
Found a 16y old password protected Zip file with my mIRC logs - lampzzy
While checking some really old CDs I found a password protected zip file with my mIRC logs from the year 2000. Since then my passwords changed a few times so I have no idea how many characters or which characters I used to protect the zip file. I already tried to brute force using 4-7 characters but no success. Any ideas to crack this are welcome.
======
howlett
If it's from 2000 and they were created using WinZip up to v8.0, you can use
the Passware Kit and the SureZip recovery as per
[http://www.lostpassword.com/attacks.htm#surezip](http://www.lostpassword.com/attacks.htm#surezip)

> SureZip attack decrypts Zip archives created with WinZip version 8.0 and
> earlier in less than an hour regardless of password used to protect it. At
> least 5 simultaneously encrypted files are required in order to process the
> archive. Archives created with WinZip are supported.

I used this when it first came out and even with a 60-char password, if there
were more than 5 files it could extract them within an hour (sometimes less
than 5 minutes).

------
baruch
You have either brute force with more characters or if you have a file in
there with a known content there is a known-plaintext attack on zip
encryption. I've used it once and it worked nicely but it's rather tricky to
find another file with the exact same content for this.

~~~
lampzzy
wow! this is a good one! The Zip contains not only the logs but all the files
that were part of the mIRC application (executable, config, etc). Maybe I'll
try to find some old config files and explore this option.

~~~
baruch
The utility I used is PkCrack: [https://www.unix-ag.uni-
kl.de/~conrad/krypto/pkcrack.html](https://www.unix-ag.uni-
kl.de/~conrad/krypto/pkcrack.html)

------
4e1a
I would research as to what cipher was used in zip files back then and see if
it is currently defeatable, like RC4 or AES with bad padding, and then work
through the cryptopals.com problems and see if any of this applies to the zip
file.

~~~
lampzzy
I'm not a cryptography guy myself but thanks for the tip - still on time to
learn a few things!

------
gt565k
There was some post about using a CUDA program with your GPU to brute force
zip passwords, but can't find anything with a quick google search.

Try this though

[http://www.crark.net/](http://www.crark.net/)

~~~
lampzzy
will def look at this as it was in my plans to use some aws gpu instances for
a couple of days.

------
smlacy
fcrackzip?

[https://github.com/hyc/fcrackzip](https://github.com/hyc/fcrackzip)

~~~
lampzzy
thanks. that's what I've been using so far but no success.

------
echolima
Are you going to post what you find?

~~~
lampzzy
not sure if I will find something that interesting for the cmmunity

