PeaZip PEA Archive Hash Extraction
#1
Lightbulb 
Does anyone have any experience or advice on extracting the hash and/or cracking .pea archive files?

First time I have had to dealt with one and thought that maybe it was just a special zip, rar or 7z type file however my usual methods for extracting the hash to crack with hashcat have failed.

Any advice from anyone that has dealt with them before would be greatly appreciated! Thx!!!
Reply
#2
(10-10-2021, 08:18 PM)13enzene Wrote: Does anyone have any experience or advice on extracting the hash and/or cracking .pea archive files?

First time I have had to dealt with one and thought that maybe it was just a special zip, rar or 7z type file however my usual methods for extracting the hash to crack with hashcat have failed.

Any advice from anyone that has dealt with them before would be greatly appreciated! Thx!!!

take a look at
https://peazip.github.io/pea-archiving-utility.html

it seems it has its own fileformat and different types for encrypting the password, if there is no tool in the JTR package which can handle .pea out of the box, i think extracting the hash will be something for a developer, and also im not quite sure whether these hash-combinations (triple) are supported by hahscat
Reply
#3
Ya, unfortunately none of the JTR modules seem to be pulling out any hashes for me. I was hopeful that it might be able to pull out something that I would be able to attack with some manipulation of the original archive but unfortunately, no joy. 

As per their documentation:
"PeaZip's native .pea file format, supporting AES, Serpent and Twofish (128 and 256 bit) EAX-mode authenticated encryption, enforcing cryptographically strong data secrecy and verifiable autenticity. Also, PEA format can use cascaded AES, Serpent and Twofish - all the data will be encrypted and authenticated by all the trhree cyphers."
https://peazip.github.io/encrypt-files.html

Unfortunately I just don't know enough to even start looking for where any of these would be located in the file. I guess the secondary problem, as you stated, would be if Hashcat could even deal with a 3 tiered system as outlined in the quote above...
Reply