

pigboi wrote:
I understand that your skill is valuable, but would you consider teaching me your approach provided I don't pass on your skills or apply them in other ways?
Thanks for your consideration. If you'd like to pm, which may allow for easier communication I'm open to exchanging mob. nrs.


Hey, I'm not talking about my payment. We are a community and if some one needs help, I'd like to help him. But on other hand I don't want to waste my time.

The problem is, that you need computing power to crack the password. In my first case, I needed 400 EC2 instances for 7 hours. And Amazon want to have money for this computing power. I was able to pay for that, because it was a commercial case. And I had luck with the cracking process.

I'm going to contact you via PM.

Author:  pigboi [ November 7th, 2018, 21:22 ]
Post subject:  Re: Zip Password Recovery

Hey D_R,

I see. I did indeed read you wrong, sorry about that.

Thanks for the proactive support provided here. Looking forward to your pm.

For those interested in the approach, I found this short article reviewing the idea of using Amazon EC2's back in 2012.

https://www.keithrozario.com/2012/08/cr ... ontal.html

Will post more information I bump into that might be useful here as it comes along.

All for now.

Author:  JJTJJT76 [ January 15th, 2019, 17:32 ]
Post subject:  Re: Zip Password Recovery

Hi,
I too need help with cracking two password protected zip files. They are both pkzip2 hashes. I believe the passwords are 16 character, with upper, lower, symbols, and numbers. Does anyone know how much it would cost to brute force this on amazon? I am willing to pay, but not the 10's of thousands of dollars it might cost.
Thanks Jim

Author:  JJTJJT76 [ January 16th, 2019, 1:03 ]
Post subject:  Re: Zip Password Recovery

I would also appreciate any help anyone is willing to give.

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/