Thanks! So 0 for uncompressed or 8 for compressed. That's useful to know.
No, there was no "type" info here. Just the info on the line I posted earlier.
I can see now why you're telling me to update zip2john. I thought I already had the latest version. I downloaded it from the official JTR website (john-1.9.0-jumbo-1-win64.zip). But it's a Windows binary, so there is that. (The more I mess around with hashes, HC and JTR, the more I learn I'm using the wrong OS for the job.)
I can confirm that my ZIP file was uncompressed and the zero type is an indication of that.
$pkzip2$1*1*2*0*c7*bb*77ed3c74*0*33*0*c7*77ed*aee0*712...*$/pkzip2$
As a side note, pasting the hash in has an unexpected result. Why is that? (Another case of using the wrong OS?)
17200 against hash file
Hashfile '.\hash.txt' on line 1 ($pkzip...d2f3432781e*$/pkzip2$): Hash contains unsupported compression type for current mode
No hashes loaded.
17210 against hash file
OK. Success!
17210 against paste
Hash'*1*2*0*c7*bb*77ed3c74*0*33*0*...': Signature unmatched
No hashes loaded.
The safest bet is to put the hash in a hash file, even if it's just a single hash.
I see now what "cmplen" and "decmplen" means. Thanks again! I almost had it, I suspected that "len" may mean length but I wasn't sure and I didn't get the first part of the cryptic label name. So "cmplen" is length when compressed, and "decmplen" is length when decompressed. Given your example I suppose "cmplen=6422, decmplen=19091" means 19091 bytes without compressed and 6422 bytes with compression.
No, there was no "type" info here. Just the info on the line I posted earlier.
I can see now why you're telling me to update zip2john. I thought I already had the latest version. I downloaded it from the official JTR website (john-1.9.0-jumbo-1-win64.zip). But it's a Windows binary, so there is that. (The more I mess around with hashes, HC and JTR, the more I learn I'm using the wrong OS for the job.)
I can confirm that my ZIP file was uncompressed and the zero type is an indication of that.
$pkzip2$1*1*2*0*c7*bb*77ed3c74*0*33*0*c7*77ed*aee0*712...*$/pkzip2$
As a side note, pasting the hash in has an unexpected result. Why is that? (Another case of using the wrong OS?)
17200 against hash file
Hashfile '.\hash.txt' on line 1 ($pkzip...d2f3432781e*$/pkzip2$): Hash contains unsupported compression type for current mode
No hashes loaded.
17210 against hash file
OK. Success!
17210 against paste
Hash'*1*2*0*c7*bb*77ed3c74*0*33*0*...': Signature unmatched
No hashes loaded.
The safest bet is to put the hash in a hash file, even if it's just a single hash.
I see now what "cmplen" and "decmplen" means. Thanks again! I almost had it, I suspected that "len" may mean length but I wasn't sure and I didn't get the first part of the cryptic label name. So "cmplen" is length when compressed, and "decmplen" is length when decompressed. Given your example I suppose "cmplen=6422, decmplen=19091" means 19091 bytes without compressed and 6422 bytes with compression.