Problem with older ZIP file
#1
Hi!
A friend of mine has a e-learning software with a bug in printing option. The exe-file is about 700 mb, so I guessed, that the texts and images are compressed in it. I was right. Its a kind of ZIP-sfx.

I extracted that zip-part with zip -J file.exe. In that zip file are html-files and images with dates about 2011-2012.
7zip shows "ZipCrypto Deflate" and zip -v shows:

Quote:index.html

  offset of local header from start of archive:   809
                                                  (0000000000000329h) bytes
  file system or operating system of origin:      MS-DOS, OS/2 or NT FAT
  version of encoding software:                   2.0
  minimum file system compatibility required:     MS-DOS, OS/2 or NT FAT
  minimum software version required to extract:   2.0
  compression method:                             deflated
  compression sub-type (deflation):               normal
  file security status:                           encrypted
  extended local header:                          yes
  file last modified on (DOS date/time):          2012 Mar 19 18:33:22
  32-bit CRC value (hex):                         6f3ded1d
  compressed size:                                942 bytes
  uncompressed size:                              2652 bytes
  length of filename:                             10 characters
  length of extra field:                          0 bytes
  length of file comment:                         0 characters
  disk number on which file begins:               disk 1
  apparent file type:                             binary
  non-MSDOS external file attributes:             000000 hex
  MS-DOS file attributes (20 hex):                arc

  There is no file comment.

I could get a plaintext version of that file, this program used Internet Explorer Cache when running, but only some files are there, not all.

JTR shows this info and kind of hash:
ver 2.0 bz.zip->index.html PKZIP Encr: cmplen=942, decmplen=2652, crc=6F3DED1D
$pkzip2$3*1*1*0*8*24*1ccf*7dd5*......hex.....*$/pkzip2$
I gave it a try to crack, but after days, nothing.

I tried pkcrack too. I used this index.html plaintext file without success, maybe because of wrong filesize.
Index.html has 942 bytes compressed in the encrypted zip.
My plaintext zip has 915 bytes, same deflate normal settings.

Any ideas to get password?


Messages In This Thread
Problem with older ZIP file - by tri3 - 07-31-2018, 11:27 AM