#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2011
    Posts
    4
    Rep Power
    0

    How to crack zip-file with AES 128


    Hello!
    I am a student at a course in IT Security. Our teacher is very focused on encryption/decryption so we have been assigned a couple of tasks to decrypt various files that he has given us.
    I am struggling to crack a zip-file that contain a couple of pictures and a text-file.

    There is a phrase in the textfile and the goal is to get the phrase and mail this to the teacher.

    The zip-files is encrypted with AES-128 and a 8 character long password. The password is most likely a random password, if it is a phrase-password it is probably based on a english word.

    I dont know anything else about the password but I guess it is composed by a mix of upper-case, lower-case letters and some numbers. I also guess that it is a random password.

    It is impossible to do a bruteforce-attack since it would take at least a couple of thousand years on a standard computer, and I have about 1 week to solve this problem.
    It also doesnt seem possible to do a standard plain-text attack as this does not seem to work with AES-encrypted zip-files.

    I have tried to do a couple of dictionary attacks but have had no success. I suspect one problem is that the dictionary attack only uses letters (mixed case) and I suspect it might be numbers in the password as well. And if the password is not constructed from a word then a dictionary attack is useless.

    I have access to a server with 8 cores CPU and about 16 GB of memory to speed up the process.

    I have used these programs to try to crack the encrypted zip file:
    Passware Kit Enterprise
    Elcomsoft Advanced Archive Password Recovery
    Pkcrack 1.2.2

    These are the known facts about the zip-file:
    -Encrypted with AES-128
    -The password is 8 characters long
    -The zip-file contains 4 pictures (JPEG) and a text-file
    -The goal is to decrypt the text-file to read the text in it

    -This seem to be the HEX Header of the zip-file
    50 4B 03 04 (PK.)

    -The text file most likely has this HEX signature/header
    36 48 34 30

    -I have the 4 JPEG-files in unencrypted (plaintext )versions

    -I have a simular text-file (from another encrypted zip-file with was not AES and easier to break) that I guess could be used as a plaintext file (it also contains a phrase).

    -It seems that I can extract the files (encrypted version) from the zip-fil with the tool extract.exe from PKCrack.

    If this tool works correctly I have the extracted version of the encrypted text-file, it contains this cipher/encrypted (?) text:

    6)SI5FakCH c>-$4`<sv*
    n_]\2c=*

    It is possible to add or remove files from the encrypted zip-file, so I could for example remove the pictures so that the zip-file only contains the encrypted text-file. If I give Elcomsoft Advanced Archive Password Recovery the HEX signature/header of the text file the cracking process will be a bit faster (but still about 2000 years or so..).

    I do not have a tool that can do any other attack than brute force, dictionary or plain-text attack on a zip-file. These tools work excellent with Zip file that are older than version 8.0 and AES. But they do not help me now.

    I f I search for help on Google all I find is either the usual commercial tools (which do not seem to work with this file) or some scientific papers about different theories about how to crack AES and a lot of mathematical formulas .

    According to our teacher the task is possible to solve and a lead is that this is achieved by comparing the unencrypted (plain-text) files with the encrypted ones. I ,however, do not now of any other method of doing this but a standard zip plain-text attack. And that does not work with AES.

    Anyone have any ideas or can ge me advise on which tool to use?
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2011
    Posts
    4
    Rep Power
    0

    Task solved using dictionary attack


    I actually managed to solve the task using a dictionary attack.

    The password was a simple word.

    Maybe there wasnt any way to solve this using some way of plain-text attack after all ; )

    Originally Posted by Ejan87
    Hello!
    I am a student at a course in IT Security. Our teacher is very focused on encryption/decryption so we have been assigned a couple of tasks to decrypt various files that he has given us.
    I am struggling to crack a zip-file that contain a couple of pictures and a text-file.

    There is a phrase like this in the textfile: 6H4083 control code 34926
    The goal is to get the control code number and mail this to the teacher.

    The zip-files is encrypted with AES-128 and a 8 character long password. Th epassword is most likely a random password, if it is a phrase-password it is either based on a english or swedish word.

    I dont know anything else about the password but I guess it is composed by a mix of upper-case, lower-case letters and some numbers. I also guess that it is a random password.

    It is impossible to do a bruteforce-attack since it would take at least a couple of thousand years on a standard computer, and I have about 1 week to solve this problem.
    It also doesnt seem possible to do a standard plain-text attack as this does not seem to work with AES-encrypted zip-files.

    I have tried to do a couple of dictionary attacks (swedish and english since this is the two langiages our teacher speak) but have had no success. I suspect one problem is that the dictionary attack only uses letters (mixed case) and I suspect it might be numbers in the password as well. And if the password is not constructed from a word then a dictionary attack is useless.

    I have access to a server with 8 cores CPU and about 16 GB of memory to speed up the process.

