WinZip Password Protection

[Sheppard]

We have a slight problem here regarding WinZip password protected files, that a nice former employee has left for us !!!

 

Does anyone know how to crack the password without throwing passwords at it ? We have bought a program that tests 7 Million passwords a second, but we know the password is over 8 characters long and will therefore take over a year to crack :eek:.

 

Any ideas ?

 

:confused:

[quahog]

This is a commerical solution. I have no financial interest in the company. Nor have I tried the software.

 

http://lastbit.com/zippsw/default.asp

 

Good Luck

[Sheppard]

WinZip Protection

 

Thanks for your input quahog.

 

This looks very similar to the program we have bought, except it does 10 Million passwords per second rather than 7 Million.

 

The trouble we have is the length of the password, which we know is at least 8 characters. Here comes the math !!!

 

Assuming we check for upper and lowercase characters and numbers (ignoring symbols) that gives us 62 combinations for each character. Assuming it only has 8 characters, this gives us 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 possibilities, which equals 218,340,105,584,896 !!

 

At 10 Million passwords per second this will take 253 days !!!!

 

A touch longer than we have !!!

 

Anybody know another solution ?

[sjn78]

Have you contacted winzip?? Maybe, they have a method built in to the program (that is not know to anyone) to unlock the zip??

 

Or if the file isn't too big, you may be able to send it to them and see what they can achieve.

[Sheppard]

WinZip

 

Thanks for the advice.

 

Our IT manager is on the case now.

 

Will let you know if we get anywhere.

 

 

Cheers.

 

;)

[quahog]

Sheppard,

 

Good luck. Sorry I could not help. It kind of bugged me so I followed up with Winzip for their offical answer.....which was :

 

"The best I can suggest is that you check on the web for companies involved with recovery of passwords used for Zip

2.x encryption. Some sites that we are aware of are:

 

http://www.accessdata.com

http://www.elcomsoft.com

 

Please note that WinZip Computing did not create, and does not offer support for, or advice or recommendations regarding, any of the password recovery programs available from the above sites.

 

If your Zip file was encrypted using AES encryption, we know of no

reliable methods for recovering a lost password.

 

--Chuck Campbell, WinZip Technical Support

[Nerseus]

I would find it very odd indeed if WinZip's software had a "backdoor" that allowed breaking its password protection.

 

To speed up the password attacker, you can usually limit it to certain characters such as letters, numbers, and simple shift-numbers. That should greatly speed up the searching. You can also have it start with 8 chars and work up.

 

I wonder why you can't get the former employee to give up the password? Seems like you'd have grounds to threaten a lawsuit if he refuses to help solve the problem. Now if you just can't find him, that's another story.

 

-Nerseus

[sjn78]

Well, how secure are password protected Excel spreadsheets? Not very.

 

It is very easy to download a macro to break the password. And I assume databases would be the same.

 

I'm not saying your wrong, but look at the latest security risk from Microsoft. It seems there are ways around anything whether you are trying to find it or just happen to stumble across it.

[Sheppard]

WinZip Protection

 

Thanks for looking into that quahog. That was quicker than my IT Manager ! - Suppose you have time on your side by the end of my day in the Northern Hemisphere !!

 

Nerseus, the reason we need to crack these passwords is because the former employee has written batch files to sabotage the network. You are correct about the lawsuit, but this would take months and a lot of cash, both of which we don't have much of !!

 

We know the password is 8 charcters or greater, so we tried using lowercase and numbers only. This alone takes 5 days to run and we didn't have any luck. If he doesn't want the password to be cracked, I'm sure he has used uppercase and/or symbols. And who knows how long the password will be, I managed to input a 50 character password in an Excel sheet - that would take a lifetime to solve !

[Sheppard]

Apologies

 

Sorry quahog, thought you were Australian, not sjn78.

 

I suppose you still get a few hours after I go home though, in which case Good Morning dc.

[quahog]

Sheppard, I think I have about seven hours on you. I am part of the group who got sold by cwplc, so I am very used to working with people on a seven hour delay.

 

Good Morning, UK!

[iebidan]

Well, I had the same problem, and the solution was with the app created by El Com Soft (ww.elcomsoft.com)

 

try it

[Sheppard]

WinZip Protection

 

I have just visited the site, but they say there is no other method of cracking the password other than throwing passwords at it.

 

They claim to have the fastest software available at 15 Million passwords per second. Impressive.

 

But, we know the password is over 8 characters long. Assuming he has used upper and lower case characters and numbers this will still take 29 years at 15 Million per second !!!

 

I have e-mailed the company to check if there are any other methods, as they quote that :

 

 

Guaranteed decryption (usually, within the hour) of most WinZip archives (with 5+ encrypted files) is available; it works regardless the password complexity and length.

 

 

I don't think so ! :mad:

[Sheppard]

WinZip Protection

 

We have managed to find some un-encrypted files, which we then used to run a plain-text attack on the encryped archive.

 

This has given us the encryption KEY, but not managed to find the password. Does anyone know what this key tells us ?

[iebidan]

I can't understand what's the big deal of throwing 1,567,658 passwords to the file... don't want to make the file corrupt??? EASY, make a copy of it.

This looks like you're trying to hack a computer and you need to crack this files fast before they see what you're doing.

[Sheppard]

WinZip Protection

 

The

big deal

is the time it takes as mentioned several times earlier.

 

Which method did you use to crack yours ?

 

It must have been a short password if you used the 'Brute-Force' attack.

 

We have managed to crack one of the files by using the 'plain text' attack, which uses and un-encrypted file to unlock the encrypted file.

 

Xieve and Dictionary attack all appear useless. This isn't some amateur we are working with, he has spent a lot of effort to protect these files. And it is legal I assure you.