ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/fcrackzip/fcrackzip.txt
Revision: 1.1
Committed: Mon Aug 4 07:09:51 2008 UTC (16 years, 3 months ago) by root
Content type: text/plain
Branch: MAIN
CVS Tags: HEAD
Log Message:
initial check-in, also 1.0 check-in

File Contents

# User Rev Content
1 root 1.1 FCRACKZIP(1) FCRACKZIP(1)
2    
3    
4    
5     NNAAMMEE
6     _f_c_r_a_c_k_z_i_p - a Free/Fast Zip Password Cracker
7    
8     SSYYNNOOPPSSIISS
9     ffccrraacckkzziipp [-bDBchVvplum2] [--brute-force] [--dictionary] [--benchmark]
10     [--charset characterset] [--help] [--validate] [--verbose] [--init-
11     password string/path] [--length min-max] [--use-unzip] [--method name]
12     [--modulo r/m] file...
13    
14     DDEESSCCRRIIPPTTIIOONN
15     _f_c_r_a_c_k_z_i_p searches each zipfile given for encrypted files and tries to
16     guess the password. All files must be encrypted with the same password,
17     the more files you provide, the better.
18    
19     OOPPTTIIOONNSS
20     --hh,, ----hheellpp
21     Prints the version number and (hopefully) some helpful insights.
22    
23     --vv,, ----vveerrbboossee
24     Each -v makes the program more verbose.
25    
26     --bb,, ----bbrruuttee--ffoorrccee
27     Select brute force mode. This tries all possible combinations of
28     the letters you specify.
29    
30     --DD,, ----ddiiccttiioonnaarryy
31     Select dictionary mode. In this mode, fcrackzip will read pass-
32     words from a file, which must contain one password per line and
33     should be alphabetically sorted (e.g. using ssoorrtt((11))).
34    
35     --cc,, ----cchhaarrsseett cchhaarraacctteerrsseett--ssppeecciiffiiccaattiioonn
36     Select the characters to use in brute-force cracking. Must be
37     one of
38    
39     a include all lowercase characters [a-z]
40     A include all uppercase characters [A-Z]
41     1 include the digits [0-9]
42     ! include [!:$%&/()=?{[]}+*~#]
43     : the following characters upto the end of the spe-
44     cification string are included in the character set.
45     This way you can include any character except binary
46     null (at least under unix).
47    
48     For example, a1:$% selects lowercase characters, digits and the
49     dollar and percent signs.
50    
51     --pp,, ----iinniitt--ppaasssswwoorrdd ssttrriinngg
52     Set initial (starting) password for brute-force searching to
53     _s_t_r_i_n_g, or use the file with the name _s_t_r_i_n_g to supply passwords
54     for dictionary searching.
55    
56     --ll,, ----lleennggtthh mmiinn[[--mmaaxx]]
57     Use an initial password of length min, and check all passwords
58     upto passwords of length max (including). You can omit the max
59     parameter.
60    
61     --uu,, ----uussee--uunnzziipp
62     Try to decompress the first file by calling unzip with the
63     guessed password. This weeds out false positives when not enough
64     files have been given.
65    
66     --mm,, ----mmeetthhoodd nnaammee
67     Use method number "name" instead of the default cracking method.
68     The switch ----hheellpp will print a list of available methods. Use
69     ----bbeenncchhmmaarrkk to see which method does perform best on your
70     machine. The nnaammee can also be the number of the method to use.
71    
72     --22,, ----mmoodduulloo rr//mm
73     Calculate only r/m of the password. Not yet supported.
74    
75     --BB,, ----bbeenncchhmmaarrkk
76     Make a small benchmark, the output is nearly meaningless.
77    
78     --VV,, ----vvaalliiddaattee
79     Make some basic checks wether the cracker works.
80    
81     ZZIIPP PPAASSSSWWOORRDD BBAASSIICCSS
82     Have you ever mis-typed a password for unzip? Unzip reacted pretty fast
83     with ´incorrect password´, _w_i_t_h_o_u_t decrypting the whole file. While the
84     encryption algorithm used by zip is relatively secure, PK made cracking
85     easy by providing hooks for very fast password-checking, directly in
86     the zip file. Understanding these is crucial to zip password cracking:
87    
88     For each password that is tried, the first twelve bytes of the file are
89     decrypted. Depending on the version of zip used to encrypt the file
90     (more on that later), the first ten or eleven bytes are random, fol-
91     lowed by one or two bytes whose values are stored elsewhere in the zip
92     file, i.e. are known beforehand. If these last bytes don't have the
93     correct (known) value, the password is definitely wrong. If the bytes
94     are correct, the password _m_i_g_h_t be correct, but the only method to find
95     out is to unzip the file and compare the uncompressed length and crc´s.
96    
97     Earlier versions of pkzip (1.xx) (and, incidentally, many zip clones
98     for other operating systems!) stored two known bytes. Thus the error
99     rate was roughly 1/2^16 = 0.01%. PKWARE ´improved´ (interesting what
100     industry calls improved) the security of their format by only including
101     one byte, so the possibility of false passwords is now raised to 0.4%.
