Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <a8624921fd4264905af5c3e7ad6bce8a@smtp.hushmail.com>
Date: Thu, 3 Jun 2021 14:47:08 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: How does cracking pkzip2 files work?

On 2021-06-03 10:28, Matthias Braun wrote:
> After reading the description of zip2john's output in the source file (https://github.com/openwall/john/blob/bleeding-jumbo/src/zip2john.c), this is my current assumption: Since the archive doesn't contain the hash of the password used for encrypting, per default, JtR tries a wordlist to decrypt the data stored at the DA position in zip2john's output, runs CRC32 on the result and compares that checksum with the checksum stored at the CR position.
> 
> But in the case of cracking the password for a large file, I'd expect decryption to take quite a while, making each password guess costly.

You are basically correct.

> How does JtR crack pkzip2 archives?

First of all, zip2john simply picks the smallest file from the archive 
in order to minimize the work.  Sometimes there is no small file though.

Second trick: pkzip archives also include another, smaller, checksum 
(just 1 or 2 bytes) of a tiny part of the packed data of each file.  If 
that doesn't match, we can early reject.  But if it does match (and 
unfortunately a single byte checksum will *randomly* match in about 1 of 
256 cases) we do have to checksum the whole (potentially large) file.

So third trick in our bag is we collect several such smaller checksums 
(for up to 8 files), and require all of them to match before going on 
and calculate a whole-file CRC.  If the number of files is smaller, we 
may end up with less than 8 of course.  On a side note, theoretically 
the files in one archive may use different passwords and that 
invalidates this trick (in fact we'll probably get false negatives). 
That is fairly uncommon so by default we assume all have the same password.

So best case for us is an archive with 8 or more files, and at least one 
small file.  Worst case is an archive with only one, huge, file.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.