Zip File Cracker

This project is a tool to crack password-protected compressed files (zip, 7z, rar, tar) using dictionary attacks, brute force attacks, and concurrent attacks.

Setup Development Environment

1. Clone the Repository

   git clone <repository_url>
   cd Zip-Cracker

2. Install Dependencies Ensure you have Python installed. Then, install the required Python packages:

   pip install py7zr rarfile tqdm

3. Download Dictionaries Run the install.py script to download the dictionary files:

   python install.py

4. Create a Test Zip File Create a test zip file with a simple password:

   echo "This is a test file." > test.txt
   zip -e test.zip test.txt

   Enter a password when prompted (e.g., test).

Usage

Verify File Type

To verify if a file is a supported compressed file:

python src/verify_file.py <file_path>

Dictionary Attack

To perform a dictionary attack:

python src/dictionary_attack.py <file_path> <dictionary_file>

Brute Force Attack

To perform a brute force attack:

python src/brute_force_attack.py <file_path> <min_len> <max_len>

Concurrent Attack

To perform a concurrent attack:

python src/concurrent_attack.py <file_path> <min_len> <max_len>

Running the Main Script

The main script will automatically detect compressed files in the script's directory and attempt to crack them using dictionary, brute force, and concurrent attacks.

python main.py

Advanced Features

• Check Nested Compressed Files: The tool can check if the contents of a file are another encrypted compressed file and crack that if necessary.

File Descriptions

• main.py: The main script to run the tool.
• auto_cracker.py: An alternative main script with similar functionality.
• src/verify_file.py: Script to verify the type of a compressed file.
• src/dictionary_attack.py: Script to perform a dictionary attack.
• src/brute_force_attack.py: Script to perform a brute force attack.
• src/concurrent_attack.py: Script to perform a concurrent attack.
• src/log_result.py: Utility to log the results of the attacks.
• src/file_utils.py: Utility functions to check file types.

Example

1. Verify File Type

   python src/verify_file.py test.zip

2. Dictionary Attack

   python src/dictionary_attack.py test.zip dictionaries/realhuman_phill.txt

3. Brute Force Attack

   python src/brute_force_attack.py test.zip 1 4

4. Concurrent Attack

   python src/concurrent_attack.py test.zip 1 4

5. Run Main Script

   python main.py

Notes

• Ensure the dictionary file is available in the specified path.
• The results of the attacks will be logged in passwords.md in the script's directory.

---

The Challenge - Building a Zip File Cracker

In this coding challenge we’re going to build a tool to ‘crack’ an encrypted zip file.

Step Zero

In many programming languages we index arrays from zero onwards. Coding Challenges is the same, we start with Step 0. It’s the step where you setup your IDE / editor of choice and programming language of choice.

This is a great challenge to complete in a language like C, C++, Rust or Go so you can build a concurrent cracker. Though it’s perfectly possible to do it in languages like PHP, Python or JavaScript. The choice is yours!

After you’ve setup your development environment create a test zip file like so:

% export LC_CTYPE=C
% cat /dev/urandom | tr -dc '[:alpha:]' | fold -w ${1:-1000} | head -n 1 > cc.txt
challenge-zip-cracker
% zip -e cctest.zip cc.txt

Enter a password when prompted. For now use the simple password ‘test’.

Step 1

In this step your goal is to verify the file is a zip file. The simplest way to do this is to check the headers match those of a zip file. You can do that by reading the headers and checking they match those detailed here.

If you remember back to the build your own xxd coding challenge we could use xxd to inspect the file and see the headers too:

% xxd -l64 cctest.zip
00000000: 504b 0304 1400 0900 0800 0e81 dc58 09a9  PK...........X..
00000010: b5ad f602 0000 e903 0000 0600 1c00 6363  ..............cc
00000020: 2e74 7874 5554 0900 03ec d17e 66ee d17e  .txtUT.....~f..~
00000030: 6675 780b 0001 04f5 0100 0004 1400 0000  fux.............

Another key thing to notice here is that even though the file is “encrypted” the metadata is not - we can see the filename: cc.txt.

Your program should do something like this:

% cczipcrack cctest.zip
Has zip headers.
% cczipcrack cc.txt
Does not have zip headers.

Step 2

In this step your goal is to conduct a dictionary attack. This type of attach is explained in the build your own password cracker coding challenge. To do this step grab a password list from CrackStation here. Grab the Smaller Wordlist for now.

Then attempt to decrypt the zip file with every word in the dictionary. Print out the correct password when you find it. You could implement the full zip encryption specification or just use a library for your programming language.

% cczipcrack -dict cctest.zip
Password found: test

Step 3

In this step your goal is to try all combinations of valid chars up to a certain length. This is a brute force attack. Usually dictionary attacks are tried before brute force attacks as most passwords are real words and many of them are found in the widely available password dictionaries.

Add support in your zip password cracker for brute forcing the password, allow the user to specify a min and max length of the password then generate all combinations of the allowable password characters.

% cczipcrack -brute -min=1 -max=4 cctest.zip
Password found: test

Step 4

In this step your goal is to check concurrently. Modern CPUs have multiple cores so we should be able to test more passwords by using multiple threads, thereby cracking the password in less time.

Going Further this challenge create one thread per CPU core on the machine on which the cracker is running.