11-04-2023, 10:51 AM
Hi all. Im' new in the world of cracking password and i'm about to crack a PKZIP archive.
The archive contains a chinese "firmware" ( the device in question is a BMW linux based digital speedometer ), so may be firmware is not the right definition...
I don't know if i can add a link for the product in question, and or the archive files, for your interest purely. 1 of two archives file added so you can "see" it.
Anyway, the archive seems to be:
zip2john
ver 2.0 efh 5455 efh 7875 dashboard.zip/dashboard/fex-orig/boot_package.fex PKZIP Encr: 2b chk, TS_chk, cmplen=687558, decmplen=1261568, crc=8058C8C7
zipinfo -v
dashboard/usr/sbin/avahi-daemon
offset of local header from start of archive: 688037 (000A7FA5h) bytes
file system or operating system of origin: Unix
version of encoding software: 3.0
minimum file system compatibility required: MS-DOS, OS/2 or NT FAT
minimum software version required to extract: 2.0
compression method: deflated
compression sub-type (deflation): fast
file security status: encrypted
extended local header: yes
file last modified on (DOS date/time): 2021 Sep 11 14:53:54
file last modified on (UT extra field modtime): 2021 Sep 11 08:53:54 local
file last modified on (UT extra field modtime): 2021 Sep 11 06:53:54 UTC
32-bit CRC value (hex): a0396e20
compressed size: 41780 bytes
uncompressed size: 106424 bytes
length of filename: 31 characters
length of extra field: 24 bytes
length of file comment: 0 characters
disk number on which file begins: disk 1
apparent file type: binary
Unix file attributes (100775 octal): -rwxrwxr-x
MS-DOS file attributes (00 hex): none
And here i can see the zip file structure info: pkware.cachefly.net/webdocs/APPNOTE/APPNOTE-6.3.9.TXT
so i have used the option 17220 | PKZIP (Compressed Multi-File), a pure brute force attack, non mask, no nothing.
I know hashcat can crack the hash becouse i have test it by using the hash sample from the site...
So the question is, the character set... ascii 8 bit, unicode 16 bit. This is a chinese password protected archive, i have to add something to the hashcat command to be able to crack this archive ? Hashcat is currently running on my PC ( GeForce RTX 3060 Laptop GPU ):
Session..........: 2023-10-28
Status...........: Running
Hash.Mode........: 17220 (PKZIP (Compressed Multi-File))
Hash.Target......: $pkzip2$8*2*1*0*8*24*9127*75a4*754735560d58ecacde71...kzip2$
Time.Started.....: Thu Nov 02 19:14:57 2023 (1 day, 14 hours)
Time.Estimated...: Fri Nov 10 07:37:28 2023 (5 days, 21 hours)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?1?2?2?2?2?2?2?3 [8]
Guess.Charset....: -1 ?l?d?u, -2 ?l?d, -3 ?l?d*!$@_, -4 Undefined
Guess.Queue......: 6/8 (75.00%)
Speed.#1.........: 5379.1 kH/s (8.19ms) @ Accel:512 Loops:1 Thr:32 Vec:1
Speed.#*.........: 5379.1 kH/s
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 2784115261440/5533380698112 (50.31%)
Rejected.........: 0/2784115261440 (0.00%)
Restore.Point....: 2784115261440/5533380698112 (50.31%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Host Generator + PCIe
Candidates.#1....: Z27opjgb -> ujrxc9n4
Hardware.Mon.#1..: Temp: 50c Util: 30% Core: 240MHz Mem:6000MHz Bus:8
Am I on the right path to victory ? Thanks for the help.
The archive contains a chinese "firmware" ( the device in question is a BMW linux based digital speedometer ), so may be firmware is not the right definition...
I don't know if i can add a link for the product in question, and or the archive files, for your interest purely. 1 of two archives file added so you can "see" it.
Anyway, the archive seems to be:
zip2john
ver 2.0 efh 5455 efh 7875 dashboard.zip/dashboard/fex-orig/boot_package.fex PKZIP Encr: 2b chk, TS_chk, cmplen=687558, decmplen=1261568, crc=8058C8C7
zipinfo -v
dashboard/usr/sbin/avahi-daemon
offset of local header from start of archive: 688037 (000A7FA5h) bytes
file system or operating system of origin: Unix
version of encoding software: 3.0
minimum file system compatibility required: MS-DOS, OS/2 or NT FAT
minimum software version required to extract: 2.0
compression method: deflated
compression sub-type (deflation): fast
file security status: encrypted
extended local header: yes
file last modified on (DOS date/time): 2021 Sep 11 14:53:54
file last modified on (UT extra field modtime): 2021 Sep 11 08:53:54 local
file last modified on (UT extra field modtime): 2021 Sep 11 06:53:54 UTC
32-bit CRC value (hex): a0396e20
compressed size: 41780 bytes
uncompressed size: 106424 bytes
length of filename: 31 characters
length of extra field: 24 bytes
length of file comment: 0 characters
disk number on which file begins: disk 1
apparent file type: binary
Unix file attributes (100775 octal): -rwxrwxr-x
MS-DOS file attributes (00 hex): none
And here i can see the zip file structure info: pkware.cachefly.net/webdocs/APPNOTE/APPNOTE-6.3.9.TXT
so i have used the option 17220 | PKZIP (Compressed Multi-File), a pure brute force attack, non mask, no nothing.
I know hashcat can crack the hash becouse i have test it by using the hash sample from the site...
So the question is, the character set... ascii 8 bit, unicode 16 bit. This is a chinese password protected archive, i have to add something to the hashcat command to be able to crack this archive ? Hashcat is currently running on my PC ( GeForce RTX 3060 Laptop GPU ):
Session..........: 2023-10-28
Status...........: Running
Hash.Mode........: 17220 (PKZIP (Compressed Multi-File))
Hash.Target......: $pkzip2$8*2*1*0*8*24*9127*75a4*754735560d58ecacde71...kzip2$
Time.Started.....: Thu Nov 02 19:14:57 2023 (1 day, 14 hours)
Time.Estimated...: Fri Nov 10 07:37:28 2023 (5 days, 21 hours)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?1?2?2?2?2?2?2?3 [8]
Guess.Charset....: -1 ?l?d?u, -2 ?l?d, -3 ?l?d*!$@_, -4 Undefined
Guess.Queue......: 6/8 (75.00%)
Speed.#1.........: 5379.1 kH/s (8.19ms) @ Accel:512 Loops:1 Thr:32 Vec:1
Speed.#*.........: 5379.1 kH/s
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 2784115261440/5533380698112 (50.31%)
Rejected.........: 0/2784115261440 (0.00%)
Restore.Point....: 2784115261440/5533380698112 (50.31%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Host Generator + PCIe
Candidates.#1....: Z27opjgb -> ujrxc9n4
Hardware.Mon.#1..: Temp: 50c Util: 30% Core: 240MHz Mem:6000MHz Bus:8
Am I on the right path to victory ? Thanks for the help.