How to crack zip-file with AES 128

Originally Posted by Ejan87

Hello!
I am a student at a course in IT Security. Our teacher is very focused on encryption/decryption so we have been assigned a couple of tasks to decrypt various files that he has given us.
I am struggling to crack a zip-file that contain a couple of pictures and a text-file.

There is a phrase like this in the textfile: 6H4083 control code 34926
The goal is to get the control code number and mail this to the teacher.

The zip-files is encrypted with AES-128 and a 8 character long password. Th epassword is most likely a random password, if it is a phrase-password it is either based on a english or swedish word.

I don´t know anything else about the password but I guess it is composed by a mix of upper-case, lower-case letters and some numbers. I also guess that it is a random password.

It is impossible to do a bruteforce-attack since it would take at least a couple of thousand years on a standard computer, and I have about 1 week to solve this problem.
It also doesn´t seem possible to do a standard plain-text attack as this does not seem to work with AES-encrypted zip-files.

I have tried to do a couple of dictionary attacks (swedish and english since this is the two langiages our teacher speak) but have had no success. I suspect one problem is that the dictionary attack only uses letters (mixed case) and I suspect it might be numbers in the password as well. And if the password is not constructed from a word then a dictionary attack is useless.

I have access to a server with 8 cores CPU and about 16 GB of memory to speed up the process.

I have used these programs to try to crack the encrypted zip file:
Passware Kit Enterprise
Elcomsoft Advanced Archive Password Recovery
Pkcrack 1.2.2

These are the known facts about the zip-file:
-Encrypted with AES-128
-The password is 8 characters long
-The zip-file contains 4 pictures (JPEG) and a text-file
-The goal is to decrypt the text-file to read the text in it
-The text in the text file is 6H4083 control code 00000 (the last five numbers is unknown and it is the goal to find out these 5 numbers)

-This seem to be the HEX Header of the zip-file
50 4B 03 04 (PK….)

-The text file most likely has this HEX signature/header
36 48 34 30

-I have the 4 JPEG-files in unencrypted (plaintext )versions

-I have a simular text-file (from another encrypted zip-file with was not AES and easier to break) that I guess could be used as a plaintext file (it also contains the same phrase 6H4083 control code 00000 but different numbers).

-It seems that I can extract the files (encrypted version) from the zip-fil with the tool extract.exe from PKCrack.

If this tool works correctly I have the extracted version of the encrypted text-file, it contains this cipher/encrypted (?) text:

6)SI5ÄFakCHà ìÀc>-…Ÿ$îßá½4�`‡<sv*×å
n”’°_]\Ÿ¶È2ôcË=*Ý

It would be in plain text:
6H4083 control code 00000 (the five last numbers is unknown)

It is possible to add or remove files from the encrypted zip-file, so I could for example remove the pictures so that the zip-file only contains the encrypted text-file. If I give Elcomsoft Advanced Archive Password Recovery the HEX signature/header of the text file the cracking process will be a bit faster (but still about 2000 years or so..).

I do not have a tool that can do any other attack than brute force, dictionary or plain-text attack on a zip-file. These tools work excellent with Zip file that are older than version 8.0 and AES. But they do not help me now.

I f I search for help on Google all I find is either the usual commercial tools (whoch do not seem to work with this file) or some scientific papers about different theories about how to crack AES and a lot of mathematical formulas .

According to our teacher the task is possible to solve and a lead is that this is achieved by comparing the unencrypted (plain-text) files with the encrypted ones. I ,however, do not now of any other method of doing this but a standard zip plain-text attack. And that does not work with AES.

Anyone have any ideas or can ge me advise on which tool to use?

Originally Posted by mah$us

A brute-force attack on the AES key would take a long time: a lot more than a couple of thousand years on any computer that exists today. I suggest you do the estimation: how long would it take?

But a brute-force attack on the password is easy indeed. To prove this, compute how many 8-character passwords are possible, and measure or estimate how long it takes to test each password. How much time, to test every possible password?

You can see that the use of a dictionary was needless sophistication for this case.

Originally Posted by mah$us

I was wrong about not needing the dictionary...

That's what happens, when I don't follow my own advice - I didn't do the arithmetic, and supposed it could be done much more quickly.

I sit corrected!