PDA

View Full Version : Zip Protection Question?


foxthree
August 11th, 2002, 18:51
Hiya Mike and others:

I know that there was a detailed thread on ZIP Password protection and stuff and Mike, I read through your paper. However, one question intrigues me:

Say I have a zip file and I know a part of the password. I just don't know the length of the password and whether this "crib" occurs in that password. Can I exploit this information somehow?

To be clear:

Say I have a zip: ultrasecret.zip and I know that the contents of the zip file have been protected with a password that contains the word: "hallow". I don't know the exact length of the password and neither where the word occurs in the password. For instance, the password may be "shallow" or "hallowed" Get it?

Can I exploit this information some how and reduce my search space?

The first idea I can think of is to write some fuzzifier that would create all possible strings at a specified length which contains the words "hallow" and attempt a dictionary attack. But anything else other than this?

Thanks for your time and research folks,

Signed,
-- FoxThree

Ummm and one more thing:

Mike: Pls refer to:
http://www.woodmann.net/forum/showthread.php?s=&threadid=1965&highlight=accessdata

In which you've mentioned about an essay posted on Fraiva in March. Do you still have it and can you upload it if you have it? I hope this is different from the one that I found on your website? Also, I'm currently going through Biham/Kochers' paper on ZIP Plaintext attack. Pretty interesting

foxthree
August 13th, 2002, 07:08
Mike:

Any responses ???

Signed,
-- FoxThree

mike
August 14th, 2002, 15:20
Sorry, didn't read the board yesterday.

http://www.woodmann.net/fravia/mike_zipattacks.htm

is the paper; it's almost identical to the one on my site. There are three ways to attack a zip file: dictionary, my attack for winzip-like zippers, and Kocher's attack for all zippers.

You know how a dictionary attack works.

Both my attack and kocher's attack try to figure out what the internal state of the cipher is *AFTER* the password has been mixed in. Basically, mine uses the broken PRNG to get known plaintext, and Kocher uses known plaintext that you give it.

So our attacks don't care what password you use, and can't do anything with information about it. I think some of the commercial zip crackers have custom settings where you can configure the words that it generates--your "fuzzifier."

My attack can tell you within a few seconds whether it will work or not: it looks to see if you have five or six files in the archive that were all added at once.

foxthree
August 15th, 2002, 08:38
Hi Mike:

I just now decrypted an encrypted archive using Guaranteed Zip Recovery algorithm (ARCHPRs' after unpaxing and regging it ). However, the funny thing was that my test archive gave me the actual password itself. But the actual archive only got me the three 32-bit keys. It said it couldn't find the actual password used to encrypt the files.

Anywayz, the archive is decrypted and that's what matters. But just curious? Any ideas why it couldn't find the acutal password?

BTW, this board OwnZ elc****** ...

Signed,
-- FoxThree

mike
August 15th, 2002, 22:21
For a detailed explanation, look at biham & kocher's paper. In a nutshell, it's that there are three checksums of the password involved (thus three 'keys') and all three have to match to decrypt right. If you can figure out the checksums instead of the password, you can decrypt. The problem is finding the password given the initial states and final states of the checksums. It's basically brute-force, but you get 4 characters free.