Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 17 Sep 2020 16:20:30 +0100
From: Jasper Jones <>
Subject: Re: cracking encrypted zip file

Apologies Alexander, I missed your email until just now.

Comments/answers in-line below.


On Wed, 16 Sep 2020 at 20:51, Solar Designer <> wrote:

> On Wed, Sep 16, 2020 at 06:47:10AM +0100, Jasper Jones wrote:
> > I got the following message when I started it:
> > "Warning: detected hash type "ZIP", but the string is also recognised as
> > "ZIP-opencl"
> > Use the "--form=ZIP-opencl" option to force loading these as that type
> > instead"
> >
> > Any issue with that?
> No, but you can in fact try this suggestion to possibly use your GPU for
> much speedup, if you do have a suitable GPU and driver installed.

No, I'm just using a laptop at the moment and don't have access to a PC
with GPU. At some stage (and if the current run isn't successful), I'll
look into what I need to set something like this up. There's enough
potentially at stake to make it worth spending some money on this.

> Then:

> "Using default input encoding: UTF8
> > Loaded 1 password hash (ZIP, WinZip, [PKDF2-SHA1 128/128 AVX 4x1)"
> >
> > Does that look right? The reference to PKDF2-SHA1 instead of AES concerns
> > me, but I appreciate that could just be my ignorance showing.
> You've already figured this out (great!), but we might want to revise
> this algorithm name string to also include AES.


> As to the error you were getting originally:
> > > That said, I'm still getting an error as well: "ver 5.1
> > > is not encrypted, or stored with non-handled
> > > compression type".
> It certainly looks like you have more than one file, or one file more
> than once, in that archive.  It might even be that you have the
> wallet.dat file in there in both encrypted and non-encrypted form.

I'm pretty sure there's just the one file in there. I definitely wouldn't
have encrypted it first and then zipped it. It was just zipped (using 7Zip)
with a password and AES256 encryption selected. There's also just the one
file - wallet.dat - listed when you open the archive.

Alternatively, we have a bug resulting in that spurious message.

I'll leave that to you to decide! :)

> > > I don't have zipinfo (I'm on Windows), but I could download a bootable
> > > Linux distribution if that would help.
> I guess you can get zipinfo on Windows if you install Cygwin.

Do you think it would help at this stage? Perhaps if the current run
doesn't work I can look into that and see whether it gives more info than
I've found so far.

> > > 7zip itself gives some info about the compressed file:
> > >
> > > - attributes: An
> > > - Encrypted: +
> > > - Method: AES-256 Deflate
> > >
> > > (There's some other stuff about file size, dates, etc, but  assume it's
> > > the encryption info that's needed?)
> Yes, and also the listing of files.  Does it show just one file?

Yes, just wallet.dat, once.

Thanks as always

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.