Zip Password Recovery with FCrackZip

Is this really a password recovery tool, or is it a tool for hacking one’s way past PDF password protection?

It is possible to password protect zip files to prevent unauthorized access to the files they contain. Only problem is: If you forget the zip password, you cannot access the files either. A friend of mine recently contacted me with the problem. He had zipped important files a few years ago and used a password to protect them. He tried to open the zip file recently and failed, because he could not remember the password that he used to protect them when he created the zip file.

When you research zip password recovery topics on the Internet you get loads of commercial products, but barely any free products that are updated regularly. There may be some deeply hidden on the web but those that you find on the first pages of the search results are usually commercial programs.

Two programs that I found are FCrackZip which was last updated in 2008, and RarCrack which was last updated in 2011. FCrackZip is offered for multiple operating systems including Windows, RarCrack only for Linux.

The second program has the advantage that it can not only recovery zip passwords but also rar and 7z passwords.

Both programs are command line utilities that use brute forcing to try all possible character combinations until they find the correct password.

It needs to be noted that it is not reasonable to try and recover a password with more than six characters. Why? Because it could take years on a single computer system until the password is recovered. That said, if you fail to include a particular character used in the password in the recovery attempt you may not succeed with the recovery even if you let it run months or even years.

FCrackZip

Download and unpack the Windows version of the program. You find information about all command line parameters at the developer homepage.

You need to open the command line first to run the program. Use the keyboard shortcut Windows-r to bring up the run box. Enter cmd and hit the return key afterwards. I suggest you place the zip with a password in the same directory as the recovery tool for easy of use. Navigate to that folder and use a command like

fcrackzip -c a -p aaaaaa sample.zip

to start the recovery process. This command will try all lowercase six letter passwords on the zip file sample.zip. Commands are available to specify a minimum or maximum password length, include character sets like digits, special characters or custom characters or use a dictionary method to recover the password.

zip password recovery

The Windows version does not support all commands of the Linux version. It is for instance not possible to run a benchmark.

Rarcrack

This is a Linux tool, a readme file is included with the program. The program supports multiple threads to speed up the recovery. How does it work? The basic command is

rarcrack sample.zip –threads –type

Rarcrack uses an XML file that displays the characters used in the brute force attempt. There are not any options currently to limit the length of the passwords to try, but you can modify the currently tested password to start for instance with four characters immediately.

The XML file is created after the first run, so run it to generate the file and then edit it to suit your needs.



0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
1111

Closing Words

The chance of success is slim, and it decreases with every additional character of the password up to a point where it does not make sense anymore to try and recover the password. It can however be extremely helpful if you remember part of the password, or a length range.


© Martin Brinkmann for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. |
Permalink |
Add to
del.icio.us,
digg,
facebook,
reddit,
twitter

Post tags: , , , ,

Link to Original Content

Tags: , , , ,

Comments are closed.