11

I've been running Access Data Password Recovery Toolkit (PRTK) on a bunch of encrypted archives (all zip files, I think they were encrypted with 7Zip AES-256) for a while and haven't had any hits. I decided to test if PRTK is working at all and made a simple AES-256 encrypted zip file with 7Zip.

The password was 'password' and I made a dictionary consisting of only the word 'password'. I turned off all the other dictionaries and every rule except for the 'dictionary primaries' rule and the 'as is' rule.

Surely enough the crack finished in less than a second and said that it didn't find anything.

Any ideas why this is happening? I feel like I've probably wasted the last couple of weeks trying to crack files that PRTK can't even crack.

David
  • 15,814
  • 3
  • 48
  • 73
Omegastick
  • 230
  • 2
  • 9
  • 2
    By default, the assumption is likely that a zip file uses ZipCrypto, not 7-Zip AES-256 encryption. Try renaming the file extension to *.7z and try cracking the test file again and see if it properly detects it. You could also try [a security wrench](https://xkcd.com/538/) :P – Dan Mar 22 '17 at 16:14
  • 2
    ZIP supports ZipCrypto, as well as two forms of AES encryption. Bit 06 of the general purpose flag in the header specifies "strong encryption", which is one of the forms of AES encryption (if it is unset, then ZipCrypto is used instead). The other form sets the compression method byte to 99 and puts encryption-related metadata in a new encrypted field. See the [file format](https://users.cs.jmu.edu/buchhofp/forensics/formats/pkzip.html) and an [article](https://en.wikipedia.org/wiki/ZIP_(file_format)#Strong_encryption_controversy) about the different AES-based encryption methods. – forest Dec 14 '17 at 08:21
  • Try using [Hashcat])(https://hashcat.net/hashcat/) instead – Anti-weakpasswords Jan 14 '18 at 07:39
  • @Omegastick Did you come up with a solution or did the comments help you in any way? If so, would you mind providing an answer yourself or editing this question? – Tom K. Feb 21 '18 at 13:05
  • @TomK. I never managed to crack that file specifically, but I managed to crack the test AES-256 archives I made. I'll add an answer. – Omegastick Feb 22 '18 at 01:27

1 Answers1

2

I never managed to crack the archive I wanted to, but John The Ripper can crack these AES-256 encrypted archives.

Omegastick
  • 230
  • 2
  • 9