Chinese zip archive...
#1
Wink 
Hi all. Im' new in the world of cracking password and i'm about to crack a PKZIP archive.

The archive contains a chinese "firmware" ( the device in question is a BMW linux based digital speedometer ), so may be firmware is not the right definition...

I don't know if i can add a link for the product in question, and or the archive files, for your interest purely. 1 of two archives file added so you can "see" it.

Anyway, the archive seems to be:

zip2john
ver 2.0 efh 5455 efh 7875 dashboard.zip/dashboard/fex-orig/boot_package.fex PKZIP Encr: 2b chk, TS_chk, cmplen=687558, decmplen=1261568, crc=8058C8C7

zipinfo -v

  dashboard/usr/sbin/avahi-daemon

  offset of local header from start of archive:    688037 (000A7FA5h) bytes
  file system or operating system of origin:        Unix
  version of encoding software:                    3.0
  minimum file system compatibility required:      MS-DOS, OS/2 or NT FAT
  minimum software version required to extract:    2.0
  compression method:                              deflated
  compression sub-type (deflation):                fast
  file security status:                            encrypted
  extended local header:                            yes
  file last modified on (DOS date/time):            2021 Sep 11 14:53:54
  file last modified on (UT extra field modtime):  2021 Sep 11 08:53:54 local
  file last modified on (UT extra field modtime):  2021 Sep 11 06:53:54 UTC
  32-bit CRC value (hex):                          a0396e20
  compressed size:                                  41780 bytes
  uncompressed size:                                106424 bytes
  length of filename:                              31 characters
  length of extra field:                            24 bytes
  length of file comment:                          0 characters
  disk number on which file begins:                disk 1
  apparent file type:                              binary
  Unix file attributes (100775 octal):              -rwxrwxr-x
  MS-DOS file attributes (00 hex):                  none

And here i can see the zip file structure info:  pkware.cachefly.net/webdocs/APPNOTE/APPNOTE-6.3.9.TXT

so i have used the option 17220 | PKZIP (Compressed Multi-File), a pure brute force attack, non mask, no nothing.

I know hashcat can crack the hash becouse i have test it by using the hash sample from the site...

So the question is, the character set... ascii 8 bit, unicode 16 bit. This is a chinese password protected archive, i have to add something to the hashcat command to be able to crack this archive ? Hashcat is currently running on my PC ( GeForce RTX 3060 Laptop GPU ):

Session..........: 2023-10-28
Status...........: Running
Hash.Mode........: 17220 (PKZIP (Compressed Multi-File))
Hash.Target......: $pkzip2$8*2*1*0*8*24*9127*75a4*754735560d58ecacde71...kzip2$
Time.Started.....: Thu Nov 02 19:14:57 2023 (1 day, 14 hours)
Time.Estimated...: Fri Nov 10 07:37:28 2023 (5 days, 21 hours)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?1?2?2?2?2?2?2?3 [8]
Guess.Charset....: -1 ?l?d?u, -2 ?l?d, -3 ?l?d*!$@_, -4 Undefined
Guess.Queue......: 6/8 (75.00%)
Speed.#1.........:  5379.1 kH/s (8.19ms) @ Accel:512 Loops:1 Thr:32 Vec:1
Speed.#*.........:  5379.1 kH/s
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 2784115261440/5533380698112 (50.31%)
Rejected.........: 0/2784115261440 (0.00%)
Restore.Point....: 2784115261440/5533380698112 (50.31%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Host Generator + PCIe
Candidates.#1....: Z27opjgb -> ujrxc9n4
Hardware.Mon.#1..: Temp: 50c Util: 30% Core: 240MHz Mem:6000MHz Bus:8

Am I on the right path to victory Smile ? Thanks for the help.


Attached Files
.zip   dashboard(1).zip (Size: 6.82 KB / Downloads: 10)
Reply
#2
If you expect the pwd to be chinese characters - if I understood it correct - then you would be best off using a wordlist attack with chinese candidates.

