~ubuntu-branches/ubuntu/gutsy/fcrackzip/gutsy

« back to all changes in this revision

Viewing changes to fcrackzip.txt

Committer: Bazaar Package Importer
Author(s): Francesco Donadon
Date: 2004-04-10 16:06:44 UTC
Revision ID: james.westby@ubuntu.com-20040410160644-62fhunfljlja82v3

Tags: upstream-0.3

Import upstream version 0.3

files added:

AUTHORS

COPYING

ChangeLog

INSTALL

Makefile.am

Makefile.in

NEWS

README

THANKS

TODO

aclocal.m4

config.h.in

configure

configure.in

cpmask.c

crack.c

crack.h

crackdef.c

crc32.h

depcomp

fcrackzip.1

fcrackzip.html

fcrackzip.txt

gencrack.pl

getopt.c

getopt.h

getopt1.c

install-sh

main.c

missing

mkinstalldirs

noradi.zip

zipcrack.c

zipinfo.c

Show diffs side-by-side

added added

removed removed

fcrackzip.txt

FCRACKZIP(1) FCRACKZIP(1)

NNAAMMEE

_f_c_r_a_c_k_z_i_p - a Free/Fast Zip Password Cracker

SSYYNNOOPPSSIISS

ffccrraacckkzziipp [-bDBchVvplum2] [--brute-force] [--dictionary] [--benchmark]

[--charset characterset] [--help] [--validate] [--verbose] [--init-

password string/path] [--length min-max] [--use-unzip] [--method name]

[--modulo r/m] file...

DDEESSCCRRIIPPTTIIOONN

_f_c_r_a_c_k_z_i_p searches each zipfile given for encrypted files and tries to

guess the password. All files must be encrypted with the same password,

the more files you provide, the better.

OOPPTTIIOONNSS

--hh,, ----hheellpp

Prints the version number and (hopefully) some helpful insights.

--vv,, ----vveerrbboossee

Each -v makes the program more verbose.

--bb,, ----bbrruuttee--ffoorrccee

Select brute force mode. This tries all possible combinations of

the letters you specify.

--DD,, ----ddiiccttiioonnaarryy

Select dictionary mode. In this mode, fcrackzip will read pass-

words from a file, which must contain one password per line and

should be alphabetically sorted (e.g. using ssoorrtt((11))).

--cc,, ----cchhaarrsseett cchhaarraacctteerrsseett--ssppeecciiffiiccaattiioonn

Select the characters to use in brute-force cracking. Must be

one of

a include all lowercase characters [a-z]

A include all uppercase characters [A-Z]

1 include the digits [0-9]

! include [!:$%&/()=?{[]}+*~#]

: the following characters upto the end of the spe-

cification string are included in the character set.

This way you can include any character except binary

null (at least under unix).

For example, a1:$% selects lowercase characters, digits and the

dollar and percent signs.

--pp,, ----iinniitt--ppaasssswwoorrdd ssttrriinngg

Set initial (starting) password for brute-force searching to

_s_t_r_i_n_g, or use the file with the name _s_t_r_i_n_g to supply passwords

for dictionary searching.

--ll,, ----lleennggtthh mmiinn[[--mmaaxx]]

Use an initial password of length min, and check all passwords

upto passwords of length max (including). You can omit the max

parameter.

--uu,, ----uussee--uunnzziipp

Try to decompress the first file by calling unzip with the

guessed password. This weeds out false positives when not enough

files have been given.

--mm,, ----mmeetthhoodd nnaammee

Use method number "name" instead of the default cracking method.

The switch ----hheellpp will print a list of available methods. Use

----bbeenncchhmmaarrkk to see which method does perform best on your

machine. The nnaammee can also be the number of the method to use.

--22,, ----mmoodduulloo rr//mm

Calculate only r/m of the password. Not yet supported.

--BB,, ----bbeenncchhmmaarrkk

Make a small benchmark, the output is nearly meaningless.

--VV,, ----vvaalliiddaattee

Make some basic checks wether the cracker works.

ZZIIPP PPAASSSSWWOORRDD BBAASSIICCSS

Have you ever mis-typed a password for unzip? Unzip reacted pretty fast

with �incorrect password�, _w_i_t_h_o_u_t decrypting the whole file. While the

encryption algorithm used by zip is relatively secure, PK made cracking

easy by providing hooks for very fast password-checking, directly in

the zip file. Understanding these is crucial to zip password cracking:

For each password that is tried, the first twelve bytes of the file are

decrypted. Depending on the version of zip used to encrypt the file

(more on that later), the first ten or eleven bytes are random, fol-

lowed by one or two bytes whose values are stored elsewhere in the zip

file, i.e. are known beforehand. If these last bytes don't have the

correct (known) value, the password is definitely wrong. If the bytes

are correct, the password _m_i_g_h_t be correct, but the only method to find

out is to unzip the file and compare the uncompressed length and crc�s.

Earlier versions of pkzip (1.xx) (and, incidentally, many zip clones

for other operating systems!) stored two known bytes. Thus the error

rate was roughly 1/2^16 = 0.01%. PKWARE �improved� (interesting what

100

industry calls improved) the security of their format by only including

101

one byte, so the possibility of false passwords is now raised to 0.4%.