    I have used these programs to try to crack the encrypted zip file:
    Passware Kit Enterprise
    Elcomsoft Advanced Archive Password Recovery
    Pkcrack 1.2.2

    These are the known facts about the zip-file:
    -Encrypted with AES-128
    -The password is 8 characters long
    -The zip-file contains 4 pictures (JPEG) and a text-file
    -The goal is to decrypt the text-file to read the text in it
    -The text in the text file is 6H4083 control code 00000 (the last five numbers is unknown and it is the goal to find out these 5 numbers)

    -This seem to be the HEX Header of the zip-file
    50 4B 03 04 (PK.)

    -The text file most likely has this HEX signature/header
    36 48 34 30

    -I have the 4 JPEG-files in unencrypted (plaintext )versions

    -I have a simular text-file (from another encrypted zip-file with was not AES and easier to break) that I guess could be used as a plaintext file (it also contains the same phrase 6H4083 control code 00000 but different numbers).

    -It seems that I can extract the files (encrypted version) from the zip-fil with the tool extract.exe from PKCrack.

    If this tool works correctly I have the extracted version of the encrypted text-file, it contains this cipher/encrypted (?) text:

    6)SI5FakCH c>-$4`<sv*
    n_]\2c=*

    It would be in plain text:
    6H4083 control code 00000 (the five last numbers is unknown)

    It is possible to add or remove files from the encrypted zip-file, so I could for example remove the pictures so that the zip-file only contains the encrypted text-file. If I give Elcomsoft Advanced Archive Password Recovery the HEX signature/header of the text file the cracking process will be a bit faster (but still about 2000 years or so..).

    I do not have a tool that can do any other attack than brute force, dictionary or plain-text attack on a zip-file. These tools work excellent with Zip file that are older than version 8.0 and AES. But they do not help me now.

    I f I search for help on Google all I find is either the usual commercial tools (whoch do not seem to work with this file) or some scientific papers about different theories about how to crack AES and a lot of mathematical formulas .

    According to our teacher the task is possible to solve and a lead is that this is achieved by comparing the unencrypted (plain-text) files with the encrypted ones. I ,however, do not now of any other method of doing this but a standard zip plain-text attack. And that does not work with AES.

    Anyone have any ideas or can ge me advise on which tool to use?
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2009
    Posts
    191
    Rep Power
    50
    It is impossible to do a bruteforce-attack since it would take at least a couple of thousand years on a standard computer, and I have about 1 week to solve this problem.
    A brute-force attack on the AES key would take a long time: a lot more than a couple of thousand years on any computer that exists today. I suggest you do the estimation: how long would it take?

    But a brute-force attack on the password is easy indeed. To prove this, compute how many 8-character passwords are possible, and measure or estimate how long it takes to test each password. How much time, to test every possible password?

    You can see that the use of a dictionary was needless sophistication for this case.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2011
    Posts
    4
    Rep Power
    0
    Hello!

    Thanks for the reply.
    But my Elcomsoft/Passware programs computes this when it comes to a brute force attack on the file:

    Attack: Brute Force
    A-Z,a-z,0-9. 8 characters.

    Total: 218,340,105,584,896

    1300 p/s

    Thats 5325 years...

    Passware gives the same estimation. It seem to be a little faster with 1410 p/sec that would make around 4900 years...

    This is on a virtual machine (VM Ware). I have access to a 8 core server which is considerable faster and I have used that one for the school tasks, but still...

    Out of the programs I have tested these two performed the best. I dont have access to any computer or game console with a really fast GPU, or a computer cluster and I dont think a rainbow table could be used for this task.
    --------------------------------------------------------------

    Originally Posted by mah$us
    A brute-force attack on the AES key would take a long time: a lot more than a couple of thousand years on any computer that exists today. I suggest you do the estimation: how long would it take?

    But a brute-force attack on the password is easy indeed. To prove this, compute how many 8-character passwords are possible, and measure or estimate how long it takes to test each password. How much time, to test every possible password?

    You can see that the use of a dictionary was needless sophistication for this case.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2009
    Posts
    191
    Rep Power
    50
    I was wrong about not needing the dictionary...

    That's what happens, when I don't follow my own advice - I didn't do the arithmetic, and supposed it could be done much more quickly.

    I sit corrected!
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2011
    Posts
    4
    Rep Power
    0
    Thats ok, I have to correct my self as well.

    It wasnt AES-128 encryption that was used on this zip-file, it was AES-256 ; )

    Cheers!
    --------------------------------------------------------

    Originally Posted by mah$us
    I was wrong about not needing the dictionary...

    That's what happens, when I don't follow my own advice - I didn't do the arithmetic, and supposed it could be done much more quickly.

    I sit corrected!

IMN logo majestic logo threadwatch logo seochat tools logo