Brute forcing a zip is really slow and doing it on chinese characters is near impossible. As far as I remember, chinese characters are 2 to 4 bytes long. If brute forcing, you would need, for each char, up to 4 ?b.
Reply
#3
Sry for the wrong indication of character encoding as UNICODE 16 Bit.

Unicode encoding of a charaters are better explained here.

Unicode - Wikipedia
UTF-8 - Wikipedia

so i think you are right...

Traditional and Simplified chinese ( found on the web ):

Traditional characters make up the large majority of all Chinese characters.
According to the Table of General Standard Chinese Characters, there are 8,105
simplified characters, although that number also includes characters that remain
the same in both Chinese forms.

The government began simplifying characters in the 1950s. By 1986, over 2,000
characters were simplified. Comparing the numbers of all simplified characters
versus the characters that have been simplified, experts guess that the current
number of new simplified characters is around 3,000 or so.

Simplified Chinese characters - Wikipedia

so every single character may be encoded with 8 UTF-8 bit or UTF-16 bit.

Very simple explanation:

Unicode, in friendly terms: ASCII, UTF-8, code points, character encodings, and more - YouTube
Unicode Encoding! UTF-32, UCS-2, UTF-16, & UTF-8! - YouTube

so i have to better understand the ralationship between the caracter index in the table, means readable password or key, its hex value 8 bits or 1 Bytes or 16 bits or two Bytes or whatever, and the way the PKZIP encritpion, transform these bytes.

I think i must buy a chinese computer Smile with a chinese keyboard Smile
Anyway, thanks for your response...
Reply
#4
Do you mean the password contains Chinese?
Reply
#5
I'm not sure, but...

7zip: Only accept ASCII characters for password ( try use chinese symbols when create password protectes archive )

Archive utilities password requirements...

PKZIP: Not sure...
PKZIP 6.0 Command Line User's Manual (cachefly.net)

WinRar: Not sure...
PKZIP 6.0 Command Line User's Manual (cachefly.net)

p7zip | The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)) Linux Tools

Others like tarball, xarchiver, k7z,
gzip ( Ubuntu Manpage: zcat - decompress and concatenate files to standard output  ):

Not sure.........


If 7zip allow only ASCII character to encrypt an archive, and i want use it to decrypt an archive...

73605.pdf (scitepress.org)

and beyond...
Reply
#6
I am Chinese, but I didn't understand what you meant
Reply
#7
Wink 
Hi Ly. I have bought this:

Cluster digitale da 12.3 pollici per BMW serie 3 F30 F31 F32 F34 strumento SpeedMeter Display virtuale cruscotto autoradio pannello AC - AliExpress

not from this seller.

This "Display" is a linux based digital cluster.
So the OS is Linux and the software ( or the front end or the GUI, or the gauges ), for wath i can see from the archive are been created with this:

Fast booting Qt instrument cluster - YouTube

Now i have found a copy of some files used for update this device. These files are been shared from a person that
has update the display and then shared this files.

The idea is use these files to make some changes to the GUI, if possible..., or long story short, customize the GUI.

The password, at these point is surely know by the device, so the only choice i have is:

Dismount the device, read out the data from the ROM, made the changes i want, and rewrite the ROM.

SD/MMC From the ground up - General / Exhibition - Arduino Forum
Reading an Emmc of PS3 - Using Arduino / Storage - Arduino Forum

Hardware Hacking 101: Identifying and Dumping eMMC Flash (riverloopsecurity.com)

Or "crack" the archive, study these file, use them to make my changes and update the device via USB.

If you made a compressed archive, can you use chinese ideograms as password, or i have some
chances of crack it Smile ?

Thanks...
Reply
#8
我没有看其他的,只回答你最后一句,很多解压缩软件支持以中文作为密码
Reply
#9
Hi Ly.

Can you please, made a PKZIP archive, simple, like compress a text file, secure it with a password, and share it with the pass ?

Thanks
Reply
#10
Do you require a password to be set in Chinese?
Reply