All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: Zip Password Recovery
PostPosted: June 8th, 2018, 6:34 
Offline

Joined: May 28th, 2016, 9:16
Posts: 127
Location: Karlsruhe / Germany
Hey Guys,

I have a problem. I need to recover a password for a zip file. But because the file is a pkzip2 file, I can't run it with hashcat. I also tried different other commercial tools like the Archive Recovery by Elcomsoft and by TheGrideon - both tools claimed to have a GPU support, but it didn't work on my Radeon HD6970 Card or on my NVIDIA 1080 Card with GPU Support.

Do you have any other Ideas? If not, from a benchmark I figured out, that it's going to take about a year to crack the password (9 chars, Uppercase, numbers and Symbols). So I'm going to buy 300 EC2 instances to do this job with John the ripper.


Top
 Profile  
 
 Post subject: Re: Zip Password Recovery
PostPosted: June 8th, 2018, 18:19 
Offline

Joined: December 5th, 2011, 5:38
Posts: 1154
Location: Italy
The key has strong AES-256 encryption algorithm, this is the reason why it is slow to brute force it, not due to slow CPU or GPU.
If you'll use a graphic card with faster GPU, you might increase the speed a little but not in a realistic way to be able to crack it.

Is this zip file yours or of someone else?
If is of someone else then the AES-256 key is definitely doing what's supposed to do.

If the zip archive is yours, then you should be able al least to remember some parts of the password, or the argument of it.


Top
 Profile  
 
 Post subject: Re: Zip Password Recovery
PostPosted: June 11th, 2018, 6:08 
Offline

Joined: May 28th, 2016, 9:16
Posts: 127
Location: Karlsruhe / Germany
michael chiklis wrote:
The key has strong AES-256 encryption algorithm, this is the reason why it is slow to brute force it, not due to slow CPU or GPU.

The Key is missing, that's why I need to brute force the password. And it's slow, because I have to brute force it, not because it's the AES-256 algorithm. It would take the same time to brute force the password for Twofish encrypted files as well. And to be clear, I'm not brute forcing the key, but the password.

And if the CPU is slow, it's going to take more time than if the CPU is fast. And if I have 300 CPUs, I'm going to crack the password in one day.

If you'll use a graphic card with faster GPU, you might increase the speed a little but not in a realistic way to be able to crack it.


Top
 Profile  
 
 Post subject: Re: Zip Password Recovery
PostPosted: June 11th, 2018, 9:03 
Offline
User avatar

Joined: December 19th, 2006, 8:49
Posts: 9510
Location: Portugal
If you do have a very long password with random characters, numbers and symbols you aren't going to crack "that" in one day for sure, no matter how many CPUs you do have working on the "problem" at the same time ...

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.


Top
 Profile  
 
 Post subject: Re: Zip Password Recovery
PostPosted: June 11th, 2018, 10:42 
Offline
User avatar

Joined: April 3rd, 2011, 0:19
Posts: 1856
Location: Providence, RI
I've got an old license for Passware Password Recovery Kit Forensic I can use. If you want to send me a copy of the ZIP I can see how long my 16 core Threadripper will take to brute force it.

_________________
Data Medics - Hard Drive and RAID Data Recovery Service Company


Top
 Profile  
 
 Post subject: Re: Zip Password Recovery
PostPosted: June 11th, 2018, 11:11 
Offline

Joined: May 28th, 2016, 9:16
Posts: 127
Location: Karlsruhe / Germany
data-medics wrote:
I've got an old license for Passware Password Recovery Kit Forensic I can use. If you want to send me a copy of the ZIP I can see how long my 16 core Threadripper will take to brute force it.


Thank you for your offer. But this won't be enough.
Attachment:
File comment: CPU Comparison
Screenshot 2018-06-11 17.00.08.png
Screenshot 2018-06-11 17.00.08.png [ 64.32 KiB | Viewed 6209 times ]


My i3 CPU would crack the password with a single thread in one year. Your CPU has a similar single thread performance, but you have 16 cores. So you are going to take about 23 Days. I need the Data before the 15.6.

That's why I started 400 Cloud Instances instances to crack the password.

Spildit wrote:
If you do have a very long password with random characters, numbers and symbols you aren't going to crack "that" in one day for sure, no matter how many CPUs you do have working on the "problem" at the same time ...


I know, that the password has 9 Chars, is alphanumeric with some special characters. I benchmarked the rate and it said that I'm going to need a year to crack it on a singe core. Why do you think, that I can't crack a long password in one day? I pretty sure, that google or facebook or amazon can crack long passwords with their infinite computing power.


Top
 Profile  
 
 Post subject: Re: Zip Password Recovery
PostPosted: June 11th, 2018, 11:46 
Offline
User avatar

Joined: December 19th, 2006, 8:49
Posts: 9510
Location: Portugal
D_R wrote:
Why do you think, that I can't crack a long password in one day?


Just try it !!!

If it's a BAD password you can ... Like something that is on a dictionary, that is very used or even that if it have a small lenght.

Try to crack fo example a 25 or 30 characters/numbers/symbols all random data "password" for example in one day ....

:lol: :lol: :lol:

Assuming the cypher doesn't have problems, bad implementation or backdoors ...

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.


Top
 Profile  
 
 Post subject: Re: Zip Password Recovery
PostPosted: June 11th, 2018, 13:39 
Offline
User avatar

Joined: April 3rd, 2011, 0:19
Posts: 1856
Location: Providence, RI
My processor is 16 physical cores, but 32 logical with hyperthreading (provided the algorithm doesn't require more cache memory than it has for each thread).

So it might be more like 12 days. I can start it running and see how long it estimates.

_________________
Data Medics - Hard Drive and RAID Data Recovery Service Company


Top
 Profile  
 
 Post subject: Re: Zip Password Recovery
PostPosted: June 12th, 2018, 17:45 
Offline

Joined: May 28th, 2016, 9:16
Posts: 127
Location: Karlsruhe / Germany
After 7 hours with 400 EC2 instances I found the password. Job is done, the customer is happy.

data-medics wrote:
My processor is 16 physical cores, but 32 logical with hyperthreading (provided the algorithm doesn't require more cache memory than it has for each thread).


Thank you for your offer. But even 12 days are .... well.... you bought the machine to work.....
But I don't understand why you said, that you have 32 logical cores that can crack the password twice that fast.

Ok, you have 16 physical cores. In my opinion you have no advantage if you take the full performance of one core of the other logical. Instead the processor has to stop one job, switch to the job on the other core and work on it. If the processor isn't under full load, I can understand that a second logical core can help. But if the physical core is under full load?


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group