The best way to deal with this zip archive

[mohegazy1]

Hello
I am very new to codes and scripts
I want to know what is the best way to use the tool to handle this archive

note , I have tried a lot, but I fail every time

[xmexg]

echo -n "<!DOCTYPE html>" > p1.txt
echo -n "<!DOCTYPE HTML>" > p2.txt

bkcrack -L filename.zip
Get one html's numeric index

bkcrack -C filename.zip --cipher-index Index_of_any_html_File -p p1.txt
bkcrack -C filename.zip --cipher-index Index_of_any_html_File -p p2.txt

[kimci86]

Hi, I see two approaches to crack this archive with bkcrack. You can see some files inside your archive are compressed (method ZipCrypto Deflate) and some other files are stored (method ZipCrypto Store).

The first approach would be to guess a part of the content of a stored file and use it as known plaintext for the attack. The stored files you can target are txt files so it is not obvious what they could be made of but maybe the filenames give more information about what could be inside. Maybe you know or remember something about those files.

The second approach would be to target one of the compressed files. This requires you can find a plain copy of one of those files somewhere else in a backup or online for example. Once you have such a file, you would put it in a unencrypted compressed zip archive to get compressed data usable for the attack. You need the compressed data to match what was put in the encrypted archive just before encryption, so compression parameters must be the same. This might require some guesses and several tries with different tools and parameters to get the right compression.
@xmexg What you suggest would not work because it uses uncompressed html text but the html files in the archive are compressed.

To summarize, running a known-plaintext attack with bkcrack requires some knowledge of the archive content, either by making guesses or using a plain entire file available somewhere else. In case you do not have such information, then a known-plaintext attack might be impossible. You could try alternative approches to crack the archive with password cracking tools such as hashcat or john the ripper.

[mohegazy1]

thank you for your reply
In the screenshot, I placed blue marks on the files in which I had data

[xmexg]

For the second .txt file(CRC: CC2E3C2F) you tagged:

For windows: echo | set /p dummyName="The contents of the file, as you know, should ideally exceed 12 characters, with correct punctuation and spaces if present.">p.txt
For linux: echo -n "The contents of the file, as you know, should ideally exceed 12 characters, with correct punctuation and spaces if present." > p.txt
(You'd better not use text editor, because it is possible to automatically add a \n or \r\n at the end)

bkcrack -L filename.zip
Get the numeric index for this .txt

bkcrack -C filename.zip --cipher-index Index_of_this_txt_file -p p.txt

If you get the key, you can use bkcrack -k your_key -b "?b" to get the password.
(In some terminals, ?b requires quotation marks)

[kimci86]

@mohegazy1 Does that answer your question? Did it work?

[mohegazy1]

Unfortunately no, I tried both methods but no results

[kimci86]

Do you want help about it? If so, what did you try exactly and what was the outcome?

[kimci86]

@mohegazy1 Are you still looking for help about this? If so, please provide information about what you tried and how it went. Otherwise, I will close this issue.