102

Unfortunately, there is no real way to distinguish one byte from two

103

byte formats, so we have to be conservative.

104

105

BBRRUUTTEE FFOORRCCEE MMOODDEE

106

By default, brute force starts at the given starting password, and suc-

107

cessively tries all combinations until they are exhausted, printing all

108

passwords that it detects, together with a rough correctness indicator.

109

110

The starting password given by the _-_p switch determines the length.

111

fcrackzip will not currently increase the password length automati-

112

cally, unless the _-_l switch is used.

113

114

DDIICCTTIIOONNAARRYY MMOODDEE

115

This mode is similar to brute force mode, but instead of generating

116

passwords using a given set of characters and a length, the passwords

117

will be read from a file that you have to specify using the _-_p switch.

118

119

CCPP MMAASSKK

120

A CP mask is a method to obscure images or parts of images using a

121

password. These obscured images can be restored even when saved as

122

JPEG files. In most of these files the password is actually hidden and

123

can be decoded easily (using one of the many available viewer and mask-

124

ing programs, e.g. xv). If you convert the image the password, however,

125

is lost. The ccppmmaasskk crack method can be used to brute-force these

126

images. Instead of a zip file you supply the obscured part (and nothing

127

else) of the image in the PPPPMM-Image Format (xxvv and other viewers can

128

easily do this).

129

130

The ccppmmaasskk method can only cope with password composed of uppercase

131

letters, so be sure to supply the ----cchhaarrsseett AA or equivalent option,

132

together with a suitable initialization password.

133

134

EEXXAAMMPPLLEESS

135

ffccrraacckkzziipp --cc aa --pp aaaaaaaaaaaa ssaammppllee..zziipp

136

checks the encrypted files in sample.zip for all lowercase 6

137

character passwords (aaaaaa ... abaaba ... ghfgrg ... zzzzzz).

138

139

ffccrraacckkzziipp ----mmeetthhoodd ccppmmaasskk ----cchhaarrsseett AA ----iinniitt AAAAAAAA tteesstt..ppppmm

140

checks the obscured image tteesstt..ppppmm for all four character pass-

141

words. -TP ffccrraacckkzziipp --DD --pp ppaasssswwoorrddss..ttxxtt ssaammppllee..zziipp check for

142

every password listed in the file ppaasssswwoorrddss..ttxxtt.

143

144

PPEERRFFOORRMMAANNCCEE

145

_f_z_c, which seems to be widely used as a fast password cracker, claims

146

to make 204570 checks per second on my machine (measured under plain

147

dos w/o memory manager).

148

149

_f_c_r_a_c_k_z_i_p, being written in C and not in assembler, naturally is

150

slower. Measured on a slightly loaded unix (same machine), it�s 12 per-

151

cent slower (the compiler used was _p_g_c_c, from hhttttpp::////wwwwww..ggcccc..mmll..oorrgg//).

152

153

To remedy this a bit, I converted small parts of the encryption core to

154

x86 assembler (it will still compile on non x86 machines), and now it�s

155

about 4-12 percent faster than _f_z_c (again, the _f_c_r_a_c_k_z_i_p performance

156

was measured under a multitasking os, so there are inevitably some

157

meaurement errors), so there shouldn't be a tempting reason to switch

158

to other programs.

159

160

Further improvements are definitely possible: _f_z_c took 4 years to get

161

into shape, while fcrackzip was hacked together in under 10 hours. And

162

not to forget you have the source, while other programs (like _f_z_c),

163

even come as an _e_n_c_r_y_p_t_e_d _._e_x_e file (maybe because their programmers

164

are afraid of other people could having a look at their lack of pro-

165

gramming skills? nobody knows...)

166

167

RRAATTIIOONNAALLEE

168

The reason I wrote _f_c_r_a_c_k_z_i_p was NNOOTT to have the fastest zip cracker

169

available, but to provide a _p_o_r_t_a_b_l_e, _f_r_e_e (thus _e_x_t_e_n_s_i_b_l_e), but still

170

_f_a_s_t zip password cracker. I was really pissed of with that dumb,

171

nonextendable zipcrackers that were either slow, were too limited, or

172

wouldn't run in the background (say, under unix). (And you can't run

173

them on your superfast 600Mhz Alpha).

174

175

BBUUGGSS

176

No automatic unzip checking.

177

178

Stop/resume facility is missing.

179

180

Should be able to distinguish between files with 16 bit stored CRC�s

181

and 8 bit stored CRC�s.

182

183

The benchmark does not work on all systems.

184

185

It's still early alpha.

186

187

Method "cpmask" only accepts ppms.

188

189

Could be faster.

190

191

AAUUTTHHOORR

192

_f_c_r_a_c_k_z_i_p was written by Marc Lehmann <pcg@goof.com>. The main

193

_f_c_r_a_c_k_z_i_p page is at hhttttpp::////wwwwww..ggooooff..ccoomm//ppccgg//mmaarrcc//ffccrraacckkzziipp..hhttmmll)

194

195

196

197

198

Free/Fast Zip Password Cracker FCRACKZIP(1)

Older »