Crack legacy zip encryption with Biham and Kocher's known plaintext attack.
(Fork from bkcrak.)
Difference from bkcrack
Not much, except that rbkcrack supports ZIP64 file (thanks to zip-rs crate).
In most cases, using bkcrack is a better choice. Because I haven't fully test rbkcrack, it's just a toy for practicing Rust.
Get the latest version from the git repository.
Build and install it with Cargo.
RUSTFLAGS='-C target_cpu=native' cargo install --git https://github.com/Aloxaf/rbkcrack
The attack uses at least 12 bytes of contiguous plaintext. The larger the known plaintext, the faster the attack.
From zip archives
Having a zip archive
encrypted.zip with the entry
cipher being the ciphertext and
plain.zip with the entry
plain as the known plaintext, rbkcrack can be run like this:
rbkcrack -C encrypted.zip -c cipher -P plain.zip -p plain
-a option to let rbkcrack search entry automatically
rbkcrack -C encrypted.zip -P plain.zip -a
Having a file
cipherfile with the ciphertext (starting with the 12 bytes corresponding to the encryption header) and
plainfile with the known plaintext, rbkcrack can be run like this:
rbkcrack -c cipherfile -p plainfile
If the plaintext corresponds to a part other than the beginning of the ciphertext, you can specify an offset. It can be negative if the plaintext includes a part of the encryption header.
rbkcrack -c cipherfile -p plainfile -o offset
If the attack is successful, the deciphered text can be saved:
rbkcrack -c cipherfile -p plainfile -d decipheredfile
If the keys are known from a previous attack, it is possible to use rbkcrack to decipher data:
rbkcrack -c cipherfile -k 12345678 23456789 34567890 -d decipheredfile
The deciphered data might be compressed depending on whether compression was used or not when the zip file was created.
If deflate compression was used, a Python 3 script provided in the
tools folder may be used to decompress data.
tools/inflate.py < decipheredfile > decompressedfile
You can also use
-u option to enable decompress
rbkcrack -C encrypted.zip -c cipher -P plain.zip -p plain -d final -u
[Suggested] If you want to decipher and decompress the whole file, you can use my custom p7zip:
7za e cipher.zip '-p[d4f34b9d_a6ba3461_dcd97451]'
A tutorial is provided in the
For more information, have a look at the documentation and read the source.
Do not hesitate to suggest improvements or submit pull requests on github.
BTW, if there is any zip file which bkcrack/pkcrack can crack while rbkcrack can't, please don't hesitate to report it.
This project is provided under the terms of the zlib/png license.