-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
method testzip to check password on encrypted zip #14
Comments
Hi, You're not doing anything wrong. There are two places in the winzip aes format where the password is verified:
The cheap password check is described in https://www.winzip.com/win/en/aes_info.html:
So you can use your current script to filter out potential candidates, but then you will need to read the file contents to see if it was the actual password or one of these false positives. |
you might find this info useful too: https://github.com/lclevy/unarcrypto/blob/master/pics/algo.png |
@danifus thanks for the clarification, pitty there is no real password check one could do after the "cheap check". When doing the real extraction with the wrong passwords, it writes out zero-byte files, so it overwrites previous files which might have been written with the correct key. Of course you can solve this with separate output directories and testing the length of the generated files, but that's all extra code. |
I've never used
|
Hi,
I was working on a sort of brute force script, this is for malware analysis where attachments often use zip archive with encryption to evade detection. The script uses a dictionary file on a zip archive and with the use of testzip tells when the right password is found.
This seemed to work, untill by chance i got a hit on a second password which was correct according to the method.
If i change the method to extractall it work OK, but the wrong passwords generate empty files, so i would first like to establish the right password and only then move on to extracting.
Am i doing something wrong?
thanks in advance,
Ewald...
The text was updated successfully, but these errors were encountered: