Exhaustive password search

[geofjamg]

Hi,

I tried to recover a password from a key using the "-r 15 ?a" option, so I was expecting to only have a password with letters and numbers but the found password looks like to have strange characters:

as bytes: ****  b5 ab 10 d2  ******
as text: *****  ���   ****

Any idea what could be the problem?
Thanks!

[kimci86]

Hello,

The recovery algorithm is roughly to bruteforce the first n-6 bytes of the password (with n being the password length) and then reconstruct the last 6 bytes if possible. The charset is used to bruteforce the first (n-6) bytes. The ending bytes can have values out of the charset.
Making no assumption on the end has no impact on the computation cost, so I thought this would not be a problem.
However, there can be collisions (i.e. several passwords for the same internal keys). Maybe this happened here.
Another possibility is that the original password contains unicode characters encoded in UTF-8 or some other encoding that your terminal or font does not support.

Could you confirm that the first n-6 bytes are alphanumeric characters? Otherwise, it would be a bug.
Do you think the password could contain unicode characters?

[geofjamg]

I confirm that first n-6 bytes are alphanumeric characters.

The recovered password does not work (but the found key work, I tested to extract a file with bkcrack command). I think this is because the password cannot be encoded in UTF-8 and so on when the unzip try to recompute the key, the key is wrong.

password bytes -> string utf-8 -> password bytes does not give original bytes, so I don't think this is a problem of unicode characters in the password.

Is there a way to get all other possibly passwords for this key to check if there is another one that can be converted to UTF-8?

[kimci86]

I tested to extract a file with bkcrack command

bkcrack does not test data integrity when deciphering or changing the password.
To check that the internal keys are correct, you can:

• change the password: bkcrack -C <your_archive.zip> -k <the internal keys> -U new.zip newpassword
• then, run unzip -t new.zip or 7z t new.zip typing newpassword when prompted.

Is there a way to get all other possibly passwords for this key to check if there is another one that can be converted to UTF-8?

It is not implemented at the moment. I will hack something soon (hopefully this week-end).

[kimci86]

For the record, improvements to the password search algorithm are now available in version 1.6.0.

• Checking a found password uses only characters from the expected character set.
• Ability to run an exhaustive password search.
• Ability to pause and resume password search.