102     Unfortunately, there is no real way to distinguish one byte from two
103     byte formats, so we have to be conservative.
104    
105     BBRRUUTTEE FFOORRCCEE MMOODDEE
106     By default, brute force starts at the given starting password, and suc-
107     cessively tries all combinations until they are exhausted, printing all
108     passwords that it detects, together with a rough correctness indicator.
109    
110     The starting password given by the _-_p switch determines the length.
111     fcrackzip will not currently increase the password length automati-
112     cally, unless the _-_l switch is used.
113    
114     DDIICCTTIIOONNAARRYY MMOODDEE
115     This mode is similar to brute force mode, but instead of generating
116     passwords using a given set of characters and a length, the passwords
117     will be read from a file that you have to specify using the _-_p switch.
118    
119     CCPP MMAASSKK
120     A CP mask is a method to obscure images or parts of images using a
121     password. These obscured images can be restored even when saved as
122     JPEG files. In most of these files the password is actually hidden and
123     can be decoded easily (using one of the many available viewer and mask-
124     ing programs, e.g. xv). If you convert the image the password, however,
125     is lost. The ccppmmaasskk crack method can be used to brute-force these
126     images. Instead of a zip file you supply the obscured part (and nothing
127     else) of the image in the PPPPMM-Image Format (xxvv and other viewers can
128     easily do this).
129    
130     The ccppmmaasskk method can only cope with password composed of uppercase
131     letters, so be sure to supply the ----cchhaarrsseett AA or equivalent option,
132     together with a suitable initialization password.
133    
134     EEXXAAMMPPLLEESS
135     ffccrraacckkzziipp --cc aa --pp aaaaaaaaaaaa ssaammppllee..zziipp
136     checks the encrypted files in sample.zip for all lowercase 6
137     character passwords (aaaaaa ... abaaba ... ghfgrg ... zzzzzz).
138    
139     ffccrraacckkzziipp ----mmeetthhoodd ccppmmaasskk ----cchhaarrsseett AA ----iinniitt AAAAAAAA tteesstt..ppppmm
140     checks the obscured image tteesstt..ppppmm for all four character pass-
141     words. -TP ffccrraacckkzziipp --DD --pp ppaasssswwoorrddss..ttxxtt ssaammppllee..zziipp check for
142     every password listed in the file ppaasssswwoorrddss..ttxxtt.
143    
144     PPEERRFFOORRMMAANNCCEE
145     _f_z_c, which seems to be widely used as a fast password cracker, claims
146     to make 204570 checks per second on my machine (measured under plain
147     dos w/o memory manager).
148    
149     _f_c_r_a_c_k_z_i_p, being written in C and not in assembler, naturally is
150     slower. Measured on a slightly loaded unix (same machine), it´s 12 per-
151     cent slower (the compiler used was _p_g_c_c, from hhttttpp::////wwwwww..ggcccc..mmll..oorrgg//).
152    
153     To remedy this a bit, I converted small parts of the encryption core to
154     x86 assembler (it will still compile on non x86 machines), and now it´s
155     about 4-12 percent faster than _f_z_c (again, the _f_c_r_a_c_k_z_i_p performance
156     was measured under a multitasking os, so there are inevitably some
157     meaurement errors), so there shouldn't be a tempting reason to switch
158     to other programs.
159    
160     Further improvements are definitely possible: _f_z_c took 4 years to get
161     into shape, while fcrackzip was hacked together in under 10 hours. And
162     not to forget you have the source, while other programs (like _f_z_c),
163     even come as an _e_n_c_r_y_p_t_e_d _._e_x_e file (maybe because their programmers
164     are afraid of other people could having a look at their lack of pro-
165     gramming skills? nobody knows...)
166    
167     RRAATTIIOONNAALLEE
168     The reason I wrote _f_c_r_a_c_k_z_i_p was NNOOTT to have the fastest zip cracker
169     available, but to provide a _p_o_r_t_a_b_l_e, _f_r_e_e (thus _e_x_t_e_n_s_i_b_l_e), but still
170     _f_a_s_t zip password cracker. I was really pissed of with that dumb,
171     nonextendable zipcrackers that were either slow, were too limited, or
172     wouldn't run in the background (say, under unix). (And you can't run
173     them on your superfast 600Mhz Alpha).
174    
175     BBUUGGSS
176     No automatic unzip checking.
177    
178     Stop/resume facility is missing.
179    
180     Should be able to distinguish between files with 16 bit stored CRC´s
181     and 8 bit stored CRC´s.
182    
183     The benchmark does not work on all systems.
184    
185     It's still early alpha.
186    
187     Method "cpmask" only accepts ppms.
188    
189     Could be faster.
190    
191     AAUUTTHHOORR
192     _f_c_r_a_c_k_z_i_p was written by Marc Lehmann <pcg@goof.com>. The main
193     _f_c_r_a_c_k_z_i_p page is at hhttttpp::////wwwwww..ggooooff..ccoomm//ppccgg//mmaarrcc//ffccrraacckkzziipp..hhttmmll)
194    
195    
196    
197    
198     Free/Fast Zip Password Cracker FCRACKZIP(1)