How to crack ZIP passwords with bkcrack
bkcrack is a command-line tool that can crack legacy zip encryption with Biham and Kocher's known plaintext attack. This means that if you have some ciphertext (encrypted data) and some plaintext (original data) that correspond to each other, you can recover the internal state of the encryption algorithm and use it to decrypt other files or find the password.
In this article, we will show you how to use bkcrack to crack ZIP passwords using a GitHub repository as an example.
bkcrack github
DOWNLOAD: https://blltly.com/2tFTze
Step 1: Download and install bkcrack
You can download the latest release of bkcrack from GitHub. There are precompiled packages for Ubuntu, MacOS and Windows. Extract the downloaded archive wherever you like. On Windows, you may need to install the Microsoft Visual C++ Redistributable package if it is not already on your system.
If you prefer to compile bkcrack from source, you can follow the instructions on the GitHub page.
Step 2: Find some plaintext and ciphertext
To crack a ZIP password with bkcrack, you need at least 12 bytes of plaintext and ciphertext that match. This means that you need to have access to some unencrypted data that is also present in the encrypted ZIP archive. For example, this could be a file header, a file name, or some common text.
In our example, we will use the GitHub repository kimci86/bkcrack as our plaintext source. We will download the ZIP archive of the master branch and extract it. Then we will create a copy of the archive and encrypt it with a password using any ZIP tool (we used 7-Zip).
Now we have two ZIP archives: one unencrypted (bkcrack-master.zip) and one encrypted (bkcrack-master-encrypted.zip). We can use any file in the unencrypted archive as our plaintext source. For example, we can use the readme.md file, which contains 5,374 bytes of text.
Step 3: Run bkcrack
To run bkcrack, we need to provide some parameters:
-C: The path to the encrypted ZIP archive.
-c: The name of the encrypted file inside the archive.
-P: The path to the unencrypted ZIP archive.
-p: The name of the unencrypted file inside the archive.
-o: The offset of the plaintext in the unencrypted file (in bytes).
In our example, we will use these parameters:
-C bkcrack-master-encrypted.zip -c readme.md -P bkcrack-master.zip -p readme.md -o 0
This means that we are using readme.md as our plaintext and ciphertext source, and we are using the first byte as our offset. We can run bkcrack with these parameters in a terminal or command prompt:
./bkcrack -C bkcrack-master-encrypted.zip -c readme.md -P bkcrack-master.zip -p readme.md -o 0
bkcrack will start searching for the internal state of the encryption algorithm. This may take some time depending on your CPU speed and the amount of plaintext available. When it finds a solution, it will print something like this:
[17:00:00] Z reduction using 5374 bytes of known plaintext
100.0 % (5374 / 5374)
[17:00:00] Attack on 5374 bytes of ciphertext at index 12
100.0 % (1 / 1)
[17:00:01] Keys: 9f6b8f6d f9f8f7f6 f5f4f3f2
The keys are the internal state of the encryption algorithm. They are enough to decrypt other files in the archive or change the password. 06063cd7f5